CIS
CIS 5371 Cryptography
1. Introduction
A simple communication game
simple
(Textbook: Modern Cryptography, Theory & Practice. Wembo Mao, Prentice-Hall, 2004.
1
Coin-flipping over the phone
pp
- a simple example
Discuss the effectiveness & practicality o
CIS 5371 Cryptography
QUIZ 11 (5 minutes only) with answers
This quiz concerns encryption va message authentication. The next quiz regards:
1. Alice and Bob compare the functionalities of encryption and message authentication. Alice
claims that there is n
CIS 5371 Cryptography
QUIZ 11 (5 minutes only) with answwers
This quiz concerns MACs.
1. Let F be a pseudorandom function. Show that the following MAC for messages of length
2n is insecure:
The shared key is a random key k cfw_0, 1n . To authenticate m1 |
CIS 5371 Cryptography
QUIZ 12 (5 minutes only) withn answers
This quiz concerns MACs.
1. Dene a M AC .
A message authentication code is a tuple (Gen,Mac,Vrfy) such that:
Gen takes input the security parameter 1n and outputs a key k with |k | n.
Mac takes
CIS 5371 Cryptography
QUIZ 14 (5 minutes only) with answers
This quiz concerns the birthday attack and the Merkle-Damg transform.
ard
1. Use some of the following words/expressions to describe the birthday attack:
H : cfw_0, 1 cfw_0, 1 , cfw_0, 1 , y = H
CIS 5371 Cryptography
5a. Pseudorandom Objects in Practice
Block Ciphers
Based on: Jonathan Katz and Yehuda Lindell Introduction to Modern Cryptography
1
Block ciphers as encryption schemes
or pseudorandom permutations
Block ciphers should be viewed as ps
CIS 5371 Cryptography
3b. Pseudorandomness
Based on: Jonathan Katz and Yehuda Lindell Introduction to Modern Cryptography
1
Pseudorandomness
An introduction
A distribution D is pseudorandom if no PPT
distinguisher can detect if it a string sampled
accord
CIS 5371 Cryptography
3c. Pseudorandom Functions
Based on: Jonathan Katz and Yehuda Lindell Introduction to Modern Cryptography
1
Definition
A is a two input function
0,1 0,1 0,1
where the first input is called the key, denoted ,
.and the second is just
CIS 5371 Cryptography
8. Data Integrity Techniques
1
Asymmetric techniques, I
Digital signatures
With PK encryption, Alice can use her private key
to decrypt a message and the resultant
ciphertext can be encrypted to recover the
message.
This ciphertext c
CIS 5371 Cryptography
4. Message Authentication Codes
Based on: Jonathan Katz and Yehuda Lindell Introduction to Modern Cryptography
1
Message Authentication
Codes
Encryption vs message authentication
Different functionalities
Encryption does not provid
Introduction to Number Theory
1
Preview
Number Theory Essentials
Congruence classes, Modular arithmetic
Prime numbers challenges
Fermats Little theorem
The Totient function
Euler's Theorem
Quadratic residuocity
Foundation of RSA
2
Number Theory Essentials
CIS 5371 Cryptography
5b. Pseudorandom Objects in Practice
Block Ciphers
1
DES
DES is a special type of iterated cipher based on
the Feistel network.
Block length 64 bits
Key length 56 bits
Ciphertext length 64 bits
2
DES
The round function is:
g ([Li-1,R
CIS 5371 Cryptography
7. Asymmetric encryption-
1
Public Key Cryptography
Alice
Bob
Alice and Bob want to exchange a private key in public.
Public Key Cryptography
The Diffie-Hellman protocol
Let p is a large prime and .
The order of is a factor of 1.
ha
CIS 5371 Cryptography
4. Collision Resistant Hash Functions
Based on: Jonathan Katz and Yehuda Lindell Introduction to Modern Cryptography
1
Collision Resistance
A collision in a function H is a pair of distinct
inputs x, x for which = .
Collision resista
CIS 5371 Cryptography
1. Introduction
1
Prerequisites for this
course
Basic Mathematics, in particular
Number Theory
Basic Probability Theory
Problem solving skills
Programming skills (for projects)
2
Goals for the Introduction
Discuss the effectiveness &
CIS 5371 Cryptography
3. Private-Key Encryption and
Pseudorandomness
Based on: Jonathan Katz and Yehuda Lindel Introduction to Modern Cryptography
1
A Computational Approach
to Cryptography
The principal of Kerchoffs essentially
says that it is not neces
CIS 5371 Cryptography
QUIZ 9 (5 minutes only) with solutions
This quiz concerns pseudorandomness.
1. Alice and Bob discuss the practicality of private-key encryption schemes. Bob says that
there is not much dierence between the cost of the one-time pad, p
CIS 5371 Cryptography
QUIZ 8 (5 minutes only)
This quiz concerns CPA security.
1. What does CPA-security mean. Answer. Chosen Plaintext Attack.
2. The distinguisher D in the CPA experiment has oracle access to the encryption function.
What does this mean?
CIS
CIS 5371 Cryptography
2. Safeguard and Attack
1
En
Encryption
Encryption
encryption key
Plaintext
Ciphertext
decryption key
Decryption
2
Encryption algorithms
Notation
Message M
Algorithm A
Key K
Cryptographic transformation: M = A(K,M)
If A is an enc
CIS
CIS 5371 Cryptography
3. Probability & Information Theory
1
Basic rules of probability
Notation
Events: S, , E, F, ., EF, EF,
.
Pr[S]=1, Pr[]=0, 0 Pr[E] 1
Pr[
Pr[EF] = Pr[E] + Pr[F] - Pr[EF],
.
.
E S \ E , Pr[ E ] Pr [ E ] 1
EF
Pr[ E ] Pr[ F ]
Pr[ E
CIS
CIS 5371 Cryptography
4. Computational Complexity
1
Turing Machines
A finite state control unit
k 1 tapes and read or write tapeheads
FSC unit
tapeheads
2
Deterministic Polynomial Time
Class P
The class of languages L such that:
any x L can be recogni
CIS
CIS 5371 Cryptography
5. Algebraic foundations
1
Groups
Group (G,)
A set G with a binary operation for which we have
Closure
Associativity
An identity
Each element has an inverse
2
Groups
Examples
(Z,+), (Zp*, ), (Zn*, ) are all groups
Here:
Zn =cfw_0
CIS
CIS 5371 Cryptography
6. An Introduction to Number Theory
1
Congruence and Residue classes
Arithmetic modulo n, Zn
Solving linear equations
The Chinese Remainder Theorem
Eulers phi function
The theorems of Fermat and Euler
Quadratic residues
Legendre
CIS 5371 Cryptography
8. Encryption -Asymmetric Techniques
Textbook
Textbook encryption algorithms
In this chapter, security (confidentiality) is considered
this chapter security (confidentiality) is considered
in the following sense:
All-or-nothing secr
CIS 5371 Cryptography
Home Assignment 1
Due: At the beginning of the class on on Feb 12, 2013
Exercises taken from the course textbook. Jonathan Katz and Yehuda Lindell, Introduction to
Modern Cryptography.
1.3 Consider an improved version of the Vigen`r
CIS 5371 Cryptography
Home Assignment 3 with answers
Due: At the beginning of the class on February 26, 2013
Exercises taken from the course textbook. Jonathan Katz and Yehuda Lindell, Introduction to Modern Cryptography.
3.6 Let G be a pseudorandom gener
CIS 5371 Cryptography
QUIZ 1 (5 minutes only) with answers
This quiz concerns the Intro to Number Theory discussion and basics of
cryptography.
1. Fermats Little theorem states that:
For every prime number p and number a with 0 a < p we have: ap = a mod p
CIS 5371 Cryptography
6*. An Introduction to Number Theory
1
Congruence and Residue classes
Arithmetic modulo n, Zn
Solving linear equations
The Chinese Remainder Theorem
Eulers phi function
The theorems of Fermat and Euler
Quadratic residues
Legendre & J