Applied Cryptography and Computer Security
Instructor: Sheng Zhong
1
What is the purpose of this course?
Our purpose is studying cryptography in a rigorous manner, with emphasis on careful design and
Cryptographic Protocols
Sheng Zhong
1
Outline
Bit Commitment Secret Sharing Oblivious Transfer Secure Computation
Definitions Completeness Theorems
2
Bit Commitment (1)
Suppose Alice and Bob want t
Digital Signature
Sheng Zhong
Digital Signature (1)
Public-key-based technique for data integrity. A digital signature scheme is a tuple (PK, SK, M, S, KG, Sign, Verify).
PK: Public key space (the s
Applied Cryptography and Computer
Security
CSE 664 Spring 2017
Lecture 5: Symmetric Encryption II
Department of Computer Science and Engineering
University at Buffalo
1
Symmetric
Symmetric Encryption
Applied Cryptography and Computer
Security
CSE 664 Spring 2017
Lecture 1: Basic Definitions and Concepts
Department of Computer Science and Engineering
University at Buffalo
1
What
What Background
Bac
Applied Cryptography and Computer
Security
CSE 664 Spring 2017
Lecture 4: Symmetric Encryption
Department of Computer Science and Engineering
University at Buffalo
1
High-Level
High-Level View
View
P
Applied Cryptography and Computer
Security
CSE 664 Spring 2017
Lecture 3: Perfect Secrecy, Entropy
Department of Computer Science and Engineering
University at Buffalo
1
Lecture
Lecture Outline
Outlin
Applied Cryptography and Data Security
CSE 664 Spring 2017
Lecture 2: Classical Ciphers
Department of Computer Science and Engineering
University at Buffalo
1
Lecture
Lecture Outline
Outline
What did
Pseudorandom Generator Exercises for CSE 664
For each construction G : cfw_0, 1n cfw_0, 12n , state whether it is a pseudorandom generator or not.
Justify your answer.
1. G(s) = G0 (s)|0, where G0 : c
Background exercises
CSE 664 Spring 2018
Computer Science and Engineering
University at Buffalo
1. Determining asymptotic complexity. Give asymptotic complexity of the following problems using big-O n
Pseudorandom Function Exercises for CSE 664
For each construction of function F : cfw_0, 1n cfw_0, 1n cfw_0, 1n , state whether it is pseudorandom
or not. Justify your answer.
1. Fk (x) = truncate(G(k
Zero-Knowledge Proofs
Sheng Zhong
1
Graph Isomorphism
Suppose G1 and G2 are two graphs known to both you and me. Furthermore, I know they are isomorphic.
But you dont know and cant figure it out.
H
Entity Authentication
Sheng Zhong
1
Password Authentication
Oldest(?) way to authenticate an entity. Each user has a password.
Host keeps a list of (user id, password).
When a user needs to login,
Homework 2
Due in Class on Feb 28
1 Another Property of Eulers Totient Function
Show that, for any n,
d|n (d)
= n.
2 Modular Inverse
Calculate the inverse of 256 with respect to modulus 625.
3 Using R
Homework 1
(Due in Class, Feb 14 Thursday) 1. Design a good chaining mode. Describe your encryption and decryption algorithms in detail. 2. Consider CFB mode with n=64 and s=8. If a bit error occurs i
Homework 3
Due in Class Thursday, March 27
1
Number of Quadratic Residues
Consider N = n=1 pi , where each pi is a prime and for i = j , pi = pj . How i many qudratic residues are there in ZN ? Why?
2
Applied Cryptography and Computer Security
Instructor: Sheng Zhong
1
What is the purpose of this course?
Our purpose is studying cryptography in a rigorous manner, with emphasis on careful design and
Wrestling between Safeguard and Attack
- An example for security flaws
1
It is so easy to be flawed in cryptography!
Cryptographic algorithms, protocols, and Systems usually contain security flaws.
Symmetric-Key Cryptosystem
Sheng Zhong
1
Cryptosystem: Definition (1)
A Cryptosystem is a tuple (M,C, K, G, E, D):
M: cleartext (message) space C: ciphertext space K: key space G: key generating alg
Public Key Cryptosystem
Sheng Zhong
1
Recall Definition
A public key cryptosystem is (M, C, K, G, E, D):
M: cleartext message space C: ciphertext space K: key space G: generate encryption/decryption
Probabilistic Encryption
Sheng Zhong
1
Need for Randomness
Recall all the cryptosystems we described are not semantically secure.
Because they are all deterministic. If we want stronger security gua
Message Authentication
Sheng Zhong
Target
When we receive a message, we want to make sure:
It is sent by the supposed sender. Nobody has tampered with it.
This can be done:
Using private key techn
CSE 664 Spring 2018
Practice Homework 1
This homework wont be collected or graded
1. Exercise 1.1 from the textbook.
2. In an attempt to prevent Kasiskis attack on the Vigenere cipher, the following m