Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Introduction to Cryptography
Jiyou Lilijiyou at sjtu.edu.cn
Department of Mathematics, Shanghai Jiao Tong University
Sep. 17th, 2013
Cryptography
Cryptography: the art and science of keeping messagesecure.
Confidentiality;Authentication;Integrity;Nonrepudiation; Electronic payment; Anonymity; Electronicvotes; Zero-knowledge...
Cryptography
Cryptography: the art and science of keeping messagesecure.Confidentiality;
Authentication;Integrity;Nonrepudiation; Electronic payment; Anonymity; Electronicvotes; Zero-knowledge...
Cryptography
Cryptography: the art and science of keeping messagesecure.Confidentiality;Authentication;
Integrity;Nonrepudiation; Electronic payment; Anonymity; Electronicvotes; Zero-knowledge...
Cryptography
Cryptography: the art and science of keeping messagesecure.Confidentiality;Authentication;Integrity;
Nonrepudiation; Electronic payment; Anonymity; Electronicvotes; Zero-knowledge...
Cryptography
Cryptography: the art and science of keeping messagesecure.Confidentiality;Authentication;Integrity;Nonrepudiation; Electronic payment; Anonymity; Electronicvotes; Zero-knowledge...
The Origins of Cryptography
Diplomacy: Zimmerman telegram;
War: Enigma machine, Purple;Individual or corporate privacy;Electronic Commerce...
The Origins of Cryptography
Diplomacy: Zimmerman telegram;War: Enigma machine, Purple;
Individual or corporate privacy;Electronic Commerce...
The Origins of Cryptography
Diplomacy: Zimmerman telegram;War: Enigma machine, Purple;Individual or corporate privacy;
Electronic Commerce...
The Origins of Cryptography
Diplomacy: Zimmerman telegram;War: Enigma machine, Purple;Individual or corporate privacy;Electronic Commerce...
Enigma
Cryptanalysis
Cryptanalysis: the art and science of breaking cipher systems,recovering the plaintext of a message without access to the key.Attack: a attempted cryptanalysis is called an attack.
The n2 Problem;The Kerckhoffs Principle;The Moore Law;The Murphy Law.
Cryptanalysis
Cryptanalysis: the art and science of breaking cipher systems,recovering the plaintext of a message without access to the key.Attack: a attempted cryptanalysis is called an attack.
The n2 Problem;
The Kerckhoffs Principle;The Moore Law;The Murphy Law.
Cryptanalysis
Cryptanalysis: the art and science of breaking cipher systems,recovering the plaintext of a message without access to the key.Attack: a attempted cryptanalysis is called an attack.
The n2 Problem;The Kerckhoffs Principle;
The Moore Law;The Murphy Law.
Cryptanalysis
Cryptanalysis: the art and science of breaking cipher systems,recovering the plaintext of a message without access to the key.Attack: a attempted cryptanalysis is called an attack.
The n2 Problem;The Kerckhoffs Principle;The Moore Law;
The Murphy Law.
Cryptanalysis
Cryptanalysis: the art and science of breaking cipher systems,recovering the plaintext of a message without access to the key.Attack: a attempted cryptanalysis is called an attack.
The n2 Problem;The Kerckhoffs Principle;The Moore Law;The Murphy Law.
Cryptanalytic Attacks
Ciphertext-only attack;
Known plaintext attack ;Chosen plaintext attack;Chosen ciphertext attack.
Cryptanalytic Attacks
Ciphertext-only attack;Known plaintext attack ;
Chosen plaintext attack;Chosen ciphertext attack.
Cryptanalytic Attacks
Ciphertext-only attack;Known plaintext attack ;Chosen plaintext attack;
Chosen ciphertext attack.
Cryptanalytic Attacks
Ciphertext-only attack;Known plaintext attack ;Chosen plaintext attack;Chosen ciphertext attack.
Some Cryptographic Protocols
Bits Commitment;
Key Exchange;Secret Sharing Scheme;Digital Signatures;Cloud Computing Security...
Some Cryptographic Protocols
Bits Commitment;Key Exchange;
Secret Sharing Scheme;Digital Signatures;Cloud Computing Security...
Some Cryptographic Protocols
Bits Commitment;Key Exchange;Secret Sharing Scheme;
Digital Signatures;Cloud Computing Security...
Some Cryptographic Protocols
Bits Commitment;Key Exchange;Secret Sharing Scheme;Digital Signatures;
Cloud Computing Security...
Some Cryptographic Protocols
Bits Commitment;Key Exchange;Secret Sharing Scheme;Digital Signatures;Cloud Computing Security...
A Cryprtographic Communication Model
Encryption: A key
Ciphertext
Plaintext
Channel Ciphertext
Decryption: A key
Plaintext
&%'$Eve!
��
��
BB
BB
The History of Cryptography
1. B.C.?-1949: Classical Cryptography (Substitutions andpermutations);2. 1949-1976: Symmetric Cryptography (Block Dipher andStream Cipher, based on Shannon’s Theorem);3. 1976-present: Modern Cryptography (Public-Key andasymmetric...).
Caesar Cipher
ABCDEFGHIJKLMNOPQRSTUVWXYZKey = 3DEFGHIJKLMNOPQRSTUVWXYZABCPlaintext: JIAOTONGUNIVERSITYEncryption: Shift by KEY = 3Ciphertext: MLDRWRQJXQLYHUVLWBDecryption: Shift backwards by KEY = 3
Vigenere Cipher
Plaintext: thi sis adu mmy mes sag eKey: ABC ABC ABC ABC ABC ABC ACiphertext: TIK SJU AEW MNA MFU SBI EDecryption: "Subtract0the key ABC from ciphertext mod 26.
Vernam Ciphers
Plaintext: MATHISUSEFULANDFUNKey: NGUJKAMOCTLNYBCIAZEncryption: /Add0key to message mod 26Ciphertext: BGO,..Decryption: /Subtract0key from ciphertext mod 26.
Permutation Cipher
Example: Plaintext: JIAOTO NGUNIV ERSITYEncryption: Group action by KEY =(135246)Ciphertext: OTJIAO VINGUN YTERSIDecryption: Inverse action by KEY =(164253)
Hebern machine
Enigma: invented by Arthur Scherbius
Rotors
Reflector
Plugboard
Electrical pathway
Electrical pathway
Mathematics in Enigma
E(xi) = P ◦ Ri1 ◦ Mi2 ◦ Li3 ◦ U ◦ L−1i3
◦ M−1i2
◦ R−1i1
◦ P−1(xi),
where P, R, M, L, U ∈ S26, Ri1 = ρ−i ◦ R ◦ ρi and U is aconvolution.
Bomber
A Cipher
1. A plaintext space M, a ciphertext space C and a key space K;2. A key generation algorithm;3. An encryption algorithm E;4. A decryption algorithm D.
Do we have unconditionally secure encryption?
TheoremPerfect secrecy is equivalent to H(M|C) = H(M) and to thestatistic independence between M and C.
Theorem (Shannon, 1949)Perfect secrecy implies H(K ) ≥ H(M).
One-Time Pads: Vernam Ciphers
Plaintext: MATHISUSEFULANDFUNKey: NGUJKAMOCTLNYBCIAZEncryption: /Add0key to message mod 26Ciphertext: BGO,..Decryption: /Subtract0key from ciphertext mod 26.
One-Time Pads
One-Time Pads is unconditionally secure;
Problem: Exchanging the key;There are some clever ways to exchange the key; we willstudy some of them!
One-Time Pads
One-Time Pads is unconditionally secure;Problem: Exchanging the key;
There are some clever ways to exchange the key; we willstudy some of them!
One-Time Pads
One-Time Pads is unconditionally secure;Problem: Exchanging the key;There are some clever ways to exchange the key; we willstudy some of them!
Stream Ciphers
1. Making OTP practical;2. Idea: replace "random" key by "pseudorandom" key;3. The security depend on specific pseudorandom generators.
Public-Key Cryptography (1976-)
Discovered by Diffie & Hellman (1976) and now known atGCHQ years before;Uses one-way (asymmetric) functions, public keys, and privatekeys;Mainly based on two hard problems: Factoring large integersand the discrete logarithm problem.
Coding Theory and Cryptography
Cryptography needs reliability�
Mathematics in Cryptography
Linear AlgebraAbstract AlgebraNumber TheoryAlgebraic GeometryProbabilityStatisticsCombinatoricsComputing...
References
1. A classical introduction to modern cryptography, S.Vaudenay, Springer, 2005.2. �èÆ�Ú,¾�I��½�Í,�ÆÑ��, 1999.
Exercises
4. Suppose the one time pad encryption of the message"attackatdawn" is "wxtygcjmxenf". What is the one time padencryption of the message "attackatdusk" under the same key?5. Let M = C = K = {0, 1, . . . , 63} and consider the followingcipher (M, C, K) defined by:
E(k , x) = x + k mod 64.
Does this cipher have perfect secrecy?