Foundations of Cryptography Lecture 1. Lecturer: Moni Naor. What is Cryptography?. Traditionally: how to maintain secrecy in communication. Alice and Bob talk while Eve tries to listen. Bob. Alice. Eve. History of Cryptography. Very ancient occupation Biblical times -
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Foundations of CryptographyLecture 1
Lecturer:Moni Naor
Traditionally: how to maintain secrecy in communication
Alice and Bob talk while Eve tries tolisten
Bob
Alice
Eve
Biblical times -
איך נלכדה ששך ותתפש תהלת כל הארץ
איך היתה לשמה בבל בגויים
How to maintain the secrecy, integrity and functionality in computer and communication system.
Complexity Theory -
Study the resources needed to solve computational problems
computer time, memory
Identify problems that are infeasible to compute.
Cryptography -
Find ways to specify security requirements of systems
Use the computational infeasibility of problems in order to obtain security.
The development of these two areas is tightly connected!
The interplay between these areas is the subject of the course
Home page of the course:
www.wisdom.weizmann.ac.il/~naor/COURSE/foundations_of_crypto.html
Cryptography deals with methods for protecting the privacy, integrity and functionality of computer and communication systems.
The goal of the course is to provide a firm foundation to the construction of such methods.
In particular we will cover topics such as notions of security of a cryptosystem, proof techniques for demonstrating security and cryptographic primitives such as one-way functions and trapdoor permutations
Books:
Oded Goldreich, Foundations of Cryptography
Web courses
Alice
Bob
Eve
To define security of a system must specify:
Alice and Bob communicate through a channel
Bob has two external states {N,Y}
Eve completely controls the channel
Requirements:
X
X
Alice
Bob
??
Eve
Simple solution:
Prob[X=X’] ≤ 2-n
Good news: can make it a small as we wish
Let X be random variable over alphabet Γ with distribution Px
The (Shannon) entropy of X is
H(X) = - ∑ x ΓPx (x) log Px (x)
Where we take 0 log 0 to be 0.
Represents how much we can compress X
H(X) = -p log p + (1-p) log (1-p) ≡ H(p)
If X {0,1}n and is uniformly distributed, then
H(X) = - ∑ x {0,1}n1/2n log 1/2n =2n/2n n = n
Then H(X) = n/2+1/2
But Eve can cheat with probability at least ½ by guessing that X=0n
Let X be random variable over alphabet Γ with distribution Px
The min entropy of X is
Hmin(X) = - log max x ΓPx (x)
The min entropy represents the most likely value of X
Property: Hmin(X) ≤ H(X)
Why?
Claim: if Alice and Bob agree on such that
Hmin(X) ≥ m, then the probability that Eve succeeds in cheating is at most 2-m
Proof: Make Eve deterministic, by picking her best choice, X’ = x’.
Prob[X=x’] = Px (x’) ≤ max x ΓPx (x) = 2 –Hmin(X) ≤ 2-m
Conclusion: passwords should be chosen to have high min-entropy!
Charlie
Alice
Bob
Eve
Alice should be able to perform something that neither Bob nor Charlie (nor Eve) can do
Must assume that the parties are not computationally all powerful!
A function f: {0,1}n → {0,1}n is called aone-way function, if
Prob[A[f(x)] f-1(f(x)) ] ≤ 1/p(n)
Where x is chosen uniformly in {0,1}nand the probability is also over the internal coin flips of A
A function f: {0,1}n → {0,1}n is called a (t,ε) one-way function, if
Prob[A[f(x)] f-1(f(x)) ] ≤ ε
Where x is chosen uniformly in {0,1}nand the probability is also over the internal coin flips of A
Can either think of t and εas being fixed or as t(n), ε(n)
Lf is NP – guess x and check
If Lf is P then f is invertable in polynomial time
Prob[A[f(x)] f-1(f(x)) ] ≤ ε
or else we can use Eve to break the one-way function
Good news: if ε can be made as small as we wish, then we have a good scheme.