# s-se - SYMMETRIC ENCRYPTION 1 116 Syntax A symmetric...

This preview shows pages 1–16. Sign up to view the full content.

SYMMETRIC ENCRYPTION 1 / 116

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
Syntax A symmetric encryption scheme SE = ( K , E , D ) consists of three algorithms: K is randomized E can be randomized or stateful D is deterministic 2 / 116
Correct decryption requirement Formally: For all K and M we have Pr [ D K ( E K ( M )) = M ] = 1 , where the probability is over the coins of E 3 / 116

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
Example: OTP SE = ( K , E , D ) where: Alg K K \$ ← { 0 , 1 } k return K Alg E K ( M ) C K M return C Alg D K ( C ) M K C return M Correct decryption: D K ( E K ( M )) = D K ( K M ) = K ( K M ) = M 4 / 116
Block cipher modes of operation E : { 0 , 1 } k × { 0 , 1 } n → { 0 , 1 } n a block cipher Notation: x [ i ] is the i-th n-bit block of a string x, so that x = x [1] . . . x [ m ] if | x | = nm . Always: Alg K K \$ ← { 0 , 1 } k return K 5 / 116

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
Block cipher modes of operation Block cipher provides parties sharing K with E K M C which enables them to encrypt a 1-block message. How do we encrypt a long message using a primitive that only applies to n-bit blocks? 6 / 116
ECB: Electronic Codebook Mode SE = ( K , E , D ) where: Alg E K ( M ) for i = 1 , . . . , m do C [ i ] E K ( M [ i ]) return C 7 / 116

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
ECB: Electronic Codebook Mode SE = ( K , E , D ) where: Alg E K ( M ) for i = 1 , . . . , m do C [ i ] E K ( M [ i ]) return C Alg D K ( C ) for i = 1 , . . . , m do M [ i ] E 1 K ( C [ i ]) return M Correct decryption relies on E being a block cipher, so that E K is invertible 7 / 116
Evaluating Security Sender encrypts some messages M 1 , ..., M q , namely C 1 \$ ← E K ( M 1 ) , ..., C q \$ ← E K ( M q ) and transmits C 1 , ..., C q to receiver. Adversary Knows SE = ( K , E , D ) Knows C 1 , ..., C q Is not given K ! Possible adversary goals: Recover K Recover M 1 But we will need to look beyond these 8 / 116

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
Security of ECB Adversary has ciphertext C = C [1] ··· C [ m ] Adversary task Assessment Why? Compute K 9 / 116
Security of ECB Adversary has ciphertext C = C [1] ··· C [ m ] Adversary task Assessment Why? Compute K seems hard E is secure 9 / 116

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
Security of ECB Adversary has ciphertext C = C [1] ··· C [ m ] Adversary task Assessment Why? Compute K seems hard E is secure Compute M [1] 9 / 116
Security of ECB Adversary has ciphertext C = C [1] ··· C [ m ] Adversary task Assessment Why? Compute K seems hard E is secure Compute M [1] seems hard E is secure 9 / 116

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
Security of ECB Weakness: M 1 = M 2 C 1 = C 2 Why is the above true? Because E K is deterministic: E K . . . E K M 1 [1] M 1 [ m ] C 1 [1] C 1 [ m ] E K E K . . . M 2 [1] M 2 [ m ] C 2 [1] C 2 [ m ] Why does this matter? 10 / 116
Security of ECB Suppose we know that there are only two possible messages, Y = 1 n and N = 0 n , for example representing FIRE or DON’T FIRE a missile BUY or SELL a stock Vote YES or NO Then ECB algorithm will be E K ( M ) = E K ( M ).

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

### Page1 / 147

s-se - SYMMETRIC ENCRYPTION 1 116 Syntax A symmetric...

This preview shows document pages 1 - 16. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online