(Difficult)
In 16.2.3 the author discusses how we can take a plaintext (single numerical value) and represent such a message in an elliptic curve. I see how the example worked, but I had a few questions about details on finding the elliptic curve representation:
1.) If we are not guaranteed that the message will work on the elliptic curve, wouldn't that limit the use of elliptic curves for cryptographic purposes?
2.) When looking at elliptic curves we are dealing with square roots, so is there a standard by which we decide which square root to pick?
(Reflective)
In 16.2.2 we look at the example of a "discrete log" on elliptic curves. The author discusses briefly the difficulties of attacking a discrete log problem on elliptic curves, but nothing is mentioned as to the use of discrete logs on elliptic curves for cryptography. The lecture leads us to believe it would provide us with a fairly secure method of encryption, but does not give us details on how it would work. Is our main focus on elliptic curves used for a factorization method, or will we be using elliptic curves as a method of encryption as well?
Monday, November 29, 2010
Tuesday, November 23, 2010
Section 16.1 due Nov. 29th
(Difficult)
I was a little confused by the use of the point at infinity as an additive identity. I understand that not all groups have the same additive or multiplicative identities ( we are most familiar with zero as the additive identity, and one as the multiplicative identity, under normal addition and multiplication), but I am not sure I understand the explanation of why infinity is the additive identity.
(Reflective)
I am glad that the book clearly stated the fact that elliptic curves form an Abelian group. This was something I think I would not have noticed on my own, but it gives elliptic curves a lot of great characteristics for use in cryptography. As we saw with previous cryptosystems, systems which form groups have many advantages, and often a few disadvantages as well. In our examples of DES, it was critical that DES was not a group for Double DES or Triple DES to be effective. I am curious how Abelian groups fit into cryptography.
I was a little confused by the use of the point at infinity as an additive identity. I understand that not all groups have the same additive or multiplicative identities ( we are most familiar with zero as the additive identity, and one as the multiplicative identity, under normal addition and multiplication), but I am not sure I understand the explanation of why infinity is the additive identity.
(Reflective)
I am glad that the book clearly stated the fact that elliptic curves form an Abelian group. This was something I think I would not have noticed on my own, but it gives elliptic curves a lot of great characteristics for use in cryptography. As we saw with previous cryptosystems, systems which form groups have many advantages, and often a few disadvantages as well. In our examples of DES, it was critical that DES was not a group for Double DES or Triple DES to be effective. I am curious how Abelian groups fit into cryptography.
Monday, November 22, 2010
Section 2.12 due Nov. 23rd
(Difficult) In reading about the Enigma machine, I was a little confused about the method of encryption. It obviously was not a substitution cipher, but of the cryptosystems we have studied so far, it reminded me most of a one-time pad. With that in mind it would explain the weakness of encoding multiple messages with the same key.There also seemed to be some obvious limitations on the permutations of a given message, at least when compared to substitution ciphers, vigenere ciphers, etc.
(Reflective) It was nice to read a little about disjoint cycles of permutations in the lecture. This was another topic covered in Abstract Algebra which left me wondering, "when will we ever use this?" I also found it interesting that the cycle lengths each appeared an even number of times. Does this have to do with the design of the enigma machine itself, or more to do with properties of cycles?
(Reflective) It was nice to read a little about disjoint cycles of permutations in the lecture. This was another topic covered in Abstract Algebra which left me wondering, "when will we ever use this?" I also found it interesting that the cycle lengths each appeared an even number of times. Does this have to do with the design of the enigma machine itself, or more to do with properties of cycles?
Sunday, November 21, 2010
Section 19.3 due Nov. 22nd
(Difficult) For me the hardest part to follow in Shor's Algorithm was the Fourier Transform. Although I had briefly seen Fourier Transforms used in the EE department, The way it is presented here was far different than what I remembered from my electrical engineering class. If I understand correctly, we are using the individual frequencies in order to determine the period of a periodic sequence.
(Reflective) In reading about quantum computing, I thought a little about what the implications of a quantum computer would be. Although in theory it is a great idea, we obviously need more progress in quantum computing. it seems we have the math theory ready for facing quantum mechanics, but now fields like engineering, physics, and computer programming may be necessary to truly implement such a computer system.
(Reflective) In reading about quantum computing, I thought a little about what the implications of a quantum computer would be. Although in theory it is a great idea, we obviously need more progress in quantum computing. it seems we have the math theory ready for facing quantum mechanics, but now fields like engineering, physics, and computer programming may be necessary to truly implement such a computer system.
Wednesday, November 17, 2010
Sections 19.1-19.2 due Nov 19th
(Difficult) In the Quantum Key Distribution, I understand the bases B1 and B2 used by Alice and Bob, and I understand how the qubits work, but I don't understand how Alice chooses random entries to create a key. The concept of only using entries where their bases matched is what I am struggling with.
(Reflective) Although I can't say I completely understand all the reading in "A Quantum Experiment", I was very interested to see polarization come up in this class. I look forward to the demonstration in class. I think this is a great testament to the fact that we still have so much more to learn about mathematics. Before becoming a math major, I had a very naive view of mathematics, that most everything in mathematics had already been discovered, and all that was left was how to apply mathematics to the real world. In reality, there is still a lot we don't understand about mathematics, and why things work the way that they do.
(Reflective) Although I can't say I completely understand all the reading in "A Quantum Experiment", I was very interested to see polarization come up in this class. I look forward to the demonstration in class. I think this is a great testament to the fact that we still have so much more to learn about mathematics. Before becoming a math major, I had a very naive view of mathematics, that most everything in mathematics had already been discovered, and all that was left was how to apply mathematics to the real world. In reality, there is still a lot we don't understand about mathematics, and why things work the way that they do.
Tuesday, November 16, 2010
Sections 14.1 - 14.2 due Nov. 17th
(Difficult) The identification scheme in 14.2 was difficult to follow. I understand that the numbers s1,s2, etc. are Peggy's secret numbers, and that Peggy only sends x,y, and the vi's to Victor, but I don't understand how steps 3 and 4 work in this algorithm.
(Reflective) In section 14.1 when we talk about Victor choosing a random x1 or x2, this made me think back to the section on pseudo-random bit generation. This made me consider which random bit generators would work for a zero-knowledge "proof". If the random bit generator could be predicted, then Eve could use this to fake her way through the test. So now we are not only considering the security of the algorithm used for verification, but also the method used to generate "random" bits.
(Reflective) In section 14.1 when we talk about Victor choosing a random x1 or x2, this made me think back to the section on pseudo-random bit generation. This made me consider which random bit generators would work for a zero-knowledge "proof". If the random bit generator could be predicted, then Eve could use this to fake her way through the test. So now we are not only considering the security of the algorithm used for verification, but also the method used to generate "random" bits.
Saturday, November 13, 2010
Sections 12.1 and 12.2 due Nov. 15th
(Difficult) The shamir threshold scheme was a little confusing to me. I think I understand how each pair (x,y) is chosen, but im not sure I understand why we know the determinant of V will be non-zero. My other concern is whether or not this method works only once. In other words, do we need to replace the polynomial s(x) with new random values s1, s2, etc. each time this method is used?
(Reflective) There are two different types of secret sharing in the examples from 12.1. The first case is one person giving a shared secret to various people. The second case, involves a secret where no single person, (including the inventor of the secret code), should be able to generate the whole code by themselves. The methods in the book all require that the code be constructed first, then the parts of the code are distributed out amongst multiple people. I tried to find a way to construct such a code so that no one would have access to the actual code. Is there a way to make a function where no one, (not even those distributing each part of the code), would have complete knowledge of the code? Would the secret code M be encrypted and then stored somewhere?
(Reflective) There are two different types of secret sharing in the examples from 12.1. The first case is one person giving a shared secret to various people. The second case, involves a secret where no single person, (including the inventor of the secret code), should be able to generate the whole code by themselves. The methods in the book all require that the code be constructed first, then the parts of the code are distributed out amongst multiple people. I tried to find a way to construct such a code so that no one would have access to the actual code. Is there a way to make a function where no one, (not even those distributing each part of the code), would have complete knowledge of the code? Would the secret code M be encrypted and then stored somewhere?
Wednesday, November 10, 2010
Exam 2 Prep for Nov. 12th
Which topics/ideas do you think are most important?
I think the most important topics are those covered in Chapter 3. Everything we have covered in Chapters 6 thru 9 relies heavily upon the theory that is covered in Chapter 3.
What kind of questions do you expect on the test?
I imagine we will have a question which covers some of the attacks on RSA and ElGamal. As for the mathematical work, I think there should be atleast one question regarding chinese remainder theorem, square roots mod n, computing discrete logs, and maybe Legendre or Jacobi symbols. There should also be some theoretical discussion of birthday attacks, and maybe a probability estimation.
What do you need to work on?
The material I need to study most are discrete logs, and the hash functions. I am still a little lost on the layout of SHA-1. I also need to go back and review the Jacobi and Legendre symbols, since it has been awhile since we have used those. We have done enough practice with RSA that I feel confident with most of the methods of factoring n, and the theory behind modular exponentiation.
What topics are you interested in studying the rest of the semester?
I am most interested in Chapters 13 and 17. We touched briefly on lattices in Math 371, but only enough to peak some interest in the topic. As for Chapter 13, the games sound like a fun application of crytpography. I already skimmed through Ch. 13, and it shows just how versatile cryptosystems can be.
I think the most important topics are those covered in Chapter 3. Everything we have covered in Chapters 6 thru 9 relies heavily upon the theory that is covered in Chapter 3.
What kind of questions do you expect on the test?
I imagine we will have a question which covers some of the attacks on RSA and ElGamal. As for the mathematical work, I think there should be atleast one question regarding chinese remainder theorem, square roots mod n, computing discrete logs, and maybe Legendre or Jacobi symbols. There should also be some theoretical discussion of birthday attacks, and maybe a probability estimation.
What do you need to work on?
The material I need to study most are discrete logs, and the hash functions. I am still a little lost on the layout of SHA-1. I also need to go back and review the Jacobi and Legendre symbols, since it has been awhile since we have used those. We have done enough practice with RSA that I feel confident with most of the methods of factoring n, and the theory behind modular exponentiation.
What topics are you interested in studying the rest of the semester?
I am most interested in Chapters 13 and 17. We touched briefly on lattices in Math 371, but only enough to peak some interest in the topic. As for Chapter 13, the games sound like a fun application of crytpography. I already skimmed through Ch. 13, and it shows just how versatile cryptosystems can be.
Tuesday, November 9, 2010
Sections 8.3 and 9.5 due Nov. 10th
(Difficult) The secure hash algorithm was quite difficult to follow. I understand each of the individual operations mentioned (AND, OR, XOR, NOT, and addition mod 2^32.) but trying to picture the entire algorithm was tough to do. I understand that once the system is designed, the user doesn't have to understand what's really going on to use it, but as software programmers or cryptanalysts it would be critical to understand the overall picture. If you go over it in class I am sure it will make a little more sense, but any suggestions on being able to visualize the system better? I had this same stumbling block with AES, trying to see the "big picture" of what was going on.
(Reflective) As I read about the secure hash algorithm, I was thinking to myself that all of the operations were very basic. Each of the operations themselves (AND, OR, XOR, etc.) have a very obvious inverse function. What came to mind next was that the great thing about hash functions is that they are not an "encryption". There is no one-to-one mapping from a plaintext to a hash. This is an integral part of what makes hash functions secure.
(Reflective) As I read about the secure hash algorithm, I was thinking to myself that all of the operations were very basic. Each of the operations themselves (AND, OR, XOR, etc.) have a very obvious inverse function. What came to mind next was that the great thing about hash functions is that they are not an "encryption". There is no one-to-one mapping from a plaintext to a hash. This is an integral part of what makes hash functions secure.
Sunday, November 7, 2010
Sections 9.1-9.4 due Nov 8th
(Difficult) I understand that we may learn more about this in another section later in the book, but the lecture briefly mentioned the differences of the ElGamal and RSA system signature scheme. The RSA is a message recovery scheme, and ElGamal is not? Why is it harder to retrieve the message m from the ElGamal system?
(Reflective) In the section talked about signing the hash of a message, I started thinking about the pros and cons of sign a hash as opposed to signing the original message. In most cases, a hash will be shorter, and thus is faster to sign. However, if hash functions are too small, they are more susceptible to brute force attacks. Is there a common size limit for hash functions today? Has this size limit changed over the years as technology and techniques have developed? How does the probability of finding two messages with the same hash function change if the messages are of a fixed length, or arbitrary long?
(Reflective) In the section talked about signing the hash of a message, I started thinking about the pros and cons of sign a hash as opposed to signing the original message. In most cases, a hash will be shorter, and thus is faster to sign. However, if hash functions are too small, they are more susceptible to brute force attacks. Is there a common size limit for hash functions today? Has this size limit changed over the years as technology and techniques have developed? How does the probability of finding two messages with the same hash function change if the messages are of a fixed length, or arbitrary long?
Thursday, November 4, 2010
Section 8.4-8.5 and 8.7 due Nov. 5th
(Difficult) I have been curious about the birthday attack since it was first mentioned in a previous chapter, but i was somewhat confused by 8.4. The birthday attack seems quite amazing. The use of probability in cryptography is quite interesting, but I was a little disappointed when the birthday attack was compared with Baby Step, Giant Step. Both methods required roughly the same storage capacity and time to calculate, but the BSGS method is guaranteed, whereas the birthday attack will probably produce a solution. The birthday attacks seem effective on hash functions, but are there similar deterministic functions for finding collisions in hash functions?
(Reflective) I enjoyed section 8.7 on using hash functions to encrypt. Last week when we first talked about hash functions, it seemed a little odd we were discussing something which wasn't a cryptosystem in class. In reality, hash functions are not stand-alone cryptosystems, but can be used to add functionality to an existing cryptosystem. If I understand the example in the section correctly, this is another method in which we can generate the rest of the "pseudo-random" bytes even before receiving the first plaintext.
(Reflective) I enjoyed section 8.7 on using hash functions to encrypt. Last week when we first talked about hash functions, it seemed a little odd we were discussing something which wasn't a cryptosystem in class. In reality, hash functions are not stand-alone cryptosystems, but can be used to add functionality to an existing cryptosystem. If I understand the example in the section correctly, this is another method in which we can generate the rest of the "pseudo-random" bytes even before receiving the first plaintext.
Tuesday, November 2, 2010
Sections 8.1 and 8.2 due Nov. 3rd
(Difficult) I am having a hard time understanding what has functions are used for. I know the lecture mentioned using them for digital signatures, and error checking, but there really is no decryption involved, right? Everything we have dealt with so far has had an inverse function, even in the case of RSA where the inverse is difficult to find without the prime p and q, there still existed an inverse function of some sort. Are there hash functions with no inverse function at all?
(Reflective) I found the data integrity application of hash functions to be quite interesting. This is a clever way to prevent Eve from modifying a message en route to Bob. I was curious though, one thing Eve could do is create her own message, run it through the hash function (if she knows the function), and send m and H(m). Are hash functions used in conjunction with other cryptographic systems? It seems there would be some other method needed to verify who the message was sent from. I understand we are just introducing hash functions now, but I hope at some time in the class we will have a chance to see how various cryptosystems might be used together in a real-world application.
(Reflective) I found the data integrity application of hash functions to be quite interesting. This is a clever way to prevent Eve from modifying a message en route to Bob. I was curious though, one thing Eve could do is create her own message, run it through the hash function (if she knows the function), and send m and H(m). Are hash functions used in conjunction with other cryptographic systems? It seems there would be some other method needed to verify who the message was sent from. I understand we are just introducing hash functions now, but I hope at some time in the class we will have a chance to see how various cryptosystems might be used together in a real-world application.
Subscribe to:
Posts (Atom)