密碼學導論筆記 Ch1 OVERVIEW

--- title: 密碼學導論筆記 Ch1 OVERVIEW tags: 密碼學導論,筆記,大學檔案 --- [TOC] # Cryptography - 不能做的事 - the solution to all security problems. - Software bugs - Social engineering attacks - Reliable unless implemented correctly and used properly.(e.g., WEP, SSL, …) - Something you should try to invent yourself. - Never use a proprietary cipher. - three steps in cryptography - Precisely specify threat model - Propose a construction - Prove that breaking construction under threat mode will solve an underlying hard problem # 名詞解釋 - Plain Text(明文) - 又叫 clear text - 平時使用未加密的訊息 - Cipher Text(密文) - 加密過的訊息 - Cryptography(密碼術) - 加密方案的設計與分析問題 - 任何需要抵禦惡意攻擊的系統的設計試圖濫用它。 - Cryptanalysis(密碼分析) - 嘗試破解任何密文訊息以獲取資訊的過程原始純文字訊息 - 嘗試破壞任何安全協議或系統的過程 - Cryptology(密碼學) - Cryptology = Cryptography + Cryptanalysis - Enciphering or encryption (加密) - Plain Text 轉變成 Cipher Text的過程 - Deciphering or decryption(解密) - Cipher Text復原成Plain Text的過程 - Steganography (**隱寫術**) - Types of Cipher - Stream Cipher: Bit-by-bit encryption / decryption - Block Cipher: Block-by-block encryption / decryption - Secret Key or Symmetric: Key 1 = Key 2 (對稱式加密) - Public Key or Asymmetric: Key 1 ≠ Key 2 (非對稱式加密) ![image](https://hackmd.io/_uploads/HyA6UjdWyg.png) ![image (1)](https://hackmd.io/_uploads/r1OCLidWyl.png) - One-way functions (OWF) (**單向函式**) - A function that is easy to compute y from x but “hard” to compute x from y - Strong collision resistance - 很難找到一組x1,x2，使得H(x1) = H(x2)。 - Weak collision resistance - 給定一個值 x，我們很難找到一個相異的 x′，使得H(x) = H(x′)。 - Preimage resistance - Hard to find a message with a given hash value. (one-way property) - 給一個𝑧，無法找到𝑥符合ℎ𝑎𝑠ℎ(𝑥) = 𝑧 - 簡單來說，ℎ𝑎𝑠ℎ是 one-way 的，給 output 無法反推 input - Second preimage resistance - Hard to find two messages with the same hash value. (strong collision resistance) - 給𝑥1，無法找到𝑥2符合ℎ𝑎𝑠ℎ(𝑥1) = ℎ𝑎𝑠ℎ(𝑥2) - 跟第一個性質相比，差在就算已知明文仍舊找不到另一個 input 跟已知明文的 hash 一樣 - Collision resistance - Given 𝑚 it is hard to find - 有生之年是爆破不出來的 ![image (2)](https://hackmd.io/_uploads/BJOJPjO-kl.png) # Digital Signatures 1. 讓收件者相信郵件實際上是由可信賴來源發送的 2. 不允許否認，即那不是我的簽名。 3. 不允許在未使簽章失效的情況下竄改訊息 # Types of an Attacker’s Success - 經典區分，主要用於加密和認證 - 計算金鑰（完全中斷）。 - 金鑰等效方法（通用中斷）。 - 解密或偽造特定訊息 - Authentication(認證) - Selective break (selective falsification) - 在攻擊之前選擇一則訊息。 - Existential break (existential falsification) - 攻擊期間計算的一些訊息。 - 加密 - Whole message - Partial information, e.g. particular bits, sum of the digits) ## Example - Authentication (existential falsification): - (Measurement) Data without redundancy - Signed nonsense undermines the confidence - Encryption (partial information): - Particular bits in formulas - In the case that only few plaintexts are possible: every kind of information helps distinguishing them. # Types of attacks - Adaptation - Non-adaptive: All active parts (choices) at once. - Adaptive: Active parts are done stepwise and can be adapted to the result of the previous step. - Cryptographic Protocols - Attacks on cryptography have to follow rules of the protocol. - Protocols can be attacked without breaking the cryptography.