Lecture 6

We continued our discussion of some basic number theory, and then described the Diffie-Hellman protocol. We also introduced the public-key setting, and introduced the El Gamal and RSA encryption schemes.

The blog is pretty quiet; there are barely any questions in class; and the only questions I get by email are about the homework. Is class moving too slow, so that everything is too easy? Or too fast so that people don’t know what to ask? Are people finding the crypto material uninteresting? Comments welcome! (Anonymous comments are fine for responding to this if you prefer, though I reserve the right to delete any that are inappropriate.)

10 Responses to “Lecture 6”

  1. Anonymous Says:

    For me, it would be twofold. The pace of the class is not too fast to understand the material, but probably too fast for discussion. The second reason (and this may apply to the group as well) is that a lot of the things we are discussing have been proven by academia at a Mission Critical level. So if something is “right” we don’t feel equip to question it in front of an audience, and if something is “wrong,” certainly the chances of us being as clever as the person who discovered the flaw is low. I think _that_ would be a better explanation of why people don’t know what to ask. And I don’t think that the crypto material is necessarily uninteresting, but its mathematical nature makes it harder to discuss.

    To sum it up, It’s probably easier to discuss “how they stole the file” than “how they would decrypt the file,” especially after being told that pretty much anyone can encrypt something that would require more energy than is available in the universe to break.

    • jonkatz Says:

      Thanks for the comment! I can understand that it would be daunting to question the material, especially since we are not going many of the low-level details the way I would in 456. But I’m surprised that people don’t have questions about the material, or about how it’s used.

  2. Michael Donovan Says:

    I would say the math is what’s stumping me right now. When I start to see the number theory I get a little confused, but I know that if I just sit down and look at it again then I would understand it. Maybe if we made more connections between when schemes are used and how they work, like when you showed what ssh uses. Also I found this:


    We should do all our lectures in stick figure drawings. 🙂

    • jonkatz Says:

      The math is hard if you haven’t seen it before, but that’s why I’m especially surprised at the lack of questions. Please ask me in class for more examples, or to make it concrete.

      Thanks for the link — I enjoyed it. =)

  3. Anonymous Says:

    Here’s a educational comic on AES: http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

  4. Lecture 7 « CMSC414: Computer/Network Security Says:

    […] CMSC414: Computer/Network Security University of Maryland, College Park « Lecture 6 […]

  5. Anonymous Says:

    I’m lost on public key security. I understand the basic number theory things we have gone over, including Z and Z*. The generators make sense as well. However, when it comes down to the diffie-hellman protocol, I start to get lost. I see that you find a positive integer X such that g^x = h. So that is basically saying that g is a generator so when you raise it so some power X it will result in a number h that is in Zp*?

    Beyond that, I start to get lost at public security. How is it that using a public key can be secure? Assuming the adversary knows the senders public key, what prevents him from decrypting it just the same as the actual recipient? I feel like I’m missing something basic here.

    • jonkatz Says:

      Your description of the Diffie-Hellman protocol is not quite right. One party chooses exponent x and then computes h=g^x mod p. So it is guaranteed that h lies in Zp* (regardless of whether g is a generator or not).

      The fact that g is a generator means that for any h in Zp* there exists an exponent x for which g^x = h mod p. However, the discrete logarithm assumption is that finding such an x (given p, g, and h) is hard.

      As for security of public-key encryption, every public key has an associated private key that enables decryption. But security implies that it is hard to compute the private key from the public key. (For example, in the case of RSA that we discussed in lecture 7, given the public key (N, e) it is hard to compute the decryption exponent d.)

      • Anonymous Says:

        Thanks for the clarification! The part that loses me with the public encryption schemes is: how does the receiver get that private key? Is it dependent on the algorithm?

  6. jonkatz Says:

    The receiver runs a key generation algorithm to generate the public and private keys simultaneously. The details of key generation depend on the exact scheme being used. See the examples of El Gamal and RSA that I posted.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: