This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Leo Reyzin. Notes for BU CAS CS 538. 1 1 S y m m e t r i c C r y p t o g r a p h y 1.1 Stream Ciphers and Block Ciphers Cryptographers have long been designing things called stream ciphers and block ciphers. A stream cipher (e.g., RC4 [Riv87]) takes an input key (also known as seed) and produces a long (usually unlimited) stream of random-looking bits. A block cipher (e.g., DES [NIS77]) takes a key and an input, and produces an output of the same length as the input. For each key, a block cipher is a permutation. While stream ciphers and block ciphers predate modern cryptographic notions, today people most often model them as pseudorandom generations and pseudorandom permutations, respectively. Note that stream ciphers and block ciphers used in practice are not provably pseudorandom generations and functions; rather, they are believed to have these properties (although some think that this is too strong of an assumption). We already designed pseudorandom generators that are provably secure under a reasonable assumption. We will do the same for pseudorandom functions and permutations below (after defining them, of course). It is therefore legitimate to ask why people use unprovable designs when so many provably secure ones are available. The answer is mainly speed. As we will see shortly, traditional stream and block ciphers are orders of magnitude faster than provable ones. Thus, they are preferred for encrypting bulk data, particularly by computationally weak devices in real time (cell phones, wireless network cards, etc.). We will spend this and next lecture understanding what pseudorandom generators and functions are and how to build them (provably!). Note that our provably secure constructions will be of interest mainly as feasibility results: we show that it can be done, but most people will not use our provable constructions. Instead, in practice they will simply opt for assuming that RC4 is a pseudorandom generator and DES is a pseudorandom function, even though these assumptions are seemingly stronger than simply assuming that factoring is hard. Nonetheless, whether you use a provable pseudorandom generator, such as Blum-Blum-Shub, or a heuris- tic one, such as RC4, you still need to use it right. Therefore, we will then turn to understanding how to use pseudorandom generators and functions to accomplish actual goals (privacy and authenticity). But first, by way of example, we briefly study RC4 and DES. 1.2 RC4 RC4, designed by Rivest, is a stream cipher that takes a key and produces a long stream of random-looking bits. The key is used to initialize an array S of 256 elements that contains each byte from 0 to 255 exactly once. The key is also used to initialize two indices, i and j , into the array. We do not describe the initialization step here. After the initialization, the following steps take place. All operations below are modulo 256 Repeat for as many times as the number of output bytes needed: 1. i i + 1 2. j...
View Full Document
- Spring '09