Lecture 17: May 5, 2021

Due: Lab 2, due May 5, 2021 (Note new due date); Homework 3, due May 10, 2021 (Note new due date)

1. Symmetric Cryptography
1. Polyalphabetic: Vigenère, fi(a) = a + ki mod n
2. Cryptanalysis: first do index of coincidence to see if it is monoalphabetic or polyalphabetic, then Kasiski method.
3. Problem: eliminate periodicity of key
2. Long key generation
1. Autokey cipher: key is keyword followed by plaintext or cipher text
2. Running-key cipher: key is simply text; wedge is that (plaintext, key) letter pairs are not random (T/T, H/H, E/E, T/S, R/E, A/O, S/N, etc.)
3. Perfect secrecy: when the probability of computing the plaintext message is the same whether or not you have the ciphertext; only cipher with perfect secrecy: one-time pads; C = AZPC; is that DOIT or DONT?
3. Product ciphers
1. DES
2. AES
4. Public-Key Cryptography
1. Basic idea: 2 keys, one private, one public
2. Cryptosystem must satisfy:
1. Given public key, computationally infeasible to get private key;
2. Cipher withstands chosen plaintext attack;
3. Encryption, decryption computationally feasible (note: commutativity not required)
3. Benefits: can give confidentiality or authentication or both
5. Use of public key cryptosystem
1. Normally used as key interchange system to exchange secret keys (cheap)
2. Then use secret key system (too expensive to use public key cryptosystem for this)
6. El Gamal
1. Provides confidentility; there is a corresponding algorithm for authenticity
2. Based on discrete log problem
7. RSA
1. Provides both authenticity and confidentiality
2. Based on difficulty of computing totient, φ(n) when n is difficult to factor
8. Elliptic curve cryptography
1. Works for any cryptosystem depending on discrete log problem
2. Example: Elliptic curve El Gamal
3. Selection of curves
9. Cryptographic Checksums
1. Function y = h(x): easy to compute y given x; computationally infeasible to compute x given y
2. Variant: given x and y, computationally infeasible to find a second x’ such that y = h(x’)
3. Keyed vs. keyless

10. Digital Signatures
1. Judge can confirm, to the limits of technology, that claimed signer did sign message
2. RSA digital signatures: sign, then encipher, then sign

 Matt Bishop Office: 2209 Watershed Sciences Phone: +1 (530) 752-8060 Email: mabishop@ucdavis.edu
ECS 135, Computer Security
Version of May 5, 2021 at 7:20AM