So now that we have an understanding of symmetric ciphers,
and we know how to generate a random key,
we're going to talk about an application, which is to store a file securely.
And our goal here is that we have--this is the computer--
it may look more like a stapler, but it is intended to be a computer.
And we have on that computer, we have some file--
what we'd like to do is store that data on the computer,
know that if we leave the computer in a coffee shop and someone
captures the computer, they won't be able to read the contents in that file
this is to prevent the kind of incident one hears about fairly
frequently in the news, where someone has a list of Social Security Numbers for everyone
at the DMV, at the drivers' licensing office, and they leave that on their laptop
and it gets stolen and then you've got a big worry about all that personal information
being lost. Probably that kind of file shouldn't be stored on someone's laptop
in the first place, but our goal is to be able to store files that contain sensitive information
and know that even if the computer that they're stored on is stolen,
the contents of the file will still be secure.
Now we don't want to just throw the file away, we want the owner of the file
to still be able to read the file.
And so we're going to assume that there's some key that the owner
of the file can store in some other place that's secure.
We'll talk a little bit later--how we might want to do that.
But let's assume there's a key that can be used to decrypt the file.
So here's the straightforward way to do this: we're going to take our file--
we'll call it m--and we'll divide it into blocks
and the block size will depend on the cipher we're using.
Let's assume we're using a cipher with 128-bit block size,
which is the size that AES uses.
Then what we'll store is the ciphertext, and each ciphertext block
is the result of encrypting using the key k, the corresponding message block.
So how well does this work? Let's try a quiz.
So the question is: Assuming that E has perfect secrecy--
we know this is not true, because we're reusing the key
to encrypt multiple messages and Claude Shannon showed
that this would only be possible in the case where
the number of possible keys must exceed, or be equal to,
the number of possible messages. And that's not the case here.
But let's assume that for now.
What can an attacker learn if they capture the laptop and acquire C?
Check all the choices that are true--the choices are: nothing, the length of m,
the value of k, which blocks in m are equal.
