Farewell (for now)
Online Cryptography Course Dan Boneh
Farewell (for now)
Dan Boneh
Quick Review: primi@ves CTR PRG
GGM
PRF, PRP
key exchange Trapdoor Func@ons
public key encryp@on
CMAC, HMAC PMAC
MAC Collision resistance
Diffie-‐Hellman groups Dan Boneh
Quick Review: primi@ves To protect non-‐secret data: (data integrity) – using small read-‐only storage: use collision resistant hash – without: use MAC … requires secret key To protect sensi/ve data: only use authen@cated encryp@on (eavesdropping security by itself is insufficient) Session setup: • Interac@ve sePngs: use authen@cated key-‐exchange protocol • When no-‐interac@on allowed: use public-‐key encryp@on Dan Boneh
Remaining Core Topics (part II) • Digital signatures and cer@ficates • Authen@cated key exchange • User authen@ca@on: passwords, one-‐@me passwords, challenge-‐response • Privacy mechanisms • Zero-‐knowledge protocols
Dan Boneh
Many more topics to cover … • Ellip@c Curve Crypto • Quantum compu@ng • New key management paradigms: iden@ty based encryp@on and func@onal encryp@on • Anonymous digital cash • Private vo@ng and auc@on systems • Compu@ng on ciphertexts: fully homomorphic encryp@on • LaPce-‐based crypto • Two party and mul@-‐party computa@on Dan Boneh
Final Words Be careful when using crypto: • A tremendous tool, but if incorrectly implemented: products will work, but may be easily aXacked Make sure to have others review your designs and code Don’t invent your own ciphers or modes
Dan Boneh
End of part I
Dan Boneh
Farewell (for now)
Dan Boneh
Quick Review: primi@ves CTR PRG
GGM
PRF, PRP
key exchange Trapdoor Func@ons
public key encryp@on
CMAC, HMAC PMAC
MAC Collision resistance
Diffie-‐Hellman groups Dan Boneh
Quick Review: primi@ves To protect non-‐secret data: (data integrity) – using small read-‐only storage: use collision resistant hash – without: use MAC … requires secret key To protect sensi/ve data: only use authen@cated encryp@on (eavesdropping security by itself is insufficient) Session setup: • Interac@ve sePngs: use authen@cated key-‐exchange protocol • When no-‐interac@on allowed: use public-‐key encryp@on Dan Boneh
Remaining Core Topics (part II) • Digital signatures and cer@ficates • Authen@cated key exchange • User authen@ca@on: passwords, one-‐@me passwords, challenge-‐response • Privacy mechanisms • Zero-‐knowledge protocols
Dan Boneh
Many more topics to cover … • Ellip@c Curve Crypto • Quantum compu@ng • New key management paradigms: iden@ty based encryp@on and func@onal encryp@on • Anonymous digital cash • Private vo@ng and auc@on systems • Compu@ng on ciphertexts: fully homomorphic encryp@on • LaPce-‐based crypto • Two party and mul@-‐party computa@on Dan Boneh
Final Words Be careful when using crypto: • A tremendous tool, but if incorrectly implemented: products will work, but may be easily aXacked Make sure to have others review your designs and code Don’t invent your own ciphers or modes
Dan Boneh
End of part I
Dan Boneh
