Having PKCs does not end our problems
Security Protocols
How to distribute public keys?
Based on Chapter 10 of T&W
Bob can go to Alices web page
for her public keys.
But how does he know it is
really Alice.
CIS 428/628 O Intro. to Cryptography
Key exchang
ON to RSA
(Well pick up on DES and AES later.)
Symmetric Cryptosystems
RSA
A and B have a shared secret the value of the key
A = amazon.com B = book buyer
(Based on Chap. 4 of Lewland
and Chap. 6 of Trappe & Washington.)
key
key
A p = c c = p
B
Asymmetric
Introduction to Cryptography
Quiz 2
An answer. Eve computes d = e1 mod ( p) = e1 mod ( p 1) in polytime. Then, in poly-time Eve can compute:
Distribution of scores
Range:
5- 6:
7- 8:
9-10:
11-12:
13-14:
15-16:
17-18:
19-20:
Scores:
6
(encrypt Alice (m)d m
Introduction to Cryptography
Answers to Quiz 1
Problem 3 (5 points) Prove one of the following. If you
solve more than one, indicate which one you want graded.
Distribution of scores
7- 8:
9-10:
11-12:
13-14:
15-16:
17-18:
19-20:
7
9
a. Suppose (i) a, b Z
the problem
scambling frequences
CIS 428/628: Intro. to Cryptography
To get around the weakness of monoalphabetic ciphers,
we need to scamble letter frequences somehow.
A polyalphabetic substitution cipher is a cipher in which there is
not a 11 map betwe
monoalphabetic substitution cyphers
The cyphers you would
nd explained in the back
of a Donald Duck comic
book.
Monoalphabetic Ciphers & Their Math
Example:
aX bY cZ
d A . z W
starbucks at three
PQXOYRZHP XQ QEOBB
(Based on Chapter 1 of Lewand)
CIS 428/62
Lattices
Vector Spaces
Lattice Based Cryptography
Let v1 , . . . , vn be a set of indep. vectors in Rn .
So Rn = cfw_ a1 v1 + + an vn | a1 , . . . , an R
Based on Chapter 17 of Trappe & Washington
and Security Innovations Technical Documents
Inner produc
Information Theory
Information Theory & Cryptography
based on
Chapter 15 of Trappe & Washington
Chapter 2 of Cryptography: Theory & Practice, 2/e by D. Stinson
Claude Shannon 1940
Wanted to establish limits on compressing & communicating
data.
Concerned q
Cryptographic Hash Functions
h : strings cfw_ 0, 1 k
where k = 160 or so
We want h to be:
Cryptographic Hash Functions
& Signature Schemes
1. fast to compute.
2. one-way (a.k.a., preimage resistant) , i.e., h(y) y is hard.
3. collision resistant (a.k.a. s
Flipping Coins over the Telephone
Alice
Games (and Quadratic Residues)
Based on: Chapter 13 and 3.9 of T&W and
3.6 of Introduction to Cryptography by Delfs & Knebl
Bob
Alice
CIS 428/628 O Intro. to Cryptography
March 7, 2012
Bob
CIS 428/628 O Intro. to Cr
Fields
Example: (Zp , +p , p ) acts like a miniature version of Q.
Denition
Finite Fields & Discrete-log Based Cryptosystems
A eld F is a set with operations +F and F
Based on 3.11 and Chapter 7 of T& W
+F and F obey the usual assoc. and comm. laws.
( a +
Craig Gentrys Thesis
Craig Gentrys 2009 Stanford Ph.D. thesis constructed the rst fully
homomorphic encryption (FHE) scheme.
Under a FHE scheme:
You send a program f and encrypted data E (m) to a compute server.
The compute server returns E (f (m) (withou
Elliptic Curves
Denition
Elliptic Curve Cryptography
An elliptic curve E over a eld F is a curve given by
an equation of the form:
based on
Chapter 16 of Trappe & Washington
Section IV of A Course in Number Theory and Cryptography/2e
by Neal Koblitz
Y2 +
Digital Cash
Okamoto & Ohtas Criteria
Digital Cash
Cash can be sent securely through computer networks
Cash cannot be copied or reused.
Based on Chapter 10 of T&W
The spender can remain anonymous
neither the merchant nor the bank can id the spender
CIS 4
Types of Attacks on Cryptosystems
The Encryption/Decryption Process
Ciphertext Attack
plaintext
More on Classical Cryptosystems
(Based on Chap. 2 of Trappe & Washington.)
Given a ciphertext, deduce the key
encryption alg. encryption key
ciphertext
Plainte
Block Ciphers
Modern Block Ciphers
Plaintexts = Ciphertexts = cfw_ 0, 1 n .
Based on Chapters 4 & 5 of T&W
DES: cfw_ 0, 1 64 cfw_ 0, 1 56 cfw_ 0, 1 64
plaintext
key
ciphertext
Data Encryption Standard From late 1970s
CIS 428/628 O Intro. to Cryptography
F
CIS 428/628 O Intro to Cryptography
Answers for Homework 6
(d) We use a variation of the trick at the end of Section 3.9. Since b2 y
(mod p) and b2 y (mod q), p|(b2 y) but q |(b2 y). Therefore,
gcd(n, b2 y) = p.
1: T&W Page 304, Exercise 3.
By the formula
CIS 428/628 O Intro to Cryptography
Answers for Homework 5
1. Page 216, Exercise 10.
5. Page 253 Exercise 5.
Since gcd(b, p 1) = 1, b1 (mod p 1) exists and can be computed
1
1
b1
easily from b and p. So x2 ( b )b bb (mod p).
(a) The validity test is: m =
CIS 428/628 O Intro to Cryptography
Answers for Homework 4
1. Page 193 Exercise 8.
No. Since c2 = (me1 )e2 = me1 e2 (mod n), what Alice is doing is equivalent to
using e1 e2 mod (n) as her encryption key, which isnt any better than any
other possible key.
Answers for Homework 3
CIS 428/628 Intro to Cryptography
1. Exercise 2 on page 150 of Lewland.
7. Exercise 12 on page 105 of Trappe and Washington.
If n is odd and > 1, then gcd(2, n) = 1. So by Lewland 4.6, (2n) =
(2) (n) = (2 1) (n) = (n).
2. Exercise
Answers for Homework 2
CIS 428/628 Intro to Cryptography
1. Cryptanalysis problems
(a) Additive shift cipher: n (n + 17) mod 26
Mary had a little key (Its all she could export),
and all the email that she sent was opened at the Fort.
Ron Rivest
(b) Afne
Answers for Homework 1
CIS 428/628 Introduction to Cryptography
1. Lewand, page 7, exercise 1.1.7.
We want to show, by induction on n, that for all n 1, n < 2n .
B ASE CASE : n = 1. n = 1 < 2 = 21 = 2n . So we are done.
I NDUCTION STEP : Suppose n > 1 and