Crytography Conclusions, Lecture Notes - Computer Science, Study notes of Cryptography and System Security

Prof. Salil Vadhan, Prof. Alon Rosen, Computer Science, Cryptography, Harvard, Lecture Notes

Typology: Study notes

2010/2011

Uploaded on 11/02/2011

thecoral
thecoral 🇺🇸

4.5

(30)

395 documents

1 / 3

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CS 120/ E-177: Introduction to Cryptography
Salil Vadhan and Alon Rosen Dec. 18, 2006
Lecture Notes 22:
Conclusions
1 What to take away
How to think about cryptographic problems
precisely
.
Command of basic cryptographic notions encryption, one-way functions, pseudorandom
generators, MACs, etc.
Dening security
Adversary's goal
Probability
of success
Adversary's computational resources
Adversary's access to system and the communication model
Conservative approach
Constructions
Build complex cryptographic objects from simpler objects/assumptions.
Justify via
reductions.
Always analyze wrt success probability.
Stated asymptotically, but can be analyzed concretely
Some Q's to ask yourself when encountering a new cryptographic protocol:
What are we trying to achieve?
What are the building blocks? And what are reasonable assumptions about them?
Do the assumptions about the building blocks provably imply security of the protocol? If
not, are the building blocks at least being used in a way intuitively appropriate to their
properties?
Assumptions we have used
complexity assumptions (stronger than
P6=NP
, e.g. one-way functions)
adversary's computational resources
one protocol running over single communication line, with passive or active adversary in
between
public keys readily available
secret keys truly secret, generating using perfect random bits
party = algorithm = black box mapping inputs to outputs
1
pf3

Partial preview of the text

Download Crytography Conclusions, Lecture Notes - Computer Science and more Study notes Cryptography and System Security in PDF only on Docsity!

CS 120/ E-177: Introduction to Cryptography

Salil Vadhan and Alon Rosen Dec. 18, 2006

Lecture Notes 22:

Conclusions

1 What to take away

How to think about cryptographic problems precisely.

  • Command of basic cryptographic notions  encryption, one-way functions, pseudorandom generators, MACs, etc.
  • Dening security

 Adversary's goal  Probability of success  Adversary's computational resources  Adversary's access to system and the communication model  Conservative approach

  • Constructions

 Build complex cryptographic objects from simpler objects/assumptions.  Justify via reductions.  Always analyze wrt success probability.  Stated asymptotically, but can be analyzed concretely

  • Some Q's to ask yourself when encountering a new cryptographic protocol:

 What are we trying to achieve?  What are the building blocks? And what are reasonable assumptions about them?  Do the assumptions about the building blocks provably imply security of the protocol? If not, are the building blocks at least being used in a way intuitively appropriate to their properties?

  • Assumptions we have used

 complexity assumptions (stronger than P 6 = NP, e.g. one-way functions)  adversary's computational resources  one protocol running over single communication line, with passive or active adversary in between  public keys readily available  secret keys truly secret, generating using perfect random bits  party = algorithm = black box mapping inputs to outputs

2 What we didn't cover

  • Concurrency and composability

 Want security when many protocols running concurrently, even under a coordinated attack. (`universal composability')  Very active research area

  • Key management

 Key exchange protocols  Issues with Public-Key Infrastructure (PKI), Certicate Authorities  Human passwords  Compromised keys

  • Attacks outside the basic models

 Network security: trac analysis, denial of service  Physical attacks: power analysis, timing analysis, fault analysis  Human error  Dangerous programs: buggy/insecure code, viruses, worms

  • Symbolic analysis of protocols (formal methods)

 Logic to describe crypto protocols, with idealized model of encryption  Can apply automated deduction to analyze these protocols, but does not imply security when implemented with computationally secure primitives  Closing this gap is an active research area

  • Alternative models

 Quantum cryptography  Bounded-storage model  Rabin's hyperencryption protocol  Both allow information-theoretic (statistical) security, no complexity assumptions.

  • Social, legal, and policy issues

 What data should be protected? (as opposed to how to protect it)  Should digital signatures be legally binding?  Should citizens be allowed to use strong cryptography?  Tension between privacy/anonymity and security/accountability.