General notions about cryptography Flashcards
Symmetric vs Asymmetric Cryptography
Symmetric Ke = Kd
Asymmetric Ke is public and Kd is private
Authentication and verification
Athentication :
massage => (message ,tag)
ka in K
Verification
message = > {message , ⊥}
kv in K
Symmetric cryptography :
kv = ka and the tag called mac
Asymmetric crypto
ka is private and kv is public , tag is called signatureperfect screcy :
perfect secrecy :
Pr[Enc(m1)=c] = Pr[Enc(m2)=c]
If | K| = | C| = | P| then the system provides perfect secrecy iff (1) every key is used with equal probability 1/| K|, and (2) for every x ∈ P and y ∈ C, there exists a unique key k ∈ K such that e k(x) = y
perfect secrecy
perfect secrecy => H(k) >= H(M) and key must not be reused
perfect secrecy requires that no info about the message leaked
in practice, a small probability of leaking is allowed
Explain computational security
A schema is (t, ϵ )-secure if the adversary manages to break it in t time with probability ϵ
A scheme is (t,ϵ) -kbit secure and log2 t − log2 ϵ(t) ≥ s.
for example the Exhaustive search :
ϵ(t) = t / |k| => key is size of K space
it means S = log2(t / |k|)-bit secure
Explain computational security
A schema is (t, ϵ )-secure if the adversary manages to break it in t time with probability ϵ
A scheme is (t,ϵ) -kbit secure and log2 t − log2 ϵ(t) ≥ s.
for example the Exhaustive search :
ϵ(t) = t / |k| => key is size of K space
it means S = log2(t / |k|)-bit secure
according to keckchoff principle : the algorithm should be public and key secret
Taxonomy of attacks for Encryption scheme
Exhaustive search : goal : recovering the key Online Complexity: one pair (cipher text, plain text) offline complexity : t = | k | probability success : 1
problem with deterministic encryption and solution
the problem with deterministic encryption is that we may fall in a situation where two ciphertexts are similar with the same Key K:
Solution : Nonce : (asymmetric crypto)
Randomized encryption schema
IN-CCA secure (chosen cipher text and plain text )
A scheme E = (Gen, Enc, Dec) is IND-CCA-secure if no adversary can win the following game for more than a negligible advantage.
Challenger generates a key (pair) k ← Gen() Adversary queries Enck with plaintexts of his choice and Deck with ciphertexts of his choice
Adversary chooses two plaintexts m0, m1 ∈ M with |m0| = |m1|
Challenger randomly chooses b ←R {0, 1}, encrypts mb and sends c = Enck (mb) to the adversary
Adversary queries Enck with plaintexts of his choice and Deck with ciphertexts of his choice except c
Adversary guesses b ′ which plaintext was encrypted
Adversary wins if b ′ = b (Advantage: ϵ = Pr[win] − 1 2
IND-CCA :
Symmetric: ENCk + DEC;
asymetric : DECk
IND-CPA secure (Chosen plain text)
A scheme E = (Gen, Enc, Dec) is IND-CPA-secure if no adversary can win the following game for more than a negligible advantage.
Challenger generates a key (pair) k ← Gen() Adversary queries Enck with plaintexts of his choice Adversary chooses two plaintexts m0, m1 ∈ M with |m0| = |m1|
Challenger randomly chooses b ←R {0, 1}, encrypts mb and sends c = Enck (mb) to the adversary
Adversary queries Enck with plaintexts of his choice
Adversary guesses b ′ which plaintext was encrypted
Adversary wins if b ′ = b (Advantage: ϵ = Pr[win] − 1 2 .)
IND-CPA :
Symmetric: Enck
asymmetric : -
Security schema
(t ,d,Є)-scure if adversity with runing time T having access to D data manages to break the ciphey with Є probability
Taxanomy of attacks on Authentication schema
Universal forgery attack : d: submit random time (message, tag) at the complexity of d no offline message needed probability of success Є is d/ 2^n for n bits
