应用密码学研究生课程AGraduateCourseinAppliedCryptography

计算机科学

需积分: 48 117 浏览量更新于2023-03-03 评论 1 收藏 16.86MB PDF 举报

身份认证购VIP最低享 7 折!

领优惠券(最高得80元）

资源详情

资源评论

资源推荐

AGraduateCourseinAppliedCryptography

Dan Boneh Victor Shoup

August 17, 2015

Preface

Cryptography is an in di spensable tool used to protect information in computing systems. It is

used everywhere and by billions of people worldwide on a daily basis. It is used to protect data at

rest and data in motion. Cryptographic systems are an integral part of standard prot ocols, most

notably the Transport Layer Security (TLS) protocol, making it relatively easy to incorporate

strong encryption into a wide range of app l ic at i ons .

While extremely u sef u l, cryptography is also highly bri t t l e. The most secure cryptographic

system can be rendered completely insecure by a single speciﬁcation or programmi ng error. No

amount of unit testing will uncover a secu r i ty vulnerability in a cryptosystem.

Instead, to argue t h at a cry pt osy s t em is sec ur e, we rel y on mat he mat i cal modeling and proofs

to show that a particular system sat i sﬁ es the security properties attribut e d to it. We often need to

introduce certain plausible assumptions to push our security arguments through.

This b ook is about exactly that: constructing practical cryptosystems for which we can argue

security under plausible assumptions . The book covers many constructions for di↵erent tasks in

cryptography. For each task we deﬁne a precise security goal that we aim to achieve and then

present constructions that achieve the required goal. To analyze the constructions, we develop a

uniﬁed framework for d oi ng cryptographic proofs. A reader who masters this framework will be

capable of applying it to new constructions that may not be covered in the book.

Throughout the book we present many case st ud i es to survey how deployed systems operate.

We describe common mistakes to avoid as well as attacks on real-world systems that illustrate the

importance of rigor in cryptography. We end every chapter with a fun application that applies the

ideas in the chapter in some unexpect e d way.

Intended audience and how to use this book

The book is intended to be self contained. Some supplementary material covering basic facts from

probability theory and algebra is provided in the appendices.

The book is divided into th re e part s. The ﬁrst part develops symmetric encryption which

explains how two parties, Alic e and Bob, can securely ex change information when they have a

shared key unknown to the attacker. The second part develops the concepts of public-key encry pti on

and digital signatures, which allows Alice and Bob to do the same, but without having a shared,

secret key. The third part is about cryptographic protocols, such as protocols for user identiﬁcation,

key exchange, and secur e computation.

A beginnin g reader can read though the book to learn how cry pt ogr aph i c systems work and

why they are secure. Every security theor em in the book is followed by a pro of idea that explains

at a high level why the scheme is secure. On a ﬁrst read one can skip over the detailed proofs

Contents

1 Introduction 15

1.1 Historic ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

1.2 Termi nol ogy used throughout the book . . . . . . . . . . . . . . . . . . . . . . . . . . 15

I Secret key cryptography 17

2 Encryption 18

2.1 Introduct i on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

2.2 Shannon ciphers and perfect security . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

2.2.1 Deﬁnition of a Shannon cipher . . . . . . . . . . . . . . . . . . . . . . . . . . 19

2.2.2 Perfect security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2.2.3 The bad news . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

2.3 Computati onal ciphers and semantic secu r i ty . . . . . . . . . . . . . . . . . . . . . . 27

2.3.1 Deﬁnition of a computational cipher . . . . . . . . . . . . . . . . . . . . . . . 27

2.3.2 Deﬁnition of semantic security . . . . . . . . . . . . . . . . . . . . . . . . . . 29

2.3.3 Connections to weaker notions of security . . . . . . . . . . . . . . . . . . . . 32

2.3.4 Consequences of semantic security . . . . . . . . . . . . . . . . . . . . . . . . 36

2.3.5 Bit guessing: an alternative characteri zat i on of semantic security . . . . . . . 39

2.4 Mathemati c al details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

2.4.1 Negligible, super-poly, an d poly-bounded functions . . . . . . . . . . . . . . . 42

2.4.2 Computational ciphers: t he formalities . . . . . . . . . . . . . . . . . . . . . . 43

2.4.3 Eﬃcient adversaries and attack games . . . . . . . . . . . . . . . . . . . . . . 46

2.4.4 Semantic security: the formalities . . . . . . . . . . . . . . . . . . . . . . . . . 48

2.5 A fun application: anonymous routing . . . . . . . . . . . . . . . . . . . . . . . . . . 48

2.6 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

2.7 Exercis es . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

3 Stream ciphers 58

3.1 Pseudo-ran dom generators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

3.1.1 Deﬁnition of a pseudo-random generator . . . . . . . . . . . . . . . . . . . . . 59

3.1.2 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

3.2 Stream ciphers: encryption with a PRG . . . . . . . . . . . . . . . . . . . . . . . . . 61

3.3 Stream cipher limitations: attacks on the one t i me pad . . . . . . . . . . . . . . . . . 65

3.3.1 The two-time pad is insecure . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

3.3.2 The one-time pad is malleable . . . . . . . . . . . . . . . . . . . . . . . . . . 66

3.4 Composing PRGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

3.4.1 A parallel construction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

3.4.2 A sequential construction: the Blum-Micali method . . . . . . . . . . . . . . 72

3.4.3 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

3.5 The next bit test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

3.6 Case study: the Salsa and ChaCha PRGs . . . . . . . . . . . . . . . . . . . . . . . . 80

3.7 Case study: linear generators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

3.7.1 An example cryptanalysi s : linear congruential generators . . . . . . . . . . . 83

3.7.2 The subset sum generator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

3.8 Case study: cryptanalysis of the DVD encryption system . . . . . . . . . . . . . . . 87

3.9 Case study: cryptanalysis of the RC4 stream cipher . . . . . . . . . . . . . . . . . . 89

3.9.1 Security of RC4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

3.10 Generating random bits in practice . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

3.11 A broader perspective: c omp ut at i onal indistinguishability . . . . . . . . . . . . . . . 94

3.11.1 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

3.12 A fun application: coin ﬂipping and commitments . . . . . . . . . . . . . . . . . . . 99

3.13 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

3.14 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

4Blockciphers 107

4.1 Block ciphers: basic deﬁnitions and properties . . . . . . . . . . . . . . . . . . . . . . 107

4.1.1 Some implications of security . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

4.1.2 Eﬃcient implementation of random permutations . . . . . . . . . . . . . . . . 112

4.1.3 Strongly secure block ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

4.1.4 Using a block c i ph er directly for encryption . . . . . . . . . . . . . . . . . . . 113

4.1.5 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

4.2 Construct i n g block ciphers in practice . . . . . . . . . . . . . . . . . . . . . . . . . . 118

4.2.1 Case study: DES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

4.2.2 Exhaustive search on DES : the DES challenges . . . . . . . . . . . . . . . . . 124

4.2.3 Strengthening ciphers against exhaustive search: the 3E construction . . . . . 126

4.2.4 Case study: AES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

4.3 Sophisti c at ed attack s on block ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . 133

4.3.1 Algorithmic attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

4.3.2 Side-channel attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

4.3.3 Fault-injection attacks on AES . . . . . . . . . . . . . . . . . . . . . . . . . . 141

4.3.4 Quantum exhaustive search at t acks . . . . . . . . . . . . . . . . . . . . . . . . 142

4.4 Pseudo-ran dom functions: basic deﬁnitions and properties . . . . . . . . . . . . . . . 143

4.4.1 Deﬁnitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

4.4.2 Eﬃcient implementation of random functions . . . . . . . . . . . . . . . . . . 144

4.4.3 When is a s ecu r e block cipher a secure PRF? . . . . . . . . . . . . . . . . . . 145

4.4.4 Constructing PRGs from PRFs . . . . . . . . . . . . . . . . . . . . . . . . . . 149

4.4.5 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

4.5 Construct i n g block ciphers from PRFs . . . . . . . . . . . . . . . . . . . . . . . . . . 151

4.6 The tree construction: from PRGs to PRFs . . . . . . . . . . . . . . . . . . . . . . . 158

4.6.1 Variable length tre e construction . . . . . . . . . . . . . . . . . . . . . . . . . 162

剩余399页未读，继续阅读

weixin_38744153

粉丝: 346
资源: 2万+

会员权益专享

应用密码学研究生课程A Graduate Course in Applied Cryptography

评论0

会员权益专享

最新资源

应用密码学研究生课程A Graduate Course in Applied Cryptography

评论0

A Graduate Course in Applied Cryptography v0.3

A Graduate Course in Applied Cryptography.pdf

翟起滨老师应用密码学课堂授课的笔记

我想学习密码学，帮我推荐几本书籍

cryptography教程

cryptography1 学习笔记

有什么书籍可以了解rsa算法

《New Directions in Cryptography》的引用格式

GROUP THEORY IN CRYPTOGRAPHY

cryptography 有哪些版本

python 3.4 cryptography

Python实现密码学配置

python的 bcrypt库与cryptography库相比有什么优缺点

python中cryptography库能干什么

cryptography 3.3.1

cryptography库

cryptographydeprecationwarning: python 3.6 is no longer supported by the python core team. therefore, support for it is deprecated in cryptography and will be removed in a future release. from cryptography.hazmat.backends import default_backend

"Post-Quantum Cryptography: A Ten-Year Survey" by Daniele Micciancio et al. 的引用格式

阐述对称以及非对称加密原理以及常见算法 消息认证码（MAC）：了解 MAC 的原理和常见算法，如 HMAC、CMAC 是什么 密码学工具 OpenSSL、gnupg，常见的密码学攻击工具，如 hashcat、John the Ripper是什么，怎么使用

cryptography库介绍

会员权益专享

最新资源

阐述对称以及非对称加密原理以及常见算法消息认证码（MAC）：了解 MAC 的原理和常见算法，如 HMAC、CMAC 是什么密码学工具 OpenSSL、gnupg，常见的密码学攻击工具，如 hashcat、John the Ripper是什么，怎么使用