Lecture 2 - Perfect Security vs Complexity Theoretical Security Flashcards
(18 cards)
Describe the one-time pad
K=M=C={0,1}power n
Gen: Outputs a random key k (length of message)
Enc: Uses xor for message bits, if in key 1 change if 0 leave original
Dec: Reverse the process
One key used only one time
Is the one time pad secure
Only if the attacker learns nothing about the message (only cyphertext), if they learn key or original message, it’s over.
What is perfect security and what does it’s definition imply?
Perfect Security: “There is no attacker that can learn info about m from Enck(m)”
Information-theoretical security
- Attacker has unlimited computing power
- Security is not based on any assumption
Implies:
- Given the ciphertext, it is not possible to decide whether m0 or m1 was encrypted
- Attacker with unlimited computing power (= most powerful attacker) receives no information about message from ciphertext
- Ciphertext-only attack impossible
Note: Other attacks are still possible!
Is OTP perfectly secure?
Yes, see lecture 2 slide 10 (12 on the slides)
Name some drawbacks of OTP
- The key is as long as the message (long keys must be stored for large amounts of data)
- Key can only be used once: 𝐜 ⊕ 𝐜′ = 𝐦 ⊕ 𝐤 ⊕ 𝐦′ ⊕ 𝐤 = 𝐦 ⊕ 𝐦′
- can reveal something about plain text - Security in limited attacker model (cypertext-only attacks)
What does shannon’s theorem prove?
That OTP is the only perfectly secure encryption scheme, since it uses a key as long as the message.
Shannon’s theorem assumes that a perfectly secure enc method with message space M and key space K, the following holds |K| >= |M|
What does Shannon’s theorem imply?
Long keys are necessary for information-theoretic security (i.e. when attacker has unlimited runtime).
Is info-theo security necessary in practice? Generally not, we need security against all efficient adversaries
What is efficient computation in complexity theory?
A computation performed by a Probabilistic Polynomial-Time (PPT) algorithm
When is a problem solvable in polynomial time?
If the number of computational steps required is bound by T(n)=O(n^c) for some const. c. Here n is the input size (length of x)
Polynomial-time algos are considered efficient
What are probabilistic algorithms in complexity theory?
- Use randomness in their computation
- Random input makes algo more efficient
- Either access random at every step, or take random additional input
- PPT algorithms are probabilistic algorithms that still run in polynomial time.
What is a polynomial-time turing machine?
A theoretical model of computation with a finite alphabet tape and a read/write head that moves based on instructions.
How does a Probabilistic Turing Machine differ from a regular Turing Machine?
It has an extra tape for randomness, allowing probabilistic computation.
When is a function negligible?
When for every positive integer c there exists a number n’ ∈ 𝐙 {>𝟎} , such that for all n > n’ holds 𝛍(𝐧) ≤1/ n^c
Aka, the function is negligible if it approaches 0 faster than the reciprocal of any polynomial
Explain how negl and poly functions work when multiplied or summed.
poly + poly = poly
poly * poly = poly
negl + negl = negl
negl * negl = negl
poly * negl = negl
poly + negl != negl
When do we say a cryptoscheme x is secure?
when for all poly-time turing machines A:
P(A breaks security property of X) is negl
Sec param: “negl” and “poly” only make sense if X and the adversary receive an additional value as input, this value is called security parameter n.
Explain the notation 1^n
Many algos (attackers, crypto algos, etc.) receive as input the value
1^n = 111…1 (n times)
Practice/implementation: Can be ignored and it is sufficient to pass the security parameter n
Theory: Important for polynomial runtime, as we always speak about “polynomial in the input length”:
- Input n: |n| = log(n) Runtime -> O(n) is already “exponential”
- Input 1^n: |1^n| = n Runtime -> O(n^c) is polynomial runtime
Explain attacks agains a crypto scheme if:
- sec parameter n is length of k
- assumption: k is a random element in {0,1}^n
Adversary guesses the secret key k
Adversary tries out all secret keys k
If they try to guess k:
- Prob of success is 2^(-n) which is negligible
If they try all secret keys k
- Runtime is 2^n steps which is exponential, no success
