Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming...
Transcript of Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming...
![Page 1: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/1.jpg)
Dan Boneh
Introduction
Course Overview
Online Cryptography Course Dan Boneh
![Page 2: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/2.jpg)
Dan Boneh
Welcome
Course objectives:
• Learn how crypto primitives work
• Learn how to use them correctly and reason about security
My recommendations:
• Take notes
• Pause video frequently to think about the material
• Answer the in-video questions
![Page 3: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/3.jpg)
Dan Boneh
Cryptography is everywhere
Secure communication: – web traffic: HTTPS
– wireless traffic: 802.11i WPA2 (and WEP), GSM, Bluetooth
Encrypting files on disk: EFS, TrueCrypt
Content protection (e.g. DVD, Blu-ray): CSS, AACS
User authentication
… and much much more
![Page 4: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/4.jpg)
Dan Boneh
Secure communication
no eavesdropping no tampering
![Page 5: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/5.jpg)
Dan Boneh
Secure Sockets Layer / TLS
Two main parts
1. Handshake Protocol: Establish shared secret key using public-key cryptography (2nd part of course)
2. Record Layer: Transmit data using shared secret key
Ensure confidentiality and integrity (1st part of course)
![Page 6: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/6.jpg)
Dan Boneh
Protected files on disk
Disk
File 1
File 2
Alice Alice
No eavesdropping No tampering
Analogous to secure communication: Alice today sends a message to Alice tomorrow
![Page 7: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/7.jpg)
Dan Boneh
Building block: sym. encryption
E, D: cipher k: secret key (e.g. 128 bits)
m, c: plaintext, ciphertext
Encryption algorithm is publicly known
• Never use a proprietary cipher
Alice
E m E(k,m)=c
Bob
D c D(k,c)=m
k k
![Page 8: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/8.jpg)
Dan Boneh
Use Cases Single use key: (one time key)
• Key is only used to encrypt one message
• encrypted email: new key generated for every email
Multi use key: (many time key)
• Key used to encrypt multiple messages
• encrypted files: same key used to encrypt many files
• Need more machinery than for one-time key
![Page 9: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/9.jpg)
Dan Boneh
Things to remember Cryptography is:
– A tremendous tool
– The basis for many security mechanisms
Cryptography is not:
– The solution to all security problems
– Reliable unless implemented and used properly
– Something you should try to invent yourself • many many examples of broken ad-hoc designs
![Page 10: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/10.jpg)
Dan Boneh
End of Segment
![Page 11: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/11.jpg)
Dan Boneh
Introduction
What is cryptography?
Online Cryptography Course Dan Boneh
![Page 12: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/12.jpg)
Dan Boneh
Crypto core
Secret key establishment:
Secure communication:
attacker???
k k
confidentiality and integrity
m1
m2
Alice Bob
Talking to Alice
Talking to Bob
![Page 13: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/13.jpg)
Dan Boneh
But crypto can do much more
• Digital signatures
• Anonymous communication Alice
signature
Alice
Who did I just talk to?
Bob
![Page 14: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/14.jpg)
Dan Boneh
Alice
But crypto can do much more
• Digital signatures
• Anonymous communication
• Anonymous digital cash – Can I spend a “digital coin” without anyone knowing who I am?
– How to prevent double spending? Who was
that? Internet 1$
(anon. comm.)
![Page 15: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/15.jpg)
Dan Boneh
Protocols
• Elections
• Private auctions
![Page 16: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/16.jpg)
Dan Boneh
Protocols
• Elections
• Private auctions
• Secure multi-party computation
Goal: compute f(x1, x2, x3, x4) “Thm:” anything that can done with trusted auth. can also be done without
trusted authority
![Page 17: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/17.jpg)
Dan Boneh
Crypto magic
• Privately outsourcing computation
• Zero knowledge (proof of knowledge)
Alice
search query
What did she search for?
results
I know the factors of N !!
proof π
???
E[ query ]
E[ results ]
Alice N=p∙q Bob
N
![Page 18: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/18.jpg)
Dan Boneh
A rigorous science
The three steps in cryptography:
• Precisely specify threat model
• Propose a construction
• Prove that breaking construction under threat mode will solve an underlying hard problem
![Page 19: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/19.jpg)
Dan Boneh
End of Segment
![Page 20: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/20.jpg)
Dan Boneh
Introduction
History
Online Cryptography Course Dan Boneh
![Page 21: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/21.jpg)
Dan Boneh
History
David Kahn, “The code breakers” (1996)
![Page 22: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/22.jpg)
Dan Boneh
Symmetric Ciphers
![Page 23: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/23.jpg)
Dan Boneh
Few Historic Examples (all badly broken)
1. Substitution cipher
k :=
![Page 24: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/24.jpg)
Dan Boneh
Caesar Cipher (no key)
![Page 25: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/25.jpg)
Dan Boneh
What is the size of key space in the substitution cipher assuming 26 letters?
![Page 26: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/26.jpg)
Dan Boneh
How to break a substitution cipher?
What is the most common letter in English text?
“X”
“L”
“E”
“H”
![Page 27: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/27.jpg)
Dan Boneh
How to break a substitution cipher?
(1) Use frequency of English letters
(2) Use frequency of pairs of letters (digrams)
![Page 28: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/28.jpg)
Dan Boneh
An Example UKBYBIPOUZBCUFEEBORUKBYBHOBBRFESPVKBWFOFERVNBCVBZPRUBOFERVNBCVBPCYYFVUFOFEIKNWFRFIKJNUPWRFIPOUNVNIPUBRNCUKBEFWWFDNCHXCYBOHOPYXPUBNCUBOYNRVNIWNCPOJIOFHOPZRVFZIXUBORJRUBZRBCHNCBBONCHRJZSFWNVRJRUBZRPCYZPUKBZPUNVPWPCYVFZIXUPUNFCPWRVNBCVBRPYYNUNFCPWWJUKBYBIPOUZBCUIPOUNVNIPUBRNCHOPYXPUBNCUBOYNRVNIWNCPOJIOFHOPZRNCRVNBCUNENVVFZIXUNCHPCYVFZIXUPUNFCPWZPUKBZPUNVR
B 36
N 34
U 33
P 32
C 26
E
T A
NC 11
PU 10
UB 10
UN 9
IN AT
UKB 6
RVN 6
FZI 4
THE
digrams
trigrams
![Page 29: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/29.jpg)
Dan Boneh
2. Vigener cipher (16’th century, Rome)
k = C R Y P T O C R Y P T O
m = W H A T A N I C E D A Y T O D A Y
C R Y P T (+ mod 26)
c = Z Z Z J U C L U D T U N W G C Q S
suppose most common = “H” first letter of key = “H” – “E” = “C”
![Page 30: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/30.jpg)
Dan Boneh
3. Rotor Machines (1870-1943)
Early example: the Hebern machine (single rotor)
A B C . . X Y Z
K S T . . R N E
E K S T . . R N
N E K S T . . R key
![Page 31: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/31.jpg)
Dan Boneh
Rotor Machines (cont.)
Most famous: the Enigma (3-5 rotors)
# keys = 264 = 218 (actually 236 due to plugboard)
![Page 32: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/32.jpg)
Dan Boneh
4. Data Encryption Standard (1974)
DES: # keys = 256 , block size = 64 bits
Today: AES (2001), Salsa20 (2008) (and many others)
![Page 33: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/33.jpg)
Dan Boneh
End of Segment
![Page 34: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/34.jpg)
Dan Boneh
Introduction
Discrete Probability (crash course, cont.)
Online Cryptography Course Dan Boneh
See also: http://en.wikibooks.org/High_School_Mathematics_Extensions/Discrete_Probability
![Page 35: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/35.jpg)
Dan Boneh
U: finite set (e.g. U = {0,1}n )
Def: Probability distribution P over U is a function P: U ⟶ [0,1]
such that Σ P(x) = 1
Examples:
1. Uniform distribution: for all x∈U: P(x) = 1/|U|
2. Point distribution at x0: P(x0) = 1, ∀x≠x0: P(x) = 0
Distribution vector: ( P(000), P(001), P(010), … , P(111) )
x∈U
![Page 36: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/36.jpg)
Dan Boneh
Events
• For a set A ⊆ U: Pr[A] = Σ P(x) ∈ [0,1]
• The set A is called an event
Example: U = {0,1}8
• A = { all x in U such that lsb2(x)=11 } ⊆ U
for the uniform distribution on {0,1}8 : Pr[A] = 1/4
x∈A
note: Pr[U]=1
![Page 37: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/37.jpg)
Dan Boneh
The union bound
• For events A1 and A2
Pr[ A1 ∪ A2 ] ≤ Pr[A1] + Pr[A2]
Example:
A1 = { all x in {0,1}n s.t lsb2(x)=11 } ; A2 = { all x in {0,1}n s.t. msb2(x)=11 }
Pr[ lsb2(x)=11 or msb2(x)=11 ] = Pr[A1∪A2] ≤ ¼+¼ = ½
A1 A2
![Page 38: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/38.jpg)
Dan Boneh
Random Variables Def: a random variable X is a function X:U⟶V
Example: X: {0,1}n ⟶ {0,1} ; X(y) = lsb(y) ∈{0,1}
For the uniform distribution on U:
Pr[ X=0 ] = 1/2 , Pr[ X=1 ] = 1/2
More generally:
rand. var. X induces a distribution on V: Pr[ X=v ] := Pr[ X-1(v) ]
lsb=1
0
1
lsb=0
U V
![Page 39: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/39.jpg)
Dan Boneh
The uniform random variable
Let U be some set, e.g. U = {0,1}n
We write r ⟵ U to denote a uniform random variable over U
for all a∈U: Pr[ r = a ] = 1/|U|
( formally, r is the identity function: r(x)=x for all x∈U )
R
![Page 40: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/40.jpg)
Dan Boneh
Let r be a uniform random variable on {0,1}2
Define the random variable X = r1 + r2 Then Pr[X=2] = ¼
Hint: Pr[X=2] = Pr[ r=11 ]
![Page 41: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/41.jpg)
Dan Boneh
Randomized algorithms
• Deterministic algorithm: y ⟵ A(m)
• Randomized algorithm
y ⟵ A( m ; r ) where r ⟵ {0,1}n
output is a random variable
y ⟵ A( m )
Example: A(m ; k) = E(k, m) , y ⟵ A( m )
A(m) m
inputs outputs
A(m) m R
R
R
![Page 42: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/42.jpg)
Dan Boneh
End of Segment
![Page 43: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/43.jpg)
Dan Boneh
Introduction
Discrete Probability (crash course, cont.)
Online Cryptography Course Dan Boneh
See also: http://en.wikibooks.org/High_School_Mathematics_Extensions/Discrete_Probability
![Page 44: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/44.jpg)
Dan Boneh
Recap
U: finite set (e.g. U = {0,1}n )
Prob. distr. P over U is a function P: U ⟶ [0,1] s.t. Σ P(x) = 1
A ⊆ U is called an event and Pr[A] = Σ P(x) ∈ [0,1]
A random variable is a function X:U⟶V .
X takes values in V and defines a distribution on V
x∈U
x∈A
![Page 45: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/45.jpg)
Dan Boneh
Independence
Def: events A and B are independent if Pr[ A and B ] = Pr*A+ ∙ Pr[B]
random variables X,Y taking values in V are independent if
∀a,b∈V: Pr[ X=a and Y=b] = Pr[X=a] ∙ Pr[Y=b]
Example: U = {0,1}2 = {00, 01, 10, 11} and r ⟵ U
Define r.v. X and Y as: X = lsb(r) , Y = msb(r)
Pr[ X=0 and Y=0 ] = Pr[ r=00 ] = ¼ = Pr[X=0] ∙ Pr[Y=0]
R
![Page 46: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/46.jpg)
Dan Boneh
Review: XOR
XOR of two strings in {0,1}n is their bit-wise addition mod 2
0 1 1 0 1 1 1
1 0 1 1 0 1 0 ⊕
![Page 47: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/47.jpg)
Dan Boneh
An important property of XOR
Thm: Y a rand. var. over {0,1}n , X an indep. uniform var. on {0,1}n
Then Z := Y⨁X is uniform var. on {0,1}n
Proof: (for n=1)
Pr[ Z=0 ] =
![Page 48: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/48.jpg)
Dan Boneh
The birthday paradox
Let r1, …, rn ∈ U be indep. identically distributed random vars.
Thm: when n= 1.2 × |U|1/2 then Pr[ ∃i≠j: ri = rj ] ≥ ½
Example: Let U = {0,1}128
After sampling about 264 random messages from U,
some two sampled messages will likely be the same
notation: |U| is the size of U
![Page 49: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/49.jpg)
Dan Boneh
|U|=106
# samples n
colli
sio
n p
rob
abili
ty
![Page 50: Introduction to Programming - Stanford Universitydabo/courses/Online...Introduction to Programming Author: OpenClassroom Created Date: 6/8/2012 1:10:26 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022052310/5f0cff5b7e708231d4382af0/html5/thumbnails/50.jpg)
Dan Boneh
End of Segment