CMSC 456 Introduction to Cryptography Jonathan Katz
Download
Report
Transcript CMSC 456 Introduction to Cryptography Jonathan Katz
CMSC 456
Introduction to Cryptography
Jonathan Katz
Overview of exam
The exam is cumulative
– More emphasis on material covered in the second half
of the semester
Focus on understanding and application, less on
being clever
Please read instructions, and describe attacks or
constructions clearly and unambiguously
Chapter 1
Historical private-key encryption schemes
– Why did we talk about these?
Modern cryptography
– Definitions
– Assumptions
– Proofs
Chapter 2
Perfect secrecy
The one-time pad
Limitations of perfect secrecy
– Key as long as the message
– Key can only be used once
• No security against chosen-plaintext attacks
– Need pre-shared key!
Chapter 3a
Computational security
Private-key encryption
Definitions:
– Indistinguishability in the presence of an eavesdropper
– Multiple-message indistinguishability
– CPA-security
– CCA-security
Chapter 3b
Primitives
– Pseudorandom generators
– Pseudorandom functions (block ciphers)
• AES, 3DES, (DES)
Encryption schemes
– “Pseudo one-time pad”
– Deterministic encryption?
– Basic CPA-secure encryption scheme
– Modes of encryption
Chapter 4a
Message authentication codes, defining security
Collision-resistant hash functions
– SHA-1
– Birthday attacks (other applications?)
Constructions
– Basic construction for short messages
– HMAC
– CBC-MAC
Chapter 4b
Privacy + message authentication, CCA-security
– Encrypt-then-authenticate
– Why are the other alternatives problematic?
Chapter 5
Definition of pseudorandomness…
– Concrete security requirements
Substitution-permutation networks
– Attacks on reduced-round SPNs
– AES
Feistel networks
– Attacks on reduced-round Feistel networks
– DES
Increasing key length
– 3DES
– Meet-in-the-middle attacks
Chapter 7
Modular arithmetic, group theory, cyclic groups,
generators
ZN, Z*N, (N)
Generating random primes
Factoring assumption, RSA assumption, discrete
logarithm assumption, Diffie-Hellman
assumptions
One-way functions, examples
Chapter 9
What are the limitations of private-key crypto?
Why did we bother studying private-key crypto at
all?
Key exchange
– Definition of security
– Diffie-Hellman key exchange
Chapter 10a
Public-key encryption
Definitions
– Indistinguishability = CPA-security
– Deterministic encryption?
– CCA-security
• Why important
Hybrid encryption
Chapter 10b
RSA encryption
– Textbook RSA
• Why is it insecure?
– Padded RSA
El Gamal encryption
– What assumption is it based on?
Chapter 12a
Digital signatures
– Advantages relative to MACs?
Definition of security
RSA signatures
– Textbook RSA
• Why is it insecure?
– Hashed RSA
Chapter 12b
Hash-and-sign
1-time signatures, Lamport’s scheme
PKI, certificates
The real world
Pseudorandom functions (block ciphers)
– AES, 3DES
Collision-resistant hash function
– SHA-1, others (NIST competition)
Private-key encryption
– E.g., CBC mode, others for CPA-security
– Encrypt-then-authenticate for CCA-security
Message authentication codes
– HMAC, CBC-MAC, others
The real world
Key exchange
– (Authenticated) Diffie-Hellman
Public-key encryption
– (Variants of) padded RSA
– El Gamal encryption
– CCA-secure schemes
Signature schemes
– (Variants of) hashed RSA
– DSS (we did not cover)