calofmijuck/blog
1
0
Fork 0
mirror of https://github.com/calofmijuck/blog.git synced 2025-12-06 14:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

[PUBLISHER] upload files #171

Browse Source 
* PUSH NOTE : 9. Public Key Encryption.md

* PUSH NOTE : 3. Symmetric Key Encryption.md

* PUSH ATTACHMENT : is-03-ecb-encryption.png

* PUSH ATTACHMENT : is-03-cbc-encryption.png

* PUSH ATTACHMENT : is-03-ctr-encryption.png

* PUSH NOTE : 07. Public Key Cryptography.md

* PUSH NOTE : 7. Key Exchange.md

* PUSH NOTE : 03. Symmetric Key Cryptography (2).md

* PUSH NOTE : 5. CCA-Security and Authenticated Encryption.md

* PUSH NOTE : 6. Hash Functions.md

* DELETE FILE : _posts/lecture-notes/internet-security/2023-10-03-key-exchange.md

* DELETE FILE : _posts/lecture-notes/modern-cryptography/2023-09-18-symmetric-key-cryptography-2.md

* DELETE FILE : assets/img/posts/lecture-notes/modern-cryptography/is-03-cbc-encryption.png

* DELETE FILE : assets/img/posts/lecture-notes/modern-cryptography/is-03-ctr-encryption.png

* DELETE FILE : assets/img/posts/lecture-notes/modern-cryptography/is-03-ecb-encryption.png
This commit is contained in:
Sungchan Yi
2024-11-13 10:54:01 +09:00
committed by GitHub
parent 6960edd3d4
commit 22a729f12f
3 changed files with 52 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
_posts/lecture-notes/internet-security/2023-10-09-public-key-cryptography.md
View File

@@ -15,7 +15,7 @@ date: 2023-10-09
github_title: 2023-10-09-public-key-cryptography github_title: 2023-10-09-public-key-cryptography
--- ---
In symmetric key cryptography, we have a problem with key sharing and management. More info in the first few paragraphs of [Key Exchange (Modern Cryptography)](../../modern-cryptography/2023-10-03-key-exchange). In symmetric key cryptography, we have a problem with key sharing and management. More info in the first few paragraphs of [Key Exchange (Modern Cryptography)](../modern-cryptography/2023-10-03-key-exchange.md).
## Public Key Cryptography ## Public Key Cryptography
@@ -32,7 +32,7 @@ These keys are created to be used in **trapdoor one-way functions**.
A **one-way function** is a function that is easy to compute, but hard to compute the pre-image of any output. Here are some common examples. A **one-way function** is a function that is easy to compute, but hard to compute the pre-image of any output. Here are some common examples.
- *Cryptographic hash functions*: [Hash Functions (Modern Cryptography)](../../modern-cryptography/2023-09-28-hash-functions/#collision-resistance). - *Cryptographic hash functions*: [Hash Functions (Modern Cryptography)](../modern-cryptography/2023-09-28-hash-functions.md#collision-resistance).
- *Factoring a large integer*: It is easy to multiply to integers even if they're large, but factoring is very hard. - *Factoring a large integer*: It is easy to multiply to integers even if they're large, but factoring is very hard.
- *Discrete logarithm problem*: It is easy to exponentiate a number, but it is hard to find the discrete logarithm. - *Discrete logarithm problem*: It is easy to exponentiate a number, but it is hard to find the discrete logarithm.
@@ -80,14 +80,14 @@ But a problem still remains. How does one verify that this key is indeed from th
## Diffie-Hellman Key Exchange ## Diffie-Hellman Key Exchange
Choose a large prime $p$ and a generator $g$ of $\mathbb{Z}_p^{ * }$. The description of $g$ and $p$ will be known to the public. Choose a large prime $p$ and a generator $g$ of $\mathbb{Z}_p^\ast$. The description of $g$ and $p$ will be known to the public.
> 1. Alice chooses some $x \in \mathbb{Z}_p^{ * }$ and sends $g^x \bmod p$ to Bob. > 1. Alice chooses some $x \in \mathbb{Z}_p^\ast$ and sends $g^x \bmod p$ to Bob.
> 2. Bob chooses some $y \in \mathbb{Z}_p^{ * }$ and sends $g^y \bmod p$ to Alice. > 2. Bob chooses some $y \in \mathbb{Z}_p^\ast$ and sends $g^y \bmod p$ to Alice.
> 3. Alice and Bob calculate $g^{xy} \bmod p$ separately. > 3. Alice and Bob calculate $g^{xy} \bmod p$ separately.
> 4. Eve can see $g^x \bmod p$, $g^y \bmod p$ but cannot calculate $g^{xy} \bmod p$. > 4. Eve can see $g^x \bmod p$, $g^y \bmod p$ but cannot calculate $g^{xy} \bmod p$.
Refer to [Diffie-Hellman Key Exchange (Modern Cryptography)](../../modern-cryptography/2023-10-03-key-exchange/#diffie-hellman-key-exchange-(dhke)). Refer to [Diffie-Hellman Key Exchange (Modern Cryptography)](../modern-cryptography/2023-10-03-key-exchange.md#diffie-hellman-key-exchange-(dhke)).
## Message Integrity ## Message Integrity

8
_posts/lecture-notes/modern-cryptography/2023-09-19-symmetric-key-encryption.md
View File

@@ -128,11 +128,11 @@ We learned how to encrypt a single block. How do we encrypt longer messages with
There are many ways of processing multiple blocks, this is called the **mode of operation**. There are many ways of processing multiple blocks, this is called the **mode of operation**.
Additional explanation available in [Modes of Operations (Internet Security)](../../internet-security/2023-09-18-symmetric-key-cryptography-2/#modes-of-operations). Additional explanation available in [Modes of Operations (Internet Security)](../internet-security/2023-09-18-symmetric-key-cryptography-2.md#modes-of-operations).
### Electronic Codebook Mode (ECB) ### Electronic Codebook Mode (ECB)
![is-03-ecb-encryption.png](../../../assets/img/posts/lecture-notes/internet-security/is-03-ecb-encryption.png) ![is-03-ecb-encryption.png](../../../assets/img/posts/lecture-notes/modern-cryptography/is-03-ecb-encryption.png)
- ECB mode encrypts each block with the same key. - ECB mode encrypts each block with the same key.
- Blocks are independent of each other. - Blocks are independent of each other.
@@ -140,7 +140,7 @@ Additional explanation available in [Modes of Operations (Internet Security)](..
### Ciphertext Block Chain Mode (CBC) ### Ciphertext Block Chain Mode (CBC)
![is-03-cbc-encryption.png](../../../assets/img/posts/lecture-notes/internet-security/is-03-cbc-encryption.png) ![is-03-cbc-encryption.png](../../../assets/img/posts/lecture-notes/modern-cryptography/is-03-cbc-encryption.png)
Let $X = \left\lbrace 0, 1 \right\rbrace^n$ and $E : \mathcal{K} \times X \rightarrow X$ be a **PRP**. Let $X = \left\lbrace 0, 1 \right\rbrace^n$ and $E : \mathcal{K} \times X \rightarrow X$ be a **PRP**.
@@ -191,7 +191,7 @@ Note that if $k_1$ is the same as the key used for encrypting messages, then thi
### Counter Mode (CTR) ### Counter Mode (CTR)
![is-03-ctr-encryption.png](../../../assets/img/posts/lecture-notes/internet-security/is-03-ctr-encryption.png) ![is-03-ctr-encryption.png](../../../assets/img/posts/lecture-notes/modern-cryptography/is-03-ctr-encryption.png)
Let $F : \mathcal{K} \times X \rightarrow X$ be a secure **PRF**. Let $F : \mathcal{K} \times X \rightarrow X$ be a secure **PRF**.

18
_posts/lecture-notes/modern-cryptography/2023-10-19-public-key-encryption.md
View File

@@ -14,9 +14,9 @@ title: 9. Public Key Encryption
date: 2023-10-19 date: 2023-10-19
github_title: 2023-10-19-public-key-encryption github_title: 2023-10-19-public-key-encryption
image: image:
path: assets/img/posts/Lecture Notes/Modern Cryptography/mc-09-ss-pke.png path: assets/img/posts/lecture-notes/modern-cryptography/mc-09-ss-pke.png
attachment: attachment:
folder: assets/img/posts/Lecture Notes/Modern Cryptography folder: assets/img/posts/lecture-notes/modern-cryptography
--- ---
In symmetric encryption, we assumed that the two parties had a shared key in advance. If the two parties do not have a shared key, **public-key encryption** can be used to encrypt messages. In symmetric encryption, we assumed that the two parties had a shared key in advance. If the two parties do not have a shared key, **public-key encryption** can be used to encrypt messages.
@@ -45,7 +45,7 @@ Public key $pk$ will be publicized. After Alice obtains $pk$, she can use it to
The following notion of security is only for an eavesdropping adversary. The following notion of security is only for an eavesdropping adversary.
![mc-09-ss-pke.png](../../../assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-09-ss-pke.png) ![mc-09-ss-pke.png](../../../assets/img/posts/lecture-notes/modern-cryptography/mc-09-ss-pke.png)
> **Definition.** Let $\mc{E} = (G, E, D)$ be a public key encryption scheme defined over $(\mc{M}, \mc{C})$. For an adversary $\mc{A}$, we define two experiments. > **Definition.** Let $\mc{E} = (G, E, D)$ be a public key encryption scheme defined over $(\mc{M}, \mc{C})$. For an adversary $\mc{A}$, we define two experiments.
> >
@@ -69,7 +69,7 @@ Note that $pk$ is sent to the adversary, and adversary can encrypt any message!
For symmetric ciphers, semantic security (one-time) did not guarantee CPA security (many-time). But in public key encryption, semantic security implies CPA security. This is because *the attacker can encrypt any message using the public key*. For symmetric ciphers, semantic security (one-time) did not guarantee CPA security (many-time). But in public key encryption, semantic security implies CPA security. This is because *the attacker can encrypt any message using the public key*.
First, we check the definition of CPA security for public key encryption. It is similar to that of symmetric ciphers, compare with [CPA Security for symmetric key encryption (Modern Cryptography)](../2023-09-19-symmetric-key-encryption/#cpa-security). First, we check the definition of CPA security for public key encryption. It is similar to that of symmetric ciphers, compare with [CPA Security for symmetric key encryption (Modern Cryptography)](./2023-09-19-symmetric-key-encryption.md#cpa-security).
> **Definition.** For a given public-key encryption scheme $\mc{E} = (G, E, D)$ defined over $(\mc{M}, \mc{C})$ and given an adversary $\mc{A}$, define experiments 0 and 1. > **Definition.** For a given public-key encryption scheme $\mc{E} = (G, E, D)$ defined over $(\mc{M}, \mc{C})$ and given an adversary $\mc{A}$, define experiments 0 and 1.
> >
@@ -141,7 +141,7 @@ $$
## CCA Security for Public Key Encryption ## CCA Security for Public Key Encryption
We also define CCA security for public key encryption, which models a wide spectrum of real-world attacks. The definition is also very similar to that of symmetric ciphers, compare with [CCA security for symmetric ciphers (Modern Cryptography)](../2023-09-26-cca-security-authenticated-encryption/#cca-security). We also define CCA security for public key encryption, which models a wide spectrum of real-world attacks. The definition is also very similar to that of symmetric ciphers, compare with [CCA security for symmetric ciphers (Modern Cryptography)](./2023-09-26-cca-security-authenticated-encryption.md#cca-security).
> **Definition.** Let $\mc{E} = (G, E, D)$ be a public-key encryption scheme over $(\mc{M}, \mc{C})$. Given an adversary $\mc{A}$, define experiments $0$ and $1$. > **Definition.** Let $\mc{E} = (G, E, D)$ be a public-key encryption scheme over $(\mc{M}, \mc{C})$. Given an adversary $\mc{A}$, define experiments $0$ and $1$.
> >
@@ -151,9 +151,9 @@ We also define CCA security for public key encryption, which models a wide spect
> - *Encryption*: Send $(m_{i_,0}, m_{i, 1})$ and receive $c'_i \la E(pk, m_{i, b})$. > - *Encryption*: Send $(m_{i_,0}, m_{i, 1})$ and receive $c'_i \la E(pk, m_{i, b})$.
> - *Decryption*: Send $c_i$ and receive $m'_i \la D(sk, c_i)$. > - *Decryption*: Send $c_i$ and receive $m'_i \la D(sk, c_i)$.
> - Note that $\mc{A}$ is not allowed to make a decryption query for any $c_i'$. > - Note that $\mc{A}$ is not allowed to make a decryption query for any $c_i'$.
> 3. $\mc{A}$ outputs a pair of messages $(m_0^ * , m_1^*)$. > 3. $\mc{A}$ outputs a pair of messages $(m_0^\ast , m_1^\ast)$.
> 4. The challenger generates $c^* \la E(pk, m_b^*)$ and gives it to $\mc{A}$. > 4. The challenger generates $c^\ast \la E(pk, m_b^\ast)$ and gives it to $\mc{A}$.
> 5. $\mc{A}$ is allowed to keep making queries, but not allowed to make a decryption query for $c^*$. > 5. $\mc{A}$ is allowed to keep making queries, but not allowed to make a decryption query for $c^\ast$.
> 6. The adversary computes and outputs a bit $b' \in \left\lbrace 0, 1 \right\rbrace$. > 6. The adversary computes and outputs a bit $b' \in \left\lbrace 0, 1 \right\rbrace$.
> >
> Let $W_b$ be the event that $\mc{A}$ outputs $1$ in experiment $b$. Then the **CCA advantage with respect to $\mc{E}$** is defined as > Let $W_b$ be the event that $\mc{A}$ outputs $1$ in experiment $b$. Then the **CCA advantage with respect to $\mc{E}$** is defined as
@@ -176,7 +176,7 @@ Similarly, 1CCA security implies CCA security, as in the above theorem. So to sh
### Active Adversaries in Symmetric vs Public Key ### Active Adversaries in Symmetric vs Public Key
In symmetric key encryption, we studied [authenticated encryption (AE)](../2023-09-26-cca-security-authenticated-encryption/#authenticated-encryption-(ae)), which required the scheme to be CPA secure and provide ciphertext integrity. In symmetric key settings, AE implied CCA. In symmetric key encryption, we studied [authenticated encryption (AE)](./2023-09-26-cca-security-authenticated-encryption.md#authenticated-encryption-(ae)), which required the scheme to be CPA secure and provide ciphertext integrity. In symmetric key settings, AE implied CCA.
However in public-key schemes, adversaries can always create new ciphertexts using the public key, which makes the original definition of ciphertext integrity unusable. Thus we directly require CCA security. However in public-key schemes, adversaries can always create new ciphertexts using the public key, which makes the original definition of ciphertext integrity unusable. Thus we directly require CCA security.