T-79.159 Cryptography and Data Security Introduction to Cryptography Helger Lipmaa Laboratory for Theoretical Computer Science Helsinki University of Technology helger@tcs.hut.fi http://www.tcs.hut.fi/˜helger T-79.159 Cryptography and Data Security, 15.01.2003 Introduction to Cryptography, Helger Lipmaa 1
Cryptography and Data Security / 2003 • Lecturer: Helger Lipmaa • Reception: by appointment • Lectures and recommended exercise sessions • Reference book: Network Security (Kaufman, Perlman, Speciner) • Course material: Slides • Newsgroup: opinnot.tik.salaus T-79.159 Cryptography and Data Security, 15.01.2003 Introduction to Cryptography, Helger Lipmaa 2
Goals • Introduction to cryptography and its methods • To give basic overview of existing primitives and protocols • To explain which tasks and how can be performed securely and which tasks can be not • To understand what it means for something to be secure • Hopefully: To develop basic cryptographic thinking T-79.159 Cryptography and Data Security, 15.01.2003 Introduction to Cryptography, Helger Lipmaa 3
What this course is (not) about? • Not about politics, coorporate security • Not about database security, intrusion detection — university has other courses for that • Is about cryptography, the mathematical part of cryptography • Is somewhat but not much about applications (PGP , . . . ) T-79.159 Cryptography and Data Security, 15.01.2003 Introduction to Cryptography, Helger Lipmaa 4
Prerequisities • Mathematics: one or two years of basic studies + Mat-1.128 (or an analogue). Discrete mathematics is essential! • Understanding of computer architecture • 3733+ coding skills: some home assignments will need programming • Some knowledge about data security • Sophisticated and curious mind. Interest in solving puzzles, security issues T-79.159 Cryptography and Data Security, 15.01.2003 Introduction to Cryptography, Helger Lipmaa 5
Course Team • Lectures: Helger Lipmaa (English + some other obscure languages) • Tutorials 1 (Tue): Markku-Juhani Saarinen (Finnish + English + . . . ) • Tutorials 2 (Wed): Johan Wall´ en (Swedish + Finnish + English + . . . ) T-79.159 Cryptography and Data Security, 15.01.2003 Introduction to Cryptography, Helger Lipmaa 6
Course Passing • Mandatory home assigments: 1. First assignment (strict deadline: 1st of March) — 15% of exam 2. Second assignment (strict deadline: 1st of April) — 15% of exam 3. Third assignment (strict deadline: 1st of May) — 15% of exam • Exam (30.05.) • 45% of the grade comes from assignments (strict deadlines), 55% are obtained from exam T-79.159 Cryptography and Data Security, 15.01.2003 Introduction to Cryptography, Helger Lipmaa 7
Course Layout • More or less follow the textbook during approx. the first ten lectures • New and interesting stuff in last lectures • Students recommended to buy the textbook (has been spotted in Aka- teeminen) T-79.159 Cryptography and Data Security, 15.01.2003 Introduction to Cryptography, Helger Lipmaa 8
Tentative Schedule ♯ Date Subject 1. 15.1 Introduction (Chapter 2) 2. 22.1 Secret Key Cryptography (Chp 3) 3. 29.1 Modes of Operation (Chp 4) 4. 5.2 Public Key Cryptography (Chp 5) 5. 12.2 Hashes and Message Digests (Chp 6) 6. 19.2 Public Key Algorithms (Chp 7) 26.2 No lecture (?) 5.3 No lecture (?) 7. 12.3 Number theory (Chp 8) 8. 19.3 Math with AES and Elliptic Curves (Chp 9) 9. 26.3 Overview of Authentication Systems (Chp 10) 10. 2.4 . . . 11. 9.4 . . . 11. 16.4 . . . 12. 23.4 Other issues (Quantum cryptography, . . . ?) T-79.159 Cryptography and Data Security, 15.01.2003 Introduction to Cryptography, Helger Lipmaa 9
First Lecture: Introduction to Cryptography 1. What is cryptography? 2. Breaking an encryption scheme 3. Types of cryptographic functions 4. Secret key cryptography 5. Public key cryptography 6. Hash algorithms (Chapter 2) T-79.159 Cryptography and Data Security, 15.01.2003 Introduction to Cryptography, Helger Lipmaa 10
What is cryptography? • κρυπτo - γραφη = hidden + writing • Historically, cryptography = the science of secret communication (en- cryption) • E.g., Alice and Bob want to communicate without the governmental interception • E.g., two governments want to communicate without any interception whatsoever T-79.159 Cryptography and Data Security, 15.01.2003 Introduction to Cryptography, Helger Lipmaa 11
What is cryptography? • Apart from encryption, contemporary cryptography makes it possible to ⋆ authenticate people, ⋆ verify the integrity of data ⋆ . . . (many unexpected applications) • Communication of digital information (encoded as numbers) • Numbers are mathematically translated to other numbers, either to en- crypt them, to authenticate, . . . T-79.159 Cryptography and Data Security, 15.01.2003 Introduction to Cryptography, Helger Lipmaa 12
The Need for the Key • Ciphertext = encrypted plaintext (message), C = E ( M ) • Plaintext = decrypted ciphertext, M = E − 1 ( C ) • The function E − 1 must be secret—otherwise it is easy to compute M from C • If Alice and Bob want to have twodirectional traffic, they must share the function E (and E − 1 ) — a hardware module, piece of software or a mathematical description T-79.159 Cryptography and Data Security, 15.01.2003 Introduction to Cryptography, Helger Lipmaa 13
The Need for the Key • Bad 1: the description of E might be long, and hard to share • Bad 2: the description of E might be long, and hard to keep in secret • For example, can be recovered by reengineering the hardware module • Solution: let E and E − 1 be public, but let C also depend on a short key K • Easier to share, easier to keep secret (memorize, or store in tamper- proof hardware) T-79.159 Cryptography and Data Security, 15.01.2003 Introduction to Cryptography, Helger Lipmaa 14
Types of cryptographic functions • Secret key cryptography: 1 key • Public key cryptography: 2 keys • Hash functions: no keys T-79.159 Cryptography and Data Security, 15.01.2003 Introduction to Cryptography, Helger Lipmaa 15
Secret key encryption: basic model Eve Cannot understand :( E − 1 E M = E − 1 C = E K ( M ) K ( E K ( M )) M K K Preshared keys Alice Bob T-79.159 Cryptography and Data Security, 15.01.2003 Introduction to Cryptography, Helger Lipmaa 16
Encryption: definitions Eve Adversary Cipher, Encryption Inverse cipher, Decryption Public channel E − 1 E M = E − 1 C = E K ( M ) K ( E K ( M )) M Plaintext Ciphertext K K Preshared key Private channel Alice Bob Sender Receiver T-79.159 Cryptography and Data Security, 15.01.2003 Introduction to Cryptography, Helger Lipmaa 17
Scientific method of cryptography • Security of cryptographic primitives is either ⋆ Provable: e.g., one-time pad is secure ⋆ Reducable: “ E is secure if F is secure” ⋆ Heuristic: “we cannot break E , and a lot of other people also do not know how to break it” • Fundamentally, it is not known if any cryptographic method is secure — since it might happen that P = NP , or that quantum computers can break all ciphers T-79.159 Cryptography and Data Security, 15.01.2003 Introduction to Cryptography, Helger Lipmaa 18
Scientific method of cryptography • Provable: most desired, but such systems are not practical • Reducable: applicable in some situations, but one must have secure basic primitives • Heuristic: results in crazy but extremely practical ciphers • It is also not easy to define, what exactly is meant by security in prac- tice! • End result: Alice designs a cipher, Bob breaks it, Alice fixes the break, Carol breaks it, Alice and Diana fix the break, Edward breaks it, . . . , Theodor proposes a completely new cipher, Urho breaks it T-79.159 Cryptography and Data Security, 15.01.2003 Introduction to Cryptography, Helger Lipmaa 19
Ciphers should be public, 1/2 • If cipher is kept secret, it may be harder to break it • However, one cannot rely on secrecy: the more people use a cipher, the more information about is bound to leak • Main reason for publishing: gives free scientific scrutinity T-79.159 Cryptography and Data Security, 15.01.2003 Introduction to Cryptography, Helger Lipmaa 20
Ciphers should be public, 2/2 • People will try to break your cipher (for their personal fame). If they cannot break it in a while, the cipher might be secure • If you know the cipher is secure anyways (i.e., not heuristic), then pub- lishing it does not help to break it! • Motivations for keeping it secret: trade secrets, or when the worst thing that can happen is when also others start to use the same cipher T-79.159 Cryptography and Data Security, 15.01.2003 Introduction to Cryptography, Helger Lipmaa 21
Computational difficulty • Encrypting and decrypting, if you know the key, must be easy • That is, functions E and E − 1 are efficient • In practice, E ’s time complexity is required to be linear in the length of key • Recovering the key if you don’t know it must be difficult • Exhaustive key search: If key length is k bits, there are 2 k keys • Therefore e.s. takes 2 k steps T-79.159 Cryptography and Data Security, 15.01.2003 Introduction to Cryptography, Helger Lipmaa 22
Recommend
More recommend
