没有合适的资源?快使用搜索试试~ 我知道了~
温馨提示
这本书的目的是要自成一体的。在附录中提供了一些涵盖了来自概率论和代数的基本事实的补充材料。这本书被分为三个部分。•第一部分开发了对称加密,它解释了Alice和Bob双方在拥有攻击者未知的共享密钥时如何安全地交换信息。我们讨论了数据机密性、数据完整性和经过认证的加密的重要概念。•第二部分开发了公钥加密和数字签名的概念,它允许Alice和Bob安全地通信,而不需要预先共享的密钥。•第三部分是关于加密协议的,如用户识别、密钥更改、零知识和安全计算协议。一个初级读者可以通过阅读这本书来了解密码系统是如何工作的以及为什么它们是安全的。书中的每一个安全定理都有一个证明思想,在高水平上解释为什么该方案是安全的。在第一次阅读时,人们可以跳过详细的证明而不失去连续性。初学者也可以跳过数学运算
资源推荐
资源详情
资源评论
A Graduate Course in Applied Cryptography
Dan Boneh and Victor Shoup
Version 0.6, Jan. 2023
Preface
Cryptography is an indispensable tool used to protect information in computing systems. It is
used everywhere and by billions of people worldwide on a daily basis. It is used to protect data at
rest and data in motion. Cryptographic systems are an integral part of standard protocols, most
notably the Transport Layer Security (TLS) protocol, making it relatively easy to incorporate
strong encryption into a wide range of applications.
While extremely useful, cryptography is also highly brittle. The most secure cryptographic
system can be rendered completely insecure by a single specification or programming error. No
amount of unit testing will uncover a security vulnerability in a cryptosystem.
Instead, to argue that a cryptosystem is secure, we rely on mathematical modeling and proofs
to show that a particular system satisfies the security properties attributed to it. We often need to
introduce certain plausible assumptions to push our security arguments through.
This book is about exactly that: constructing practical cryptosystems for which we can argue
security under plausible assumptions. The book covers many constructions for different tasks in
cryptography. For each task we define a precise security goal that we aim to achieve and then
present constructions that achieve the required goal. To analyze the constructions, we develop a
unified framework for doing cryptographic proofs. A reader who masters this framework will be
capable of applying it to new constructions that may not be covered in the book.
Throughout the book we present many case studies to survey how deployed systems operate.
We describe common mistakes to avoid as well as attacks on real-world systems that illustrate the
importance of rigor in cryptography. We end every chapter with a fun application that applies the
ideas in the chapter in some unexpected way.
Intended audience and how to use this book
The book is intended to be self contained. Some supplementary material covering basic facts from
probability theory and algebra is provided in the appendices. The book is divided into three parts.
• Part I develops symmetric encryption which explains how two parties, Alice and Bob, can
securely exchange information when they have a shared key unknown to the attacker. We
discuss data confidentiality, data integrity, and the important concept of authenticated en-
cryption.
• Part II develops the concepts of public-key encryption and digital signatures, which allow
Alice and Bob to communicate securely, without having a pre-shared secret key.
• Part III is about cryptographic protocols, such as protocols for user identification, key ex-
change, zero knowledge, and secure computation.
ii
A beginning reader can read though the book to learn how cryptographic systems work and
why they are secure. Every security theorem in the book is followed by a proof idea that explains
at a high level why the scheme is secure. On a first read one can skip over the detailed proofs
without losing continuity. A beginning reader may also skip over the mathematical details sections
that explore nuances of certain definitions.
An advanced reader may enjoy reading the detailed proofs to learn how to do proofs in cryp-
tography. At the end of every chapter you will find many exercises that explore additional aspects
of the material covered in the chapter. Some exercises rehearse what was learned, but many ex-
ercises expand on the material and present additional ideas that are not covered in the body. We
recommend that readers read through the exercises, even if they do not intend to solve them.
Status of the book
The current draft is mostly complete, although there are a few missing sections here and there.
Those sections, as well as the appendices, are forthcoming. We hope you enjoy this write-up. Please
send us comments and let us know if you find typos or mistakes. We are very grateful to all the
readers who have already sent us comments.
Citations: While the current draft is mostly complete, we have not yet included citations and
references to the many works on which this book is based. Those will be coming soon and will be
presented in the Notes section at the end of every chapter.
Dan Boneh and Victor Shoup
Jan. 2023
iii
Contents
1 Introduction 1
1.1 Historic ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Terminology used throughout the book . . . . . . . . . . . . . . . . . . . . . . . . . 1
I Secret key cryptography 3
2 Encryption 4
2.1 Shannon ciphers and perfect security . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.1 Definition of a Shannon cipher . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.2 Perfect security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.1.3 The bad news . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.2 Computational ciphers and semantic security . . . . . . . . . . . . . . . . . . . . . . 13
2.2.1 Definition of a computational cipher . . . . . . . . . . . . . . . . . . . . . . 13
2.2.2 Definition of semantic security . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.2.3 Connections to weaker notions of security . . . . . . . . . . . . . . . . . . . 18
2.2.4 Consequences of semantic security . . . . . . . . . . . . . . . . . . . . . . . 22
2.2.5 Bit guessing: an alternative characterization of semantic security . . . . . . 25
2.3 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
2.3.1 Negligible, super-poly, and poly-bounded functions . . . . . . . . . . . . . . 28
2.3.2 Computational ciphers: the formalities . . . . . . . . . . . . . . . . . . . . . 29
2.3.3 Efficient adversaries and attack games . . . . . . . . . . . . . . . . . . . . . 32
2.3.4 Semantic security: the formalities . . . . . . . . . . . . . . . . . . . . . . . . 34
2.4 A fun application: anonymous routing . . . . . . . . . . . . . . . . . . . . . . . . . . 35
2.5 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
2.6 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
3 Stream ciphers 45
3.1 Pseudo-random generators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
3.1.1 Definition of a pseudo-random generator . . . . . . . . . . . . . . . . . . . . 46
3.1.2 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
3.2 Stream ciphers: encryption with a PRG . . . . . . . . . . . . . . . . . . . . . . . . . 48
3.3 Stream cipher limitations: attacks on the one time pad . . . . . . . . . . . . . . . . 52
3.3.1 The two-time pad is insecure . . . . . . . . . . . . . . . . . . . . . . . . . . 53
3.3.2 The one-time pad is malleable . . . . . . . . . . . . . . . . . . . . . . . . . . 53
iv
3.4 Composing PRGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
3.4.1 A parallel construction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
3.4.2 A sequential construction: the Blum-Micali method . . . . . . . . . . . . . 59
3.4.3 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
3.5 The next bit test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
3.6 Case study: the Salsa and ChaCha PRGs . . . . . . . . . . . . . . . . . . . . . . . . 67
3.7 Case study: linear generators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
3.7.1 An example cryptanalysis: the linear congruential generator . . . . . . . . . 70
3.7.2 The subset sum generator . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
3.8 Case study: cryptanalysis of the DVD encryption system . . . . . . . . . . . . . . . 74
3.9 Case study: cryptanalysis of the RC4 stream cipher . . . . . . . . . . . . . . . . . . 77
3.9.1 Security of RC4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
3.10 Generating random bits in practice . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
3.11 A broader perspective: computational and statistical indistinguishability . . . . . . 82
3.11.1 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
3.12 A fun application: coin flipping and bit commitment . . . . . . . . . . . . . . . . . . 88
3.13 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
3.14 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
4 Block ciphers 96
4.1 Block ciphers: basic definitions and properties . . . . . . . . . . . . . . . . . . . . . 96
4.1.1 Some implications of security . . . . . . . . . . . . . . . . . . . . . . . . . . 98
4.1.2 Efficient implementation of random permutations . . . . . . . . . . . . . . . 101
4.1.3 Strongly secure block ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . 101
4.1.4 Using a block cipher directly for encryption . . . . . . . . . . . . . . . . . . 102
4.1.5 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
4.2 Constructing block ciphers in practice . . . . . . . . . . . . . . . . . . . . . . . . . . 107
4.2.1 Case study: DES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
4.2.2 Exhaustive search on DES: the DES challenges . . . . . . . . . . . . . . . . 113
4.2.3 Strengthening ciphers against exhaustive search: the 3E construction . . . . 115
4.2.4 Case study: AES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
4.3 Sophisticated attacks on block ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . 122
4.3.1 Algorithmic attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
4.3.2 Side-channel attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
4.3.3 Fault injection attacks on AES . . . . . . . . . . . . . . . . . . . . . . . . . 130
4.3.4 Quantum exhaustive search attacks . . . . . . . . . . . . . . . . . . . . . . . 131
4.4 Pseudo-random functions: basic definitions and properties . . . . . . . . . . . . . . 132
4.4.1 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
4.4.2 Efficient implementation of random functions . . . . . . . . . . . . . . . . . 133
4.4.3 When is a secure block cipher a secure PRF? . . . . . . . . . . . . . . . . . 134
4.4.4 Constructing PRGs from PRFs . . . . . . . . . . . . . . . . . . . . . . . . . 138
4.4.5 Mathematical details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
4.5 Constructing block ciphers from PRFs . . . . . . . . . . . . . . . . . . . . . . . . . . 141
4.6 The tree construction: from PRGs to PRFs . . . . . . . . . . . . . . . . . . . . . . . 147
4.6.1 Variable length tree construction . . . . . . . . . . . . . . . . . . . . . . . . 151
4.7 The ideal cipher model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
v
剩余1129页未读,继续阅读
资源评论
nfgo
- 粉丝: 487
- 资源: 63
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 基于MATLAB图像处理实现直线识别(拟合角平分线)
- VisualComponents Premium 4.9 OLP库卡仿真 KUKA.Sim lservrc.dat
- 从CCD图像传感器到CMOS图像传感器(CIS)的发展历程
- 10.13人工智能训练师内容
- 库卡仿真 KUKA.Sim 4.3.1.433 Setup.exe
- AndroidLogger插件
- Spring Cloud商城项目专栏 020 elasticsearch elasticsearch-head kibana安装
- 2024秋季-5·3天天练英语-译林版-四年级上册_1721222348377.zip
- VisualComponents Premium 4.9 OLP Setup-64
- 猫抓(cat-catch) 资源抓取扩展,能够自动筛选当前页面的资源
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功