Mercurial Mercurial > hg > sen-material / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
handouts/ho05.tex
changeset 486 f67c624d5fb9
parent 469 7d4aa41b748e
child 491 d2e522c2bfdf
equal deleted inserted replaced
482:73ca7e916739 486:f67c624d5fb9 
   305 such random numbers are often called \emph{nonce}. What is the
 
   305 such random numbers are often called \emph{nonce}. What is the
 
   306 purpose of this nonce? Well, if an attacker records $A$'s
 
   306 purpose of this nonce? Well, if an attacker records $A$'s
 
   307 answer, it will not make sense to replay this message, because
 
   307 answer, it will not make sense to replay this message, because
 
   308 next time this protocol is run, the nonce $B$ sends out will
 
   308 next time this protocol is run, the nonce $B$ sends out will
 
   309 be different. So if we run this protocol, what can $B$ infer?
 
   309 be different. So if we run this protocol, what can $B$ infer?
 
   310 It has send out an (unpredictable) nonce to $A$ and received
 
   310 It has sent out an (unpredictable) nonce to $A$ and received
 
   311 this challenge back, but encoded under the key $K_{AB}$. If
 
   311 this challenge back, but encoded under the key $K_{AB}$. If
 
   312 $B$ assumes only $A$ and $B$ know the key $K_{AB}$ and the
 
   312 $B$ assumes only $A$ and $B$ know the key $K_{AB}$ and the
 
   313 nonce is unpredictable, then $B$ is able to infer it must be
 
   313 nonce is unpredictable, then $B$ is able to infer it must be
 
   314 talking to $A$. Of course the implicit assumption on this
 
   314 talking to $A$. Of course the implicit assumption on this
 
   315 inference is that nobody else knows about the key $K_{AB}$
 
   315 inference is that nobody else knows about the key $K_{AB}$
 
   553 publish the key $K^{pub}$ which people can use to encrypt
 
   553 publish the key $K^{pub}$ which people can use to encrypt
 
   554 messages for me and I can use my private key $K^{priv}$ to be
 
   554 messages for me and I can use my private key $K^{priv}$ to be
 
   555 the only one that can decrypt them. While this sounds all
 
   555 the only one that can decrypt them. While this sounds all
 
   556 good, it relies on the ability that people can associate me
 
   556 good, it relies on the ability that people can associate me
 
   557 with my public key. That is not as trivial as it sounds. For
 
   557 with my public key. That is not as trivial as it sounds. For
 
   558 example, if I would be the government, say Cameron, and try to
 
   558 example, if I would be the government, say Theresa Mayhem, and try to
 
   559 find out who are the trouble makers in the country, I would
 
   559 find out who are the trouble makers in the country, I would
 
   560 publish an innocent looking webpage and say I am The Guardian
 
   560 publish an innocent looking webpage and say I am The Guardian
 
   561 newspaper (or alternatively The Sun for all the juicy
 
   561 newspaper (or alternatively The Sun for all the juicy
 
   562 stories), publish a public key on it, and then just wait for
 
   562 stories), publish a public key on it, and then just wait for
 
   563 incoming messages. 
   563 incoming messages.
sen-material