

Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Prof. Salil Vadhan, Prof. Alon Rosen, Computer Science, Cryptography, Harvard, Lecture Notes
Typology: Study notes
1 / 3
This page cannot be seen from the preview
Don't miss anything!


CS 120/ E-177: Introduction to Cryptography
Salil Vadhan and Alon Rosen Dec. 18, 2006
How to think about cryptographic problems precisely.
Adversary's goal Probability of success Adversary's computational resources Adversary's access to system and the communication model Conservative approach
Build complex cryptographic objects from simpler objects/assumptions. Justify via reductions. Always analyze wrt success probability. Stated asymptotically, but can be analyzed concretely
What are we trying to achieve? What are the building blocks? And what are reasonable assumptions about them? Do the assumptions about the building blocks provably imply security of the protocol? If not, are the building blocks at least being used in a way intuitively appropriate to their properties?
complexity assumptions (stronger than P 6 = NP, e.g. one-way functions) adversary's computational resources one protocol running over single communication line, with passive or active adversary in between public keys readily available secret keys truly secret, generating using perfect random bits party = algorithm = black box mapping inputs to outputs
Want security when many protocols running concurrently, even under a coordinated attack. (`universal composability') Very active research area
Key exchange protocols Issues with Public-Key Infrastructure (PKI), Certicate Authorities Human passwords Compromised keys
Network security: trac analysis, denial of service Physical attacks: power analysis, timing analysis, fault analysis Human error Dangerous programs: buggy/insecure code, viruses, worms
Logic to describe crypto protocols, with idealized model of encryption Can apply automated deduction to analyze these protocols, but does not imply security when implemented with computationally secure primitives Closing this gap is an active research area
Quantum cryptography Bounded-storage model Rabin's hyperencryption protocol Both allow information-theoretic (statistical) security, no complexity assumptions.
What data should be protected? (as opposed to how to protect it) Should digital signatures be legally binding? Should citizens be allowed to use strong cryptography? Tension between privacy/anonymity and security/accountability.