This preview shows pages 1–3. Sign up to view the full content.
Modern
Cryptography
Lecture 3
Yongdae Kim
2
Admin Stuff
Email
Subject should have [5471] in front, e.g. “[5471] Project proposal”
CC TA and PostDoc: hkang@cs.umn.edu, aaram@cs.umn.edu
Office hours
Me: T 1:30 ~ 2:30, Th 10:00 ~ 11:00 (and by appointment)
TA: M 1:15 PM ~ 2:15 PM
Work on projects
Preproposal due: Feb 9
2nd assignment will be online tonight (due: 2/16 9:00 AM)
Study Guide: Quiz this Thursday
Repeat whatever you have learned, try it by yourself.
Go back to look at discrete math books.
Come and talk to me and TA as much as possible. (Google chat is
good!)
Check Calendar
3
Recap
Math…
Proof techniques
Direct/Indirect proof, Proof by contradiction, Proof by cases, Existential/Universal
Proof, Forward/backward reasoning
Divisibility: a
divides
b (ab) if
∃
c such that b = ac
GCD, LCM, relatively prime, existence of GCD
Eucledean Algorithm
d = gcd (a, b)
⇒
∃
x, y such that d = a x + b y.
gcd(a, b) = gcd(a, b + ka)
Modular Arithmetic
a
㲇
b
(mod
m
) iff

ab
iff
a = b + mk
for some k
㲇
(mod
),
c
㲇
d
(mod
)
a+c
㲇
(
b+d
) (mod
),
ac
bd
(mod
)
gcd(a, n) =1
a has an arithmetic inverse modulo n.
Counting, probability, cardinality, …
Security
Symmetric Key vs. Public Key
4
SKE with Secure Channel
Plaintext source
Encryption
E
e
(m) = c
destination
Decryption
D
d
(c) = m
c
Insecure channel
Alice
Bob
Adversary
Key source
e
m
m
e
Secure channel
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document5
PKE with Insecure Channel
Plaintext source
Encryption
E
e
(m) = c
destination
Decryption
D
d
(c) = m
c
Insecure channel
Alice
Bob
Passive
Adversary
Key source
d
m
m
e
Insecure channel
6
Public key should be authentic!
Need to authenticate public keys
7
Hash function and MAC
A hash function is a function h
compression — h maps an input x of arbitrary finite bitlength, to an
output h(x) of fixed bitlength n.
ease of computation — h(x) is easy to compute for given x and h
Properties
oneway: for a given y, find x’ such that h(x’) = y
collision resistance: find x and x’ such that h(x) = h(x’)
MAC (message authentication codes)
both authentication and integrity
MAC is a family of functions h
k
ease of computation (if k is known !!)
compression, x is of arbitrary length, h
k
(x) has fixed length
computation resistance: given (x’,h
k
(x’)) it is infeasible to compute a
new pair (x, h
k
(x)) for any new x
≠
x’
8
Message Authentication Code MAC
MAC is a family of functions h
k
ease of computation (if k is known !!)
compression, x is of arbitrary length, h
k
(x) has fixed length
computation resistance: given (x’,h
k
(x’)) it is infeasible to compute a
new pair (x, h
k
(x)) for any new x
≠
x’
Typical use
A
!
B: (x, H = h
k
(x))
B: verifies if H = h
k
(x)
Properties
Without k, no one can generate valid MAC.
This is the end of the preview. Sign up
to
access the rest of the document.
 Spring '08
 Staff

Click to edit the document details