CMSC 456 Introduction to Cryptography

1
CMSC 456Introduction to Cryptography

• Jonathan Katz

2
Overview of exam

• The exam is cumulative
• More emphasis on material covered in the second
  half of the semester
• Focus on understanding and application, less on
  being clever
• Please read instructions, and describe attacks or
  constructions clearly and unambiguously

3
Chapter 1

• Historical private-key encryption schemes
• Why did we talk about these?
• Modern cryptography
• Definitions
• Assumptions
• Proofs

4
Chapter 2

• Perfect secrecy
• The one-time pad
• Limitations of perfect secrecy
• Key as long as the message
• Key can only be used once
• No security against chosen-plaintext attacks
• Need pre-shared key!

5
Chapter 3a

• Computational security
• Private-key encryption
• Definitions
• Indistinguishability in the presence of an
  eavesdropper
• Multiple-message indistinguishability
• CPA-security
• CCA-security

6
Chapter 3b

• Primitives
• Pseudorandom generators
• Pseudorandom functions (block ciphers)
• AES, 3DES, (DES)
• Encryption schemes
• Pseudo one-time pad
• Deterministic encryption?
• Basic CPA-secure encryption scheme
• Modes of encryption

7
Chapter 4a

• Message authentication codes, defining security
• Collision-resistant hash functions
• SHA-1
• Birthday attacks (other applications?)
• Constructions
• Basic construction for short messages
• HMAC
• CBC-MAC

8
Chapter 4b

• Privacy message authentication, CCA-security
• Encrypt-then-authenticate
• Why are the other alternatives problematic?

9
Chapter 5

• Definition of pseudorandomness
• Concrete security requirements
• Substitution-permutation networks
• Attacks on reduced-round SPNs
• AES
• Feistel networks
• Attacks on reduced-round Feistel networks
• DES
• Increasing key length
• 3DES
• Meet-in-the-middle attacks

10
Chapter 7

• Modular arithmetic, group theory, cyclic groups,
  generators
• ZN, ZN, ?(N)
• Generating random primes
• Factoring assumption, RSA assumption, discrete
  logarithm assumption, Diffie-Hellman assumptions
• One-way functions, examples

11
Chapter 9

• What are the limitations of private-key crypto?
• Why did we bother studying private-key crypto at
  all?
• Key exchange
• Definition of security
• Diffie-Hellman key exchange

12
Chapter 10a

• Public-key encryption
• Definitions
• Indistinguishability CPA-security
• Deterministic encryption?
• CCA-security
• Why important
• Hybrid encryption

13
Chapter 10b

• RSA encryption
• Textbook RSA
• Why is it insecure?
• Padded RSA
• El Gamal encryption
• What assumption is it based on?

14
Chapter 12a

• Digital signatures
• Advantages relative to MACs?
• Definition of security
• RSA signatures
• Textbook RSA
• Why is it insecure?
• Hashed RSA

15
Chapter 12b

• Hash-and-sign
• 1-time signatures, Lamports scheme
• PKI, certificates

16
The real world

• Pseudorandom functions (block ciphers)
• AES, 3DES
• Collision-resistant hash function
• SHA-1, others (NIST competition)
• Private-key encryption
• E.g., CBC mode, others for CPA-security
• Encrypt-then-authenticate for CCA-security
• Message authentication codes
• HMAC, CBC-MAC, others

17
The real world

• Key exchange
• (Authenticated) Diffie-Hellman
• Public-key encryption
• (Variants of) padded RSA
• El Gamal encryption
• CCA-secure schemes
• Signature schemes
• (Variants of) hashed RSA
• DSS (we did not cover)