ebook img

A classical introduction to modern cryptography PDF

343 Pages·2005·1.35 MB·english
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview A classical introduction to modern cryptography

A CLASSICAL INTRODUCTION TO CRYPTOGRAPHY Applications for Communications Security A CLASSICAL INTRODUCTION TO CRYPTOGRAPHY Applications for Communications Security by Serge Vaudenay SwissFederalInstituteofTechnologies(EPFL) Serge Vaudenay Ch. de Riant-Mont 4 CH-1023 Crissier Switzerland Library of Congress Cataloging-in-Publication Data A C.I.P. Catalogue record for this book is available from the Library of Congress. A CLASSICAL INTRODUCTION TO MODERN CRYPTOGRAPHY Applications for Communications Security by Serge Vaudenay Swiss Fédéralel Institute of Technologies (EPFL) ISBN-10: 0-387-25464-1 e-ISBN-10: 0-387-25880-9 ISBN-13: 978-0-387-25464-7 e-ISBN-13: 978-0-387-25880-5 Printed on acid-free paper. (cid:164) 2006 Springer Science+Business Media, Inc. All rights reserved. This work may not be translated or copied in whole or in part without the written permission of the publisher (Springer Science+Business Media, Inc., 233 Spring Street, New York, NY 10013, USA), except for brief excerpts in connection with reviews or scholarly analysis. Use in connection with any form of information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now know or hereafter developed is forbidden. The use in this publication of trade names, trademarks, service marks and similar terms, even if the are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. Printed in the United States of America. 9 8 7 6 5 4 3 2 1 SPIN 11357582, 11426141 springeronline.com ToChristineandEmilien Contents Preamble . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv 1 PrehistoryofCryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1 FoundationsofConventionalCryptography.................... 1 1.1.1 TheOriginsofCryptography ......................... 1 1.1.2 KeyWords........................................ 2 1.1.3 Transpositions,Substitutions,andSecretKeys............ 4 1.1.4 VernamCipher .................................... 7 1.1.5 Enigma:TowardIndustrialCryptography................ 8 1.2 RootsofModernCryptography ............................. 10 1.2.1 CryptographicProblems:TheFundamentalTrilogy........ 10 1.2.2 AssumptionsofModernCryptography.................. 11 1.2.3 AdversarialModels................................. 12 1.2.4 CryptographyfromVariousPerspectives ................ 13 1.2.5 Methodology...................................... 15 1.3 (cid:1)TheShannonTheoryofSecrecy............................ 15 1.3.1 (cid:1)SecrecyofCommunication.......................... 15 1.3.2 (cid:1)Entropy ......................................... 17 1.3.3 (cid:1)PerfectSecrecy ................................... 18 1.3.4 (cid:1)ProductCiphers................................... 19 1.4 Exercises............................................... 19 2 ConventionalCryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 2.1 TheDataEncryptionStandard(DES)......................... 22 2.2 DESModesofOperation.................................. 25 2.2.1 ElectronicCodeBook(ECB)......................... 25 2.2.2 CipherBlockChaining(CBC) ........................ 26 2.2.3 OutputFeedback(OFB) ............................. 27 2.2.4 CipherFeedback(CFB).............................. 29 2.2.5 CounterMode(CTR) ............................... 30 2.3 MultipleEncryption ...................................... 30 2.3.1 DoubleMode...................................... 30 2.3.2 TripleMode....................................... 31 2.4 AnApplicationofDES:UNIXPasswords..................... 31 viii Contents 2.5 ClassicalCipherSkeletons................................. 32 2.5.1 FeistelSchemes.................................... 32 2.5.2 Lai–MasseyScheme................................ 33 2.5.3 Substitution–PermutationNetwork..................... 36 2.6 OtherBlockCipherExamples .............................. 37 2.6.1 (cid:1)FOX:ALai–MasseyScheme ........................ 37 2.6.2 (cid:1)CS-CIPHER:ASubstitution–PermutationNetwork....... 40 2.7 TheAdvancedEncryptionStandard(AES) .................... 42 2.8 StreamCiphers.......................................... 46 2.8.1 StreamCiphersversusBlockCiphers................... 46 2.8.2 RC4............................................. 46 2.8.3 A5/1:GSMEncryption.............................. 48 2.8.4 E0:BluetoothEncryption............................ 50 2.9 BruteForceAttacks ...................................... 51 2.9.1 ExhaustiveSearch.................................. 52 2.9.2 DictionaryAttack .................................. 53 2.9.3 CodebookAttack................................... 54 2.9.4 (cid:1)Time–MemoryTradeoffs............................ 54 2.9.5 Meet-in-the-MiddleAttack........................... 59 2.10 Exercises............................................... 60 3 DedicatedConventionalCryptographicPrimitives . . . . . . . . . . . . . . 63 3.1 CryptographicHashing.................................... 63 3.1.1 Usage............................................ 63 3.1.2 ThreatModels..................................... 64 3.1.3 FromCompressiontoHashing........................ 65 3.1.4 ExampleofMD5................................... 66 3.1.5 ExamplesofSHAandSHA-1......................... 67 3.2 TheBirthdayParadox..................................... 70 3.3 (cid:1)ADedicatedAttackonMD4 .............................. 74 3.4 MessageAuthenticationCodes.............................. 78 3.4.1 Usage............................................ 78 3.4.2 ThreatModel...................................... 79 3.4.3 MACfromBlockCiphers:CBC-MAC.................. 80 3.4.4 (cid:1)AnalysisofCBC-MAC............................. 82 3.4.5 (cid:1)MACfromStreamCiphers.......................... 86 3.4.6 MACfromHashFunctions:HMAC.................... 88 3.4.7 AnAuthenticatedModeofOperation................... 90 3.5 CryptographicPseudorandomGenerators ..................... 92 3.5.1 UsageandThreatModel............................. 92 3.5.2 (cid:1)CongruentialPseudorandomGenerator ................ 92 3.5.3 PracticalExamples ................................. 93 3.6 Exercises............................................... 95 Contents ix 4 (cid:1)ConventionalSecurityAnalysis . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 4.1 (cid:1)DifferentialCryptanalysis................................. 97 4.2 (cid:1)LinearCryptanalysis..................................... 103 4.3 (cid:1)ClassicalSecurityStrengthening ........................... 111 4.3.1 (cid:1)Nonlinearities .................................... 111 4.3.2 (cid:1)CharacteristicsandMarkovCiphers................... 112 4.3.3 (cid:1)TheoreticalDifferentialandLinearCryptanalysis ........ 114 4.3.4 (cid:1)AdhocConstruction............................... 120 4.4 (cid:1)ModernSecurityAnalysis................................. 123 4.4.1 (cid:1)DistinguishabilitySecurityModel..................... 123 4.4.2 (cid:1)TheLuby–RackoffResult........................... 125 4.4.3 (cid:1)Decorrelation..................................... 126 4.5 Exercises............................................... 132 5 SecurityProtocolswithConventionalCryptography . . . . . . . . . . . . . 135 5.1 PasswordAccessControl .................................. 135 5.1.1 UNIXPasswords................................... 136 5.1.2 BasicAccessControlinHTTP........................ 136 5.1.3 PAPAccessControlinPPP........................... 137 5.2 Challenge–ResponseProtocols.............................. 137 5.2.1 DigestAccessControlinHTTP....................... 138 5.2.2 CHAPAccessControlinPPP......................... 140 5.3 One-TimePassword ...................................... 140 5.3.1 LamportScheme................................... 140 5.3.2 S/KeyandOTP.................................... 141 5.4 KeyDistribution......................................... 142 5.4.1 TheNeedham–SchroederAuthenticationProtocol......... 142 5.4.2 Kerberos ......................................... 143 5.4.3 (cid:1)MerklePuzzles ................................... 145 5.5 (cid:1)AuthenticationChains.................................... 145 5.5.1 (cid:1)MerkleTree...................................... 145 5.5.2 (cid:1)TimestampsandNotary............................. 147 5.6 WirelessCommunication:TwoCaseStudies................... 148 5.6.1 TheGSMNetwork ................................. 148 5.6.2 TheBluetoothNetwork.............................. 150 5.7 Exercises............................................... 153 6 AlgorithmicAlgebra . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 6.1 BasicGroupTheory...................................... 155 6.1.1 BasicSetTheory................................... 155 6.1.2 Groups........................................... 157 6.1.3 GeneratingaGroup,ComparingGroups ................ 158 6.1.4 BuildingNewGroups............................... 159 6.1.5 FundamentalsonGroups............................. 159

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.