Introduction to Cryptography Vanessa VITSE Universit´ e Grenoble Alpes M1 Maths – MSIAM 2020 Vanessa VITSE (UGA) Introduction to Cryptography M1 Maths – MSIAM 2020 1 / 23
Introduction Lectures summary 7 sessions of 3h mix lectures and lab sessions in SageMath First concepts of cryptography, modular arithmetic and complexity (on slides) Prime numbers generation and primality testing Discrete logarithm as a primitive for public key cryptography Factorization and RSA Random Number Generators Error Correcting codes Vanessa VITSE (UGA) Introduction to Cryptography M1 Maths – MSIAM 2020 2 / 23
Introduction Lectures summary 7 sessions of 3h mix lectures and lab sessions in SageMath + 1 evaluated lab session (3h) + 1 final exam (3h) Bring your own laptop with sagemath/Jupyter already installed General instructions for installation at http://www.sagemath.org/download.html Notebook Jupyter for the interface https://jupyter.readthedocs.io/ If nothing works... https://sagecell.sagemath.org/ Vanessa VITSE (UGA) Introduction to Cryptography M1 Maths – MSIAM 2020 2 / 23
Introduction Lectures summary 7 sessions of 3h mix lectures and lab sessions in SageMath + 1 evaluated lab session (3h) + 1 final exam (3h) Bring your own laptop with sagemath/Jupyter already installed General instructions for installation at http://www.sagemath.org/download.html Notebook Jupyter for the interface https://jupyter.readthedocs.io/ If nothing works... https://sagecell.sagemath.org/ Lectures notes (in english) + slides + lab session subjects available at https://www-fourier.ujf-grenoble.fr/~viva/teaching.php Vanessa VITSE (UGA) Introduction to Cryptography M1 Maths – MSIAM 2020 2 / 23
First concepts in cryptography Section 1 First concepts in cryptography Vanessa VITSE (UGA) Introduction to Cryptography M1 Maths – MSIAM 2020 3 / 23
First concepts in cryptography Fundamental goals in crypto Alice and Bob want to exchange private information in presence of Eve (eavesdropper). They want: confidentiality of the private data transiting over non secure channels authenticity of these data, more precisely message integrity meaning that an attacker has no way of modifying the message without being noticed authentification of their interlocutor, i.e. they want to be sure of the identity of the person at the other end of the exchange Vanessa VITSE (UGA) Introduction to Cryptography M1 Maths – MSIAM 2020 4 / 23
First concepts in cryptography Fundamental goals in crypto Alice and Bob want to exchange private information in presence of Eve (eavesdropper). They want: confidentiality of the private data transiting over non secure channels authenticity of these data, more precisely message integrity meaning that an attacker has no way of modifying the message without being noticed authentification of their interlocutor, i.e. they want to be sure of the identity of the person at the other end of the exchange Tools public encryption/decryption protocols, secret key(s) to recover the sensitive data Vanessa VITSE (UGA) Introduction to Cryptography M1 Maths – MSIAM 2020 4 / 23
First concepts in cryptography Fundamental goals in crypto Alice and Bob want to exchange private information in presence of Eve (eavesdropper). They want: confidentiality of the private data transiting over non secure channels authenticity of these data, more precisely message integrity meaning that an attacker has no way of modifying the message without being noticed authentification of their interlocutor, i.e. they want to be sure of the identity of the person at the other end of the exchange Tools public encryption/decryption protocols, secret key(s) to recover the sensitive data security relies on the secret key Vanessa VITSE (UGA) Introduction to Cryptography M1 Maths – MSIAM 2020 4 / 23
First concepts in cryptography Symmetric cryptography Alice and Bob already share a common secret key Definition Symmetric cipher “ pair p E , D q of public algorithms such that E : p k , m q P K ˆ M � c P C D : p k , c q P K ˆ C ÞÑ m P M @ k P K , @ m P M , D p k , E p k , m qq “ m (correctness property) Vanessa VITSE (UGA) Introduction to Cryptography M1 Maths – MSIAM 2020 5 / 23
First concepts in cryptography Symmetric cryptography Alice and Bob already share a common secret key Definition Symmetric cipher “ pair p E , D q of public algorithms such that E : p k , m q P K ˆ M � c P C D : p k , c q P K ˆ C ÞÑ m P M @ k P K , @ m P M , D p k , E p k , m qq “ m (correctness property) usually M “ K “ C “ t 0 , 1 u n E can be non-deterministic , i.e. it can output different ciphertexts for a same input p k , m q D is deterministic, so realizes a math function security assumption: hard to recover m from c without knowing k Vanessa VITSE (UGA) Introduction to Cryptography M1 Maths – MSIAM 2020 5 / 23
First concepts in cryptography A classical example: the one-time-pad cipher One-time-pad M “ K “ C “ F n 2 (vector space over field of char 2) E p k , m q “ k ‘ m (XOR is addition without carry) D p k , c q “ k ‘ c Vanessa VITSE (UGA) Introduction to Cryptography M1 Maths – MSIAM 2020 6 / 23
First concepts in cryptography A classical example: the one-time-pad cipher One-time-pad M “ K “ C “ F n 2 (vector space over field of char 2) E p k , m q “ k ‘ m (XOR is addition without carry) D p k , c q “ k ‘ c Check correctness from properties of p F n 2 , ‘q : x ‘ y “ y ‘ x , x ‘p y ‘ z q “ p x ‘ y q‘ z , x ‘ 0 F n 2 “ x x ‘ x “ 0 F n and 2 . Vanessa VITSE (UGA) Introduction to Cryptography M1 Maths – MSIAM 2020 6 / 23
First concepts in cryptography Perfect secrecy One-time-pad algorithm is optimal: Perfect secrecy Let p E , D q be a cipher over p K , M , C q , K , M , C random variables such that M “ D p K , C q , K is uniformly distributed over K and K , M independent The cipher p E , D q is perfectly secure if for all p m , c q P M ˆ C , Pr r M “ m | C “ c s “ Pr r M “ m s . Vanessa VITSE (UGA) Introduction to Cryptography M1 Maths – MSIAM 2020 7 / 23
First concepts in cryptography Perfect secrecy One-time-pad algorithm is optimal: Perfect secrecy Let p E , D q be a cipher over p K , M , C q , K , M , C random variables such that M “ D p K , C q , K is uniformly distributed over K and K , M independent The cipher p E , D q is perfectly secure if for all p m , c q P M ˆ C , Pr r M “ m | C “ c s “ Pr r M “ m s . Otherwise said M (not uniformly distributed) and C are independent Ñ knowledge of c gives no information on m Vanessa VITSE (UGA) Introduction to Cryptography M1 Maths – MSIAM 2020 7 / 23
First concepts in cryptography Perfect secrecy One-time-pad algorithm is optimal: Perfect secrecy Let p E , D q be a cipher over p K , M , C q , K , M , C random variables such that M “ D p K , C q , K is uniformly distributed over K and K , M independent The cipher p E , D q is perfectly secure if for all p m , c q P M ˆ C , Pr r M “ m | C “ c s “ Pr r M “ m s . Otherwise said M (not uniformly distributed) and C are independent Ñ knowledge of c gives no information on m The one-time-pad cipher is perfectly secure (and the only one to be!) [proof on blackboard] Vanessa VITSE (UGA) Introduction to Cryptography M1 Maths – MSIAM 2020 7 / 23
First concepts in cryptography Perfect secrecy Shannon’s theorem If a cipher p E , D q defined over K , M , C is perfectly secure, then | K | ě | M | . [proof on blackboard] Vanessa VITSE (UGA) Introduction to Cryptography M1 Maths – MSIAM 2020 8 / 23
First concepts in cryptography Perfect secrecy Shannon’s theorem If a cipher p E , D q defined over K , M , C is perfectly secure, then | K | ě | M | . [proof on blackboard] Problem of key distribution and storage, keys as long as messages/ciphertexts weaker security requirements: recovering some info about m from c should be not computationally feasible with real world resources replace one-time-pad secret by a short seed s to produce random-looking sequence (PRNG) � stream cipher Vanessa VITSE (UGA) Introduction to Cryptography M1 Maths – MSIAM 2020 8 / 23
First concepts in cryptography Real life is more complicated! If not used correctly, one-time-pad becomes totally insecure! E.g. Bob uses twice the secret key to encrypt two different messages... The one-time-pad is malleable : an attacker can cause predictable changes on the plaintext E.g. Eve changes c “ E p k , m q to c 1 “ c ‘ δ , then Alice decrypts D p k , c 1 q “ m ‘ δ ... Vanessa VITSE (UGA) Introduction to Cryptography M1 Maths – MSIAM 2020 9 / 23
First concepts in cryptography Public key encryption Limits of symmetric crypto Alice and Bob need to share a secret key in the first place Vanessa VITSE (UGA) Introduction to Cryptography M1 Maths – MSIAM 2020 10 / 23
First concepts in cryptography Public key encryption Limits of symmetric crypto Alice and Bob need to share a secret key in the first place Idea of public-key crypto: reproduce the concept of classical mail boxes Public key schemes (1976-1977) Two keys needed: Alice’s public key (known to everybody) which is used to encrypt messages, Alice’s private key which is used to decrypt ciphertexts, and thus only known by Alice. These schemes rely on hard mathematic problems � complexity notions needed Vanessa VITSE (UGA) Introduction to Cryptography M1 Maths – MSIAM 2020 10 / 23
Recommend
More recommend