Course Overview Dan Boneh Welcome Course objectives: Learn how - - PowerPoint PPT Presentation

course overview
SMART_READER_LITE
LIVE PREVIEW

Course Overview Dan Boneh Welcome Course objectives: Learn how - - PowerPoint PPT Presentation

Mar 12, 2023 443 likes •967 views

Online Cryptography Course Dan Boneh Introduction Course Overview Dan Boneh Welcome Course objectives: Learn how crypto primitives work Learn how to use them correctly and reason about security My

slide-1
SLIDE 1

Dan Boneh

Introduction

Course Overview

Online Cryptography Course Dan Boneh

slide-2
SLIDE 2

Dan Boneh

Welcome

Course objectives:

  • Learn how crypto primitives work
  • Learn how to use them correctly and reason about security

My recommendations:

  • Take notes
  • Pause video frequently to think about the material
  • Answer the in-video questions
slide-3
SLIDE 3

Dan Boneh

Cryptography is everywhere

Secure communication:

– web traffic: HTTPS – wireless traffic: 802.11i WPA2 (and WEP), GSM, Bluetooth

Encrypting files on disk: EFS, TrueCrypt Content protection (e.g. DVD, Blu-ray): CSS, AACS User authentication … and much much more

slide-4
SLIDE 4

Dan Boneh

Secure communication

no eavesdropping no tampering

slide-5
SLIDE 5

Dan Boneh

Secure Sockets Layer / TLS

Two main parts

  • 1. Handshake Protocol: Establish shared secret key

using public-key cryptography (2nd part of course)

  • 2. Record Layer: Transmit data using shared secret key

Ensure confidentiality and integrity (1st part of course)

slide-6
SLIDE 6

Dan Boneh

Protected files on disk

Disk File 1 File 2 Alice Alice No eavesdropping No tampering

Analogous to secure communication: Alice today sends a message to Alice tomorrow

slide-7
SLIDE 7

Dan Boneh

Building block: sym. encryption

E, D: cipher k: secret key (e.g. 128 bits) m, c: plaintext, ciphertext Encryption algorithm is publicly known

  • Never use a proprietary cipher

Alice E m E(k,m)=c Bob D c D(k,c)=m k k

slide-8
SLIDE 8

Dan Boneh

Use Cases

Single use key: (one time key)

  • Key is only used to encrypt one message
  • encrypted email: new key generated for every email

Multi use key: (many time key)

  • Key used to encrypt multiple messages
  • encrypted files: same key used to encrypt many files
  • Need more machinery than for one-time key
slide-9
SLIDE 9

Dan Boneh

Things to remember

Cryptography is: – A tremendous tool – The basis for many security mechanisms Cryptography is not: – The solution to all security problems – Reliable unless implemented and used properly – Something you should try to invent yourself

  • many many examples of broken ad-hoc designs
slide-10
SLIDE 10

Dan Boneh

End of Segment

slide-11
SLIDE 11

Dan Boneh

Introduction What is cryptography?

Online Cryptography Course Dan Boneh

slide-12
SLIDE 12

Dan Boneh

Crypto core

Secret key establishment: Secure communication:

attacker???

k k

confidentiality and integrity

m1 m2

Alice Bob Talking to Alice Talking to Bob

slide-13
SLIDE 13

Dan Boneh

But crypto can do much more

  • Digital signatures
  • Anonymous communication

Alice signature Alice

Who did I just talk to? Bob

slide-14
SLIDE 14

Dan Boneh

Alice

But crypto can do much more

  • Digital signatures
  • Anonymous communication
  • Anonymous digital cash

– Can I spend a “digital coin” without anyone knowing who I am? – How to prevent double spending?

Who was that?

Internet

1$

(anon. comm.)

slide-15
SLIDE 15

Dan Boneh

Protocols

  • Elections
  • Private auctions
slide-16
SLIDE 16

Dan Boneh

Protocols

  • Elections
  • Private auctions
  • Secure multi-party computation

Goal: compute f(x1, x2, x3, x4) “Thm:” anything that can done with trusted auth. can also be done without

trusted authority

slide-17
SLIDE 17

Dan Boneh

Crypto magic

  • Privately outsourcing computation
  • Zero knowledge (proof of knowledge)

Alice search query

What did she search for?

results I know the factors of N !! proof π

???

E[ query ] E[ results ]

Alice

N=p∙q

Bob

N

slide-18
SLIDE 18

Dan Boneh

A rigorous science

The three steps in cryptography:

  • Precisely specify threat model
  • Propose a construction
  • Prove that breaking construction under

threat mode will solve an underlying hard problem

slide-19
SLIDE 19

Dan Boneh

End of Segment

slide-20
SLIDE 20

Dan Boneh

Introduction

History

Online Cryptography Course Dan Boneh

slide-21
SLIDE 21

Dan Boneh

History

David Kahn, “The code breakers” (1996)

slide-22
SLIDE 22

Dan Boneh

Symmetric Ciphers

slide-23
SLIDE 23

Dan Boneh

Few Historic Examples (all badly broken)

  • 1. Substitution cipher

k :=

slide-24
SLIDE 24

Dan Boneh

Caesar Cipher (no key)

slide-25
SLIDE 25

Dan Boneh

What is the size of key space in the substitution cipher assuming 26 letters?

slide-26
SLIDE 26

Dan Boneh

How to break a substitution cipher?

What is the most common letter in English text? “X” “L” “E” “H”

slide-27
SLIDE 27

Dan Boneh

How to break a substitution cipher?

(1) Use frequency of English letters (2) Use frequency of pairs of letters (digrams)

slide-28
SLIDE 28

Dan Boneh

An Example

UKBYBIPOUZBCUFEEBORUKBYBHOBBRFESPVKBWFOFERVNBCVBZPRUBOFERVNBCVBPCYYFVUFO FEIKNWFRFIKJNUPWRFIPOUNVNIPUBRNCUKBEFWWFDNCHXCYBOHOPYXPUBNCUBOYNRVNIWN CPOJIOFHOPZRVFZIXUBORJRUBZRBCHNCBBONCHRJZSFWNVRJRUBZRPCYZPUKBZPUNVPWPCYVF ZIXUPUNFCPWRVNBCVBRPYYNUNFCPWWJUKBYBIPOUZBCUIPOUNVNIPUBRNCHOPYXPUBNCUB OYNRVNIWNCPOJIOFHOPZRNCRVNBCUNENVVFZIXUNCHPCYVFZIXUPUNFCPWZPUKBZPUNVR

B 36 N 34 U 33 P 32 C 26  E  T  A NC 11 PU 10 UB 10 UN 9  IN  AT UKB 6 RVN 6 FZI 4  THE digrams trigrams

slide-29
SLIDE 29

Dan Boneh

  • 2. Vigener cipher (16’th century, Rome)

k = C R Y P T O C R Y P T O m = W H A T A N I C E D A Y T O D A Y C R Y P T

(+ mod 26)

c = Z Z Z J U C L U D T U N W G C Q S

suppose most common = “H” first letter of key = “H” – “E” = “C”

slide-30
SLIDE 30

Dan Boneh

  • 3. Rotor Machines (1870-1943)

Early example: the Hebern machine (single rotor)

A B C . . X Y Z K S T . . R N E E K S T . . R N N E K S T . . R key

slide-31
SLIDE 31

Dan Boneh

Rotor Machines (cont.)

Most famous: the Enigma (3-5 rotors) # keys = 264 = 218 (actually 236 due to plugboard)

slide-32
SLIDE 32

Dan Boneh

  • 4. Data Encryption Standard (1974)

DES: # keys = 256 , block size = 64 bits Today: AES (2001), Salsa20 (2008) (and many others)

slide-33
SLIDE 33

Dan Boneh

End of Segment

slide-34
SLIDE 34

Dan Boneh

Introduction

Discrete Probability (crash course, cont.)

Online Cryptography Course Dan Boneh

See also: http://en.wikibooks.org/High_School_Mathematics_Extensions/Discrete_Probability

slide-35
SLIDE 35

Dan Boneh

U: finite set (e.g. U = {0,1}n ) Def: Probability distribution P over U is a function P: U ⟶ [0,1] such that Σ P(x) = 1 Examples:

  • 1. Uniform distribution:

for all x∈U: P(x) = 1/|U|

  • 2. Point distribution at x0: P(x0) = 1, ∀x≠x0: P(x) = 0

Distribution vector: ( P(000), P(001), P(010), … , P(111) )

x∈U

slide-36
SLIDE 36

Dan Boneh

Events

  • For a set A ⊆ U: Pr[A] = Σ P(x) ∈ [0,1]
  • The set A is called an event

Example: U = {0,1}8

  • A = { all x in U such that lsb2(x)=11 } ⊆ U

for the uniform distribution on {0,1}8 : Pr[A] = 1/4

x∈A

note: Pr[U]=1

slide-37
SLIDE 37

Dan Boneh

The union bound

  • For events A1 and A2

Pr[ A1 ∪ A2 ] ≤ Pr[A1] + Pr[A2] Example:

A1 = { all x in {0,1}n s.t lsb2(x)=11 } ; A2 = { all x in {0,1}n s.t. msb2(x)=11 }

Pr[ lsb2(x)=11 or msb2(x)=11 ] = Pr[A1∪A2] ≤ ¼+¼ = ½

A1 A2

slide-38
SLIDE 38

Dan Boneh

Random Variables

Def: a random variable X is a function X:U⟶V Example: X: {0,1}n ⟶ {0,1} ; X(y) = lsb(y) ∈{0,1} For the uniform distribution on U: Pr[ X=0 ] = 1/2 , Pr[ X=1 ] = 1/2 More generally:

  • rand. var. X induces a distribution on V: Pr[ X=v ] := Pr[ X-1(v) ]

lsb=1 1 lsb=0 U V

slide-39
SLIDE 39

Dan Boneh

The uniform random variable

Let U be some set, e.g. U = {0,1}n We write r ⟵ U to denote a uniform random variable over U for all a∈U: Pr[ r = a ] = 1/|U| ( formally, r is the identity function: r(x)=x for all x∈U )

R

slide-40
SLIDE 40

Dan Boneh

Let r be a uniform random variable on {0,1}2 Define the random variable X = r1 + r2 Then Pr[X=2] = ¼ Hint: Pr[X=2] = Pr[ r=11 ]

slide-41
SLIDE 41

Dan Boneh

Randomized algorithms

  • Deterministic algorithm: y ⟵ A(m)
  • Randomized algorithm

y ⟵ A( m ; r ) where r ⟵ {0,1}n

  • utput is a random variable

y ⟵ A( m ) Example: A(m ; k) = E(k, m) , y ⟵ A( m )

A(m) m inputs

  • utputs

A(m) m

R R R

slide-42
SLIDE 42

Dan Boneh

End of Segment

slide-43
SLIDE 43

Dan Boneh

Introduction

Discrete Probability (crash course, cont.)

Online Cryptography Course Dan Boneh

See also: http://en.wikibooks.org/High_School_Mathematics_Extensions/Discrete_Probability

slide-44
SLIDE 44

Dan Boneh

Recap

U: finite set (e.g. U = {0,1}n )

  • Prob. distr. P over U is a function P: U ⟶ [0,1] s.t. Σ P(x) = 1

A ⊆ U is called an event and Pr[A] = Σ P(x) ∈ [0,1] A random variable is a function X:U⟶V . X takes values in V and defines a distribution on V

x∈U x∈A

slide-45
SLIDE 45

Dan Boneh

Independence

Def: events A and B are independent if Pr[ A and B ] = Pr*A+ ∙ Pr[B] random variables X,Y taking values in V are independent if ∀a,b∈V: Pr[ X=a and Y=b] = Pr[X=a] ∙ Pr[Y=b] Example: U = {0,1}2 = {00, 01, 10, 11} and r ⟵ U Define r.v. X and Y as: X = lsb(r) , Y = msb(r) Pr[ X=0 and Y=0 ] = Pr[ r=00 ] = ¼ = Pr[X=0] ∙ Pr[Y=0]

R

slide-46
SLIDE 46

Dan Boneh

Review: XOR

XOR of two strings in {0,1}n is their bit-wise addition mod 2

0 1 1 0 1 1 1 1 0 1 1 0 1 0 ⊕

slide-47
SLIDE 47

Dan Boneh

An important property of XOR

Thm: Y a rand. var. over {0,1}n , X an indep. uniform var. on {0,1}n Then Z := Y⨁X is uniform var. on {0,1}n Proof: (for n=1) Pr[ Z=0 ] =

slide-48
SLIDE 48

Dan Boneh

The birthday paradox

Let r1, …, rn ∈ U be indep. identically distributed random vars. Thm: when n= 1.2 × |U|1/2 then Pr[ ∃i≠j: ri = rj ] ≥ ½ Example: Let U = {0,1}128 After sampling about 264 random messages from U, some two sampled messages will likely be the same

notation: |U| is the size of U

slide-49
SLIDE 49

Dan Boneh

|U|=106

# samples n collision probability

slide-50
SLIDE 50

Dan Boneh

End of Segment