Semantic Security and the One-Time Pad
Вставка
- Опубліковано 26 лип 2024
- Information Security - Week 2b
In this video: the one-time pad, information theoretic security, semantic security, ciphertext indistinguishability, chosen-plaintext attack games, and more.
Undergraduate course on networking security and cryptography taught by Aleksander Essex, Ph.D., P.Eng., Associate professor of Software Engineering, Associate Chair (Graduate), Department of Electrical and Computer Engineering, Western University, Canada
Website:
essex.cc
Twitter:
/ aleksessex
Semantic Security reference text:
Introduction to Modern Cryptography
By Jonathan Katz, Yehuda Lindell
Second Edition, Published by Chapman and Hall/CRC, 2014
ISBN 9781466570269
www.routledge.com/Introductio...
Course topics include:
Confidentiality, authenticity, integrity, ciphers, plaintext, ciphertext, encryption, decryption, keys, key generation function, uniform random, semantic security, bits of security, brute force, Kerckhoff's principle, semantic security, ciphertext indistinguishability, IND-CPA, INC-CCA, block ciphers, message padding, PKCS 7, modes of operation, initialization vector, pseudo-random permutation, counter mode, cipher block chaining, electronic codebook mode, counter mode, CBC, ECB, CTR, Advanced Encryption Standard, AES, hash functions, random oracles, pre-image resistance, collision resistance, SHA-1, SHA-256, SHA3, SHA-513, MD5, message authentication codes, MACs, Galois counter mode, GCM, AEC-GCM, public-key cryptography, Diffie-Hellman, public-key agreement, Elliptic curve Diffie-Hellman, DHE, ECDHE, digital signatures, ECDSA, RSA signatures, PKCS v1.5, digital certificates, X.509, public-key infrastructure, PKI, certificate pinning, certificate revocation, CRL, trust store, Transport Layer Security, TLS, TLS 1.2, TLS 1.3, HTTP over TLS, HTTPS Secure Shell, SSH, ciphersuite, client hello, server hello, VPNs, TOR, 802.11, wifi encryption, client authentication, passwords, password hashing, password lengths, single sign-on, federated identity
----
Music: Arp Bounce - Geographer
Support by RFM - NCM: bit.ly/2xGHypM
Slide template: Slidesgo including Flaticons with infographics & images by Freepik - Наука та технологія
Interesting video, though it constantly surprises me that no one has openly imagined the MUP (Multiple Use Pads) that I have designed. Yes, it is possible to create an OTP that is reusable. Sure, it should be called a modified Vigenère cipher, or Vigenère 2.0, however, I like MUP better. If you are curious, take a look; verifying that MUPs are indeed reusable isn't difficult; you can use one of these MUPs on innumerable messages and try to break it.
OTP,++. Beyond the pad and key.
1) A randomised character set (RCS). Character Set Length (CSL)
2) A number that gets split into pairs of digits ie: '334688......' is 33 46 88......
3) Any text as the pad.
Encryption formula is ((M+O)-X) mod CSL. M = message char. O = pad char. X = number
Decryption formula is ((E-O)+X) mod CSL. E = encrypted char
Using those numbers...
For the first encryption the CS is rotated. Odd left, Even right by X. So 33 left. Then the characters 33 46 and 88 are removed from the CS and placed at the beginning of it. The message is encrypted with the new CS and the cipher text produced is used for the second encryption. The CS is rotated right 46 and the characters 33 46 and 88 are removed and placed at the start of the new CS. The process is repeated for 88.
The final encryption being the cipher text to send. Decryption, just reverse the above operations.
The sender and receiver share the RCS and number. The any text is text from a book, magazine, paper etc.
An example: A Random Character Set: The CSL is 94.
Cdpe o+^3I]AP-?E}#"xq!Y(UNF[Q{uJ8$5Zkm_,aSLyTB%c=OjgG*2w7Ms6')KhH:~R.fzr
A number, to keep it simple: '02030405'
Some text for the pad. In this case, using your paragraph above: message length= 65. Multiply it by the number '02030405' length divided by 2 equals 4. The text is 65 x 4 = 260 characters long.
Confidentiality, authenticity, integrity, ciphers, plaintext, ciphertext, encryption, decryption, keys, key generation function, uniform random, semantic security, bits of security, brute force, Kerckhoff's principle, semantic security, ciphertext indistinguis
Encrypted message:
f
Great video - why do you say IND-EAV is too "strong" (as oppose to too weak because you can assume attackers can do more)? Would be correct to understand IND-CPA to be stronger than IND-EAV? Thanks
I think he means that it's too strong of an assumption that the attackers can ONLY do IND_EAV. Like modern hackers can send queries and stuff to the encryption system, and get back data. They aren't only limited to eavesdropping.
THEGAMINGRULER gotcha thanks. That makes sense
@@aaronli1240 yes, the terms "stronger" and "weaker" are a constant and non-intuitive source of confusion in the crypto world. I probably should have more clear but as was pointed out, I'm applying the term "strength" to the assumptions that we're making about the adversary, i.e., that they can ONLY eavesdrop. But yes, you're right, IND-CCA2 is a stronger notion (in the intuitive sense of the word).
on 1:22, according to WikiPedia, The key must be at least as long as the plaintext, not just exactly the same length as plaintext, en.wikipedia.org/wiki/One-time_pad#:~:text=The%20key%20must%20be%20at,according%20to%20Gregory%20Chaitin%20definition.
The important point here is that the encryption function consumes one bit of key material for one bit of plaintext. Could you generate a duodecillion random bits and then encrypt just one bit? Absolutely. But you still only consume one bit of key material. The rest is unused. What happens to this leftover? Now we get into the opsec headaches of the OTP...