Yevgeni Dodis's lecture notes #2

Cryptography: Theory and Practice

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: G22.3033-003 Introduction to Cryptography September 20, 2001 Lecture 2 Lecturer: Yevgeniy Dodis Scribe: Ofer H. Gill This lecture begins with a discussion on secret-key and public-key cryptography, and then discusses One-Way Functions ( OWF ), and their importance in cryptography. Essen- tially, an OWF is easy to compute, but difficult to invert. A One-Way Permutation ( OWP ) is an OWF that permutes elements from a set. A Trap-Door Permutation ( TDP ) is essen- tially an OWP with certain information, that if disclosed, allows the function to be easily inverted. No OWF is known to exist, since showing the existence of a function that is truly difficult to invert hasnt been proven yet. However, there exists good candidates for OWF , OWP , and TDP . Ill describe Prime Product as an example of an OWF candidate, Modular Exponentiation as an example of an OWP candidate, and RSA as an example of a TDP candidate. And, Ill back up certain proofs with the appropriate number theory. Then, Ill go on to discuss how the assumption of the existence of OWF leads to a secure password-authentication system. And, Ill show that S/Key System (an example of password-authentication where the information stored and used for authentication keeps changing) is secure using any OWP . Next, Ill describe the criticisms made against OWF , OWP , and TDP in practical appli- cations, and give suggestions of how to overcome these criticisms. 1 Computationally Bounded Adversaries When we say that an adversary (which well call Eve for the rest of this paper) is Computa- tionally Bounded, we mean that she can only break a code if there exists a PPT algorithm for this purpose. What is PPT ? Let me address that by first defining a Polynomial Time Algorithm. Definition 1 ( poly-time (Polynomial Time) Algorithm) If an algorithm A gets an input of size k , it is considered polynomial time if it runs in O ( k c ) time where c is a constant. We write y = A ( x ) to denote the output of A on input x . With this definition, now Ill define PPT . Definition 2 ( PPT (Probabilistic Polynomial Time) Algorithm) It is a polynomial time algorithm A that is randomized . Namely, it is allowed to flip coins during its com- putation. We write y = A ( x ; r ) to denote the output of A on input x , when r were the internal coin tosses made by A . We write y A ( x ) to denote the random variable y which corresponds to the randomized output of A on input x . This means that r was chosen at random and y = A ( x ; r ) was computed. And when I mention that an algorithm with input of size k has probability negl ( k ) of portraying some sort of behavior, Im referring to the definition of negl ( k ) mentioned as follows: L2-1 Definition 3 (Negligible in terms of k ( negl ( k ) )) An arbitrary function v ( k ) (possibly a type of probability function) is negl ( k ) if: ( c > 0) ( k ) ( k k ) bracketleftbigg v ( k ) 1 k c bracketrightbigg In other words,...
View Full Document

Page1 / 11

Yevgeni Dodis's lecture notes #2 - G22.3033-003...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online