unit 9: cryptography · way functions, randomness, and diffie-helman key exchange. ‣ it teaches...
TRANSCRIPT
![Page 1: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/1.jpg)
1
April 15th, 2016
Dave Abel
Unit 9: Cryptography
![Page 2: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/2.jpg)
Yurt, Round Two
2
![Page 3: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/3.jpg)
‣ If you want to go, email me with subject “Yurt”
‣ Specify which time you’d like to go:
- Monday, May 9th from 2pm-3pm
- Tuesday, May 10th from 11am-noon
Yurt, Round Two
3
![Page 4: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/4.jpg)
Outline
4
‣ Some excellent questions from you all!
‣ Randomness
‣ Cryptography vs. Security
‣ Security Breaches, Hacking, and Chickens and Eggs
![Page 5: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/5.jpg)
Some Questions (From Y’all)!
5
Q: Why do we use OWFs for cryptography if we’re still not sure about SOLVE = VERIFY? Seems Risky!
A1: If SOLVE = VERIFY, then there is an efficient way to break our crypto systems, but we don’t know of it yet. It may be incredibly difficult to come up with the algorithm!
A2: Many folks are 99% confident SOLVE is not the same as VERIFY
A3: Good point! This does seem a little nutty. Folks are researching other methods, now.
![Page 6: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/6.jpg)
Some Questions (From Y’all)!
6
Q: What if Eve isn’t just able to look at the encrypted message? What if we change her powers up?
Bob
Eve
Alice
![Page 7: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/7.jpg)
Some Questions (From Y’all)!
7
Q: What if Eve isn’t just able to look at the encrypted message? What if we change her powers up?
Bob
Eve
Alice
![Page 8: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/8.jpg)
Some Questions (From Y’all)!
8
Q: What if Eve isn’t just able to look at the encrypted message? What if we change her powers up?
A: This introduces the more general field of Security, which is concerned with protecting the information on our machines from intruders. We’ll talk about this more today!
![Page 9: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/9.jpg)
Some Questions (From Y’all)!
9
Q: How are there ever security breaches, then? If all this is secure?
A: Many modern crypto systems are actually a bit slow. Not crazy slow, but will take a few minutes. We don’t really want to wait that long, practically, so instead there are systems that are almost as secure but are faster.
![Page 10: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/10.jpg)
Some Questions (From Y’all)!
10
Q: How are there ever security breaches, then? If all this is secure?
A: Many modern crypto systems are actually a bit slow. Not crazy slow, but will take a few minutes. We don’t really want to wait that long, practically, so instead there are systems that are almost as secure but are faster.
A: Someone could still videotape you writing your password or just guess it. These sorts of vulnerabilities are dealt with by the field of Security, not Cryptography.
![Page 11: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/11.jpg)
Randomness
11
![Page 12: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/12.jpg)
‣ Earlier notion of randomness from Theory!
‣ The higher the Kolmogorov complexity, the more random an object is.
Randomness
12
![Page 13: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/13.jpg)
Randomness
13
‣ But how about events? Really, we want this:
![Page 14: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/14.jpg)
Randomness
14
‣ But how about events? Really, we want this:
‣ But suppose we didn’t have this block. How could we write a block to carry out random operations?
![Page 15: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/15.jpg)
Randomness
15
‣ Everything has been so deterministic:
![Page 16: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/16.jpg)
Randomness & Crypto
16
Bob
Eve
Alice
plaintext encrypted text decrypted text
![Page 17: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/17.jpg)
Randomness & Crypto
17
Eve
Randy
![Page 18: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/18.jpg)
Randomness & Crypto
18
Eve
Randy
“I have figured out a way to simulate random coins!”
![Page 19: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/19.jpg)
Randomness & Crypto
19
Eve
Randy
“I have figured out a way to simulate random coins!”
“No way…”
![Page 20: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/20.jpg)
Randomness & Crypto
20
Eve
Randy
Eve gets to see Randy’s “random” guess, and
the coin.
![Page 21: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/21.jpg)
Randomness & Crypto
21
Eve
Randy
Gets to see, lets say, 1000 answers from
both.
![Page 22: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/22.jpg)
Randomness & Crypto
22
Eve
Randy
Q: Can Eve correctly guess which box is
Randy?
![Page 23: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/23.jpg)
Randomness & Crypto
23
Eve
Randy
Q: Can Eve correctly guess which box is
Randy?
If Eve can be right more than 1/2 the time, Randy isn’t
Random
![Page 24: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/24.jpg)
(Psuedo)-Randomness
24
‣ Definition: A process is pseudorandom if an adversary, Eve, cannot distinguish the process from a truly random process!
![Page 25: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/25.jpg)
(Psuedo)-Randomness
25
‣ Definition: A process is pseudorandom if an adversary, Eve, cannot distinguish the process from a truly random process!
‣ Q: Can humans do this?
![Page 26: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/26.jpg)
“Truly” Random?
26
![Page 27: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/27.jpg)
True Randomness?
27
We may regard the present state of the universe as the effect of its past and the cause of its future. An intellect which at a certain moment would know all forces that set nature in motion, and all
positions of all items of which nature is composed, if this intellect were also vast enough to submit these data to analysis, it would
embrace in a single formula the movements of the greatest bodies of the universe and those of the tiniest atom; for such an intellect nothing would be uncertain and the future just like the
past would be present before its eyes.
- Pierre Simon Laplace, A Philosophical Essay on Probabilities
![Page 28: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/28.jpg)
“Truly” Random?
28
‣ We consider many phenomena in the world to exhibit truly random behavior.
‣ Anything that does not follow a pattern.
‣ Examples:
- Atmospheric White Noise
- Coin Flips
- Radioactive Decay
![Page 29: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/29.jpg)
Psuedorandomness
29
‣ Definition: A process is pseudorandom if an adversary, Eve, cannot distinguish the process from a truly random process!
‣ Q: So how do we achieve this?
![Page 30: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/30.jpg)
Psuedorandomness
30
‣ Definition: A process is pseudorandom if an adversary, Eve, cannot distinguish the process from a truly random process!
‣ Q: So how do we achieve this?
‣ A: One Way Functions!
INPUT OUTPUT
![Page 31: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/31.jpg)
OWFs as Pseudorandom Generators
31
‣ Intuition: If it’s easy for you to figure out why something happened, then it’s not really random.
‣ One Way Function: It’s hard to figure out the input, given the output.
‣ Conclusion: we can extend One Way Functions to create Pseudo Random Number Generators!
![Page 32: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/32.jpg)
OWFs as Pseudorandom Generators
32
‣ Intuition: If it’s easy for you to figure out why something happened, then it’s not really random.
‣ One Way Function: It’s hard to figure out the input, given the output.
‣ Conclusion: we can extend One Way Functions to create Pseudo Random Number Generators!
![Page 33: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/33.jpg)
Cryptography vs. Security
33
‣ Cryptography is about the study of things like One Way Functions, Randomness, and Diffie-Helman Key Exchange.
‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going to do it by trying to break our One Way Function.
‣ But that doesn’t mean a hacker couldn’t just guess our password! Considerations like these are a part of the more general field of security, not cryptography.
![Page 34: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/34.jpg)
Security
34
‣ Let’s look at one problem: password cracking.
‣ Cryptography tells us if we play by the rules and use all the nice tools we went over Wednesday, that Eve can’t listen to Bob and Alice’s communication.
‣ Computer Security tells us, “don’t use the word ‘password’ as your password”.
![Page 35: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/35.jpg)
Problem: Password Cracking
35
‣ INPUT: A user on Facebook/Amazon/Netflix/etc.
‣ OUTPUT: That user’s password.
![Page 36: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/36.jpg)
Password Cracking Idea
36
‣ Machine Learning Approach! Treat it like classification.
Any thoughts? How might we do this?
![Page 37: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/37.jpg)
Password Cracking Idea
37
‣ Machine Learning Approach! Treat it like classification.
Any thoughts? How might we do this?
Training Data? Features?
![Page 38: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/38.jpg)
Password Cracking Idea
38
‣ Machine Learning Approach! Treat it like classification.
‣ Features: user’s age, name, location, interests, etc.
‣ Training Data: user data + user’s password.
![Page 39: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/39.jpg)
Password Cracking Idea
39
‣ Machine Learning Approach! Treat it like classification.
‣ Features: user’s age, name, location, interests, etc.
‣ Training Data: user data + user’s password.
‣ Idea: maybe all people named “Petunia” use passwords that involve their name.
![Page 40: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/40.jpg)
Most Common Passwords
40
- 123456
- password
- 12345678
- qwerty
- abc123
- adobe123
- 123123
- admin
- 1234567890
- letmein
- 123456789
- 111111
- 1234567
- iloveyou
- photoshop
- 1234
- monkey
- shadow
- sunshine
![Page 41: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/41.jpg)
Password Cracking
41
‣ Idea one: machine learning!
‣ Idea two: guess the top 20, 50, 1000, or so passwords.
‣ Idea three: try replacing I’s with 1’s, O’s with 0’s, etc.
‣ Q: How many do you think we’d get?
![Page 42: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/42.jpg)
Hacking
42
![Page 43: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/43.jpg)
Hacking
43
![Page 44: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/44.jpg)
Hacking
44
![Page 45: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/45.jpg)
Chickens and Eggs…
45
‣ Security folks develop systems of defense: let’s say, wrapping everything in metaphorical cardboard.
‣ Hackers, in response, bring box cutters.
‣ Security folks, in response, get metal cages.
‣ Hackers, in response, bring fence cutters.
‣ And so it goes…
![Page 46: Unit 9: Cryptography · Way Functions, Randomness, and Diffie-Helman Key Exchange. ‣ It teaches us that, if a “hacker” wants to break into our systems, they’re not going](https://reader034.vdocument.in/reader034/viewer/2022051322/6009c06b49f2141e1407cac9/html5/thumbnails/46.jpg)
Have a great weekend!
46