Conclusions, Study notes of Cryptography and System Security

CS 127/CSCI E-127: Introduction to Cryptography. Prof. Salil Vadhan. Fall 2013. Lecture Notes 21: Conclusions. 1 What to take away.

Typology: Study notes

2022/2023

Uploaded on 05/11/2023

lovefool
lovefool 🇬🇧

4.5

(21)

292 documents

1 / 4

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CS 127/CSCI E-127: Introduction to Cryptography
Prof. Salil Vadhan Fall 2013
Lecture Notes 21:
Conclusions
1 What to take away
How to think about cryptographic problems
precisely
.
Command of basic cryptographic notions encryption, one-way functions, pseudorandom
generators, MACs, etc.
Dening security
Adversary's goal
Probability
of success
Adversary's computational resources
Adversary's access to system and the communication model
Conservative approach
Constructions
Build complex cryptographic objects from simpler objects/assumptions.
Justify via
reductions.
Always analyze wrt success probability.
Stated asymptotically, but can be analyzed concretely
Some Q's to ask yourself when encountering a new cryptographic protocol:
What are we trying to achieve?
What are the building blocks? And what are reasonable assumptions about them?
Do the assumptions about the building blocks provably imply security of the protocol? If
not, are the building blocks at least being used in a way intuitively appropriate to their
properties?
Assumptions we have used
complexity assumptions (stronger than
P6=NP
, e.g. one-way functions)
adversary's computational resources
one protocol running over single communication line, with passive or active adversary in
between
public keys readily available
secret keys truly secret, generating using perfect random bits
party = algorithm = black box mapping inputs to outputs
1
pf3
pf4

Partial preview of the text

Download Conclusions and more Study notes Cryptography and System Security in PDF only on Docsity!

CS 127/CSCI E-127: Introduction to Cryptography

Prof. Salil Vadhan Fall 2013

Lecture Notes 21:

Conclusions

1 What to take away

How to think about cryptographic problems precisely.

  • Command of basic cryptographic notions  encryption, one-way functions, pseudorandom generators, MACs, etc.
  • Dening security  Adversary's goal  Probability of success  Adversary's computational resources  Adversary's access to system and the communication model  Conservative approach
  • Constructions  Build complex cryptographic objects from simpler objects/assumptions.  Justify via reductions.  Always analyze wrt success probability.  Stated asymptotically, but can be analyzed concretely
  • Some Q's to ask yourself when encountering a new cryptographic protocol:

 What are we trying to achieve?  What are the building blocks? And what are reasonable assumptions about them?  Do the assumptions about the building blocks provably imply security of the protocol? If not, are the building blocks at least being used in a way intuitively appropriate to their properties?

  • Assumptions we have used  complexity assumptions (stronger than P 6 = NP, e.g. one-way functions)  adversary's computational resources  one protocol running over single communication line, with passive or active adversary in between  public keys readily available  secret keys truly secret, generating using perfect random bits  party = algorithm = black box mapping inputs to outputs

2 What we didn't cover

  • Secure Multiparty Computation

 Many parties compute a joint function of their inputs so that no one learns anything other than result.  Can be done for arbitrary poly-time functions (fairly easily) using fully homomorphic encryption, but there are constructions (from the 1980's) based on much weaker assump- tions  Zero-knowledge proofs, electronic voting, secure auctions, etc. are all special cases  NB: does not address which functions are safe to compute (the result itself may reveal more than you want)

  • Concurrency and composability

 Want security when many protocols running concurrently, even under a coordinated attack. (`universal composability')  Very active research area

  • Key management

 Key exchange protocols  Issues with Public-Key Infrastructure (PKI), Certicate Authorities  Human passwords  Compromised keys

  • Attacks outside the basic models

 Network security: trac analysis, denial of service  Physical attacks: power analysis, timing analysis, fault analysis  Human error  Dangerous programs: buggy/insecure code, viruses, worms

  • Symbolic analysis of protocols (formal methods)

 Logic to describe crypto protocols, with idealized model of encryption  Can apply automated deduction to analyze these protocols, but does not imply security when implemented with computationally secure primitives  Closing this gap is an active research area

  • Alternative models

 Quantum cryptography  Bounded-storage model (high-rate beacon of random bits, adversary can't store all of it)  Both allow information-theoretic (statistical) security, no complexity assumptions.

  • Number Theory

 Math 124, and many other courses in the math department.