Transcript CMSC 456 Introduction to Cryptography Jonathan Katz

CMSC 456
Introduction to Cryptography
Jonathan Katz
Overview of exam
 The exam is cumulative
– More emphasis on material covered in the second half
of the semester
 Focus on understanding and application, less on
being clever
 Please read instructions, and describe attacks or
constructions clearly and unambiguously
Chapter 1
 Historical private-key encryption schemes
– Why did we talk about these?
 Modern cryptography
– Definitions
– Assumptions
– Proofs
Chapter 2
 Perfect secrecy
 The one-time pad
 Limitations of perfect secrecy
– Key as long as the message
– Key can only be used once
• No security against chosen-plaintext attacks
– Need pre-shared key!
Chapter 3a
 Computational security
 Private-key encryption
 Definitions:
– Indistinguishability in the presence of an eavesdropper
– Multiple-message indistinguishability
– CPA-security
– CCA-security
Chapter 3b
 Primitives
– Pseudorandom generators
– Pseudorandom functions (block ciphers)
• AES, 3DES, (DES)
 Encryption schemes
– “Pseudo one-time pad”
– Deterministic encryption?
– Basic CPA-secure encryption scheme
– Modes of encryption
Chapter 4a
 Message authentication codes, defining security
 Collision-resistant hash functions
– SHA-1
– Birthday attacks (other applications?)
 Constructions
– Basic construction for short messages
– HMAC
– CBC-MAC
Chapter 4b
 Privacy + message authentication, CCA-security
– Encrypt-then-authenticate
– Why are the other alternatives problematic?
Chapter 5
 Definition of pseudorandomness…
– Concrete security requirements
 Substitution-permutation networks
– Attacks on reduced-round SPNs
– AES
 Feistel networks
– Attacks on reduced-round Feistel networks
– DES
 Increasing key length
– 3DES
– Meet-in-the-middle attacks
Chapter 7
 Modular arithmetic, group theory, cyclic groups,
generators
 ZN, Z*N, (N)
 Generating random primes
 Factoring assumption, RSA assumption, discrete
logarithm assumption, Diffie-Hellman
assumptions
 One-way functions, examples
Chapter 9
 What are the limitations of private-key crypto?
 Why did we bother studying private-key crypto at
all?
 Key exchange
– Definition of security
– Diffie-Hellman key exchange
Chapter 10a
 Public-key encryption
 Definitions
– Indistinguishability = CPA-security
– Deterministic encryption?
– CCA-security
• Why important
 Hybrid encryption
Chapter 10b
 RSA encryption
– Textbook RSA
• Why is it insecure?
– Padded RSA
 El Gamal encryption
– What assumption is it based on?
Chapter 12a
 Digital signatures
– Advantages relative to MACs?
 Definition of security
 RSA signatures
– Textbook RSA
• Why is it insecure?
– Hashed RSA
Chapter 12b
 Hash-and-sign
 1-time signatures, Lamport’s scheme
 PKI, certificates
The real world
 Pseudorandom functions (block ciphers)
– AES, 3DES
 Collision-resistant hash function
– SHA-1, others (NIST competition)
 Private-key encryption
– E.g., CBC mode, others for CPA-security
– Encrypt-then-authenticate for CCA-security
 Message authentication codes
– HMAC, CBC-MAC, others
The real world
 Key exchange
– (Authenticated) Diffie-Hellman
 Public-key encryption
– (Variants of) padded RSA
– El Gamal encryption
– CCA-secure schemes
 Signature schemes
– (Variants of) hashed RSA
– DSS (we did not cover)