Roadmap on symmetric ciphers

Size: px
Start display at page:

Download "Roadmap on symmetric ciphers"

Transcription

1

2 Roadmap on symmetric ciphers Lecture 01: Historical ciphers (badly broken) Lecture 02: OTP (the One Time Pad cipher) Perfect Secrecy (first notion of security) Stream ciphers (making OTP practical) PRG (unpredictable Pseudo Random Generators) Attacks! Lecture 03: PRGs, PRFs and PRPs Block Ciphers (definition) Block Ciphers (examples: DES, AES) Block Ciphers (modes of operation: ECB, CBC) 2 34

3 Symmetric Key Cryptography: intuition the same key is used for both encryption and decryption Let s meet at 10am. Alice Let s meet at 10am. plaintext DECRYPTION Bob secret key ciphertext ENCRYPTION Cx8, 0_? a tgy1 $abk the same (shared) secret key 3 34

4 Symmetric Ciphers: Definition DEFINITION message space key space ciphertext space A (symmetric) cipher defined over ( K, M, C ) is a pair of efficient algorithms ( E, D ) where: E : K M C and D: K C M, such that, for all the messages m M, for all the keys k K, it holds that: if E ( k, m ) = c, then D ( k, c ) = m. we can re-write this expression as: D ( k, E ( k, m ) ) = m. CORRECTNESS PROPERTY of the cipher 4 34

5 Symmetric Ciphers: the One Time Pad (OTP) - Vernam The OTP cipher: K = M = C = { 0, 1 } n E : K M C, E ( k, m ) = k m D: K C M, D ( k, c ) =? k c Example: msg k C CORRECTNESS of the OTP? D ( k, E ( k, m ) ) = m. k E ( k, m ) = k ( k m ) = m 5 34

6 Quiz 1 scan this QR code and answer the question or type this code at CRGP363 Is it possible to obtain the key k given a message m and its OTP encryption c? No. The correct answer is YES! One can retrieve only half of the bits of the key. Yes. why? Yes, but only for certain m c = m ( k values m ) of = k m and m m. k = k Is the OTP a good cipher? 6 34

7 What is a 'good' cipher? How do we define good? THE FUNDAMENTAL PROPERTIES OF A (GOOD) CIPHER 1. CORRECTNESS : D ( k, E ( k, m ) ) = m. 2. EFFICIENCY : the algorithms E and D run in polynomial time formally: there exists a polynomial p( ) such that the algorithms E and D run in time p(n), where n is the length of the algorithms input. 3. SECURITY : the cipher is secure against some attacks (more details in the next slide) Principles of Modern Cryptography if you don t understand what you want to achieve, how can you possibly know when (or if) you have achieved it? 1. Formal Definitions 2. Precise Assumptions 3. Proof of Security 7 34

8 Security Definition (Perfect Secrecy) by Shannon 1949 intuition: the ciphertext should revel no info about the plaintext Eve DEFINITION for any A cipher ( E, D ) defined over ( K, M, C ) has perfect secrecy if: 8 m 0,m 1 2 M, len(m 0 )=len(m 1 ) and 8 c 2 C Pr[ E(k, m 0 )=c ]=Pr[ E(k, m 1 )=c ] where k is chosen uniformly at random from K, (i.e., k R K ) this is just one definition of security, in the next lectures we will see more! this implies that the adversary (Eve) who sees only the ciphertext c is not able to determine whether c is an encryption of m 0 or m

9 What does 'uniformly at random' mean? (a.k.a. uniform distribution at random) DEFINITION A probability distribution P over a finite set X is a function P : X [ 0,1 ] X with the following property: P(x) =1 x2x A uniform distribution U is a distribution where U(x) is the same value for all x in X. Example (other distributions): the sum of the values obtain throwing two dices has a gaussian normal distribution Example (uniform distribution): the probability of getting head when flipping a coin is 12 which is also the probability of getting a tail 9 34

10 The OTP has perfect secrecy Proof live on the board! Shannon s Theorem Perfect secrecy implies that K M (i.e. the keys must be at least as large as the to-be-encrypted message) Corollary Suppose that K = M = C. We have Perfect Secrecy if and only if each key is used with equal probability 1 K and for any m M and for any c C, there exists a unique key k K such that E( k, m ) = c

11 OTP OTP : has perfect Secrecy Encryption Elk. m ) = Kom Perfect Secrecy : tm., m,.cm lenlmoklenlmi.. P ( Elk, mole ) =P ( E ( k, ttce C m, )=c ) PIE ( k, me Think that mo. > Prob that F )=d a key k that $ c are fixed encrypts the msg Mo into c Kkk How many keys encrypt Mo P ( Eotp ( k, Mo) = c) = into c with the OTP cipher? Et. ON Howmenykeysencryptmotoc Total number of keys = Hk, = Ygn Same reasoning for mn Thus. PIECKMD. - c) = # =P I ECK, MI ē) Omnigo K, implication : Perfect Secrecy KIZ I Ml

12 Perfect Secrecy IKIZIMI STEP 1 : k I 2 I Cl * check pg. 3 apatite.tn#eryet : all different keys ( far different cipher texts ) 1k 1>-1 Cl STEP 2 ICI? I MI m Ehdh.mtB99tanFnngercmfIenpne@M.a.TIf3HowdeIdecrypt7.RemEMmamthusitdtbeMlPr.b ( ) =Preb( ) [ Perfect Secrecy is asking " how encrypt Mo to c and me to the same c think of k as a variable! " many keys

13 * Step I : for every message m the function Em :K C is surjective IKHICI this is true by the def. ef Perfect >sfney T.EH.mtd.ua so fixed a message there, otherwise it means exists at least one key that = Pnbf Elk, ml c) = o that maps the tm Hc. message there is no a chosen cipher text encryption into check the additional material for detailed proofs

14 Quiz 2 scan this QR code and answer the question or type this code at NTJR437 Let m M and c C, how many OTP keys k K = { 0, 1 } n map m into c? None. Infinitely many. 1. It depends on m

15 The Venona project ( ish) a NSA counter-intelligence program to decrypt messages transmitted by the intelligence agencies of the Soviet Union (during World War II ). HOWEVER STRATEGY: used a code to convert words and letters into numbers and encrypt the numbers using OTP When used correctly, OTP encryption is unbreakable. Generating the one-time pads was a slow and labor-intensive process, and the outbreak of world war II caused a sudden increase in the need for coded messages. To keep up with demand, Russia intelligence agencies started to re-use old encryption keys. RESULT: 3,000 messages have been partially or wholly decrypted by NSA. All the duplicate one-time pad pages were produced in 1942, and almost all of them had been used by the end of 1945, with a few being used as late as

16 The Venona project: how did NSA break the Russian's OTP? let c 1 = m 1 k and c 2 = m 2 k consider c 1 c 2 = ( m 1 k ) ( m 2 k ) = ( m 1 m 2 ) ( k k ) = m 1 m 2 Gene Grabeel, the first cryptoanalyst of the Venona project Given m 1 m 2 it is easy to retrieve m 1, m 2 Example given a language L ={00100, 10011, 11100, 10100} m 1 = 00100, m 2 = 10011; then m 1 m 2 = redundancy in a Language ASCII encoding not all combinations of letter are possiblelikely Never use an OTP key twice and can be obtained only adding m 1 adding m

17 Is the OTP a good cipher? Pros very fast algorithms for encryptiondecryption perfect secrecy (one time key semantic security) Cons very long key (the secret key is as long as the message) ciphertexts are malleable highly unpractical 14 34

18 Quiz 3 scan this QR code and answer the question or type this code at AFMA649 Let m be a message and c = m k be its OTP encryption. If the attacker adds a to manipulate the ciphertext, what does Bob decrypt? m k with OTP modifications to the ciphertext are undetectable, and the attacker can predict what the tampered decrypted message will be (if the attacker knows - part of- the original plaintext) m m a a a k k hint: the new ciphertext is c = c a 15 34

19 Beyond OTP How can we make the OTP practical? k STREAM CIPHERS 1. replace the long (uniformly) random key k with a short key s s G G ( s ) = k plaintext (message) ciphertext Pseudo Random Generator (PRG) -see next slide- (uniformly) random looking 2. use s (the new k ) to generate a long pseudo-random key k for the OTP cipher 3. encrypt the plaintext one bit (or byte) at the time NOTE: there are a lot of tiny important details behind stream ciphers (especially for their implementation), but I won t focus on these

20 Quiz 4 scan this QR code and answer the question or type this code at YFMP474 Can a stream cipher have perfect secrecy? Yes, but only if the PRG used in the No, since there exists no cipher with perfect secrecy. Yes, every cipher can have perfect secrecy. stream cipher is really secure. No, since the secret key is shorter than the message

21 Examples of stream ciphers A51: steam cipher used in GSM (Global System for Mobile Communications, originally Groupe SpécialMobile) E0 : stream cipher used in the Bluetooth protocol both are badly broken! 18 34

22 PRG: Pseudo Random Generators Intuition: a PRG is a function that, on input a seed, outputs a string which looks completely random DEFINITION G : {0, 1}`! {0, 1} n ` n A function with, is a secure Pseudo Random Generator (PRG) if for any efficient statistical test (Distinguisher), it holds that: D P[D(G(s)) = 1] P[D(r) = 1] for every s R {0, 1}`,r R {0, 1} n is negligible picked uniformly at random. important to understand! STATISTICAL TEST (distinguisher) D(x) = 1 if x is a truly random string 0 if x is a pseudo-random output - see examples in the exercise lecture

23 What does it mean that the output of G(s) =k 0 is indistinguishable from random? key space s 1 { 0, 1 } l G output space s 2 k 2.. image x k 1 { 0, 1 } n does x belong to image or not? D An adversary that sees the output of cannot distinguish it from something completely random (i.e. something coming from the uniform distribution.) G 20 34

24 Unpredictable PRGs given a part of the output of ( s ) = k, it is impossible to predict the remaining part of the output. G A good secure PRG must be unpredictable! G ( s ) = k ?????? Giving a formal definition for unpredictable is hard. So we give a definition of predictable PRG! DEFINITION G : {0, 1}`! {0, 1} n A PRG is said to be predictable if there exists an efficient algorithm and an index 1 apple i apple n such that: this algorithm will be our Adversary P s R K A apple 1 A(G(s)) 1,...,i = G(s) i+1 1 for some non-negligible value " " you can break a weak PRG in the programming Assignment! In 1982 Yao proved that if unpredictable PRG are secure. But it is still unknown if there exists provably secure PRGs

25 Predictable PRGs, what is the problem? Let A be the algorithm that can efficiently compute G(s) i+1 given G(s)) 1,...,i c m A suppose knows the ciphertext and the beginning of the plaintext (e.g. standard headers). G(k) A Then A can efficiently decrypt! 22 34

26 Quiz 5 scan this QR code and answer the question or type this code at JWVZ293 Suppose G: { 0, 1 } l { 0, 1 } n is such that for all s K = { 0, 1 } l, it hold XOR[ G( s ) ] = 1. Is G predictable? No, there exists no efficient algorithm to obtain the last bit from the first one. No, G is unpredictable. Yes, given the first (n 1) bits, I can predict the last bit. Yes, given the first bit, I can predict the second

27 WEP attacks WEP attack - two time pad Length of IV: 24 bits Repeated IV after M frames On some cards: IV resets to 0 after power cycle. Repetition after a power cycle or every 16 M frames. There are several solutions (not all of them have been used) Always negotiate new keys for every session (e.g. TLS) 24 34

28 How to define the security of a cipher? First we need to define the power and the goals of an adversary encrypt change ciphertext tamper with the communication see some ciphertext spoofing get encryption of chosen messages decrypt find the secret key encrypt a chosen message change the content of a ciphertext and to decide what approach to use: information theoretic security mathematics proof that an attacker cannot do better than 1 in producing a forgery something (hard to achieve and bad security values) complexity-based security an attacker that can make a forgery is also able to break a complex hard problem (most cryptographic primitives are of this type. Better security values, but relies on the hope that no one ever solves the hard problem) 25 34

29 Security: definitions attempts Attacker s power = see cipher texts goals = break the cipher What does break mean? Attempt 1 attacker cannot recover the secret key E ( k, m ) = m Attempt 2 attacker cannot recover the whole plaintext E ( k, m 0 m 1 ) = m 0 ( k m 1 ) this cipher satisfies the requirement but is not really secure this cipher satisfies the requirement but is not really secure it is not easy to give good definition in cryptography 26 34

30 Security: considerations about Shannon's perfect secrecy DEFINITION seen in slide 8 (SHANNON DEFINITION) A cipher ( E, D ) defined over ( K, M, C ) has perfect secrecy if: 8 m 0,m 1 2 M, len(m 0 )=len(m 1 ) and 8 c 2 C Pr[ E(k, m 0 )=c]=pr[ E(k, m 1 )=c] k R K where k is chosen uniformly at random from K, (i.e., ) What does the definition say? If we pick a random key k and we encrypt a random message m 0, the resulting ciphertext has the same distribution as if we encrypted m 1, i.e., the adversary cannot tell whether we encrypted m 0 or m 1. The truth is: only the OTP has perfect secrecy! Shannon s definition is too strong (strict)

31 Security: 'relaxing' the notion of perfect secrecy If the definition is too strict, let s relax it! (i.e. the probability with which E(k,m) equals the given c) Instead of having identical distributions let s require that the distributions are indistinguishable and also that m 0 and m 1 are not completely random, but messages that the attacker can create This definition is called one-time key semantic security (the relaxedrealistic perfect secrecy) - see the security game in the next slide

32 The semantic security game (one time key) Attacker A C Challenger m 0,m 1 D M len(m 0 )=len(m 1 ) Probabilistic Polynomial Time (PPT) Algorithm taken from some appropriate distribution of messages k 2 K m 0,m 1 b R {0, 1} c chosen uniformly at random c = E(k, m b ) output a guess for b b 0 2 {0, 1} DEFINITION A cipher ( E, D ) is semantic secure (with a one time key) if for any PPT adversary, it holds that: P(b = b 0 ) < negligible negligible means < 12 80, non-negligible means >

33 How to use the definition of semantic security? C C Define W 0 as the event that chose b=0, and outputs b =0 and W 1 as the event that chose b=1, and outputs b =0 (e.g. at the exercise sessions exam ) A A Show that P(W 0 ) P(W 1 ) is (non-)negligible Example: Prove that the encryption scheme is not semantically secure We need to show that A E ( k, m 0 m 1 ) = m 0 ( k m 1 ) can win the security game (on the previous slide). Let A choose m 0 = m 00 m 01 = 0 0; If C chose b=0, then c = 0 c 0 m 1 = m 10 m 11 = 1 1. b=1, then c = 1 c 1 A can output b = c[1] as guess for b. With this strategy we have that: P(W 0 ) P(W 1 ) = 1 0 =

34 The 'Advantage' of an adversary The value P(W 0 ) P(W 1 ) is usually called advantage of A and it is denoted as : name of the security notion we are considering Adv sem.sec. [A, E] name of the adversary we are considering name of the scheme function we are considering 31 34

35 Before Thursday: say what exercises you want to see solved during the exercise lecture next Friday! We opened a questionnaire WMPX442 have a look at the exercises, try to solve them and let us know what you would like that we solve together at the next exercise session 32 34

36 References Chapters: 2.1,2.2, read up about semantic security Chapters: 1.4, 2, and e.g. in

37 What we will see the next time! AES: the Advance Encryption Standard Encryption Decryption 128 bits 4x4 bytes k 0 k key expansion (e.g. PRG) 11 keys of 128-bits k 10 k 1 k i k 9 SubBytes ShiftRow MixColumn AddRoundKey 128-bits 9, 11, 13 rounds depending on the key size 128,192 or 256 bits 16 keys of 48-bits SubBytes ShiftRow lec03 Block Ciphers (DES&AES) blocks of 128-bits ( K, M, C ) ciphertexts 128-bits 128 bits ciphertext 64 bits block DES: the Data Encryption Standard Encryption Decryption plaintext input initial permutation IP Modes of operation: CBC (Cipher Block Chaining) Let ( E, D ) be a cipher. The 20 CBC 35 block cipher is defined as follows. R 0 L 0 think of it as a number string E ( k, m ) : pick a random IV {0,1} nt (Initialisation Vector) and do k 56-bits key expansion (e.g. PRG) 16 keys of 48-bits k 1 k i k rounds of Feistel Networks see next slide for the function f i with random IV (Initialisation Vector) 56-bits lec03 Block Ciphers (DES&AES) L 16 R 16 blocks of 64-bits ( K, M, C ) inverse of IP IP -1 ciphertexts of 64 bits 64 bits ciphertext Each cipher-block is chained to the previous one. The ciphertext is longer than the plaintext due to of the IV

CS 758: Cryptography / Network Security

CS 758: Cryptography / Network Security CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html

More information

SYMMETRIC ENCRYPTION. Mihir Bellare UCSD 1

SYMMETRIC ENCRYPTION. Mihir Bellare UCSD 1 SYMMETRIC ENCRYPTION Mihir Bellare UCSD 1 Syntax A symmetric encryption scheme SE = (K,E,D) consists of three algorithms: K and E may be randomized, but D must be deterministic. Mihir Bellare UCSD 2 Correct

More information

Cryptography and Network Security, PART IV: Reviews, Patches, and11.2012 Theory 1 / 53

Cryptography and Network Security, PART IV: Reviews, Patches, and11.2012 Theory 1 / 53 Cryptography and Network Security, PART IV: Reviews, Patches, and Theory Timo Karvi 11.2012 Cryptography and Network Security, PART IV: Reviews, Patches, and11.2012 Theory 1 / 53 Key Lengths I The old

More information

Talk announcement please consider attending!

Talk announcement please consider attending! Talk announcement please consider attending! Where: Maurer School of Law, Room 335 When: Thursday, Feb 5, 12PM 1:30PM Speaker: Rafael Pass, Associate Professor, Cornell University, Topic: Reasoning Cryptographically

More information

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads CS 7880 Graduate Cryptography October 15, 2015 Lecture 10: CPA Encryption, MACs, Hash Functions Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Chosen plaintext attack model of security MACs

More information

Overview of Symmetric Encryption

Overview of Symmetric Encryption CS 361S Overview of Symmetric Encryption Vitaly Shmatikov Reading Assignment Read Kaufman 2.1-4 and 4.2 slide 2 Basic Problem ----- ----- -----? Given: both parties already know the same secret Goal: send

More information

Cryptography and Network Security: Summary

Cryptography and Network Security: Summary Cryptography and Network Security: Summary Timo Karvi 12.2013 Timo Karvi () Cryptography and Network Security: Summary 12.2013 1 / 17 Summary of the Requirements for the exam The advices are valid for

More information

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 13

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 13 Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 13 Some More Secure Channel Issues Outline In the course we have yet only seen catastrophic

More information

1 Construction of CCA-secure encryption

1 Construction of CCA-secure encryption CSCI 5440: Cryptography Lecture 5 The Chinese University of Hong Kong 10 October 2012 1 Construction of -secure encryption We now show how the MAC can be applied to obtain a -secure encryption scheme.

More information

MAC. SKE in Practice. Lecture 5

MAC. SKE in Practice. Lecture 5 MAC. SKE in Practice. Lecture 5 Active Adversary Active Adversary An active adversary can inject messages into the channel Active Adversary An active adversary can inject messages into the channel Eve

More information

Authenticated encryption

Authenticated encryption Authenticated encryption Dr. Enigma Department of Electrical Engineering & Computer Science University of Central Florida wocjan@eecs.ucf.edu October 16th, 2013 Active attacks on CPA-secure encryption

More information

1 Message Authentication

1 Message Authentication Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions

More information

Network Security - ISA 656 Introduction to Cryptography

Network Security - ISA 656 Introduction to Cryptography Network Security - ISA 656 Angelos Stavrou September 18, 2007 Codes vs. K = {0, 1} l P = {0, 1} m C = {0, 1} n, C C E : P K C D : C K P p P, k K : D(E(p, k), k) = p It is infeasible to find F : P C K Let

More information

MACs Message authentication and integrity. Table of contents

MACs Message authentication and integrity. Table of contents MACs Message authentication and integrity Foundations of Cryptography Computer Science Department Wellesley College Table of contents Introduction MACs Constructing Secure MACs Secure communication and

More information

lundi 1 octobre 2012 In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal

lundi 1 octobre 2012 In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal Symmetric Crypto Pierre-Alain Fouque Birthday Paradox In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal N=365, about 23 people are

More information

Victor Shoup Avi Rubin. fshoup,rubing@bellcore.com. Abstract

Victor Shoup Avi Rubin. fshoup,rubing@bellcore.com. Abstract Session Key Distribution Using Smart Cards Victor Shoup Avi Rubin Bellcore, 445 South St., Morristown, NJ 07960 fshoup,rubing@bellcore.com Abstract In this paper, we investigate a method by which smart

More information

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. #01 Lecture No. #10 Symmetric Key Ciphers (Refer

More information

How To Understand And Understand The History Of Cryptography

How To Understand And Understand The History Of Cryptography CSE497b Introduction to Computer and Network Security - Spring 2007 - Professors Jaeger Lecture 5 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/

More information

Lecture 5 - CPA security, Pseudorandom functions

Lecture 5 - CPA security, Pseudorandom functions Lecture 5 - CPA security, Pseudorandom functions Boaz Barak October 2, 2007 Reading Pages 82 93 and 221 225 of KL (sections 3.5, 3.6.1, 3.6.2 and 6.5). See also Goldreich (Vol I) for proof of PRF construction.

More information

Effective Secure Encryption Scheme [One Time Pad] Using Complement Approach Sharad Patil 1 Ajay Kumar 2

Effective Secure Encryption Scheme [One Time Pad] Using Complement Approach Sharad Patil 1 Ajay Kumar 2 Effective Secure Encryption Scheme [One Time Pad] Using Complement Approach Sharad Patil 1 Ajay Kumar 2 Research Student, Bharti Vidyapeeth, Pune, India sd_patil057@rediffmail.com Modern College of Engineering,

More information

Lecture 3: One-Way Encryption, RSA Example

Lecture 3: One-Way Encryption, RSA Example ICS 180: Introduction to Cryptography April 13, 2004 Lecturer: Stanislaw Jarecki Lecture 3: One-Way Encryption, RSA Example 1 LECTURE SUMMARY We look at a different security property one might require

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 3: Block ciphers and DES Ion Petre Department of IT, Åbo Akademi University January 17, 2012 1 Data Encryption Standard

More information

Message Authentication Code

Message Authentication Code Message Authentication Code Ali El Kaafarani Mathematical Institute Oxford University 1 of 44 Outline 1 CBC-MAC 2 Authenticated Encryption 3 Padding Oracle Attacks 4 Information Theoretic MACs 2 of 44

More information

Thinking of a (block) cipher as a permutation (depending on the key) on strings of a certain size, we would not want such a permutation to have many

Thinking of a (block) cipher as a permutation (depending on the key) on strings of a certain size, we would not want such a permutation to have many Fixed points of permutations Let f : S S be a permutation of a set S. An element s S is a fixed point of f if f(s) = s. That is, the fixed points of a permutation are the points not moved by the permutation.

More information

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

More information

CIS433/533 - Computer and Network Security Cryptography

CIS433/533 - Computer and Network Security Cryptography CIS433/533 - Computer and Network Security Cryptography Professor Kevin Butler Winter 2011 Computer and Information Science A historical moment Mary Queen of Scots is being held by Queen Elizabeth and

More information

CS155. Cryptography Overview

CS155. Cryptography Overview CS155 Cryptography Overview Cryptography Is n A tremendous tool n The basis for many security mechanisms Is not n The solution to all security problems n Reliable unless implemented properly n Reliable

More information

Lecture 9 - Message Authentication Codes

Lecture 9 - Message Authentication Codes Lecture 9 - Message Authentication Codes Boaz Barak March 1, 2010 Reading: Boneh-Shoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,

More information

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture No. # 11 Block Cipher Standards (DES) (Refer Slide

More information

Yale University Department of Computer Science

Yale University Department of Computer Science Yale University Department of Computer Science On Backtracking Resistance in Pseudorandom Bit Generation (preliminary version) Michael J. Fischer Michael S. Paterson Ewa Syta YALEU/DCS/TR-1466 October

More information

Digital Signatures. Prof. Zeph Grunschlag

Digital Signatures. Prof. Zeph Grunschlag Digital Signatures Prof. Zeph Grunschlag (Public Key) Digital Signatures PROBLEM: Alice would like to prove to Bob, Carla, David,... that has really sent them a claimed message. E GOAL: Alice signs each

More information

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the

More information

6.857 Computer and Network Security Fall Term, 1997 Lecture 4 : 16 September 1997 Lecturer: Ron Rivest Scribe: Michelle Goldberg 1 Conditionally Secure Cryptography Conditionally (or computationally) secure

More information

The Order of Encryption and Authentication for Protecting Communications (Or: How Secure is SSL?)

The Order of Encryption and Authentication for Protecting Communications (Or: How Secure is SSL?) The Order of Encryption and Authentication for Protecting Communications (Or: How Secure is SSL?) Hugo Krawczyk Abstract. We study the question of how to generically compose symmetric encryption and authentication

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Secret Key Cryptography (I) 1 Introductory Remarks Roadmap Feistel Cipher DES AES Introduction

More information

Introduction. Digital Signature

Introduction. Digital Signature Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology

More information

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a

More information

1 Domain Extension for MACs

1 Domain Extension for MACs CS 127/CSCI E-127: Introduction to Cryptography Prof. Salil Vadhan Fall 2013 Reading. Lecture Notes 17: MAC Domain Extension & Digital Signatures Katz-Lindell Ÿ4.34.4 (2nd ed) and Ÿ12.0-12.3 (1st ed).

More information

Paillier Threshold Encryption Toolbox

Paillier Threshold Encryption Toolbox Paillier Threshold Encryption Toolbox October 23, 2010 1 Introduction Following a desire for secure (encrypted) multiparty computation, the University of Texas at Dallas Data Security and Privacy Lab created

More information

Cryptographic Hash Functions Message Authentication Digital Signatures

Cryptographic Hash Functions Message Authentication Digital Signatures Cryptographic Hash Functions Message Authentication Digital Signatures Abstract We will discuss Cryptographic hash functions Message authentication codes HMAC and CBC-MAC Digital signatures 2 Encryption/Decryption

More information

Authentication and Encryption: How to order them? Motivation

Authentication and Encryption: How to order them? Motivation Authentication and Encryption: How to order them? Debdeep Muhopadhyay IIT Kharagpur Motivation Wide spread use of internet requires establishment of a secure channel. Typical implementations operate in

More information

SAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK

SAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK SAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION September 2010 (reviewed September 2014) ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK NETWORK SECURITY

More information

Computer and Network Security. Alberto Marchetti Spaccamela

Computer and Network Security. Alberto Marchetti Spaccamela Computer and Network Security Alberto Marchetti Spaccamela Slides are strongly based on material by Amos Fiat Good crypto courses on the Web with interesting material on web site of: Ron Rivest, MIT Dan

More information

CIS 5371 Cryptography. 8. Encryption --

CIS 5371 Cryptography. 8. Encryption -- CIS 5371 Cryptography p y 8. Encryption -- Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: All-or-nothing secrecy.

More information

Cryptography: Motivation. Data Structures and Algorithms Cryptography. Secret Writing Methods. Many areas have sensitive information, e.g.

Cryptography: Motivation. Data Structures and Algorithms Cryptography. Secret Writing Methods. Many areas have sensitive information, e.g. Cryptography: Motivation Many areas have sensitive information, e.g. Data Structures and Algorithms Cryptography Goodrich & Tamassia Sections 3.1.3 & 3.1.4 Introduction Simple Methods Asymmetric methods:

More information

SeChat: An AES Encrypted Chat

SeChat: An AES Encrypted Chat Name: Luis Miguel Cortés Peña GTID: 901 67 6476 GTG: gtg683t SeChat: An AES Encrypted Chat Abstract With the advancement in computer technology, it is now possible to break DES 56 bit key in a meaningful

More information

Cryptography Exercises

Cryptography Exercises Cryptography Exercises 1 Contents 1 source coding 3 2 Caesar Cipher 4 3 Ciphertext-only Attack 5 4 Classification of Cryptosystems-Network Nodes 6 5 Properties of modulo Operation 10 6 Vernam Cipher 11

More information

Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre

Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre Some slides were also taken from Chanathip Namprempre's defense

More information

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 1 January 9, 2012 CPSC 467b, Lecture 1 1/22 Course Overview Symmetric Cryptography CPSC 467b, Lecture 1 2/22 Course Overview CPSC

More information

How To Attack A Block Cipher With A Key Key (Dk) And A Key (K) On A 2Dns) On An Ipa (Ipa) On The Ipa 2Ds (Ipb) On Pcode)

How To Attack A Block Cipher With A Key Key (Dk) And A Key (K) On A 2Dns) On An Ipa (Ipa) On The Ipa 2Ds (Ipb) On Pcode) Cryptography and Network Security Chapter 6 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 6 Block Cipher Operation Many savages at the present day regard

More information

Ch.9 Cryptography. The Graduate Center, CUNY.! CSc 75010 Theoretical Computer Science Konstantinos Vamvourellis

Ch.9 Cryptography. The Graduate Center, CUNY.! CSc 75010 Theoretical Computer Science Konstantinos Vamvourellis Ch.9 Cryptography The Graduate Center, CUNY! CSc 75010 Theoretical Computer Science Konstantinos Vamvourellis Why is Modern Cryptography part of a Complexity course? Short answer:! Because Modern Cryptography

More information

Computational Soundness of Symbolic Security and Implicit Complexity

Computational Soundness of Symbolic Security and Implicit Complexity Computational Soundness of Symbolic Security and Implicit Complexity Bruce Kapron Computer Science Department University of Victoria Victoria, British Columbia NII Shonan Meeting, November 3-7, 2013 Overview

More information

Chapter 6 CDMA/802.11i

Chapter 6 CDMA/802.11i Chapter 6 CDMA/802.11i IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Some material copyright 1996-2012 J.F Kurose and K.W. Ross,

More information

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch CSC474/574 - Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a one-round Feistel cipher

More information

Introduction to Encryption

Introduction to Encryption Computers and Society Introduction to Encryption Chris Brooks Department of Computer Science University of San Francisco Department of Computer Science University of San Francisco p.1/35 3-0: Terminology

More information

Security Aspects of. Database Outsourcing. Vahid Khodabakhshi Hadi Halvachi. Dec, 2012

Security Aspects of. Database Outsourcing. Vahid Khodabakhshi Hadi Halvachi. Dec, 2012 Security Aspects of Database Outsourcing Dec, 2012 Vahid Khodabakhshi Hadi Halvachi Security Aspects of Database Outsourcing Security Aspects of Database Outsourcing 2 Outline Introduction to Database

More information

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Module No. # 01 Lecture No. # 05 Classic Cryptosystems (Refer Slide Time: 00:42)

More information

Network Security. Modes of Operation. Steven M. Bellovin February 3, 2009 1

Network Security. Modes of Operation. Steven M. Bellovin February 3, 2009 1 Modes of Operation Steven M. Bellovin February 3, 2009 1 Using Cryptography As we ve already seen, using cryptography properly is not easy Many pitfalls! Errors in use can lead to very easy attacks You

More information

Block encryption. CS-4920: Lecture 7 Secret key cryptography. Determining the plaintext ciphertext mapping. CS4920-Lecture 7 4/1/2015

Block encryption. CS-4920: Lecture 7 Secret key cryptography. Determining the plaintext ciphertext mapping. CS4920-Lecture 7 4/1/2015 CS-4920: Lecture 7 Secret key cryptography Reading Chapter 3 (pp. 59-75, 92-93) Today s Outcomes Discuss block and key length issues related to secret key cryptography Define several terms related to secret

More information

Hash Functions. Integrity checks

Hash Functions. Integrity checks Hash Functions EJ Jung slide 1 Integrity checks Integrity vs. Confidentiality! Integrity: attacker cannot tamper with message! Encryption may not guarantee integrity! Intuition: attacker may able to modify

More information

Computational Complexity: A Modern Approach

Computational Complexity: A Modern Approach i Computational Complexity: A Modern Approach Draft of a book: Dated January 2007 Comments welcome! Sanjeev Arora and Boaz Barak Princeton University complexitybook@gmail.com Not to be reproduced or distributed

More information

Key Agreement from Close Secrets over Unsecured Channels Winter 2010

Key Agreement from Close Secrets over Unsecured Channels Winter 2010 Key Agreement from Close Secrets over Unsecured Channels Winter 2010 Andreas Keller Contens 1. Motivation 2. Introduction 3. Building Blocks 4. Protocol Extractor Secure Sketches (MAC) message authentication

More information

The Misuse of RC4 in Microsoft Word and Excel

The Misuse of RC4 in Microsoft Word and Excel The Misuse of RC4 in Microsoft Word and Excel Hongjun Wu Institute for Infocomm Research, Singapore hongjun@i2r.a-star.edu.sg Abstract. In this report, we point out a serious security flaw in Microsoft

More information

Discrete Mathematics, Chapter 4: Number Theory and Cryptography

Discrete Mathematics, Chapter 4: Number Theory and Cryptography Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility

More information

Error oracle attacks and CBC encryption. Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm

Error oracle attacks and CBC encryption. Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm Error oracle attacks and CBC encryption Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm Agenda 1. Introduction 2. CBC mode 3. Error oracles 4. Example 1 5. Example 2 6. Example 3 7. Stream ciphers

More information

Network Security: Secret Key Cryptography

Network Security: Secret Key Cryptography 1 Network Security: Secret Key Cryptography Henning Schulzrinne Columbia University, New York schulzrinne@cs.columbia.edu Columbia University, Fall 2000 c 1999-2000, Henning Schulzrinne Last modified September

More information

Provable-Security Analysis of Authenticated Encryption in Kerberos

Provable-Security Analysis of Authenticated Encryption in Kerberos Provable-Security Analysis of Authenticated Encryption in Kerberos Alexandra Boldyreva Virendra Kumar Georgia Institute of Technology, School of Computer Science 266 Ferst Drive, Atlanta, GA 30332-0765

More information

Cryptography and Network Security Block Cipher

Cryptography and Network Security Block Cipher Cryptography and Network Security Block Cipher Xiang-Yang Li Modern Private Key Ciphers Stream ciphers The most famous: Vernam cipher Invented by Vernam, ( AT&T, in 1917) Process the message bit by bit

More information

Chapter 3. Network Domain Security

Chapter 3. Network Domain Security Communication System Security, Chapter 3, Draft, L.D. Chen and G. Gong, 2008 1 Chapter 3. Network Domain Security A network can be considered as the physical resource for a communication system. This chapter

More information

Proofs in Cryptography

Proofs in Cryptography Proofs in Cryptography Ananth Raghunathan Abstract We give a brief overview of proofs in cryptography at a beginners level. We briefly cover a general way to look at proofs in cryptography and briefly

More information

Network Security. Omer Rana

Network Security. Omer Rana Network Security Omer Rana CM0255 Material from: Cryptography Components Sender Receiver Plaintext Encryption Ciphertext Decryption Plaintext Encryption algorithm: Plaintext Ciphertext Cipher: encryption

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

Network Security. Chapter 3 Symmetric Cryptography. Symmetric Encryption. Modes of Encryption. Symmetric Block Ciphers - Modes of Encryption ECB (1)

Network Security. Chapter 3 Symmetric Cryptography. Symmetric Encryption. Modes of Encryption. Symmetric Block Ciphers - Modes of Encryption ECB (1) Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 3 Symmetric Cryptography General Description Modes of ion Data ion Standard (DES)

More information

Lecture 6 - Cryptography

Lecture 6 - Cryptography Lecture 6 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07 Question 2 Setup: Assume you and I don t know anything about

More information

Symmetric Crypto MAC. Pierre-Alain Fouque

Symmetric Crypto MAC. Pierre-Alain Fouque Symmetric Crypto MAC Pierre-Alain Fouque Birthday Paradox In a set of D elements, by picking at random D elements, we have with high probability a collision two elements are equal D=365, about 23 people

More information

Advanced Cryptography

Advanced Cryptography Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.

More information

Overview of Public-Key Cryptography

Overview of Public-Key Cryptography CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows

More information

Developing and Investigation of a New Technique Combining Message Authentication and Encryption

Developing and Investigation of a New Technique Combining Message Authentication and Encryption Developing and Investigation of a New Technique Combining Message Authentication and Encryption Eyas El-Qawasmeh and Saleem Masadeh Computer Science Dept. Jordan University for Science and Technology P.O.

More information

Remotely Keyed Encryption Using Non-Encrypting Smart Cards

Remotely Keyed Encryption Using Non-Encrypting Smart Cards THE ADVANCED COMPUTING SYSTEMS ASSOCIATION The following paper was originally published in the USENIX Workshop on Smartcard Technology Chicago, Illinois, USA, May 10 11, 1999 Remotely Keyed Encryption

More information

1 Step 1: Select... Files to Encrypt 2 Step 2: Confirm... Name of Archive 3 Step 3: Define... Pass Phrase

1 Step 1: Select... Files to Encrypt 2 Step 2: Confirm... Name of Archive 3 Step 3: Define... Pass Phrase Contents I Table of Contents Foreword 0 Part I Introduction 2 1 What is?... 2 Part II Encrypting Files 1,2,3 2 1 Step 1: Select... Files to Encrypt 2 2 Step 2: Confirm... Name of Archive 3 3 Step 3: Define...

More information

1 Signatures vs. MACs

1 Signatures vs. MACs CS 120/ E-177: Introduction to Cryptography Salil Vadhan and Alon Rosen Nov. 22, 2006 Lecture Notes 17: Digital Signatures Recommended Reading. Katz-Lindell 10 1 Signatures vs. MACs Digital signatures

More information

The application of prime numbers to RSA encryption

The application of prime numbers to RSA encryption The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered

More information

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 02 Overview on Modern Cryptography

More information

159.334 Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

159.334 Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology Network Security 1 Professor Richard Harris School of Engineering and Advanced Technology Presentation Outline Overview of Identification and Authentication The importance of identification and Authentication

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

Solutions to Problem Set 1

Solutions to Problem Set 1 YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Handout #8 Zheng Ma February 21, 2005 Solutions to Problem Set 1 Problem 1: Cracking the Hill cipher Suppose

More information

Lecture 4 Data Encryption Standard (DES)

Lecture 4 Data Encryption Standard (DES) Lecture 4 Data Encryption Standard (DES) 1 Block Ciphers Map n-bit plaintext blocks to n-bit ciphertext blocks (n = block length). For n-bit plaintext and ciphertext blocks and a fixed key, the encryption

More information

Evaluation of the RC4 Algorithm for Data Encryption

Evaluation of the RC4 Algorithm for Data Encryption Evaluation of the RC4 Algorithm for Data Encryption Allam Mousa (1) and Ahmad Hamad (2) (1) Electrical Engineering Department An-Najah University, Nablus, Palestine (2) Systems Engineer PalTel Company,

More information

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015 Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015 Chapter 2: Introduction to Cryptography What is cryptography? It is a process/art of mangling information in such a way so as to make it

More information

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:

More information

Network Security. HIT Shimrit Tzur-David

Network Security. HIT Shimrit Tzur-David Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key

More information

Advanced Topics in Cryptography and Network Security

Advanced Topics in Cryptography and Network Security Advanced Topics in Cryptography and Network Security Breno de Medeiros Department of Computer Science Florida State University Advanced Topics in Cryptography and Network Security p.1 Class Reference Sheet

More information

Ky Vu DeVry University, Atlanta Georgia College of Arts & Science

Ky Vu DeVry University, Atlanta Georgia College of Arts & Science Ky Vu DeVry University, Atlanta Georgia College of Arts & Science Table of Contents - Objective - Cryptography: An Overview - Symmetric Key - Asymmetric Key - Transparent Key: A Paradigm Shift - Security

More information

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian

More information

Message Authentication Codes. Lecture Outline

Message Authentication Codes. Lecture Outline Message Authentication Codes Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Message Authentication Code Lecture Outline 1 Limitation of Using Hash Functions for Authentication Require an authentic

More information

MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC

MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC by Brittanney Jaclyn Amento A Thesis Submitted to the Faculty of The Charles E. Schmidt College of Science in Partial

More information

Wireless Networks. Welcome to Wireless

Wireless Networks. Welcome to Wireless Wireless Networks 11/1/2010 Wireless Networks 1 Welcome to Wireless Radio waves No need to be physically plugged into the network Remote access Coverage Personal Area Network (PAN) Local Area Network (LAN)

More information

EXAM questions for the course TTM4135 - Information Security May 2013. Part 1

EXAM questions for the course TTM4135 - Information Security May 2013. Part 1 EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question

More information

How To Encrypt With A 64 Bit Block Cipher

How To Encrypt With A 64 Bit Block Cipher The Data Encryption Standard (DES) As mentioned earlier there are two main types of cryptography in use today - symmetric or secret key cryptography and asymmetric or public key cryptography. Symmetric

More information

Post-Quantum Cryptography #4

Post-Quantum Cryptography #4 Post-Quantum Cryptography #4 Prof. Claude Crépeau McGill University http://crypto.cs.mcgill.ca/~crepeau/waterloo 185 ( 186 Attack scenarios Ciphertext-only attack: This is the most basic type of attack

More information