SlideShare uma empresa Scribd logo

cryptography_priceton_university_fall_2007.ppt

Transferir como PPT, PDF
J
Johnree4

presentation about cryptography

Educação
1 de 23
Princeton University • COS 433 • Cryptography • Fall 2007 • Boaz Barak COS 433: Cryptography Princeton University Fall 2007 Boaz Barak Two important quick notes:  Slides will be on course web site  Please stop me if you have questions!
2 Cryptography History of 2500- 4000 years. Recurring theme: (until 1970’s)  Secret code invented  Typically claimed “unbreakable” by inventor  Used by spies, ambassadors, kings, generals for crucial tasks.  Broken by enemy using cryptanalysis. Throughout most of this history: cryptography = “secret writing”: “Scramble” (encrypt) text such that it is hopefully unreadable by anyone except the intended receiver that can decrypt it.
3 Examples 1587: Ciphers from Mary of Scots plotting assassination of queen Elizabeth broken; used as evidence to convict her of treason. 1860’s (civil war): Confederacy used good cipher (Vigenere) in a bad way. Messages routinely broken by team of young union cryptanalysts; in particular leading to a Manhattan manufacturer of plates for printing rebel currency. 1878: New York Tribune decodes telegram proving Democrats’ attempt to buy an electoral vote in presidential election for $10K. 1914: With aid of partial info from sunken German ships, British intelligence broke all German codes. Cracked telegram of German plan to form alliance with Mexico and conquer back territory from U.S. As a result, U.S. joined WWI. WWII: Cryptanalysis used by both sides. Polish & British cryptanalysts break supposedly unbreakable Enigma cipher using mix of ingenuity, German negligence, and mechanical computation. Churchill credits cryptanalysts with winning the war.
4 This Course What you’ll learn:  Foundations and principles of the science  Definitions and proofs of security  High-level applications  Critical view of security suggestions and products What you will not learn:  The most efficient and practical versions of components.  Designing secure systems*  “Hacking” – breaking into systems.  Everything important about crypto  Basic primitives and components.  Viruses, worms, Windows/Unix bugs, buffer overflow etc..  Buzzwords Will help you avoid designing insecure systems.
5 This Course Modern (post 1970’s) cryptography: Provable security – breaking the “invent-break-tweak” cycle  Perfect security (Shannon) and its limitations  Computational security  Pseudorandom generators, one way functions Beyond encryption – public-key crypto and other wonderful creatures  Public-key encryption based on factoring and RSA problem  Digital signatures, hash functions  Zero-knowledge proofs  Active security – Chosen-Ciphertext Attack Advanced topics (won’t have time for all  )  The SSL Protocol and attacks on it  Secret Sharing  Multi-party secure computation  Quantum cryptography  Password-based key-exchange, broadcast encryption, obfuscation
6 Administrative Info Lectures: Tue,Thu 1:30-2:50pm (start on time!) Instructor: Boaz Barak: boaz@cs Web page: http://www.cs.princeton.edu/courses/archive/fall07/cos433/ Or: Google “Boaz Barak” and click “courses” TA: Rajsekar Manokaran ( rajsekar@cs ) Important: join mailing list, email me to set appointment before next class Office hrs: Thu after class (3pm) or by appointment. Precepts: --- Office hrs: ---
7 Prerequisites 1. Ability to read and write mathematical proofs and definitions. 2. Familiarity with algorithms – proving correctness and analyzing running time (O notation). Required: Helpful but not necessary: Complexity. NP-Completeness, reductions, P, BPP, P/poly Probabilistic Algorithms. Primality testing, hashing, Number theory. Modular arithmetic, prime numbers See web-site for links and resources. 3. Familiarity with basic probability theory (random variables, expectations – see handout).
8 Reading Foundations of Cryptography / Goldreich. Graduate-level text, will be sometimes used. Lecture notes on web: (links on web site) Computational Intro to Algebra and Number Theory / Shoup. (Available also on the web) Introduction to the Theory of Computation / Sipser. For complexity background Introduction to Modern Cryptography / Katz & Lindell Main text used, though not 100% followed
9 Requirements Exercises: Weekly from Thursday till Thursday before class. Submit by email / mailbox / in class to Rajsekar. Flexibility: 4 late days, bonus questions Take home final. Final grade: 50% homework, 50% final Honor code. Collaboration on homework with other students encouraged. However, write alone and give credit. Work on final alone and as directed.
10 This course is hard  Challenging weekly exercises  Emphasis on mathematical proofs  Counterintuitive concepts.  Extensive use of quantifiers/probability But it’s not my fault :)  Good coverage of crypto (meat, vegetables and desert) takes a year.  Simulation / experimentation can’t be used to show security.  Need to acquire “crypto-intuition”  Quantifiers, proofs by contradiction, reductions, probability are inherent. Mitigating hardness  Avoid excessive exercises – only questions that teach you something.  Try best to explain intuition behind proofs  Me and Rajsekar available for any questions and clarifications.
11 Encryption Schemes Alice wants to send Bob a secret message. They agree in advance on 3 components:  Encryption algorithm: E  Decryption algorithm: D  Secret key: k To encrypt plaintext m, Alice sends c = E(m,k) to Bob. To decrypt a cyphertext c, Bob computes m’ = D(c,k). c = E(m,k) c m’ = D(c,k)  A scheme is valid if m’=m  Intuitively, a scheme is secure if eavesdropper can not learn m from c.
12 Example 1: Caesar’s Cipher Key: k = no. between 0 and 25. Encryption: encode the ith letter as the (i+k) th letter. (working mod 26: z+1=a ) Decryption: decode the jth letter to the (j-k) th letter. S E N D R E I N F O R C E M E N T Plain-text: Key: 2 Cipher-text: U G P F T F K P H Q T E G O G P V Problem: only 26 possibilities for key – can be broken in short time. In other words: “security through obscurity” does not work. Kerchoff’s Principle (1883): System should be secure even if algorithms are known, as long as key is secret.
13 Example 2: Substitution Cipher Key: k = table mapping each letter to another letter A B C Z U R B E Encryption and decryption: letter by letter according to table. # of possible keys: 26! ( = 403,291,461,126,605,635,584,000,000 ) However – substitution cipher is still insecure! Key observation: can recover plaintext using statistics on letter frequencies. LIVITCSWPIYVEWHEVSRIQMXLEYVEOIEWHRXEXIPFEMVEWHKVSTYLX ZIXLIKIIXPIJVSZEYPERRGERIMWQLMGLMXQERIWGPSRIHMXQEREKI He e e e h e t t ht ethe eet e e h h t e e t e I – most common letter LI – most common pair XLI – most common triple Here e r e h e t t r r ht ethe eet e r e h h t e e t e I=e L=h X=t Here e ra a e ha a ea tat a ra r ht ethe eet e r a a e h h t a e e t a a e V=r E=a Y=g HereUpOnLeGrandAroseWithAGraveAndStatelyAirAndBrought MeTheBeetleFromAGlassCaseInWhichItWasEnclosedItWasABe
14 Example 3- Vigenere “Multi-Caesar Cipher” – A statefull cipher Key: k = (k1,k2,…,km) list of m numbers between 0 and 25 Encryption: 1st letter encoded as Caesar w/ key=k1 : i  I + k1 (mod 26) 2nd letter encoded as Caesar w/ key=k2 : i  I + k2 (mod 26) mth letter encoded as Caesar w/ key=km : i  I + km (mod 26) m+1th letter encoded as Caesar w/ key=k1 : i  I + k1 (mod 26) Decryption: In the natural way … Important Property: Can no longer break using letter frequencies alone. ‘e’ will be mapped to ‘e’+k1,‘e’+k2,…,‘e’+km according to location. nth letter encoded w/ key=k(n mod m) : i  I + k(n mod m) (mod 26) Considered “unbreakable” for 300 years (broken by Babbage, Kasiski 1850’s) (Belaso, 1553)
15 Example 3- Vigenere “Multi-Caesar Cipher” – A statefull cipher Key: k = (k1,k2,…,km) list of m numbers between 0 and 25 Encryption: Breaking Vigenere: nth letter encoded w/ key=k(n mod m) : i  I + k(n mod m) (mod 26) (Belaso, 1553) LIVITCSWPIYVEWHEVSRIQMXLEYVEOIEWHRXEXIPFEM VEWHKV Step 1: Guess the length of the key m Step 2: Group together positions {1, m+1, 2m+1, 3m+1,…} {m-1, 2m+m-1, 3m+m-1,…} Decryption: In the natural way … {2, m+2, 2m+2, 3m+2,…}
16 Example 3- Vigenere “Multi-Caesar Cipher” – A statefull cipher Key: k = (k1,k2,…,km) list of m numbers between 0 and 25 Encryption: Breaking Vigenere: nth letter encoded w/ key=k(n mod m) : i  i + k(n mod m) (mod 26) (Belaso, 1553) LIVITC SWPIYV EWHEVS RIQMXL EYVEOI EWHRXE XIPFEM VEWHKV Step 1: Guess the length of the key m Step 2: Group together positions 1, m+1, 2m+1, 3m+1,… Step 3: Frequency-analyze each group independently. Decryption: In the natural way {m-1, 2m+m-1, 3m+m-1,…} … {2, m+2, 2m+2, 3m+2,…}
17 Example 4 - The Enigma A mechanical statefull cipher. Roughly: composition of 3-5 substitution ciphers implemented by wiring. Wiring on rotors moving in different schedules, making cipher statefull Key: 1) Wiring of machine (changed infrequently) 2) Daily key from code books 3) New operator-chosen key for each message Tools used by Poles & British to break Enigma: 1) Mathematical analysis combined w/ mechanical computers 2) Captured machines and code-books 3) German operators negligence 4) Known plaintext attacks (greetings, weather reports) 5) Chosen plaintext attacks Used by Germany in WWII for top-secret communication.
18 Post 1970’s Crypto Two major developments: 1) Provably secure cryptography Encryptions w/ mathematical proof that are unbreakable* * Currently use conjectures/axioms, however defeated all cryptanalysis effort so far. 2) Cryptography beyond “secret writing” Public-key encryptions Digital signatures Zero-knowledge proofs Anonymous electronic elections Privacy-preserving data mining e-cash …
19 Review of Encryption Schemes Alice wants to send Bob a secret message.  Encryption algorithm: E  Decryption algorithm: D  Secret key: k To encrypt m, Alice sends c = E(m,k) to Bob. To decrypt c, Bob computes m’ = D(c,k). c = E(m,k) c m’ = D(c,k) Q: Can Bob send Alice the secret key over the net? A: Of course not!! Eve could decrypt c! Q: What if Bob could send Alice a “crippled key” useful only for encryption but no help for decryption
20 Public Key Cryptography [DH76,RSA77] Alice wants to send Bob a secret message.  Encryption algorithm: E  Decryption algorithm: D To encrypt m, Alice sends c = E(m,e) to Bob. To decrypt c, Bob computes m’ = D(c,d). c = E(m,e) c m’ = D(c,d)  Key: Bob chooses two keys:  Secret key d for decrypting messages.  Public key e for encrypting messages. choose d,e e Should be safe to send e “in the clear”!  A scheme is valid if m’=m  Intuitively, a scheme is secure if eavesdropper can not learn m from c. Even if Eve knows the key e!
21 Other Crypto Wonders Digital Signatures. Electronically sign documents in unforgeable way. Zero-knowledge proofs. Alice proves to Bob that she earns <$50K without Bob learning her income. Privacy-preserving data mining. Bob holds DB. Alice gets answer to one query, without Bob knowing what she asked. Playing poker over the net. Alice, Bob, Carol and David can play poker over the net without trusting each other or any central server. Distributed systems. Distribute sensitive data to 7 servers s.t. as long as <3 are broken, no harm to security occurs. Electronic auctions. Can run auctions s.t. no one (even not seller) learns anything other than winning party and bid.
22 Cryptography & Security Prev slides: Have provably secure algorithm for every crypto task imaginable. Q: How come nothing is secure? A1: Not all of these are used or used correctly:  Strange tendency to use “home-brewed” cryptosystems.  Combining secure primitives in insecure way  Strict efficiency requirements for crypto/security:  Many provably secure algs not efficient enough  The cost is visible but benefit invisible.  Easy to get implementation wrong – many subtleties  Compatibility issues, legacy systems,  Misunderstanding properties of crypto components.
23 Cryptography & Security Prev slides: Have provably secure algorithm for every crypto task imaginable. Q: How come nothing is secure? A2: Cryptography is only part of designing secure systems  Chain is only as strong as weakest link.  A “dormant bug” is often a security hole.  Security is hard to “modularize”  Human element (hard to add to existing system, changes in system features can have unexpected consequences)  Many subtle issues (e.g., caching & virtual memory, side channel attacks)  Key storage and protection issues.

Recomendados

sabith.pptx
sabith.pptxsabith.pptx
sabith.pptxsabith15
 
Introductory Lecture on Cryptography and Information Security
Introductory Lecture on Cryptography and Information SecurityIntroductory Lecture on Cryptography and Information Security
Introductory Lecture on Cryptography and Information SecurityBikramjit Sarkar, Ph.D.
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesJanani S
 
Edward Schaefer
Edward SchaeferEdward Schaefer
Edward SchaeferInformation Security Awareness Group
 
Ppt ns
Ppt nsPpt ns
Ppt nsuniversity of Gujrat, pakistan
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptographyNishant Bhardwaj
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyDavid Evans
 
Number Theory In Cryptography
Number Theory In CryptographyNumber Theory In Cryptography
Number Theory In CryptographyAbhishek Nand
 

Recomendados

sabith.pptx
sabith.pptxsabith.pptx
sabith.pptxsabith15
 
Introductory Lecture on Cryptography and Information Security
Introductory Lecture on Cryptography and Information SecurityIntroductory Lecture on Cryptography and Information Security
Introductory Lecture on Cryptography and Information SecurityBikramjit Sarkar, Ph.D.
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesJanani S
 
Edward Schaefer
Edward SchaeferEdward Schaefer
Edward SchaeferInformation Security Awareness Group
 
Ppt ns
Ppt nsPpt ns
Ppt nsuniversity of Gujrat, pakistan
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptographyNishant Bhardwaj
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyDavid Evans
 
Number Theory In Cryptography
Number Theory In CryptographyNumber Theory In Cryptography
Number Theory In CryptographyAbhishek Nand
 
Number Theory In Cryptography
Number Theory In CryptographyNumber Theory In Cryptography
Number Theory In CryptographyAadya Vatsa
 
Ch02...1
Ch02...1Ch02...1
Ch02...1nathanurag
 
Cryptography
CryptographyCryptography
CryptographyDavid Evans
 
ch09_rsa_nemo.ppt
ch09_rsa_nemo.pptch09_rsa_nemo.ppt
ch09_rsa_nemo.pptChandraB15
 
Cryptography and applications
Cryptography and applicationsCryptography and applications
Cryptography and applicationsthai
 
Mathematics Towards Elliptic Curve Cryptography-by Dr. R.Srinivasan
Mathematics Towards Elliptic Curve Cryptography-by Dr. R.SrinivasanMathematics Towards Elliptic Curve Cryptography-by Dr. R.Srinivasan
Mathematics Towards Elliptic Curve Cryptography-by Dr. R.Srinivasanmunicsaa
 
Fv3111451146
Fv3111451146Fv3111451146
Fv3111451146IJERA Editor
 
b
bb
bBalaji Ravi
 
unit 2.ppt
unit 2.pptunit 2.ppt
unit 2.pptHetaDesai13
 
Network security CS2
Network security CS2Network security CS2
Network security CS2Infinity Tech Solutions
 
What is Cryptography?
What is Cryptography?What is Cryptography?
What is Cryptography?Pratik Poddar
 
Module 1.pptx
Module 1.pptxModule 1.pptx
Module 1.pptxShilpaShettyA1
 
Ch08-CryptoConcepts.ppt
Ch08-CryptoConcepts.pptCh08-CryptoConcepts.ppt
Ch08-CryptoConcepts.pptShounakDas16
 
classicalencryptiontechniques.ppt
classicalencryptiontechniques.pptclassicalencryptiontechniques.ppt
classicalencryptiontechniques.pptutsavkakkad1
 
02 Information System Security
02 Information System Security02 Information System Security
02 Information System SecurityShu Shin
 
Cryptography - A Brief History
Cryptography - A Brief HistoryCryptography - A Brief History
Cryptography - A Brief Historyprasenjeetd
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptographySuresh Thammishetty
 
Unit --3.ppt
Unit --3.pptUnit --3.ppt
Unit --3.pptDHANABALSUBRAMANIAN
 
Classical cryptography1
Classical cryptography1Classical cryptography1
Classical cryptography1Aravindharamanan S
 
Detailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocolsDetailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocolsChristian Spolaore
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 

Mais conteúdo relacionado

Semelhante a cryptography_priceton_university_fall_2007.ppt

Number Theory In Cryptography
Number Theory In CryptographyNumber Theory In Cryptography
Number Theory In CryptographyAadya Vatsa
 
ch09_rsa_nemo.ppt
ch09_rsa_nemo.pptch09_rsa_nemo.ppt
ch09_rsa_nemo.pptChandraB15
 
Cryptography and applications
Cryptography and applicationsCryptography and applications
Cryptography and applicationsthai
 
Mathematics Towards Elliptic Curve Cryptography-by Dr. R.Srinivasan
Mathematics Towards Elliptic Curve Cryptography-by Dr. R.SrinivasanMathematics Towards Elliptic Curve Cryptography-by Dr. R.Srinivasan
Mathematics Towards Elliptic Curve Cryptography-by Dr. R.Srinivasanmunicsaa
 
What is Cryptography?
What is Cryptography?What is Cryptography?
What is Cryptography?Pratik Poddar
 
Ch08-CryptoConcepts.ppt
Ch08-CryptoConcepts.pptCh08-CryptoConcepts.ppt
Ch08-CryptoConcepts.pptShounakDas16
 
classicalencryptiontechniques.ppt
classicalencryptiontechniques.pptclassicalencryptiontechniques.ppt
classicalencryptiontechniques.pptutsavkakkad1
 
02 Information System Security
02 Information System Security02 Information System Security
02 Information System SecurityShu Shin
 
Cryptography - A Brief History
Cryptography - A Brief HistoryCryptography - A Brief History
Cryptography - A Brief Historyprasenjeetd
 
Detailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocolsDetailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocolsChristian Spolaore
 

Semelhante a cryptography_priceton_university_fall_2007.ppt (20)

Number Theory In Cryptography
Number Theory In CryptographyNumber Theory In Cryptography
Number Theory In Cryptography
 
Ch02...1
Ch02...1Ch02...1
Ch02...1
 
Cryptography
CryptographyCryptography
Cryptography
 
ch09_rsa_nemo.ppt
ch09_rsa_nemo.pptch09_rsa_nemo.ppt
ch09_rsa_nemo.ppt
 
Cryptography and applications
Cryptography and applicationsCryptography and applications
Cryptography and applications
 
Mathematics Towards Elliptic Curve Cryptography-by Dr. R.Srinivasan
Mathematics Towards Elliptic Curve Cryptography-by Dr. R.SrinivasanMathematics Towards Elliptic Curve Cryptography-by Dr. R.Srinivasan
Mathematics Towards Elliptic Curve Cryptography-by Dr. R.Srinivasan
 
Fv3111451146
Fv3111451146Fv3111451146
Fv3111451146
 
b
bb
b
 
unit 2.ppt
unit 2.pptunit 2.ppt
unit 2.ppt
 
Network security CS2
Network security CS2Network security CS2
Network security CS2
 
What is Cryptography?
What is Cryptography?What is Cryptography?
What is Cryptography?
 
Module 1.pptx
Module 1.pptxModule 1.pptx
Module 1.pptx
 
Ch08-CryptoConcepts.ppt
Ch08-CryptoConcepts.pptCh08-CryptoConcepts.ppt
Ch08-CryptoConcepts.ppt
 
classicalencryptiontechniques.ppt
classicalencryptiontechniques.pptclassicalencryptiontechniques.ppt
classicalencryptiontechniques.ppt
 
02 Information System Security
02 Information System Security02 Information System Security
02 Information System Security
 
Cryptography - A Brief History
Cryptography - A Brief HistoryCryptography - A Brief History
Cryptography - A Brief History
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
 
Unit --3.ppt
Unit --3.pptUnit --3.ppt
Unit --3.ppt
 
Classical cryptography1
Classical cryptography1Classical cryptography1
Classical cryptography1
 
Detailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocolsDetailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocols
 

Último

_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 

Último (20)

_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 

cryptography_priceton_university_fall_2007.ppt

  • 1. Princeton University • COS 433 • Cryptography • Fall 2007 • Boaz Barak COS 433: Cryptography Princeton University Fall 2007 Boaz Barak Two important quick notes:  Slides will be on course web site  Please stop me if you have questions!
  • 2. 2 Cryptography History of 2500- 4000 years. Recurring theme: (until 1970’s)  Secret code invented  Typically claimed “unbreakable” by inventor  Used by spies, ambassadors, kings, generals for crucial tasks.  Broken by enemy using cryptanalysis. Throughout most of this history: cryptography = “secret writing”: “Scramble” (encrypt) text such that it is hopefully unreadable by anyone except the intended receiver that can decrypt it.
  • 3. 3 Examples 1587: Ciphers from Mary of Scots plotting assassination of queen Elizabeth broken; used as evidence to convict her of treason. 1860’s (civil war): Confederacy used good cipher (Vigenere) in a bad way. Messages routinely broken by team of young union cryptanalysts; in particular leading to a Manhattan manufacturer of plates for printing rebel currency. 1878: New York Tribune decodes telegram proving Democrats’ attempt to buy an electoral vote in presidential election for $10K. 1914: With aid of partial info from sunken German ships, British intelligence broke all German codes. Cracked telegram of German plan to form alliance with Mexico and conquer back territory from U.S. As a result, U.S. joined WWI. WWII: Cryptanalysis used by both sides. Polish & British cryptanalysts break supposedly unbreakable Enigma cipher using mix of ingenuity, German negligence, and mechanical computation. Churchill credits cryptanalysts with winning the war.
  • 4. 4 This Course What you’ll learn:  Foundations and principles of the science  Definitions and proofs of security  High-level applications  Critical view of security suggestions and products What you will not learn:  The most efficient and practical versions of components.  Designing secure systems*  “Hacking” – breaking into systems.  Everything important about crypto  Basic primitives and components.  Viruses, worms, Windows/Unix bugs, buffer overflow etc..  Buzzwords Will help you avoid designing insecure systems.
  • 5. 5 This Course Modern (post 1970’s) cryptography: Provable security – breaking the “invent-break-tweak” cycle  Perfect security (Shannon) and its limitations  Computational security  Pseudorandom generators, one way functions Beyond encryption – public-key crypto and other wonderful creatures  Public-key encryption based on factoring and RSA problem  Digital signatures, hash functions  Zero-knowledge proofs  Active security – Chosen-Ciphertext Attack Advanced topics (won’t have time for all  )  The SSL Protocol and attacks on it  Secret Sharing  Multi-party secure computation  Quantum cryptography  Password-based key-exchange, broadcast encryption, obfuscation
  • 6. 6 Administrative Info Lectures: Tue,Thu 1:30-2:50pm (start on time!) Instructor: Boaz Barak: boaz@cs Web page: http://www.cs.princeton.edu/courses/archive/fall07/cos433/ Or: Google “Boaz Barak” and click “courses” TA: Rajsekar Manokaran ( rajsekar@cs ) Important: join mailing list, email me to set appointment before next class Office hrs: Thu after class (3pm) or by appointment. Precepts: --- Office hrs: ---
  • 7. 7 Prerequisites 1. Ability to read and write mathematical proofs and definitions. 2. Familiarity with algorithms – proving correctness and analyzing running time (O notation). Required: Helpful but not necessary: Complexity. NP-Completeness, reductions, P, BPP, P/poly Probabilistic Algorithms. Primality testing, hashing, Number theory. Modular arithmetic, prime numbers See web-site for links and resources. 3. Familiarity with basic probability theory (random variables, expectations – see handout).
  • 8. 8 Reading Foundations of Cryptography / Goldreich. Graduate-level text, will be sometimes used. Lecture notes on web: (links on web site) Computational Intro to Algebra and Number Theory / Shoup. (Available also on the web) Introduction to the Theory of Computation / Sipser. For complexity background Introduction to Modern Cryptography / Katz & Lindell Main text used, though not 100% followed
  • 9. 9 Requirements Exercises: Weekly from Thursday till Thursday before class. Submit by email / mailbox / in class to Rajsekar. Flexibility: 4 late days, bonus questions Take home final. Final grade: 50% homework, 50% final Honor code. Collaboration on homework with other students encouraged. However, write alone and give credit. Work on final alone and as directed.
  • 10. 10 This course is hard  Challenging weekly exercises  Emphasis on mathematical proofs  Counterintuitive concepts.  Extensive use of quantifiers/probability But it’s not my fault :)  Good coverage of crypto (meat, vegetables and desert) takes a year.  Simulation / experimentation can’t be used to show security.  Need to acquire “crypto-intuition”  Quantifiers, proofs by contradiction, reductions, probability are inherent. Mitigating hardness  Avoid excessive exercises – only questions that teach you something.  Try best to explain intuition behind proofs  Me and Rajsekar available for any questions and clarifications.
  • 11. 11 Encryption Schemes Alice wants to send Bob a secret message. They agree in advance on 3 components:  Encryption algorithm: E  Decryption algorithm: D  Secret key: k To encrypt plaintext m, Alice sends c = E(m,k) to Bob. To decrypt a cyphertext c, Bob computes m’ = D(c,k). c = E(m,k) c m’ = D(c,k)  A scheme is valid if m’=m  Intuitively, a scheme is secure if eavesdropper can not learn m from c.
  • 12. 12 Example 1: Caesar’s Cipher Key: k = no. between 0 and 25. Encryption: encode the ith letter as the (i+k) th letter. (working mod 26: z+1=a ) Decryption: decode the jth letter to the (j-k) th letter. S E N D R E I N F O R C E M E N T Plain-text: Key: 2 Cipher-text: U G P F T F K P H Q T E G O G P V Problem: only 26 possibilities for key – can be broken in short time. In other words: “security through obscurity” does not work. Kerchoff’s Principle (1883): System should be secure even if algorithms are known, as long as key is secret.
  • 13. 13 Example 2: Substitution Cipher Key: k = table mapping each letter to another letter A B C Z U R B E Encryption and decryption: letter by letter according to table. # of possible keys: 26! ( = 403,291,461,126,605,635,584,000,000 ) However – substitution cipher is still insecure! Key observation: can recover plaintext using statistics on letter frequencies. LIVITCSWPIYVEWHEVSRIQMXLEYVEOIEWHRXEXIPFEMVEWHKVSTYLX ZIXLIKIIXPIJVSZEYPERRGERIMWQLMGLMXQERIWGPSRIHMXQEREKI He e e e h e t t ht ethe eet e e h h t e e t e I – most common letter LI – most common pair XLI – most common triple Here e r e h e t t r r ht ethe eet e r e h h t e e t e I=e L=h X=t Here e ra a e ha a ea tat a ra r ht ethe eet e r a a e h h t a e e t a a e V=r E=a Y=g HereUpOnLeGrandAroseWithAGraveAndStatelyAirAndBrought MeTheBeetleFromAGlassCaseInWhichItWasEnclosedItWasABe
  • 14. 14 Example 3- Vigenere “Multi-Caesar Cipher” – A statefull cipher Key: k = (k1,k2,…,km) list of m numbers between 0 and 25 Encryption: 1st letter encoded as Caesar w/ key=k1 : i  I + k1 (mod 26) 2nd letter encoded as Caesar w/ key=k2 : i  I + k2 (mod 26) mth letter encoded as Caesar w/ key=km : i  I + km (mod 26) m+1th letter encoded as Caesar w/ key=k1 : i  I + k1 (mod 26) Decryption: In the natural way … Important Property: Can no longer break using letter frequencies alone. ‘e’ will be mapped to ‘e’+k1,‘e’+k2,…,‘e’+km according to location. nth letter encoded w/ key=k(n mod m) : i  I + k(n mod m) (mod 26) Considered “unbreakable” for 300 years (broken by Babbage, Kasiski 1850’s) (Belaso, 1553)
  • 15. 15 Example 3- Vigenere “Multi-Caesar Cipher” – A statefull cipher Key: k = (k1,k2,…,km) list of m numbers between 0 and 25 Encryption: Breaking Vigenere: nth letter encoded w/ key=k(n mod m) : i  I + k(n mod m) (mod 26) (Belaso, 1553) LIVITCSWPIYVEWHEVSRIQMXLEYVEOIEWHRXEXIPFEM VEWHKV Step 1: Guess the length of the key m Step 2: Group together positions {1, m+1, 2m+1, 3m+1,…} {m-1, 2m+m-1, 3m+m-1,…} Decryption: In the natural way … {2, m+2, 2m+2, 3m+2,…}
  • 16. 16 Example 3- Vigenere “Multi-Caesar Cipher” – A statefull cipher Key: k = (k1,k2,…,km) list of m numbers between 0 and 25 Encryption: Breaking Vigenere: nth letter encoded w/ key=k(n mod m) : i  i + k(n mod m) (mod 26) (Belaso, 1553) LIVITC SWPIYV EWHEVS RIQMXL EYVEOI EWHRXE XIPFEM VEWHKV Step 1: Guess the length of the key m Step 2: Group together positions 1, m+1, 2m+1, 3m+1,… Step 3: Frequency-analyze each group independently. Decryption: In the natural way {m-1, 2m+m-1, 3m+m-1,…} … {2, m+2, 2m+2, 3m+2,…}
  • 17. 17 Example 4 - The Enigma A mechanical statefull cipher. Roughly: composition of 3-5 substitution ciphers implemented by wiring. Wiring on rotors moving in different schedules, making cipher statefull Key: 1) Wiring of machine (changed infrequently) 2) Daily key from code books 3) New operator-chosen key for each message Tools used by Poles & British to break Enigma: 1) Mathematical analysis combined w/ mechanical computers 2) Captured machines and code-books 3) German operators negligence 4) Known plaintext attacks (greetings, weather reports) 5) Chosen plaintext attacks Used by Germany in WWII for top-secret communication.
  • 18. 18 Post 1970’s Crypto Two major developments: 1) Provably secure cryptography Encryptions w/ mathematical proof that are unbreakable* * Currently use conjectures/axioms, however defeated all cryptanalysis effort so far. 2) Cryptography beyond “secret writing” Public-key encryptions Digital signatures Zero-knowledge proofs Anonymous electronic elections Privacy-preserving data mining e-cash …
  • 19. 19 Review of Encryption Schemes Alice wants to send Bob a secret message.  Encryption algorithm: E  Decryption algorithm: D  Secret key: k To encrypt m, Alice sends c = E(m,k) to Bob. To decrypt c, Bob computes m’ = D(c,k). c = E(m,k) c m’ = D(c,k) Q: Can Bob send Alice the secret key over the net? A: Of course not!! Eve could decrypt c! Q: What if Bob could send Alice a “crippled key” useful only for encryption but no help for decryption
  • 20. 20 Public Key Cryptography [DH76,RSA77] Alice wants to send Bob a secret message.  Encryption algorithm: E  Decryption algorithm: D To encrypt m, Alice sends c = E(m,e) to Bob. To decrypt c, Bob computes m’ = D(c,d). c = E(m,e) c m’ = D(c,d)  Key: Bob chooses two keys:  Secret key d for decrypting messages.  Public key e for encrypting messages. choose d,e e Should be safe to send e “in the clear”!  A scheme is valid if m’=m  Intuitively, a scheme is secure if eavesdropper can not learn m from c. Even if Eve knows the key e!
  • 21. 21 Other Crypto Wonders Digital Signatures. Electronically sign documents in unforgeable way. Zero-knowledge proofs. Alice proves to Bob that she earns <$50K without Bob learning her income. Privacy-preserving data mining. Bob holds DB. Alice gets answer to one query, without Bob knowing what she asked. Playing poker over the net. Alice, Bob, Carol and David can play poker over the net without trusting each other or any central server. Distributed systems. Distribute sensitive data to 7 servers s.t. as long as <3 are broken, no harm to security occurs. Electronic auctions. Can run auctions s.t. no one (even not seller) learns anything other than winning party and bid.
  • 22. 22 Cryptography & Security Prev slides: Have provably secure algorithm for every crypto task imaginable. Q: How come nothing is secure? A1: Not all of these are used or used correctly:  Strange tendency to use “home-brewed” cryptosystems.  Combining secure primitives in insecure way  Strict efficiency requirements for crypto/security:  Many provably secure algs not efficient enough  The cost is visible but benefit invisible.  Easy to get implementation wrong – many subtleties  Compatibility issues, legacy systems,  Misunderstanding properties of crypto components.
  • 23. 23 Cryptography & Security Prev slides: Have provably secure algorithm for every crypto task imaginable. Q: How come nothing is secure? A2: Cryptography is only part of designing secure systems  Chain is only as strong as weakest link.  A “dormant bug” is often a security hole.  Security is hard to “modularize”  Human element (hard to add to existing system, changes in system features can have unexpected consequences)  Many subtle issues (e.g., caching & virtual memory, side channel attacks)  Key storage and protection issues.

Notas do Editor

  1. 1-32 to print, choose File-Page Setup-Landscape, View-Header and Footer, Print-Properties-Long Side and Color, and deselect Grayscale