170 likes | 196 Views
CMSC 456 Introduction to Cryptography. Jonathan Katz. Overview of exam. The exam is cumulative More emphasis on material covered in the second half of the semester Focus on understanding and application, less on being clever
E N D
CMSC 456Introduction to Cryptography Jonathan Katz
Overview of exam • The exam is cumulative • More emphasis on material covered in the second half of the semester • Focus on understanding and application, less on being clever • Please read instructions, and describe attacks or constructions clearly and unambiguously
Chapter 1 • Historical private-key encryption schemes • Why did we talk about these? • Modern cryptography • Definitions • Assumptions • Proofs
Chapter 2 • Perfect secrecy • The one-time pad • Limitations of perfect secrecy • Key as long as the message • Key can only be used once • No security against chosen-plaintext attacks • Need pre-shared key!
Chapter 3a • Computational security • Private-key encryption • Definitions: • Indistinguishability in the presence of an eavesdropper • Multiple-message indistinguishability • CPA-security • CCA-security
Chapter 3b • Primitives • Pseudorandom generators • Pseudorandom functions (block ciphers) • AES, 3DES, (DES) • Encryption schemes • “Pseudo one-time pad” • Deterministic encryption? • Basic CPA-secure encryption scheme • Modes of encryption
Chapter 4a • Message authentication codes, defining security • Collision-resistant hash functions • SHA-1 • Birthday attacks (other applications?) • Constructions • Basic construction for short messages • HMAC • CBC-MAC
Chapter 4b • Privacy + message authentication, CCA-security • Encrypt-then-authenticate • Why are the other alternatives problematic?
Chapter 5 • Definition of pseudorandomness… • Concrete security requirements • Substitution-permutation networks • Attacks on reduced-round SPNs • AES • Feistel networks • Attacks on reduced-round Feistel networks • DES • Increasing key length • 3DES • Meet-in-the-middle attacks
Chapter 7 • Modular arithmetic, group theory, cyclic groups, generators • ZN, Z*N, (N) • Generating random primes • Factoring assumption, RSA assumption, discrete logarithm assumption, Diffie-Hellman assumptions • One-way functions, examples
Chapter 9 • What are the limitations of private-key crypto? • Why did we bother studying private-key crypto at all? • Key exchange • Definition of security • Diffie-Hellman key exchange
Chapter 10a • Public-key encryption • Definitions • Indistinguishability = CPA-security • Deterministic encryption? • CCA-security • Why important • Hybrid encryption
Chapter 10b • RSA encryption • Textbook RSA • Why is it insecure? • Padded RSA • El Gamal encryption • What assumption is it based on?
Chapter 12a • Digital signatures • Advantages relative to MACs? • Definition of security • RSA signatures • Textbook RSA • Why is it insecure? • Hashed RSA
Chapter 12b • Hash-and-sign • 1-time signatures, Lamport’s scheme • PKI, certificates
The real world • Pseudorandom functions (block ciphers) • AES, 3DES • Collision-resistant hash function • SHA-1, others (NIST competition) • Private-key encryption • E.g., CBC mode, others for CPA-security • Encrypt-then-authenticate for CCA-security • Message authentication codes • HMAC, CBC-MAC, others
The real world • Key exchange • (Authenticated) Diffie-Hellman • Public-key encryption • (Variants of) padded RSA • El Gamal encryption • CCA-secure schemes • Signature schemes • (Variants of) hashed RSA • DSS (we did not cover)