modern cryptography theory and practice

TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany

Publi sher: Prent i ceHal lPTRPub Dat e: Jul y 25,2003I SBN: 0- 13-066943-1Pages: 648

Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy. TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy. TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Copyri ghtHewl et t- Packard Prof essionalBooksA Shor tDescri pt ion ofthe BookPref ace Scope Acknowl edgement sLi st ofFi guresLi st ofAl gori t hms,Prot ocol sandAt t acksPart I : I nt roducti on Chapter1. Begi nni ngwi t ha Si mpl eCommuni cat i onGame Secti on 1.1.A Communicati on Game Secti on 1.2.Cri t eri aforDesi rableCrypt ographi cSystems andProt ocol s Secti on 1.3.Chapt erSummar y Exerci ses Chapter2. Wrest l ing Bet ween SafeguardandAt t ack Secti on 2.1.I nt roduct i on Secti on 2.2.Encrypt i on Secti on 2.3.Vul ner abl eEnvi ronment( the Dol ev- Yao ThreatModel) Secti on 2.4.Aut hent icati on Servers Secti on 2.5.Securi t y Pr opert iesforAut henti catedKey Est abl i shment Secti on 2.6.Protocol s f or Authent i cat ed KeyEst abl i shment Usi ng Encrypt i on Secti on 2.7.Chapt erSummar y Exerci sesPart I I :Mat hemati calFoundat ions:St andardNot at i on Chapter3. Probabi l i t y and I nfor mat i onTheory Secti on 3.1.I nt roduct i on Secti on 3.2.Basi cConceptofProbabi l i t y Secti on 3.3.Proper ti es Secti on 3.4.Basi cCal cul at i on Secti on 3.5.RandomVari abl es and t hei rProbabi l i t y Di st ri but i ons Secti on 3.6.Bi rt hdayParadox Secti on 3.7.I nfor mat i onTheory TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy. Secti on 3.8.Redundancyi nNat uralLanguages Secti on 3.9.Chapt erSummar y Exerci ses Chapter4. Comput at i onal Compl exi t y Secti on 4.1.I nt roduct i on Secti on 4.2.Turi ngMachi nes Secti on 4.3.Determi ni st i cPol ynomial Ti me Secti on 4.4.Probabi l isti cPol ynomi alTi me Secti on 4.5.Non- det ermi ni st i c Polynomi al Ti me Secti on 4.6.Non- Pol ynomi al Bounds Secti on 4.7.Pol ynomi al -t i meI ndi sti ngui shabi l it y Secti on 4.8.TheoryofComput at i onal Compl exi t y and Moder n Cryptography Secti on 4.9.Chapt erSummar y Exerci ses Chapter5. Algebr aic Foundat i ons Secti on 5.1.I nt roduct i on Secti on 5.2.Groups Secti on 5.3.Ri ngs and Fi el ds Secti on 5.4.TheSt ruct ur eofFi ni t e Fi el ds Secti on 5.5.Group Const ruct ed Usi ngPoi nt sonanEl l i pt i c Curve Secti on 5.6.Chapt erSummar y Exerci ses Chapter6. NumberTheory Secti on 6.1.I nt roduct i on Secti on 6.2.Congruences and Resi dueCl asses Secti on 6.3.Eul er'sPhi Functi on Secti on 6.4.TheTheorems ofFermat ,EulerandLagrange Secti on 6.5.Quadr at ic Resi dues Secti on 6.6.Squar eRoot sModul oI nteger Secti on 6.7.Bl um I nt egers Secti on 6.8.Chapt erSummar y Exerci sesPart I I I : Basic Crypt ographi c Techni ques Chapter7. Encrypt ion Symmet ri cTechni ques Secti on 7.1.I nt roduct i on Secti on 7.2.Defi ni t i on Secti on 7.3.Substi t ut i on Ci pher s Secti on 7.4.Transposi t i onCi phers Secti on 7.5.Cl assi calCi phers:Usefulness and Secur it y Secti on 7.6.TheDat a Encrypt i onStandard(DES) Secti on 7.7.TheAdvanced Encr ypt i on St andard ( AES) Secti on 7.8.Confi dent i al i t y ModesofOperat i on Secti on 7.9.KeyChannelEst abl i shmentf orSymmet ri cCryptosystems Secti on 7.10. Chapt er Summary Exerci ses Chapter8. Encrypt ion Asymmet ri cTechni ques Secti on 8.1.I nt roduct i on Secti on 8.2.I nsecuri t y of" TextbookEncrypt i onAl gori t hms" Secti on 8.3.TheDi ff ie- Hel l man KeyExchange Prot ocol Secti on 8.4.TheDi ff ie- Hel l man Problem and t heDiscreteLogar it hmProbl em TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy. Secti on 8.5.TheRSACrypt osyst em(Text book Versi on) Secti on 8.6.Crypt anal ysi sAgai nst Publ i c-key Crypt osyst ems Secti on 8.7.TheRSAProbl em Secti on 8.8.TheI ntegerFactori zat ion Probl em Secti on 8.9.I nsecuri t y oft heTextbookRSAEncrypt i on Secti on 8.10. The Rabin Cr ypt osyst em ( Text book Versi on) Secti on 8.11. I nsecuri tyoft he Text book Rabin Encrypt i on Secti on 8.12. The El GamalCryptosyst em ( Text bookVersi on) Secti on 8.13. I nsecuri tyoft he Text book El GamalEncr ypt i on Secti on 8.14. Need f or St rongerSecuri t y Not ionsforPubl i c- keyCryptosyst ems Secti on 8.15. Combi nat ion ofAsymmet ri candSymmet ri cCrypt ography Secti on 8.16. Key Channel Est abl i shment forPubli c- keyCrypt osyst ems Secti on 8.17. Chapt er Summary Exerci ses Chapter9. I nAnI dealWorl d:Bi tSecuri t y ofThe Basi cPubl i c- Key Crypt ographi cFunct i ons Secti on 9.1.I nt roduct i on Secti on 9.2.TheRSABi t Secti on 9.3.TheRabi nBi t Secti on 9.4.TheEl GamalBi t Secti on 9.5.TheDi scret eLogar i thmBit Secti on 9.6.Chapt erSummar y Exerci ses Chapter10.Dat a I nt egri t yTechniques Secti on 10. 1. I nt roduct i on Secti on 10. 2. Def ini t ion Secti on 10. 3. Symmet ri cTechni ques Secti on 10. 4. Asymmet ri cTechni ques I :Di gi t alSi gnat ures Secti on 10. 5. Asymmet ri cTechni ques I I : Dat aI nt egri t y Wi t houtSourceI dent i fi cat i on Secti on 10. 6. Chapt er Summary Exerci sesPart I V: Aut henti cati on Chapter11.Aut hent icat ion Pr ot ocol s Pri nci pl es Secti on 11. 1. I nt roduct i on Secti on 11. 2. Aut hent i cat i onandRefi nedNot i ons Secti on 11. 3. Convent i on Secti on 11. 4. Basic Aut henti cat i on Techni ques Secti on 11. 5. Password- based Authent i cat i on Secti on 11. 6. Aut hent i cat ed KeyExchangeBasedonAsymmet ri cCrypt ography Secti on 11. 7. TypicalAt tacksonAut henti cat i on Prot ocols Secti on 11. 8. ABri efLi t erature Not e Secti on 11. 9. Chapt er Summary Exerci ses Chapter12.Aut hent icat ion Pr ot ocol s TheReal Worl d Secti on 12. 1. I nt roduct i on Secti on 12. 2. Aut hent i cat i onProt ocol sforI nternet Securi t y Secti on 12. 3. The Secur eShel l(SSH)Remot eLogi n Protocol Secti on 12. 4. The KerberosProt ocol andi tsReal i zat i onin Wi ndows 2000 Secti on 12. 5. SSLand TLS Secti on 12. 6. Chapt er Summary Exerci ses TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy. Chapter13.Aut hent icat ion Framework f orPubl i c-Key Crypt ography Secti on 13. 1. I nt roduct i on Secti on 13. 2. Di rect ory- BasedAut hent i cat i onFramewor k Secti on 13. 3. Non- Dir ector yBased Publ ic-keyAut hent i cat i on Framewor k Secti on 13. 4. Chapt er Summary Exerci sesPart V: FormalApproaches t oSecuri tyEst abl i shment Chapter14.Formaland St rong Securi t y Defi nit i ons f orPubl i c- Key Crypt osyst ems Secti on 14. 1. I nt roduct i on Secti on 14. 2. AFormalTreat mentfor Securi t y Secti on 14. 3. Semant i cSecuri ty t heDebutofProvabl e Secur it y Secti on 14. 4. I nadequacy ofSemant ic Securi t y Secti on 14. 5. BeyondSemant i cSecuri t y Secti on 14. 6. Chapt er Summary Exerci ses Chapter15.Provabl ySecure and Eff icientPubli c- KeyCrypt osystems Secti on 15. 1. I nt roduct i on Secti on 15. 2. The Opt i malAsymmet ri cEncrypt i onPaddi ng Secti on 15. 3. The Cr amer- ShoupPubl i c- keyCryptosystem Secti on 15. 4. An Over vi ewofProvabl y Secure Hybri d Cr ypt osyst ems Secti on 15. 5. Li t erat ure Not es on Practi cal andProvabl y Secur ePubl i c- keyCryptosyst ems Secti on 15. 6. Chapt er Summary Secti on 15. 7. Exerci ses Chapter16.St rong and Provabl eSecuri tyforDi git al Signat ures Secti on 16. 1. I nt roduct i on Secti on 16. 2. St rong Secur it yNot i onforDi gi tal Signat ures Secti on 16. 3. St rong and Provabl eSecuri t y f or El Gamal -f amil ySi gnat ures Secti on 16. 4. Fi t - for- appl i cat i onWays f or Si gni ng i n RSA and Rabi n Secti on 16. 5. Si gncrypt i on Secti on 16. 6. Chapt er Summary Secti on 16. 7. Exerci ses Chapter17.FormalMet hods f orAut hent i cat i onProt ocol sAnal ysi s Secti on 17. 1. I nt roduct i on Secti on 17. 2. TowardFor mal Speci f i cat i onofAut hent i cat i onProt ocol s Secti on 17. 3. AComput at i onal Vi ewofCorrectPr otocol s t he Bel lare- RogawayModel Secti on 17. 4. ASymbol i c Mani pul ati on Vi ew ofCor rectProt ocol s Secti on 17. 5. For mal Anal ysi s Techni ques:St at eSystem Expl or at ion Secti on 17. 6. Reconci l i ngTwo Vi ews ofFor mal Techni ques f or Secur it y Secti on 17. 7. Chapt er Summary Exerci sesPart VI : Crypt ographi c Pr ot ocol s Chapter18.Zero-Knowl edgeProt ocol s Secti on 18. 1. I nt roduct i on Secti on 18. 2. Basic Def i ni t i ons Secti on 18. 3. Zero- knowl edge Propert i es Secti on 18. 4. ProoforArgument ? Secti on 18. 5. Prot ocol swit h Two- si ded-error Secti on 18. 6. Round Eff iciency Secti on 18. 7. Non- i nt eract i veZer o-knowl edge Secti on 18. 8. Chapt er Summary TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy. Exerci ses Chapter19.Ret urni ngt o " Coi nFl i ppi ng OverTel ephone" Secti on 19. 1. Bl um' s " Coi n- Fli ppi ng-By-Tel ephone"Prot ocol Secti on 19. 2. Securi tyAnal ysi s Secti on 19. 3. Ef fi ci ency Secti on 19. 4. Chapt er Summary Chapter20.Aft erremark Bi bl iography TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy.CopyrightLi br ar yof Cong r essCat al ogi ng- i n- Pu bl i cat i onDat aA CI Pcat al og r ecord f ort hi s bookcan beobt ai nedfr om t he Li brar yofCongr ess.Edit ori al / pr oduct i on super vi si on:Mar y Sud ulCoverdesigndi rect or :Jer ryVot t aCoverdesign: Tal arBooru j yManufact ur i ng manager : Mau raZald ivarAcqui si t i ons edi t or :Ji llHar r yMar ket i ng manager: DanDePasqu alePubli sher ,Hewlet t - Packar d Books:Wal t er Bru ce2004by Hewl et t - PackardCompanyPubli shed by Pr ent i ce Hal l PTRPr ent i ce- Hal l , I nc.Upper Saddl e Ri ver , NewJer sey 07458Pr ent i ceHall booksar ewi dely used by cor por at i onsandgover nment agenci esfort r ai ni ng,mar ket i ng,andr esal e.The publ i sherof fersdi scount s on t hi sbook whenorder edi n bul kquant i t i es. Formor ei nf ormat i on, cont actCorporat eSales Depart ment , Phone: 800- 382- 3419;FAX: 201- 236- 7141;E- mai l :corpsales@pr enhal l . comOrwr i t e:Pr ent i ceHal lPTR, Cor por at eSal esDept . ,OneLake St r eet , UpperSaddl e River ,NJ07458.Ot her pr oduct orcompanynames ment i onedher ei nar et he t r ademar ksorr egi st er ed t r ademar ksoft hei rr espect i veowners.Al lr i ght sreserved.Nopar toft hi sbook mayberepr oduced,i n anyfor m or byanymeans,wi t houtper missi onin wr i t i ngfr om t hepubl i sher .Pr i nt edin t heUni t ed St at es ofAmeri ca1st Pri nt i ngPearson Educat i onLTD.Pearson Educat i onAust ral i aPTY,Li mi t edPearson Educat i onSi ngapor e, Pt e. Lt d.Pearson Educat i onNor t hAsi aLt d.Pearson Educat i onCanada,Lt d.Pearson Educaci ndeMexi co, S. A. deC.V.Pearson Educat i onJapanPearson Educat i onMalay si a, Pt e. Lt d. TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy.DedicationToRonghui| | Yiwei| | Yi fan TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy.Hewlett-Packard Professional BooksHP- UXFer nandez Confi guri ng CDEMadel l Di skand Fi leManagement Tasks onHP- UXOl k er Opt i mi zi ng NFS Per for mancePoni at ow sk i HP- UX 11iVi r t ualPar t i t i onsPoni at ow sk i HP- UX 11iSy st em Admini st r at i onHandbookandTool kit , Second Edi t i onPoni at ow sk i The HP- UX11. x Sy st emAdmini st r at i on Handbookand Tool kitPoni at ow sk i HP- UX 11.xSyst em Admi ni st r at i on"HowTo"BookPoni at ow sk i HP- UX 10.xSyst em Admi ni st r at i on"HowTo"BookPoni at ow sk i HP- UX Sy st em Admini st r at i onHandbookand Tool kitPoni at ow sk i Lear ni ng t heHP- UXOper at i ngSyst emRehman HP Cer t i f ied: HP- UX Sy st em Admini st r at i onSauer s/ Wey gant HP- UX Tuni ngandPer f ormanceWey gant Cl ust er sfor HighAvai l abi l i t y, Second Edi t i onWong HP- UX 11iSecuri t yUNI X,LI NUX,WI NDOWS,AND MPE I / XMosber g er / Er ani an I A- 64Li nuxKernelPoni at ow sk i UNI XUser' s Handbook,SecondEdi t i onSt on e/ Sy mons UNI XFaul tManagementCOMPUTER ARCHI TECTUREEv an s/ Tr i mper I t ani umArchi t ect ur e f orPr ogr ammer sKane PA- RI SC2. 0Archi t ect ur eMar kst ei n I A- 64and El ement ar yFunct i onsNETWORKI NG/ COMMUNI CATI ONSBl ommer s Ar chi t ect i ng Ent erpri se Sol ut i onswi t h UNI XNet worki ngBl ommer s OpenView Net wor kNode ManagerBl ommer s Pr act icalPl anni ngfor Net wor k Gr owt hBr ans Mobil i ze YourEnt er pr i seCook Bui l di ng Ent erpr ise I nf or mat i on Ar chi t ect ure TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy.Lu ck e Designi ng and I mpl ement ing Comput erWor kgr oupsLu nd I nt egr at i ng UNI XandPCNet wor k Oper at i ngSy st emsSECURI TYBr u ce Securi t y in Di st r i but edComput i ngMao Moder nCr ypt ogr aphy: Theor yand Pr act i cePear sonet al . Tr ust ed Comput i ng Pl at f ormsPi pk i n Hal t i ngt he Hacker ,SecondEdit ionPi pk i n I nf ormat i onSecuri t yWEB/ I NTERNET CONCEPTS AND PROGRAMMI NGAmor E- busi ness( R) evol ut ion,SecondEdi t i onAp t e/ Meh t a UDDIMow b r ey/ Wer r y Onli neCommuni t i esTapadi y a . NETProgrammi ngOTHER PROGRAMMI NGBl i nn Por t abl e Shel lPr ogr ammi ngCar uso PowerPr ogr ammi ng i nHP Open Vi ewChaudhr i Obj ectDat abases i nPr act iceChew The Java/ C+ + Cr ossRefer enceHandbookGr ady Pr act icalSof t war eMet r ics f orPr oj ectManagementand Pr ocess I mpr ovementGr ady Soft war e Met r i csGr ady SuccessfulSoft war e Pr ocess I mpr ovementLew i s The Ar t andScience ofSmal l t al kLi ch t en bel t I nt r oduct i on t oVolumeRender i ngMel l qu i st SNMP+ +Mi k k el sen Pr act icalSof t war eConf i gur at i onManagementNor t on Thr eadTimeTapadi y a COM+Pr ogr ammingYuan Wi ndows2000 GDIPr ogr ammingSTORAGEThor nbur gh Fi br eChannelfor MassSt or ageThor nbur gh/ Sch oenb or n St or age Ar ea Net wor ksTodman Designi ng Dat aWar ehousesI T/ I S TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy.Mi ssb ach/ Hof f man SAP Har dwar e Sol ut i onsI MAGE PROCESSI NGCr ane A Si mpl i f iedAppr oacht o I mage Pr ocessi ngGann Deskt op Scanner s TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy.A Short Description of the BookManycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- keycr y pt ogr aphy,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar eusual l yt hesubj ect s f ormanyt ext books oncry pt ogr aphy .Thi sbook t akesa di f fer entappr oach t oi nt r oduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont o fi t - f orappl icat i on aspect s ofcr ypt ogr aphy.I texpl ainswhy" t ext book cr y pt o" isonl ygood i nan i deal worl dwher edat aarerandom and badguysbehaveni cel y .I tr eveal s t hegener alunfi t nessof"t ext book cr ypt o" f ort herealwor l dbydemonst r at i ngnumer ous at t acks onsuch schemes,prot ocol s and sy st ems undervar ious r eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i calcry pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones, st udi est hem cl osel y ,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i calusages,and examinest hei rst rong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft en wi t hsecur i t yevi dence f or mal l yest abl i shed.The bookal so i ncl udes self - cont ai nedt heor et icalbackgr oundmat er i alt hati s t hefoundat i on f ormoder n cr ypt ogr aphy. TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy.PrefaceOursoci et yhasent er edan er a wher e commer ceact ivi t i es, busi nesst r ansact i onsandgovernmentservi ces havebeen,and mor eandmoreoft hemwi ll be,conduct ed and of fer ed overopencomput erand communi cat i ons net wor kssuch ast he I nt er net ,i npar t i cul ar, vi aWor l dWi deWeb- basedt ool s. Doi ngt hi ngs onl i ne has a gr eat advant ageofanalway s- onavai labi li t yt o peopl e i n any cor neroft heworl d.Her e ar e afew exampl esof t hi ngst hat havebeen,canorwi l lbe done onli ne:Banki ng, bi l lpay ment ,homeshoppi ng,st ockt r adi ng, auct i ons,t axat i on,gambl ing,mi cro-pay ment( e. g. ,pay- per - downl oadi ng) ,el ect r oni ci dent i t y ,onl i neaccesst o medi calr ecor ds,vi rt ualpr i vat enet wor ki ng,secure dat a ar chi valand r et ri eval ,cer t i fi eddel iver yofdocument s,f ai rexchange ofsensi t i ve document s,f ai rsigni ng ofcont r act s,t i me- st ampi ng,not ar i zat i on, vot i ng,adver t i si ng,l i censi ng,t i cket booking,i nt er act i vegames,di gi t all i br ar ies,di git al r ight s management , pi r at et r aci ng,And mor ecan bei magi ned.Fasci nat i ng commer ce act i vi t i es,t r ansact ionsand ser vi ces l i ket hesear eonl ypossi bl e i fcommuni cat ions over open net wor ks canbe conduct ed i na securemanner. An ef fect ive sol ut i ont osecur i ngcommuni cat i onsoveropen net wor ksi st o appl ycr ypt ogr aphy .Encry pt ion,di git alsi gnat ures,password- based useraut hent i cat i on,ar e someoft hemost basi ccr y pt ographi ct echni quesforsecuri ng communi cat i ons.However ,as we shal l wi t ness many t i mes i nt hi s book,t her e ar esur pr i si ng subt l et i es and seri oussecur i t yconsequencesi n t he appl icat i onsofeven t hemostbasi c cr ypt ogr aphict echni ques.Mor eover ,for many" fancier "appl i cat ions, such as manyl i st ed i nt he precedi ngpar agr aph, t he basi c cr y pt ogr aphi ct echni ques ar e no l ongeradequat e.Wi t hani ncreasi ngl yl ar ge demand f orsafeguar ding communi cat i ons overopennet wor ksformor eandmoresophi st icat edfor ms ofelect r oni c commer ce, busi nessandser vices[ a],ani ncr easi ngly lar genumberofi nf or mat ion securi t y pr ofessi onal s wi l lbeneeded f ordesi gni ng,devel oping,analy zi ng and mai nt ai ni ng i nfor mat i on secur it ysy st emsandcr y pt ographi cpr ot ocol s. Thesepr ofessi onal smayr ange f romI Tsyst emsadmi ni st rat ors,i nf or mat ion securi t yengi neer sandsoft war e/ har dwar esyst emsdevel oper swhose pr oduct shavesecur i t yr equi r ement s,t ocry pt ogr apher s.[ a]Gart ner Gr oupf orecast s t hat t ot alelect r onicbusinessr evenuesf orbusinesst obusiness ( B2B) andbusinesst oconsumer ( B2C)int heEuropeanUnionwillreachapr oj ect ed US$2.6 t rillion in2004( wit hpr obabilit y0. 7) whichisa28- f oldincr easef r omt helevelof2000 [ 5] .Also, eMar ket er [ 104] (page41)r epor t st hat t hecost t of inancialinst it ut ions( inUSA)duet oelect ronicident it yt heftwas US$1. 4 billionin2002, andf orecast s t ogr owbya compoundannualgr owt h r at eof29%.I nt he past few y ears,t he aut hor ,a t echni calconsul t anton i nf or mat i on securi t yandcry pt ogr aphi c sy st ems at Hewl et t - Packard Labor at ori es i nBr ist ol ,haswi t nessedt hephenomenon ofapr ogr essi vel yi ncr easeddemandfori nf or mat ion securi t y pr ofessi onal sunmat ched by an evi dentshort ageoft hem.As aresul t ,manyengi neers,whoar eor ient ed t oappli cat i onpr obl emsandmayhavel i t t l epr opert r ai ni ng i ncry pt ogr aphyand i nfor mat i onsecur i t yhave become " r ol l - up- sl eeves"desi gner sand devel oper s f ori nf ormat i onsecur i t ysyst emsorcr ypt ogr aphi cpr ot ocol s.Thisisi n spi t e oft he f act t hat designi ng cr ypt ogr aphi csyst emsand pr ot ocol s i s adi ff icult j ob even f oranexper tcr ypt ogr apher .The aut hor ' sj ob hasgr ant edhi mpr i vil egedoppor t uni t i est o r evi ew manyi nfor mat i on secur it ysyst emsand cr ypt ogr aphi c prot ocol s,someoft hem proposedanddesignedby" r ol l - up- sl eeves"engi neer sandar efor uses i n seri ousappl i cat i ons.I nsever aloccasions, t he aut horobser vedso-cal led" t ext book cr ypt o" f eat ur es i n suchsy st ems,whichar et he r esul tofappl i cat i onsofcry pt ogr aphi c al gori t hmsandschemesi n way s t heyar e usual ly int r oduced i n many TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy.cry pt ogr aphi c t ext books.Di r ect encry pt i on ofa passwor d( a secr etnumberofasmal lmagni t ude)underabasi cpubl ic- keyencr y pt i onal gor i t hm ( e. g. ," RSA")i s at y pi cal exampl e oft ext book cr ypt o.The appear ances oft ext book cr y pt oin seri ousappl i cat i ons wi t ha "non-negl i gi bl e pr obabi l i t y " have caused aconcer nfor t he aut hort or eal i ze t hatt hegener aldangeroft ext book cr ypt o i s notwi del yknownt o manypeopl ewho desi gn and develop i nf or mat ionsecur i t ysy st ems f orser i ous r eal - worl d appl icat i ons.Mot i vat ed byani ncreasi ngdemandfori nfor mat i on secur it y pr ofessi onal sanda bel i eft hatt heirknowl edge i ncry pt ogr aphyshoul d notbel imi t edt o t ext book cr ypt o,t heaut horhas wr i t t ent hi sbook asa t ext bookonnon - t ex t b ookcr y pt ogr aph y.Thisbook endeavor st o:I nt r oduce awi de r angeofcr y pt ographi c al gor i t hms,schemes and prot ocol s wi t hapar t i cul aremphasi s ont hei rnon - t ext b ook ver si ons.Reveal general i nsecur i t yoft ext book cr ypt o bydemonst r at inga l ar ge numberofat t acksonand summar izi ng t y pi calat t acki ngt echni ques f orsuchsy st ems.Pr ovi depr i nci pl esandgui del i nes f ort he desi gn,anal y si s andimplement at i onofcry pt ogr aphi c sy st ems and prot ocol s wi t h a f ocus on st andar ds.St udyfor mal i smt echni ques and met hodol ogies f orari gor ousest abli shment ofst rong andfi t - for - appl i cat i onsecur i t ynot i onsforcr y pt ogr aphi csyst emsandpr ot ocol s.I ncl ude sel f- cont ai ned and el abor at ed mat er i alas t heor et i cal foundat i onsofmoder ncry pt ogr aphyf orr eaderswho desi r ea sy st emat i c under st andi ngoft hesubj ect . TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy.ScopeModer ncr y pt ographyi s avast ar eaofst udyas ar esul t offast advancesmadei n t he past t hi r t yy ear s.Thi s bookfocuses onone aspect :i nt r oduci ngfi t - f or - appl i cat i on cr y pt ogr aphi cschemesand pr ot ocol s wi t ht hei rst r ongsecur i t ypr oper t i esevi dent l yest abl i shed.The booki s or gani zedi nt ot he f oll owi ng si xpar t s:Par tIThi spar t cont ai ns t wochapt ers( 12) andser ves an el ement ar y - l eveli nt r oduct ionfor t he bookandt heareas ofcr ypt ogr aphy andi nfor mat i onsecur i t y .Chapt er1 begi ns wi t ha demonst r at i onont he ef fect ivenessofcr y pt ographyi nsol vi nga subt l ecommuni cat ionpr obl em.A si mpl e cr ypt ogr aphi c pr ot ocol ( fi r stprot ocoloft he book) forachi eving " fai rcoi nt ossingovert el ephone" wil l be pr esent ed and discussed.Thi s chapt er t hencar r i es on t oconducta cult ur aland "t r ade"int r oduct i ont o t hear easof st udy .Chapt er2 uses aser i esofsi mpl eaut hent icat i onpr ot ocol st o manif est anunf or t unat efacti n t heareas:pi t fal l s ar eever ywher e.As anelement ar y - level i nt r oduct i on, t hi s part i si nt ended f ornewcomer st o t he ar eas.Par tI IThi spar t cont ai ns f ourchapt er s ( 36) asa setofmat hemat i calbackgr oundknowl edge,fact sandbasi st o serve asa sel f - cont ai nedmat hemat i calr efer encegui defort hebook.Reader swho onl yi nt endt o " knowhow,"i . e. ,knowhow t o use t hefi t - f or -appli cat i oncry pt oschemes and pr ot ocol s,mayski pt hi s party etst i l lbe ablet o f ol lowmostcont ent s oft he r est oft he book. Readerswho al so wantt o" know- why ,"i . e. ,knowwhyt hese schemes and prot ocol s have st r ong securi t yproper t i es,mayfi nd t hatt hi ssel f -cont ai nedmat hemat ical par ti s asuff i ci ent ref er encemat eri al .When we presentwor kingpr i nci pl esofcry pt ographi c schemes and prot ocol s,r eveali nsecur it yforsome oft hemandr easonaboutsecuri t y fort her est ,i t wi ll al way s bepossibl eforust orefert o a pr eci sepoi nti nt hi s par t oft he bookfor suppor t i ng mat hemat i cal foundat i ons.Thi s partcanalsobe usedt o conductasy st emat icbackgroundst udyoft he t heor et i calfoundat ionsfor moder n cry pt ogr aphy .Par tI I IThi spar t cont ai ns f ourchapt er s ( 710) int r oduci ngt hemost basi ccr y pt ographi cal gor i t hms and t echni quesfor pr ovi di ng pr ivacyand dat ai nt egr i t ypr ot ect i ons.Chapt er7 i sfor sy mmet ri c encr ypt i onschemes,Chapt er8,asy mmet r i ct echni ques.Chapt er9 consi der sani mpor t ant secur i t yquali t ypossessedbyt hebasi c and popul arasy mmet r i ccr y pt ographi cfunct i ons when t heyar e usedi n an i dealwor l din whi chdat aarerandom.Fi nal l y, Chapt er10 coversdat a i nt egri t y t echni ques.Si nce t heschemesandt echni ques i nt roduced her e ar e t hemost basi cones,manyoft hemar ei nfacti n t het ext bookcr y pt ocat egory andareconsequent l yi nsecur e.Whi let heschemes ar e i nt r oduced, abundant at t acksonmanyschemeswi l lbe demonst r at edwit hwar ni ngr emar ksexpl i ci t l yst at ed.Forpr act i t i onerswho do notpl an t opr oceedwi t h an i n-dept h st udyoffi t - f or - appl i cat i on cr y pt oandt hei rst rongsecur i t ynot i ons, t hi s t ext bookcry pt o par t wil l st i l lpr ovi det hesereader swi t hexpl i ci tear ly war ning si gnal sont he gener ali nsecuri t yoft ext bookcr y pt o.Par tI V Thi spar t cont ai ns t hr ee chapt er s ( 1113) int r oduci ngani mport antnot i oninappli edcry pt ographyand i nfor mat i on secur it y: aut hent icat i on. Thesechapt er spr ovideawi de cover ageof t he t opic.Chapt er11 i ncl udest echni cal backgr ound,pr i nci pl es,aser i esofbasi c pr ot ocol s and st andards, commonat t acki ng t ri cksandpr event i on measures.Chapt er12 i sa casest udyf orfourwell - known aut hent i cat ion prot ocolsy st ems f orr ealworl dappli cat i ons.Chapt er13 i nt r oducest echni ques whi char epar t i cul arl ysui t abl eforopen TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy.syst emswhi ch coverup- t o- dat e and novelt echniques.Pr act it ioner s,suchasi nf ormat i onsecur i t ysy st ems admi ni st r at i onst af fi nan ent er pr i seandsoft war e/ har dwar edevel oper s whose pr oduct shave securi t yconsequences mayf ind t hi spar t hel pful.Par tV Thi spar t cont ai ns f ourchapt er s ( 1417) whi ch pr ovi de f ormal i smand r i gor oust r eat ment sfor st r ong ( i . e., fi t - f orappl i cat i on)secur it ynot i onsforpubl i c- keycr ypt ogr aphict echni ques( encr y pt i on, si gnat ur e and si gncr y pt i on) andfor malmet hodologi es f ort heanal y sisofaut hent i cat i onpr ot ocol s. Chapt er14 i nt r oducesfor maldef ini t i ons ofst r ongsecur i t ynot i ons.The next t wo chapt er s ar e f i t - for - appl icat i oncount er par t s t ot ext bookcry pt o schemes i nt r oduced i nPar tI I I ,wi t hst r ongsecur i t ypr oper t i esfor mal ly est abl i shed( i . e. ,evi dent l yr easoned) .Final ly ,Chapt er17 i nt r oducesfor malanal y si smet hodol ogi esand t echni quesfort heanal y sisofaut hent i cat i onpr ot ocols,whi ch we have notbeenabl et odealwi t hi nPar tI V.Par tVIThi si st he f i nalpar toft hebook.I tcont ai nst wo t echni calchapt ers ( 1819) andashor tf i nalr emark( Chapt er20) .Themain t echni calcont entoft hi spar t ,Chapt er18,i nt r oduces acl ass ofcr ypt ogr aphicpr ot ocol scal l ed zer o- knowl edge pr ot ocol s.Thesepr ot ocol spr ovi de ani mpor t ant secur i t yser vi ce whi ch i s neededin var ious "f ancy"el ect r oni c commer ceandbusi ness appl icat i ons: ver i fi cat i on ofaclai medpr opert y ofsecretdat a( e.g. ,i nconfor mingwi t h abusi nessr equi rement ) whi l epr eser vi ng ast ri ctpr ivacyquali t y fort heclai mant .Zer o- knowl edgepr ot ocol s t o beint r oduced i n t hispar texempl i f yt hedi ver sit yofspeci alsecuri t y needsi n var i ous r ealwor ld appl i cat i ons, whi ch ar e bey ondconf ident i ali t y ,i nt egri t y ,aut hent i cat i onandnon- r epudi at i on.I nt he f i nalt echni calchapt eroft hebook ( Chapt er19) wewi l lcompl et e our j obwhi chhas beenlef tover fr om t hefi r stpr ot ocoloft hebook:t or eal i ze " f ai rcoin t ossi ngovert el ephone. " That fi nal real i zat i onwi l lachi eve apr ot ocolwhi chhas evident l y- est abl i shed st r ong securi t y pr opert i es y etwi t haneff ici encysui t abl e f orpr act i cal appl i cat i ons.Needless t osay ,adescr i pt i onfor eachfi t - f or - appl i cat i on cr y pt oschemeorprot ocolhast obegi nwi t ha r eason whyt he t ext book cr ypt o count er par t i sunf i tf orappl icat i on. I nvar i abl y ,t heser easonsaredemonst rat edbyat t acks on t hese schemes orprot ocol s,whi ch, byt henat ur e ofat t acks, oft encont ai na cer t ai ndegr eeofsubt l et i es.I n addit ion,adescr i pt i onofa f it - for -appli cat i onscheme orpr ot ocol mustal so endat an anal ysi st hatt hest r ong ( i . e. ,fi t - f or -appli cat i on) secur i t yproper t i esdohol dasclai med.Consequent l y ,somepar t soft hi s booki nevit abl ycont ai nmat hemat i caland l ogicalr easoni ngs,deduct i ons and t ransf or mat i onsi n or dert omani festat t acksand fi xes.Whi l e admi t t edl yf i t - for - appl i cat i on cr ypt ogr aphy isnot a t opi cforqui ckmast er yort hatcanbemast er edvi ali ghtr eadi ng,t hi s book, nonet hel ess,i s notonefor in- dept h r esear ch t opics whichwi l lonl ybeofint erestt ospeci al i stcr ypt ogr apher s.The t hi ngsrepor t edandexplai ned i nitar ewell - known and qui t eelement ar yt ocr y pt ogr aphers.Theaut horbel ievest hat t heycanalsobecompr ehended bynon- speci al i st sift he i nt r oduct ion t ot he subj ecti s provi dedwit h plent yofexpl anat i ons and exampl esandi ssuppor t edbysel f- cont ai nedmat hemat i cal backgroundandr ef erence mat er ial .The booki s ai med at t he f ol lowi ng r eader s.St udent s whohavecompl et ed, orar eneart ocompl et i onof, fi r st degr eecour ses i ncomput er ,i nf ormat i onsci ence orappl i ed mat hemat i cs, andpl ant o pur suea car eeri ni nf ormat i onsecur i t y .Fort hem,t hisbook mayserve as an advancedcourse i nappli edcrypt ogr aphy .Securi t y engi neer s i n hi gh- t ech compani es whoar eresponsi bl e f ort hedesi gn anddevel opment ofi nf ormat i onsecur i t ysy st ems.I fwesay t hat t he consequence oft ext book TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy.cry pt o appear i ng i nanacademi c r esear ch proposal may not be t oohar mful si nce t he wor stcaseoft he consequence woul dbe an embar r assment ,t hen t heuseoft ext bookcry pt o i nani nf ormat i onsecur i t yproductmayl eadt o aser i ous l oss. Ther ef ore,knowi ng t heunf i t nessoft ext book cr ypt o f orr eal worl dappli cat i ons i s necessar yf ort heser eader s.Mor eover ,t heser eader s shoul d havea good under st andi ng oft hesecur i t ypr i nci pl esbehi nd t hefi t - f or-appli cat i onschemesand pr ot ocol s and so t hey can appl yt he schemes andt he pri nci pl escorr ect l y. The sel f - cont ai nedmat hemat i calf oundat i ons mat er ial i n Par tI Imakest he bookasui t abl e sel f- t eachi ngt extfor t hesereader s.I nf ormat i onsecur i t ysy st ems admi ni st r at i onst af fi nan ent er pr i seandsoft war e/ har dwar esyst emsdevel oper s whose pr oduct shave securi t yconsequences.Fort heser eader s,Par tIi s asi mpl e and essent ial cour se f orcul t ur al and"t r ade" t r ai ni ng;Par t s I I IandI V f or m asui t abl e cut - downset ofknowl edgei n cr y pt ogr aphyandi nf ormat i onsecur i t y .Theset hr eepar t s cont ain manybasiccr y pt oschemesandpr ot ocol saccompani ed wi t hpl ent yofat t ackingt ri cksand pr event ion measur es whichshoul dbe known t oandcan begr asped byt hi s popul at i on ofr eader s wi t houtdemandi ngt hem t obe bur denedbyt heor et i calfoundat ions.NewPh. D. candi dat es begi nni ngt hei rr esear ch i ncry pt ogr aphyor comput ersecur i t y .Theser eader s wi l lappr eci at e asi ngl e- poi nt refer encebook whi chcover sfor malt r eat mentofst r ongsecur i t ynot i onsandelabor at est hesenot i ons adequat el y. Such abook canhel pt hem t o quickl yent eri nt ot he vastar ea ofst udy. For t hem, Par t s I I ,I V,V,and VIconst i t ut e asui t abl e l evelofl i t er at ur e sur veymat er i alwhi ch canl ead t hemt o f i ndfur t herl i t er at ures,and canhel p t hemt o shapeand speci al i ze t hei rown r esear ch t opics.A cut - downsubsetoft hebook ( e. g. ,Par tI ,I I ,I I IandVI ) alsofor m asuit abl ecour seinappli edcry pt ographyf orundergraduat e st udent s i ncomput ersci ence,i nf ormat i onsci enceand appl iedmat hemat i cscourses. TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy.AcknowledgementsIamdeeply gr at ef ul t o FengBao,Col i nBoyd,Ri char dDeMi ll o,St even Galbr ait h,Di et erGol l mann, Kei t h Har ri son, Mar cusLeech,Hel ger Li pmaa,Hoi - KwongLo, Javi erLopez,JohnMal one- Lee,Car yMel t zer ,Chri st i anPaqui n, KennyPat er son,Davi dPoint cheval ,Vi ncent Ri j men,Ni gelSmar t ,Davi dSolder a,PaulvanOor schot , Ser geVaudenayand St ef ekZaba.Thesepeopl egave gener ousl yoft hei rt i me t orevi ewchapt er sort hewhol ebook and provi de i nval uabl ecomment s,cr i t i ci sms and suggest i onswhi ch maket he bookbet t er .The bookal so benefi t sfr om t hefol l owi ngpeopl e answeri ng myquest ions: Mi hi rBel l are,JanCameni sch,Neil Dunbar ,Yai rFrankel ,ShaiHal evi ,Ant oineJoux,Mar c Joy e,Chal ieKaufman,Adr i anKent ,Hugo Kr awczy k,Cat her i neMeadows, Bil l Munr o,PhongNguy en,Radi a Per l man,Mar co Ri cca,Ronald Rivest ,St eve Schnei der ,Vi ct orShoup,I gor Shpar l i nski andMot i Yung.Iwoul d al so l i ket o t hank Ji l lHar r yatPr ent i ce- Hall PTR andSusan Wri ghtat HP Pr of essi onalBooksfor int r oduci ngmet o bookwr it ingandfort heencour agementand prof essi onalsuppor tt heyprovi deddur i ng t helengt hyper i odofmanuscri ptwr i t i ng. Thanks al so t oJenni ferBl ackwel l ,Robin Carr ol l ,Br endaMul l i gan,Just i n Somma andMary SudulatPr ent i ce- Hall PTRandt oWal t erBr uceand Pat Pekar yat HPPr ofessi onal Books.Iamalsogr at ef ul t o mycol l eaguesatHewl et t - Packar dLabor at or i esBri st ol ,i ncl uding Davi d Bal l ,Ri char dCar dwell , Li qun Chen,I anCol e, Gar et h Jones,St ephen Pear son and Mart i n Sadl erf ort echni caland l i t erat ur eser vices and management suppor t .Br i st ol , Engl andMay2003 TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy.List of Figures2. 1 A Si mpl i f iedPi ct ori alDescr ipt i on ofaCr y pt ogr aphi cSyst em 253. 1 Bi nomi alDi st r i but i on 704. 1 A Tur ing Machi ne 874. 2 The oper at i on ofmachi ne Di v3 904. 3 Bi t wi seTime Compl exi t i esoft he Basi cModul arAr it hmet i cOper at i ons1034. 4 Al lPossibl eMoves ofaNon- det er mini st i c Tur ingMachi ne 1245. 1 El l i pt i c Cur veGr oupOper at i on 1687. 1 Cr ypt ogr aphi cSyst ems 2087. 2 Fei st elCi pher ( OneRound) 2207. 3 The Ci pherBl ockChai ningMode ofOper at i on 2337. 4 The Ci pherFeedbackMode ofOperat i on 2387. 5 The Out putFeedbackModeofOper at i on 23910.1 Dat aI nt egr i t ySyst ems 29912.1 AnUnpr ot ect edI P Packet 39012.2 The St ruct ur eofan Aut hent i cat i onHeaderandit sPosi t i oni nan I PPacket39212.3 The St ruct ur eofan Encapsul at i ng Secur it yPayl oad 39312.4 Kerber os Exchanges 41214.1 Summar yoft he I ndi st i ngui shabl e At t ackGames 48914.2 Reduct i on f roman NM- at t ackt o an I ND- at t ack 49514.3 Reduct i on f romI ND- CCA2t oNM- CCA2 49714.4 Rel at i ons Among Secur it yNot i ons f orPubl i c- keyCr y pt osy st ems49815.1 Opt i mal Asy mmet r i c Encry pt i on Paddi ng( OAEP) 50315.2 OAEP as aTwo- roundFei st elCi pher 50415.3 Reduct i on f romI nver sion ofaOne- wayTr apdoor Funct i on ft oan At t ack on t hef - OAEP Scheme51115.4 Reduct i on f romt he DDH Pr obl emt oan At t ack on t heCr amer- ShoupCr ypt osyst em53216.1 Reduct i on f roma Si gnat ur eForger yt oSol vi ng aHardPr obl em55116.2 SuccessfulForki ng Answerst o Random Oracl e Quer i es 553 TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy.16.3 The PSSPadding 56016.4 The PSS- R Paddi ng 56317.1 The CSP Language 60917.2 The CSP Ent ai l mentAxi oms 613 TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy.List of Algorithms, Protocols and AttacksPr ot ocol 1. 1: Coi n Fl i ppi ng OverTel ephone 5Pr ot ocol 2. 1: Fr om Al i ceTo Bob 32Pr ot ocol 2. 2: Session KeyFr omTr ent 34At t ack2. 1 : An At t ack on Pr ot ocol" Sessi onKeyFr omTr ent "35Pr ot ocol 2. 3: Message Aut hent i cat i on 39Pr ot ocol 2. 4: Chal l enge Response( t he Needham-Schr oeder Prot ocol )43At t ack2. 2 : An At t ack on t heNeedham- SchroederPr ot ocol 44Pr ot ocol 2. 5: Needham- Schr oederPubl ic- keyAut hent i cat ion Pr ot ocol47At t ack2. 3 : An At t ack on t heNeedham- SchroederPubl i c-key Prot ocol50Al gor i t hm 4 . 1: Eucl i d Al gori t hmfor Gr eat estCommonDi vi sor93Al gor i t hm 4 . 2: Ext ended Eucl i d Al gor i t hm 96Al gor i t hm 4 . 3: Modul arExponent i at i on 101Al gor i t hm 4 . 4: Sear chi ngThr ough Phone Book ( aZPPAl gor i t hm)108Al gor i t hm 4 . 5: Probabi l ist i c Pr i mal it yTest ( a Mont e Car l oAl gor i t hm)110Al gor i t hm 4 . 6: ProofofPr i mali t y ( a LasVegasAl gor i t hm) 113Pr ot ocol 4. 1: Quant um KeyDi st r ibut i on( anAt l ant i c Ci t yAl gor i t hm)117Al gor i t hm 4 . 7: Randomk- bi t Pr obabi l i st icPri meGener at i on121Al gor i t hm 4 . 8: Squar e- Fr eeness I nt eger 123Al gor i t hm 5 . 1: RandomPr imi t i veRoot ModuloPr ime 166Al gor i t hm 5 . 2: PointMul t i pl i cat i on f orEl l i pt i c Cur veEl ement171Al gor i t hm 6 . 1: Chi neseRemainder 182Al gor i t hm 6 . 2: Legendr e/ JacobiSymbol 191Al gor i t hm 6 . 3: Squar e Root Modul o Pr i me( Speci al Cases) 194Al gor i t hm 6 . 4: Squar e Root Modul o Pr i me( General Case) 196 TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy.Al gor i t hm 6 . 5: Squar e Root Modul o Composi t e 197Pr ot ocol 7. 1: A Zero- knowl edgeProt ocol Usi ngShi ftCi pher216Pr ot ocol 8. 1: The Di f fi e- Hel l manKeyExchange Pr ot ocol 249At t ack8. 1 : Man- i n- t he- Mi ddl e At t ack on t heDi ff i e-Hell manKeyExchangeProt ocol251Al gor i t hm 8 . 1: The RSACr ypt osyst em 258Al gor i t hm 8 . 2: The Rabin Cry pt osy st em 269Al gor i t hm 8 . 3: The El Gamal Cr ypt osy st em 274Al gor i t hm 9 . 1: Binary Sear chi ng RSAPl aint ext Usi ng aPar i t yOr acle289Al gor i t hm 9 . 2: Ext ract i ng Di scr et e Logar i t hm Usi ngaPar i t yOr acle293Al gor i t hm 9 . 3: Ext ract i ng Di scr et e Logar i t hm Usi nga"Hal f- or derOracl e"294Al gor i t hm 1 0. 1: The RSASi gnat ureScheme 309Al gor i t hm 1 0. 2: The Rabin Si gnat ur e Scheme 312Al gor i t hm 1 0. 3: The El Gamal Signat ur e Scheme 314Al gor i t hm 1 0. 4: The Schnor rSi gnat ur e Scheme 319Al gor i t hm 1 0. 5: The Di gi t al Si gnat ureSt andar d 320Al gor i t hm 1 0. 6: Opt i malAsy mmet r i cEncr y pt i onPaddi ngfor RSA ( RSA- OAEP)324Pr ot ocol 11. 1: I SO Publi cKeyThree- PassMut ualAut hent i cat ion Pr ot ocol346At t ack11 . 1: Wi ener 'sAt t ackonI SO Publi cKeyThree- PassMut ualAut hent i cat i on Pr ot ocol347Pr ot ocol 11. 2: The Woo- LamPr ot ocol 350Pr ot ocol 11. 3: Needham' s Passwor dAut hent i cat i onPr ot ocol352Pr ot ocol 11. 4: The S/ KEYPr ot ocol 355Pr ot ocol 11. 5: Encr ypt ed KeyExchange( EKE) 357Pr ot ocol 11. 6: The St at i on- t o- St at i on( STS)Pr ot ocol 361Pr ot ocol 11. 7: Fl awed " Aut hent i cat i on- only "STS Pr ot ocol 363At t ack11 . 2: An At t ack on t he" Aut hent i cat i on- onl y"STSPr ot ocol364At t ack11 . 3: Lowe' s At t ack on t heSTS Pr ot ocol( aMi norFl aw)366At t ack11 . 4: An At t ack on t heS/ KEYProt ocol 371 TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy.At t ack11 . 5: A Par al lel - Sessi onAt t ackont he Woo- LamPr ot ocol372At t ack11 . 6: A Refl ect i on At t ackon a"Fixed"Ver si on oft heWoo- Lam Pr ot ocol374Pr ot ocol 11. 8: A Mi nor Vari at i onoft he Ot way- ReesPr ot ocol379At t ack11 . 7: An At t ack on t heMi norVar i at i onoft heOt way - ReesPr ot ocol381Pr ot ocol 12. 1: Signat ur e- based I KE Phase 1 Mai nMode 397At t ack12 . 1: Aut hent i cat i onFai l ur e i nSi gnat ur e- basedI KEPhase 1 Mai nMode399Pr ot ocol 12. 2: A Ty pi calRun oft heTLSHandshakePr ot ocol421Al gor i t hm 1 3. 1: Shamir ' sI dent i t y - based Si gnat ur eScheme437Al gor i t hm 1 3. 2: The I dent i t y - Based Cr y pt osy st em ofBonehandFrankl i n451Pr ot ocol 14. 1: I ndi st ingui shableChosen- pl ai nt extAt t ack 465Pr ot ocol 14. 2: A Fai rDealPr ot ocolfor t he SRAMent alPoker Game469Al gor i t hm 1 4. 1: The Pr obabi l i st i cCr y pt osyst em ofGol dwasser andMi cali473Al gor i t hm 1 4. 2: A Semant i cal l ySecur eVersi onoft heEl Gamal Cr ypt osyst em476Pr ot ocol 14. 3: " Luncht i meAt t ack" ( Non- adapt i veI ndi st i ngui shabl e Chosen- ci pher t extAt t ack)483Pr ot ocol 14. 4: " Smal l - hour sAt t ack"( I ndi st i ngui shabl eAdapt i ve Chosen- ciphert ext At t ack)488Pr ot ocol 14. 5: Mal leabi l i t yAt t ack i nChosen- pl aint extMode491Al gor i t hm 1 5. 1: The Cr amer- ShoupPubl i c- keyCr y pt osy st em526Al gor i t hm 1 5. 2: ProductofExponent i at i ons 529Al gor i t hm 1 6. 1: The Pr obabi l i st i cSi gnat ureScheme ( PSS) 561Al gor i t hm 1 6. 2: The Uni ver salRSA- Paddi ngScheme f orSi gnat ur eandEncr ypt i on564Al gor i t hm 1 6. 3: Zheng' sSi gncr ypt i onScheme SCSI 568Al gor i t hm 1 6. 4: TwoBi rds OneSt one:RSA- TBOSSi gncr ypt i onScheme573Pr ot ocol 17. 1: The Needham- Schr oeder Sy mmet ri c- keyAut hent i cat ion Pr ot ocoli nRefi nedSpeci f i cat i on585 TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy.Pr ot ocol 17. 2: The Woo- LamPr ot ocol i n Ref i nedSpeci fi cat i on586Pr ot ocol 17. 3: The Needham- Schr oeder Publ i c- keyAut hent i cat ion Pr ot ocol588Pr ot ocol 17. 4: The Needham- Schr oeder Publ i c- keyAut hent i cat ion Pr ot ocoli nRefi nedSpeci f i cat i on588Pr ot ocol 17. 5: Anot herRef ined Speci fi cat i onoft heNeedham- Schr oederPubl i c- keyAut hent i cat ion Pr ot ocol589Pr ot ocol 17. 6:MAP1 595Pr ot ocol 18. 1: An I nt er act i ve Pr oofPr ot ocolf orSubgr oupMembershi p623Pr ot ocol 18. 2: Schnor r' s I dent i f icat i onPr ot ocol 630Pr ot ocol 18. 3: A Perf ect Zero- knowl edgeProofPr ot ocolf orQuadr at i cResi duosi t y642Pr ot ocol 18. 4: ZKPr ooft hat N HasTwoDi st i nctPr i meFact ors645Pr ot ocol 18. 5: " NotToBeUsed" 651Pr ot ocol 18. 6: Chaum' s ZK Pr oofofDi s- Log- EQPr ot ocol 654Pr ot ocol 19. 1: Blum' s Coi n- Fl i ppi ng- by- Tel ephoneProt ocol 667 TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy.Part I: IntroductionThe f i r st par t oft hi s book consi st s oft woint r oduct or ychapt er s.Theyi nt r oduceus t osomeoft hemost basi cconcept si n cr y pt ogr aphyand i nf ormat i on secur i t y ,t ot he envi r onmenti nwhi chwecommunicat e andhandl e sensi t i veinfor mat i on,t oseveral wel lknown f igur eswhoacti nt hatenvi ronmentand t hest andar dmodus oper andiofsomeoft hem whopl ayr ol eofbad guys,t o t hecul t ur eoft he communi t i es f orr esearchand devel opment ofcry pt ogr aphi cand i nf or mat i on securi t ysy st ems,and t ot he f actofext reme er ror pr onenessof t hesesyst ems.As anelement ar y - level i nt r oduct i on, t hi s part i si nt ended f ornewcomer st o t he ar eas. TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy.Chapter 1. Beginning with a SimpleCommunication GameWe begin t hi sbook wi t ha si mpl e exampl e ofappl y ingcr y pt ogr aphyt osol ve asi mpl e problem.Thi s exampl eofcry pt ographi c appl icat i onser vest hr eepur poses f romwhi ch we wi l lunfol dt het opi cs oft hisbook:To pr ovi dean i nit i al demonst rat i on ont heef fect i venessandpr act i cal i t yofusi ngcry pt ogr aphyf orsol vi ng subt l epr obl emsi n appl i cat ionsTo suggestani ni t i alhinton t hefoundat i onofcry pt ogr aphyTo begi n ourpr ocess ofest abl i shi nga r equi r edmi ndset for conduct i ng t hedevel opment ofcry pt ogr aphi c sy st ems f ori nf ormat i onsecur i t yTo begi n wi t h,weshal lpose at r i vi al l ysimplepr obl emandt hensolve i t wit h an equal l ysi mpl esol ut i on.Thesolut i onisa t wo- par t y gamewhi ch i s ver yfami l iar t o al lofus. However, wewil lr eal i ze t hatoursimplegamesoon becomest r oubl esomewhen ourgame- pl ayi ng par t ies ar ephysi call yr emot efr om eachot her .The phy si calsepar at i on oft he game- pl ay i ngpar t i esel imi nat es t hebasi s for t he gamet o bepl ay ed fai r l y .The t r oubl et heni s, t he game- pl ay i ngpar t i escannot t r ustt he ot hersi de t o pl ayt hegame f ai rl y .The needfor a f air pl ay ingof t he game f orr emot epl ayer s wi l l"i nspi r e" ust o st r engt hen oursi mpl egamebypr ot ect i ng i t wi t h ashi el dofar mor .Ourst r engt heningmet hod f ol lowst he l ongest abl i shed i dea f orpr ot ect i ngcommuni cat i onsoveropen net wor ks: hi di ng i nf or mat ion usi ngcrypt ogr aphy .Aft erhavi ng appl i ed cr ypt ogr aphyandr eacheda qual i t ysolut i ont o our fi r stsecuri t yprobl em,we shal lconductaser i esofdi scussi ons on t hequal i t ycr i t er i a f orcr ypt ogr aphicsy st ems ( 1. 2) .The di scussi ons wi l lser ve as abackgr ound and cul t ur al int r oduct i ont o t hear easin whi chwer esear ch and develop t echnol ogies f orpr ot ect i ngsensi t i vei nfor mat i on. TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy.1.1 A Communication GameHereisa si mpl epr obl em. Two f ri ends,Al i ce and Bob[ a],wantt ospendan eveni ngout t oget her ,butt hey cannotdeci dewhet hert o go t ot he ci nema ort he oper a.Never t hel ess,t heyr each anagr eement t o l et a coi n deci de: pl ayi ng acoin t ossi nggamewhi chisver yfami l i art o al l ofus.[ a]Theyaret hemost well- kn ownf igures int hear ea of cry pt ogr aphy, cr ypt ogr aphicprot ocolsandinf or mat ionsecur it y; t hey willappearinmost of t hecr ypt ogr aphicpr ot ocolsint hisbook.Al i cehol ds acoi n and say st o Bob," Youpi cka si de t hen I wi l lt oss t he coi n. " Bob does so andt henAl i ce t ossest he coi ni n t he ai r .Thent heybot h l ook t osee which si de oft hecoi nl andedont op. I fBob's choi ce i s on t op, Bobmaydeci dewher e t hey go;i ft heot hersi de oft hecoin l andsont op, Al i ce makes t he deci si on.I nt he st udyofcommuni cat i on pr ocedur es, a mul t i - par t y - pl ay ed gameli ke t hisone canbe gi vena " sci ent i fi c soundi ng"name:prot ocol .Apr ot ocoli s awel l - defi ned pr ocedur e r unni ngamongapl ur al numberofpart i ci pat i ng ent i t i es.We shoul d not et he i mpor t ance oft hepl ur al i t yoft hegame part i ci pant s; i fa procedur e i s execut edent i r el ybyone ent i t y onl yt heni ti s apr ocedur eand cannotbecal l ed apr ot ocol .1.1.1 Our First Application of CryptographyNow i magi net hat t he t wofr i ends ar e t r y i ngt o r un t hispr ot ocolover t he t el ephone.Al i ceoff ersBob, "You pi ck asi de.ThenI wi ll t osst he coi nandt ell you whet her ornot you have won." Ofcour seBob wi l lnotagree,becausehe cannotveri f yt heout comeoft he coi nt oss.Howeverwe canadda l i t t l e bi t ofcry pt ogr aphyt ot hi s pr ot ocol andt ur ni ti nt o a ver si onwor kableovert hephone. The r esul twi l lbecomea cr ypt ogr aphicpr ot ocol , ourf ir st cr y pt ogr aphi cpr ot ocoli nt hi s book! Fort he t ime bei ng,l etusj ust consi derour" cr y pt ogr aphy" as amat hemat i cal funct i on f ( x) whi ch maps overt heint egersandhas t hefol l owi ngmagi cpr oper t i es:Pr oper t y1 . 1: Magi c Funct i onfForever yin t egerx ,i t is easyt o com pu t ef( x ) fr omx ,whi legiv enan yval ue f ( x )i ti si mp ossi blet o f in d an yin for m at ionabou tapr e- im age x ,e. g., whet herxi sanoddorevennu mb er .I . TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt ographi c schemes and prot ocol s,especi al l yt hose basedon publ i c- key cry pt ogr aphy ,have basi c orso- cal l ed " t ext book cr ypt o" ver si ons,ast hesever sionsar e usual ly t he subj ect sformanyt ext books oncry pt ogr aphy .Thi sbook t akesadi ff er ent appr oacht o i nt roduci ngcry pt ogr aphy : itpay s muchmoreat t ent i ont ofi t - f orappl i cat i on aspect s ofcr ypt ogr aphy .I texpl ainswhy" t ext book cr y pt o" isonl ygoodin an i dealwor l d wher e dat a ar e r andomandbadguysbehaveni cel y . I t r eveal st he gener alunf it ness of"t ext bookcr y pt o"fort he r eal worl d bydemonst r at i ngnumer ousat t ackson suchschemes,pr ot ocol sandsyst emsunder var i ousr eal -wor ld appl i cat i on scenari os.Thi s bookchoosest o i nt r oducea setofpract i cal cr y pt ogr aphi cschemes,pr ot ocol sand syst ems, manyoft hem st andar ds ordefact oones,st udies t hemcl osel y,expl ainst hei rwor ki ng pri nci pl es,di scusses t hei rpr act i cal usages,andexami nes t hei rst r ong( i . e. ,f i t - for - appl i cat i on)securi t y pr opert i es,oft enwi t h securi t y evi dencefor mal l yest abl ished.The bookal so i ncl udes self - cont ai nedt heor et i calbackgr ound mat er ial t hat i st he f oundat i onformoder n cr ypt ogr aphy.Protocol 1.1: Coin Flipping Over TelephonePREMI SEAl i ceandBob haveagr eed:a " magi cfunct i on" fwi t h pr oper t i esspeci f iedi nPr oper t y1. 1 i .anevennumberx i n f ( x) repr esent sHEADSandt he ot hercase r epr esent sTAI LSi i .( * Caut ion:due t o( i i) ,t hi s prot ocol has aweakness, see Exerci se1. 2 * )Al i cepi cks al arger andomint eger x andcomput esf ( x) ; sher eadsf ( x) t oBobovert hephone;1.Bobt ell s Al i cehi s guessofx asevenorodd; 2.Al i cereads x t o Bob; 3.Bobver i fi esf ( x) andseest hecor r ect ness/ i ncorr ect nessofhi s guess. 4.I ti mp ossi blet o f in d apai rofin t eger s( x ,y )sat isf yi ngx y andf( x) = f ( y) . I I .I n Pr oper t y1. 1,t headj ect i ves"easy " and " impossi bl e" have meani ngswhi ch needfurt herexpl anat i ons.Al so because t hese wor ds ar e r elat ed t oa degr ee ofdi f fi cul t y ,weshoul dbe cl earaboutt hei rquant if i cat ions. However, si nce f ornowwevi ew t hefunct i onfasa magi c one, iti ssafe f orust o use t hese wor dsin t hewayt heyar e usedin t hecommonl anguage.I nChapt er4we wi l lpr ovi de mat hemat i cal for mul at i ons f orvar ioususesof" easy " and" i mpossi bl e" i n t hi sbook.One i mpor t ant t askfort hi sbook i s t o est abl i sh var iousquant i t at i vemeanings f or" easy , ""di f fi cul t " oreven"i mpossi bl e. "I nfact ,aswewi l levent ual l yseei n t hefi nalt echni calchapt eroft hi s book( Chapt er19) t hat in ourfi nal r eal i zat i onoft he coi n- f l ippi ngpr ot ocol ,t het wo uses of"i mpossi ble"fort he " magi c f unct i on"i nPr oper t y1. 1 wi l lhavever ydi ff erent quant i t at i vemeasures.Supposet hat t he t wofr i endshaveagr eedont he magi c f unct i on f .Suppose al so t hatt heyhaveagr eed t hat ,e. g. ,anevennumberr epr esent sHEADS andan odd numberr epr esent s TAI LS. Nowt heyar e r eadyt orunourf ir st cr y pt ogr aphi cpr ot ocol ,Pr ot1.1,overt he phone.I ti s notdif fi cul t t o ar guet hat Pr ot ocol"Coi nFli ppi ngOver Tel ephone"wor ks quit ewel lovert het el ephone.Thefol l owi ngi sa r udiment ar y" secur it yanal y si s. "( War ni ng: t he r eason f orus t oquot e"secur i t yanaly si s"i s becauseour anal ysi s pr ovi dedhere i s f arf romadequat e. )1.1.1.1 A Rudimentary "Security Analysis"Fi rst ,f r om" Pr oper t yI I "off ,Al i cei sunabl et o f i ndt wo dif fer entnumber sx andy,onei soddand t heot hereven( t hi s can be expr essedasx y ( mod 2) )sucht hat f ( x) = f ( y) .Thus,oncehavi ngr ead t heval uef ( x) t o Bobover t he phone ( St ep1) , Ali ce hascommi t t ed t o herchoi ce of TableofCont ent sModer n Cr ypt ography :Theor yand Pract i ceByWenbo Mao Hewlet t - PackardCompany


Manycr y pt o

modern cryptography theory and practice

Documents

i t y secti

i dealwor

i t y di

r ong i

cat i onsecuri t y pr

t r eveal

t hei rprobabi

safeguardandat t ack