Cryptography

Lecture 1
 Welcome!
• Crypto is amazing!
– Can do things that seem impossible…

• Crypto is important and pervasive

– It impacts each of us every day

• Crypto is fun!
– Deep theory
– Attackers’ mindset, fun assignments
 Necessary administrative stuff
• Course webpage
– http://www.cs.umd.edu/~jkatz/crypto/s19
– Prerequisites/information posted there
– Syllabus/readings posted there
• Midterm already scheduled
– Slides posted there
– HWs posted there (and on Canvas)
– Announcements posted there
 Necessary administrative stuff
• Canvas
– HWs will be posted on webpage and Canvas
– Use Canvas to submit HWs electronically
• Can type solutions using latex (preferred)
• Can also scan handwritten solutions
• Can also use Word
• Piazza
– Useful for discussions/questions
– Piazza is better than email if others will have the
same question, or if other students can help answer
 TAs
• Erica Blum
• Makana Castillo-Martin
• Elijah Grubb
• Corbin McNeill
• Ben Sela

• Office hours listed on webpage

– May change as semester progresses
 This is a tough class
• Mathematical prerequisites
– Discrete math, probability, modular arithmetic

• Requires mathematical maturity

– Definitions, theorems, proofs, abstraction
 This is a tough class
• CS prerequisites
– Pseudocode/algorithms, big-O notation

• Programming assignments
– Hard part should not be the programming, but the
thought behind it
– Some flexibility in choice of language, but will be
required to read code I provide
 Textbook
• Required textbook: “Introduction to Modern
Cryptography, 2nd edition,” Katz and Lindell
• Exams will be open book
– Physical copies only
 Tips for doing well
• Expected to read relevant sections of textbook
before class
– Lecture will move quickly; I expect questions and
discussion
– If you fall behind on the reading it will be hard to
catch up!
• Watch my videos on Coursera
• “Clicker quizzes” given based on the reading
(as well as throughout class)
– 5% of the grade
 This is a test
• Are you able to use the clicker to respond?
– A: Yes
– B: No
 HWs/exams
• Expect HWs every 1.5-2 weeks
– Optional HWs (ungraded) focusing on theory
• Solutions given
– Graded HWs involving implementation
• Meant to reinforce the abstract concepts
• Meant to highlight practical applications

• In-class midterm and final

– Questions similar to optional HWs and in-class exercises;
may also be based on programming assignments
– Anything covered in class or listed in readings on
syllabus is fair game
 Laptops/electronics
• No-laptop/no-electronics policy
– Distracting to you
– Distracting to others
• If you feel you need an exception to take
notes, talk to me
 How to reach me
• Best way to contact me is by email:
[email protected]
• Please put “CMSC 456” in subject line

• Please email me in advance if you plan to

come to office hours
• Questions?

• Please ask questions throughout!

 Course goals
• Understand the theoretical basis for real-
world crypto
• When you encounter crypto in your career:
– Understand the key terms
– Understand the security guarantees
needed/provided
– Know how to use crypto
– Understand what goes on “under the hood”
• “Crypto mindset”
 Course non-goals
• Designing your own crypto schemes
– This is hard!
• Implementing crypto for real-world use
– This is hard!

•Course goal:
realize when to consult an expert!
 Cryptography (historically)
“…the art of writing or solving codes…”

• Historically, cryptography focused exclusively

on ensuring private communication
between two parties sharing secret
information in advance using “codes” (aka
private-key encryption)
 Modern cryptography
• Much broader scope!
– Data integrity, authentication, protocols, …
– The public-key setting
– Group communication
– More-complicated trust models
– Foundations (e.g., number theory, quantum-
resistance) to systems (e.g., electronic voting,
blockchain, cryptocurrencies)
 Modern cryptography

Design, analysis, and implementation of mathematical

techniques for securing information, systems, and
distributed computations against adversarial attack
 Cryptography (historically)
“…the art of writing or solving codes…”

• Historically, cryptography was an art

– Heuristic, unprincipled design and analysis
– Schemes proposed, broken, repeat…
 Modern cryptography
• Cryptography is now much more of a science
– Rigorous analysis, firm foundations, deeper
understanding, rich theory

• The “crypto mindset” has permeated

other areas of computer security
– Threat modeling
– Proofs of security
 Cryptography (historically)
• Used primarily for military/government
applications, plus a few niche applications in
industry (e.g., banking)
 Modern cryptography
• Cryptography is ubiquitous!
– Password-based authentication, password hashing
– Secure credit-card transactions over the internet
– Encrypted WiFi
– Disk encryption
– Digitally signed software updates
– Bitcoin
–…
 Rough course outline
Secrecy Integrity
Private-key setting Private-key Message
encryption authentication codes
Public-key setting Public-key Digital signatures
encryption

• Building blocks
– Pseudorandom (number) generators
– Pseudorandom functions/block ciphers
– Hash functions
– Number theory
Classical Cryptography
 Motivation
• Allows us to “ease into things…,” introduce
notation
• Shows why unprincipled approaches are
dangerous
• Illustrates why things are more difficult than
they may appear
 Classical cryptography
• Until the 1970s, exclusively concerned with
ensuring secrecy of communication

• I.e., encryption
 Classical cryptography
• Until the 1970s, relied exclusively on secret
information (a key) shared in advance
between the communicating parties

Private-key cryptography
– aka secret-key / shared-key / symmetric-key
cryptography
 Private-key encryption
key
key
ciphertext

c
k k

m
c  Enck(m) message/plaintext m := Deck(c)

decryption
encryption
 Private-key encryption

k
c
m
c := Enck(m)
c
c
k

m := Deck(c)
 Private-key encryption
• A private-key encryption scheme is defined by a
message space M and algorithms (Gen, Enc, Dec):
– Gen (key-generation algorithm): outputs kK
– Enc (encryption algorithm): takes key k and message
mM as input; outputs ciphertext c
c  Enck(m)
– Dec (decryption algorithm): takes key k and
ciphertext c as input; outputs m or “error”
m := Deck(c)
For all mM and k output by Gen,
Deck(Enck(m)) = m
 Kerckhoffs’s principle
• The encryption scheme is not secret
– The attacker knows the encryption scheme
– The only secret is the key
– The key must be chosen at random; kept secret

• Arguments in favor of this principle

– Easier to keep key secret than algorithm
– Easier to change key than to change algorithm
– Standardization
• Ease of deployment
• Public scrutiny
 The shift cipher
• Consider encrypting English text
• Associate ‘a’ with 0; ‘b’ with 1; …; ‘z’ with 25

• k  K = {0, …, 25}
• To encrypt using key k, shift every letter of the
plaintext by k positions (with wraparound)
• Decryption just does the reverse
helloworldz
ccccccccccc
jgnnqyqtnfb
 Modular arithmetic
• x = y mod N if and only if N divides x-y
• [x mod N] = the remainder when x is divided by N
– I.e., the unique value y{0, …, N-1} such that
x = y mod N

• 25 = 35 mod 10
• 25 ≠ [35 mod 10]
• 5 = [35 mod 10]
 The shift cipher, formally
• M = {strings over lowercase English alphabet}
• Gen: choose uniform k{0, …, 25}
• Enck(m1…mt): output c1…ct, where
ci := [mi + k mod 26]
• Deck(c1…ct): output m1…mt, where
mi := [ci - k mod 26]

• Can verify that correctness holds…

 Is the shift cipher secure?
• No -- only 26 possible keys!
– Given a ciphertext, try decrypting with every
possible key
– Only one possibility will “make sense”
– (What assumptions are we making here?)

• Example of a “brute-force” or “exhaustive-

search” attack
 Example
• Ciphertext uryybjbeyq
• Try every possible key…
– tqxxaiadxp
– spwwzhzcwo
–…
– helloworld
 Byte-wise shift cipher
• Work with an alphabet of bytes rather than
(English, lowercase) letters
– Works natively for arbitrary data!

• Use XOR instead of modular addition

– Essential properties still hold
 Hexadecimal (base 16)
Hex Bits Decimal Hex Bits Decimal
(“nibble”) (“nibble”)
0 0000 0 8 1000 8
1 0001 1 9 1001 9
2 0010 2 A 1010 10
3 0011 3 B 1011 11
4 0100 4 C 1100 12
5 0101 5 D 1101 13
6 0110 6 E 1110 14
7 0111 7 F 1111 15
 Hexadecimal (base 16)
• 0x10
– 0x10 = 16*1 + 0 = 16
– 0x10 = 0001 0000

• 0xAF
– 0xAF = 16*A + F = 16*10 + 15 = 175
– 0xAF = 1010 1111