


Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
CS 127/CSCI E-127: Introduction to Cryptography. Prof. Salil Vadhan. Fall 2013. Lecture Notes 21: Conclusions. 1 What to take away.
Typology: Study notes
1 / 4
This page cannot be seen from the preview
Don't miss anything!



CS 127/CSCI E-127: Introduction to Cryptography
Prof. Salil Vadhan Fall 2013
How to think about cryptographic problems precisely.
What are we trying to achieve? What are the building blocks? And what are reasonable assumptions about them? Do the assumptions about the building blocks provably imply security of the protocol? If not, are the building blocks at least being used in a way intuitively appropriate to their properties?
Many parties compute a joint function of their inputs so that no one learns anything other than result. Can be done for arbitrary poly-time functions (fairly easily) using fully homomorphic encryption, but there are constructions (from the 1980's) based on much weaker assump- tions Zero-knowledge proofs, electronic voting, secure auctions, etc. are all special cases NB: does not address which functions are safe to compute (the result itself may reveal more than you want)
Want security when many protocols running concurrently, even under a coordinated attack. (`universal composability') Very active research area
Key exchange protocols Issues with Public-Key Infrastructure (PKI), Certicate Authorities Human passwords Compromised keys
Network security: trac analysis, denial of service Physical attacks: power analysis, timing analysis, fault analysis Human error Dangerous programs: buggy/insecure code, viruses, worms
Logic to describe crypto protocols, with idealized model of encryption Can apply automated deduction to analyze these protocols, but does not imply security when implemented with computationally secure primitives Closing this gap is an active research area
Quantum cryptography Bounded-storage model (high-rate beacon of random bits, adversary can't store all of it) Both allow information-theoretic (statistical) security, no complexity assumptions.
Math 124, and many other courses in the math department.