01-绪论 Introduction

Course Overview

Cryptography is everywhere

Secure communications:
web traffic: HTTPS
wireless traffic: 802.11i WPA2, GSM, Bluetooth
Encrypting files on disk: EFS, TrueCrypt
Content protection(e.g. DVD, Blu-ray): CSS, AACS
User authentication
… and much much more

Secure communication

Laptop ↔\leftrightarrow↔ web server
protocol: HTTPS (actrual protocol: SSL/TLS)

Make sure that as this data travels across the network:

1. attacker can’t eavesdrop on this data
2. attacker can’t modify the data while it’s in the network

[no eavesdropping, no tampering]

Secure Sockets Layer/TLS

Two main parts:

1. Handshake Protocol: Establish shared secret key using public-key cryptography (2^nd part of course)
2. Record Layer: Transmit data using shared secret key
   Ensure confidentiality and integrity (1^st part of course)

Protected files on disk

1. attacker can’t read the contents in the file
2. if the attacker tries to modify the data in the file while it’s on disk, it will be detected when decrypting this file

Analogous to secure communication:
Alice today sends a message to Alice tomorrow.

Building block: symmetric encryption

E, D: cipher
k: secret key(e.g. 128bits)
m, c: plaintext, ciphertext

Encryption algorithm is publicly known
Never use a proprietary cipher

Use Cases

Single use key: (one time key)
Key is only used to encrypt one message
e.g. encrypted email: new key generated for every email

Multi use key: (many time key)
Key used to encrypt multiple messages
e.g. encrypted files: same key used to encrypt many files
Need more machinery than for one-time key

Things to remember

Cryptography is:

• A tremendous tool
• The basis for many security mechanisms

Cryptography is not:

• The solution to all security problems
• Reliable unless implemented and used properly
• Something you should try to invest yourself
  many many examples of broken ad-hoc designs

What is cryptography?

Crypto core

• Secret key establishment
• Secure communication

But crypto cand do much more

• Digital signatures
• Anonymous communication
• Anonymous digital cash
  Can I spend a “digital coin” without anyone knowing who I am?
  How to prevent double spending?

Protocols

• Examples:
  -Elections
  -Private auctions
• Secure multi-party computation

Goal: compute f(x1,x2,x3,x4)f(x_1,x_2,x_3,x_4)f(x1​,x2​,x3​,x4​)
trusted authority?
“Thm:” anything that can be done with a trusted authority, can also be done without a trusted authority.

Crypto magic

• Privately outsourcing computation
  
• Zero knowledge(proof of knowledge)
  

A rigorous science

The three steps in cryptography:

• Precisely specify threat model
• Propose a construction
• Prove that breaking construction under threat mode will solve an underlying hard problem

History

David Kahn, “The code breakers”(1996)

Symmetric Ciphers

Few Historic Examples (all badly broken)

1. Substitution cipher

e.g. Ceaser Cipher (no key)

Q: What is the size of key space in the substitution cipher assuming 26 letters?
A: 26!≈28826!\approx 2^{88}26!≈288

How to break a substitution cipher?

Q: What is the most common letter in English text?
A: “E”

1. Use frequency of English letters
2. Use frequency of pairs of letters (diagrams)

2. Vigener cipher (16’th century, Rome)

3. Rotor Machines (1870-1943)

Early example: the Hebern machine (single rotor)

Most famous: the Enigma (3-5 rotors)
# rotor positions = 264≈21826^4\approx 2^{18}264≈218
[total # keys = 2362^{36}236 due to optional plugboard]

Data Encryption Standard (1974)

DES: # keys = 2562^{56}256, block size = 64 bits

Today: AES(2001), Salsa20(2008),… (and others)

Discrete Probability

U: finite set (e.g. U={0,1}nU=\{0, 1\}^nU={0,1}n)
Def: Probability distribution PPP over UUU is a function P:U→[0,1]P: U\rightarrow [0, 1]P:U→[0,1] such that ∑x∈UP(x)=1\displaystyle\sum_{x\in U} P(x)=1x∈U∑​P(x)=1

Examples:

1. Uniform distribution: for all x∈Ux\in Ux∈U: P(x)=1/∣U∣P(x)=1/|U|P(x)=1/∣U∣
2. Point distribution at x0x_0x0​: P(x0)=1,∀x≠x0:P(x)=0P(x_0)=1, \forall x\not =x_0: P(x)=0P(x0​)=1,∀x​=x0​:P(x)=0

Distribution vector:
(Example) (P(000),P(001),P(010),...,P(111))(P(000), P(001), P(010), ..., P(111))(P(000),P(001),P(010),...,P(111))

Event

• For a set A⊆U:Pr[A]=∑x∈AP(x)∈[0,1]A\subseteq U: Pr[A]=\displaystyle\sum _{x\in A}P(x)\in [0, 1]A⊆U:Pr[A]=x∈A∑​P(x)∈[0,1]
• The set AAA is called an event
• note: Pr[U]=1Pr[U]=1Pr[U]=1

Example:
U={0,1}8U=\{ 0, 1\}^8U={0,1}8
A={A=\{A={all xxx in UUU that lsb2(x)=11}⊆Ulsb_2(x)=11\}\subseteq Ulsb2​(x)=11}⊆U
for the uniform distribution on {0,1}8\{ 0, 1\}^8{0,1}8：Pr[A]=1/4Pr[A]=1/4Pr[A]=1/4

[lsb2(x)=11lsb_2(x)=11lsb2​(x)=11: the two least significant bits of the byte is “11”]

The union bond

For events A1A_1A1​ and A2A_2A2​
Pr[A1∪A2]≤Pr[A1]+Pr[A2]Pr[A_1\cup A_2]\leq Pr[A_1]+Pr[A_2]Pr[A1​∪A2​]≤Pr[A1​]+Pr[A2​]

A1∩A2=Φ⟹Pr[A1]∪A2=Pr[A1]+Pr[A2]A_1\cap A_2=\Phi \implies Pr[A_1]\cup A_2= Pr[A_1]+Pr[A_2]A1​∩A2​=Φ⟹Pr[A1​]∪A2​=Pr[A1​]+Pr[A2​]

Example:
A1={A_1=\{A1​={all xxx in {0,1}n\{0,1\}^n{0,1}n s.t. lsb2(x)=11}lsb_2(x)=11\}lsb2​(x)=11}
A2={A_2=\{A2​={all xxx in {0,1}n\{0,1\}^n{0,1}n s.t. msb2(x)=11}msb_2(x)=11\}msb2​(x)=11}

Pr[lsb2(x)=11Pr[lsb_2(x)=11Pr[lsb2​(x)=11 or msb2(x)=11]=Pr[A1∪A2]≤1/4+1/4=1/2msb_2(x)=11]=Pr[A_1\cup A_2]\leq 1/4+1/4=1/2msb2​(x)=11]=Pr[A1​∪A2​]≤1/4+1/4=1/2

[lsb2(x)=11lsb_2(x)=11lsb2​(x)=11: end with “11”]
[msb2(x)=11msb_2(x)=11msb2​(x)=11: begin with “11”]

Random Variables

Def: a random variable XXX is a function X:U→VX: U\rightarrow VX:U→V

Example:
X:{0,1}n→{0,1}X: \{ 0, 1\}^n\rightarrow\{0, 1\}X:{0,1}n→{0,1}
X(y)=lsb(y)∈{0,1}X(y)=lsb(y)\in \{0, 1\}X(y)=lsb(y)∈{0,1}

For the uniform distribution on UUU:
Pr[X=0]=1/2,Pr[X=1]=1/2Pr[X=0]=1/2, Pr[X=1]=1/2Pr[X=0]=1/2,Pr[X=1]=1/2

More generally:
rand.var. XXX induces a distribution on VVV: Pr[X=v]:=Pr[X−1(v)]Pr[X=v]:=Pr[X^{-1}(v)]Pr[X=v]:=Pr[X−1(v)]

[X−1(v)X^{-1}(v)X−1(v): aaa for X(a)=vX(a)=vX(a)=v]
Formally we say that the probability that XXX outputs vvv, is the same as the probability of the event that when we sample a random element in the universe, we fall into the pre-image of vvv under the function XXX.

The uniform random variable

Let UUU be some set, e.g. U={0,1}nU=\{0, 1\}^nU={0,1}n
We write r←RUr\xleftarrow{R}UrR​U to donate a uniform random variable over UUU
for all a∈Ua\in Ua∈U: Pr[r=a]=1/∣U∣Pr[r=a]=1/|U|Pr[r=a]=1/∣U∣
(formally, rrr is the identity function: r(x)=xr(x)=xr(x)=x for all x∈Ux\in Ux∈U)

Example:
Let rrr be a uniform random variable on {0,1}2\{ 0, 1\}^2{0,1}2
Define the random variable X=r1+r2X=r_1+r_2X=r1​+r2​
Then Pr[X=2]=1/4Pr[X=2]=1/4Pr[X=2]=1/4

(Hint: Pr[X=2]=Pr[r=11]Pr[X=2]=Pr[r=11]Pr[X=2]=Pr[r=11])

Randomized algorithms

Deterministic algorithm: y←A(m)y\leftarrow A(m)y←A(m)

Randomized algorithm:
y←A(m;r)y\leftarrow A(m;r)y←A(m;r) where r←R{0,1}nr\xleftarrow{R}\{0, 1\}^nrR​{0,1}n
output is a random variable
y←RA(m)y\xleftarrow{R}A(m)yR​A(m)

Example:
A(m;k)=E(k,m)A(m;k)=E(k, m)A(m;k)=E(k,m), y←RA(m)y\xleftarrow{R}A(m)yR​A(m)

Independence

Def: events A and B independent if Pr[APr[APr[A and B]=Pr[A]⋅Pr[B]B]=Pr[A]\cdot Pr[B]B]=Pr[A]⋅Pr[B]
random variables X, Y taking values in V are independent if ∀a,b∈V:Pr[X=a\forall a,b\in V: Pr[X=a∀a,b∈V:Pr[X=a and Y=b]=Pr[X=a]⋅Pr[Y=b]Y=b]=Pr[X=a]\cdot Pr[Y=b]Y=b]=Pr[X=a]⋅Pr[Y=b]

Example:
U={0,1}2={00,01,10,11}U=\{ 0, 1\}^2=\{00, 01, 10, 11\}U={0,1}2={00,01,10,11} and r←RUr\xleftarrow{R}UrR​U
Define random variables XXX and YYY as: X=lsb(r)X=lsb(r)X=lsb(r), Y=msb(r)Y=msb(r)Y=msb(r)
Pr[X=0Pr[X=0Pr[X=0 and Y=0]=Pr[r=00]=1/4=Pr[X=0]⋅Pr[Y=0]Y=0]=Pr[r=00]=1/4=Pr[X=0]\cdot Pr[Y=0]Y=0]=Pr[r=00]=1/4=Pr[X=0]⋅Pr[Y=0]

XOR

XOR of two strings in {0,1}n\{ 0, 1\}^n{0,1}n is their bit-wise addition mod 2

An important property of XOR

YYY is a random variable over {0,1}n\{ 0, 1\}^n{0,1}n
XXX is a uniform random variable over {0,1}n\{ 0, 1\}^n{0,1}n
XXX and YYY are independent
Then: Z:=Y⊕XZ:=Y\oplus XZ:=Y⊕X is a uniform variable on {0,1}n\{ 0, 1\}^n{0,1}n

Proof: (for n=1)
Pr[Z=0]=Pr[(X,Y)=(0,0)Pr[Z=0]=Pr[(X,Y)=(0,0)Pr[Z=0]=Pr[(X,Y)=(0,0) or (X,Y)=(1,1)]=Pr[(X,Y)=(0,0)]⋅Pr[(X,Y)=(1,1)]=1/2(X,Y)=(1,1)]=Pr[(X,Y)=(0,0)]\cdot Pr[(X,Y)=(1,1)]=1/2(X,Y)=(1,1)]=Pr[(X,Y)=(0,0)]⋅Pr[(X,Y)=(1,1)]=1/2

The birthday paradox

Let r1,r2,...,rn∈Ur_1, r_2, ..., r_n\in Ur1​,r2​,...,rn​∈U be independent identically distributed random variables.
when n=1.2×∣U∣1/2n=1.2\times |U|^{1/2}n=1.2×∣U∣1/2 then Pr[∃i≠j:ri=rj]≥1/2Pr[\exist i\not = j: r_i=r_j]\geq 1/2Pr[∃i​=j:ri​=rj​]≥1/2
[notation: ∣U∣|U|∣U∣ is the size of UUU]

Example:
Let U={0,1}128U=\{ 0, 1\}^{128}U={0,1}128
After sampling about 2642^{64}264 random messages from UUU, some two sampled messages will likely be the same.

斯坦福密码学课程-笔记-01-Introduction绪论相关推荐

1. 斯坦福密码学课程-笔记-02-Stream Ciphers流密码

   斯坦福密码学课程笔记 02-流密码 Stream Ciphers The One Time Pad Symmetric Ciphers: definition The One Time Pad (Ve ...

2. 李宏毅老师2022机器学习课程笔记 01 Introduction of Deep Learning

   01 Introduction of Deep Learning 机器学习相关规定 什么是机器学习 机器学习的概念 我觉得李老师讲得非常好的一点就是,他真正说清楚了机器学习中的一些因果逻辑. 比如我之 ...

3. 【2017cs231n】课程笔记01：计算机视觉概述及历史背景

   [2017cs231n]课程笔记01:计算机视觉概述及历史背景 搜索微信公众号:'AI-ming3526'或者'计算机视觉这件小事' 获取更多算法.机器学习干货 csdn:https://blog.c ...

4. 西湖大学张岳老师NLP课程笔记1 Introduction

   西湖大学张岳老师NLP课程笔记1 Introduction 参考资料 B站链接 课程主页 <Natural Language Processing: A Machine Learning Per ...

5. 侯捷C++课程笔记01: 面向对象高级编程（上）

   本笔记根据侯捷老师的课程整理而来:C++面向对象高级编程(上) pdf版本笔记的下载地址: 笔记01_面向对象高级编程(上),排版更美观一点(访问密码:3834) 侯捷C++课程笔记01: 面向对象高 ...

6. 计算方法(数值方法)课程笔记01

   数值计算方法课程笔记01 内容预览 笔记 笔记内容为日常上课记录与整理,为图片格式,仅供学习. 内容预览 01.误差 02.误差分析习题 03.非线性方程求根 04.二分法 05.迭代法 06.代数方 ...

7. 【图神经网络】——“斯坦福CS224W”课程笔记（三）

   03 - Motifs and structural Roles in Networks 本文是我在学习斯坦福大学2019年秋季课程 "图机器学习"(图神经网络) 时所记录的笔记. ...

8. 转：深度学习斯坦福cs231n 课程笔记

   http://blog.csdn.net/dinosoft/article/details/51813615 前言 对于深度学习,新手我推荐先看UFLDL,不做assignment的话,一两个晚上就可 ...

9. TA课程笔记01——光照（主要为shader入门精要第六章）

   //老师在这里简单的简述了一下渲染流水线,我在之前的图形学笔记中很详细的讲述了渲染流水线的过程,便不再赘述 //因为老师很详细的将几种常见的光照模型都讲了一遍,但都是美术方向,前面的案例也都缺少代码, ...

最新文章

1. C#创建MQTT客户端接收服务器信息
2. 普通话书籍计算机辅助,计算机辅助普通话水平测试指南
3. idea使用MybatisCodeHelperPro逆向生成(亲测)
4. 黄峥辞任董事长，超级投票权失效！拼多多已成为中国电商第一
5. 获得邮件列表失败_邮件经常失败回弹很糟心？一定要知道这几个小知识
6. java rsa 私钥解密_Java RSA 加密解密中 密钥保存并读取，数据加密解密并保存读取 问题...
7. 【足迹C++primer】51、面向对象编程概述
8. Navicat数据库查询时字体
9. cocos creator全局开关音效设置之静音开关
10. java程序执行时间_java记录代码运行时间
11. ArcGIS遇到严重的应用程序错误的解决办法
12. web前端期末大作业—— HTML+CSS豪华车 (9页)
13. 3.9 Primitive Obsession 基本类型偏执
14. 【kindle笔记】之 《犬夜叉》-2017-12-26
15. Edge/IE浏览器主页被篡改为360导航的快捷解决方法
16. 夏磊2019MySQL高级学习笔记
17. gtx1070显卡 linux,Ubuntu 16.04下Nvidia 显卡驱动安装
18. mobilenet网络的理解
19. 一个低边 MOS 管驱动电路的分析
20. c语言：教你一招黑掉别人电脑

热门文章

1. Ralink WIFI driver发送速率选择算法分析
2. Android开发者福音-史上最快模拟器genymotion
3. 注解 @CrossOrigin（更容易理解 ）
4. 二维码扫描的一些代码
5. Qt切换多国语言，简单的流程记录。
6. 坚持不一定成功 但放弃一定失败
7. python中save 函数_Tensorflow之Saver的用法详解
8. 计算机考证ps好还是ms好
9. 【小程序】数据缓存、获取和清除
10. GIMP - GNU 图像处理程序 - 颜色拾取工具