Lecture 7.1: Private-key Encryption. Lecture 7.1: Private-key Encryption

Transcription

1

2 Private-key Encryption Alice and Bob share a secret s {0, 1} n

3 Private-key Encryption Alice and Bob share a secret s {0, 1} n Encryption and Decryption algorithms are efficient

4 Private-key Encryption Alice and Bob share a secret s {0, 1} n Encryption and Decryption algorithms are efficient Encryption of a message when decrypted provides the original message

5 Private-key Encryption Alice and Bob share a secret s {0, 1} n Encryption and Decryption algorithms are efficient Encryption of a message when decrypted provides the original message Encryption of any message m 0 is indistinguishable from encryption of any other message m 1 to an eavesdropper

6 Private-key Encryption Alice and Bob share a secret s {0, 1} n Encryption and Decryption algorithms are efficient Encryption of a message when decrypted provides the original message Encryption of any message m 0 is indistinguishable from encryption of any other message m 1 to an eavesdropper Design a predictive experiment to summarize this concept

7 Private-key Encryption Alice and Bob share a secret s {0, 1} n Encryption and Decryption algorithms are efficient Encryption of a message when decrypted provides the original message Encryption of any message m 0 is indistinguishable from encryption of any other message m 1 to an eavesdropper Design a predictive experiment to summarize this concept Formally, for all n.u. PPT A: Pr [ s {0,1} n, (m 0,m 1 ) A, b $ {0,1} : A(Enc(m b )) = b ] negl(n)

8 One-time Pads

9 One-time Pads Encoding of m {0, 1} n using private-key s is: Enc(m; s) := m s

10 One-time Pads Encoding of m {0, 1} n using private-key s is: Enc(m; s) := m s We have: Enc(m 0 ; s $ {0, 1} n ) Enc(m 1 ; s $ {0, 1} n )

11 One-time Pads Encoding of m {0, 1} n using private-key s is: Enc(m; s) := m s We have: Enc(m 0 ; s $ {0, 1} n ) Enc(m 1 ; s $ {0, 1} n ) Why can t we send two messages using the same pad?

12 One-time Pads Encoding of m {0, 1} n using private-key s is: Enc(m; s) := m s We have: Enc(m 0 ; s $ {0, 1} n ) Enc(m 1 ; s $ {0, 1} n ) Why can t we send two messages using the same pad? Length of message bounded by n

13 One-time Pads Encoding of m {0, 1} n using private-key s is: Enc(m; s) := m s We have: Enc(m 0 ; s $ {0, 1} n ) Enc(m 1 ; s $ {0, 1} n ) Why can t we send two messages using the same pad? Length of message bounded by n Story: Alice and Bob met and shared a secret. Subsequently, they can encrypt messages of total length smaller than the length of the shared secret.

14 Using PRGs

15 Using PRGs Encoding of m {0, 1} n using private-key s is: Enc(m; s) := m PRG(s)

16 Using PRGs Encoding of m {0, 1} n using private-key s is: Enc(m; s) := m PRG(s) We have: Enc(m 0 ; s $ {0, 1} n ) Enc(m 1 ; s $ {0, 1} n )

17 Using PRGs Encoding of m {0, 1} n using private-key s is: Enc(m; s) := m PRG(s) We have: Enc(m 0 ; s $ {0, 1} n ) Enc(m 1 ; s $ {0, 1} n ) Can encrypt arbitrarily long messages

18 Using PRGs Encoding of m {0, 1} n using private-key s is: Enc(m; s) := m PRG(s) We have: Enc(m 0 ; s $ {0, 1} n ) Enc(m 1 ; s $ {0, 1} n ) Can encrypt arbitrarily long messages Story: Alice and Bob met and shared a short secret. Subsequently, they can encrypt arbitrarily long messages.

19 What if Alice and Bob never met?

20 What if Alice and Bob never met? Is it even possible to encrypt one bit?

21 What if Alice and Bob never met? Is it even possible to encrypt one bit? Yes! Public-key Encryption (Later in the course)