Algorithms_Part3 - S. Dasgupta, C.H. Papadimitriou, and...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: S. Dasgupta, C.H. Papadimitriou, and U.V. Vazirani 41 An application of number theory? The renowned mathematician G. H. Hardy once declared of his work: “I have never done anything useful.” Hardy was an expert in the theory of numbers, which has long been re- garded as one of the purest areas of mathematics, untarnished by material motivation and consequence. Yet the work of thousands of number theorists over the centuries, Hardy’s in- cluded, is now crucial to the operation of Web browsers and cell phones and to the security of financial transactions worldwide. 1.4.1 Private-key schemes: one-time pad and AES If Alice wants to transmit an important private message to Bob, it would be wise of her to scramble it with an encryption function, e : h messages i → h encoded messages i . Of course, this function must be invertible—for decoding to be possible—and is therefore a bijection. Its inverse is the decryption function d ( · ) . In the one-time pad , Alice and Bob meet beforehand and secretly choose a binary string r of the same length—say, n bits—as the important message x that Alice will later send. Alice’s encryption function is then a bitwise exclusive-or , e r ( x ) = x ⊕ r : each position in the encoded message is the exclusive-or of the corresponding positions in x and r . For instance, if r = 01110010 , then the message 11110000 is scrambled thus: e r (11110000) = 11110000 ⊕ 01110010 = 10000010 . This function e r is a bijection from n-bit strings to n-bit strings, as evidenced by the fact that it is its own inverse! e r ( e r ( x )) = ( x ⊕ r ) ⊕ r = x ⊕ ( r ⊕ r ) = x ⊕ = x, where is the string of all zeros. Thus Bob can decode Alice’s transmission by applying the same encryption function a second time: d r ( y ) = y ⊕ r . How should Alice and Bob choose r for this scheme to be secure? Simple: they should pick r at random , flipping a coin for each bit, so that the resulting string is equally likely to be any element of { , 1 } n . This will ensure that if Eve intercepts the encoded message y = e r ( x ) , she gets no information about x . Suppose, for example, that Eve finds out y = 10 ; what can she deduce? She doesn’t know r , and the possible values it can take all correspond to different original messages x : 00 01 10 11 x 10 e 11 e 01 e 00 y e 10 42 Algorithms So given what Eve knows, all possibilities for x are equally likely! The downside of the one-time pad is that it has to be discarded after use, hence the name. A second message encoded with the same pad would not be secure, because if Eve knew x ⊕ r and z ⊕ r for two messages x and z , then she could take the exclusive-or to get x ⊕ z , which might be important information—for example, (1) it reveals whether the two messages begin or end the same, and (2) if one message contains a long sequence of zeros (as could easily be the case if the message is an image), then the corresponding part of the other message will be exposed. Therefore the random string that Alice and Bob share has to be the combined lengthexposed....
View Full Document

This document was uploaded on 08/10/2011.

Page1 / 20

Algorithms_Part3 - S. Dasgupta, C.H. Papadimitriou, and...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online