'Blockchain and Cryptocurrency' Subject @ Korea University, 2021
01. Syllabus
02. Blockchain Overview and Introduction - Technical Concepts of Blockchain Systems -
03. Blockchain's Theoretical Foundation, Cryptography
04. Bitcoin and Nakamoto Blockchain
05. Ethereum and Smart Contract
06. NFT and Metaverse
07. Cardano(ADA) and Other Altcoins
08. Dark Coins
09. Blockchain Usage Beyond Currency - Way to Design Good Blockchain Business Models -
44. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
What is Cryptoโs Goal?
Symmetric-key
ciphers:
๏งBlock ciphers
๏งStream ciphers
Public-key
ciphers
Cryptographic goals
Confidentiality Data integrity Authentication Non-repudiation
Message authentication
Entity authentication
Arbitrary length
hash functions
Message
Authentication
codes (MACs)
Digital signatures
Authentication
primitives
Digital signatures
MACs
Digital
signatures
(a.k.a. Data origin authentication)
44
45. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
๏ฎ Plaintext : the original message
๏ฎ Ciphertext : the coded message
๏ฎ Cipher : algorithm for transforming plaintext to
ciphertext
๏ฎ Key : information used in cipher known only to
sender/receiver
๏ฎ Encipher (Encrypt) : converting plaintext to
ciphertext
๏ฎ Decipher (Decrypt) : recovering plaintext from
ciphertext
๏ฎ Cryptanalysis : analyzing of encrypted without
legitimate access to the keys.
๏ฎ Brute Force Search : simply try every possible
key
Terminology
45
46. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
๏ฎ Classic (~ 1976/77)
๏ฎ BC 487 : Transposition Cipher, โScytaleโ
๏ฎ BC 300 : Steganography
๏ฎ BC 100 ~ BC 44 : Substitution Cipher, โCaesar
Cipherโ
๏ฎ 1883 : Kerckhoffs' Assumption
๏ฎ WW II :
๏ฎ โEnigmaโ and โTuring Machineโ for Cryptanalysis
๏ฎ 1949 : Perfect Secrecy (C.E.Shannon)
๏ฎ โConfusionโ and โDiffusionโ
Brief History
46
47. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
๏ฎ Modern (1976/77 ~ Today)
๏ฎ 1976 : Public-Key Cryptography (Diffie,
Hellman)
๏ฎ 1977 : Data Encryption Standard, DES (NIST)
๏ฎ 1978 : RSA (Rivest, Shamir, Adleman)
๏ฎ 1982/85 : Goldwasser presented 2
paradigms for firm foundations of
cryptography.
๏ฎ โIndistinguishabilityโ and โSimulatabilityโ
๏ฎ 1999 : SEED (KISA)
Brief History
47
59. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
๏ฎ Security) ๋จ์ ํ์ ์ํธ๋ ๋ฌธ์์ ๋น๋์
๋ฅผ ์ด์ฉํ ๊ณต๊ฒฉ์ ์ทจ์ฝ
Substitution Cipher (ๆๅญ ์ํธ)
0.127
0.091
0.082
0.075
0.070
0.067
0.063
0.061
0.060
0.043
0.040
0.028
0.028
0.024
0.023
0.022
0.020
0.020
0.019
0.015
0.010
0.008
0.002
0.001
0.001
0.001
0.000
0.020
0.040
0.060
0.080
0.100
0.120
0.140
E T A O I N S H RD L C UMWF G Y P B V K J Q X Z
59
67. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
๏ฎ The Father of Information Theory
๏ฎ Information Theory
๏ฎ Worked at MIT / Bell Labs
๏ฎ โThe Math. Theory of Communicationโ (1948)
๏ฎ Def. of the โbinary digitโ(bit) as a unit of info.
๏ฎ Def. of โentropyโ as a measure of info.
๏ฎ Cryptography
๏ฎ Model of a secrecy system
๏ฎ โCommunication Theory of Secrecy Systemsโ (1945, Bell
Labs memo, classified).
๏ฎ Def. of โperfect secrecyโ
๏ฎ Formulate the principles of โconfusionโ (standing for
substitution) and โdiffusionโ (standing for transposition)
Claude E. Shannon (1916~2001)
67
78. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
Initial Permutation
F
+
F
+
F
+
F
+
โฆ
Initial Permutation-1
(64)
(64)
(32)
(32)
(48)
(48)
(48)
(48)
Key
Scheduler
(56)
K
K1
K2
K16
K3
X
Y
๏ฎ F need not be invertible!
๏ฎ Have โunstructuredโ
behavior.
๏ฎ Decryption is the same as
encryption with reversed
key schedule (hardware
implementation!).
DES in a Nutshell (1977)
78
79. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
DES in a Nutshell (1977) โ 1 Round โ
Expansion Permutation
48
P-Box Permutation
S-Box Substitution
32
Shift Shift
48
Compression
Permutation
Feistel
Network
56
32
32
Keyi-1
Ri-1
Li-1
Keyi
Ri
Li
32
32
56
79
96. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
๏ฎ Martin Gardner column and RSA-129 challenge
๏ฎ Described public-key and RSA cryptosystem in his Scientific
American column, Mathematical Games (1977)
๏ฎ Ron Rivest offered copy of RSA technical memo.
๏ฎ Ron Rivest offered $100 to first person to break challenge
ciphertext based on 129-digit product of primes.
๏ฎ Ronโs estimated time to solution: 40 quadrillion years
RSA์ ์์ธ์๋ถํด๋ฌธ์
96
97. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
๏ฎ Question (1977) :
๏ฎ N=114,381,625,757,888,867,669,235,779,976,146
,612,010,218,296,721,242,362,562,561,842,935,70
6,935,245,733,897,830,597,123,563,958,705,058,9
89,075,147,599,290,026,879,543,541
๏ฎ Answer (1994, 8 months work by about
600 volunteers from more than 20
countries; 5000 MIPS-years.) :
๏ฎ p=32,769,132,993,266,709,549,961,988,190,834,4
61,413,177,642,967,992,942,539,798,288,533
๏ฎ q=3,490,529,510,847,650,949,147,849,619,903,89
8,133,417,764,638,493,387,843,990,820,577
RSA์ ์์ธ์๋ถํด๋ฌธ์
97
107. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
๏ฎ Diffie-Hellman
๏ฎ Keys generated by exponentiation over the
group.
๏ฎ Exponentiation defined by repeated
multiplication
๏ฎ Elliptic Curve Diffie-Hellman
๏ฎ ECC was introduced by Victor Miller and Neal
Koblitz in 1985.
๏ฎ Keys generated by multiplication over elliptic
curves.
๏ฎ Multiplication through repeated addition
๏ฎ Cryptanalysis involves determining k given a
and (k x G)
ํ์๊ณก์ Diffie-Hellman
107
125. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
๏ฎ Loren Kohnfelder โ
Invention of Digital
Certificates
๏ฎ Loren Kohnfelderโs
B.S. thesis (MIT
1978, supervised by
Len Adleman),
proposed notion of
digital certificate โ
a digitally signed
message attesting
to another partyโs
public key.
์ธ์ฆ์ ๊ฐ๋ ์ ํ์ (1978)
125
158. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
What Is โNothing Is Learnedโ?
Plaintext is
english!
Plaintext is โI found a
solution to the calendar
sync problemโ.
Plaintext is โโฆ. solution
โฆ. calendar sync โฆ.โ.
158
160. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
๏ฎ Perfect secrecy : if a passive adversary,
even with infinite computational
resources, can learn nothing about the
plaintext from the ciphertext, except
possibly its length.
๏ฎ Semantic security : a passive adversary
with polynomially bounded
computational resources can learn
nothing about the plaintext from the
ciphertext.
Semantic Security
160
170. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
๏ฎ Cryptographic protocol for emulating a
trusted party (already started in the late 1970s)
๏ฎ MPC enables decentralization and privacy!
Secure Multi-Party Computation (MPC)
Goal :
- Correctness : Everyone computes y=f(x,y)
- Security : Nothing but the output is revealed
170
179. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
Order-Preserving Encryption (OPE)
๏ฎ OPE์ ๊ฐ๋
๏ฎ R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu,
โOrder-preserving encryption for numeric
dataโ, SIGMOD 2004, pp. 563~574
eA eD eC eB
OPE
key
Plain data (A > B > C >D)
cipher data (eA > eB > eC >eD)
eA eB eC eD
A B C D
A D C B
179
188. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
๏ฎ In 1978, Rivest, Adleman, and Dertouzos asked,
โCan one compute on encrypted data, while
keeping it encrypted?โ
๏ฎ In 2009, Craig Gentry (Stanford, IBM) gave solution
based on use of lattices. If efficiency can be greatly
improved, could be huge implications (e.g. for cloud
computing).
Fully Homomorphic Encryption
188
192. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
Currently there is no โsilver bulletโ solution, said Lynne
Parker, White House deputy chief technology officer.
She pointed to several reasons: โฒData de-identification
can be accidentally undone when the scrubbed data is
combined with other sources of information. โฒData
aggregation limits analytics. โฒSimulating data raises
concerns about accuracy and reverse engineering, while
homomorphic encryption โ which allows data to be
mined without sacrificing privacy โ hurts performance
and speed.
Other techniques and technologies also have their
weaknesses, she said. โฒDifferential privacy, or systems
that publicly share information on group patterns while
withholding information on individuals in a dataset, water
down insights.
192
193. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
๋ง๋ณํต์น์ฝ์ ์๋ค! Define & Design!!
Identify privacy
breach
Design a new
algorithm to fix the
privacy breach
Breach and Patch Approach
Formally specify
the privacy model
Define and Design Approach
Design an algorithm
that satisfies the
privacy conditions
Derive conditions
for privacy
193
201. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
๏ฎ ROM : Holds the Operating System
๏ฎ EEPROM : Holds the application programs
and their data
๏ฎ PROM : Holds the card number
๏ฎ RAM : Used as temporary storage space for
variables
๏ฎ Processor : 8 bit processor based on CISC
architecture. Moving towards 32 bit due to
JavaCards
๏ฎ I/O Interface for data transfer to and from
the card.
Smart Card
201
207. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
Smart Card Security
Invasive Analysis Non-invasive Analysis
Side Channel Attacks
Probing Fault-based
Analysis
Timing Analysis Power Analysis
A technique to probe
signal after exposing
surface of chips and
removing protective
coating
A technique to derive
internal confidential
information using the
difference between
normal output and
faulty output caused
artificially
A technique to
estimate confidential
information by
analyzing processing
time
A technique to
estimate confidential
information by
observing power
consumption
207
208. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
๏ฎ Paul Kocher et al. introduced
๏ฎ Timing attacks (CRYPTO โ96)
๏ฎ Differential Power analysis (CRYPTO โ99)
๏ฎ Differential fault analysis (Eurocrypt โ97)
๏ฎ induce a fault and โsee what happensโ
๏ฎ a.k.a. micro-wave attack
๏ฎ Sound of computer while computing RSA
๏ฎ Van Eck phreaking :
๏ฎ eavesdropping on screen output displayed on a CRT or
LCD monitor by measuring electromagnetic emissions
๏ฎ emissions from keyboard
Brief History of Side Channel Attacks
208
209. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
Power Attack
Data input
Data output
Terminal
IC chip
Power supply
0111011011111
0111011101110
1111000001
Measure power
consumption
Guess secret information
stored on IC chip memory
209
211. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
๏ฎ Simple Power Attack (SPA)
๏ฎ Makes use of characteristics that are directly
visible in a single measurement trace
๏ฎ Differential Power Attack (DPA)
๏ฎ Looks for side channel differences that are NOT
directly visible in one measurement trace
๏ฎ Statistical methods have to be applied
๏ฎ Divide-and-conquer tactics: finding small
pieces of the key at a time
๏ฎ Harder to prevent
๏ฎ DPA = SPA + Statistical Analysis
SPA vs. DPA
211
231. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
๏ฎ In 1967 David Kahn published The Codebreakers
โ The Story of Secret Writing.
๏ฎ A monumental history of cryptography.
๏ฎ NSA attempted to suppress its publication.
To Learn More
231
232. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
๏ฎ Established 1982 by David Chaum, Ron Rivest, and
others, to promote academic research in cryptology.
๏ฎ Sponsors three major conferences/year (Crypto,
Eurocrypt, Asiacrypt) and four workshops; about 200
papers/year, plus another 600/year posted on web.
๏ฎ Publishes J. Cryptography
๏ฎ Around 1600 members, (25% students), from 74
countries, 27 Fellows.
To Learn More
232
233. ๊ณ ๋ ค๋ํ๊ต์ ๋ณด๋ณดํธ๋ํ์
๋ง์คํฐ ์ ๋ชฉ ์คํ์ผ ํธ์ง
๏ถ ยฉ2021 by Seungjoo Gabriel Kim. Permission to
make digital or hard copies of part or all of this
material is currently granted without fee
provided that copies are made only for personal
or classroom use, are not distributed for profit
or commercial advantage, and that new copies
bear this notice and the full citation.
233