Views
5 years ago

x - Faculty of Computer Science - Technische Universität Dresden

x - Faculty of Computer Science - Technische Universität Dresden

Limits: Symmetric

Limits: Symmetric authentication systems (3) �-bit-MAC � error probability � 2 -� (guess MAC) �-bit-key � error probability � 2 -� (guess key, calculate MAC) still clear: for an error probability of 2 -� , a �-bit-key is too short, because k(x) = MAC eliminates many values of k. Theorem: you need 2�-bit-key (for succeeding messages � bits suffice, if recipient adequately responds on authentication “errors”) Possible at present: � 4� • log 2(length(x)) (Wegman, Carter) much shorter as one-time pad 161

About cryptographically strong systems (1) Mathematical secrets: (to decrypt, to sign ...) p, q, prime numbers Public part of key-pair: (to encrypt, to test ...) n = p • q p, q big, at present � l = 500 up to 2000 bit (theory : l � � ) Often: special property p � q � 3 mod 4 (the semantics of “� ... mod” is: a � b mod c iff c divides a-b, 162 putting it another way: dividing a and b by c leaves the same remainder)