Lecture 10 - Cryptography and Information Theory

Similar documents
CS 758: Cryptography / Network Security

Advanced Cryptography

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Network Security: Cryptography CS/SS G513 S.K. Sahay

Introduction To Security and Privacy Einführung in die IT-Sicherheit I

Introduction to Hill cipher

CIS 5371 Cryptography. 8. Encryption --

Introduction to Encryption

Some practice problems for midterm 2

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

How To Understand And Understand The History Of Cryptography

Overview/Questions. What is Cryptography? The Caesar Shift Cipher. CS101 Lecture 21: Overview of Cryptography

Lecture 3: One-Way Encryption, RSA Example

Solutions to Problem Set 1

Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may

Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human

Security in Distributed Systems. Network Security

Symmetric Key cryptosystem

Application Layer (1)

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 13

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Properties of Secure Network Communication

The application of prime numbers to RSA encryption

Public Key Cryptography: RSA and Lots of Number Theory

Application Layer (1)

1 Message Authentication

An Overview of Common Adversary Models

Cryptography and Network Security Chapter 9

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Karagpur

WHERE DOES THE 10% CONDITION COME FROM?

Chapter 2 Homework 2-5, 7, 9-11, 13-18, 24. (9x + 2)(mod 26) y 1 1 (x 2)(mod 26) 3(x 2)(mod 26) U : y 1 = 3(20 2)(mod 26) 54(mod 26) 2(mod 26) c

Cryptography. Jonathan Katz, University of Maryland, College Park, MD

RSA Encryption. Tom Davis October 10, 2003

Hill s Cipher: Linear Algebra in Cryptography

Modified One Time Pad Data Security Scheme: Random Key Generation Approach

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

Techniques of Asymmetric File Encryption. Alvin Li Thomas Jefferson High School For Science and Technology Computer Systems Lab

IT Networks & Security CERT Luncheon Series: Cryptography

1 Construction of CCA-secure encryption

CSE331: Introduction to Networks and Security. Lecture 20 Fall 2006

Effective Secure Encryption Scheme [One Time Pad] Using Complement Approach Sharad Patil 1 Ajay Kumar 2

Paillier Threshold Encryption Toolbox

6.2 Permutations continued

Thinking of a (block) cipher as a permutation (depending on the key) on strings of a certain size, we would not want such a permutation to have many

Cryptography and Network Security, PART IV: Reviews, Patches, and Theory 1 / 53

Cryptography & Network Security

Chapter 10. Network Security

Basic Algorithms In Computer Algebra

An Efficient Data Security in Cloud Computing Using the RSA Encryption Process Algorithm

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Cardinality. The set of all finite strings over the alphabet of lowercase letters is countable. The set of real numbers R is an uncountable set.

Diffusion and Data compression for data security. A.J. Han Vinck University of Duisburg/Essen April 2013

The Prime Numbers. Definition. A prime number is a positive integer with exactly two positive divisors.

Lecture 9 - Message Authentication Codes

Network Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5)

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Introduction. Digital Signature

Evaluation of the RC4 Algorithm for Data Encryption

Lecture 17: Re-encryption

Cryptography: Motivation. Data Structures and Algorithms Cryptography. Secret Writing Methods. Many areas have sensitive information, e.g.

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

Block encryption. CS-4920: Lecture 7 Secret key cryptography. Determining the plaintext ciphertext mapping. CS4920-Lecture 7 4/1/2015

Chap 2. Basic Encryption and Decryption

The New Approach of Quantum Cryptography in Network Security

a Course in Cryptography

Cryptography and Network Security

Common Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July The OWASP Foundation

Elliptic Curve Cryptography Methods Debbie Roser Math\CS 4890

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

BRIEF INTRODUCTION TO CRYPTOGRAPHY. By PAGVAC. February 8, 2004

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

Message Authentication Code

Elements of Applied Cryptography Public key encryption

RSA and Primality Testing

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS

Tagging with Hidden Markov Models

Public Key Cryptography. c Eli Biham - March 30, Public Key Cryptography

Lecture 6 - Cryptography

Caesar Ciphers: An Introduction to Cryptography

Maths delivers! A guide for teachers Years 11 and 12. RSA Encryption

Information Security

Network Security. Omer Rana

Message Authentication Codes

Discrete Mathematics, Chapter 4: Number Theory and Cryptography

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Lecture 13 - Basic Number Theory.

COMP 250 Fall 2012 lecture 2 binary representations Sept. 11, 2012

The last three chapters introduced three major proof techniques: direct,

CIS433/533 - Computer and Network Security Cryptography

An Introduction to the RSA Encryption Method

FAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION

Cryptography & Digital Signatures

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Public Key Cryptography and RSA. Review: Number Theory Basics

Transcription:

Lecture 10 - Cryptography and Information Theory Jan Bouda FI MU May 18, 2012 Jan Bouda (FI MU) Lecture 10 - Cryptography and Information Theory May 18, 2012 1 / 14

Part I Cryptosystem Jan Bouda (FI MU) Lecture 10 - Cryptography and Information Theory May 18, 2012 2 / 14

Cryptosystem The traditional main goal of cryptography is to preserve secrecy of the message, i.e. to transform it in the way that no unauthorized person can read the message while it is easily readable by authorized persons. First applications of message secrecy are known from ancient times and served to keep secret military and diplomatic secrets, craftsmanship methods and also love letters. Craftsmanship secrets on earthen tablets in Ancient Summer. Secret love letters in Kamasutra. Spartian Scytale. Secrets hidden in a wax table or under hair of a slave. Caesar cipher. Jan Bouda (FI MU) Lecture 10 - Cryptography and Information Theory May 18, 2012 3 / 14

Cryptosystem Definition A encryption system (cipher) is a five-tuple (P, C, K, E, D), where 1 P is a finite set of possible plaintexts 2 C is a finite set of possible ciphertexts 3 K is a finite set of possible keys 4 For each k K there is an encryption rule e k E and a corresponding decryption rule d k D. Each e k : P C and d k : C P are functions such that d k (e k (x)) = x for every x P. Jan Bouda (FI MU) Lecture 10 - Cryptography and Information Theory May 18, 2012 4 / 14

Shift Cryptosystem Example Example is e.g. the shift cryptosystem, sometimes known as the Caesar cipher. In this case P = C = K = Z 26. For 0 k 25 we define e k (x) = (x + k) mod 26 (1) and d k (y) = (y k) mod 26 (2) for x, y Z 26. Jan Bouda (FI MU) Lecture 10 - Cryptography and Information Theory May 18, 2012 5 / 14

To derive a definition of perfect secret we assume that there is some a priori distribution on plaintexts described by the random variable X with distribution P(X = x). The key is chosen independently from the plaintext and described by the random variable K. Finally, ciphertext is described by the random variable Y that will be derived from X and K. Also, for k K we define C k = {e k (x) x X} as the set of all ciphertexts provided k is the key. Now we can explicitly calculate the probability distribution of Y as P(Y = y) = P(K = k)p(x = d k (y)). (3) k:y C k Another quantity of interest is the probability of a particular ciphertext given a particular plaintex, easily derived as P(Y = y X = x) = P(K = k). (4) k:x=d k (y) Jan Bouda (FI MU) Lecture 10 - Cryptography and Information Theory May 18, 2012 6 / 14

Definition We say that the cryptosystem (P, C, K, E, D) achieves perfect (unconditional) secrecy if and only if for every x X and y Y it holds that P(X = x Y = y) = P(X = x). (5) In words, the a posteriori probability distribution of plaintext given the knowledge of ciphertext is the same as the a priori probability distribution of the plaintext. Following our previous analysis we calculate the conditional probability of a (possibly insecure) cryptosystem as P(X = x Y = y) = P(X = x) k:x=d k (y) P(K = k) k:y C k P(K = k)p(x = d k (y)). (6) Jan Bouda (FI MU) Lecture 10 - Cryptography and Information Theory May 18, 2012 7 / 14

Theorem Suppose the 26 keys in the Shift cipher are used with equal probability 1/26. Then for any plaintext distribution the Shift cipher achieves perfect secrecy. Proof. Recall that P = C = K = Z 26. First we compute the distribution of ciphertexts as P(Y = y) = k Z 26 P(K = k)p(x = d k (y)) = 1 P(X = y k) 26 k Z 26 = 1 P(X = y k). 26 k Z 26 Jan Bouda (FI MU) Lecture 10 - Cryptography and Information Theory May 18, 2012 8 / 14 (7)

Proof. For fixed y the values (y k) mod 26 are a permutation of Z 26 and we have that P(X = y k) = P(X = x) = 1. (8) k Z 26 x Z 26 Thus for any y Y we have P(Y = y) = 1 26. Next, we have that for every x and y. P(Y = y X = x) = P(K (y x) (mod 26)) = 1 26 Jan Bouda (FI MU) Lecture 10 - Cryptography and Information Theory May 18, 2012 9 / 14

Proof. Using the Bayes theorem we have P(X = x)p(y = y X = x) P(X = x Y = y) = = P(Y = y) =p(x = x) P(X = x) 1 26 1 26 (9) what completes the proof. The previous result shows that the shift cipher is unbreakable provided we use an independent key for each plaintext character. Jan Bouda (FI MU) Lecture 10 - Cryptography and Information Theory May 18, 2012 10 / 14

If P(X = x 0 ) = 0 for some x 0 P, then we trivially obtain P(X = x 0 Y = y) = P(X = x 0 ). Therefore we consider only elements such that P(X = x) > 0. For such plaintexts we observe that P(X = x Y = y) = P(X = x) is equivalent to P(Y = y X = x) = P(Y = y). Let us suppose that P(Y = y) > 0 for all y C. Otherwise y can be excluded from C since it is useless. Fix x P. For each y C we have P(Y = y X = x) = P(Y = y) > 0. Therefore for each y C there must be some key k K such that y = e k (x). It follows that K C. The encryption is injective giving C P. Jan Bouda (FI MU) Lecture 10 - Cryptography and Information Theory May 18, 2012 11 / 14

Theorem (Shannon) Let (P, C, K, E, D) be a cryptosystem such that P = C = K. Then the cryptosystem provides perfect secrecy if and only if every key is used with equal probability 1/ K, and for every x P and every y C, there is a unique key k such that e k (x) = y. Proof. Let us suppose the given cryptosystem achieves a perfect secrecy. As argued above for each x and y there must be at least one key such that e k (x) = y. We have the inequalities C = {e k (x) : k K} K. (10) Jan Bouda (FI MU) Lecture 10 - Cryptography and Information Theory May 18, 2012 12 / 14

Proof. We assume that C = K and therefore {e k (x) : k K} = K giving there do not exist two different keys k 1, k 2 K such that e k1 (x) = e k2 (x) = y. hence, for every x and y there is exactly one k such that e k (x) = y. Denote n = K, let P = {x i 1 i n} and fix a ciphertext element y. We can name keys k 1, k 2,..., k n in the way that e ki (x i ) = y. Using Bayes theorem we have P(X = x i Y = y) = P(Y = y X = x i)p(x = x i ) P(Y = y) = P(K = k i)p(x = x i ). P(Y = y) (11) Jan Bouda (FI MU) Lecture 10 - Cryptography and Information Theory May 18, 2012 13 / 14

Proof. The perfect secrecy condition gives P(X = x i Y = y) = P(X = x i ) and we have P(K = k i ) = P(Y = y). This gives that all keys are used with the same probability. Since there are K keys, the probability is 1/ K. Conversely, suppose the conditions are satisfied and we want to show perfect secrecy. The proof is analogous to the proof of perfect secrecy of the Shift cipher. Jan Bouda (FI MU) Lecture 10 - Cryptography and Information Theory May 18, 2012 14 / 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information