没有合适的资源?快使用搜索试试~ 我知道了~
首页A Graduate Course in Applied Cryptography v0.3
A Graduate Course in Applied Cryptography v0.3
需积分: 13 15 下载量 118 浏览量
更新于2023-05-29
评论
收藏 5.11MB PDF 举报
A Graduate Course in Applied Cryptography v0.3 A Graduate Course in Applied Cryptography v0.3
资源详情
资源评论
资源推荐
A Graduate Course in Applied Cryptography
Dan Boneh and Victor Shoup
Version 0.3, December 2016
Preface
Cryptography is an indispensable to ol used to protect information in computing systems. It is
used everywhere and by billions of people worldwide on a daily basis. It is used to protect data at
rest and data in motion. Cryptographic systems are an integral part of standard protocols, most
notably the Transport Layer Security (TLS) protocol, making it relatively easy to incorporate
strong encryption into a wid e ran ge of applicati on s.
While extremely useful, cryptography is also highly brittle. The most secure cryptographic
system can be rendered completely insecure by a sin gl e specifi cat ion or programmi ng error. No
amount of uni t test i ng will un cover a security vulnerability in a cryptosystem.
Instead, to argue that a cryptosystem is secure, we rely on mathematical modeling and proofs
to show that a particular system satisfies the security properties attributed to it. We often need to
introduce certain plausible assumptions to push our security arguments through.
This book is about exactly that: constructing practical cryptosystems for which we can argue
security under plausible assumptions. The book covers many const r uct i ons for di↵erent tasks in
cryptography. For each task we define a precise security goal that we aim to achieve and then
present constructions that achieve t h e required goal. To analyze the constructions, we develop a
unified framework for doi n g cryptographic proofs. A r ead er who masters this framework will be
capable of applying it to new constructions that may not be covered in the book .
Throughout the book we present many case studies to survey how deployed systems operate.
We describe common mistakes to avoid as well as attacks on real-world systems that illustrate the
importance of rigor in cr y p togr ap hy. We end every chapter with a fun application that appli es the
ideas in the chapter in some unex pected way.
Intended audience and how to use this book
The book is intended to be self contained. Some supplementary material covering basic facts from
probability theory and algebra is provided in the appendices.
The book is divided into three parts. The first par t develops symmetric encryption which
explains how two parties, Alice and Bob, can securely exchange information when they have a
shared key unknown to the attacker. The second part develops the concepts of public-key encryption
and digital signatures, whi ch allow Alice and Bob to do the same, but without having a shared,
secret key. The third part is about cryptographic protocols, such as protocols for user identification,
key ex change, and secure computation.
A beginning reader can read though the book to learn how cryptographic systems work and
why they are secure. Every security theorem in the book is followed by a proof id ea that ex p l ain s
at a high level why t he scheme is secure. On a first read one can skip over the detailed proofs
ii
without losing continuity. A beginning reader may also skip over the mathematical det ai l s sections
that explore nuances of certain definitions.
An advanced reader may enjoy reading the detailed proofs to learn how to do proofs in cryptog-
raphy. At the end of every chapter you will find many exercises t hat explore additional aspects of
the material covered in the chapter. Some exercises rehearse what was learned, but many exercises
expand on the material and discuss topics not covered in the chapter.
Status of the book
The current draft only contains part I and the fir st half of part II. The remaining chapters in
parts II and part III are forthcoming. We hope you enjoy this write-up. Please send us comments
and let us k now if you find typos or mistakes.
Citations: While the current draft is mostly complete, we still do not include citations and
references to the many works on which this book is based. Those will be coming soon and will be
presented in the Notes section at t h e end of every chapter.
Dan Boneh and Vi ct or Shoup
December, 2016
iii
Contents
1 Introduction 1
1.1 Historic cipher s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Terminology used through out t h e book . . . . . . . . . . . . . . . . . . . . . . . . . . 1
I Secret key cryptography 3
2 Encryption 4
2.1 Introduct ion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.2 Shannon ciphers and perf ect securi ty . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2.1 Definition of a Shannon cipher . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2.2 Perfect security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2.3 The bad n ews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.3 Computation al cipher s and semantic security . . . . . . . . . . . . . . . . . . . . . . 13
2.3.1 Definition of a computational cipher . . . . . . . . . . . . . . . . . . . . . . . 14
2.3.2 Definition of semantic security . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.3.3 Connections to weaker n ot i ons of security . . . . . . . . . . . . . . . . . . . . 18
2.3.4 Consequences of semantic security . . . . . . . . . . . . . . . . . . . . . . . . 22
2.3.5 Bit guessing: an alternative characterization of semantic security . . . . . . . 25
2.4 Mathematical de tai l s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
2.4.1 Negligible, super-poly, and poly-bounded functions . . . . . . . . . . . . . . . 28
2.4.2 Computational ciphers: the formalities . . . . . . . . . . . . . . . . . . . . . . 29
2.4.3 Efficient adversaries and attack games . . . . . . . . . . . . . . . . . . . . . . 32
2.4.4 Semantic security: the formalities . . . . . . . . . . . . . . . . . . . . . . . . . 34
2.5 A fun application: anonymous routing . . . . . . . . . . . . . . . . . . . . . . . . . . 35
2.6 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
2.7 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
3 Stream ciphers 45
3.1 Pseudo-random generator s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
3.1.1 Definition of a pseudo-random generator . . . . . . . . . . . . . . . . . . . . . 46
3.1.2 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
3.2 Stream ciphers : encryption with a PRG . . . . . . . . . . . . . . . . . . . . . . . . . 48
3.3 Stream cipher limi t at i ons: attacks on the one time pad . . . . . . . . . . . . . . . . . 52
3.3.1 The two-time p ad is insecure . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
iv
3.3.2 The one-time pad is malleable . . . . . . . . . . . . . . . . . . . . . . . . . . 53
3.4 Composing PRGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
3.4.1 A p ar all el constr u ct ion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
3.4.2 A seq u ential constructi on : the Blum-Micali method . . . . . . . . . . . . . . 59
3.4.3 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
3.5 The next bit test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
3.6 Case study: the Salsa and ChaCha PRGs . . . . . . . . . . . . . . . . . . . . . . . . 68
3.7 Case study: linear generators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
3.7.1 An example cryptanalysis: linear congruential generators . . . . . . . . . . . 70
3.7.2 The subset sum generator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
3.8 Case study: cryptanalysis of the DVD encryption system . . . . . . . . . . . . . . . 74
3.9 Case study: cryptanalysis of the RC4 stream cipher . . . . . . . . . . . . . . . . . . 76
3.9.1 Security of RC4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
3.10 Generating random bits in practice . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
3.11 A broader perspective: computational indistinguishability . . . . . . . . . . . . . . . 81
3.11.1 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
3.12 A fun application: coin flipping and commitments . . . . . . . . . . . . . . . . . . . 87
3.13 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
3.14 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
4Blockciphers 94
4.1 Block ciphers: basi c defini t i ons and pr opert i es . . . . . . . . . . . . . . . . . . . . . . 94
4.1.1 Some implications of security . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
4.1.2 Efficient implementation of random permutations . . . . . . . . . . . . . . . . 99
4.1.3 Strongly secure block ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
4.1.4 Using a bl ock cipher directl y for encrypt i on . . . . . . . . . . . . . . . . . . . 100
4.1.5 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
4.2 Constructi ng block ciphers in practice . . . . . . . . . . . . . . . . . . . . . . . . . . 105
4.2.1 Case study: DES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
4.2.2 Exhaustive search on DE S: the DES challenges . . . . . . . . . . . . . . . . . 110
4.2.3 Strengthening ciphers against exhaustive search: the 3E construct i on . . . . . 112
4.2.4 Case study: AES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
4.3 Sophisti cat ed attacks on block ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . 119
4.3.1 Algorithmic attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
4.3.2 Side-channel attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
4.3.3 Fault-injection attacks on AES . . . . . . . . . . . . . . . . . . . . . . . . . . 127
4.3.4 Quantum exhaustive search at t acks . . . . . . . . . . . . . . . . . . . . . . . . 128
4.4 Pseudo-random funct i ons: basic definitions and properties . . . . . . . . . . . . . . . 129
4.4.1 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
4.4.2 Efficient implementation of random functions . . . . . . . . . . . . . . . . . . 130
4.4.3 When is a secur e block cipher a secure PRF? . . . . . . . . . . . . . . . . . . 131
4.4.4 Constructing PRGs from PRFs . . . . . . . . . . . . . . . . . . . . . . . . . . 135
4.4.5 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
4.5 Constructi ng block ciphers from PRFs . . . . . . . . . . . . . . . . . . . . . . . . . . 138
4.6 The tree constructi on: from PRGs to PRFs . . . . . . . . . . . . . . . . . . . . . . . 144
4.6.1 Variable length tree construction . . . . . . . . . . . . . . . . . . . . . . . . . 148
v
剩余579页未读,继续阅读
绝不原创的飞龙
- 粉丝: 1w+
- 资源: 1091
上传资源 快速赚钱
- 我的内容管理 收起
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
会员权益专享
最新资源
- RTL8188FU-Linux-v5.7.4.2-36687.20200602.tar(20765).gz
- c++校园超市商品信息管理系统课程设计说明书(含源代码) (2).pdf
- 建筑供配电系统相关课件.pptx
- 企业管理规章制度及管理模式.doc
- vb打开摄像头.doc
- 云计算-可信计算中认证协议改进方案.pdf
- [详细完整版]单片机编程4.ppt
- c语言常用算法.pdf
- c++经典程序代码大全.pdf
- 单片机数字时钟资料.doc
- 11项目管理前沿1.0.pptx
- 基于ssm的“魅力”繁峙宣传网站的设计与实现论文.doc
- 智慧交通综合解决方案.pptx
- 建筑防潮设计-PowerPointPresentati.pptx
- SPC统计过程控制程序.pptx
- SPC统计方法基础知识.pptx
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论0