| STARRING | |||
|---|---|---|---|
 |
 |
 |
 |
| Alice | Bob | Eve | Spot |
Reading: Chapter 11
wherein the Alice-Bob subplot is unveiled
| STARRING | |||
|---|---|---|---|
|
|
|
|
| Alice | Bob | Eve | Spot |
Prologue: Alice and Bob want to talk. Clever, evil Eve wants to eavesdrop. Alice and Bob wonder what to do.
Alice and Bob agree on a key in private. Now they can talk alound, encoding messages with the key.
Drats!
Fine, but what's a key and how can we use it?
Arr!
Try a shuffling of letters. Alice and Bob agree on the mapping as their key.
original _ A B C D E F G H I J K L M N O ... destination @ A X J E W U I D C H T N M B R ...
Alice maps her message using the mapping.
I _ D O -> C @ E RShe sends, ``C@ER.'' To decrypt, Bob reverses the mapping
C @ E R <- I _ D O
Any long English messages can be decoded by analyzing letter frequency.
The letter occurring most is
probably an `E'.
Newspaper cryptograms show how easy breaking Kaptain Krunch's code is.
Shiver me timbers!
We can think of our belief about the messages contents as a probability distribution.
The encrypted message should not alter our suspicions; i.e., for every message x,
Pr[x is original, given encryption] = Pr[x is original].
Say Alice and Bob agree to a series of random numbers between 0 and 26.
2, 23, 20, 8, 16, ...
To encrypt, Alice adds numbers to corresponding letters.
I _ D O + 2 +23 +20 + 8 --- --- --- --- K W X WBob subtracts to get original.
K W X W - 2 -23 -20 - 8 --- --- --- --- I _ D O
This is called the one-time pad.
Fact:
Pr[x and y] = Pr[x given y] Pr[y] Pr[x and y] = Pr[y given x] Pr[x]This implies Bayes' Theorem:
Pr[x] Pr[y given x]
Pr[x given y] = -------------------
Pr[y]
Arf?
Pr[X is original, given encryption M]
Pr[X is original] Pr[M is encryption, given X]
= ----------------------------------------------
Pr[M is encryption]
But...
k
Pr[M is encryption, given X] = (1/27)
Independence!
And...
Pr[M is encryption] = sum Pr[K is key] Pr[M is X + K]
keys K
k
= sum (1/27) Pr[X is M - K]
keys K
k
= (1/27) sum Pr[X is M - K]
keys K
k
= (1/27)
So:
Pr[X is original, given encryption M] = Pr[X is original]
Darn!
Often Alice and Bob can't communicate key in private. This is a job for public-key cryptography.
Now Bob has two keys, one published, one kept to himself.
A message encrypted with the public key can only be decrypted with a private key.
The most popular public-key cryptosystem is RSA. (PGP is one implementation.)
In RSA, the public key is a product of two large prime numbers. The private key has the two primes.
RSA is not as secure as one-time pad. It is broken if the public key is factored.
But after 2,500 years of looking, we still don't know a fast factoring algorithm.
Alice, Bob, Krunch, and Spot just got their test grades.
 |
 |
|
|
| 95 | 88 | 82 | 50 |
|---|
They want to know their average score, but nobody wants to reveal their grades. What can they do?
x mod N is the remainder when x is divided by N.
For addition, this gives wrap-around behavior. Notice that modulo addition is commutative and associative.
We take N to be 401.
All behave the same.
(rBA + rBS + rBK + rBB) mod 401 = Bob's score (88)
cB = (rAB + rSB + rKB + rBB) mod 401Give cB to everybody, get cA, cS, and cK.
sends to whom
who Alice Bob Spot Krunch score
Alice 135 240 301 221 95
Bob 285 363 109 133 88
Spot 135 300 334 83 50
Krunch 132 5 230 116 82
total 286 106 172 152 315
In class, Ankur suggested that in a public-key cryptosystem Eve might be able to guess the message Alice sends, encrypt it with Bob's key, and thus verify what it was Alice sent. I didn't have an answer to it then.
There is an answer, though: Alice can include in the message two parts.