module 6 Flashcards

1
Q

entropy

A

amount of information in the variable

shannon’s entropy: the absolute minimum amount of storage / transmission needed to capture the information in some variable

entropy is a good measure of how “random” (strong) a password is

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How does the one time pad work?

A
  • you have a message M made up of n bits
  • you have a key made up of n bits, distributed uniformly at random
  • you encrypt your message by XORing it with the key
  • you decrypt by XORing the encrypted message with the key
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Shannon’s information theoretic security?

A

ciphertext should leak no information about the plaintext

A cipher (E,D) over (K,M,C) has perfect secrecy if:

For all messages m1, m2 in the message space that are the same size and all ciphertexts c in the ciphertext space: the probability that the encryption of m1 to ciphertext c is the same as the probability that the encryption of m2 to ciphertext c, where the key k i selected uniformly at random

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Explain why OTP is perfectly secret.

A

Lemma: If X is a random variable on {0,1}^n and Y is an independent uniform random variable on {0,1}^2 then Z=X XOR Y is a uniform random variable on {0,1}^n

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the issues with OTP?

A
  1. perfect secrecy implies that key length >= message length: you don’t want to have a key that is the same length as your message
  2. keys only work once. else,
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does it mean that OTP has no integrity?

A

an adversary can intercept and corrupt the message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what is a stream cipher?

A

any cipher that has perfect secrecy must have really long keys…

proposed solution: take idea of OTP and make it practical by introducing some assumptions that we believe hold in practice

key idea: replace random key in OTP by pseudorandom key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

PRG: pseudorandom generator

A

a PRG is a function that takes a random seed and generates pseudorandom bits

G: {0,1}^s –> {0,1}^n, where n&raquo_space; s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

key property of PRG:

A
  1. given a small random seed, one can compute output of PRG efficiently with a deterministic algorithm
  2. the output of PRG looks random (we will revisit later)

**only the seed (or input) to the function is actually random

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

can stream ciphers guarantee perfect secrecy?

A

no.
perfect secrecy implies that your keys need to be as long as the message. this will not be the case with a stream cipher.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

we know that a stream cipher is secure if PRG is secure. so, what is a good definition for a secure cryptographic PRG?

A

very important property:
unpredictability

adversary cannot predict the next bit

informally: a PRG is predictable if there exists an integer i and an efficient algorithm A such that the given the prefix of the output an algorithm can predict the rest
G(k)_i,…,i – A –> G(k)_i,…,n

if G is predictable, stream cipher is not secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

high level proof for:

if G is predictable, stream cipher is not secure

A
  1. suppose PRG G is predictable and stream cipher is secure
  2. suppose the attacker knows a small part of the message
    - -> common for many protocols (e.g. Web protocols have common headers)
  3. attacker can use knowledge of small part of message and ciphertext c to deriver output of G for that part of the message (via message), this is the same as saying that the attacker knows the prefix of the output of the pseudorandom generator
  4. since G is predictable, attacker can determine the next bit and recover the rest of the message.

THEREFORE, stream cipher is not secure. Which is a contradiction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

define predictability formally.

A

if an algorithm is even a tiny tiny bit better than predicting the next bit correctly half the time
so 1/2 plus some epsilon

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

when is a PRG unpredictable?

A

for all i, no “efficient” algorithm can predict bit i + 1 with non negligible E.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

informal definition of negligible vs. non negligible

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

theoretical definition of E

A

epsilon is a function of a security parameter (e.g. length of the key)

a function is negligble f(n): is a function that not only tends toward 0 as n appropaches infinity but does so faster than the inverse of any polynomial (1/poly(n))

examples of negligible functions: 1/2^n, 1/2^sqrt n, 1/n^log(n)

17
Q

are the following negligible?

A
18
Q

why do we draw the line at polynomial?

A

because modern cryptography assumes computation adversaries

  • -bounded computational power
  • -such adversaries can only run efficient (i.e., polynomial) algorithms

big difference between OTP and stream cipher

  • -OTP is secure against a computationally unbounded adversary
  • -stream cipher is secure only against a computationally bounded adversary
19
Q

Kerckhoff’s principle

A

it is desirable that both the encryption and decryption functions are public knowledge and that the secrecy of the message, given the ciphertext, depends totally on the secrecy of the secret key, k.

20
Q

symmetric key system

A

both parties need access to the secret key

21
Q

why should the key be at least 80 bits to avoid exhaustive search by the attacker?

A

it is commonly assumed that a computation taking 2^80 steps will be infeasible for a number of years to come, hence the key space size should be at least 80 bits to avoid exhaustive search