{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

notes-1 - Leo Reyzin Notes for BU CAS CS 538 1 1...

Info icon This preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Leo Reyzin. Notes for BU CAS CS 538. 1 1 Information-Theoretic Encryption: Perfect Secrecy and the One-Time Pad Consider the following scenario: Alice is sending Bob o ff on an important mission. Prior to Bob’s leaving, Alice gives him secret instructions on how to communicate back to her secretly so that no eavesdropper Eve can intercept their communication. The first question to ask is what part of the instructions should we consider secret. To be on the safe side, we must assume that Eve knows as much as possible, and still ensure secrecy under such an assumption. As far back as 1883, Kerckho ff s [Ker83] suggested that all one can hope to keep secret in a cryptosystem is a key. The algorithms and designs should be assumed to be publicly known. His insight is true to this day, as multiple recent examples demonstrate: publicly known security technologies receive more scrutiny, and hence it is more likely that any problems will be uncovered at early stages. Deploying a secret system and waiting for it to be broken is generally a poor strategy. In this class we will always assume that the adversary knows the entire design of the system. It is imperative to ask what constitutes a secure system—in other words, what is our goal? Note that, unlike an attack on a system, security cannot be demonstrated by example. Hence, popular perception often holds that “human ingenuity cannot concoct a cipher which human ingenuity cannot resolve” (this quote is from Edgar Allan Poe, who, in addition to being a writer, was an amateur cryptogapher [Poe65]). We will not be satisfied with this design-then-break approach to security. Rather, we will define what constitutes a secure system and then prove that a particular construction is secure, thus guaranteeing security. The first formal definition of encryption was given by Shannon in his 1949 paper [Sha49]. Definition 1 (encryption scheme a.k.a. cryptosystem). Let M and K be finite sets, and Enc, Dec be two algorithms (Enc may be randomized). We say that ( M, K, Enc , Dec) is an encryption scheme if for all m M and k K , m = Dec k (Enc k ( m )) (if Enc is randomized, this equation should hold with probability 1 over the random choices made by Enc). Note that this definition says nothing about security, it’s purely functional. We now address security separately.
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern