Cryptography As a tool Using cryptography securely is not simple Designing cryptographic schemes correctly is near impossible Today we want to give you an idea of what can be done with cryptography Take a security course if you think you may use it in the future(e.g. 18-487)
Cryptography As a Tool ◼ Using cryptography securely is not simple ◼ Designing cryptographic schemes correctly is near impossible. Today we want to give you an idea of what can be done with cryptography. Take a security course if you think you may use it in the future (e.g. 18-487)
The great divide Symmetric Crypto Asymmetric Crypt (Private key) (Public key (E.g, AES) (E.g, RSA Shared secret between parties? Yes No Speed of crypto Fast operations
The Great Divide Symmetric Crypto (Private key) (E.g., AES) Asymmetric Crypto (Public key) (E.g., RSA) Shared secret between parties? Yes Speed of crypto operations Slow No Fast
Symmetric Key: Confidentiality Motivating Example: You and a friend share a key k of l random bits and want to secretly share message M also L bits long Scheme You send her the xor (, K and then she"decrypts using xor (M, k again 1)Do you get the right message to your friend? 2) Can an adversary recover the message M? 3 Can adversary recover the key K?
Symmetric Key: Confidentiality Motivating Example: You and a friend share a key K of L random bits, and want to secretly share message M also L bits long. Scheme: You send her the xor(M,K) and then she “decrypts” using xor(M,K) again. 1) Do you get the right message to your friend? 2) Can an adversary recover the message M? 3) Can adversary recover the key K?
Symmetric Key: Confidentiality One-time Pad(otP)is secure but usually impactical a Key is as long at the message a Keys cannot be reused(why?) In practice, two types of ciphers are used that require constant length keys Stream Ciphers: Block Ciphers: EX:RC4. A5 EX: DES. AES. Blowfish
Symmetric Key: Confidentiality ◼ One-time Pad (OTP) is secure but usually impactical ❑ Key is as long at the message ❑ Keys cannot be reused (why?) Stream Ciphers: Ex: RC4, A5 Block Ciphers: Ex: DES, AES, Blowfish In practice, two types of ciphers are used that require constant length keys:
Symmetric Key: Confidentialit Stream Ciphers(ex: RC4) Aice:⑥ PRNG 4 Pseudo-Random stream of bits KAB XOR Message of Length L bits Encrypted Ciphertext Bob uses KaB as PRNG seed, and XORs encrypted text to get the message back (just like OTP)
Symmetric Key: Confidentiality ◼ Stream Ciphers (ex: RC4) PRNG Pseudo-Random stream of L bits Message of Length L bits XOR = Encrypted Ciphertext K A-B Bob uses KA-B as PRNG seed, and XORs encrypted text to get the message back (just like OTP). Alice: