Instructor: Ran Canetti. Office Hours: Tue pm. Email: canetti bu. The goal is to give students a taste of the main concepts, abstractions and algorithms, as well as the main. Throughout, the course will alternate between the foundational viewpoint and the applied one. Here is a tentative list of topics, by week:. Some knowledge of complexity theory, such as the notion of Turing machines and the classes P and NP is recommended.

## Cryptography Fundamentals – Part 1

If you took Theory of computation CS you. If in doubt, contact the instructor. Some informal prior knowledge in cryptography can be useful but is not required. Most importantly, the course requires some level of. Syllabus - What you will learn from this course. Video 6 videos.

Course Overview 3m.

Basic Cryptography 10m. Kerckhoff's Principle 9m. CryptoAnalysis of Monoalphabetic Substitution Cipher 13m.

Columnar Transposition Ciphers 4m. Reading 5 readings. What makes a cryptographic protocol strong? Basic Cryptoanalysis. Columnar transposition Ciphers 30m. One time pad encryption 30m. Quiz 1 practice exercise.

### File Extensions and File Formats

Exam 2. Symmetric Key Algorithm 8m. Advanced Encryption Standard 9m. AES Selection Criteria 13m. Dealing with Block Swapping and Replay Attacks 7m.

- A Memoir of Jane Austen: And Other Family Recollections (Oxford Worlds Classics).
- CAS CS538 – Fundamentals of Cryptography?
- Recommended for you.
- Software language engineering first international conference; revised selected papers SLE <1. 2008. Toulouse>.
- Recipes for Disaster: An Anarchist Cookbook;
- Cryptology | iqegumybiwyf.ml.

Block Cipher Mode of Operation 11m. Section 8. Block cipher mode of operation 15m. Symmetric Key Algorithm 20m. Video 5 videos. Modular Arithmetic 13m. Euler Totient Theorem 13m. While Diffie and Hellman could not find such a system, they showed that public-key cryptography was indeed possible by presenting the Diffie—Hellman key exchange protocol, a solution that is now widely used in secure communications to allow two parties to secretly agree on a shared encryption key. Diffie and Hellman's publication sparked widespread academic efforts in finding a practical public-key encryption system.

The Diffie—Hellman and RSA algorithms, in addition to being the first publicly known examples of high quality public-key algorithms, have been among the most widely used. Other asymmetric-key algorithms include the Cramer—Shoup cryptosystem , ElGamal encryption , and various elliptic curve techniques. Ellis had conceived the principles of asymmetric key cryptography.

Williamson is claimed to have developed the Diffie—Hellman key exchange. Public-key cryptography is also used for implementing digital signature schemes. A digital signature is reminiscent of an ordinary signature ; they both have the characteristic of being easy for a user to produce, but difficult for anyone else to forge. Digital signatures can also be permanently tied to the content of the message being signed; they cannot then be 'moved' from one document to another, for any attempt will be detectable. In digital signature schemes, there are two algorithms: one for signing , in which a secret key is used to process the message or a hash of the message, or both , and one for verification , in which the matching public key is used with the message to check the validity of the signature.

Digital signatures are central to the operation of public key infrastructures and many network security schemes e. Public-key algorithms are most often based on the computational complexity of "hard" problems, often from number theory. For example, the hardness of RSA is related to the integer factorization problem, while Diffie—Hellman and DSA are related to the discrete logarithm problem. The security of elliptic curve cryptography is based on number theoretic problems involving elliptic curves.

Because of the difficulty of the underlying problems, most public-key algorithms involve operations such as modular multiplication and exponentiation, which are much more computationally expensive than the techniques used in most block ciphers, especially with typical key sizes. As a result, public-key cryptosystems are commonly hybrid cryptosystems , in which a fast high-quality symmetric-key encryption algorithm is used for the message itself, while the relevant symmetric key is sent with the message, but encrypted using a public-key algorithm.

Similarly, hybrid signature schemes are often used, in which a cryptographic hash function is computed, and only the resulting hash is digitally signed. The goal of cryptanalysis is to find some weakness or insecurity in a cryptographic scheme, thus permitting its subversion or evasion.

It is a common misconception that every encryption method can be broken. In connection with his WWII work at Bell Labs , Claude Shannon proved that the one-time pad cipher is unbreakable, provided the key material is truly random , never reused, kept secret from all possible attackers, and of equal or greater length than the message. In such cases, effective security could be achieved if it is proven that the effort required i. This means it must be shown that no efficient method as opposed to the time-consuming brute force method can be found to break the cipher.

Since no such proof has been found to date, the one-time-pad remains the only theoretically unbreakable cipher. There are a wide variety of cryptanalytic attacks, and they can be classified in any of several ways. A common distinction turns on what Eve an attacker knows and what capabilities are available. In a ciphertext-only attack , Eve has access only to the ciphertext good modern cryptosystems are usually effectively immune to ciphertext-only attacks. In a known-plaintext attack , Eve has access to a ciphertext and its corresponding plaintext or to many such pairs.

In a chosen-plaintext attack , Eve may choose a plaintext and learn its corresponding ciphertext perhaps many times ; an example is gardening , used by the British during WWII. In a chosen-ciphertext attack , Eve may be able to choose ciphertexts and learn their corresponding plaintexts.

## Cryptography Fundamentals – Part 1

Cryptanalysis of symmetric-key ciphers typically involves looking for attacks against the block ciphers or stream ciphers that are more efficient than any attack that could be against a perfect cipher. For example, a simple brute force attack against DES requires one known plaintext and 2 55 decryptions, trying approximately half of the possible keys, to reach a point at which chances are better than even that the key sought will have been found.

But this may not be enough assurance; a linear cryptanalysis attack against DES requires 2 43 known plaintexts with their corresponding ciphertexts and approximately 2 43 DES operations. Public-key algorithms are based on the computational difficulty of various problems. The most famous of these are the difficulty of integer factorization of semiprimes and the difficulty of calculating discrete logarithms , both of which are not yet proven to be solvable in polynomial time using only a classical Turing-complete computer.

Much public-key cryptanalysis concerns designing algorithms in P that can solve these problems, or using other technologies, such as quantum computers. For instance, the best known algorithms for solving the elliptic curve-based version of discrete logarithm are much more time-consuming than the best known algorithms for factoring, at least for problems of more or less equivalent size.

Thus, other things being equal, to achieve an equivalent strength of attack resistance, factoring-based encryption techniques must use larger keys than elliptic curve techniques. For this reason, public-key cryptosystems based on elliptic curves have become popular since their invention in the mids. While pure cryptanalysis uses weaknesses in the algorithms themselves, other attacks on cryptosystems are based on actual use of the algorithms in real devices, and are called side-channel attacks.

If a cryptanalyst has access to, for example, the amount of time the device took to encrypt a number of plaintexts or report an error in a password or PIN character, he may be able to use a timing attack to break a cipher that is otherwise resistant to analysis. An attacker might also study the pattern and length of messages to derive valuable information; this is known as traffic analysis [53] and can be quite useful to an alert adversary.

Poor administration of a cryptosystem, such as permitting too short keys, will make any system vulnerable, regardless of other virtues. Social engineering and other attacks against humans e. Much of the theoretical work in cryptography concerns cryptographic primitives —algorithms with basic cryptographic properties—and their relationship to other cryptographic problems. More complicated cryptographic tools are then built from these basic primitives.

- Browse more videos.
- CAS CS – Fundamentals of Cryptography » BU RISCS » Boston University;
- Cryptology.
- Introduction.
- Digital Games: Computers at Play (The Digital World)!
- The Mathematics of Internet Congestion Control (Systems & Control: Foundations & Applications).

These primitives provide fundamental properties, which are used to develop more complex tools called cryptosystems or cryptographic protocols , which guarantee one or more high-level security properties. Note however, that the distinction between cryptographic primitives and cryptosystems, is quite arbitrary; for example, the RSA algorithm is sometimes considered a cryptosystem, and sometimes a primitive. Typical examples of cryptographic primitives include pseudorandom functions , one-way functions , etc. One or more cryptographic primitives are often used to develop a more complex algorithm, called a cryptographic system, or cryptosystem.

Cryptosystems e. Cryptosystems use the properties of the underlying cryptographic primitives to support the system's security properties. As the distinction between primitives and cryptosystems is somewhat arbitrary, a sophisticated cryptosystem can be derived from a combination of several more primitive cryptosystems. In many cases, the cryptosystem's structure involves back and forth communication among two or more parties in space e. Such cryptosystems are sometimes called cryptographic protocols. More complex cryptosystems include electronic cash [54] systems, signcryption systems, etc.

Some more 'theoretical' [ clarification needed ] cryptosystems include interactive proof systems , [55] like zero-knowledge proofs , [56] systems for secret sharing , [57] [58] etc. Cryptography has long been of interest to intelligence gathering and law enforcement agencies. Because of its facilitation of privacy , and the diminution of privacy attendant on its prohibition, cryptography is also of considerable interest to civil rights supporters.

Accordingly, there has been a history of controversial legal issues surrounding cryptography, especially since the advent of inexpensive computers has made widespread access to high quality cryptography possible. In some countries, even the domestic use of cryptography is, or has been, restricted.

Until , France significantly restricted the use of cryptography domestically, though it has since relaxed many of these rules. In China and Iran , a license is still required to use cryptography. In the United States , cryptography is legal for domestic use, but there has been much conflict over legal issues related to cryptography. Probably because of the importance of cryptanalysis in World War II and an expectation that cryptography would continue to be important for national security, many Western governments have, at some point, strictly regulated export of cryptography.

After World War II, it was illegal in the US to sell or distribute encryption technology overseas; in fact, encryption was designated as auxiliary military equipment and put on the United States Munitions List. However, as the Internet grew and computers became more widely available, high-quality encryption techniques became well known around the globe.

In the s, there were several challenges to US export regulation of cryptography. Bernstein , then a graduate student at UC Berkeley , brought a lawsuit against the US government challenging some aspects of the restrictions based on free speech grounds. The case Bernstein v. United States ultimately resulted in a decision that printed source code for cryptographic algorithms and systems was protected as free speech by the United States Constitution.

In , thirty-nine countries signed the Wassenaar Arrangement , an arms control treaty that deals with the export of arms and "dual-use" technologies such as cryptography. The treaty stipulated that the use of cryptography with short key-lengths bit for symmetric encryption, bit for RSA would no longer be export-controlled. Since this relaxation in US export restrictions, and because most personal computers connected to the Internet include US-sourced web browsers such as Firefox or Internet Explorer , almost every Internet user worldwide has potential access to quality cryptography via their browsers e.

Many Internet users don't realize that their basic application software contains such extensive cryptosystems. These browsers and email programs are so ubiquitous that even governments whose intent is to regulate civilian use of cryptography generally don't find it practical to do much to control distribution or use of cryptography of this quality, so even when such laws are in force, actual enforcement is often effectively impossible.

Another contentious issue connected to cryptography in the United States is the influence of the National Security Agency on cipher development and policy. The technique became publicly known only when Biham and Shamir re-discovered and announced it some years later.

## Fundamentals of Cryptology: A Professional Reference and Interactive Tutorial / Edition 1

The entire affair illustrates the difficulty of determining what resources and knowledge an attacker might actually have. Another instance of the NSA's involvement was the Clipper chip affair, an encryption microchip intended to be part of the Capstone cryptography-control initiative. Clipper was widely criticized by cryptographers for two reasons.

The cipher algorithm called Skipjack was then classified declassified in , long after the Clipper initiative lapsed. The classified cipher caused concerns that the NSA had deliberately made the cipher weak in order to assist its intelligence efforts. The whole initiative was also criticized based on its violation of Kerckhoffs's Principle , as the scheme included a special escrow key held by the government for use by law enforcement i.

Cryptography is central to digital rights management DRM , a group of techniques for technologically controlling use of copyrighted material, being widely implemented and deployed at the behest of some copyright holders. In , U. President Bill Clinton signed the Digital Millennium Copyright Act DMCA , which criminalized all production, dissemination, and use of certain cryptanalytic techniques and technology now known or later discovered ; specifically, those that could be used to circumvent DRM technological schemes.

Similar statutes have since been enacted in several countries and regions, including the implementation in the EU Copyright Directive. Similar restrictions are called for by treaties signed by World Intellectual Property Organization member-states. Niels Ferguson , a well-respected cryptography researcher, has publicly stated that he will not release some of his research into an Intel security design for fear of prosecution under the DMCA.

Dmitry Sklyarov was arrested during a visit to the US from Russia, and jailed for five months pending trial for alleged violations of the DMCA arising from work he had done in Russia, where the work was legal. In both cases, the Motion Picture Association of America sent out numerous DMCA takedown notices, and there was a massive Internet backlash [9] triggered by the perceived impact of such notices on fair use and free speech.

In the United Kingdom, the Regulation of Investigatory Powers Act gives UK police the powers to force suspects to decrypt files or hand over passwords that protect encryption keys. Failure to comply is an offense in its own right, punishable on conviction by a two-year jail sentence or up to five years in cases involving national security.

In the United States, the federal criminal case of United States v. Fricosu addressed whether a search warrant can compel a person to reveal an encryption passphrase or password. The FBI—Apple encryption dispute concerns the ability of courts in the United States to compel manufacturers' assistance in unlocking cell phones whose contents are cryptographically protected.

As a potential counter-measure to forced disclosure some cryptographic software supports plausible deniability , where the encrypted data is indistinguishable from unused random data for example such as that of a drive which has been securely wiped. From Wikipedia, the free encyclopedia. This is the latest accepted revision , reviewed on 17 September For the Aya Kamiki album, see Secret Code. For the David S. Ware album, see Cryptology album. Main article: History of cryptography. Main article: Symmetric-key algorithm. Main article: Public-key cryptography. Main article: Cryptanalysis.

See also: Cryptography laws in different nations. Main article: Export of cryptography. See also: Clipper chip. Main article: Digital rights management. Main article: Key disclosure law. A Greek-English Lexicon.