Crypto is amazing Can do things that initially seem impossible Crypto is important It impacts each of us every day Crypto is fun Deep theory Attackers mindset Necessary administrative stuff ID: 919316
Download Presentation The PPT/PDF document "Cryptography Lecture 1 Welcome!" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Cryptography
Lecture 1
Slide2Welcome!
Crypto is amazing
Can do things that initially seem impossible
Crypto is important
It impacts each of us every day
Crypto is fun!
Deep theory
Attackers’ mindset
Slide3Necessary administrative stuff
Course webpage
http://www.cs.umd.edu/~jkatz/crypto/s18
Prerequisites/information posted there
Syllabus posted there
HWs posted there
Announcements posted there
Midterm already scheduled
Slide4Necessary administrative stuff
Canvas/ELMS
Used only to submit HW electronically
Let me know if unable to access class
Piazza
Useful for discussions/questions
Preferable to email if you think others will have the same question
Slide5Necessary administrative stuff
Capacity will not be increased beyond 75
Seats are reserved for registered students
Historically, 10-15% of the class drops by end of first full week
If you are trying to get in, do the first HW even if not yet admitted
After that, assume you will not get in
Slide6TAs
Aaron Hall
Neal Gupta
Slide7This is a tough class
Mathematical prerequisites
Discrete math, probability, modular arithmetic
Requires mathematical maturity
Proofs, abstraction
Slide8This is a tough class
CS prerequisites
Binary, hex,
pseudocode
/algorithms, big-O notation
Programming assignments
Hard part should not be the programming, but the thought behind it
Flexibility in choice of language
Slide9This is new for me…
Never taught so many students before
Never taught in an “interactive classroom” like this before
Try to promote “
a
ctive learning”
MUST read textbook before class
Lecture will move quickly, expect questions and discussion
30-40 minutes/week devoted to problem solving
Slide10“Active learning”
Read textbook before class
See course syllabus
Can also view my videos on
Coursera
Ask questions in advance on Piazza and/or bring questions to class
Regular quizzes at beginning of class to test understanding
5% of the grade
Slide11Textbook
Required
textbook: “Introduction to Modern Cryptography, 2
nd
edition,” Katz and
Lindell
Exams will be open book
Physical copies only
Slide12HWs/exams
Expect HWs every 2-3 lectures
Optional HWs (ungraded) focusing on theory
Solutions given
Graded HWs involving implementation
Meant to reinforce the abstract concepts
Meant to highlight practical
applications
In-class midterm and final
Questions similar to optional HWs and in-class exercises; may also be based on programming assignments
Anything covered in class or listed on syllabus is fair game
Slide13Laptops/electronics
No-laptop/no-electronics policy
Distracting to you
Distracting to others
If you feel you need an exception, talk to me
Slide14How to reach me
Best way to contact me is by email:
jkatz@cs.umd.edu
Please put “CMSC 456” in subject line
Office hours before class
Please email me in advance if you plan to come to office hours
Slide15Questions?
Please ask questions throughout!
Slide16Course goals
Understand real-world crypto via a rigorous approach
When you encounter crypto in your career:
Understand the key terms
Understand the security guarantees provided
Know how to use crypto
Understand what goes on “under the hood”
“Crypto mindset”
Slide17Course non-goals
Designing your own crypto schemes
Implementing your own crypto for
real-world use
Course goal:
realize when
to consult an
expert!
Slide18Cryptography (historically)
“…the art of writing or solving codes…”
Historically
, cryptography
focused exclusively on ensuring
private communication
between two parties sharing secret information in advance (using “codes” aka
private-key encryption
)
Slide19Modern cryptography
Much broader scope!
Data integrity, authentication, protocols, …
The
public-key setting
Group
communication
More-complicated trust models
Foundations (e.g., number theory, quantum-resistance) to systems (e.g., electronic voting,
cryptocurrencies
)
Slide20Modern cryptography
Design
, analysis, and implementation of
mathematical techniques
for securing information, systems, and
distributed computations
against adversarial
attack
Slide21Modern cryptography
Cryptography is ubiquitous
Passwords, password hashing
Secure credit-card transactions over the internet
Encrypted
WiFi
Disk encryption
Digitally signed software updates
Bitcoin
…
Slide22Cryptography (historically)
“…the art of writing or solving codes…”
Historically
,
cryptography was an
art
Heuristic
, unprincipled
design and analysis
Schemes proposed, broken, repeat…
Slide23Modern cryptography
Cryptography is
now much more of a
science
Rigorous
analysis, firm
foundations, deeper understanding, rich
theory
The “crypto mindset” has permeated
other areas of computer security
Threat modeling
Proofs of security
Slide24Rough course outline
Building blocks
Pseudorandom (number) generators
Pseudorandom functions/block ciphers
Hash functions
Number theory
Secrecy
Integrity
Private-key setting
Private-key encryption
Message authentication codes
Public-key setting
Public-key encryption
Digital
signatures
Slide25Classical Cryptography
Slide26Motivation
Allows us to “ease into things…,” introduce notation
Shows why unprincipled approaches are dangerous
Illustrates why things are more difficult than they may appear
Slide27Classical cryptography
Until the 1970s, exclusively
concerned with ensuring
secrecy
of communication
I.e.,
encryption
Slide28Classical cryptography
Until the 1970s, relied exclusively on secret information (a
key
) shared in advance between the communicating parties
Private-key
cryptography
a
ka secret-key / shared-key / symmetric-key cryptography
Slide29Private-key encryption
k
k
c
key
m
c
:=
Enc
k
(m)
m
essage/plaintext
encryption
ciphertext
m
:= Dec
k
(c)
decryption
key
Slide30Private-key encryption
k
c
m
c
:=
Enc
k
(m)
m
:= Dec
k
(c)
k
c
c
Slide31Private-key encryption
A
private-key encryption scheme
is defined by a message space
M
and algorithms (Gen,
Enc
, Dec):
Gen (key-generation algorithm): outputs
k
K
Enc
(encryption algorithm): takes key k and message
m
M
as input; outputs
ciphertext
c
c
Enc
k
(m)
Dec (decryption algorithm): takes key k and
ciphertext
c as input; outputs m or “error”
m := Dec
k
(c)
For all
m
M
and k output by Gen,
Dec
k
(
Enc
k
(m)) = m
Slide32Kerckhoffs’s principle
The encryption scheme
is not secret
The attacker knows the encryption scheme
The only secret is the
key
The key must be chosen at random; kept secret
Some arguments in favor of this principle
Easier to keep
key
secret than
algorithm
Easier to change
key
than to change
algorithm
Standardization
Ease of deployment
P
ublic validation
Slide33The shift cipher
Consider encrypting English text
Associate ‘a’ with 0; ‘b’ with 1; …; ‘z’ with 25
k
K
= {0, …, 25}
To encrypt using key k, shift every letter of the plaintext by k positions (with wraparound)
Decryption just does the reverse
helloworldz
ccccccccccc
jgnnqyqtnfb
Slide34Modular arithmetic
x
=
y
mod N if and only if N divides x-y
[x mod N] =
t
he
remainder when x is divided by N
I.e., the unique value
y
{0, …, N-1} such that
x =
y
mod N
2
5 = 35 mod 10
25 ≠ [35 mod 10]
5 = [35 mod 10]
Slide35The shift cipher, formally
M
= {strings over lowercase English alphabet
}
Gen: choose uniform k
{0, …, 25}
Enc
k
(m
1
…
m
t
): output c
1
…
c
t
, where
c
i
:= [m
i
+ k mod 26]
Dec
k
(c
1
…
c
t
): output m
1
…
m
t
, where
m
i
:= [c
i
- k mod 26]
Can verify that correctness holds…
Slide36Is the shift cipher secure?
No -- only 26 possible keys!
Given a
ciphertext
, try decrypting with every possible key
O
nly one possibility will “make sense”
(What assumptions are we making here?)
Example of a “brute-force” or “exhaustive-search” attack
Slide37Example
Ciphertext
uryybjbeyq
Try every possible key…
t
qxxaiadxp
s
pwwzhzcwo
…
helloworld