Introduction to Encryption, Exercises of Cryptography and System Security

We phrase security of encryption schemes as a game between a challenger and an adversary. If no adversary can win the game.

Typology: Exercises

2022/2023

Uploaded on 05/11/2023

daryth
daryth 🇺🇸

4.5

(2)

232 documents

1 / 41

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Announcements
Introduction
Objectives
Symmetric Key
Encryption
Ciphertext IND
IND-KPA
IND-CPA
IND-CCA1
IND-CCA2
Achieve IND-CPA
One Time Pad
AES Block Cipher
Summary
Introduction to Encryption
Ruta Jawale
July 1, 2019
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29

Partial preview of the text

Download Introduction to Encryption and more Exercises Cryptography and System Security in PDF only on Docsity!

Announcements Introduction Objectives Symmetric Key Encryption Ciphertext IND IND-KPA IND-CPA IND-CCA IND-CCA Achieve IND-CPA One Time Pad AES Block Cipher Summary

Introduction to Encryption

Ruta Jawale

July 1, 2019

Announcements Introduction Objectives Symmetric Key Encryption Ciphertext IND IND-KPA IND-CPA IND-CCA IND-CCA Achieve IND-CPA One Time Pad AES Block Cipher Summary

Announcements

Homework 1 due in a week (7/8)

Project 1 due in about a week (7/11)

Midterm 1 in two weeks (7/15)

Attend lecture and discussion sections to learn material to

appear on Midterm 1

Announcements Introduction Objectives Symmetric Key Encryption Ciphertext IND IND-KPA IND-CPA IND-CCA IND-CCA Achieve IND-CPA One Time Pad AES Block Cipher Summary

Alice’s security specifications

We want CIA. (No, not the Central Intelligence Agency.)

Confidentiality

only Alice and Bob should know the message

Integrity

Alice’s message was not modified or tampered with

Authentication

Bob should be able to verify Alice sent the message

Announcements Introduction Objectives Symmetric Key Encryption Ciphertext IND IND-KPA IND-CPA IND-CCA IND-CCA Achieve IND-CPA One Time Pad AES Block Cipher Summary

Meet Alice’s adversaries

Eve the Eavesdropper

Likes: Reading messages

Dislikes: Confidentiality

Mallory the Manipulator

Likes: Altering messages

Dislikes: Integrity/Authenticity

For now, we’ll focus on giving Eve a hard time.

Announcements Introduction Objectives Symmetric Key Encryption Ciphertext IND IND-KPA IND-CPA IND-CCA IND-CCA Achieve IND-CPA One Time Pad AES Block Cipher Summary

Types of encryption

Encryption key Decryption key

Symmetric key encryption =

same private key for encryption and decryption

Asymmetric key encryption 6 =

separate public encryption key and private decryption key

Both types of encryption achieve confidentiality, necessary to

annoy Eve. For now, we’ll focus on symmetric encryption.

Announcements Introduction Objectives Symmetric Key Encryption Ciphertext IND IND-KPA IND-CPA IND-CCA IND-CCA Achieve IND-CPA One Time Pad AES Block Cipher Summary

Learning objectives

Learn how to make formal security arguments

Specifically prove or disprove that a scheme is IND-KPA or

IND-CPA secure

Build intuition from formal security proofs

For example, understand what it means to be IND-CPA

secure

Announcements Introduction Objectives Symmetric Key Encryption Ciphertext IND IND-KPA IND-CPA IND-CCA IND-CCA Achieve IND-CPA One Time Pad AES Block Cipher Summary

Symmetric key encryption

How do we know that our encryption works?

∀m, k Dec(k, Enc(k, m)) = m

We call this the correctness property!

Is the correctness property enough for encryption to be

confidential? No, we need a security guarantee.

Announcements Introduction Objectives Symmetric Key Encryption Ciphertext IND IND-KPA IND-CPA IND-CCA IND-CCA Achieve IND-CPA One Time Pad AES Block Cipher Summary

How do establish security? Games!

We phrase security of encryption schemes as a game between a

challenger and an adversary. If no adversary can win the game

with probability greater than random chance, then we consider

the scheme secure.

Challenger

Photo Credit: lichess

Adversary

Announcements Introduction Objectives Symmetric Key Encryption Ciphertext IND IND-KPA IND-CPA IND-CCA IND-CCA Achieve IND-CPA One Time Pad AES Block Cipher Summary

IND-KPA Secure

Phases Challenger C Adversary A

setup k ← Gen(1n^ )

challenge cipher

m∗ 0 , m∗ 1

b

c∗^ ← Enc(k, m b∗ )

c∗

send bit

b′

determine win If b = b

, A wins.

Announcements Introduction Objectives Symmetric Key Encryption Ciphertext IND IND-KPA IND-CPA IND-CCA IND-CCA Achieve IND-CPA One Time Pad AES Block Cipher Summary

IND-KPA Secure

Phases Challenger C Adversary A

setup k ← Gen(1n^ )

challenge cipher

m∗ 0 , m∗ 1

b

c∗^ ← Enc(k, m b∗ )

c

send bit

b′

determine win If b = b′, A wins.

∀ adversaries A, Pr[A wins game] ≤

+ negligible

Why

? Some adversary A could guess bit b. They have

probability

2 to succeed. We don’t consider this an “attack”

on our encryption scheme.

Announcements Introduction Objectives Symmetric Key Encryption Ciphertext IND IND-KPA IND-CPA IND-CCA IND-CCA Achieve IND-CPA One Time Pad AES Block Cipher Summary

IND-CPA secure

Phases Challenger C Adversary A setup k ← Gen( n )

encrypt plaintext

mi ←−−−−−−−−−−− for i ∈ poly(n)

ci ← Enc(k, mi )

ci −−−−−−−−−−−→

challenge cipher

m∗ 0 , m∗ 1 ←−−−−−−−−−−−

b

c∗^ ← Enc(k, m∗ b )

c∗ −−−−−−−−−−−→

encrypt plaintext

m′ i ←−−−−−−−−−−− for i ∈ poly(n)

ci ← Enc(k, m i′ )

c i′ −−−−−−−−−−−→

send bit

b′ ←−−−−−−−−−−− determine win If b = b′, A wins.

Announcements Introduction Objectives Symmetric Key Encryption Ciphertext IND IND-KPA IND-CPA IND-CCA IND-CCA Achieve IND-CPA One Time Pad AES Block Cipher Summary

IND-CPA secure

Phases Challenger C Adversary A setup k ← Gen(1n^ )

encrypt plaintext

mi ←−−−−−−−−−−− for i ∈ poly(n)

ci ← Enc(k, mi )

ci −−−−−−−−−−−→

challenge cipher

m∗ 0 , m∗ 1 ←−−−−−−−−−−−

b

c∗^ ← Enc(k, m∗ b )

c∗ −−−−−−−−−−−→

encrypt plaintext

m′ i ←−−−−−−−−−−− for i ∈ poly(n)

ci ← Enc(k, m i′ )

c i′ −−−−−−−−−−−→

send bit

b′ ←−−−−−−−−−−− determine win If b = b′, A wins.

∀ adversaries A, Pr[A wins game] ≤

+ negligible

Announcements Introduction Objectives Symmetric Key Encryption Ciphertext IND IND-KPA IND-CPA IND-CCA IND-CCA Achieve IND-CPA One Time Pad AES Block Cipher Summary

IND-CCA1 secure

Phases Challenger C Adversary A setup k ← Gen(1n^ )

decrypt ciphertext and

ci , mj ←−−−−−−−−−−− for i, j ∈ poly(n) encrypt plaintext mi ← Dec(k, ci )

cj ← Enc(k, mj )

mi , cj −−−−−−−−−−−→

challenge cipher

m 0 ∗ , m∗ 1 ←−−−−−−−−−−−

b

c∗^ ← Enc(k, m∗ b )

c∗ −−−−−−−−−−−→

encrypt plaintext

m′ j ←−−−−−−−−−−− for j ∈ poly(n)

c j′ ← Enc(k, m′ j )

c j′ −−−−−−−−−−−→

send bit

b′ ←−−−−−−−−−−− determine win If b = b′, A wins.

∀ adversaries A, Pr[A wins game] ≤

2 +^ negligible

Announcements Introduction Objectives Symmetric Key Encryption Ciphertext IND IND-KPA IND-CPA IND-CCA IND-CCA Achieve IND-CPA One Time Pad AES Block Cipher Summary

IND-CCA2 secure

Phases Challenger C Adversary A setup k ← Gen(1n^ )

decrypt ciphertext and

ci , mj ←−−−−−−−−−−− for i, j ∈ poly(n) encrypt plaintext mi ← Dec(k, ci )

cj ← Enc(k, mj )

mi , cj −−−−−−−−−−−→

challenge cipher

m∗ 0 , m∗ 1 ←−−−−−−−−−−− b ← {$ 0 , 1 }

c∗^ ← Enc(k, m∗ b )

c∗ −−−−−−−−−−−→

decrypt ciphertext and

c′ i , m′ j ←−−−−−−−−−−− for i, j ∈ poly(n), where c′ i 6 = c∗ encrypt plaintext m′ i ← Dec(k, c′ i )

c′ j ← Enc(k, m′ j )

m′ i , c j′ −−−−−−−−−−−→

send bit

b′ ←−−−−−−−−−−− determine win If b = b′, A wins.