2016-03-24 - introduction to cryptography - in lecture ... · wecan’tdobeer… )...
TRANSCRIPT
Cryptography (a short intro)
Dominique Unruh University of Tartu
κρυπτός γράφειν
hidden wri6ng
Dominique Unruh -‐ Cryptography 2
Encryp6on
Secret codes
Dominique Unruh -‐ Cryptography 3
What is Cryptography?
Communica5on in the presence
of an adversary
• More than just encryp6on • Protec6on of data integrity • Communica6on with the adversary
Dominique Unruh -‐ Cryptography 4
Cryptography in History
Dominique Unruh -‐ Cryptography 5
Kama Sutra recommends…
The following are the arts to be studied, together with the Kama Sutra: [...] The art of understanding wri6ng in cypher, and the wri6ng of words in a peculiar way.
(Transla6on by Richard Burton)
Higher semesters only
Dominique Unruh -‐ Cryptography 6
Caesar Cipher
• ShiS each leTer by three places
• Supposedly used by Julius Caesar
CAESAR
FDHVDU
Dominique Unruh -‐ Cryptography 7
Scytale
Sparta… 2500 years ago…
Dominique Unruh -‐ Cryptography 8
Herodotus and the Slave Cipher
(5. century BC)
Dominique Unruh -‐ Cryptography 9
Invisible Ink
• Lemon juice as invisible ink
• ASer hea6ng, ink becomes brown
Dominique Unruh -‐ Cryptography 10
The Kerckhoffs principle
Dominique Unruh -‐ Cryptography 11
Auguste Kerckhoffs
• “La cryptographie militaire”, Journal des sciences militaires, 1883
• “The system must not require secrecy, and it can fall into enemy‘s hands without causing trouble“
Dominique Unruh -‐ Cryptography 12
Kerkhoffs Principle -‐ Consequences
• Separa6on of cryptosystem and key
• System must stay secure even if only key is secret
• Design-‐principle for modern cryptogrphy
Dominique Unruh -‐ Cryptography 13
The enemy knows the system.
Claude Shannon
Dominique Unruh -‐ Cryptography 14
Enigma
• German cipher machine from World War II • 3-‐4 wheels (rotors) with electrical wires
• Rotor posi6on determines the wire connec6ons
• Key press à Lamp lights up, rotor rotates
Dominique Unruh -‐ Cryptography 15
Enigma
• Rotor posi6on = key • Even aSer the Bri6sh got an Enigma, immense work needed for breaking it
• Alan Turing’s team had >10000 helpers • A success for the Kerkhoffs principle
Dominique Unruh -‐ Cryptography 16
Modern Cryptography
Dominique Unruh -‐ Cryptography 17
Informa5on Theory
• Shannon, “A mathema6cal theory of communica6on”, 1948
• Informa6on as a mathema6cal object
• Security can be defined, analyzed, and proven! Claude Shannon
Dominique Unruh -‐ Cryptography 18
One-‐5me-‐pad
Message: 001110100100111100010 +
Key: 101011100101001011100 =
Ciphertext: 100101000001110111110
Shannon: One-‐5me-‐pad is provably secure!
Dominique Unruh -‐ Cryptography 19
One-‐5me-‐pad in Prac5ce
Not prac6cal:
• Long key • May only be used
once
Dominique Unruh -‐ Cryptography 20
Public-‐Key Cryptography
Whitfield Diffie Martin Hellman
“New Directions in Cryptography”, 1976
Dominique Unruh -‐ Cryptography 21
Public Key Cryptography
Public key
Message Ciphertext
Secret key
Message
Advantage: Public key may be published
Dominique Unruh -‐ Cryptography 22
Provable Security
Postulate complexity assump6on – Example: Factoring large integers is hard
Develop cryptosystem
Security proof: – If cryptosystem is broken, complexity assump6on was wrong
1.
2.
3.
Dominique Unruh -‐ Cryptography 23
Why Complexity Assump5ons
We can’t do beTer…
(State of the art: we can prove the hardness of almost nothing…)
Dominique Unruh -‐ Cryptography 24
Example: Proof in the cryptographic model
Pr [ x = x’
when x ← D random y := g(x) x’ := A(y)
]
z := f(x) y := f(z)
f(x) = f(x’)
B(y) := f(A(y)) z’ := B(y)
z = z’
z ← D random
f :D→D one-‐way permuta6on
g(x) := f ( f (x))
Is g one-‐way permuta6on?
g is one-‐way permuta6on ü
≈ 0
25
Beyond the basics
Dominique Unruh -‐ Cryptography 26
Millionaire’s Problem
I am the richest duck!
I am the richest duck!
Who is richer?
None wishes to reveal the size of his fortune None trusts the other
Dominique Unruh -‐ Cryptography 27
Secure Auc5ons
Offers
Production
quantities
Buyers Sugar beet vendors
No-one wishes to reveal his prices What shall the market price be?
Dominique Unruh -‐ Cryptography 28
New Knowledge
Data-‐mining
Medical data
Medical data
Medical data
29
Zero Knowledge
2 :, , , n n nx x yy z n z> +∀ ≠But I don’t want to tell you the proof!
Zero Knowledge Proof: • Prover cannot prove wrong statement • Verifier does not learn anything
Prover Verifier
Zero Knowledge: How?
Graphs G and H are isomorphic
Permute G Permuted graph J
Pick G or H G or H
Iso between J and G or J and H
Prover Verifier
Zero Knowledge: How?
Permute G Permuted graph J
Pick G or H G or H
Iso between J and G or J and H
G and H not isomorphic è Prover will get stuck with probability ½
Verifier does not learn anything:
Could produce iso and J on his own
Quantum Key Exchange
Alice Bob
Polarisa6on:
Measures
ü ü ü û û û
Sends direc6ons
Shared key bits
33
Quantum Key Exchange – ATack
Alice Bob
Polarisa6on:
measures Adversary measures → Bit destroyed → Alice+Bob: different keys → ATack detected
Changed by measurement
34
Quantum Posi5on Verifica5on
Speed of light à Posi5on verified
Electronic Vo5ng
Charlie 1 2 3
Alice Bob
Charlie
Charlie for president!
Charlie
Dominique Unruh -‐ Cryptography 36
Coercion!
Vote for Alice! And don’t dare throw away the receipt.
$?@)$^=+!
Dominique Unruh -‐ Cryptography 37
Cryptography More than encryp5on –
Communica5on in the presence of the adversary
A fascina6ng topic, combining relevance and challenging research ques6ons
Dominique Unruh -‐ Cryptography 38
I thank for your aTen5on
This research was supported by European Social Fund’s
Doctoral Studies and Interna6onalisa6on Programme DoRa
Logo soup