This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: 6.080/6.089 GITCS April 4th, 2008 Lecture 16 Lecturer: Scott Aaronson Scribe: Jason Furtado Private-Key Cryptography 1 Recap 1.1 Derandomization In the last six years, there have been some spectacular discoveries of deterministic algorithms, for problems for which the only similarly-eﬃcient solutions that were known previously required randomness. The two most famous examples are the Agrawal-Kayal-Saxena (AKS) algorithm for determining if a number is prime or composite • in deterministic polynomial time, and the algorithm of Reingold for getting out of a maze (that is, solving the undirected s-t con- • nectivity problem) in deterministic LOGSPACE. Beyond these specific examples, mounting evidence has convinced almost all theoretical com- puter scientists of the following Conjecture: Every randomized algorithm can be simulated by a deterministic algorithm with at most polynomial slowdown. Formally, P = BP P . 1.2 Cryptographic Codes 1.2.1 Caesar Cipher In this method, a plaintext message is converted to a ciphertext by simply adding 3 to each letter, wrapping around to A after you reach Z. This method is breakable by hand. 1.2.2 One-Time Pad The “one-time pad” uses a random key that must be as long as the message we want to en- crypt. The exclusive-or operation is performed on each bit of the message and key ( Msg ⊕ Key = EncryptedMsg ) to end up with an encrypted message. The encrypted message can be decrypted by performing the same operation on the encrypted message and the key to retrieve the message ( EncryptedMsg ⊕ Key = Msg ). An adversary that intercepts the encrypted message will be unable to decrypt it as long as the key is truly random. The one-time pad was the first example of a cryptographic code that can proven to be secure, even if the adversary has all the computation time in the universe. The main drawback of this method is that keys can never be reused, and the key must be the same size as the message to encrypt. If you were to use the same key twice, an eavesdropper could compute ( Enc ⊕ Msg 1) ⊕ ( Enc ⊕ Msg 2) = Msg 1 ⊕ Msg 2. This would leak information about Msg 1 and Msg 2....
View Full Document
- Spring '11