Contemporary Cryptography Concepts

Questions and Answers

What transformation did cryptography undergo from the mid-20th century to today?

Cryptography evolved from a practice limited to writing and solving codes into a scientific discipline encompassing various applications like authentication and key exchange.

List two applications of cryptography beyond simple encryption.

Authentication and key exchange are two key applications of cryptography beyond simple encryption.

Define what constitutes an encryption scheme.

An encryption scheme consists of a method for converting plaintext into ciphertext using a specific algorithm and key for secure communication.

What were the primary users of cryptography before the mid-20th century?

Before the mid-20th century, cryptography was primarily used by armies and diplomats.

Explain the significance of Yao's millionaire problem in contemporary cryptography.

Yao's millionaire problem illustrates the concept of secure function evaluation, showcasing the application of cryptography in privacy-preserving protocols.

What is the significance of the statement Pr[M = m|C = c] = Pr[M = m] in the context of perfect encryption?

It signifies that the probability of a message given a ciphertext is equal to the probability of the message itself, indicating that ciphertext does not provide any information about the message.

How does perfect encryption ensure that every message has an equal probability distribution over messages?

Perfect encryption ensures that for every ciphertext c, all messages have the same probability of being the original message, maintaining uniform distribution across the message space.

Explain the role of Bayes' theorem in the proof of equivalence for perfect encryption.

Bayes' theorem is used to relate the conditional probabilities of the message and ciphertext, showing that if Pr[C = c|M = m] equals Pr[C = c], then perfect secrecy is maintained.

In perfect encryption, why is it crucial that Pr[C = c|M = m] = Pr[C = c] holds for all messages m and ciphertexts c?

It is crucial because it ensures that the occurrence of a specific ciphertext does not influence the probabilities of the underlying messages, hence achieving perfect secrecy.

What implications does having a probability distribution over messages (Pr[M = m]) have on the encryption process in perfect encryption?

It implies that the encryption process must account for the likelihood of each message in order to maintain the perfect secrecy property across various distributions.

What is the essence of Kerckhoffs’ principle?

The essence is that only the key should be kept secret while the encryption algorithm can be public.

Why is it more manageable to keep only the key secret according to Kerckhoffs' principle?

Because keys are easier to exchange and update in case of compromise than entire encryption systems.

How does the use of public algorithms enhance security?

Public algorithms allow for scrutiny by others, which increases safety and can lead to standardized practices.

What are the four attack scenarios described in the context of cryptanalysis?

They are passive attacks (ciphertext-only, known-plaintext) and active attacks (chosen-plaintext, chosen-ciphertext).

What is a simple method to break Caesar's cipher when only the ciphertext is known?

One can try all 26 possible keys to decrypt the message.

What lesson can be learned about key space from the analysis of Caesar's cipher?

The key space should be large enough to prevent exhaustive search attacks when messages are long.

In what way does Kerckhoffs’ principle suggest avoiding risks associated with code reverse-engineering?

By keeping the algorithm public, the risk of reverse-engineering is minimized since the key alone is secret.

Why is having a single encryption scheme per pair of users considered unmanageable?

It complicates key management, increases the risk of key compromise, and hinders communication efficiency.

What is the primary improvement of mono-alphabetic substitution over Caesar's cipher?

It allows for any permutation of the alphabet instead of just a constant shift.

How many possible keys are there in a mono-alphabetic substitution cipher?

There are approximately 26! which is about 288 keys.

What cryptanalysis method can be used to break a mono-alphabetic substitution cipher?

Frequency analysis can be utilized if the plaintext language is known.

What lesson is learned about key space from the vulnerabilities of mono-alphabetic ciphers?

A large key space alone is insufficient for security; independent message distribution is also needed.

Describe the unique feature of the Vigenère cipher compared to previous ciphers.

It uses varying shifts for each position in the plaintext based on a sequence of numbers.

What hypothetical key could you use to encode 'Cryptography is great' in a Vigenère cipher, if the key is ⟨2, 24, 5⟩?

The encoded result would be 'Attnvjetvnjt gu bpgvr'.

What can help to break the Vigenère cipher, given sufficient ciphertext?

Making educated guesses about the key length followed by frequency analysis can help.

Why is large key space not enough for secure encryption according to the discussions on mono-alphabetic ciphers?

Because it does not account for the vulnerabilities in message distributions and frequency patterns.

What condition is necessary for a cryptographic system to be considered perfectly secret?

For every pair of messages $m_0$ and $m_1$, and every ciphertext $c$, the equality $Pr[C = c|M = m_0] = Pr[C = c|M = m_1]$ must hold.

Explain the significance of the condition $Pr[PrivKeav_{A,Π} = 1] = rac{1}{2}$ in terms of an adversary's success.

This condition implies that an adversary cannot successfully distinguish between the two chosen messages with a probability better than random guessing.

What does it imply if an adversary A outputs $b'$ in the PrivKeav experiment?

It indicates that A is trying to guess which of the two messages has been encrypted, based on the ciphertext received.

In the context of perfect encryption, what role does the encryption function play?

The encryption function ensures that each message is transformed into a ciphertext in a way that conceals the original content.

How does the one-time pad achieve perfect secrecy?

The one-time pad achieves perfect secrecy by using a random key that is as long as the message and used only once.

Why is it essential that the encryption scheme be indistinguishable for any two messages?

Indistinguishability ensures that even if the same plaintexts are encrypted multiple times, the ciphertexts reveal no information about the messages.

What is the implication of choosing random keys in the encryption process of a perfectly secret system?

Randomly chosen keys are crucial because they ensure that the output (ciphertext) is unpredictable, thus protecting the plaintext.

What does the condition $Pr[M = m | C = c]$ imply in the context of perfect encryption?

It implies that given a ciphertext $c$, the probability of any specific message $m$ remains constant and independent of $c$.

What is the primary function of the one-time pad in encryption?

The one-time pad provides perfect secrecy during the encryption process.

Why is the one-time pad considered to be inconvenient?

It requires a key as long as the message, which is impractical for most uses.

Explain the significance of the binary XOR operation in the context of the one-time pad.

The XOR operation is used to encrypt and decrypt messages, ensuring confidentiality.

What condition must be met for an encryption scheme to be considered perfectly secret?

The size of the key must be at least equal to the size of the message.

Describe the result of applying the one-time pad encryption to two messages with the same key.

It allows an attacker to potentially determine the XOR of the two messages.

What happens when |K| < |M| in terms of security?

The encryption scheme cannot be perfectly secret, as there exist messages that could be decrypted from ciphertexts.

According to Shannon’s theory, what limitation exists regarding perfectly secret encryption schemes?

Shannon states that perfectly secret encryption schemes are theoretically possible but impractical.

What does Pr[C = c | M = m] signify in the context of the one-time pad?

It represents the probability of the ciphertext being c given the plaintext m.

Study Notes

Introduction to Cryptography

• The course is titled LMAT2450 - Cryptography.
• The course is taught by François Koeune, Olivier Pereira, and T. Peters
• The course focuses on the algorithmic and mathematical aspects of securing information.

Course Goal

• Students will understand fundamental concepts, methods, and algorithms used to secure information.

Related Courses at UCL

• Information theory and coding, taught by J. Louveaux and B. Macq. and O. Pereira
• Secure electronic circuits and systems, taught by F.-X. Standaert
• Privacy Enhancing Technologies, taught by O. Pereira and F.-X. Standaert
• Secured systems engineering, taught by A. Legay
• Computer System Security, taught by R. Sadre
• Number Theory, taught by P.-E. Caprace and O. Pereira

Other Related Courses

• Machine Learning, taught by J. Lee and M. Verleysen
• Computer Networks, taught by O. Bonaventure
• Discrete Mathematics II: Algorithms and complexity, taught by J.-C. Delvenne
• Ethics and ICT, taught by A. Gosseries and O. Pereira

Class Organisation

• Lectures are held on Wednesday from 14:00 to 16:00.
• Exercises are held on Wednesday from 16:15 to 18:15.
• TAs are Antoine Legat and Alexis Vuille.
• Students are allowed to use slides and personal notes during exams
• Past exam questions are often used as exercises.

Syllabus

• The course will cover Introduction (1 lecture)
• Symmetric cryptography (4 lectures)
• Asymmetric cryptography and algorithmic number theory (5 lectures)
• Post-quantum cryptography (1 lecture)

Support Material

• Introduction to Modern Cryptography (3rd edition) by J. Katz and Y. Lindell, Chapman & Hall/CRC - 2021, http://www.cs.umd.edu/~jkatz/imc.html
• Other references (see also Moodle):
• D. Stinson, Cryptography, Theory and Practice, 3rd edition, Chapman & Hall/CRC, 2005.
• N.P. Smart, Cryptography Made Simple, Springer, 2016. (Free access within UCLouvain network)
• A.J. Menezes, P. van Oorschot, S. Vanstone, Handbook of Applied Cryptography, 1999. (Free on http://www.cacr.math.uwaterloo.ca/hac/)
• D. Boneh, V. Shoup, A Graduate Course in Applied Cryptography, Free draft on http://toc.cryptobook.us/.
• S. Gabraith, Mathematics of Public Key Cryptography, Cambridge University Press, 2012, Extended version from author's homepage.

Cryptography...

• COD defines cryptography as "the art of writing or solving codes".
• This definition was mostly true until the mid-20th century
• Cryptography was primarily used by armies and diplomats.

Cryptography... Today

• Cryptography is used widely in daily life.
• Examples include car security systems, identification cards, and security in financial transactions.
• Cryptography is much more than just encryption, instead it's also used in key exchange, identification and is used in elections.

The Cryptography Problem

• The diagram shows a basic message encryption problem between 2 users (A and B).
• A sends a message m to B.
• The system receives m and encrypts it into c and sends it to B.
• B decrypts the message and reads m.

Message Encryption

• An encryption scheme consists of three components: Gen, Enc, and Dec.

• Gen probabilistically produces a key, k

• Enc encrypts the message, m, using the key k, producing a ciphertext, c

• Dec decrypts the ciphertext, c, using the key, k, recovering the original message, m

• The Scytale (Greece, 7th century BC) involves using a cylinder to encrypt messages based on its diameter.

• The Caesar's cipher (Rome, 1st c. BC) involves shifting each letter of the alphabet a fixed number of positions.

Cryptanalysis

• Cryptanalysis is the art of code-breaking or cracking codes.
• In cryptanalysis, the attacker should consider which information should be secret, like Gen, Enc, Dec, or k.
• The attacker should identify which attack scenario would be used. Possible attacks include eavesdropping or chosen-plaintext attacks.
• Kerckhoffs' principle (1883) states that only the secret key should be kept secret. This principle is to ensure that the encryption scheme and algorithm can be public knowledge.

Cryptanalysis: Attacker Model

• The attacker needs to determine which attack scenario is relevant.
  • Passive attacks (e.g., ciphertext-only, known-plaintext) involve observing the ciphertext only, or observing plaintext/ciphertext pairs
  • Active attacks (e.g., chosen-plaintext, chosen-ciphertext) involve the ability to choose messages to be encrypted or decrypted.

Mono-alphabetic Substitution

• An improvement on Caesar's cipher, allows any permutation of the alphabet.
• The possible keys are 26! ≈ 2⁸⁸
• To break this, frequency analysis can be useful if the plaintext language is known.
• This shows that frequency analysis can be useful in breaking substitution ciphers.

Mono-alphabetic Substitution (Frequencies)

• Frequency analysis can help in breaking codes because letter frequencies in English and other languages vary.

Vigenère Cipher

• A further improvement over substitution ciphers using a repeating key to determine the shift factor for each letter
• To break this, enough ciphertext is needed to determine the keylength by trial and error.
• Frequency analysis is then used to break the code.

Historic Ciphers

• Cryptography has a long history.
• For example. D. Kahn, or J. Stern.

Modern Cryptography

• Definitions, assumptions, proofs.

Modern Cryptography: Definitions

• Defining what needs to be done, and defining why one scheme is better than another.

Example of Encryption

• Cryptography needs to define security for encryption schemes.
  • Given a ciphertext, an attacker shouldn't be able to recover the key or the plaintext.
  • Given a ciphertext, an attacker shouldn't be able to recover any character or function of the plaintext.

Modern Cryptography: Precise Assumptions

• Most schemes rely on computational assumptions, useful for abstraction and scheme comparison.

Modern Cryptography: Proof of Security

• Relate schemes, definitions, and assumptions using a reductionist approach. If a scheme can be broken, an assumption can also be falsified.

Modern Cryptography: Definitions (Limitations)

• Science vs. real-world limitations.
• Checking intuitive properties.
• Comparing with other definitions and attack examples.
• Using definitions for a period of time.

Perfect Encryption

• Shannon (1949) showed that theoretically, perfect encryption is possible.

Perfect Encryption (Definition)

• A triple (Gen, Enc, Dec) is perfectly secret if the probability of a ciphertext given a message is equal to the probability of the message
• Enc, Dec may be probabilistic or deterministic.
• M and C are sets of possible messages and ciphertexts.

Perfect Encryption (Equivalent Definition)

• If for any two messages (m and m'), in a given ciphertext, the probability of m is equal to m'
• This means that the ciphertext corresponding to the two messages cannot be distinguished.

Perfect Encryption (Example)

• The One-Time Pad (OTP) is a perfectly secret encryption scheme.
• OTP uses a key that is as long as the message.
• Each bit of the message is XORed with the corresponding key bit to produce the ciphertext.
• XOR is a binary operation that returns 1 if the inputs are different and 0 if they are the same.

One-Time Pad

• The one-time pad is perfectly secret but is not convenient to use.
• The key needs to be as long a message to be secure.
• If a key is used twice with multiple messages, then the adversary can solve the code.

Limits of Perfect Secrecy

• Schemes with shorter key lengths than messages can't be perfectly secret
• Because of this the ciphertext is not equally probable under different messages.

Conclusion

• Perfectly secret encryption schemes exist, but are difficult to use.
• Shannon's work indicates that a theoretical limit exists under various assumptions.
• The next topic in the course will discuss bounded computational power.

Description

This quiz explores the evolution and principles of cryptography from the mid-20th century to present day. It covers applications, encryption schemes, and significant problems in the field, including practical implications of perfect encryption and Kerckhoffs' principle.