s-se - SYMMETRIC ENCRYPTION 1 / 116 Syntax A symmetric...

Info iconThis preview shows pages 1–16. Sign up to view the full content.

View Full Document Right Arrow Icon
SYMMETRIC ENCRYPTION 1 / 116
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Syntax A symmetric encryption scheme SE = ( K , E , D ) consists of three algorithms: K is randomized E can be randomized or stateful D is deterministic 2 / 116
Background image of page 2
Correct decryption requirement Formally: For all K and M we have Pr [ D K ( E K ( M )) = M ] = 1 , where the probability is over the coins of E 3 / 116
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Example: OTP SE = ( K , E , D ) where: Alg K K $ ← { 0 , 1 } k return K Alg E K ( M ) C K M return C Alg D K ( C ) M K C return M Correct decryption: D K ( E K ( M )) = D K ( K M ) = K ( K M ) = M 4 / 116
Background image of page 4
Block cipher modes of operation E : { 0 , 1 } k × { 0 , 1 } n → { 0 , 1 } n a block cipher Notation: x [ i ] is the i-th n-bit block of a string x, so that x = x [1] . . . x [ m ] if | x | = nm . Always: Alg K K $ ← { 0 , 1 } k return K 5 / 116
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Block cipher modes of operation Block cipher provides parties sharing K with E K M C which enables them to encrypt a 1-block message. How do we encrypt a long message using a primitive that only applies to n-bit blocks? 6 / 116
Background image of page 6
ECB: Electronic Codebook Mode SE = ( K , E , D ) where: Alg E K ( M ) for i = 1 , . . . , m do C [ i ] E K ( M [ i ]) return C 7 / 116
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
ECB: Electronic Codebook Mode SE = ( K , E , D ) where: Alg E K ( M ) for i = 1 , . . . , m do C [ i ] E K ( M [ i ]) return C Alg D K ( C ) for i = 1 , . . . , m do M [ i ] E 1 K ( C [ i ]) return M Correct decryption relies on E being a block cipher, so that E K is invertible 7 / 116
Background image of page 8
Evaluating Security Sender encrypts some messages M 1 , ..., M q , namely C 1 $ ← E K ( M 1 ) , ..., C q $ ← E K ( M q ) and transmits C 1 , ..., C q to receiver. Adversary Knows SE = ( K , E , D ) Knows C 1 , ..., C q Is not given K ! Possible adversary goals: Recover K Recover M 1 But we will need to look beyond these 8 / 116
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security of ECB Adversary has ciphertext C = C [1] ··· C [ m ] Adversary task Assessment Why? Compute K 9 / 116
Background image of page 10
Security of ECB Adversary has ciphertext C = C [1] ··· C [ m ] Adversary task Assessment Why? Compute K seems hard E is secure 9 / 116
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security of ECB Adversary has ciphertext C = C [1] ··· C [ m ] Adversary task Assessment Why? Compute K seems hard E is secure Compute M [1] 9 / 116
Background image of page 12
Security of ECB Adversary has ciphertext C = C [1] ··· C [ m ] Adversary task Assessment Why? Compute K seems hard E is secure Compute M [1] seems hard E is secure 9 / 116
Background image of page 13

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security of ECB Weakness: M 1 = M 2 C 1 = C 2 Why is the above true? Because E K is deterministic: E K . . . E K M 1 [1] M 1 [ m ] C 1 [1] C 1 [ m ] E K E K . . . M 2 [1] M 2 [ m ] C 2 [1] C 2 [ m ] Why does this matter? 10 / 116
Background image of page 14
Security of ECB Suppose we know that there are only two possible messages, Y = 1 n and N = 0 n , for example representing FIRE or DON’T FIRE a missile BUY or SELL a stock Vote YES or NO Then ECB algorithm will be E K ( M ) = E K ( M ).
Background image of page 15

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 16
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 147

s-se - SYMMETRIC ENCRYPTION 1 / 116 Syntax A symmetric...

This preview shows document pages 1 - 16. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online