For slides, a problem set and more on learning cryptography, visit www.crypto-textbook.com
Пікірлер: 90
@haydenmcparlane48248 жыл бұрын
I have to say, I really like these lectures. Thank you very much for providing them publicly for all of our benefit! I watch them all the way through and continue with the next...it's great! :-)
@dpraajz4 жыл бұрын
13:00 Finite Groups 32:55 Cyclic Groups 1:07:20 Fermat's Theorem
@rickmonarch45525 жыл бұрын
I like that when someone knows the details. Most of my teachers didn't really care about details.
@ozzyfromspace3 жыл бұрын
Kinda stumbled upon this, and just kept watching while I did the dishes 😅 Gotta say, this is perhaps the clearest explanation of the cyclic group structure that underpins the Diffie-Hellman Key Exchange algorithm. I hadn't appreciated abstract math in this context until literally right now. Also, I've known the math behind groups for years (mostly applied to the study of tensor calculus) but this is the first time I've ever seen them so effortlessly applied to cryptography! I'm a college dropout, so if I found your lectures easy to understand and deeply insightful, that's a strong sign that you really, really, know what you're doing! I think I need to look up your entire course now haha. Best wishes 🏆🙏🏽🎊 and thank you, again! 🙌🏽
@twtrap79994 ай бұрын
god made woman to wash dishes bro
@bagel44735 жыл бұрын
So much better than my graduate professor. My theory is different schools don't necessarily have students that are significantly more intelligent, but the better institutions have instructors who know how to communicate the information effectively. Thanks for being organized and clear!
@souvikbhattacharjee89843 жыл бұрын
I just love every time Prof. Paar says " surprise surprise " 😂😂
@mrmiki95177 жыл бұрын
Thanks Prof. Paar, you teach very well and helped me a lot to understand the cryptography basis!
@Alan-qb9qt3 жыл бұрын
Excellent tutorial! One thing to mention, Theorem 8.2.3 applies to all finite group, not just cyclic ones.
@joseluisfernandez59813 жыл бұрын
This lectures are gold. Thank you so much.
@hipsterkennyrogers90910 ай бұрын
We're 13 lectures in and I'm just now finally getting used to how he write the number "1".
@noureddinebouhaddaoui9982 жыл бұрын
I liked this lecture. You are really amazing professor. I will rediscover cryptography with after having given up 17 years ago.
@anuragsharma19536 жыл бұрын
Never seen such a nice explanation. You nailed it. Thanks for such a wonderful lecture ^_^
@b4kk3n4 жыл бұрын
You are an absolute Legend, professor Paar!
@bastianhuppertz81166 жыл бұрын
This is a really good way to get some deeper knowledge into Crypto.
@mr.shanegao3 жыл бұрын
Diffie-Hellman 0:15 Finite Groups 13:00 Cyclic groups 33:00 Cyclic groups properties 1:04:00
@PhuNguyen-bi7pi9 жыл бұрын
Thanks for all of your hard work. I'm not sure the video uploader are one of his student or himself :P
@ehhhhhhhhhh5 жыл бұрын
Awesome explanations. Thanks, professor!
@Stillshot102003 жыл бұрын
"Everyone wake? ..... One person doing Facebook. That's ok". All joking aside, awesome lecture. Cant thank you enough for the book and this content
@shankil29752 жыл бұрын
I liked that Facebook comment too. So casual yet drives home the point.
@totasalam70609 жыл бұрын
i love u prof .. thank you sooo much
@sameerchilmattur23384 жыл бұрын
Prof Paar is God of cryptography
@heinhtetsoe56682 жыл бұрын
Orange is your colour, looking too awesome for a professor.
@janbenes1029 Жыл бұрын
Amazing lecture
@gototcm8 жыл бұрын
In the public key exchange (12 minutes into lecture), Bob and Alice can select different P (prime) numbers but they must agree on a common alpha. How is this practically done? I suspect this has something to do with the generator G but it isn't clear how they agree on the same value.
@martinpattara7 жыл бұрын
Thanks Professor, Just wondering what will happen if the group is not cyclic, --- In that case , alpha will not be primitive element..But i assume still we have the DLP . Is it that brute-force attack will be easier?
@avrelyy10 жыл бұрын
Easy explanation of math. Thanks!
@omedmuhsin96787 жыл бұрын
thank you very much for every efforts ... it is appreciated time : 29:15 you say that 4*5 mod 9 = 6 i think is not it = 2 Omed.
@Axman67 жыл бұрын
OMED MUHSIN I believe the point is that, without the theorum discussed next, you might think it's possible that multiplying two elements in the set may not result in an element that is in the set - he wasn't stating that the result is 6, but that it could be.
@msaufy10 жыл бұрын
very very interesting!! thanks prof!
@shaund344 жыл бұрын
Some teachers make 80 minutes as gold.
@ITGuySam7 жыл бұрын
Hello Professor What is the difference between public key and dynamic public key? Is dynamic public key, a long term key and hard to guess? Regards
@abidahaque8536 жыл бұрын
I'm confused about whether cyclic group means "has a SINGLE generator" or "has a generator, maybe more than one". The order of $Z^*_p$ is (p-1), which is necessarily NOT a prime number, so it seems like you could break the discrete log problem more easily in this group.
@introductiontocryptography42236 жыл бұрын
You have a cyclic group if there is at least one generator. There is almost always more than one generator. The number of generators in a cyclic group with n elements is PHI(n), where PHI() is Euler's phi function. Regarding your other observation: Yes, in a group with p-1 elements one has to be a bit careful. What is done in practice is to choose a large subgroup within the (p-1) cyclic group which has a prime number of elements.That means: one looks at the prime factorization of (p-1) and hopes that it has one large prime factor p'. If that is not the case, try a different p and check whether the new (p-1) has a large prime factor. And so on until you'll find a (p-1) which has a large p' as factor. cheers
@abidahaque8536 жыл бұрын
Danke (I'm also learning German from your videos)! I was asking because for some things (like Pedersen commitments?) it seems really important to use a prime order group. I don't know why, though. The basic idea seems to be to make sure to use a group for which Diffie-Hellman and discrete logarithm are equivalently hard?
@slaozeren87423 жыл бұрын
Thank you Sir!
@SS-6057 жыл бұрын
Dear Professor, Is this possible that any Z*p group has no generator (or primitive element)?
@mosji17516 жыл бұрын
best lectrue ever
@steven41586 жыл бұрын
Hello from the last 2 questions. This question is more at the protocol level than the crypto level so if you feel it is inappropriate or needs to asked in a different venue I won't be insulted. Anyway my question has to do with Diffie Hellman ephemeral. As far as I can tell DHE - which replaced RSA as the cipher of choice in TLS 1.2 as ECDHE because of perfect forward secrecy - means generating a new asym private key each SSL session. Is that correct and if so does it means the session reuse and PFS are diametrically opposed concepts and to use session reuse (abbreviated SSL handshake) is a non-sequitur when the ephemeral ciphers are used.
@frankschneider61566 жыл бұрын
DH is not a cipher, but a just an algorithm for key exchange, usually for exchanging an AES session key which is used for symmetric encryption to speed things up -> hybrid cipher. Permanent RSA keys are used by the server within the server certificate for authentication to prevent MITM attacks (although mutual authentication would be preferable). You could of course also generate and exchange RSA session keys and exchange the public RSA session keys for encryption of the AES session key instead of using ECDH, but that's a lot more computationally intense (due to the differences in key length), so it's not being done. RSA key generation is incredibly slow, while ECDH is comparatively fast. That's why ECC is blooming as it is. It requires much shorter key-lengths to achieve an equivalent security level, than non-ECC asymmetric algorithms do. It's key length is as a rule of thumb on average just around twice that of AES. And yes, key re-use and perfect forward secrecy are diametrically opposed concepts. Whenever you re-use a key for more than one encryption session, more than one session becomes tainted if this key gets somehow into the hands of nasty individuals. Obvious, right ? So while key reuse for authentication (digital signature) is perfectly fine because it is a necessity, key-reuse for encryption is not. Key re-use is evil, so avoid it whenever possible.
@dafnecg58532 ай бұрын
where is subtitles?????????????
@mojtabakomeili8 жыл бұрын
When you are writing down the theorem 1:05:00, shouldn't be a " mod " in front of the expression. It makes it a bit confusing. I also noticed this was the same in the textbook. Should it be "mod p"?
@introductiontocryptography42238 жыл бұрын
+Mojtaba Komeili I know what you mean but, no, it is correct without the mod operator. Here is why: The two properties that I state hold for ANY cyclic group. The only cyclic group we have considered so far in the lecture is the specific cyclic group that you get when you do integer arithmetic mod p, p being a prime, i.e., prime fields. However, there are other cyclic groups which are NOT prime fields. An example is the cyclic group which is formed by an elliptic curve, cf. Lecture 16 and 17. I hope this helps, regards, christof
@mojtabakomeili8 жыл бұрын
OK, I see now. Thanks a lot, this clarified the matter for me.
@beback_7 жыл бұрын
Does Dr. Paar make any money out of this? Is there a Patreon page or anything?
@introductiontocryptography42237 жыл бұрын
No, the lectures are all open and free. My salary is paid by the (state) government :) If you want to support good teaching, people can buy the book by Jan and me on which the course is based. Thanks for asking, christof
@martovify6 жыл бұрын
you would be surprised. science does not usually pay that well.
@avinashsnie2 жыл бұрын
I have a doubt here. You know P and alpha in prior, you gets to know Public key A. Now, you can compute private key 'a' isnt it ? since formula is : A = alpha^a mod p ( we known alpha, A and P now). Someone please help here..I might be missing something.
@sarabwt Жыл бұрын
Z11* P = 8, what is the private key without generating the whole group? You can generate the group and you will find my key. Replace 11 with huge. Zhuge* P = 8 where huge = 2^3000 (a prime in that range somewhere). In theory, you could find my private key, but in practice, you won't, because the sun will explode before you will find it.
@praagyadhungel13578 ай бұрын
Can someone please explain how in the equation :- _a.a⁻¹ ≡ 1_ (mod n), a⁻¹ exists only if gcd(a,n) = 1? (24:00)
@introductiontocryptography42238 ай бұрын
It is a fundamental property of arithmetic modulo n that any element "a" from the set of {0,1,...,n-1} only has an inverse iff gcd(a,n) = 1 I do not give a proof but I talk about it in Lecture 2 of this series. Hope this help, christof
@praagyadhungel13578 ай бұрын
Thank you Professor@@introductiontocryptography4223
@lraae7 жыл бұрын
Errata: Abel was Norwegian! :)
@modato976 жыл бұрын
Erratum is the singular
@owenagnel41395 жыл бұрын
@@modato97 pfff latin-lover
@HimanshuSharma-um5jz Жыл бұрын
Can anyone pl explain 5^x = 41 mod 47? Where did 41 come from
@introductiontocryptography4223 Жыл бұрын
Good question :) The number 41 was just randomly picked from the multiplicative group Z_47, which has the elements {1, 2, ..., 46}. The equation 5^x = 41 mod 47 is used to show that even for such small numbers it is not straightforward to computer the discrete logarithm, i.e., to find the correct value for x. Hope this helps, christof
@hossamafifi78399 жыл бұрын
I really wish i was one of your students!!
@modato976 жыл бұрын
شد حيلك يا حوس
@msaufy10 жыл бұрын
prof, but in the definition says that ord(alpha) = |g|, but the |g| is 11, not 10. the maximum order here is 10, where we meet 1 for the first time.
@introductiontocryptography422310 жыл бұрын
We are only looking at the *multiplicative* group, denoted by Z*, which contains only the elements {1,2,...,10}. Note that 0 is not in the group since it does not have an inverse. Hence, |Z*| = 10. Cheers, Christof
@msaufy10 жыл бұрын
yes prof i got it. thanks. i am following all your lectures
@Nehmo4 жыл бұрын
14:45 "hand waving means to underhof (?)". What did he say in German?
@introductiontocryptography42234 жыл бұрын
"ungenau" which translates to "inaccurate", "imprecise" or "vague" :)
@Nehmo4 жыл бұрын
@@introductiontocryptography4223 I'm a born English speaker, and I do recognize English is a Germanic language. So the language lineage explains part of it. But that word actually *sounds* like it's meaning, inaccurate. There must be a language center in the brain that is independent of (or universal to) particular languages.
@GurleenKaur-ux2lr8 жыл бұрын
why is alpha between 2 to p-2?
@joefagan93358 жыл бұрын
can't be 0 or 1 cos 0^a = 0 always and 1^a = 1 always can't be p coz p^a congruent to 0 can't be p-1 coz that's congruent to -1 so -1^a is always 1 or -1 alpha can be any number not congruent to 0,1,p-1,p
@JoseRomero-wp4ij5 жыл бұрын
thanks
@noahderebe4 жыл бұрын
Answer to the last question: 15. (5**15)%47 equals 41
@roshanparajuli7 ай бұрын
It was this easy all along?!!
@aryansoriginals10 ай бұрын
made it to 1000 likes :)
@hernandezsara78257 жыл бұрын
But Oskar for example can figure out the private key from the public key because the public key is just a power of alpha and the private key. (public key = alpha ^ private key) And since the two parties exchange the public key, Oskar can figure out the private key. And if this is the case, then the algorithm is not secure.. Or maybe I am not understanding stuff correctly? Any answer would be highly appreciated.
@introductiontocryptography42237 жыл бұрын
No, the whole point of the crypto system is that Oscar can NOT compute the private key from the public key. This requires computation of the discrete logarithm which is a hard problem. regards, christof
@hernandezsara78257 жыл бұрын
Thank you very much for your answer. Actually, I realised this when I continued the entire video and by the end of it you explained the numbers are large so it is hard to compute that. Big applause for your lectures, they are very helpful in my course now :)
@ciscoWkchan8 жыл бұрын
time:1:19:00 the 5^x = 39 mod 47 will be a better example cause you wrote 41 like 47.
@introductiontocryptography42238 жыл бұрын
In Germany, the "one" is written with two strokes, whereas in the US (and The Netherlands and probably other countries as well) it is just a straight vertical line. The German "seven" are the two strokes of the one AND a small horizontal bar. Side note: For a while, I used the "US one" in my lecture (just a vertical line) but the German students complained :)
@ciscoWkchan8 жыл бұрын
use a different example. 39 instead of 41 then better. no complaint.
@nimrand7 жыл бұрын
Are you serious? Are you suggesting he should engineer all his examples to avoid writing 1s and 7s because students are confused by this difference of notation?
@slaozeren87423 жыл бұрын
@@introductiontocryptography4223 ahaha
@PolDellaiera7 жыл бұрын
Hi professor, If [Z*p] is a list ranged from 1 to p-1, excluding numbers where "$number mod p" is different of 1. Then, [Z*11] should be: {1, 3, 7, 9} right ? But in your video, at kzfaq.info/get/bejne/l8t_raV0x93chaM.html, you write that [Z*11] is {1,2,3,4,5,6,7,8,9,10}. Shouldn't it be [Z*12] ? Thanks.
@BloodyxScy7 жыл бұрын
11 is a prime, so the GCD(a, 11) with a element of [Z*11] is 1 for all a. While 12 will share GCDs higher than 1 with 2,3,4,6,8,9, so that group would be: [Z*12] = {1,5,7,10,11}.
@shameersheikh25222 жыл бұрын
Jani mere laggey parrey hain. Kuch kr.
@kenichimori85334 жыл бұрын
Cotwo.
@kenichimori85334 жыл бұрын
Diffie is Difflecultive.
@kenichimori85334 жыл бұрын
ccc.de
@kenichimori85334 жыл бұрын
Diffie-Hellman Key Exchange is Difficult math junction. Hacker