online cryptography course
k
1’
dan boneh
public key encryption from diffie-heliman
a
unifying theme
i

one-way functions (informal)
afunction f:x—’y is one-wayif
• there is an efficient algorithm to evaluate f(•), but
• inverting f is hard:
forallefficienta and x—x
pr[ a(f(x)) i < negligible
functionsthat are not one-way: f(x) = x, f(x) = 0
d,nboneh

one-way functions (informal)
a function f: x —4y is one-way if
• there is an efficient algqrithm tqvaiuate f(), but
—
• inverting f is hard:
forallefficienta and x—x
pr[ a(f(x)) i < negligible
functions that are not one-way: f(x) = x, f(x) = 0
dan boneh

a function
one-way functions f: x —‘ v is one-way if
(informal)
there is an efficient algqrithm to evaluate f(), but
inverting f is hard:
forallefficienta and x—x
pr[ a(f(x)) i < negligible
functionsthat are not one-way:
f(x) = x,
f(x)=o
drn boneb

a function
one-way functions f:x—’y is one-wayif
(informal)
there is an efficient ajg.qrithm to evaluate f(•), but
inverting f is hard:
for all efficient a and
< negligible
functionsthat are not one-way:
f(x) = x,
f(x)=o
x—x
03n boneb

a function
one-way functions f:x—’y is one-wayif
(informal)
• there is an efficient aigqrithmtqeyiate f(), but
< negligible
f(x)=x, f(x)=o
• inverting f is hard:
for all efficient a and
x—x
functionsthat are not one-way:
0
drn boneh

ex. 1: generic one-way functions
let f:x—y bea secure prg (where ivi >> lxi )
(e.g. f built using det. counter mode)
lemma: fa secure prg f is one-way proof sketch:
a inverts f b(y) = is a distinguisher
generic: no special properties. difficult to use for key exchange.
drn bone),

ex. 1: generic one-way functions
let f: x —‘ v be a secure prg (where >>ixi_)
(e.g. lbu lit using det. counter mode)
lemma: fa secure prg f is one-way proof sketch:
a inverts f b(y) = is a distinguisher
generic: no special properties. difficult to use for key exchange.
drnboneh

ex. 1: generic one-way functions
let f: x — y be a secure prg (where iyi >>x_)
(e.g. f built using det. counter mode)
lemma: f a secure prg f is one-way proof sketch:
,ci•
a inverts f b(y) = 1 is a distinguisher
-y’y
generic: no special properties. difficult to use for key exchange.
drn bonch

ex. 1:
generic one-way functions
let f:x—>y
beasecure prg
(where
lj
>>ixi)
(e.g. f built using det. counter mode)
lemma: fa secure prg
- -
proof sketch:
ainvertsf b(y)
y’y
generic: no special properties.
ql4l/1’
is a distinguisher
d the ,.-
difficult to use for key exchange.
f is one-way
=7o+ j
drnboneh

ex
the
dlog one-way function
fixafinitecyclicgroup g (e.g
g: arandomgeneratorin 6
define:
f: z—g
as
[f(x)=gx eg
lemma:
diogharding
= f is one-way
dnboneh
g=(z)*) of order n
23
(i.e. 6={1,g,g,g , •,,,gfll} )

the dlog one-way function
_______ g=(z)*) of order n
(i.e. c: = {1, g, g2, g3, .. , gfll} )
define:
f: z—g
as
[f(x)=gx eg
lemma:
diogharding
= f is one-way
ex
fix a finite cyciicpg a random generator in 6
(e.g
dnboneh

ex
the
dlog one-way function
g=(z)*) of order n
(i.e. g = {1, g, g2, g3, .. , gfll} )
define:
f: z—g
/
as
x)=gx eg
dloghardh,g = f is one-way
f(x), f(x)
‘ key-exchange and public-key encryption
fix a finite cyciicpg a random generator in g
(e.g
lemma:
properties:
= f(x+y)
drn boneb

ex
the
dlog one-way function
as
g=(z)*) of order n
(i.e. g = {1, g, g2, g3, .. , gfl4} )
lemma:
dloghardk,g
= f is one-way
properties:
=f(x+y)
= f(x) • f(y)
key-exch a nge and pu blic-key encryption
fix a finite ysou g (e.g
a random generator in 6
define:
f: z—g
/
[f(x)=gx eg
drn boneh

the rsa one-way function
• choose random primes
• choose integers
p,q 1o24 bits. set n=pq. (modq(n))
define:
f. * *
n n
as
[f(x)= xe fl zn]
lemma:
f is one-way under the rsa assumption
properties:
f(xy)=f(x) .f(y)
and f has a trapdoor
ex.
-j.
e,d s.t. ed=1
do boneh

the rsa one-way function
_____ setp
define:
.f. *
n
z*
n
as
[ f(x)= xe fl zn]
lemma:
f is one-way under the rsa assumption
properties:
x.) = f(x) fm
and f has a trapdoor
ex.
j.
choose random primes
choose integers
p,q1o24 bits.
e, d s.t.
ed=1
(mod p(n))
03n bone),

summary
public key encryption:
made possible by one-way functions
with special properties
homomorphic properties and trapdoors
03n boneh

summary
public key encryption:
made possible byone-wayfunions
with special properties
homomorphic properties and trapdoors
fl”x1,4iy)
da boneh

end of segment

Original on youtube.com

You need Flash player 8+ and JavaScript enabled to view this video.

Professor Dan Boneh is offering a free online course on Cryptography starting in March 12, 2012. https://www.coursera.org/course/crypto