应用密码学研究生课程AGraduateCourseinAppliedCryptography_基于Fujisaki-Okamoto承诺的零知识范围证明-其它代码类

计算机科学

需积分: 48 868 浏览量更新于2023-05-26 评论 1 收藏 16.86MB PDF 举报

身份认证购VIP最低享 7 折!

领优惠券(最高得80元）

资源详情

资源评论

资源推荐

AGraduateCourseinAppliedCryptography

Dan Boneh Victor Shoup

August 17, 2015

Preface

Cryptography is an in di spensable tool used to protect information in computing systems. It is

used everywhere and by billions of people worldwide on a daily basis. It is used to protect data at

rest and data in motion. Cryptographic systems are an integral part of standard prot ocols, most

notably the Transport Layer Security (TLS) protocol, making it relatively easy to incorporate

strong encryption into a wide range of app l ic at i ons .

While extremely u sef u l, cryptography is also highly bri t t l e. The most secure cryptographic

system can be rendered completely insecure by a single speciﬁcation or programmi ng error. No

amount of unit testing will uncover a secu r i ty vulnerability in a cryptosystem.

Instead, to argue t h at a cry pt osy s t em is sec ur e, we rel y on mat he mat i cal modeling and proofs

to show that a particular system sat i sﬁ es the security properties attribut e d to it. We often need to

introduce certain plausible assumptions to push our security arguments through.

This b ook is about exactly that: constructing practical cryptosystems for which we can argue

security under plausible assumptions . The book covers many constructions for di↵erent tasks in

cryptography. For each task we deﬁne a precise security goal that we aim to achieve and then

present constructions that achieve the required goal. To analyze the constructions, we develop a

uniﬁed framework for d oi ng cryptographic proofs. A reader who masters this framework will be

capable of applying it to new constructions that may not be covered in the book.

Throughout the book we present many case st ud i es to survey how deployed systems operate.

We describe common mistakes to avoid as well as attacks on real-world systems that illustrate the

importance of rigor in cryptography. We end every chapter with a fun application that applies the

ideas in the chapter in some unexpect e d way.

Intended audience and how to use this book

The book is intended to be self contained. Some supplementary material covering basic facts from

probability theory and algebra is provided in the appendices.

The book is divided into th re e part s. The ﬁrst part develops symmetric encryption which

explains how two parties, Alic e and Bob, can securely ex change information when they have a

shared key unknown to the attacker. The second part develops the concepts of public-key encry pti on

and digital signatures, which allows Alice and Bob to do the same, but without having a shared,

secret key. The third part is about cryptographic protocols, such as protocols for user identiﬁcation,

key exchange, and secur e computation.

A beginnin g reader can read though the book to learn how cry pt ogr aph i c systems work and

why they are secure. Every security theor em in the book is followed by a pro of idea that explains

at a high level why the scheme is secure. On a ﬁrst read one can skip over the detailed proofs

Contents

1 Introduction 15

1.1 Historic ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

1.2 Termi nol ogy used throughout the book . . . . . . . . . . . . . . . . . . . . . . . . . . 15

I Secret key cryptography 17

2 Encryption 18

2.1 Introduct i on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

2.2 Shannon ciphers and perfect security . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

2.2.1 Deﬁnition of a Shannon cipher . . . . . . . . . . . . . . . . . . . . . . . . . . 19

2.2.2 Perfect security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2.2.3 The bad news . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

2.3 Computati onal ciphers and semantic secu r i ty . . . . . . . . . . . . . . . . . . . . . . 27

2.3.1 Deﬁnition of a computational cipher . . . . . . . . . . . . . . . . . . . . . . . 27

2.3.2 Deﬁnition of semantic security . . . . . . . . . . . . . . . . . . . . . . . . . . 29

2.3.3 Connections to weaker notions of security . . . . . . . . . . . . . . . . . . . . 32

2.3.4 Consequences of semantic security . . . . . . . . . . . . . . . . . . . . . . . . 36

2.3.5 Bit guessing: an alternative characteri zat i on of semantic security . . . . . . . 39

2.4 Mathemati c al details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

2.4.1 Negligible, super-poly, an d poly-bounded functions . . . . . . . . . . . . . . . 42

2.4.2 Computational ciphers: t he formalities . . . . . . . . . . . . . . . . . . . . . . 43

2.4.3 Eﬃcient adversaries and attack games . . . . . . . . . . . . . . . . . . . . . . 46

2.4.4 Semantic security: the formalities . . . . . . . . . . . . . . . . . . . . . . . . . 48

2.5 A fun application: anonymous routing . . . . . . . . . . . . . . . . . . . . . . . . . . 48

2.6 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

2.7 Exercis es . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

3 Stream ciphers 58

3.1 Pseudo-ran dom generators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

3.1.1 Deﬁnition of a pseudo-random generator . . . . . . . . . . . . . . . . . . . . . 59

3.1.2 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

3.2 Stream ciphers: encryption with a PRG . . . . . . . . . . . . . . . . . . . . . . . . . 61

3.3 Stream cipher limitations: attacks on the one t i me pad . . . . . . . . . . . . . . . . . 65

3.3.1 The two-time pad is insecure . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

3.3.2 The one-time pad is malleable . . . . . . . . . . . . . . . . . . . . . . . . . . 66

3.4 Composing PRGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

3.4.1 A parallel construction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

3.4.2 A sequential construction: the Blum-Micali method . . . . . . . . . . . . . . 72

3.4.3 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

3.5 The next bit test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

3.6 Case study: the Salsa and ChaCha PRGs . . . . . . . . . . . . . . . . . . . . . . . . 80

3.7 Case study: linear generators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

3.7.1 An example cryptanalysi s : linear congruential generators . . . . . . . . . . . 83

3.7.2 The subset sum generator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

3.8 Case study: cryptanalysis of the DVD encryption system . . . . . . . . . . . . . . . 87

3.9 Case study: cryptanalysis of the RC4 stream cipher . . . . . . . . . . . . . . . . . . 89

3.9.1 Security of RC4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

3.10 Generating random bits in practice . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

3.11 A broader perspective: c omp ut at i onal indistinguishability . . . . . . . . . . . . . . . 94

3.11.1 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

3.12 A fun application: coin ﬂipping and commitments . . . . . . . . . . . . . . . . . . . 99

3.13 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

3.14 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

4Blockciphers 107

4.1 Block ciphers: basic deﬁnitions and properties . . . . . . . . . . . . . . . . . . . . . . 107

4.1.1 Some implications of security . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

4.1.2 Eﬃcient implementation of random permutations . . . . . . . . . . . . . . . . 112

4.1.3 Strongly secure block ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

4.1.4 Using a block c i ph er directly for encryption . . . . . . . . . . . . . . . . . . . 113

4.1.5 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

4.2 Construct i n g block ciphers in practice . . . . . . . . . . . . . . . . . . . . . . . . . . 118

4.2.1 Case study: DES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

4.2.2 Exhaustive search on DES : the DES challenges . . . . . . . . . . . . . . . . . 124

4.2.3 Strengthening ciphers against exhaustive search: the 3E construction . . . . . 126

4.2.4 Case study: AES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

4.3 Sophisti c at ed attack s on block ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . 133

4.3.1 Algorithmic attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

4.3.2 Side-channel attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

4.3.3 Fault-injection attacks on AES . . . . . . . . . . . . . . . . . . . . . . . . . . 141

4.3.4 Quantum exhaustive search at t acks . . . . . . . . . . . . . . . . . . . . . . . . 142

4.4 Pseudo-ran dom functions: basic deﬁnitions and properties . . . . . . . . . . . . . . . 143

4.4.1 Deﬁnitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

4.4.2 Eﬃcient implementation of random functions . . . . . . . . . . . . . . . . . . 144

4.4.3 When is a s ecu r e block cipher a secure PRF? . . . . . . . . . . . . . . . . . . 145

4.4.4 Constructing PRGs from PRFs . . . . . . . . . . . . . . . . . . . . . . . . . . 149

4.4.5 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

4.5 Construct i n g block ciphers from PRFs . . . . . . . . . . . . . . . . . . . . . . . . . . 151

4.6 The tree construction: from PRGs to PRFs . . . . . . . . . . . . . . . . . . . . . . . 158

4.6.1 Variable length tre e construction . . . . . . . . . . . . . . . . . . . . . . . . . 162

剩余399页未读，继续阅读

weixin_38744153

粉丝: 342
资源: 2万+

会员权益专享

应用密码学研究生课程A Graduate Course in Applied Cryptography

评论0

会员权益专享

最新资源

应用密码学研究生课程A Graduate Course in Applied Cryptography

评论0

应用密码学手册（英文版）Handbook of Applied Cryptography

Handbook of Applied Cryptography

Handbook of Applied Cryptography.pdf

Lecture Notes on Cryptography (麻省理工学院密码学讲义)

密码学概论 第二版 Introduction to cryptography 2/e

Mathematics of Public Key Cryptography

cryptography 3.3.1

cryptographydeprecationwarning: python 3.6 is no longer supported by the python core team. therefore, support for it is deprecated in cryptography and will be removed in a future release. from cryptography.hazmat.backends import default_backend

现代密码学：原理与协议 （英文版）

cryptography-3.2.1

introduction to modern cryptography

《密码学原理与实践》第三版 部分章节的部分习题答案

cryptography库 离线安装

python cryptography

failed building wheel for cryptography

error: could not build wheels for cryptography which use pep 517 and cannot be installed directly

华为 eNSP 模拟器命令行简介

会员权益专享

最新资源

密码学概论第二版 Introduction to cryptography 2/e

现代密码学：原理与协议（英文版）

《密码学原理与实践》第三版部分章节的部分习题答案

cryptography库离线安装