Farewell (For Now)

Loading...

Из курса от партнера Stanford University

Cryptography I

2061 оценки

Stanford University

Cryptography I

2061 оценки

Cryptography is an indispensable tool for protecting information in computer systems. In this course you will learn the inner workings of cryptographic systems and how to correctly use them in real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two parties generate a shared secret key. Throughout the course participants will be exposed to many exciting open problems in the field and work on fun (optional) programming projects. In a second course (Crypto II) we will cover more advanced cryptographic tasks such as zero-knowledge, privacy mechanisms, and other forms of encryption.

Из урока

Public-Key Encryption

Week 6. This week's topic is public key encryption: how to encrypt using a public key and decrypt using a secret key. Public key encryption is used for key management in encrypted file systems, in encrypted messaging systems, and for many other tasks. The videos cover two families of public key encryption systems: one based on trapdoor functions (RSA in particular) and the other based on the Diffie-Hellman protocol. We construct systems that are secure against tampering, also known as chosen ciphertext security (CCA security). There has been a ton of research on CCA security over the past decade and given the allotted time we can only summarize the main results from the last few years. The lectures contain suggestions for further readings for those interested in learning more about CCA secure public-key systems. The problem set this week involves a bit more math than usual, but should expand your understanding of public-key encryption. Please don't be shy about posting questions in the forum. This is the last week of this Crypto I course. I hope everyone learned a lot and enjoyed the material. Crypto is a beautiful topic with lots of open problems and room for further research. I look forward to seeing you in Crypto II where we will cover additional core topics and a few more advanced topics.

A Unifying Theme11:44

Farewell (For Now)5:19

Познакомьтесь с преподавателями

Dan Boneh
Professor
Computer Science

This brings us to the end of the six weeks course. I had a lot of fun teaching this

course and I hope you enjoyed it too. I really love this material and I always

enjoy teaching it. Before we say our farewells, please do a quick review of the

topics that we discussed and see what's left to cover. So here's a brief diagram

of the primitive that we discussed in the class. If you remember in week one we

started off by discussing pseudorandom generators and stream ciphers. In week two

we talked about block ciphers and we said that the right way to think about block

cipher is as pseudorandom permutations and pseudorandom functions. We said that using

counter mode we can convert a block cipher into a PRG. And we said that using the GGM

construction. We can construct block ciphers from pseudorandom generators. Then

in week three, we talked about data integrity. In particular, we talked about

MACs and we looked at various constructions of MACs from pseudorandom

functions like the CMAC, the HMAC, the PMAC constructions and so on. We also

discussed collision resistance and we said that collision resistance can be used for

data integrity where one has access to read-only memory. Basically, you would

hash the data using a collision resistance hash function; write the hash into

read-only memory. And then later, when you want to verify authenticity of your data,

you just compare its hash to whatever is written in read-only memory. Then in week 4

we talked about how to combine integrity and confidentiality, in particular we

kinda talk about to combine encryption and MACs to build what we called Authenticated

Encryption and I told you that really in practice, the only foremost Symmetric

Encryption that you're allowed to use is Authenticated Encryption. Basically,

encryption that's only secure against eavesdropping attacks is not generally

secure, you must always also guard against tampering and as a result, you should only

be using Authenticated Encryption modes to do Symmetric Encryption. So that was the

end of week four. And then for weeks five and six, we switched topics and talked

about key exchange and public key encryption. In particular, in week five we talked

about Trapdoor Functions and the Diffie-Hellman Protocol [within??] the

Mathematics that are necessary to explain how those things work. And then in week

six we talked about how public key encryption can be built from trapdoor functions and,

the Diffie-Hellman Protocol. I wanna emphasize that the key exchange protocols

that we saw in week five are only secure against eavesdropping and should never be

used in practice. In fact in week eight we're gonna see authenticated key exchange

protocols and those are the ones that are actually used in the wild for example in

SSL and other protocols like that. But, the ones that we saw in week five should

never actually be deployed in the real world. The only reason we looked at those

simple key exchange mechanisms was as motivation for trapdoor functions and

Diffie-Hellman groups. Now as you know there are four more weeks to the full crypto

course which we're gonna do at a later time. In week seven we're gonna talk about

digital signatures and how to authenticate data in a way that anyone can verify that

the data is authentic. Then we're gonna talk about authenticated key exchanges as

I said then we're gonna talk about user authentication, how to manage passwords,

one time passwords, challenge-response protocols. Then we'll talk about various

privacy mechanisms. How to authenticate yourself without revealing where you are,

How to sign in a way it doesn't reveal who you are and so on and so forth. And in this part

of the building blocks for some of these mechanisms, actually, we'll talk about

zero-knowledge protocols which is kind of a general purpose tool that's used very

widely in cryptography. But let's just say that crypto goes way beyond this core

topics and in fact, there are many, many more topics that I would love to tell you

about if there was enough time. So I made this kind of a short list here and this isn't

even an exhaustive list. There are many other things that I would like to tell you

about and so if there's enough demand, I might even run an advanced crypto class

which is usually what I do for graduate students which would cover these more

advanced topics but that would actually take place sometime next year so stay

tuned and I will send announcements on when that's coming. So my final words of

course remember my main message from this class. And that crypto is a tremendous

tool but you should always be careful when you use it. If you implement crypto

incorrectly, the system will work perfectly fine. It would be no way to

tell that anything is wrong except when attacker is trying to attack the system,

it might be easily breakable. And so crypto is one of these things where a

little bit of knowledge is quite dangerous. It's quite important to make

sure you get the implementation correctly and one way to do that is to make sure

that always other people review your code and your designs to find any bugs in the

crypto implementation or even more general bugs in the system design. And finally

I'll leave you with these parting words, that you should never ever invent your own

ciphers or your own modes and you should never even implement your own ciphers or

your own modes. Try to stick to the standards as much as possible. Try to

stick to standard implementations of those algorithms as much as possible and if you

have to deviate from that, then just make sure there's sufficient third party review

of what you've done. Okay, so I will say my farewell here. And let me say that

the final exam will be made available on week seven, basically, a week after the

week six lectures become public. The final exam will cover material for all six weeks

and it'll pretty much be the same format as the problem sets. I hope everybody will

do well in the exam and we will send certificates once all those course work is

complete and I hope to see you in the next iteration of this course whenever that's

made available. So farewell, and as always, please submit your comments and

suggestions on the forum. I read all of your posts and they're very, very helpful

in improving the course. Hope to see you in the fall.

Ознакомьтесь с нашим каталогом

Присоединяйтесь бесплатно и получайте персонализированные рекомендации, обновления и предложения.

Coursera делает лучшее в мире образование доступным каждому, предлагая онлайн-курсы от ведущих университетов и организаций.

© Coursera Inc., 2018 Все права защищены.

Загрузить из App Store

Загрузить в Google Play