2.symmetric-key

# 2.symmetric-key - Symmetric-Key Encryption Reading...

This preview shows pages 1–9. Sign up to view the full content.

1 Symmetric-Key Encryption Reading assignment: Chapter 2 Chapter 3 (sections 3.1-3.4) You may skip proofs, but are encouraged to read them.

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
Outline Theory of symmetric-key encryption What is a symmetric-key encryption scheme? What does it mean to say that an encryption scheme is secure (or not secure )? How to construct secure encryption schemes? Practical symmetric-key encryption schemes RC4: a stream cipher DES: Data Encryption Standard AES: Advanced Encryption Standard 2
3 , : key space, plaintext space, ciphertexts space. Key generation algorithm: generates keys. Encryption algorithm/ function : : . Dec ryption algori Symmetric-key encryption scheme KMC G EM K C ×→ () thm/function : : . Correctness requirement: for each and ( ) . , are publicly known, and efficie ntly computable. To use the scheme, Alice and Bob run to kk DC K M kK mM DE m m GED G ∈∈ = generate a key , and keep it secret. Question: What is the security requirement?

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
4 Consider ciphertext-only attacks; i.e., the adversary is an eavesdropper. ? Intuitively, several op H t ow io to ns: define s An encryption scheme is "secure" i ecurit f y The notion of security given a ciphertext ( ), even the smartest adversary cannot find the secret key cannot find the plaintext cannot find any character of the plaintex 1. 2. 3. t cannot f 4. ind any k cE m k m = meaningful information about the plaintext cannot find any information about the plaintext We will adopt (and formalize) option 5, which seems to indicate the highest level of secur 5 ? . ity
5 Adversary: an eavesdropper with unlimited computing power. Encryption scheme: ( , , , , , ) Regard plaintext and key as random variables with s om e Shannon's notion of perfect secrecy GEDK M C mk () probability distributions over and ,respectively. The encryption algorithm induces a probability distribution over : Pr( ) Pr( ) Pr( ) For simplicity, and w.l.o.g, assumePr( ) k Emc MK E Cc m k m = = 0 andPr( ) 0 for all and . c mM cC >> ∈∈

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
6 for every probability distribution over Definition: An encryption scheme is said to be if , any of the following equivalent conditions holds: Pr perfectly (| ) P secret r( ) fo r all mm M cm =∈ i () ( ) and . Pr( | ) Pr( ) for all and . Pr( | ) ) for all , , . Pr ( ) Pr ( ) for all , . Mc C c m M c C mm M c C Em c Em c ′′ == = i i i
7 {} 12 0,1 . Key generation: 0,1 Encryption algorithm: : ( ) : . To encrypt a bit string , apply the above to every bit. A random key Vernam's one-time pad encryption scheme u k l MK C k cE m m k mm m == = string as long as the message is needed. Thus, to use Vernam's one-time pad, Alice and Bob need to share (in advance) a long randomly generated bit string as their secret key. This is i a mpr ctical for most applications. The scheme is perfectly secret (against eavesdrop . pers)

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
8 Distribution of : Pr( ) , where {0,1}.
This is the end of the preview. Sign up to access the rest of the document.

## 2.symmetric-key - Symmetric-Key Encryption Reading...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online