The.Algorithm.Design.Manual.Springer-Verlag.1998
The.Algorithm.Design.Manual.Springer-Verlag.1998 The.Algorithm.Design.Manual.Springer-Verlag.1998
Cryptography RSA. ● Data Encryption Standard (DES) - This algorithm is based on repeatedly shuffling the bits of your text as governed by the key. The standard key length for DES (56 bits) is now considered too short for applications requiring the highest level of security. However, a simple variant called triple DES permits an effective key length of 112 bits by using three rounds of DES with two 56bit keys. In particular, first encrypt with key1, then decrypt with key2, before finally encrypting with key1. There is a mathematical reason for using three rounds instead of two, and the encryptdecrypt-encrypt pattern is used so that the scheme is equivalent to single DES when key1 = key2. ● Rivest-Shamir-Adelman (RSA) - RSA is a public key cryptosystem, meaning that different keys are used to encode and decode messages. Since the encoding key is of no help in decoding, it can be made public at no risk to security. The security of RSA is based on the difference in the computational complexity of factoring and primality testing (see Section ). Encoding is (relatively) fast because it relies on primality testing to construct the key, while the hardness of decryption follows from that of factoring. Still, RSA is slow relative to other cryptosystems, roughly 100 to 1,000 times slower than DES. The key issue in selecting a cryptosystem is identifying your paranoia level, i.e. deciding how much security you need. Who are you trying to stop from reading your stuff: your grandmother, local thieves, the Mafia, or the NSA? If you can use an accepted implementation of RSA, such as PGP discussed below, you should feel safe against just about anybody. If there is an implementation of DES on your machine, that will likely be good enough for most applications. For example, I use DES to encrypt my final exam each semester, and it proved more than sufficient the time an ambitious student broke into my office looking for it. If the NSA had been breaking in, the story might have been different, although even here it is important to understand that the most serious security holes are human, not algorithmic. Making sure your password is long enough, hard to guess, and not written down is far more important than obsessing about the encryption algorithm. Simple ciphers like the Caesar shift are fun and easy to program. For this reason, it is perhaps healthy to use them for applications needing only a casual level of security (such as hiding the punchlines of jokes). Since they are easy to break, they should never be used for serious security applications. One thing that you should never do is mess around with developing your own novel cryptosystem. The security of DES and RSA is accepted largely because these systems have both survived over twenty years of public scrutiny. Over this period, many other cryptosystems have been proposed, proven vulnerable to attack, and then abandoned. This is not a field for amateurs. If you are charged with implementing a cryptosystem, carefully study a respected program such as PGP (discussed below) to see how its author, Philip Zimmermann, skillfully handled such issues as key selection and key distribution. A cryptosystem is as strong as its weakest link. There are several problems related to cryptography that arise often in practice: file:///E|/BOOK/BOOK5/NODE206.HTM (2 of 5) [19/1/2003 1:32:13]
Cryptography ● How can I validate the integrity of data against corruption? - In any communications application, there is need to validate that the transmitted data is identical to that which has been received. One solution is for the received to transmit the data back to the source and have the original sender confirm that the two texts are identical. This fails when the exact inverse of an error is made in the retransmission, but a more serious problem is that your available bandwidth is cut in half with such a scheme. A more efficient if less reliable method is to use a checksum, a simple mathematical function that hashes a long text down to a simple number or digit, and then transmit the checksum along with the text. The checksum can be recomputed on the receiving end and bells set off if the computed checksum is not identical to what was received. Perhaps the simplest checksum scheme just adds up the byte or character values and takes the sum modulo some constant, say . Unfortunately, an error transposing two or more characters would go undetected under such a scheme, since addition is commutative. Cyclic-redundancy check (CRC) provides a more powerful method for computing checksums and is used in most communications systems and internally in computers to validate disk drive transfers. These codes compute the remainder in the ratio of two polynomials, the numerator of which is a function of the input text. The design of these polynomials involves considerable mathematical sophistication and ensures that all reasonable errors are detected. The details of efficient computation are complicated enough that we recommend that you start from an existing implementation, described below. ● How can I prove that a file has not been changed? - If I send you a contract in electronic form, what is to stop you from editing the file and then claiming that your version was what we had really agreed to? I need a way to prove that any modification to a document is fraudulent. Digital signatures are a cryptographic way for me to stamp my document as genuine. Given a file, I can compute a checksum for it, and then encrypt this checksum using my own private key. I send you the file and the encrypted checksum. You can now edit the file, but to fool the judge you must also edit the encrypted checksum such that it can be decrypted to the correct checksum. With a suitably good checksum function, designing a file that yields the same checksum becomes an insurmountable problem. ● How can I prove that I am me? - Authentication is the process of one party convincing another that they are who they say they are. The historical solutions have involved passwords or keys, so I prove that I am who I say I am because I know my credit card number or carry an ID card. The problem with such schemes is that anyone who eavesdrops on this conversation or who steals my physical key can now successfully impersonate me. What we need is some way for me to convince you that I know my key, without actually telling you the key. One such method to do so is for you to send me a random number or text, and I use my key to encrypt your text and send it back to you. If you then decrypt this text and compare it to the message you sent me, you gain confidence that I am who I say I am. We can repeat this exercise on several random texts until sufficient authentication has been agreed upon. If we use a file:///E|/BOOK/BOOK5/NODE206.HTM (3 of 5) [19/1/2003 1:32:13]
- Page 589 and 590: Bin Packing Next: Medial-Axis Trans
- Page 591 and 592: Bin Packing approach for general sh
- Page 593 and 594: Medial-Axis Transformation Next: Po
- Page 595 and 596: Medial-Axis Transformation Implemen
- Page 597 and 598: Polygon Partitioning number of piec
- Page 599 and 600: Simplifying Polygons Next: Shape Si
- Page 601 and 602: Simplifying Polygons vertices and o
- Page 603 and 604: Shape Similarity Next: Motion Plann
- Page 605 and 606: Shape Similarity or how close it is
- Page 607 and 608: Motion Planning There is a wide ran
- Page 609 and 610: Motion Planning often arise in the
- Page 611 and 612: Maintaining Line Arrangements Think
- Page 613 and 614: Maintaining Line Arrangements Next:
- Page 615 and 616: Minkowski Sum where x+y is the vect
- Page 617 and 618: Set and String Problems Next: Set C
- Page 619 and 620: Set Cover Next: Set Packing Up: Set
- Page 621 and 622: Set Cover Figure: Hitting set is du
- Page 623 and 624: Set Packing Next: String Matching U
- Page 625 and 626: Set Packing Notes: An excellent exp
- Page 627 and 628: String Matching shouldn't try. Furt
- Page 629 and 630: String Matching and texts, I recomm
- Page 631 and 632: Approximate String Matching This sa
- Page 633 and 634: Approximate String Matching http://
- Page 635 and 636: Text Compression Next: Cryptography
- Page 637 and 638: Text Compression code string. ASCII
- Page 639: Cryptography Next: Finite State Mac
- Page 643 and 644: Cryptography MD5 [Riv92] is the sec
- Page 645 and 646: Finite State Machine Minimization F
- Page 647 and 648: Finite State Machine Minimization S
- Page 649 and 650: Longest Common Substring than edit
- Page 651 and 652: Longest Common Substring include [A
- Page 653 and 654: Shortest Common Superstring Finding
- Page 655 and 656: Software systems Next: LEDA Up: Alg
- Page 657 and 658: LEDA Next: Netlib Up: Software syst
- Page 659 and 660: Netlib Algorithms Mon Jun 2 23:33:5
- Page 661 and 662: The Stanford GraphBase Next: Combin
- Page 663 and 664: Algorithm Animations with XTango Ne
- Page 665 and 666: Programs from Books Next: Discrete
- Page 667 and 668: Handbook of Data Structures and Alg
- Page 669 and 670: Algorithms from P to NP Next: Compu
- Page 671 and 672: Algorithms in C++ Next: Data Source
- Page 673 and 674: Textbooks Next: On-Line Resources U
- Page 675 and 676: On-Line Resources Next: Literature
- Page 677 and 678: People Next: Software Up: On-Line R
- Page 679 and 680: Professional Consulting Services Ne
- Page 681 and 682: Index A Up: Index - All Index: A ab
- Page 683 and 684: Index A artists steal ASA ASCII asp
- Page 685 and 686: Index B binary representation - sub
- Page 687 and 688: Index C Up: Index - All Index: C C+
- Page 689 and 690: Index C clustering , , co-NP coding
Cryptography<br />
● How can I validate the integrity of data against corruption? - In any communications<br />
application, there is need to validate that the transmitted data is identical to that which has been<br />
received. One solution is for the received to transmit the data back to the source and have the<br />
original sender confirm that the two texts are identical. This fails when the exact inverse of an<br />
error is made in the retransmission, but a more serious problem is that your available bandwidth is<br />
cut in half with such a scheme.<br />
A more efficient if less reliable method is to use a checksum, a simple mathematical function that<br />
hashes a long text down to a simple number or digit, and then transmit the checksum along with<br />
the text. <strong>The</strong> checksum can be recomputed on the receiving end and bells set off if the computed<br />
checksum is not identical to what was received. Perhaps the simplest checksum scheme just adds<br />
up the byte or character values and takes the sum modulo some constant, say .<br />
Unfortunately, an error transposing two or more characters would go undetected under such a<br />
scheme, since addition is commutative.<br />
Cyclic-redundancy check (CRC) provides a more powerful method for computing checksums<br />
and is used in most communications systems and internally in computers to validate disk drive<br />
transfers. <strong>The</strong>se codes compute the remainder in the ratio of two polynomials, the numerator of<br />
which is a function of the input text. <strong>The</strong> design of these polynomials involves considerable<br />
mathematical sophistication and ensures that all reasonable errors are detected. <strong>The</strong> details of<br />
efficient computation are complicated enough that we recommend that you start from an existing<br />
implementation, described below.<br />
● How can I prove that a file has not been changed? - If I send you a contract in electronic form,<br />
what is to stop you from editing the file and then claiming that your version was what we had<br />
really agreed to? I need a way to prove that any modification to a document is fraudulent. Digital<br />
signatures are a cryptographic way for me to stamp my document as genuine.<br />
Given a file, I can compute a checksum for it, and then encrypt this checksum using my own<br />
private key. I send you the file and the encrypted checksum. You can now edit the file, but to fool<br />
the judge you must also edit the encrypted checksum such that it can be decrypted to the correct<br />
checksum. With a suitably good checksum function, designing a file that yields the same<br />
checksum becomes an insurmountable problem.<br />
● How can I prove that I am me? - Authentication is the process of one party convincing another<br />
that they are who they say they are. <strong>The</strong> historical solutions have involved passwords or keys, so I<br />
prove that I am who I say I am because I know my credit card number or carry an ID card. <strong>The</strong><br />
problem with such schemes is that anyone who eavesdrops on this conversation or who steals my<br />
physical key can now successfully impersonate me.<br />
What we need is some way for me to convince you that I know my key, without actually telling<br />
you the key. One such method to do so is for you to send me a random number or text, and I use<br />
my key to encrypt your text and send it back to you. If you then decrypt this text and compare it to<br />
the message you sent me, you gain confidence that I am who I say I am. We can repeat this<br />
exercise on several random texts until sufficient authentication has been agreed upon. If we use a<br />
file:///E|/BOOK/BOOK5/NODE206.HTM (3 of 5) [19/1/2003 1:32:13]