初九

Cryptography

2023/07/15 Cryptography 共 3803 字,约 11 分钟
call me JC

Cryptography(By Dan Boneh)

lecture1: introduction

introduce to cryptography

image-20230715213745833

image-20230715213919022

Secure multi-party computation:

image-20230715215423902

image-20230715215452739

Outsourcing computation:

image-20230715215641415

Zero knowledge:

image-20230715215823862

Three steps in cryptography:

image-20230715220155064

history of symmetric cipher:

Symmetric ciphers:

image-20230715220518758

1 Substitution cipher:

image-20230715220649320

e.g. Caesar Cipher:

image-20230715220750313

how to break:

image-20230715221245373

2 Vigener cipher:

image-20230715221422148

how to break:

  • know the key length:

    image-20230715221632397

  • not know the key length:

    assume key = 1,2,3, …, n

3 Rotor Machines:

image-20230715221918488

image-20230715222059923

4 Data Encryption Standard:

image-20230715222300215

Discrete Probability:

Probability distribution:

image-20230715222840442

Events:

image-20230715223159848

The union bound:

image-20230715223415810

Random Variables:

image-20230715223752050

The uniform random variable:

image-20230715224021218

Randomized algorithms:

image-20230715224350155

Independence:

image-20230715224907694

An important property of XOR:

image-20230715225503721

The birthday paradox:

image-20230715225646181

\[1.2\times\sqrt {365} \approx 24\]
Cipher definition:

image-20230716091441330

image-20230716091521495

Lecture2: Stream Ciphers

1 The One Time Pad:

image-20230716091911880

image-20230716091947346

Information Theoretic Security:(Shannon 1949) (Perfect secrecy)

image-20230716092331448

image-20230716093338539

Stream Ciphers:

image-20230716095513738

image-20230716095624976

PRG must be unpredicable:

image-20230716100229954

image-20230716095950107

image-20230716100301456

Negligible and Non-negligible:

image-20230716100947608

e.g.

image-20230716101101759

Attack on OTP and stream cipher
Attack1: two time pad(used twice):

image-20230716101525579

image-20230716104903038

Attack2: no integrity(OTP is malleable)

image-20230716105325937

2 RC4:

image-20230716105846040

3 CSS:

image-20230716110055696

image-20230716110843248

4 eStream:

image-20230716111045820

image-20230716111551127

image-20230716111657780

PRG Security Def.

image-20230716112111343

Statistical tests:

image-20230716112409443

image-20230716112610963

Advantage:

image-20230716114202728

e.g.

image-20230716114445225

Secure PRGs: crypto def.

image-20230716114730360

unpredictable:

image-20230716114936340

image-20230716115412254

image-20230716115551858

Computationally indistinguishable:

image-20230716120421893

Sematic security:

image-20230716161033394

image-20230716161057781

image-20230716161106093

e.g.

image-20230716161423620

e.g.

image-20230716161839093

Stream ciphers are semantically secure:

image-20230716162148393

image-20230716162435001

image-20230716162520913

image-20230716162553370

image-20230716162752119

image-20230716163154132

Lecture3: Block ciphers

introduction to block ciphers:

image-20230716174719285

image-20230716174906587

image-20230716174935068

PRF:

image-20230716175306246

PRP:

image-20230716175323457

image-20230716175444591

Secure PRFs:

image-20230716175739626

image-20230716175945475

image-20230717165043126

Secure PRP:

image-20230717165151704

PRF => PRG

image-20230716180411587

DES(The data encryption standard)

image-20230717143132359

Feistel Network:

image-20230717143350232

image-20230717143515519

image-20230717143644756

image-20230717143909063

image-20230717144109588

image-20230717144356474

image-20230717145012332

Security of DES:

Exhaustive Search for block cipher key:

image-20230717152335842

image-20230717152601976

DES challenge:

image-20230717152829674

image-20230717152906937

image-20230717153102728

image-20230717153954979

More attack:
1 side channel attacks:

image-20230717160014176

2 Fault attack:

image-20230717160157286

(make sure correctness before output ciphertext)

3 Linear and differential attacks:

image-20230717160505913

image-20230717160749053

4 Quantum attacks:

image-20230717161127798

image-20230717161302496

AES:

Substitution-Permutation network:

image-20230717161702451

image-20230717161835492

image-20230717161948230

image-20230717162022119

image-20230717162128224

image-20230717162254290

image-20230717162648821

Attacks to AES:

image-20230717163236348

more block ciphers:

PRF from PRG:

image-20230717163844204

image-20230717164340824

PRP from PRF:

image-20230717164455375

Lecture4: using block ciphers

PRF Switching Lemma:

image-20230717165722835

One-time key

Incorrect use of a PRP:

image-20230717170255550

image-20230717170337498

image-20230717170544297

Many-time key:

Semantic Security for many-time key:

image-20230717171142187

image-20230717171507446

Ciphers insecure under CPA:

image-20230717171831246

image-20230717171937728

solution1: randomized encryption:

image-20230717172109605

solution2: Nonce-based Encryption:

image-20230717172513150

image-20230717172832267

image-20230717173220817

Modes of operation:

Cipher block chain(CBC):

image-20230718093933366

image-20230718094023906

image-20230718094251883

image-20230718094743353

CBC’: nonce-based CBC

image-20230718102911736

CBC technicality: padding:

image-20230718103324015

Randize counter mode:

image-20230718105201872

nonce ctr-mode:

image-20230718105337591

image-20230718105447691

image-20230718105729838

image-20230718105856621

Lecture5: Message integrity:

MACs(Message Authentication Code):

image-20230718110427021

Security:

image-20230718110850459

image-20230718111428450

Mac based on PRFs:

image-20230718112647930

Security:

image-20230718112753515

image-20230718113052236

image-20230718130121407

CBC-MAC(ECBC, CMAC):

image-20230718130611268

Security:

image-20230718134609926

NMAC(Nested MAC):

image-20230718130825318

Security:

image-20230718135036035

image-20230718135747172

MAC Padding:

CMAC(NIST standard):

image-20230718142333577

A parallel MAC(PMAC):

image-20230718142705247

Security:

image-20230718142812488

One-time MAC:

image-20230718201211830

Carter-Wegman MAC(Many-time MAC):

image-20230718201420986

HMAC:

Collision resistance:

image-20230718202309847

image-20230718202519141

image-20230718202614774

Attack for Collision resistance:
Generic attack:

image-20230718203203466

The birthday paradox:

image-20230718203817600

The Merkle-Damgard iterated construction:

image-20230718204816154

(if no space for PB, add another block)

collision resistance:

image-20230718205706258

compression function from a block cipher:

image-20230718205957950

image-20230718210244959

HMAC construction:

image-20230718211149007

image-20230718211352315

image-20230718211317110

image-20230718211634388

Timing attack on MAC verification:

image-20230718211840001

image-20230718212100656

image-20230718212404269

image-20230718212605388

Lecture6: Authenticated Encryption:

Sample tampering attacks:

reading someone else’s data:

image-20230720095045279

image-20230720094945532

attack using network access:

image-20230720095413747

Definition of authenticated encryption:

goals:

image-20230720101501948

image-20230720101543414

ciphertext integrity:

image-20230720101739215

authenticated encryption:

image-20230720101828314

implication:

authenticity:

image-20230720102407605

against chosen ciphertext attack:
example of ciphertext attack:

image-20230720102616439

chosen ciphertext security:

image-20230720102713053

image-20230720102924382

image-20230720102944475

image-20230720103148561

authenticated encryption => CCA:

image-20230720103250281

image-20230720103557865

image-20230720103645295

Construct from ciphers and MACs:

Combing MAC and ENC(CCA):

image-20230720104533904

image-20230720104813544

image-20230720104936395

Standards:

image-20230720105347054

OCB: direct construction from a PRP:

image-20230720110531056

Performance:

image-20230720110738708

Case study:

TLS:

image-20230720111114525

image-20230720111505766

image-20230720132645239

Bugs in older versions:

image-20230720133016246

Attacks:

Padding attack:

image-20230720133935371

image-20230720134647239

solution:

image-20230720134730744

Attacking non-atomic decryption:

image-20230720135232130

image-20230720135524414

image-20230720135631321

leture7: Odds and ends

Key derivation:

one key to many key:

source key is uniform:

image-20230724131042899

source key is not uniform:

image-20230724131305064

image-20230724131634434

e.g.,

image-20230724131741404

image-20230724132207202

Deterministic encryption:

image-20230724135334094

image-20230724135459771

image-20230724135714855

image-20230724135957096

image-20230724140057303

image-20230724140749425

image-20230724141143186

Constructions:

Synthetic IV (SIV):

image-20230724141848881

image-20230724142046679

image-20230724142353162

Just use PRP:

image-20230724142929409

image-20230724143250259

image-20230724143343903

image-20230724143640911

Tweakable encryption:

image-20230724154926402

image-20230724155239965

image-20230724155552119

image-20230724155750430

trivial construction:

image-20230724160107081

XTS constraction:

image-20230724160506332

image-20230724160810901

Format preserving encryption:

image-20230724161344566

image-20230724161956191

image-20230724162222180

image-20230724162355627

lecture8: Key exchange

Key management:

image-20230724172109958

image-20230724172219176

image-20230724185810540

key exchange without online TTP:

Merkel puzzles:

image-20230724190707815

image-20230724190951772

image-20230724191228909

Diffie-Helloman protocol:

image-20230724192101766

image-20230724192222079

image-20230724193112602

image-20230724194003029

Public-key encryption:

image-20230724201732674

image-20230724201842893

image-20230724202059706

image-20230724202637122

Lecture9: Number Theory:

Notation:

image-20230724203233733

image-20230724204630831

image-20230724205734251

image-20230724210138582

GCD:

image-20230724203638532

Modular inversion:

image-20230724203830174

image-20230724204138382

Fermat’s theorem:

image-20230724205123101

image-20230724205430722

Euler’s generalization of Fermat:

image-20230724210636366

Modular e’th roots:

image-20230724210758641

image-20230724210928622

image-20230724211413158

Quadratic residue:

image-20230724211714010

image-20230724212031798

image-20230724212426557

image-20230724212518435

image-20230724212811803

Representing bignums:

image-20230724212946662

Arithmetic:

image-20230724213310288

Exponentiation:

image-20230724213657075

image-20230724214214566

Intractable problems:

discrete logarithm:

image-20230725100238606

image-20230725100658833

image-20230725101358880

image-20230725101708324

Lecture10: Public Key Encryption(RSA-based)

image-20230725102421072

image-20230725102544285

image-20230725103335255

image-20230725103553658

image-20230725103825201

Construction:

Trapdoor functions(TDF):

image-20230725104144323

image-20230725104402369

public-key encryption from TDFs

image-20230725104736463

Incorrect use:

image-20230725105117146

RSA trapdoor function:

image-20230725111223544

RSA assumption:

image-20230725111518502

RSA public-key encryption:

image-20230725111836564

Textbook RSA is insecure:

image-20230725111955734

image-20230725143147858

PKCS1:

image-20230725143801270

image-20230725144228780

image-20230725145250508

image-20230725145825485

image-20230725150219449

Is RSA a one-way permutation?

image-20230725151256826

image-20230725151632075

image-20230725152535566

RSA in practice:

image-20230725153747968

image-20230725154018091

image-20230725154515090

Lecture11: Public Key Encryption(Diffie-Hellman-based)

image-20230725194259532

ElGamal:

image-20230725194921121

image-20230725195059372

image-20230725195401182

Security:

image-20230725195850125

image-20230725200134703

image-20230725200811804

image-20230725201032565

image-20230725201119749

Variants of ElGamal:

image-20230725201500525

Twin ElGamal:

image-20230725201806948

A Unifying Theme:

One-way function:

image-20230725202704511

image-20230725203158877

image-20230725203344325

image-20230725203536945

文档信息

Search

    Table of Contents