AGraduateCourseinAppliedCryptography.pdf

Cryptography

需积分: 30 187 浏览量更新于2023-05-18 评论 1 收藏 21.81MB PDF 举报

身份认证购VIP最低享 7 折!

领优惠券(最高得80元）

资源详情

资源评论

资源推荐

A Graduate Course in Applied Cryptography

Dan Boneh and Victor Shoup

Version 0.3, December 2016

Preface

Cryptography is an in di spensable tool used to protect information in computing systems. It is

used everywhere and by billions of people worldwide on a daily basis. It is used to protect data at

rest and data in motion. Cryptographic systems are an integral part of standard protocols, most

notably the Transport Layer Security (TLS) protocol, making it relatively easy to incorporate

strong encryption into a wide range of applications.

While extremely u sef u l, cryptography is also highly brittle. The most secure cryptographic

system can be rendered completely insecure by a single speciﬁcation or programming error. No

amount of unit testing will uncover a secur i ty vulnerability in a cryptosystem.

Instead, to argue that a cryptosystem is secure, we rely on mathematical modeling and proofs

to show that a particular system satisﬁes the secu r ity properties attributed to it. We often need to

introduce certain plausible assumptions to push our security arguments through.

This book is about exactly that: constructing practical cr yp t osy st e ms for which we can argue

security under plausible assumptions. The book covers many constructions for di↵erent t ask s in

cryptography. For each task we deﬁne a precise security goal that we aim to achieve and then

present constructions that achieve the required goal. To analyze the constructions, we develop a

uniﬁed framework for doin g cryptographic proofs. A reader who masters this framework will be

capable of applying it to new constructions that may not be covered in the book.

Throughout the book we present many case studies to survey how deployed systems operate.

We describe common mistakes to avoid as well as attacks on real-world systems t hat illustrate the

importance of rigor in cryptography. We end every chapter with a fun application that applies the

ideas in the chapter in some unexpected way.

Intended audi ence and how to use this book

The book is intended to be self contained. Some supplementary material covering basic facts from

probability theory and algebra is provided in the appendices.

The book is divided into three parts. The ﬁrst part develops symmetric encryption whi ch

explains how two parties, Alice and Bob , can securely ex change information when they have a

shared key unknown to the attacker. The second part develops the concepts of public-key encryption

and digital signatures, which allow Alice and Bob to do the same, but without having a shared,

secret key. The third part is about cryptographic protocols, such as protocols for user identiﬁcation,

key exchange, and secure computation.

A beginning reader can read though the book to learn how cryptographic systems work and

why they are secure. Every security theorem in the book is followed by a proof idea that ex p lai n s

at a high level why t he scheme is secure. On a ﬁrs t read one can skip over the detailed proofs

Contents

1 Introduction 1

1.1 Historic cipher s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

1.2 Terminology used through out th e book . . . . . . . . . . . . . . . . . . . . . . . . . . 1

I Secret key cryptography 3

2 Encryption 4

2.1 Introduct i on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

2.2 Shannon ciphers and perfect security . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.2.1 Deﬁnition of a Shannon cipher . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.2.2 Perfect security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.2.3 The bad news . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

2.3 Computati onal ciph er s and semantic security . . . . . . . . . . . . . . . . . . . . . . 13

2.3.1 Deﬁnition of a computational cipher . . . . . . . . . . . . . . . . . . . . . . . 14

2.3.2 Deﬁnition of semantic security . . . . . . . . . . . . . . . . . . . . . . . . . . 15

2.3.3 Connections to weaker notions of security . . . . . . . . . . . . . . . . . . . . 18

2.3.4 Consequences of semantic security . . . . . . . . . . . . . . . . . . . . . . . . 22

2.3.5 Bit guessing: an alternative characterization of semantic security . . . . . . . 25

2.4 Mathemati c al detail s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

2.4.1 Negligible, super-pol y, and poly-bounded functions . . . . . . . . . . . . . . . 28

2.4.2 Computational ciphers: the formalities . . . . . . . . . . . . . . . . . . . . . . 29

2.4.3 Eﬃcient adversaries and attack games . . . . . . . . . . . . . . . . . . . . . . 32

2.4.4 Semantic security: the formalitie s . . . . . . . . . . . . . . . . . . . . . . . . . 34

2.5 A fun application: anonymous routing . . . . . . . . . . . . . . . . . . . . . . . . . . 35

2.6 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

2.7 Exercis es . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

3 Stream ciphers 45

3.1 Pseudo-ran dom generat ors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

3.1.1 Deﬁnition of a pseudo-random generator . . . . . . . . . . . . . . . . . . . . . 46

3.1.2 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

3.2 Stream ciphers : encryption with a PRG . . . . . . . . . . . . . . . . . . . . . . . . . 48

3.3 Stream cipher limi t at ion s: attacks on the one time pad . . . . . . . . . . . . . . . . . 52

3.3.1 The two-time pad is insecure . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

3.3.2 The one-time pad is malleable . . . . . . . . . . . . . . . . . . . . . . . . . . 53

3.4 Composing PRGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

3.4.1 A parallel construction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

3.4.2 A sequential construction: the Blum- Mi cal i method . . . . . . . . . . . . . . 59

3.4.3 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

3.5 The next bit test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

3.6 Case study: the Salsa and Ch aCha PRGs . . . . . . . . . . . . . . . . . . . . . . . . 68

3.7 Case study: linear generators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

3.7.1 An example cryptanalysis: linear congruential generators . . . . . . . . . . . 70

3.7.2 The subset sum generator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

3.8 Case study: cryptanalysis of the DVD encryption system . . . . . . . . . . . . . . . 74

3.9 Case study: cryptanalysis of the RC4 stream cipher . . . . . . . . . . . . . . . . . . 76

3.9.1 Security of RC4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

3.10 Generating random bits in practice . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

3.11 A broader perspective: computational indistinguishability . . . . . . . . . . . . . . . 81

3.11.1 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

3.12 A fun application: coin ﬂipping and commitments . . . . . . . . . . . . . . . . . . . 87

3.13 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

3.14 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

4Blockciphers 94

4.1 Block ciphers: basic deﬁniti on s and properties . . . . . . . . . . . . . . . . . . . . . . 94

4.1.1 Some implications of security . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

4.1.2 Eﬃcient implementation of random permutations . . . . . . . . . . . . . . . . 99

4.1.3 Strongly secure block ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

4.1.4 Using a block cipher directly for encryption . . . . . . . . . . . . . . . . . . . 100

4.1.5 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

4.2 Construct i n g block ciphers in practice . . . . . . . . . . . . . . . . . . . . . . . . . . 105

4.2.1 Case study: DES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

4.2.2 Exhaustive search on DES: the DES challenges . . . . . . . . . . . . . . . . . 110

4.2.3 Strengthening ciphers against exhaustive search: the 3E c ons t ru ct i on . . . . . 112

4.2.4 Case study: AES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

4.3 Sophisti c at ed attacks on block ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . 119

4.3.1 Algorithmic attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

4.3.2 Side-channel attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

4.3.3 Fault-injection attacks on AES . . . . . . . . . . . . . . . . . . . . . . . . . . 127

4.3.4 Quantum exhaustive search attacks . . . . . . . . . . . . . . . . . . . . . . . . 128

4.4 Pseudo-ran dom funct i ons : basic deﬁnitions and properties . . . . . . . . . . . . . . . 129

4.4.1 Deﬁnitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

4.4.2 Eﬃcient implementation of random functions . . . . . . . . . . . . . . . . . . 130

4.4.3 When is a secure block cipher a secure PRF? . . . . . . . . . . . . . . . . . . 131

4.4.4 Constructing PRGs from PRFs . . . . . . . . . . . . . . . . . . . . . . . . . . 135

4.4.5 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

4.5 Construct i n g block ciphers from PRFs . . . . . . . . . . . . . . . . . . . . . . . . . . 138

4.6 The tree constructi on : from PRGs to PRFs . . . . . . . . . . . . . . . . . . . . . . . 144

4.6.1 Variable length tree construction . . . . . . . . . . . . . . . . . . . . . . . . . 148

剩余579页未读，继续阅读

shuqin_SQ

粉丝: 0
资源: 4

会员权益专享

A Graduate Course in Applied Cryptography.pdf

评论0

会员权益专享

最新资源

A Graduate Course in Applied Cryptography.pdf

评论0

danboneh 密码学

应用密码学研究生课程A Graduate Course in Applied Cryptography

A Graduate Course in Applied Cryptography v0.3

System.Security.Cryptography.HashAlgorithm hash = System.Security.Cryptography.HashAlgorithm.Create("md5");

cryptographydeprecationwarning: python 3.6 is no longer supported by the python core team. therefore, support for it is deprecated in cryptography and will be removed in a future release. from cryptography.hazmat.backends import default_backend

ModuleNotFoundError: No module named 'cryptography.exceptions'

ModuleNotFoundError: No module named 'cryptography.fernet'

module 'cryptography.hazmat.primitives.padding' has no attribute 'OAEP'

cryptography.fernet.InvalidToken

cryptography.exceptions.UnsupportedAlgorithm: SM2 is not a supported elliptic curve

AttributeError: module 'cryptography.hazmat.backends' has no attribute 'openssl'

pytorch报错cryptography.exceptions.InternalError: Unknown OpenSSL error. This error is commonly encountered when another library is not cleaning up the OpenSSL error stack

ModuleNotFoundError: No module named 'cryptography.hazmat.backends.openssl.x509'

from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC password = b"password" salt = b"salt" kdf = PBKDF2HMAC( algorithm=hashes.SHA256(), length=32, salt=salt, iterations=100000, ) key = kdf.derive(password) print(key)

python.exe : d:\Lotus\main_window\lib\256qianming.py:33: DeprecationWarning: PKCS#12 support in pyOpenSSL is deprecated. You should use the APIs in cryptography.

AttributeError: module 'cryptography.hazmat.primitives.ciphers.algorithms' has no attribute 'Padding'

sm2加解密 python

会员权益专享

最新资源