SlideShare a Scribd company logo

Cryptography

Download as PPTX, PDF
David Evans
David Evans

This document discusses cryptography and how it can be used to own digital goods like cryptocurrency. It begins by introducing key concepts in cryptography like cryptosystems, attacks, and asymmetry. It then discusses how early systems like Jefferson's wheel cipher provided security through obscurity of algorithms and keys. The document explores how brute force attacks become impractical as key sizes increase due to the vast amounts of energy required. It introduces public key cryptography and how RSA provides asymmetry through a trapdoor function. The document explains how asymmetric cryptography can be used for signatures and confidentiality. It concludes by noting how cryptography achieves the scarcity needed for digital ownership of coins.

Spiritual
1 of 56
Cryptocurrency Café cs4501 Spring 2015 David Evans University of Virginia Class 2: Cryptography
Goal for Today • Notion of ownership of non-physical good • Conceptual understanding of key terms and principles in cryptography – Cryptosystem – Attacks – Asymmetry • Underlying foundation of bitcoin 1
Comments about “Magic of Mining” 2
3
4
5
Selected Contributed Comments 6 Submitting google forms is a silly way to have a discussion! We’ll have a course discussion forum set up by next week… “The enigmatic Mr Nakamoto designed the system to keep everybody honest.” (Tara Raj, Jake Rosenberg) “Bitcoins have three useful qualities in a currency: they are hard to earn, limited in supply and easy to verify.” (Jake Shankman, Kevin Hoffman ) “A more fundamental worry is that digital-currency mining, like other sorts of mining, has environmental costs: all that number-crunching uses a lot of electricity, and not all of it comes from renewable sources…” (Samuel Abbate, Elizabeth Kukla) “He even worries that a hostile government might seize control of the bitcoin system.” (Richard Serpe)
7 Downloading entire blockchain (~20GB)…takes several days…
Recap Currency is a medium of exchange At a minimum, must be: transferable – can be exchanged scarce – limited supply 8 Can we make something scarce and transferable with just bits?
How can someone own something made of bits? 9
10 How can someone own anything easily reproduced?
11 Mechanized printing Gutenberg movable type press: ~1450
12 Worshipful Company of Stationers and Newspaper Makers (“Stationer’s Company”) London 1403 Royal Charter 1557 Monopoly on printing Responsibility to censor
13 “An Act for the Encouragement of Learning, by Vesting the Copies of Printed Books in the Authors or Purchasers of Copies, during the Times therein mentioned…” Statute of Anne, 1710 Author has exclusive 14-year right to copy work (living author can extend for another 14 years)
US Copyright Law 1790: 14 years (+ 14) 1831: 28 years (+ 14) 1976: life of author + 50 (75 for “corporate”) 1998: life of author + 70 (120 for “corporate”) 14 Created 1928
How can someone own something made of bits without an army helping? 15
16
17 What is cryptology? Greek: κρυπτ´oς = “kryptos” = hidden (secret) Cryptography – secret writing Cryptanalysis – analyzing (breaking) secrets Cryptanalysis is what an attacker does Decryption is what the intended receiver does Cryptosystems – systems that use secrets Cryptology – science of secrets
18 Security is an engineering goal: it involves mathematics, but is mostly about real implementations and people. Cryptology is a branch of mathematics: about abstract numbers and functions.
19 Introductions Encrypt DecryptPlaintext Ciphertext Plaintext Alice Bob Eve (passive attacker) Insecure Channel
20 Active Attacker Encrypt DecryptPlaintext Ciphertext Plaintext Alice Bob Insecure Channel (e.g., the Internet) Mallory (active attacker)
21 Message Cryptosystem Encrypt Decrypt Plaintext Ciphertext PlaintextCiphertext Two functions: E(m: byte[])  byte[] and D(c: byte[])  byte[] Correctness property: for all possible messages m, D(E(m)) = m Security property: given c  E(m), it is “hard” to learn anything interesting about m.
22 It is possible to state the security property precisely (and prove a cryptosystem satisfies it given hardness assumptions).Shafi Goldwasser and Silvio Micali 2013 Turing Award Winners (for doing this in the 1980s)
23 Message Cryptosystem Encrypt Decrypt Plaintext Ciphertext PlaintextCiphertext Two functions: E(m: byte[])  byte[] and D(c: byte[])  byte[] Correctness property: for all possible messages m, D(E(m)) = m Security property: given c  E(m), it is “hard” to learn anything interesting about m.
24 Auguste Kerckhoffs Kerckhoff’s Principle
25 “The enemy knows the system being used.” Claude Shannon, Communication Theory of Secrecy Systems (1949) Claude Shannon 1916-2001
(Keyed) Symmetric Cryptosystem 26 Encrypt DecryptPlaintext Ciphertext Plaintext Insecure Channel Encrypt DecryptPlaintext Ciphertext Plaintext Insecure Channel Key Key Only secret is the key, not the E and D functions that now take key as input Asymmetric crypto: different keys for E and D, so you can reveal E without revealing D.
Jefferson’s Wheel Cipher 27
Jefferson’s Wheel Cipher 26 wheels arranged in a secret order on a spindle, each wheel has randomly- permutated alphabet around rim Encrypt: turn wheels to display plaintext, then pick a “random” row as ciphertext Decrypt: arrange wheels in same (secret) order, line up ciphertext, look for plaintext 28
29 Auguste Kerckhoffs (1883)Thomas Jefferson (1790s) Should it be “TJ’s Principle”?
30 on the periphery of each, and between the black lines, put all the letters of the alphabet, not in their established order, but jumbled, & without order, so that no two shall be alike. now string them in their numerical order on an iron axis, one end of which has a head, and the other a nut and screw; the use of which is to hold them firm in any given position when you choose it. Jefferson’s description of wheel cipher (1802)
Key Space Key space: K = set of possible keys 31 Key is order of wheels on spindle: |K | = 26 × 25 × … × 1 > 1026 Key is jumbling of letters on wheels: |K | = (26 × 25 × … × 1)26 > 10691
Brute Force Attack 32 def brute_force(ciphertext): for guess in all_possible_keys(N): plaintext = decrypt(key, ciphertext) if plausible_message(plaintext): return plaintext Try all possible keys in some order, until you find one that works. What is necessary for brute force attack to succeed?
(Im)Practicality of Brute Force Attacks Minimum energy needed to flip one bit (Landauer limit) ≈ kT ln 2 ≈ 2.8 zepto-Joules 33 k ≈ 1.4 × 10-23 J/K (Boltzmann’s constant) T = temperature (Kelvin) (300K)
34 Bit Flips Energy WolframAlpha Description 256 (DES) 2 × 10-3 J “acoustic energy in a whisper” 280 (“low security”) 3 × 103 J “metabolic energy of one gram of sugar” 26! (Jefferson+Kerkchoffs) 1 × 106 J “energy of one gram of gasoline” 2128 (AES minimum) 9 × 1017 J “twice energy consumption of Norway in 1998” 2256 (AES maximum) 3 × 1056 J “1/120th mass energy equivalent of galaxy’s visible mass”
35 Bit Flips Energy WolframAlpha Description 256 (DES) 2 × 10-3 J “acoustic energy in a whisper” 280 (“low security”) 3 × 103 J “metabolic energy of one gram of sugar” 26! (Jefferson+Kerkchoffs) 1 × 106 J “energy of one gram of gasoline” 2128 (AES minimum) 9 × 1017 J “twice energy consumption of Norway in 1998” 2256 (AES maximum) 3 × 1056 J “1/120th mass energy equivalent of galaxy’s visible mass” This is the best (unrealistic) possible case for a brute force attack: don’t need to do anything other than represent key and physically most efficient bit flips.
36 Bit Flips Energy WolframAlpha Description 256 (DES) 2 × 10-3 J “acoustic energy in a whisper” 280 (“low security”) 3 × 103 J “metabolic energy of one gram of sugar” 26! (Jefferson+Kerkchoffs) 1 × 106 J “energy of one gram of gasoline” 2128 (AES minimum) 9 × 1017 J “twice energy consumption of Norway in 1998” 2256 (AES maximum) 3 × 1056 J “1/120th mass energy equivalent of galaxy’s visible mass” But, assumes better than brute force attacks are not possible. All of these ciphers have weaknesses, and are much less secure than maximum security possible for that size key.
Can we use symmetric cryptosystems to own bits? 37 Encrypt DecryptPlaintext Ciphertext Plaintext Insecure Channel Key Key
38
Asymmetry Required 39 Messages: send Alice a message that only Alice can read Signatures: verify Alice signed a message, but not impersonate Alice Need a way to show you own something without giving it away!
Asymmetric Cryptosystem 40 E DPlaintext Ciphertext Plaintext Insecure Channel Alice Bob Correctness: D(E(m)) = m Security: given E(m) and E , cannot learn anything interesting about m or D
Asymmetric Cryptosystem (with Kerckhoffs’ Principle) 41 E DPlaintext Ciphertext Plaintext Insecure Channel Alice Bob Correctness: DKUA (EKRA (m)) = m Security: given EKRA (m), E, KUA, and D, cannot learn anything interesting about m or KRA. KUAKRA
Providing Asymmetry Need a function f that is: Easy to compute: given x, easy to compute f (x) Hard to invert: given f (x), hard to compute x Has a trap-door: given f (x) and t, easy to compute x 42 No function (publicly) known with these properties until 1977…
43 Ron Rivest Len Adleman Adi Shamir
44 RSA Cryptosystem Ee(M ) = Me mod n Dd(C ) = Cd mod n n = pq p, q are prime d is relatively prime to (p – 1)(q – 1) ed  1 mod (p – 1)(q – 1) Bitcoin uses elliptic curves instead of RSA (next week).
45 Correctness of RSA Ee(M ) = Me mod n Dd(C ) = Cd mod n
46 Correctness of RSA Ee(M ) = Me mod n Dd(C ) = Cd mod n Dd(Ee(M )) = (Me mod n)d mod n = Med mod n = M This step depends on choosing e and d to have this property: uses Fermat’s little theorem and Euler’s Totient theorem
47 Bonus: Works in Both Orders Ee(M ) = Me mod n Dd(C ) = Cd mod n Ee (Dd(M )) = (Md mod n)e mod n = Mde mod n = M
Providing Asymmetry Need a function f that is: Easy to compute: given x, easy to compute f (x) Hard to invert: given f (x), hard to compute x Has a trap-door: given f (x) and t, easy to compute x 48 Does RSA satisfy these?
Using Asymmetric Crypto: Confidentiality 49 E DPlaintext Ciphertext Plaintext Insecure Channel Alice Bob KUB KRB Generates key pair: KUB, KRB Publishes KUB Sends confidential messages to Bob using his public key ~10000x slower than AES! Only use when asymmetry is needed.
Using Asymmetric Crypto: Signatures? 50 E DPlaintext Ciphertext Plaintext Insecure Channel Alice Bob KUB KRB Generates key pair: KUB, KRB Publishes KUB Sends confidential messages to Bob using his public key
Using Asymmetric Crypto: Signatures 51 E D Verified Message Signed Message Message Insecure Channel KUB KRB Bob Generates key pair: KUB, KRB Publishes KUB Anyone Get KUB from trusted provider
52
Owning a Coin 53
Getting Rich! 54
Charge • Achieving scarcity is a hard problem! • No class Monday (Martin Luther King Day) • See notes for readings • Project 1 will be posted in a few days 55

Recommended

Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
David Evans
 
Cryptocurrency Jeopardy!
Cryptocurrency Jeopardy!Cryptocurrency Jeopardy!
Cryptocurrency Jeopardy!
David Evans
 
Bitcoin Script
Bitcoin ScriptBitcoin Script
Bitcoin Script
David Evans
 
Proofs of Work
Proofs of WorkProofs of Work
Proofs of Work
David Evans
 
The Blockchain
The BlockchainThe Blockchain
The Blockchain
David Evans
 
Hash functions
Hash functionsHash functions
Hash functions
sameezahur
 
Codes and Isogenies
Codes and IsogeniesCodes and Isogenies
Codes and Isogenies
Priyanka Aash
 
Introduction to Homomorphic Encryption
Introduction to Homomorphic EncryptionIntroduction to Homomorphic Encryption
Introduction to Homomorphic Encryption
Christoph Matthies
 

Recommended

Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
David Evans
 
Cryptocurrency Jeopardy!
Cryptocurrency Jeopardy!Cryptocurrency Jeopardy!
Cryptocurrency Jeopardy!
David Evans
 
Bitcoin Script
Bitcoin ScriptBitcoin Script
Bitcoin Script
David Evans
 
Proofs of Work
Proofs of WorkProofs of Work
Proofs of Work
David Evans
 
The Blockchain
The BlockchainThe Blockchain
The Blockchain
David Evans
 
Hash functions
Hash functionsHash functions
Hash functions
sameezahur
 
Codes and Isogenies
Codes and IsogeniesCodes and Isogenies
Codes and Isogenies
Priyanka Aash
 
Introduction to Homomorphic Encryption
Introduction to Homomorphic EncryptionIntroduction to Homomorphic Encryption
Introduction to Homomorphic Encryption
Christoph Matthies
 
Computer security
Computer security Computer security
Computer security
Harry Potter
 
Computing on Encrypted Data
Computing on Encrypted DataComputing on Encrypted Data
Computing on Encrypted Data
New York Technology Council
 
Merkle Trees
Merkle TreesMerkle Trees
Merkle Trees
David Evans
 
Hidden Services, Zero Knowledge
Hidden Services, Zero KnowledgeHidden Services, Zero Knowledge
Hidden Services, Zero Knowledge
David Evans
 
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...
DefCamp
 
A survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic EncryptionA survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic Encryption
iosrjce
 
1508.07756v1
1508.07756v11508.07756v1
1508.07756v1
Samir Crypticus
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic Encryption
Victor Pereira
 
ASFWS 2012 - Hash-flooding DoS reloaded: attacks and defenses par Jean-Philip...
ASFWS 2012 - Hash-flooding DoS reloaded: attacks and defenses par Jean-Philip...ASFWS 2012 - Hash-flooding DoS reloaded: attacks and defenses par Jean-Philip...
ASFWS 2012 - Hash-flooding DoS reloaded: attacks and defenses par Jean-Philip...
Cyber Security Alliance
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic Encryption
Göktuğ Serez
 
Partial Homomorphic Encryption
Partial Homomorphic EncryptionPartial Homomorphic Encryption
Partial Homomorphic Encryption
securityxploded
 
Lecture6 rsa
Lecture6 rsaLecture6 rsa
Lecture6 rsa
Nghique Nguyen
 
LCS35
LCS35LCS35
LCS35
XequeMateShannon
 
同態加密
同態加密同態加密
同態加密
峻豪 呂
 
Computational Linguistics week 5
Computational Linguistics week 5Computational Linguistics week 5
Computational Linguistics week 5
Mark Chang
 
More mining
More miningMore mining
More mining
sameezahur
 
Becoming More Paranoid
Becoming More ParanoidBecoming More Paranoid
Becoming More Paranoid
David Evans
 
Asymmetric Key Signatures
Asymmetric Key SignaturesAsymmetric Key Signatures
Asymmetric Key Signatures
David Evans
 
Mining
MiningMining
Mining
David Evans
 
Class 1: What is Money?
Class 1: What is Money?Class 1: What is Money?
Class 1: What is Money?
David Evans
 
Altcoins
AltcoinsAltcoins
Altcoins
sameezahur
 
Scripting Transactions
Scripting TransactionsScripting Transactions
Scripting Transactions
David Evans
 

More Related Content

What's hot

Computer security
Computer security Computer security
Computer security
Harry Potter
 
Computing on Encrypted Data
Computing on Encrypted DataComputing on Encrypted Data
Computing on Encrypted Data
New York Technology Council
 
Merkle Trees
Merkle TreesMerkle Trees
Merkle Trees
David Evans
 
Hidden Services, Zero Knowledge
Hidden Services, Zero KnowledgeHidden Services, Zero Knowledge
Hidden Services, Zero Knowledge
David Evans
 
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...
DefCamp
 
A survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic EncryptionA survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic Encryption
iosrjce
 
1508.07756v1
1508.07756v11508.07756v1
1508.07756v1
Samir Crypticus
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic Encryption
Victor Pereira
 
ASFWS 2012 - Hash-flooding DoS reloaded: attacks and defenses par Jean-Philip...
ASFWS 2012 - Hash-flooding DoS reloaded: attacks and defenses par Jean-Philip...ASFWS 2012 - Hash-flooding DoS reloaded: attacks and defenses par Jean-Philip...
ASFWS 2012 - Hash-flooding DoS reloaded: attacks and defenses par Jean-Philip...
Cyber Security Alliance
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic Encryption
Göktuğ Serez
 
Partial Homomorphic Encryption
Partial Homomorphic EncryptionPartial Homomorphic Encryption
Partial Homomorphic Encryption
securityxploded
 
Lecture6 rsa
Lecture6 rsaLecture6 rsa
Lecture6 rsa
Nghique Nguyen
 
LCS35
LCS35LCS35
LCS35
XequeMateShannon
 
同態加密
同態加密同態加密
同態加密
峻豪 呂
 
Computational Linguistics week 5
Computational Linguistics week 5Computational Linguistics week 5
Computational Linguistics week 5
Mark Chang
 

What's hot (15)

Computer security
Computer security Computer security
Computer security
 
Computing on Encrypted Data
Computing on Encrypted DataComputing on Encrypted Data
Computing on Encrypted Data
 
Merkle Trees
Merkle TreesMerkle Trees
Merkle Trees
 
Hidden Services, Zero Knowledge
Hidden Services, Zero KnowledgeHidden Services, Zero Knowledge
Hidden Services, Zero Knowledge
 
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...
 
A survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic EncryptionA survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic Encryption
 
1508.07756v1
1508.07756v11508.07756v1
1508.07756v1
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic Encryption
 
ASFWS 2012 - Hash-flooding DoS reloaded: attacks and defenses par Jean-Philip...
ASFWS 2012 - Hash-flooding DoS reloaded: attacks and defenses par Jean-Philip...ASFWS 2012 - Hash-flooding DoS reloaded: attacks and defenses par Jean-Philip...
ASFWS 2012 - Hash-flooding DoS reloaded: attacks and defenses par Jean-Philip...
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic Encryption
 
Partial Homomorphic Encryption
Partial Homomorphic EncryptionPartial Homomorphic Encryption
Partial Homomorphic Encryption
 
Lecture6 rsa
Lecture6 rsaLecture6 rsa
Lecture6 rsa
 
LCS35
LCS35LCS35
LCS35
 
同態加密
同態加密同態加密
同態加密
 
Computational Linguistics week 5
Computational Linguistics week 5Computational Linguistics week 5
Computational Linguistics week 5
 

Viewers also liked

More mining
More miningMore mining
More mining
sameezahur
 
Becoming More Paranoid
Becoming More ParanoidBecoming More Paranoid
Becoming More Paranoid
David Evans
 
Asymmetric Key Signatures
Asymmetric Key SignaturesAsymmetric Key Signatures
Asymmetric Key Signatures
David Evans
 
Mining
MiningMining
Mining
David Evans
 
Class 1: What is Money?
Class 1: What is Money?Class 1: What is Money?
Class 1: What is Money?
David Evans
 
Altcoins
AltcoinsAltcoins
Altcoins
sameezahur
 
Scripting Transactions
Scripting TransactionsScripting Transactions
Scripting Transactions
David Evans
 
Midterm Confirmations
Midterm ConfirmationsMidterm Confirmations
Midterm Confirmations
David Evans
 
Anonymity in Bitcoin
Anonymity in BitcoinAnonymity in Bitcoin
Anonymity in Bitcoin
David Evans
 

Viewers also liked (9)

More mining
More miningMore mining
More mining
 
Becoming More Paranoid
Becoming More ParanoidBecoming More Paranoid
Becoming More Paranoid
 
Asymmetric Key Signatures
Asymmetric Key SignaturesAsymmetric Key Signatures
Asymmetric Key Signatures
 
Mining
MiningMining
Mining
 
Class 1: What is Money?
Class 1: What is Money?Class 1: What is Money?
Class 1: What is Money?
 
Altcoins
AltcoinsAltcoins
Altcoins
 
Scripting Transactions
Scripting TransactionsScripting Transactions
Scripting Transactions
 
Midterm Confirmations
Midterm ConfirmationsMidterm Confirmations
Midterm Confirmations
 
Anonymity in Bitcoin
Anonymity in BitcoinAnonymity in Bitcoin
Anonymity in Bitcoin
 

Similar to Cryptography

Engineering Cryptographic Applications: Symmetric Encryption
Engineering Cryptographic Applications: Symmetric EncryptionEngineering Cryptographic Applications: Symmetric Encryption
Engineering Cryptographic Applications: Symmetric Encryption
David Evans
 
cryptography_priceton_university_fall_2007.ppt
cryptography_priceton_university_fall_2007.pptcryptography_priceton_university_fall_2007.ppt
cryptography_priceton_university_fall_2007.ppt
Johnree4
 
Computer security
Computer securityComputer security
Computer security
David Hoen
 
Computer security
Computer securityComputer security
Computer security
James Wong
 
Computer security
Computer security Computer security
Computer security
Tony Nguyen
 
Computer security
Computer securityComputer security
Computer security
Young Alista
 
Computer security
Computer securityComputer security
Computer security
Fraboni Ec
 
Computer security
Computer securityComputer security
Computer security
Luis Goldster
 
IS Unit 1_Conventional Encryption_Classical Encryption Techniques
IS Unit 1_Conventional Encryption_Classical Encryption TechniquesIS Unit 1_Conventional Encryption_Classical Encryption Techniques
IS Unit 1_Conventional Encryption_Classical Encryption Techniques
Sarthak Patel
 
Network security CS2
Network security CS2Network security CS2
Network security CS2
Infinity Tech Solutions
 
section-8.ppt
section-8.pptsection-8.ppt
section-8.ppt
DeepakPrajapati868260
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
Janani S
 
Função de mão única
Função de mão únicaFunção de mão única
Função de mão única
XequeMateShannon
 
Cryptography - Discrete Mathematics
Cryptography - Discrete MathematicsCryptography - Discrete Mathematics
Cryptography - Discrete Mathematics
ACM-KU
 
Engineering Cryptographic Applications: Using (and Misusing) Symmetric Ciphers
Engineering Cryptographic Applications: Using (and Misusing) Symmetric CiphersEngineering Cryptographic Applications: Using (and Misusing) Symmetric Ciphers
Engineering Cryptographic Applications: Using (and Misusing) Symmetric Ciphers
David Evans
 
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...
Mozaic Works
 
Crypto theory practice
Crypto theory practiceCrypto theory practice
Crypto theory practice
Young Alista
 
Crypto theory to practice
Crypto theory to practiceCrypto theory to practice
Crypto theory to practice
David Hoen
 
Crypto theory to practice
Crypto theory to practiceCrypto theory to practice
Crypto theory to practice
Harry Potter
 
Crypto theory practice
Crypto theory practiceCrypto theory practice
Crypto theory practice
Fraboni Ec
 

Similar to Cryptography (20)

Engineering Cryptographic Applications: Symmetric Encryption
Engineering Cryptographic Applications: Symmetric EncryptionEngineering Cryptographic Applications: Symmetric Encryption
Engineering Cryptographic Applications: Symmetric Encryption
 
cryptography_priceton_university_fall_2007.ppt
cryptography_priceton_university_fall_2007.pptcryptography_priceton_university_fall_2007.ppt
cryptography_priceton_university_fall_2007.ppt
 
Computer security
Computer securityComputer security
Computer security
 
Computer security
Computer securityComputer security
Computer security
 
Computer security
Computer security Computer security
Computer security
 
Computer security
Computer securityComputer security
Computer security
 
Computer security
Computer securityComputer security
Computer security
 
Computer security
Computer securityComputer security
Computer security
 
IS Unit 1_Conventional Encryption_Classical Encryption Techniques
IS Unit 1_Conventional Encryption_Classical Encryption TechniquesIS Unit 1_Conventional Encryption_Classical Encryption Techniques
IS Unit 1_Conventional Encryption_Classical Encryption Techniques
 
Network security CS2
Network security CS2Network security CS2
Network security CS2
 
section-8.ppt
section-8.pptsection-8.ppt
section-8.ppt
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
 
Função de mão única
Função de mão únicaFunção de mão única
Função de mão única
 
Cryptography - Discrete Mathematics
Cryptography - Discrete MathematicsCryptography - Discrete Mathematics
Cryptography - Discrete Mathematics
 
Engineering Cryptographic Applications: Using (and Misusing) Symmetric Ciphers
Engineering Cryptographic Applications: Using (and Misusing) Symmetric CiphersEngineering Cryptographic Applications: Using (and Misusing) Symmetric Ciphers
Engineering Cryptographic Applications: Using (and Misusing) Symmetric Ciphers
 
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...
 
Crypto theory practice
Crypto theory practiceCrypto theory practice
Crypto theory practice
 
Crypto theory to practice
Crypto theory to practiceCrypto theory to practice
Crypto theory to practice
 
Crypto theory to practice
Crypto theory to practiceCrypto theory to practice
Crypto theory to practice
 
Crypto theory practice
Crypto theory practiceCrypto theory practice
Crypto theory practice
 

More from David Evans

Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for CypherpunksTrick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
David Evans
 
How to Live in Paradise
How to Live in ParadiseHow to Live in Paradise
How to Live in Paradise
David Evans
 
Mining Economics
Mining EconomicsMining Economics
Mining Economics
David Evans
 
Multi-Party Computation for the Masses
Multi-Party Computation for the MassesMulti-Party Computation for the Masses
Multi-Party Computation for the Masses
David Evans
 
Proof of Reserve
Proof of ReserveProof of Reserve
Proof of Reserve
David Evans
 
Silk Road
Silk RoadSilk Road
Silk Road
David Evans
 
Blooming Sidechains!
Blooming Sidechains!Blooming Sidechains!
Blooming Sidechains!
David Evans
 
Useful Proofs of Work, Permacoin
Useful Proofs of Work, PermacoinUseful Proofs of Work, Permacoin
Useful Proofs of Work, Permacoin
David Evans
 
Alternate Cryptocurrencies
Alternate CryptocurrenciesAlternate Cryptocurrencies
Alternate Cryptocurrencies
David Evans
 
Script
ScriptScript
Script
David Evans
 
Selfish Mining
Selfish MiningSelfish Mining
Selfish Mining
David Evans
 
Quiz 2: Bitcoin Protocol, Mining, Supsersizing
Quiz 2: Bitcoin Protocol, Mining, SupsersizingQuiz 2: Bitcoin Protocol, Mining, Supsersizing
Quiz 2: Bitcoin Protocol, Mining, Supsersizing
David Evans
 
Mostly About Superfish
Mostly About SuperfishMostly About Superfish
Mostly About Superfish
David Evans
 
Mining Pools and Profits
Mining Pools and ProfitsMining Pools and Profits
Mining Pools and Profits
David Evans
 
More Mining
More MiningMore Mining
More Mining
David Evans
 
Mining
MiningMining
Mining
David Evans
 

More from David Evans (16)

Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for CypherpunksTrick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
 
How to Live in Paradise
How to Live in ParadiseHow to Live in Paradise
How to Live in Paradise
 
Mining Economics
Mining EconomicsMining Economics
Mining Economics
 
Multi-Party Computation for the Masses
Multi-Party Computation for the MassesMulti-Party Computation for the Masses
Multi-Party Computation for the Masses
 
Proof of Reserve
Proof of ReserveProof of Reserve
Proof of Reserve
 
Silk Road
Silk RoadSilk Road
Silk Road
 
Blooming Sidechains!
Blooming Sidechains!Blooming Sidechains!
Blooming Sidechains!
 
Useful Proofs of Work, Permacoin
Useful Proofs of Work, PermacoinUseful Proofs of Work, Permacoin
Useful Proofs of Work, Permacoin
 
Alternate Cryptocurrencies
Alternate CryptocurrenciesAlternate Cryptocurrencies
Alternate Cryptocurrencies
 
Script
ScriptScript
Script
 
Selfish Mining
Selfish MiningSelfish Mining
Selfish Mining
 
Quiz 2: Bitcoin Protocol, Mining, Supsersizing
Quiz 2: Bitcoin Protocol, Mining, SupsersizingQuiz 2: Bitcoin Protocol, Mining, Supsersizing
Quiz 2: Bitcoin Protocol, Mining, Supsersizing
 
Mostly About Superfish
Mostly About SuperfishMostly About Superfish
Mostly About Superfish
 
Mining Pools and Profits
Mining Pools and ProfitsMining Pools and Profits
Mining Pools and Profits
 
More Mining
More MiningMore Mining
More Mining
 
Mining
MiningMining
Mining
 

Recently uploaded

"Lift off" by Pastor Mark Behr at North Athens Baptist Church
"Lift off" by Pastor Mark Behr at North Athens Baptist Church"Lift off" by Pastor Mark Behr at North Athens Baptist Church
"Lift off" by Pastor Mark Behr at North Athens Baptist Church
JurgenFinch
 
The Significance of the Locust Army in Revelation 9
The Significance of the Locust Army in Revelation 9The Significance of the Locust Army in Revelation 9
The Significance of the Locust Army in Revelation 9
bluetroyvictorVinay
 
Heartfulness Magazine - June 2024 (Volume 9, Issue 6)
Heartfulness Magazine - June 2024 (Volume 9, Issue 6)Heartfulness Magazine - June 2024 (Volume 9, Issue 6)
Heartfulness Magazine - June 2024 (Volume 9, Issue 6)
heartfulness
 
Is Lucid Dreaming Dangerous? Risks and Benefits!
Is Lucid Dreaming Dangerous? Risks and Benefits!Is Lucid Dreaming Dangerous? Risks and Benefits!
Is Lucid Dreaming Dangerous? Risks and Benefits!
Symbolic Whispers
 
Powerful Magic Rings+27604255576 for Money Fame Job Promotions Gambling in So...
Powerful Magic Rings+27604255576 for Money Fame Job Promotions Gambling in So...Powerful Magic Rings+27604255576 for Money Fame Job Promotions Gambling in So...
Powerful Magic Rings+27604255576 for Money Fame Job Promotions Gambling in So...
MalikAliMohamad1
 
He Dies Slowly Slideshow by: Kal-el Marcus
He Dies Slowly Slideshow by: Kal-el MarcusHe Dies Slowly Slideshow by: Kal-el Marcus
He Dies Slowly Slideshow by: Kal-el Marcus
Kal-el Shows
 
B. V. Raman Hindu Predictive Astrology 1996.pdf
B. V. Raman Hindu Predictive Astrology 1996.pdfB. V. Raman Hindu Predictive Astrology 1996.pdf
B. V. Raman Hindu Predictive Astrology 1996.pdf
TerapeutaRaquelParab1
 
sanskrit yoga mantras chanting for yoga class
sanskrit yoga mantras chanting for yoga classsanskrit yoga mantras chanting for yoga class
sanskrit yoga mantras chanting for yoga class
Karuna Yoga Vidya Peetham
 
Tracking "The Blessing" - Christianity · Spiritual Growth · Success
Tracking "The Blessing" - Christianity · Spiritual Growth · SuccessTracking "The Blessing" - Christianity · Spiritual Growth · Success
Tracking "The Blessing" - Christianity · Spiritual Growth · Success
Jeff Zahorsky (tkg.tf)
 
Ashtanga Vinyasa Yoga - concept and its method
Ashtanga Vinyasa Yoga - concept and its methodAshtanga Vinyasa Yoga - concept and its method
Ashtanga Vinyasa Yoga - concept and its method
Karuna Yoga Vidya Peetham
 
Astronism, Cosmism and Cosmodeism: the space religions espousing the doctrine...
Astronism, Cosmism and Cosmodeism: the space religions espousing the doctrine...Astronism, Cosmism and Cosmodeism: the space religions espousing the doctrine...
Astronism, Cosmism and Cosmodeism: the space religions espousing the doctrine...
Cometan
 
THE IMPORTANCE OF AWARENESS AND CONSCIOUSNESS
THE IMPORTANCE OF AWARENESS AND CONSCIOUSNESSTHE IMPORTANCE OF AWARENESS AND CONSCIOUSNESS
THE IMPORTANCE OF AWARENESS AND CONSCIOUSNESS
giankumarmarketing
 
Which Zodiac Sign Makes the Best Partner.pdf
Which Zodiac Sign Makes the Best Partner.pdfWhich Zodiac Sign Makes the Best Partner.pdf
Which Zodiac Sign Makes the Best Partner.pdf
anushkahatwar2021
 
small-church-budget-sample-PDF-Download.pdf
small-church-budget-sample-PDF-Download.pdfsmall-church-budget-sample-PDF-Download.pdf
small-church-budget-sample-PDF-Download.pdf
serverbackup2024
 
Tales of This and Another Life - Chapters.pdf
Tales of This and Another Life - Chapters.pdfTales of This and Another Life - Chapters.pdf
Tales of This and Another Life - Chapters.pdf
MashaL38
 
New York City love spells in Dallas, TX.
New York City love spells in Dallas, TX.New York City love spells in Dallas, TX.
New York City love spells in Dallas, TX.
spellshealer8
 
UofT毕业证书咨询办理
UofT毕业证书咨询办理UofT毕业证书咨询办理
UofT毕业证书咨询办理
xkoue
 
Lição 12: João 15 a 17 – O Espírito Santo e a Oração Sacerdotal | 2° Trimestr...
Lição 12: João 15 a 17 – O Espírito Santo e a Oração Sacerdotal | 2° Trimestr...Lição 12: João 15 a 17 – O Espírito Santo e a Oração Sacerdotal | 2° Trimestr...
Lição 12: João 15 a 17 – O Espírito Santo e a Oração Sacerdotal | 2° Trimestr...
OmarBarrezueta1
 
OM Meditation - ultimate meditation technique
OM Meditation - ultimate meditation techniqueOM Meditation - ultimate meditation technique
OM Meditation - ultimate meditation technique
Karuna Yoga Vidya Peetham
 
Monthly Khazina-e-Ruhaniyaat Jun’2024 (Vol.15, Issue 2)
Monthly Khazina-e-Ruhaniyaat Jun’2024 (Vol.15, Issue 2)Monthly Khazina-e-Ruhaniyaat Jun’2024 (Vol.15, Issue 2)
Monthly Khazina-e-Ruhaniyaat Jun’2024 (Vol.15, Issue 2)
Darul Amal Chishtia
 

Recently uploaded (20)

"Lift off" by Pastor Mark Behr at North Athens Baptist Church
"Lift off" by Pastor Mark Behr at North Athens Baptist Church"Lift off" by Pastor Mark Behr at North Athens Baptist Church
"Lift off" by Pastor Mark Behr at North Athens Baptist Church
 
The Significance of the Locust Army in Revelation 9
The Significance of the Locust Army in Revelation 9The Significance of the Locust Army in Revelation 9
The Significance of the Locust Army in Revelation 9
 
Heartfulness Magazine - June 2024 (Volume 9, Issue 6)
Heartfulness Magazine - June 2024 (Volume 9, Issue 6)Heartfulness Magazine - June 2024 (Volume 9, Issue 6)
Heartfulness Magazine - June 2024 (Volume 9, Issue 6)
 
Is Lucid Dreaming Dangerous? Risks and Benefits!
Is Lucid Dreaming Dangerous? Risks and Benefits!Is Lucid Dreaming Dangerous? Risks and Benefits!
Is Lucid Dreaming Dangerous? Risks and Benefits!
 
Powerful Magic Rings+27604255576 for Money Fame Job Promotions Gambling in So...
Powerful Magic Rings+27604255576 for Money Fame Job Promotions Gambling in So...Powerful Magic Rings+27604255576 for Money Fame Job Promotions Gambling in So...
Powerful Magic Rings+27604255576 for Money Fame Job Promotions Gambling in So...
 
He Dies Slowly Slideshow by: Kal-el Marcus
He Dies Slowly Slideshow by: Kal-el MarcusHe Dies Slowly Slideshow by: Kal-el Marcus
He Dies Slowly Slideshow by: Kal-el Marcus
 
B. V. Raman Hindu Predictive Astrology 1996.pdf
B. V. Raman Hindu Predictive Astrology 1996.pdfB. V. Raman Hindu Predictive Astrology 1996.pdf
B. V. Raman Hindu Predictive Astrology 1996.pdf
 
sanskrit yoga mantras chanting for yoga class
sanskrit yoga mantras chanting for yoga classsanskrit yoga mantras chanting for yoga class
sanskrit yoga mantras chanting for yoga class
 
Tracking "The Blessing" - Christianity · Spiritual Growth · Success
Tracking "The Blessing" - Christianity · Spiritual Growth · SuccessTracking "The Blessing" - Christianity · Spiritual Growth · Success
Tracking "The Blessing" - Christianity · Spiritual Growth · Success
 
Ashtanga Vinyasa Yoga - concept and its method
Ashtanga Vinyasa Yoga - concept and its methodAshtanga Vinyasa Yoga - concept and its method
Ashtanga Vinyasa Yoga - concept and its method
 
Astronism, Cosmism and Cosmodeism: the space religions espousing the doctrine...
Astronism, Cosmism and Cosmodeism: the space religions espousing the doctrine...Astronism, Cosmism and Cosmodeism: the space religions espousing the doctrine...
Astronism, Cosmism and Cosmodeism: the space religions espousing the doctrine...
 
THE IMPORTANCE OF AWARENESS AND CONSCIOUSNESS
THE IMPORTANCE OF AWARENESS AND CONSCIOUSNESSTHE IMPORTANCE OF AWARENESS AND CONSCIOUSNESS
THE IMPORTANCE OF AWARENESS AND CONSCIOUSNESS
 
Which Zodiac Sign Makes the Best Partner.pdf
Which Zodiac Sign Makes the Best Partner.pdfWhich Zodiac Sign Makes the Best Partner.pdf
Which Zodiac Sign Makes the Best Partner.pdf
 
small-church-budget-sample-PDF-Download.pdf
small-church-budget-sample-PDF-Download.pdfsmall-church-budget-sample-PDF-Download.pdf
small-church-budget-sample-PDF-Download.pdf
 
Tales of This and Another Life - Chapters.pdf
Tales of This and Another Life - Chapters.pdfTales of This and Another Life - Chapters.pdf
Tales of This and Another Life - Chapters.pdf
 
New York City love spells in Dallas, TX.
New York City love spells in Dallas, TX.New York City love spells in Dallas, TX.
New York City love spells in Dallas, TX.
 
UofT毕业证书咨询办理
UofT毕业证书咨询办理UofT毕业证书咨询办理
UofT毕业证书咨询办理
 
Lição 12: João 15 a 17 – O Espírito Santo e a Oração Sacerdotal | 2° Trimestr...
Lição 12: João 15 a 17 – O Espírito Santo e a Oração Sacerdotal | 2° Trimestr...Lição 12: João 15 a 17 – O Espírito Santo e a Oração Sacerdotal | 2° Trimestr...
Lição 12: João 15 a 17 – O Espírito Santo e a Oração Sacerdotal | 2° Trimestr...
 
OM Meditation - ultimate meditation technique
OM Meditation - ultimate meditation techniqueOM Meditation - ultimate meditation technique
OM Meditation - ultimate meditation technique
 
Monthly Khazina-e-Ruhaniyaat Jun’2024 (Vol.15, Issue 2)
Monthly Khazina-e-Ruhaniyaat Jun’2024 (Vol.15, Issue 2)Monthly Khazina-e-Ruhaniyaat Jun’2024 (Vol.15, Issue 2)
Monthly Khazina-e-Ruhaniyaat Jun’2024 (Vol.15, Issue 2)
 

Cryptography

  • 1. Cryptocurrency Café cs4501 Spring 2015 David Evans University of Virginia Class 2: Cryptography
  • 2. Goal for Today • Notion of ownership of non-physical good • Conceptual understanding of key terms and principles in cryptography – Cryptosystem – Attacks – Asymmetry • Underlying foundation of bitcoin 1
  • 4. 3
  • 5. 4
  • 6. 5
  • 7. Selected Contributed Comments 6 Submitting google forms is a silly way to have a discussion! We’ll have a course discussion forum set up by next week… “The enigmatic Mr Nakamoto designed the system to keep everybody honest.” (Tara Raj, Jake Rosenberg) “Bitcoins have three useful qualities in a currency: they are hard to earn, limited in supply and easy to verify.” (Jake Shankman, Kevin Hoffman ) “A more fundamental worry is that digital-currency mining, like other sorts of mining, has environmental costs: all that number-crunching uses a lot of electricity, and not all of it comes from renewable sources…” (Samuel Abbate, Elizabeth Kukla) “He even worries that a hostile government might seize control of the bitcoin system.” (Richard Serpe)
  • 8. 7 Downloading entire blockchain (~20GB)…takes several days…
  • 9. Recap Currency is a medium of exchange At a minimum, must be: transferable – can be exchanged scarce – limited supply 8 Can we make something scarce and transferable with just bits?
  • 10. How can someone own something made of bits? 9
  • 11. 10 How can someone own anything easily reproduced?
  • 13. 12 Worshipful Company of Stationers and Newspaper Makers (“Stationer’s Company”) London 1403 Royal Charter 1557 Monopoly on printing Responsibility to censor
  • 14. 13 “An Act for the Encouragement of Learning, by Vesting the Copies of Printed Books in the Authors or Purchasers of Copies, during the Times therein mentioned…” Statute of Anne, 1710 Author has exclusive 14-year right to copy work (living author can extend for another 14 years)
  • 15. US Copyright Law 1790: 14 years (+ 14) 1831: 28 years (+ 14) 1976: life of author + 50 (75 for “corporate”) 1998: life of author + 70 (120 for “corporate”) 14 Created 1928
  • 16. How can someone own something made of bits without an army helping? 15
  • 17. 16
  • 18. 17 What is cryptology? Greek: κρυπτ´oς = “kryptos” = hidden (secret) Cryptography – secret writing Cryptanalysis – analyzing (breaking) secrets Cryptanalysis is what an attacker does Decryption is what the intended receiver does Cryptosystems – systems that use secrets Cryptology – science of secrets
  • 19. 18 Security is an engineering goal: it involves mathematics, but is mostly about real implementations and people. Cryptology is a branch of mathematics: about abstract numbers and functions.
  • 21. 20 Active Attacker Encrypt DecryptPlaintext Ciphertext Plaintext Alice Bob Insecure Channel (e.g., the Internet) Mallory (active attacker)
  • 22. 21 Message Cryptosystem Encrypt Decrypt Plaintext Ciphertext PlaintextCiphertext Two functions: E(m: byte[])  byte[] and D(c: byte[])  byte[] Correctness property: for all possible messages m, D(E(m)) = m Security property: given c  E(m), it is “hard” to learn anything interesting about m.
  • 23. 22 It is possible to state the security property precisely (and prove a cryptosystem satisfies it given hardness assumptions).Shafi Goldwasser and Silvio Micali 2013 Turing Award Winners (for doing this in the 1980s)
  • 24. 23 Message Cryptosystem Encrypt Decrypt Plaintext Ciphertext PlaintextCiphertext Two functions: E(m: byte[])  byte[] and D(c: byte[])  byte[] Correctness property: for all possible messages m, D(E(m)) = m Security property: given c  E(m), it is “hard” to learn anything interesting about m.
  • 26. 25 “The enemy knows the system being used.” Claude Shannon, Communication Theory of Secrecy Systems (1949) Claude Shannon 1916-2001
  • 27. (Keyed) Symmetric Cryptosystem 26 Encrypt DecryptPlaintext Ciphertext Plaintext Insecure Channel Encrypt DecryptPlaintext Ciphertext Plaintext Insecure Channel Key Key Only secret is the key, not the E and D functions that now take key as input Asymmetric crypto: different keys for E and D, so you can reveal E without revealing D.
  • 29. Jefferson’s Wheel Cipher 26 wheels arranged in a secret order on a spindle, each wheel has randomly- permutated alphabet around rim Encrypt: turn wheels to display plaintext, then pick a “random” row as ciphertext Decrypt: arrange wheels in same (secret) order, line up ciphertext, look for plaintext 28
  • 30. 29 Auguste Kerckhoffs (1883)Thomas Jefferson (1790s) Should it be “TJ’s Principle”?
  • 31. 30 on the periphery of each, and between the black lines, put all the letters of the alphabet, not in their established order, but jumbled, & without order, so that no two shall be alike. now string them in their numerical order on an iron axis, one end of which has a head, and the other a nut and screw; the use of which is to hold them firm in any given position when you choose it. Jefferson’s description of wheel cipher (1802)
  • 32. Key Space Key space: K = set of possible keys 31 Key is order of wheels on spindle: |K | = 26 × 25 × … × 1 > 1026 Key is jumbling of letters on wheels: |K | = (26 × 25 × … × 1)26 > 10691
  • 33. Brute Force Attack 32 def brute_force(ciphertext): for guess in all_possible_keys(N): plaintext = decrypt(key, ciphertext) if plausible_message(plaintext): return plaintext Try all possible keys in some order, until you find one that works. What is necessary for brute force attack to succeed?
  • 34. (Im)Practicality of Brute Force Attacks Minimum energy needed to flip one bit (Landauer limit) ≈ kT ln 2 ≈ 2.8 zepto-Joules 33 k ≈ 1.4 × 10-23 J/K (Boltzmann’s constant) T = temperature (Kelvin) (300K)
  • 35. 34 Bit Flips Energy WolframAlpha Description 256 (DES) 2 × 10-3 J “acoustic energy in a whisper” 280 (“low security”) 3 × 103 J “metabolic energy of one gram of sugar” 26! (Jefferson+Kerkchoffs) 1 × 106 J “energy of one gram of gasoline” 2128 (AES minimum) 9 × 1017 J “twice energy consumption of Norway in 1998” 2256 (AES maximum) 3 × 1056 J “1/120th mass energy equivalent of galaxy’s visible mass”
  • 36. 35 Bit Flips Energy WolframAlpha Description 256 (DES) 2 × 10-3 J “acoustic energy in a whisper” 280 (“low security”) 3 × 103 J “metabolic energy of one gram of sugar” 26! (Jefferson+Kerkchoffs) 1 × 106 J “energy of one gram of gasoline” 2128 (AES minimum) 9 × 1017 J “twice energy consumption of Norway in 1998” 2256 (AES maximum) 3 × 1056 J “1/120th mass energy equivalent of galaxy’s visible mass” This is the best (unrealistic) possible case for a brute force attack: don’t need to do anything other than represent key and physically most efficient bit flips.
  • 37. 36 Bit Flips Energy WolframAlpha Description 256 (DES) 2 × 10-3 J “acoustic energy in a whisper” 280 (“low security”) 3 × 103 J “metabolic energy of one gram of sugar” 26! (Jefferson+Kerkchoffs) 1 × 106 J “energy of one gram of gasoline” 2128 (AES minimum) 9 × 1017 J “twice energy consumption of Norway in 1998” 2256 (AES maximum) 3 × 1056 J “1/120th mass energy equivalent of galaxy’s visible mass” But, assumes better than brute force attacks are not possible. All of these ciphers have weaknesses, and are much less secure than maximum security possible for that size key.
  • 38. Can we use symmetric cryptosystems to own bits? 37 Encrypt DecryptPlaintext Ciphertext Plaintext Insecure Channel Key Key
  • 39. 38
  • 40. Asymmetry Required 39 Messages: send Alice a message that only Alice can read Signatures: verify Alice signed a message, but not impersonate Alice Need a way to show you own something without giving it away!
  • 41. Asymmetric Cryptosystem 40 E DPlaintext Ciphertext Plaintext Insecure Channel Alice Bob Correctness: D(E(m)) = m Security: given E(m) and E , cannot learn anything interesting about m or D
  • 42. Asymmetric Cryptosystem (with Kerckhoffs’ Principle) 41 E DPlaintext Ciphertext Plaintext Insecure Channel Alice Bob Correctness: DKUA (EKRA (m)) = m Security: given EKRA (m), E, KUA, and D, cannot learn anything interesting about m or KRA. KUAKRA
  • 43. Providing Asymmetry Need a function f that is: Easy to compute: given x, easy to compute f (x) Hard to invert: given f (x), hard to compute x Has a trap-door: given f (x) and t, easy to compute x 42 No function (publicly) known with these properties until 1977…
  • 45. 44 RSA Cryptosystem Ee(M ) = Me mod n Dd(C ) = Cd mod n n = pq p, q are prime d is relatively prime to (p – 1)(q – 1) ed  1 mod (p – 1)(q – 1) Bitcoin uses elliptic curves instead of RSA (next week).
  • 46. 45 Correctness of RSA Ee(M ) = Me mod n Dd(C ) = Cd mod n
  • 47. 46 Correctness of RSA Ee(M ) = Me mod n Dd(C ) = Cd mod n Dd(Ee(M )) = (Me mod n)d mod n = Med mod n = M This step depends on choosing e and d to have this property: uses Fermat’s little theorem and Euler’s Totient theorem
  • 48. 47 Bonus: Works in Both Orders Ee(M ) = Me mod n Dd(C ) = Cd mod n Ee (Dd(M )) = (Md mod n)e mod n = Mde mod n = M
  • 49. Providing Asymmetry Need a function f that is: Easy to compute: given x, easy to compute f (x) Hard to invert: given f (x), hard to compute x Has a trap-door: given f (x) and t, easy to compute x 48 Does RSA satisfy these?
  • 50. Using Asymmetric Crypto: Confidentiality 49 E DPlaintext Ciphertext Plaintext Insecure Channel Alice Bob KUB KRB Generates key pair: KUB, KRB Publishes KUB Sends confidential messages to Bob using his public key ~10000x slower than AES! Only use when asymmetry is needed.
  • 51. Using Asymmetric Crypto: Signatures? 50 E DPlaintext Ciphertext Plaintext Insecure Channel Alice Bob KUB KRB Generates key pair: KUB, KRB Publishes KUB Sends confidential messages to Bob using his public key
  • 52. Using Asymmetric Crypto: Signatures 51 E D Verified Message Signed Message Message Insecure Channel KUB KRB Bob Generates key pair: KUB, KRB Publishes KUB Anyone Get KUB from trusted provider
  • 53. 52
  • 56. Charge • Achieving scarcity is a hard problem! • No class Monday (Martin Luther King Day) • See notes for readings • Project 1 will be posted in a few days 55