lec4 - Modern Cryptography Lecture 4 Yongdae Kim Admin...

This preview shows pages 1–12. Sign up to view the full content.

Modern Cryptography Lecture 4 Yongdae Kim

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
2 Admin Stuff E-mail Subject should have [5471] in front, e.g. “[5471] Project proposal” CC TA and PostDoc: [email protected], [email protected] Office hours Me: T 1:30 ~ 2:30, Th 10:00 ~ 11:00 (and by appointment) TA: M 1:15 PM ~ 2:15 PM Work on projects Pre-proposal due: Feb 9 (Passed Deadline) Meeting with groups: This week and next week 2nd assignment is due: 2/16 9:00 AM. Third assignment will be posted early. (Programming) Study Guide “I hear, and I forget. I see, and I remember. I do, and I understand.” Chinese Proverb Come and talk to me and TA as much as possible. (Google chat is good!) Check Calendar
3 Recap Math… Proof techniques Direct/Indirect proof, Proof by contradiction, Proof by cases, Existential/Universal Proof, Forward/backward reasoning Divisibility: a divides b (a|b) if c such that b = ac GCD, LCM, relatively prime, existence of GCD Eucledean Algorithm d = gcd (a, b) x, y such that d = a x + b y. gcd(a, b) = gcd(a, b + ka) Modular Arithmetic a b (mod m ) iff | a-b iff a = b + mk for some k (mod ), c d (mod ) a+c ( b+d ) (mod ), ac bd (mod ) gcd(a, n) =1 a has an arithmetic inverse modulo n. Counting, probability, cardinality, … Security Symmetric Key vs. Public Key, Hash function, MAC, Digital signature, Key management through SKE and PKE, certificate

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
4 Some History: Caesar Cipher I LOVE YOU K NQXG AQW
5 Historical (Primitive) Ciphers Shift (e.g., Caesar): Enc k (x) = x+k mod 26 Affine: Enc k1,k2 (x) = k1 *x + k2 mod 26 Substitution: Enc perm (x) = perm(x) Vernam: one-time pad (OTP)

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
6 Analysis Kerckhoff’s Principle Shift cipher Average number of trials = 26/2 = 13 :-) Substitution cipher
7 Vernam One-time pad C = P K Vernam offers perfect information-theoretic security, but: How long does the OTP keystream needs to be? Key length = Plaintext length = Ciphertext length How do Alice and Bob exchange the keystream?

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
8 Average time for exhaustive key search Key Size (bits) Number of Alternative Keys Time required at 10 6 Decr/ µ s 32 2 32 = 4.3 x 10 9 2.15 milliseconds 56 2 56 = 7.2 x 10 16 10 hours 128 2 128 = 3.4 x 10 38 5.4 x 10 18 years 168 2 168 = 3.7 x 10 50 5.9 x 10 30 years
9 Block Cipher Definition Modes of operation Strengthening Block Cipher Product/Feistel Cipher DES

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
10 Block Cipher E: V n × K V n V n = {0,1} n , K = {0, 1} k , n is called block length, k is called key size E(P, K) = C for K K and P, C V n E(P, K) = E K (P) is invertible mapping from V n to V n E K : encryption function D(C, K) = D K (C) is the inverse of E K D k : decryption function P (plaintext) E C (ciphertext) K Key P (plaintext) E K C (ciphertext)
11 Evaluation of Block Cipher Estimated security level: sufficient scrutiny by expert cryptanalysis Key size Throughput Block size Block size impacts both security (larger is desirable) and complexity (larger is more costly to implement).

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 59

lec4 - Modern Cryptography Lecture 4 Yongdae Kim Admin...

This preview shows document pages 1 - 12. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online