{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Yevgeni Dodis's lecture notes #2

Cryptography: Theory and Practice

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: G22.3033-003 Introduction to Cryptography September 20, 2001 Lecture 2 Lecturer: Yevgeniy Dodis Scribe: Ofer H. Gill This lecture begins with a discussion on secret-key and public-key cryptography, and then discusses One-Way Functions ( OWF ), and their importance in cryptography. Essen- tially, an OWF is easy to compute, but difficult to invert. A One-Way Permutation ( OWP ) is an OWF that permutes elements from a set. A Trap-Door Permutation ( TDP ) is essen- tially an OWP with certain information, that if disclosed, allows the function to be easily inverted. No OWF is known to exist, since showing the existence of a function that is truly difficult to invert hasn’t been proven yet. However, there exists good candidates for OWF , OWP , and TDP . I’ll describe Prime Product as an example of an OWF candidate, Modular Exponentiation as an example of an OWP candidate, and RSA as an example of a TDP candidate. And, I’ll back up certain proofs with the appropriate number theory. Then, I’ll go on to discuss how the assumption of the existence of OWF leads to a secure password-authentication system. And, I’ll show that S/Key System (an example of password-authentication where the information stored and used for authentication keeps changing) is secure using any OWP . Next, I’ll describe the criticisms made against OWF , OWP , and TDP in practical appli- cations, and give suggestions of how to overcome these criticisms. 1 Computationally Bounded Adversaries When we say that an adversary (which we’ll call Eve for the rest of this paper) is “Computa- tionally Bounded,” we mean that she can only break a code if there exists a PPT algorithm for this purpose. What is PPT ? Let me address that by first defining a Polynomial Time Algorithm. Definition 1 ( poly-time (Polynomial Time) Algorithm) If an algorithm A gets an input of size k , it is considered polynomial time if it runs in O ( k c ) time where c is a constant. We write y = A ( x ) to denote the output of A on input x . With this definition, now I’ll define PPT . Definition 2 ( PPT (Probabilistic Polynomial Time) Algorithm) It is a polynomial time algorithm A that is randomized . Namely, it is allowed to flip coins during its com- putation. We write y = A ( x ; r ) to denote the output of A on input x , when r were the internal coin tosses made by A . We write y ← A ( x ) to denote the random variable y which corresponds to the randomized output of A on input x . This means that r was chosen at random and y = A ( x ; r ) was computed. And when I mention that an algorithm with input of size k has probability negl ( k ) of portraying some sort of behavior, I’m referring to the definition of negl ( k ) mentioned as follows: L2-1 Definition 3 (Negligible in terms of k ( negl ( k ) )) An arbitrary function v ( k ) (possibly a type of probability function) is negl ( k ) if: ( ∀ c > 0) ( ∃ k ′ ) ( ∀ k ≥ k ′ ) bracketleftbigg v ( k ) ≤ 1 k c bracketrightbigg In other words,...
View Full Document

{[ snackBarMessage ]}

Page1 / 11

Yevgeni Dodis's lecture notes #2 - G22.3033-003...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon bookmark
Ask a homework question - tutors are online