This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: G22.3033-003 Introduction to Cryptography September 20, 2001 Lecture 2 Lecturer: Yevgeniy Dodis Scribe: Ofer H. Gill This lecture begins with a discussion on secret-key and public-key cryptography, and then discusses One-Way Functions ( OWF ), and their importance in cryptography. Essen- tially, an OWF is easy to compute, but difficult to invert. A One-Way Permutation ( OWP ) is an OWF that permutes elements from a set. A Trap-Door Permutation ( TDP ) is essen- tially an OWP with certain information, that if disclosed, allows the function to be easily inverted. No OWF is known to exist, since showing the existence of a function that is truly difficult to invert hasnt been proven yet. However, there exists good candidates for OWF , OWP , and TDP . Ill describe Prime Product as an example of an OWF candidate, Modular Exponentiation as an example of an OWP candidate, and RSA as an example of a TDP candidate. And, Ill back up certain proofs with the appropriate number theory. Then, Ill go on to discuss how the assumption of the existence of OWF leads to a secure password-authentication system. And, Ill show that S/Key System (an example of password-authentication where the information stored and used for authentication keeps changing) is secure using any OWP . Next, Ill describe the criticisms made against OWF , OWP , and TDP in practical appli- cations, and give suggestions of how to overcome these criticisms. 1 Computationally Bounded Adversaries When we say that an adversary (which well call Eve for the rest of this paper) is Computa- tionally Bounded, we mean that she can only break a code if there exists a PPT algorithm for this purpose. What is PPT ? Let me address that by first defining a Polynomial Time Algorithm. Definition 1 ( poly-time (Polynomial Time) Algorithm) If an algorithm A gets an input of size k , it is considered polynomial time if it runs in O ( k c ) time where c is a constant. We write y = A ( x ) to denote the output of A on input x . With this definition, now Ill define PPT . Definition 2 ( PPT (Probabilistic Polynomial Time) Algorithm) It is a polynomial time algorithm A that is randomized . Namely, it is allowed to flip coins during its com- putation. We write y = A ( x ; r ) to denote the output of A on input x , when r were the internal coin tosses made by A . We write y A ( x ) to denote the random variable y which corresponds to the randomized output of A on input x . This means that r was chosen at random and y = A ( x ; r ) was computed. And when I mention that an algorithm with input of size k has probability negl ( k ) of portraying some sort of behavior, Im referring to the definition of negl ( k ) mentioned as follows: L2-1 Definition 3 (Negligible in terms of k ( negl ( k ) )) An arbitrary function v ( k ) (possibly a type of probability function) is negl ( k ) if: ( c > 0) ( k ) ( k k ) bracketleftbigg v ( k ) 1 k c bracketrightbigg In other words,...
View Full Document
- Fall '04