Cryptography Lecture 1 Welcome Crypto is amazing Can

  • Slides: 40
Download presentation
Cryptography Lecture 1

Cryptography Lecture 1

Welcome! • Crypto is amazing! – Can do things that seem impossible… • Crypto

Welcome! • Crypto is amazing! – Can do things that seem impossible… • Crypto is important and pervasive – It impacts each of us every day • Crypto is fun! – Deep theory – Attackers’ mindset, fun assignments

Necessary administrative stuff • Course webpage – http: //www. cs. umd. edu/~jkatz/crypto/s 19 –

Necessary administrative stuff • Course webpage – http: //www. cs. umd. edu/~jkatz/crypto/s 19 – Prerequisites/information posted there – Syllabus/readings posted there • Midterm already scheduled – Slides posted there – HWs posted there (and on Canvas) – Announcements posted there

Necessary administrative stuff • Canvas – HWs will be posted on webpage and Canvas

Necessary administrative stuff • Canvas – HWs will be posted on webpage and Canvas – Use Canvas to submit HWs electronically • Can type solutions using latex (preferred) • Can also scan handwritten solutions • Can also use Word • Piazza – Useful for discussions/questions – Piazza is better than email if others will have the same question, or if other students can help answer

TAs • • • Erica Blum Makana Castillo-Martin Elijah Grubb Corbin Mc. Neill Ben

TAs • • • Erica Blum Makana Castillo-Martin Elijah Grubb Corbin Mc. Neill Ben Sela • Office hours listed on webpage – May change as semester progresses

This is a tough class • Mathematical prerequisites – Discrete math, probability, modular arithmetic

This is a tough class • Mathematical prerequisites – Discrete math, probability, modular arithmetic • Requires mathematical maturity – Definitions, theorems, proofs, abstraction

This is a tough class • CS prerequisites – Pseudocode/algorithms, big-O notation • Programming

This is a tough class • CS prerequisites – Pseudocode/algorithms, big-O notation • Programming assignments – Hard part should not be the programming, but the thought behind it – Some flexibility in choice of language, but will be required to read code I provide

Textbook • Required textbook: “Introduction to Modern Cryptography, 2 nd edition, ” Katz and

Textbook • Required textbook: “Introduction to Modern Cryptography, 2 nd edition, ” Katz and Lindell • Exams will be open book – Physical copies only

Tips for doing well • Expected to read relevant sections of textbook before class

Tips for doing well • Expected to read relevant sections of textbook before class – Lecture will move quickly; I expect questions and discussion – If you fall behind on the reading it will be hard to catch up! • Watch my videos on Coursera • “Clicker quizzes” given based on the reading (as well as throughout class) – 5% of the grade

This is a test • Are you able to use the clicker to respond?

This is a test • Are you able to use the clicker to respond? – A: Yes – B: No

HWs/exams • Expect HWs every 1. 5 -2 weeks – Optional HWs (ungraded) focusing

HWs/exams • Expect HWs every 1. 5 -2 weeks – Optional HWs (ungraded) focusing on theory • Solutions given – Graded HWs involving implementation • Meant to reinforce the abstract concepts • Meant to highlight practical applications • In-class midterm and final – Questions similar to optional HWs and in-class exercises; may also be based on programming assignments – Anything covered in class or listed in readings on syllabus is fair game

Laptops/electronics • No-laptop/no-electronics policy – Distracting to you – Distracting to others • If

Laptops/electronics • No-laptop/no-electronics policy – Distracting to you – Distracting to others • If you feel you need an exception to take notes, talk to me

How to reach me • Best way to contact me is by email: jkatz@cs.

How to reach me • Best way to contact me is by email: jkatz@cs. umd. edu • Please put “CMSC 456” in subject line • Please email me in advance if you plan to come to office hours

• Questions? • Please ask questions throughout!

• Questions? • Please ask questions throughout!

Course goals • Understand theoretical basis for realworld crypto • When you encounter crypto

Course goals • Understand theoretical basis for realworld crypto • When you encounter crypto in your career: – Understand the key terms – Understand the security guarantees needed/provided – Know how to use crypto – Understand what goes on “under the hood” • “Crypto mindset”

Course non-goals • Designing your own crypto schemes – This is hard! • Implementing

Course non-goals • Designing your own crypto schemes – This is hard! • Implementing crypto for real-world use – This is hard! • Course goal: realize when to consult an expert!

Cryptography (historically) “…the art of writing or solving codes…” • Historically, cryptography focused exclusively

Cryptography (historically) “…the art of writing or solving codes…” • Historically, cryptography focused exclusively on ensuring private communication between two parties sharing secret information in advance using “codes” (aka private-key encryption)

Modern cryptography • Much broader scope! – Data integrity, authentication, protocols, … – The

Modern cryptography • Much broader scope! – Data integrity, authentication, protocols, … – The public-key setting – Group communication – More-complicated trust models – Foundations (e. g. , number theory, quantumresistance) to systems (e. g. , electronic voting, blockchain, cryptocurrencies)

Modern cryptography Design, analysis, and implementation of mathematical techniques for securing information, systems, and

Modern cryptography Design, analysis, and implementation of mathematical techniques for securing information, systems, and distributed computations against adversarial attack

Cryptography (historically) “…the art of writing or solving codes…” • Historically, cryptography was an

Cryptography (historically) “…the art of writing or solving codes…” • Historically, cryptography was an art – Heuristic, unprincipled design and analysis – Schemes proposed, broken, repeat…

Modern cryptography • Cryptography is now much more of a science – Rigorous analysis,

Modern cryptography • Cryptography is now much more of a science – Rigorous analysis, firm foundations, deeper understanding, rich theory • The “crypto mindset” has permeated other areas of computer security – Threat modeling – Proofs of security

Cryptography (historically) • Used primarily for military/government applications, plus a few niche applications in

Cryptography (historically) • Used primarily for military/government applications, plus a few niche applications in industry (e. g. , banking)

Modern cryptography • Cryptography is ubiquitous! – Password-based authentication, password hashing – Secure credit-card

Modern cryptography • Cryptography is ubiquitous! – Password-based authentication, password hashing – Secure credit-card transactions over the internet – Encrypted Wi. Fi – Disk encryption – Digitally signed software updates – Bitcoin –…

Rough course outline Secrecy Integrity Private-key setting Private-key encryption Message authentication codes Public-key setting

Rough course outline Secrecy Integrity Private-key setting Private-key encryption Message authentication codes Public-key setting Public-key encryption Digital signatures • Building blocks – Pseudorandom (number) generators – Pseudorandom functions/block ciphers – Hash functions – Number theory

Classical Cryptography

Classical Cryptography

Motivation • Allows us to “ease into things…, ” introduce notation • Shows why

Motivation • Allows us to “ease into things…, ” introduce notation • Shows why unprincipled approaches are dangerous • Illustrates why things are more difficult than they may appear

Classical cryptography • Until the 1970 s, exclusively concerned with ensuring secrecy of communication

Classical cryptography • Until the 1970 s, exclusively concerned with ensuring secrecy of communication • I. e. , encryption

Classical cryptography • Until the 1970 s, relied exclusively on secret information (a key)

Classical cryptography • Until the 1970 s, relied exclusively on secret information (a key) shared in advance between the communicating parties Private-key cryptography – aka secret-key / shared-key / symmetric-key cryptography

Private-key encryption key ciphertext c k m c Enck(m) message/plaintext k m : =

Private-key encryption key ciphertext c k m c Enck(m) message/plaintext k m : = Deck(c) decryption encryption

Private-key encryption k c m c : = Enck(m) c c k m :

Private-key encryption k c m c : = Enck(m) c c k m : = Deck(c)

Private-key encryption • A private-key encryption scheme is defined by a message space M

Private-key encryption • A private-key encryption scheme is defined by a message space M and algorithms (Gen, Enc, Dec): – Gen (key-generation algorithm): outputs k K – Enc (encryption algorithm): takes key k and message m M as input; outputs ciphertext c c Enck(m) – Dec (decryption algorithm): takes key k and ciphertext c as input; outputs m or “error” m : = Deck(c) For all m M and k output by Gen, Deck(Enck(m)) = m

Kerckhoffs’s principle • The encryption scheme is not secret – The attacker knows the

Kerckhoffs’s principle • The encryption scheme is not secret – The attacker knows the encryption scheme – The only secret is the key – The key must be chosen at random; kept secret • Arguments in favor of this principle – Easier to keep key secret than algorithm – Easier to change key than to change algorithm – Standardization • Ease of deployment • Public scrutiny

The shift cipher • Consider encrypting English text • Associate ‘a’ with 0; ‘b’

The shift cipher • Consider encrypting English text • Associate ‘a’ with 0; ‘b’ with 1; …; ‘z’ with 25 • k K = {0, …, 25} • To encrypt using key k, shift every letter of the plaintext by k positions (with wraparound) helloworldz • Decryption just does the reverse cccccc jgnnqyqtnfb

Modular arithmetic • x = y mod N if and only if N divides

Modular arithmetic • x = y mod N if and only if N divides x-y • [x mod N] = the remainder when x is divided by N – I. e. , the unique value y {0, …, N-1} such that x = y mod N • 25 = 35 mod 10 • 25 ≠ [35 mod 10] • 5 = [35 mod 10]

The shift cipher, formally • M = {strings over lowercase English alphabet} • Gen:

The shift cipher, formally • M = {strings over lowercase English alphabet} • Gen: choose uniform k {0, …, 25} • Enck(m 1…mt): output c 1…ct, where ci : = [mi + k mod 26] • Deck(c 1…ct): output m 1…mt, where mi : = [ci - k mod 26] • Can verify that correctness holds…

Is the shift cipher secure? • No -- only 26 possible keys! – Given

Is the shift cipher secure? • No -- only 26 possible keys! – Given a ciphertext, try decrypting with every possible key – Only one possibility will “make sense” – (What assumptions are we making here? ) • Example of a “brute-force” or “exhaustivesearch” attack

Example • Ciphertext uryybjbeyq • Try every possible key… – tqxxaiadxp – spwwzhzcwo –…

Example • Ciphertext uryybjbeyq • Try every possible key… – tqxxaiadxp – spwwzhzcwo –… – helloworld

Byte-wise shift cipher • Work with an alphabet of bytes rather than (English, lowercase)

Byte-wise shift cipher • Work with an alphabet of bytes rather than (English, lowercase) letters – Works natively for arbitrary data! • Use XOR instead of modular addition – Essential properties still hold

Hexadecimal (base 16) Hex Bits (“nibble”) Decimal 0 0000 0 8 1000 8 1

Hexadecimal (base 16) Hex Bits (“nibble”) Decimal 0 0000 0 8 1000 8 1 0001 1 9 1001 9 2 0010 2 A 1010 10 3 0011 3 B 1011 11 4 0100 4 C 1100 12 5 0101 5 D 1101 13 6 0110 6 E 1110 14 7 0111 7 F 1111 15

Hexadecimal (base 16) • 0 x 10 – 0 x 10 = 16*1 +

Hexadecimal (base 16) • 0 x 10 – 0 x 10 = 16*1 + 0 = 16 – 0 x 10 = 0001 0000 • 0 x. AF – 0 x. AF = 16*A + F = 16*10 + 15 = 175 – 0 x. AF = 1010 1111