1 / 75

Security and Cryptography

Security and Cryptography. Portions stolen from Prof. Sahai (spring 2001). December 4, 2001. Administrivia. Homework assignment 7 due today Homework Assignment 8 due January 7,2002 Homework 9 Part a due next Tuesday Part b due next Thursday Part c due next Friday Lab 8 this week

feivel
Download Presentation

Security and Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security and Cryptography Portions stolen from Prof. Sahai (spring 2001) December 4, 2001

  2. Administrivia • Homework assignment 7 due today • Homework Assignment 8 due January 7,2002 • Homework 9 • Part a due next Tuesday • Part b due next Thursday • Part c due next Friday • Lab 8 this week • No lab next week • Guest lecturer(s) Thursday • Final Exam  CS  104  01/23/2002@8:30  AM

  3. Last Time • We saw examples of undecidable problems that computers can’t solve • We saw examples of search problems that we believe computers can’t solve quickly.

  4. “Easy” undecidable problems • Halting Problem • Post's Correspondence Problem (PCP)?

  5. Post's Correspondence Problem (PCP)? • An instance of Post's correspondence problem of size s is a finite set of pairs of strings (gi , hi) ( i = 1...s s>=1) over some alphabet . A solution is a sequence i1 i2 ... in of selections such that the strings gi1gi2 ... gin and hi1hi2 ... hin formed by concatenation are identical.

  6. Sample PCP • g1 = aba h1 = abaa • g2 = bbab h2 = abab • g3 = baaa h3 = a • g4 = a h4 = bb • So, 1,3,1,2 would correspond to • aba baaa aba bbab from g’s • abaa a abaa abab from h’s (not a match)

  7. Sample PCP (cont.) • g1 = aba h1 = abaa • g2 = bbab h2 = abab • g3 = baaa h3 = a • g4 = a h4 = bb • 1,4,2,1,3 • aba a bbab aba baaa • abaa bb abab abaa a

  8. PCP is undecidable • Post's correspondence problem shown to be undecidable by Post in 1946. • The problem with size 2 has been proved decidable. • The problem with size 7 has been proved undecidable. • The decidablility of problems with size between 3 and 6 is still pending.

  9. Last Time – hard search problems • We saw examples of search problems that we believe computers can’t solve quickly. • A search problem is a problem where • Is hard to find solution • Is easy to check possible solution • A complete search problem is as hard as any search problem • Search problem is believed to be hard because • We can’t solve it • No one else can • No one can solve any of the complete search problems

  10. Classes of search problems • In computer-science terminology: • NP = All Search Problems • P = Problems we can solve quickly • We believe that P  NP, i.e. not every search problem can be solved quickly on a computer. • Search problem is NP but not P are used in situations where we want a problem that is • Hard to solve • Easy to check a solution.

  11. Coloring

  12. Coloring (cont.) • We can build a computer as a coloring problem • Build simulations of gates • NOT, AND, OR • Combine simulations to build circuit for, e.g. Carry-ripple adder • Result • Here is a graph, • Color a few circles to mark inputs • Find a valid coloring of all circles • Read off values of output circles to get result

  13. Coloring (cont.) • Coloring is complete • In particular, we can reduce solving any search problem to finding a valid coloring for some collection of circles! • So, if we could solve Coloring quickly, then P = NP • That’s why we believe Coloring can’t be solved quickly by any computer. • We call such problems NP-Complete.

  14. NP-complete problems • Coloring • Traveling Salesman Problem • Knapsack problem • Partition Problem

  15. Knapsack problem • We are given a set of items each having a weight measured by an integer • We are given a capacity for the knapsack • We ask if we can exactly pack the knapsack

  16. Sample Knapsack problem • Item weights 2,4,9,13,17,23,32,70,123,157 • Capacity is 228 • Packing 157 + 32 + 17 + 13 + 9 • Capacity is 226 • Packing (there are none)

  17. Partition problem • We are given a set of items each having a weight measured by an integer • We are asked if we can divide the items into 2 groups that have the same total weights. • Like a knapsack problem • Weight is half of total weight

  18. Sample Partition problem • Item weights 2,4,9,13,17,23,32,70,123,157 • Total weight is 450 • Packing 123 + 70 + 32 = 225 • Packing 157 + 23 + 17 + 13 + 9 + 4 + 2 = 225 • Why is this different from the PCP?

  19. Other Hard Problems? • There are other problems besides NP-Complete Problems that we also believe are hard. • Can we be sure? • No. • But humanity has been trying to solve certain mathematical problems for centuries. • So. it seems reasonable to assume that nobody will figure out how to solve them soon.

  20. Cryptography • Why do we care so much about hard problems? • Because sometimes we want to make things hard. • Protecting Privacy, Authenticity • Want to make it hard for adversaries to: • Steal our credit cards • Impersonate us • Etc. • Makes it possible for companies to protect intellectual property.

  21. Cryptography • Science of making things hard for adversaries = Cryptography • Dates back to Julius Caeser • Caesar cipher – shift each character by a few places • "UHWXUA WR URPH" encodes “RETURN TO ROME“ • Used extensively during WW 2 (and every other war) • Used to encode passwords • Used to prevent copying of software and data (e.g. DVD).

  22. Requirements of a cryptosystem • Easy to encode messages • Hard to decode messages

  23. One Approach... It’s so complicated! It must be secure! Cryptosystem XYZ (Patent Pending)

  24. Cryptosystem XYZ Broken 2 Days After Release! One Approach...

  25. One Approach... • Unfortunately, this approach is often used in real life. • This is one of the reasons why you hear about so many security systems being broken! • Examples: DVD encryption (DeCSS), Cell phones in Europe (GSM), encoding of fonts by Adobe, many many more

  26. More sophisticated approach • Use the theory of hard search problemsand the notion of reducing one problem to another. • Show that if you break this security system, you do so by solving some of the world’s greatest unsolved problems first!

  27. Encryption • The most basic problem in Cryptography is Encryption: Private Message m Bob Alice

  28. Encryption • The most basic problem in Cryptography is Encryption: Private Message m Bob Alice Eve the eavesdropper

  29. Encryption • The most basic problem in Cryptography is Encryption: Encrypted Message E(m) Bob Alice Eve the eavesdropper

  30. Encryption • Have to make it easy for Bob to recover m • But hard for Eve to learn anything about m Encrypted Message E(m) Bob Alice Eve the eavesdropper

  31. Public-Key Cryptography[Diffie-Hellman 1976] Bob’s Public Key Bob’sSecret Key Bob • Everybody knows Bob’s published Public Key. • Only Bob knows his secret key.

  32. Public-Key Encryption Encrypted Message E(m) Bob Alice • Alice uses Bob’s public key to encrypt m. • Bob uses his secret key to recover (decrypt) m.

  33. Public-Key Encryption Encrypted Message E(m) Bob Alice Eve the eavesdropper • Alice and Eve both know Bob’s public key. • Eve must not be able to “break” the encryption even though she knows the public key.

  34. Basic Math Review • Let’s recall some basic mathematics: • A number p is called prime if its only factors are 1 and itself. • Examples:

  35. Basic Math Review • Let’s recall some basic mathematics: • A number p is called prime if its only factors are 1 and itself. • Examples: 2, 3, 5, 7, 11, 13, 17, 19, …

  36. Basic Math Review • Let’s recall some basic mathematics: • A number p is called prime if its only factors are 1 and itself. • Examples: 2, 3, 5, 7, 11, 13, 17, 19, … • There are lots of prime numbers. • Fact: It is known how to check quickly if a number is prime or not. • So, to find a big prime number, we can just keep generating large random numbers until we find a prime.

  37. Basic Math Review • Given two primes p and q, it is easy to multiply them together: N = pq • But given N, how do you find p and q quickly?i.e. how do you factor N? • Easy for small numbers (e.g. 6 or 35). • For centuries, mathematicians have been trying to find ways to factor large numbers quickly. No one knows how! • Factoring a 10,000 digit N would take centuries on the fastest computer in existence!

  38. How do we know factoring is hard? • Problem has a long history • Prizes are offered and have been for a long time • Factoring progress happens slowly

  39. Factoring RSA-130 (4/10/96) • RSA-130 = 1807082088687404805951656164405905566278102516769401349170127021450056662540244048387341127590812303371781887966563182013214880557 = 39685999459597454290161126162883786067576449112810064832555157243 * 45534498646735972188403686897274408864356301263205069600999044599 • Moore’s Law would add a digit or 2 every year.

  40. Basic Math & Crypto • We want to make it so that if Eve the eavesdropper breaks our system, she would have to factor a very large number. • We’ll (almost) do that.

  41. Modular Arithmetic • Ordinary Arithmetic: … -4 -3 -2 -1 0 1 2 3 4 …

  42. Modular Arithmetic • Ordinary Arithmetic: • Arithmetic Modulo N: … -4 -3 -2 -1 0 1 2 3 4 … N = 0 1 (N – 1) 2 (N – 2) (N – 3) 3 …

  43. Modular Arithmetic • Example: Arithmetic Modulo 12 (like Arithmetic on time) • 3 + 11 (Modulo 12) = • 2 – 4 (Modulo 12) = • 5 * 4 (Modulo 12) = • 4 * 3 (Modulo 12) =

  44. Modular Arithmetic • Example: Arithmetic Modulo 12 (like Arithmetic on time) • 3 + 11 (Modulo 12) = 2 • 2 – 4 (Modulo 12) = • 5 * 4 (Modulo 12) = • 4 * 3 (Modulo 12) =

  45. Modular Arithmetic • Example: Arithmetic Modulo 12 (like Arithmetic on time) • 3 + 11 (Modulo 12) = 2 • 2 – 4 (Modulo 12) = 10 • 5 * 4 (Modulo 12) = • 4 * 3 (Modulo 12) =

  46. Modular Arithmetic • Example: Arithmetic Modulo 12 (like Arithmetic on time) • 3 + 11 (Modulo 12) = 2 • 2 – 4 (Modulo 12) = 10 • 5 * 4 (Modulo 12) = 8 • 4 * 3 (Modulo 12) =

  47. Modular Arithmetic • Example: Arithmetic Modulo 12 (like Arithmetic on time) • 3 + 11 (Modulo 12) = 2 • 2 – 4 (Modulo 12) = 10 • 5 * 4 (Modulo 12) = 8 • 4 * 3 (Modulo 12) = 0

  48. The RSA Encryption Scheme [Rivest Shamir Adleman 1978] • Bob picks two large primes p and q, and computes: N = pq • Fact: Because Bob knows p and q, he can pick numbers e and d such that: • For all m: (me)d= m (Modulo N) • Bob’s Public Key will be e, N • Bob’s secret key will be d

  49. The RSA Encryption Scheme • Fact: Because Bob knows p and q, he can pick numbers e and d such that: • For all m: (me)d= m (Modulo N) • To Encrypt a message m, Alice computes: • E(m) = me(Modulo N)

  50. The RSA Encryption Scheme • Fact: Because Bob knows p and q, he can pick numbers e and d such that: • For all m: (me)d= m (Modulo N) • To Encrypt a message m, Alice computes: • E(m) = me(Modulo N) • To Decrypt, Bob computes: • m = E(m)d (Modulo N)

More Related