SECURITY and CRYPTOGRAPHY 15-827 11 OCT 01
Lecture #8 M.B.
4615 Wean
Recall HW 2. Come up with an original PHONOID. More
specifically, come up with 10 original PHONOIDS, but
show me your best.
Be prepared to exhibit your protocol on Tue Oct 9.
Did anyone (besides Brian Clark) come up with a protocol that does NOT
require any arithmetic at all?
(Is such a protocol possible? Yes!)
MIDTERM EXAM 1 will be on October 25. I will give you a sample class of
protocols, more specifically a probability distribution on a class of
protocols. Your job will be to comment on the distribution, i.e. to give
the plusses and minusses of the class of protocols.
In preparation, I'll give you a SAMPLE midterm exam as your next HOMEWORK
problem, to be handed out this coming Tuesday October 16, and due on Tue
October 23 (2 weeks from now).
The midterm like the homework will give you a class of PhonOID protocols.
It'll ask you to evaluate the class of protocols along a number of
dimensions of your own choosing.
What dimensions? Here are a few:
EASE of GENERATION of a PROTOCOL.
* How easy is it to generate a random protocol?
* How easy is it to learn a (once in a lifetime) random protocol? (Since
one's protocol is forever, this need not be the most important
consideration, but it's a consideration nonetheless.)
* How many possible protocols are there?
* What is the maximum probability with which any particular protocol is
chosen from the distribution?
EASE of GENERATION of a CHALLENGE.
* How easy is it to generate a random challenge?
* How many possible challenges are there?
* What is the maximum probability with which any particular challenge is
chosen?
EASE of GENERATION of a RESPONSE.
* How easy is it for a human to generate a correct response to a randomly
generated challenge?
* If easy, how much FUN is it to generate a response?
DIFFICULTY of BREAKING
* How many RANDOM challenge-response pairs suffice to break the protocol?
* How many CHOSEN challenge-response pairs suffice?
* For a given number of challenge-response pairs, how much computation
suffices to break the protocol?