1 of 10

CS 161 Discussion 3

Link to Discussion Worksheet

Shomil Jain

2 of 10

Announcements

HW 2 is out (due Sunday) [Buffer Overflows + Basic Encryption]

Project 1 is due next Tuesday (7/7)

There’s a really good GDB walkthrough on Piazza (see Section Slides).

Come to OH if you need help!

3 of 10

Asymmetric Cryptography

4 of 10

C.I.A.

Confidentiality: E shouldn’t be able to read private data between A/B.

Integrity: E shouldn’t be able to modify messages sent between A/B without them without detection.

Authenticity: A should be able to verify a message originated from B.

5 of 10

Symmetric-Key Encryption

Confidentiality: E shouldn’t be able to read private data between A/B.

Alice encrypts a message with a shared key.

Bob decrypts a message with the same key.

Without the key, Eve has no information about the message.

6 of 10

One-Time Pad

Schema

  • KeyGen(): ret random_key()
  • Encrypt(M): C = M ⊕ K
  • Decrypt(C): M = C ⊕ K

Cannot reuse keys!

Properties of XOR: x ⊕ 0 = x x ⊕ x = 0 x ⊕ y = y ⊕ x (x ⊕ y) ⊕ z = x ⊕ (y ⊕ z)

7 of 10

Block Ciphers

Goal: we want to be able to encrypt messages of arbitrary length.

Solution: break messages up into blocks, and use fixed-length encryption functions (ex: AES) to encrypt each block. Add padding if needed.

Schemes: ECB, CBC, OFB, Counter (Draw these out!)

8 of 10

IND-CPA

Ciphertexts must be indistinguishable under a chosen-plaintext attack!

  1. Attacker gives two messages to the Encryption Oracle.
  2. The Encryption Oracle returns two ciphertexts in response.
  3. The attacker should not be able to identify which M corresponds to which C with a success rate greater than 50%.

The attacker can ask the encryption oracle to encrypt/decrypt as many messages/ciphertexts as they’d like.

9 of 10

Discussion Worksheet

10 of 10

Notes

Feel free to email me at shomil@berkeley.edu with any questions about the course or anything else!

My office hours are from 3 PM - 4 PM on T/Th.

See pinned Piazza posts for link to these slides!