seminar 2 intro to cryptography
play

Seminar 2: Intro to Cryptography Helger Lipmaa Helsinki University - PowerPoint PPT Presentation

Jan 21, 2023 •23 likes •273 views

T-79.514 Special Course on Cryptology Seminar 2: Intro to Cryptography Helger Lipmaa Helsinki University of Technology http://www.tcs.hut.fi/helger T-79.514 Special Course in Cryptology, 17.09.2003 Seminar 2: Intro to Cryptography, Helger

  1. T-79.514 Special Course on Cryptology Seminar 2: Intro to Cryptography Helger Lipmaa Helsinki University of Technology http://www.tcs.hut.fi/˜helger T-79.514 Special Course in Cryptology, 17.09.2003 Seminar 2: Intro to Cryptography, Helger Lipmaa 1

  2. Overview of This Talk • Cryptography for data-miners • Stress on PPDM, generality • Easy enough (?) for data-miners • Hopefully not completely boring for cryptographers T-79.514 Special Course in Cryptology, 17.09.2003 Seminar 2: Intro to Cryptography, Helger Lipmaa 2

  3. Introduction to the Area: Buzzwords Thanks to www.googlism.com! • Datamining is an automated process for discovering information in large data sets to be used in decision, datamining is alive and well on the internet, datamining is all about counting, datamining is per- fectly legal, datamining is using a database to gain more information about your business • Cryptography is related with the communication or computation involv- ing two or more parties who may not trust one another, cryptography is the most powerful single tool that users can use to secure the in- ternet, cryptography is outlawed, cryptography is the art of hiding the meaning of information T-79.514 Special Course in Cryptology, 17.09.2003 Seminar 2: Intro to Cryptography, Helger Lipmaa 3

  4. History of Cryptography: Dark Ages • Cryptography = art of concealing the meaning • First attempts: invention of the script ⋆ Often, only priests could read • Use in wars: Sparta, Caesar, middle ages • In WW2, success of Allies in cryptanalysis is often said to be a decisive factor in “quick” win T-79.514 Special Course in Cryptology, 17.09.2003 Seminar 2: Intro to Cryptography, Helger Lipmaa 4

  5. Next Step: Public Cryptography • In early 70s, the importance of cryptanalysis in WW2 was revealed • At the same time, a call for the first open competition for any kind of cryptographic primitive was published ⋆ In early 1977, IBM’s DES was chosen as the US governmental block cipher standard for nonclassified tasks • 1976: Diffie and Hellman published a seminal paper on public-key cryptography ⋆ 1997: PKC was invented about 5 years earlier in British secret service but never published T-79.514 Special Course in Cryptology, 17.09.2003 Seminar 2: Intro to Cryptography, Helger Lipmaa 5

  6. Modern Cryptography: Seventies, Eighties • 1979: Secret Sharing, 1979–1981: Chaum started to work on mix- nets, e-cash, e-voting, that is, in protocols • Eighties: Work on foundations. Definational approach: (a) define what do you want, (b) prove that this can be achieved in theory (“proba- bilistic polynomial-time”), (c) prove that nothing better can be achieved (i.e., that you cannot have cryptographic primitives that satisfy stricter security definitions). • Notable achievements: understanding and defining of basic security notions, zero-knowledge (one of the most amazing results in theoreti- cal computer science, and may be also in mathematics, during the last 25 years), multi-party computation. T-79.514 Special Course in Cryptology, 17.09.2003 Seminar 2: Intro to Cryptography, Helger Lipmaa 6

  7. Modern Cryptography: End of eighties • Cryptographers had a firm understanding of what is possible in theory. • Published example protocols were usually proofs of concepts, not meant to be applied. • Cryptography was firmly based on reductions: ⋆ Prove that if A is secure then B is secure; or if B can be broken then A can also be broken. • Makes it possible to construct complicated protocols, assuming only that (say) one-way or trapdoor functions exist, factoring or discrete log- arithm is hard. T-79.514 Special Course in Cryptology, 17.09.2003 Seminar 2: Intro to Cryptography, Helger Lipmaa 7

  8. Postmodern Cryptography: Nineties, 2000+ • Exact reductions: If B can be broken in time t with probability ε then A can be broken in time, close to t , with probability, close to ε . • Efficiency: minimize the resources, needed to execute the protocols. • Holy grail: construct efficient protocols that have exact reductions to minimal primitives. T-79.514 Special Course in Cryptology, 17.09.2003 Seminar 2: Intro to Cryptography, Helger Lipmaa 8

  9. Hypermodern Cryptography: Now • Efficient protocols for many real-life problems are known. • For other problems, it can be sometimes shown that no efficient solu- tions exist. • Fundamental problems, again: a lot of cryptography would collapse if P = NP , or even if P � = NP but one-way functions do not exist. Many protocols would collapse if one could factor efficiently. • Thus, cryptography has solid foundations under the assumptions like factoring is hard . T-79.514 Special Course in Cryptology, 17.09.2003 Seminar 2: Intro to Cryptography, Helger Lipmaa 9

  10. Do Cryptographers Dream of Quantum Computers? • 1994: Shor showed that factoring and discrete logarithm can be solved efficiently on a quantum computer • Fortunately (?), it is not known whether one can actually build a quan- tum computer. (Do the laws of physics allow it?) • But even so, it is fundamentally difficult to prove anything about hard- ness of algorithms! T-79.514 Special Course in Cryptology, 17.09.2003 Seminar 2: Intro to Cryptography, Helger Lipmaa 10

  11. Resource Bounded Unprovability of Computational Lower Bounds Tatsuaki Okamoto and Ryo Kashima Abstract. This paper shows that no polynomial-time Turing machine can produce a proof (based on a reasonable theory including Peano Arithmetic) of a super-polynomial- time lower bound of an NP (or more generally, PSPACE) problem. In other words, no polynomial-time Turing machine can produce a proof of “P � = NP”. Therefore, to prove “P � = NP” (by any technique and any reasonable theory) requires super-polynomial-time computational power . This result is a kind of generalization of the result of ‘Natural Proofs” by Razborov and Rudich, who showed that to prove “P � = NP” by a class of techniques called “Natural” implies computational power that can break a typical cryptographic prim- itive, a pseudo-random generator. This result also implies that there is no (finite-size) formal proof for “P � = NP” in any reasonable theory. This is considered to be a generaliza- tion of the result by Baker, Gill and Solovay, who showed that there is no relativizable proof for “P � = NP”. Based on this result, we show that the security of any computational crypto- graphic scheme is unprovable in the standard setting of modern cryptography, where an adversary is modeled as a polynomial-time Turing machine. eprint archive, http://eprint.iacr.org/2003/187/, received 9 Sep 2003 T-79.514 Special Course in Cryptology, 17.09.2003 Seminar 2: Intro to Cryptography, Helger Lipmaa 11

  12. Back to Multi-Party Computation • Main result for us: all efficiently computable functions can also com- puted securely • Assume there are n participants, and the i th participant has input x i . Assume f is a function f ( x 1 , . . . , x n ) = ( y 1 , . . . , y n ) . • There is a way ( multi-party computation ) to compute f so that at the end of the protocol, the i th participant will get the know value of y i and nothing else, except what she could compute from ( x i , y i ) herself. T-79.514 Special Course in Cryptology, 17.09.2003 Seminar 2: Intro to Cryptography, Helger Lipmaa 12

  13. We Gotta Have Some Pictures Karl I Karl II Karl III f Karl n − 1 Karl n Assume f is any function. Karl’s can compute f so that (a) Security: Karl i obtains the output he wanted to obtain, (b) Privacy: Karl i will not obtain any new information that cannot be computed from his input and output alone. T-79.514 Special Course in Cryptology, 17.09.2003 Seminar 2: Intro to Cryptography, Helger Lipmaa 13

  14. Applications: Millionaire’s Problem • Alice and Bob want to know, who is richer, without revealing their pri- vate inputs. • Denote their inputs as x A and x B . • Security: Alice and Bob get to know the value of the predicate y A , y B := [ cmp ( x A , x B )] . • Privacy: Alice will not get any new information that she cannot com- pute from x A and y A . Ditto for Bob. T-79.514 Special Course in Cryptology, 17.09.2003 Seminar 2: Intro to Cryptography, Helger Lipmaa 14

  15. Applications: Voting • n voters, one tallier. • Voter i has input v i , her vote. • Security: Tallier gets to know y T := � n i =1 v i . • Privacy: Tallier will not get any information that cannot be computed from y T alone. Voters will not get any new information at all. T-79.514 Special Course in Cryptology, 17.09.2003 Seminar 2: Intro to Cryptography, Helger Lipmaa 15

  16. Applications: Data-mining • Assume you have some data-mining algorithm A , that based on a database µ = ( µ 1 , . . . , µ n ) , says something interesting about it, A ( µ ) . • Many different different settings, two of them are: 1. Alice is a client who makes a query, Bob owns the whole database. 2. Parts of database (“vertical” or “horizontal”) sharing are owned by different parties, who want to discover something about the joint of their databases. • All settings have their natural security and privacy definitions. T-79.514 Special Course in Cryptology, 17.09.2003 Seminar 2: Intro to Cryptography, Helger Lipmaa 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cryptography Intro and RSA Well, a gentle intro to cryptography, followed by a description of

Cryptography Intro and RSA Well, a gentle intro to cryptography, followed by a description of

Cryptography Intro and RSA Well, a gentle intro to cryptography, followed by a description of public key crypto and RSA. Fall 2018 CS 222: Discrete Structures 1 Definition Cryptology is the study of secret writing Concerned with

681 views • 54 slides
Cryptography Well, a gentle intro to cryptography. Actually, a fairly hand-wavy intro to

Cryptography Well, a gentle intro to cryptography. Actually, a fairly hand-wavy intro to

Cryptography Well, a gentle intro to cryptography. Actually, a fairly hand-wavy intro to crypto (well discuss why) Fall 2018 CS 334: Computer Security 1 Special Thanks: to our friends at the Australian Defense Force Academy for

1.2k views • 51 slides
Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY Plaintext Cyphertext More definitions block cipher stream cipher hash function shared key public key digital signature

383 views • 16 slides
Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1 Special Thanks: to our friends at the Australian Defense Force Academy for providing the basis for these slides Fall 2014 CS 334: Computer Security 2

730 views • 47 slides
Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1 Special Thanks: to our friends at the Australian Defense Force Academy for providing the basis for these slides Fall 2010 CS 334: Computer Security 2

626 views • 43 slides
Intro to Cryptography and Cryptocurrencies Cryptographic Hash Functions Hash Pointers and

Intro to Cryptography and Cryptocurrencies Cryptographic Hash Functions Hash Pointers and

Cryptocurrency Technologies Cryptography and Cryptocurrencies Intro to Cryptography and Cryptocurrencies Cryptographic Hash Functions Hash Pointers and Data Structures Block Chains Merkle Trees Digital Signatures Public

489 views • 27 slides
Elliptic curves and cryptography Jan Willemson September 2019 Intro: some ancient cryptography

Elliptic curves and cryptography Jan Willemson September 2019 Intro: some ancient cryptography

Elliptic curves and cryptography Jan Willemson September 2019 Intro: some ancient cryptography 2 September 2019 Diffie-Hellman key exchange Prime p , g Z p g a g b a Z b Z ( g b ) a = ( g a ) b 3 September 2019 Security of

748 views • 62 slides
Public Key Infrastructure PKI Michael Maass and Blase Ur 1 Outline Intro to cryptography

Public Key Infrastructure PKI Michael Maass and Blase Ur 1 Outline Intro to cryptography

Public Key Infrastructure PKI Michael Maass and Blase Ur 1 Outline Intro to cryptography Intro to PKI / Davis reading Current issues Gaw reading PKI in the enterprise Discussion 2 Introduction to Encryption We want

731 views • 47 slides
GPG Intro What is GPG? GPG, or GNU Privacy Guard, is a public key cryptography

GPG Intro What is GPG? GPG, or GNU Privacy Guard, is a public key cryptography

GPG Intro What is GPG? GPG, or GNU Privacy Guard, is a public key cryptography implementation. (Conforms to PGP and RFC 4880, not really just an alternative) Best used mostly for email encryption Uses Hybrid Encryption Install

531 views • 12 slides
Cryptography: Definitions and Terms C etin Kaya Ko c koc@cs.ucsb.edu (

Cryptography: Definitions and Terms C etin Kaya Ko c koc@cs.ucsb.edu (

Cryptography Definitions and Terms Cryptography: Definitions and Terms C etin Kaya Ko c koc@cs.ucsb.edu ( http://cs.ucsb.edu/~koc ) intro to crypto lect01a intro 1 / 14 Cryptography Definitions and Terms Terminology - Old & New

460 views • 14 slides
Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary

Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary

Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary Introduction Stream & Block Ciphers Block Ciphers Modes (ECB,CBC,OFB) Advanced Encryption Standard (AES) Message

243 views • 20 slides
HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography & http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect

273 views • 24 slides
Software$Security$ (finish) $ & $ Cryptography $(brief$intro) $ Spring'2016' '

Software$Security$ (finish) $ & $ Cryptography $(brief$intro) $ Spring'2016' '

CSE$484$/$CSE$M$584:$$Computer$Security$and$Privacy$ $ Software$Security$ (finish) $ & $ Cryptography $(brief$intro) $ Spring'2016' ' Franziska'(Franzi)'Roesner'' franzi@cs.washington.edu'

419 views • 29 slides
Software Security Continued + Cryptography Intro Autumn 2018 Tadayoshi (Yoshi) Kohno

Software Security Continued + Cryptography Intro Autumn 2018 Tadayoshi (Yoshi) Kohno

CSE 484 / CSE M 584: Computer Security and Privacy Software Security Continued + Cryptography Intro Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.Washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli,

445 views • 22 slides
Cryptography Intro CS642: Computer Security Professor Ristenpart

Cryptography Intro CS642: Computer Security Professor Ristenpart

Cryptography Intro CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University of Wisconsin CS 642

519 views • 36 slides
Cryptography Intro CS642: Computer Security Professor Ristenpart

Cryptography Intro CS642: Computer Security Professor Ristenpart

Cryptography Intro CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University of Wisconsin CS 642

820 views • 35 slides
MARKETING FOR ENTREPRENEURS LECTURE 1 COURSE INTRODUCTION WHY ? The Timing is Right .... India

MARKETING FOR ENTREPRENEURS LECTURE 1 COURSE INTRODUCTION WHY ? The Timing is Right .... India

MARKETING FOR ENTREPRENEURS LECTURE 1 COURSE INTRODUCTION WHY ? The Timing is Right .... India is worlds third biggest tech start -up hub according to a report by Assocham in association with Thought Arbitrage Research Institute In the

863 views • 61 slides
.NET 2015 and ASP .NET 5 Peter Himschoot peter@u2u.be Agenda What and Why Understanding

.NET 2015 and ASP .NET 5 Peter Himschoot peter@u2u.be Agenda What and Why Understanding

6/9/2015 Microsoft and Apple Training .NET 2015 and ASP .NET 5 Peter Himschoot peter@u2u.be Agenda What and Why Understanding .NET 2015: .NET 4.6 versus .NET Core 5 Supporting multiple runtimes Frameworks and Runtimes The

182 views • 15 slides
Big Data, An Introduction prof. dr Arno Siebes Algorithmic Data Analysis Group Department of

Big Data, An Introduction prof. dr Arno Siebes Algorithmic Data Analysis Group Department of

Big Data, An Introduction prof. dr Arno Siebes Algorithmic Data Analysis Group Department of Information and Computing Sciences Universiteit Utrecht Outline Today we introduce two topics Big Data what does it mean, how did it come to

740 views • 53 slides
Building NREN service for a WireFree world Maurice van den Akker Team Manager WireFree SURFnet

Building NREN service for a WireFree world Maurice van den Akker Team Manager WireFree SURFnet

Building NREN service for a WireFree world Maurice van den Akker Team Manager WireFree SURFnet Todays items Excellent WireFree: the new goal for NRENs Building a Wi-Fi/4G/eduroam service together with telcos: MoLAN

408 views • 18 slides
Scalability of web applications CSCI 470: Web Science Keith Vertanen Overview Scalability

Scalability of web applications CSCI 470: Web Science Keith Vertanen Overview Scalability

Scalability of web applications CSCI 470: Web Science Keith Vertanen Overview Scalability questions What's important in order to build scalable web sites? High availability vs. load balancing Approaches to scaling

600 views • 26 slides
Diffusion in Networks Luchon Summer School, 2015 Panayiotis Tsaparas University of Ioannina,

Diffusion in Networks Luchon Summer School, 2015 Panayiotis Tsaparas University of Ioannina,

Diffusion in Networks Luchon Summer School, 2015 Panayiotis Tsaparas University of Ioannina, Greece Diffusion: the process by which a piece of information spreads and reaches individuals through interactions in a netowork. Why do we

1.58k views • 135 slides
Information Retrieval What is IR? Matching Models Overview Evaluation of Results

Information Retrieval What is IR? Matching Models Overview Evaluation of Results

Roadmap Information Retrieval What is IR? Matching Models Overview Evaluation of Results Digital Libraries vs. IR Bridging IR + Databases Vagelis Hristidis School of Computer Science Proximity Search in Databases [Goldman

344 views • 12 slides
Next Generation of Identity Aware Applications. Fulup Ar Foll Liberty Alliance Technical Expert

Next Generation of Identity Aware Applications. Fulup Ar Foll Liberty Alliance Technical Expert

Next Generation of Identity Aware Applications. Fulup Ar Foll Liberty Alliance Technical Expert Group Master Architect, Global Software Practice Sun Microsystems. Fulup.ArFoll@sun.com p 1 San Diego April 2007 e-Government Trend France :

605 views • 18 slides

More recommend