Hash-based Signatures
|
|
- Kenneth Grant
- 5 years ago
- Views:
Transcription
1 Hash-based Signatures IETF/IRTF CFRG Draft on XMSS Fraunhofer Workshop Series 01 Post-Quantum Cryptography in Practice Speaker: Dr. Bernhard Jungk 1
2 extended Merkle Signature Scheme 2
3 extended Merkle Signature Scheme Why should we look into XMSS? Hash-based signatures have many advantages: Based on well understood security notions» Cryptographic hash functions are hard to invert, also for quantum computers» Merkle trees well studied since the 1980ies Hash functions are well understood (especially after SHA-3 competition) Fast signing and verification operations possible Relatively easy to understand and implement 3
4 extended Merkle Signature Scheme Why should we look into XMSS? XMSS is a promising candidate for Applications with relatively low amount of signatures One- or many-times firmware updates Digital signatures for documents (e.g. contracts, ) Long-term archival of important digital assets PKI Certificates (e.g. Root CA) 4
5 extended Merkle Signature Scheme Why should we look into XMSS? IRTF is part of IETF Oriented towards research and long-term trends Important trend PQC Quantum computer attacks are likely Design of replacements for traditional public key crypto Standardization needed Interoperability Implementation Guidelines 5
6 extended Merkle Signature Scheme Our Contribution 6 Implementation experience Benchmarking against other schemes Learn good trade-offs for different application scenarios, cost reductions, side-channels, etc. Target Platform: Hardware, i.e. FPGAs and ASICs Cooperation: Yale University in New Haven, US Fraunhofer SIT in Darmstadt, Germany Fraunhofer Singapore
7 Recap Winternitz One-Time Signatures 7
8 Winternitz One-Time Scheme+ Basic Principle Public Key Generation Public Key Public Seed 0 8 Private Key
9 Winternitz One-Time Scheme+ Basic Principle Signature Generation Signature Public Seed 0 9 Private Key
10 Winternitz One-Time Scheme+ Basic Principle Signature Verification Output == Public Key? Public Seed 0 10
11 Winternitz One-Time Scheme+ Basic Principle Problem: Signer reveals how to sign other messages with the same key Seed 0 11
12 Winternitz One-Time Scheme+ Basic Principle Solution: Checksum Message 0,3 Checksum 1,3 0,2 1,2 0,1 1,1 Seed 0,0 Seed 1,0 12 SK0 SK1
13 Winternitz One-Time Scheme+ ing Function for XMSS Key Hash Address Mask PRF Output F Seed PRF PRF Pseudorandom function F Keyed hash function Input 13
14 extended Merkle Signature Scheme 14
15 extended Merkle Signature Scheme L-Tree Public Key Generation Compressed WOTS+ Public Key PK0 PK1 PK2 PK3 PK4 PK5 PK6 PK7 PK8 15
16 extended Merkle Signature Scheme XMSS Tree Public Key Generation XMSS Public Key Tree height h=3 Up to 2 3 =8 signature generations L-Tree L-Tree L-Tree L-Tree L-Tree L-Tree L-Tree L-Tree 16
17 extended Merkle Signature Scheme The Complete Picture Public Key Generation XMSS Public Key 2 h times 17 SK0 SK1 SK2 SK3 SK4 SK5 SK6 SK7 SK8
18 extended Merkle Signature Scheme rand_hash Key Hash Address Mask0 PRF Output H Seed Mask1 PRF PRF PRF Pseudorandom function H Keyed hash function Left Right 18
19 extended Merkle Signature Scheme Signature Generation Message 1 WOTS+ Signature Merkle Tree Authentication Path Node to be computed 19 SK0 SK1 SK2 SK3 SK4 SK5 SK6 SK7 SK8
20 extended Merkle Signature Scheme Signature Generation Message 1 20 SK0 SK1 SK2 SK3 SK4 SK5 SK6 SK7 SK8
21 extended Merkle Signature Scheme Signature Generation Message 2 WOTS+ Signature Merkle Tree Authentication Path Node to be computed 21 SK9 SK10 SK11 SK12 SK13 SK14 SK15 SK16 SK17
22 extended Merkle Signature Scheme Signature Verification Message 2 WOTS+ Signature Merkle Tree Authentication Path Node to be computed Output == XMSS Public Key? 22
23 23 Performance Estimates
24 Performace Consideration Public Key Generation WOTS+ IRTF Parameters: WOTS+ chain length w=16 Merkle tree height h=10, h=16, or h= Bit Hashes (e.g. SHA-256) 24 SK9 SK10 SK11 SK12 SK13 SK14 SK15 SK16 SK17
25 Performace Consideration Public Key Generation WOTS+ IRTF Parameters: WOTS+ chain length w=16 Merkle tree height h=10, h=16, or h= Bit Hashes (e.g. SHA-256) 3 Hash Function Calls 25 SK9 SK10 SK11 SK12 SK13 SK14 SK15 SK16 SK17
26 Performace Consideration Public Key Generation WOTS+ IRTF Parameters: WOTS+ chain length w=16 Merkle tree height h=10, h=16, or h= Bit Hashes (e.g. SHA-256) 3*w = 48 Hash Function Calls 26 SK9 SK10 SK11 SK12 SK13 SK14 SK15 SK16 SK17
27 Performace Consideration Public Key Generation WOTS+ IRTF Parameters: WOTS+ chain length w=16 Merkle tree height h=10, h=16, or h= Bit Hashes (e.g. SHA-256) 48*67 = 3216 Hash Function Calls 27 SK9 SK10 SK11 SK12 SK13 SK14 SK15 SK16 SK17
28 Performace Consideration Public Key Generation WOTS+ IRTF Parameters: WOTS+ chain length w=16 Merkle tree height h=10, h=16, or h= Bit Hashes (e.g. SHA-256) 3216*2 h Hash Function Calls 2 h times 28 SK9 SK10 SK11 SK12 SK13 SK14 SK15 SK16 SK17
29 Performace Consideration Public Key Generation L-Tree IRTF Parameters: WOTS+ chain length w=16 Merkle tree height h=10, h=16, or h= Bit Hashes (e.g. SHA-256) 4 Hash Function Calls 29 SK9 SK10 SK11 SK12 SK13 SK14 SK15 SK16 SK17
30 Performace Consideration Public Key Generation L-Tree IRTF Parameters: WOTS+ chain length w=16 Merkle tree height h=10, h=16, or h= Bit Hashes (e.g. SHA-256) 4*65 = 268 Hash Function Calls 30 SK9 SK10 SK11 SK12 SK13 SK14 SK15 SK16 SK17
31 Performace Consideration Public Key Generation L-Tree IRTF Parameters: WOTS+ chain length w=16 Merkle tree height h=10, h=16, or h= Bit Hashes (e.g. SHA-256) 260*2 h Hash Function Calls 2 h times 31 SK9 SK10 SK11 SK12 SK13 SK14 SK15 SK16 SK17
32 Performace Consideration Public Key Generation XMSS IRTF Parameters: WOTS+ chain length w=16 Merkle tree height h=10, h=16, or h= Bit Hashes (e.g. SHA-256) 4*(2 h -1) = 4*2 h -4 Hash Function Calls 32 SK9 SK10 SK11 SK12 SK13 SK14 SK15 SK16 SK17
33 Performace Consideration Public Key Generation XMSS IRTF Parameters: WOTS+ chain length w=16 Merkle tree height h=10, h=16, or h= Bit Hashes (e.g. SHA-256) 3480*2 h -4 Total Hash Function Calls 33 SK9 SK10 SK11 SK12 SK13 SK14 SK15 SK16 SK17
34 Performance Consideration Hash Function Calls h=10 h=16 h=20 Signatures ,536 1,048,576 Public Key Generation Signature Generation Signature Verification 3,563, ,065,280 3,649,044,480 ~5,560 ~263,684 ~4,195,828 ~1,908 ~1,932 ~1,948 34
35 Performance with SHA-256 h=10 h=16 h=20 Signatures ,536 1,048,576 Public Key Generation With 400 MHz 423,099,648 clock cycles 27*10 9 clock cycles 434*10 9 clock cycles <1.1 s <70 s <1085 s Sign < 2 ms < 70 ms < 1 s Verify < 1 ms < 1 ms < 1 ms 35
36 Performance with SHA-3 h=10 h=16 h=20 Signatures ,536 1,048,576 Public Key Generation With 400 MHz 79,159,200 clock cycles 5*10 9 clock cycles 81*10 9 clock cycles < 200 ms <12.5 s < 203 s Sign < 1 ms < 12.5 ms < 200 ms Verify < 1 ms < 1 ms < 1 ms 36
37 Comparison with ECC FPGA Implementation Estimates (Virtex-5) Ed25519 XMSS-SHA3 h=10 Public Key Generation < 1 ms < 200 ms Sign < 1 ms < 1 ms Verify < 2 ms < 1 ms 37
38 Optimisations and Trade-Offs Parallelization and Caching 38 Parallelization WOTS+ trivial to compute in parallel L-Tree and XMSS more difficult to parallelize More/Less Caching More caching of XMSS for authentication path (costs more memory) è Improves the signing performance Less caching to save memory è In the worst case, signing almost as slow as public key generation è Useful for lightweight applications with low memory
39 39 Thank you for your attention!
Summer School on Post-Quantum Cryptography 2017, TU Eindhoven Exercises on Hash-based Signature Schemes
Summer School on Post-Quantum Cryptography 2017, TU Eindhoven Exercises on Hash-based Signature Schemes 1 Lamport Consider Lamport s one-time signature scheme. Let messages be of length n and assume that
More informationPost quantum Crypto Standardisation in IETF/IRTF. Kenny Paterson Information Security
Post quantum Crypto Standardisation in IETF/IRTF Kenny Paterson Information Security Group @kennyog; www.isg.rhul.ac.uk/~kp Overview IETF/IRTF and the role of CFRG CFRG work on post quantum crypto CFRG
More informationPublic Key Infrastructures
Public Key Infrastructures The Web PKI Cryptography and Computer Algebra Prof. Johannes Buchmann Dr. Johannes Braun TU Darmstadt Cryptography and Computer Algebra Lecture: Public Key Infrastructures 1
More informationCRYPTANALYSIS AGAINST SYMMETRIC- KEY SCHEMES WITH ONLINE CLASSICAL QUERIES AND OFFLINE QUANTUM COMPUTATIONS
#RSAC SESSION ID: CRYP-W14 CRYPTANALYSIS AGAINST SYMMETRIC- KEY SCHEMES WITH ONLINE CLASSICAL QUERIES AND OFFLINE QUANTUM COMPUTATIONS Akinori Hosoyamada Researcher NTT Secure Platform Laboratories Cryptanalysis
More informationThe transition to post-quantum cryptography. Peter Schwabe February 19, 2018
The transition to post-quantum cryptography Peter Schwabe peter@cryptojedi.org https://cryptojedi.org February 19, 2018 About me Assistant professor at Radboud University Working on high-speed high-security
More informationLMS vs XMSS: Comparion of two Hash-Based Signature Standards
LMS vs XMSS: Comparion of two Hash-Based Signature Standards Panos Kampanakis, Scott Fluhrer Cisco Systems, USA {panosk, sfluhrer}@cisco.com Abstract. Quantum computing poses challenges to public key signatures
More informationSPHINCS + Submission to the NIST post-quantum project
SPHINCS + Submission to the NIST post-quantum project Daniel J. Bernstein, Christoph Dobraunig, Maria Eichlseder, Scott Fluhrer, Stefan-Lukas Gazdag, Andreas Hülsing, Panos Kampanakis, Stefan Kölbl, Tanja
More informationEfficient Quantum-Immune Keyless Signatures with Identity
Efficient Quantum-Immune Keyless Signatures with Identity Risto Laanoja Tallinn University of Technology / Guardtime AS May 17, 2014 Estonian CS Theory days at Narva-Jõesuu TL; DR Built a practical signature
More informationAbout & Beyond PKI. Blockchain and PKI. André Clerc Dipl. Inf.-Ing. FH, CISSP, CAS PM TEMET AG, Zürich. February 9, 2017
About & Beyond PKI Blockchain and PKI André Clerc Dipl. Inf.-Ing. FH, CISSP, CAS PM TEMET AG, Zürich February 9, 2017 1 Agenda Does blockchain secure PKIs in the longterm? Disadvantages of classic PKIs
More informationFrom One to Many: Synced Hash-Based Signatures
From One to Many: Synced Hash-Based Signatures Santi J. Vives Maccallini santi@jotasapiens.com jotasapiens.com/research Abstract: Hash-based signatures use a one-time signature (OTS) as its main building
More informationUpdate on NIST Post-Quantum Cryptography Standardization. Lily Chen National Institute of Standards and Technology USA
Update on NIST Post-Quantum Cryptography Standardization Lily Chen National Institute of Standards and Technology USA Where we are? Dec 2016 NIST Announcement of Call for Proposals on post-quantum cryptography
More informationPaper presentation sign up sheet is up. Please sign up for papers by next class. Lecture summaries and notes now up on course webpage
1 Announcements Paper presentation sign up sheet is up. Please sign up for papers by next class. Lecture summaries and notes now up on course webpage 2 Recap and Overview Previous lecture: Symmetric key
More informationThe H2020 PQCRYPTO project
The H2020 PQCRYPTO project Andreas Hülsing 05 October 2015 3rd ETSI/IQC Workshop on Quantum-Safe Cryptography Post-Quantum Cryptography for Long-term Security Project funded by EU in Horizon 2020. Starting
More information8/30/17. Introduction to Post-Quantum Cryptography. Features Required from Today s Ciphers. Secret-key (Symmetric) Ciphers
CERG @ GMU http://cryptography.gmu.edu Introduction to Post-Quantum Cryptography 10 PhD students 3 MS students Features Required from Today s Ciphers Secret-key (Symmetric) Ciphers STRENGTH PERFORMANCE
More informationSharing Secrets using Encryption Facility - Handson
Sharing Secrets using Encryption Facility - Handson Lab Steven R. Hart IBM March 12, 2014 Session Number 14963 Encryption Facility for z/os Encryption Facility for z/os is a host based software solution
More informationLecture Secure, Trusted and Trustworthy Computing Trusted Platform Module
1 Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Winter Term 2016/17 Roadmap: TPM
More informationEntrust DataCard Securing Digital Transactions and Identities
Entrust DataCard Securing Digital Transactions and Identities Presenter : Debs F Debs VP Professional Services Amercias AGENDA About Entrust DataCard Digital Transactions Role of PKI in securing Digital
More information6.857 L17. Secure Processors. Srini Devadas
6.857 L17 Secure Processors Srini Devadas 1 Distributed Computation Example: Distributed Computation on the Internet (SETI@home, etc.) Job Dispatcher Internet DistComp() { x = Receive(); result = Func(x);
More informationSecure automotive on-board networks
Secure automotive on-board networks Basis for secure vehicle-to-x communication Dr.-Ing. Olaf Henniger Fraunhofer SIT / Darmstadt 2 December 2010 Presentation overview EVITA project overview Security challenges
More informationAutokey Version 2 Specification
Autokey Version 2 Specification draft-sibold-autokey-00 Authors: Dr. D. Sibold PTB, Stephen Röttger IETF 85, Atlanta, USA, November 4 9, 2012 Introduction Scope: Autokey V2 shall provide Authenticity of
More informationIntroduction to Post-Quantum Cryptography
Introduction to Post-Quantum Cryptography CERG @ GMU http://cryptography.gmu.edu 10 PhD students 3 MS students Features Required from Today s Ciphers STRENGTH PERFORMANCE software hardware FUNCTIONALITY
More informationIntroduction to Post-Quantum Cryptography
Introduction to Post-Quantum Cryptography CERG @ GMU http://cryptography.gmu.edu 10 PhD students 3 MS students 1 Features Required from Today s Ciphers STRENGTH PERFORMANCE software hardware FUNCTIONALITY
More informationPOST-QUANTUM CRYPTOGRAPHY VIENNA CYBER SECURITY WEEK DR. DANIEL SLAMANIG
POST-QUANTUM CRYPTOGRAPHY VIENNA CYBER SECURITY WEEK 2018 02.02.2018 DR. DANIEL SLAMANIG WHAT IS POST-QUANTUM CRYPTOGRAPHY? Also called quantum safe/resistant cryptography NOT quantum cryptography (= quantum
More informationPQ-Crypto Standardization Preparing today for the future of cryptography
PQ-Crypto Standardization Preparing today for the future of cryptography Workshop Quantum-Safe Cryptography for Industry (QsCI) Aline Gouget Principal researcher, Advanced Cryptography team Manager Embedded
More informationFurther Analysis of a Proposed Hash-Based Signature Standard
Further Analysis of a Proposed Hash-Based Signature Standard Scott Fluhrer Cisco Systems, USA sfluhrer@cisco.com Abstract. We analyze the concrete security of a hash-based signature scheme described in
More informationHigh-Speed Hardware for NTRUEncrypt-SVES: Lessons Learned Malik Umar Sharif, and Kris Gaj George Mason University USA
High-Speed Hardware for NTRUEncrypt-SVES: Lessons Learned Malik Umar Sharif, and Kris Gaj George Mason University USA Partially supported by NIST under grant no. 60NANB15D058 1 Co-Author Malik Umar Sharif
More informationCSC/ECE 774 Advanced Network Security
Computer Science CSC/ECE 774 Advanced Network Security Topic 2. Network Security Primitives CSC/ECE 774 Dr. Peng Ning 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange;
More informationInitial recommendations of long-term secure post-quantum systems
Initial recommendations of long-term secure post-quantum systems Tanja Lange 07 September 2015 Dagstuhl Workshop on Quantum Cryptanalysis Post-Quantum Cryptography for Long-term Security Project funded
More informationQUANTUM SAFE PKI TRANSITIONS
QUANTUM SAFE PKI TRANSITIONS Quantum Valley Investments Headquarters We offer quantum readiness assessments to help you identify your organization s quantum risks, develop an upgrade path, and deliver
More informationFPGA-based Accelerator for Post-Quantum Signature Scheme SPHINCS-256
FPGA-based Accelerator for Post-Quantum Signature Scheme SPHINCS-256 Dorian Amiet 1, Andreas Curiger 2 and Paul Zbinden 1 1 IMES Institut für Mikroelektronik und Embedded Systems HSR Hochschule für Technik,
More informationToward Unspoofable Network Identifiers. CS 585 Fall 2009
Toward Unspoofable Network Identifiers CS 585 Fall 2009 The Problem DNS Spoofing Attacks (e.g., Kaminsky) At link (Ethernet) and IP layers, either: Software sets the source address in the packet, or Software
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationNIST Post- Quantum Cryptography Standardiza9on
NIST Post- Quantum Cryptography Standardiza9on Lily Chen Cryptographic Technology Group Computer Security Division, Informa9on Technology Lab Na9onal Ins9tute of Standards and Technology (NIST) NIST Crypto
More informationCS155. Cryptography Overview
CS155 Cryptography Overview Cryptography! Is n A tremendous tool n The basis for many security mechanisms! Is not n The solution to all security problems n Reliable unless implemented properly n Reliable
More informationPrincess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)
Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Content
More informationUsing EAP-TLS with TLS 1.3 draft-mattsson-eap-tls IETF 101, EMU, MAR John Mattsson, MOHIT sethi
Using EAP-TLS with TLS 1.3 draft-mattsson-eap-tls13-02 IETF 101, EMU, MAR 19 2018 John Mattsson, MOHIT sethi draft-mattsson-eap-tls13 EAP-TLS is widely supported for authentication in Wi-Fi. EAP-TLS is
More informationMerkle Signatures for Real-World Use
Merkle Signatures for Real-World Use ABSTRACT Hash-based signatures have seen little use in practice. We explore the possibility of using hash-based signatures as the signature mechanism used in certificates
More informationCryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III
Cryptography III Public-Key Cryptography Digital Signatures 2/1/18 Cryptography III 1 Public Key Cryptography 2/1/18 Cryptography III 2 Key pair Public key: shared with everyone Secret key: kept secret,
More informationLecture Secure, Trusted and Trustworthy Computing Trusted Platform Module
1 Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Winter Term 2017/18 Roadmap: TPM
More informationPKI Knowledge Dissemination Program. PKI Standards. Dr. Balaji Rajendran Centre for Development of Advanced Computing (C-DAC) Bangalore
PKI Standards Dr. Balaji Rajendran Centre for Development of Advanced Computing (C-DAC) Bangalore Under the Aegis of Controller of Certifying Authorities (CCA) Government of India 1 PKCS Why PKCS? Even
More informationNotes for Lecture 21. From One-Time Signatures to Fully Secure Signatures
U.C. Berkeley CS276: Cryptography Handout N21 Luca Trevisan April 7, 2009 Notes for Lecture 21 Scribed by Anand Bhaskar, posted May 1, 2009 Summary Today we show how to construct an inefficient (but efficiently
More informationNIST Cryptographic Toolkit
Cryptographic Toolkit Elaine Barker ebarker@nist.gov National InformationSystem Security Conference October 16, 2000 Toolkit Purpose The Cryptographic Toolkit will provide Federal agencies, and others
More informationCS155. Cryptography Overview
CS155 Cryptography Overview Cryptography Is n n A tremendous tool The basis for many security mechanisms Is not n n n n The solution to all security problems Reliable unless implemented properly Reliable
More informationCSPN Security Target. HP Sure Start HW Root of Trust NPCE586HA0. December 2016 Reference: HPSSHW v1.3 Version : 1.3
CSPN Security Target HP Sure Start HW Root of Trust NPCE586HA0 December 2016 Reference: HPSSHW v1.3 Version : 1.3 1 Table of contents 1 Introduction... 4 1.1 Document Context... 4 1.2 Product identification...
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More informationFSU: Identity-based Authenticated Key Exchange
FSU: Identity-based Authenticated Key Exchange draft-kato-fsu-key-exchange-00.txt draft-kato-optimal-ate-pairings-00.txt draft-kasamatsu-bncurves-01.txt KATO, Akihiro NTT Software Corp CFRG, IETF 94, Yokohama
More informationNational Cybersecurity Challenges and NIST. Matthew Scholl Chief Computer Security Division
National Cybersecurity Challenges and NIST Matthew Scholl Chief Computer Security Division National Archives The Importance of Standards Article I, Section 8: The Congress shall have the power to fix the
More informationRandomness Extractors. Secure Communication in Practice. Lecture 17
Randomness Extractors. Secure Communication in Practice Lecture 17 11:00-12:30 What is MPC? Manoj Monday 2:00-3:00 Zero Knowledge Muthu 3:30-5:00 Garbled Circuits Arpita Yuval Ishai Technion & UCLA 9:00-10:30
More informationBitcoin (Part I) Ken Calvert Keeping Current Seminar 22 January Keeping Current 1
Bitcoin (Part I) Ken Calvert Keeping Current Seminar 22 January 2014 2014.01.22 Keeping Current 1 Questions What problem is Bitcoin solving? Where did it come from? How does the system work? What makes
More informationProblem: Equivocation!
Bitcoin: 10,000 foot view Bitcoin and the Blockchain New bitcoins are created every ~10 min, owned by miner (more on this later) Thereafter, just keep record of transfers e.g., Alice pays Bob 1 BTC COS
More informationOutline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)
Outline AIT 682: Network and Systems Security 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard Topic 5.2 Public Key Cryptography Instructor: Dr. Kun Sun 2 Public Key
More informationHow Formal Analysis and Verification Add Security to Blockchain-based Systems
Verification Add Security to Blockchain-based Systems January 26, 2017 (MIT Media Lab) Pindar Wong (VeriFi Ltd.) 2 Outline of this talk Security Definition of Blockchain-based system Technology and Security
More informationCSC 5930/9010 Modern Cryptography: Public-Key Infrastructure
CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure Professor Henry Carter Fall 2018 Recap Digital signatures provide message authenticity and integrity in the public-key setting As well as public
More informationApplications using ECC. Matthew Campagna Director Certicom Research
1 Applications using ECC Matthew Campagna Director Certicom Research 2 Agenda About Certicom Pitney Bowes PC Smart Meter BlackBerry Smartcard Reader New techniques for financial applications and bandwidth
More informationEncryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message
More informationCryptography. and Network Security. Lecture 0. Manoj Prabhakaran. IIT Bombay
Cryptography and Network Security Lecture 0 Manoj Prabhakaran IIT Bombay Security In this course: Cryptography as used in network security Humans, Societies, The World Network Hardware OS Libraries Programs
More informationCryptographic hash functions and MACs
Cryptographic hash functions and MACs Myrto Arapinis School of Informatics University of Edinburgh October 05, 2017 1 / 21 Introduction Encryption confidentiality against eavesdropping 2 / 21 Introduction
More informationKeep your fingers off my keys today & tomorrow
SIGS SE February 2017 Keep your fingers off my keys today & tomorrow Marcel Dasen VP Engineering Securosys SA Keys? Encryption keys asymmetric e.g. RSA, ECC public/private key pairs for wrapping symmetric
More informationTrusted Computing: Introduction & Applications
Trusted Computing: Introduction & Applications Lecture 5: Remote Attestation, Direct Anonymous Attestation Dr. Andreas U. Schmidt Fraunhofer Institute for Secure Information Technology SIT, Darmstadt,
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More informationCSC 774 Network Security
CSC 774 Network Security Topic 2. Review of Cryptographic Techniques CSC 774 Dr. Peng Ning 1 Outline Encryption/Decryption Digital signatures Hash functions Pseudo random functions Key exchange/agreement/distribution
More informationIntroducing Hardware Security Modules to Embedded Systems
Introducing Hardware Security Modules to Embedded Systems for Electric Vehicles charging according to ISO/IEC 15118 V1.0 2017-03-17 Agenda Hardware Trust Anchors - General Introduction Hardware Trust Anchors
More informationAeroMACS Public Key Infrastructure (PKI) Users Overview
AeroMACS Public Key Infrastructure (PKI) Users Overview WiMAX Forum Proprietary Copyright 2019 WiMAX Forum. All Rights Reserved. WiMAX, Mobile WiMAX, Fixed WiMAX, WiMAX Forum, WiMAX Certified, WiMAX Forum
More informationOverview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation
Overview Key exchange Session vs. interchange keys Classical, public key methods Key generation Cryptographic key infrastructure Certificates Key storage Key escrow Key revocation Digital signatures May
More informationCryptography V: Digital Signatures
Cryptography V: Digital Signatures Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 19th February 2009 Outline Basics Constructing signature schemes Security of
More informationCryptographic Checksums
Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;
More informationCryptography V: Digital Signatures
Cryptography V: Digital Signatures Computer Security Lecture 10 David Aspinall School of Informatics University of Edinburgh 10th February 2011 Outline Basics Constructing signature schemes Security of
More informationSecurity Applications
1. Introduction Security Applications Abhyudaya Chodisetti Paul Wang Lee Garrett Smith Cryptography applications generally involve a large amount of processing. Thus, there is the possibility that these
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationCSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography Outline 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationInternet Engineering Task Force (IETF) Request for Comments: Category: Informational ISSN: March 2011
Internet Engineering Task Force (IETF) S. Turner Request for Comments: 6149 IECA Obsoletes: 1319 L. Chen Category: Informational NIST ISSN: 2070-1721 March 2011 Abstract MD2 to Historic Status This document
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationAutomotive Security An Overview of Standardization in AUTOSAR
Automotive Security An Overview of Standardization in AUTOSAR Dr. Marcel Wille 31. VDI/VW-Gemeinschaftstagung Automotive Security 21. Oktober 2015, Wolfsburg Hackers take over steering from smart car driver
More informationLecture Embedded System Security Trusted Platform Module
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2015 Roadmap: TPM Introduction to TPM TPM architecture
More informationA Novel Adaptive Proxy Certificates Management Scheme in Military Grid Environment*
A Novel Adaptive Proxy Certificates Management Scheme in Military Grid Environment* Ying Liu, Jingbo Xia, and Jing Dai Telecommunication Engineering Institute, Air Force Engineering University, Xi an,
More informationPublic-Key Encryption, Key Exchange, Digital Signatures CMSC 23200/33250, Autumn 2018, Lecture 7
Public-Key Encryption, Key Exchange, Digital Signatures CMSC 23200/33250, Autumn 2018, Lecture 7 David Cash University of Chicago Plan 1. Security of RSA 2. Key Exchange, Diffie-Hellman 3. Begin digital
More informationCryptographic Hash Functions
ECE458 Winter 2013 Cryptographic Hash Functions Dan Boneh (Mods by Vijay Ganesh) Previous Lectures: What we have covered so far in cryptography! One-time Pad! Definition of perfect security! Block and
More informationOutline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography 1. Introduction 2. RSA Outline 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationEnterprise Key Management Infrastructure: Understanding them before auditing them. Arshad Noor CTO, StrongAuth, Inc. Chair, OASIS EKMI-TC
Enterprise Key Management Infrastructure: Understanding them before auditing them Arshad Noor CTO, StrongAuth, Inc. Chair, OASIS EI-TC Agenda What is an EI? Components of an EI Auditing an EI ISACA members
More informationDigital Certificates Demystified
Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates
More informationICS 180 May 4th, Guest Lecturer: Einar Mykletun
ICS 180 May 4th, 2004 Guest Lecturer: Einar Mykletun 1 Symmetric Key Crypto 2 Symmetric Key Two users who wish to communicate share a secret key Properties High encryption speed Limited applications: encryption
More informationIEEE Std and IEEE Std 1363a Ashley Butterworth Apple Inc.
apple IEEE Std 1363-2000 and IEEE Std 1363a-2004 Ashley Butterworth Apple Inc. The Titles IEEE Std 1363-2000 - IEEE Standard Specifications for Public-Key Cryptography IEED Std 1363a-2004 - IEEE Standard
More informationCOMP4109 : Applied Cryptography
COMP4109 : Applied Cryptography Fall 2013 M. Jason Hinek Carleton University Applied Cryptography Day 2 information security cryptographic primitives unkeyed primitives NSA... one-way functions hash functions
More informationStudy Guide for the Final Exam
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Handout #22 Professor M. J. Fischer April 30, 2005 1 Exam Coverage Study Guide for the Final Exam The final
More informationDolphin DCI 1.2. FIPS Level 3 Validation. Non-Proprietary Security Policy. Version 1.0. DOL.TD DRM Page 1 Version 1.0 Doremi Cinema LLC
Dolphin DCI 1.2 FIPS 140-2 Level 3 Validation Non-Proprietary Security Policy Version 1.0 DOL.TD.000921.DRM Page 1 Version 1.0 Table of Contents 1 Introduction... 3 1.1 PURPOSE... 3 1.2 REFERENCES... 3
More informationPublic Review: Comments on Draft ETSI SR V0.0.4 ( )
Public Review: Comments on Draft ETSI SR 019 020 V0.0.4 (2013-11) Rationalised Framework of Standards for Advanced Electronic Signatures in Mobile Environment> Organization Technical/) -X The document
More informationSecurity Requirements for Crypto Devices
Security Requirements for Crypto Devices Version 1.0 02 May 2018 Controller of Certifying Authorities Ministry of Electronics and Information Technology 1 Document Control Document Name Security Requirements
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationEnhanced Management of Certificate Caching and Revocation Lists in VANET
Enhanced Management of Certificate Caching and Revocation Lists in VANET Sadiq H. Abdulhussain Computer Engineering Department College of Engineering University of Baghdad ABSTRACT Vehicular network security
More informationIntroduction to Cryptography. Vasil Slavov William Jewell College
Introduction to Cryptography Vasil Slavov William Jewell College Crypto definitions Cryptography studies how to keep messages secure Cryptanalysis studies how to break ciphertext Cryptology branch of mathematics,
More informationSecurity IP-Cores. AES Encryption & decryption RSA Public Key Crypto System H-MAC SHA1 Authentication & Hashing. l e a d i n g t h e w a y
AES Encryption & decryption RSA Public Key Crypto System H-MAC SHA1 Authentication & Hashing l e a d i n g t h e w a y l e a d i n g t h e w a y Secure your sensitive content, guarantee its integrity and
More informationKey Agreement Schemes
Key Agreement Schemes CSG 252 Lecture 9 November 25, 2008 Riccardo Pucella Key Establishment Problem PK cryptosystems have advantages over SK cryptosystems PKCs do not need a secure channel to establish
More informationsymmetric cryptography s642 computer security adam everspaugh
symmetric cryptography s642 adam everspaugh ace@cs.wisc.edu computer security Announcement Midterm next week: Monday, March 7 (in-class) Midterm Review session Friday: March 4 (here, normal class time)
More informationTowards Post-Quantum Cryptography Standardization. Lily Chen and Dustin Moody National Institute of Standards and Technology USA
Towards Post-Quantum Cryptography Standardization Lily Chen and Dustin Moody National Institute of Standards and Technology USA First mile - Towards PQC standardization After about four years of preparation,
More informationSecure digital certificates with a blockchain protocol
Secure digital certificates with a blockchain protocol Federico Pintore 1 Trento, 10 th February 2017 1 University of Trento Federico Pintore Blockchain and innovative applications Trento, 10 th February
More informationOn Optimized FPGA Implementations of the SHA-3 Candidate Grøstl
On Optimized FPGA Implementations of the SHA-3 Candidate Grøstl Bernhard Jungk, Steffen Reith, and Jürgen Apfelbeck Fachhochschule Wiesbaden University of Applied Sciences {jungk reith}@informatik.fh-wiesbaden.de
More informationEmbedded System Security Mobile Hardware Platform Security
1 Embedded System Security Mobile Hardware Platform Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Summer Term 2017 Acknowledgement This slide set
More informationTrue2F: Backdoor-resistant authentication tokens
True2F: Backdoor-resistant authentication tokens Emma Dauterman, Henry Corrigan-Gibbs, David Mazières, Dan Boneh, Dominic Rizzo Stanford and Google To appear at Oakland 2019 U2F: effective hardware 2FA
More informationCryptography MIS
Cryptography MIS-5903 http://community.mis.temple.edu/mis5903sec011s17/ Cryptography History Substitution Monoalphabetic Polyalphabetic (uses multiple alphabets) uses Vigenere Table Scytale cipher (message
More informationEmbedded System Security Mobile Hardware Platform Security
1 Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Summer Term 2016 Acknowledgement This slide set is based on slides provided by
More information