risk: eavesdropping data, manipulating data, impersonation
countermeasure: TLS protocol
Establish Communication -> Check Identity -> Agree on common secret key -> Encrypted Communication
后三个过程与Security有关
最常用:AES (Advanced Encryption Standard)
A secret key encryption scheme is composed of three sets: Key space , Message space , Ciphertext space , and three algorithms: Key generation Gen: Outputs a key ∈ , Encryption algorithm Enc: × → , Decryption algorithm Dec: K × C → M
Ensure the correctness: Dec(k, Enc(k,m))=m
Goal: Establish a common secret key between the two parties
Two approaches
A public key encryption scheme is composed of three sets: Key space , Message space , and Ciphertext space . Three algorithms: Key generation Gen:[Set of integers(这里的整数可改变security level)]→K that outputs a keypair (pk,sk), being a public key and a secret key, Encryption algorithm Enc: (pk, m) -> c, Decryption algorithm Dec: (sk, c) -> m
Correctness: For each message ∈ and each keypair (pk, s) ∈ , it holds that
Dec (sk, Enc(pk, m)) = m
为什么不直接使用Public Key Encryption Scheme对Message进行加密,而要用两种模式混合在一起?
因为Symmetric Key Encryption Scheme比Public Key Encryption Scheme更加高效,从长远来看可以更快加密Message。
A digital signature scheme is composed of three sets: Key space K, Message space M, and Signature space S(replace the Ciphertext space (the reason is that the digital signatures do not produce any encrypted messages but produce the signature) ). Three algorithms: Key generation Gen:[Set of integers] → K that outputs a keypair (pk, sk), being a public key and a secret key; Signature algorithm Sign: K × M → S, (sk, m) -> s; Verification algorithm Verify: K × M × S → {True, False}, (pk, m, s) -> {True, False}(decide whether, under this public key, the signature really belongs to the message or not)
Verify(pk, m, Sign(sk, m)) = True