Lattice-Based Cryptography
|
|
- Kathlyn Flynn
- 5 years ago
- Views:
Transcription
1 Lattice-Based Cryptography Huijing Gong 9/24/2018 Slides courtesy of Dana Dachman-Soled, Valeria Nikolaenko, Chris Peikert, and Oded Regev
2 Traditional Crypto Assumptions Recall
3 Traditional Crypto Assumptions Discrete Log: Given gg xx mmoodd pp, find xx. (Decisional) Diffie-Hellman Assumptions (gg xx, gg yy, gg xxyy ), (gg xx, gg yy,gg zz ) More: Factoring
4 Are They Secure? Algorithmic Advances: OO(nn Factoring: Best algorithm time 2 3) to factor nn-bit number. OO(nn Discrete log: Best algorithm 2 3) for groups Ζ pp, where pp isnn-bit. 1 1 Quantum Computers: Shor s algorithm solves both factoring and discrete log in quantum polynomial time ( OO(nn 2 )).
5 Are They Secure? For those partners and vendors that have not yet made the transition to Suite B algorithms (ECC), we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum resistant algorithm transition... Unfortunately, the growth of elliptic curve use has bumped up against the fact of continued progress in the research on quantum computing, necessitating a re-evaluation of our cryptographic strategy. NSA Statement, August 2015
6 Post-Quantum Approach Believed to be hard for quantum computers. Versatile: Can essentially construct all cryptosystems out of these assumptions. Candidates: Lattice-based Crypto, Hash-based Crypto, codebased, etc.
7 What s a Lattice? A periodic grid in Ζ mm (Formally: full-rank additive subgroup.) O
8 What s a Lattice? A periodic grid in Ζ mm (Formally: full-rank additive subgroup.) Basis BB = {bb 1,, bb m } Lattice = mm jj=1 Ζ bb jj b 2 b 1 O
9 What s a Lattice? A periodic grid in Ζ mm (Formally: full-rank additive subgroup.) Basis BB = {bb 1,, bb m } Lattice = mm jj=1 Ζ bb j b 1 (Other representations too... ) O b 2
10 Hard Lattice Problem: Learning With Errors (LWE) [Regev 05] There is a secret vector s in Ζ nn pp (we'll use Z 4 17 as a running example) An oracle (who knows s) generates a vector a in Ζ nn pp and small noise element e in Z The oracle outputs (a,b=<a,s>+e mod 17) This procedure is repeated with the same s and fresh a and e Our task is to find s
11 Learning With Errors (LWE) Problem There is a secret vector s in Ζ nn pp (we'll use Z 4 17 as a running example) An oracle (who knows s) generates a vector a in Ζ nn pp and small noise element e in Ζ. The oracle outputs (a,b=<a,s>+e mod 17) This procedure is repeated with the same s and fresh a and e Our task is to find s
12 Learning With Errors (LWE) Problem There is a secret vector s in Ζ nn pp (we'll use Z 4 17 as a running example) An oracle (who knows s) generates a vector a in Ζ nn pp and small noise element e in Ζ. The oracle outputs (aa, bb = aa, ss + ee mmmmmm pp) * = This procedure is repeated with the same s and fresh a and e Our task is to find s
13 Learning With Errors (LWE) Problem There is a secret vector s in Ζ nn pp (we'll use Z 4 17 as a running example) An oracle (who knows s) generates a vector a in Ζ nn pp and small noise element e in Ζ. The oracle outputs (aa, bb = aa, ss + ee mmmmmm pp) * = This procedure is repeated with the same ss and fresh aa and ee Our task is to find ss
14 Learning With Errors (LWE) Problem There is a secret vector s in Ζ nn pp (we'll use Z 4 17 as a running example) An oracle (who knows s) generates a vector a in Ζ nn pp and small noise element e in Ζ. The oracle outputs (aa, bb = aa, ss + ee mmmmmm pp) * = This procedure is repeated with the same ss and fresh aa and ee Our task is to find ss
15 Learning With Errors (LWE) Problem a 1 a 2... s + e = b LWE Instance AA, bb = AA ss + ee mmmmmm pp a m Once there are enough a i, the s is uniquely determined Theorem [Regev '05] : There is a polynomial-time quantum reduction from solving certain lattice problems in the worst-case to solving LWE.
16 Decisional LWE Problem a 1 a 2... World 1 s + e = b a 1 a 2..., b a m a m a 1 a 2... World 2, b uniformly in Ζ pp mm Decision LWE Oracle a m I am in World 1 (or 2)
17 LWE is Versatile What kinds of crypto can we do with LWE? Key Exchange, Public Key Encryption ObliviousTransfer Actively Secure Encryption (w/o oracles) Block Ciphers, Pseudo Functions Identity-Based Encryption (w/ RO) Hierarchical ID-Based Encryption (w/o RO) Fully HomomorphicEncryption Attribute-Based Encryption for arbitrary policies and much, much more..
18 Recall Diffie-Hellman key exchange Parameters gg, p Client Server Nonsecret value in blue and secret value in red. 1. Client and Server agree on the algorithm parameters g and p 2. Client and Server generate their own private keys, named yy and xx, respectively 3. Server computes gg xx and sends it to Client. 4. Client computes gg yy and sends it to Server. 5. Client computers (gg xx ) yy and uses it as its secret. 6. Server computers (gg yy ) xx and uses it as its secret.
19 Recall Diffie-Hellman key exchange Parameters gg, p Client Server Nonsecret value in blue and secret value in red. 1. Client and Server agree on the algorithm parameters g and p yy xx 2. Client and Server generate their own private keys, named yy and xx, respectively 3. Server computes gg xx and sends it to Client. 4. Client computes gg yy and sends it to Server. 5. Client computers (gg xx ) yy and uses it as its secret. 6. Server computers (gg yy ) xx and uses it as its secret.
20 Recall Diffie-Hellman key exchange Parameters gg, p Client Server Nonsecret value in blue and secret value in red. 1. Client and Server agree on the algorithm parameters g and p yy g xx xx 2. Client and Server generate their own private keys, named yy and xx, respectively g yy 3. Server computes gg xx and sends it to Client. 4. Client computes gg yy and sends it to Server. 5. Client computers (gg xx ) yy and uses it as its secret. 6. Server computers (gg yy ) xx and uses it as its secret.
21 Recall Diffie-Hellman key exchange Parameters gg, p Client Server Nonsecret value in blue and secret value in red. 1. Client and Server agree on the algorithm parameters g and p yy g x xx 2. Client and Server generate their own private keys, named yy and xx, respectively g y 3. Server computes gg xx and sends it to Client. gg xxyy gg xxyy 4. Client computes gg yy and sends it to Server. 5. Client computers (gg xx ) yy and uses it as its secret. 6. Server computers (gg yy ) xx and uses it as its secret.
22 Slides modified from Recall Diffie-Hellman key exchange yy Parameters gg, p Client Server gg xxyy g x g y gg xxyy xx Attacker sees gg, gg xx, gg yy, but cannot sees xx, yy, gg xxxx. In the view of attacker gg xxxx looks like Nonsecret value in blue and secret value in red. 1. Client and Server agree on the algorithm parameters g and p 2. Client and Server generate their own private keys, named yy and xx, respectively 3. Server computes gg xx and sends it to Client. 4. Client computes gg yy and sends it to Server. 5. Client computers (gg xx ) yy and uses it as its secret. 6. Server computers (gg yy ) xx and uses it as its secret.
23 DH Key Exchange Translatesto LWE Diffie-Hellman key exchange LWE key exchange [DXL12] yy Parameters gg, p Client Server g x xx Client small yy, eee Parameter A Ax+e Server small xx, eee g y ya+e gg xxyy gg xxyy Attacker sees gg, gg xx, gg yy, but cannot sees xx, yy, gg xxxx. In the view of attacker gg xxxx looks like Compute y(ax + e) yax [Pei14] C. Peikert. Lattice cryptography for the Internet. In Post-Quantum Cryptography. Springer, 2014 [DXL12] Ding, J., Xie, X., Lin, X. A Simple Provably Secure Key Exchange Scheme Based on the Learning with Errors Compute (ya + e )x yax Attacker sees A, Ax+e, ya+e, but cannot sees yy, eee, xx, ee.. In the view of attacker KeyCon(yAx) looks like
24 DH Key Exchange Translatesto LWE Diffie-Hellman key exchange LWE key exchange [DXL12] Parameters gg, p Client Server Client Parameter A Server yy g x xx g y gg xxyy gg xxyy Attacker sees gg, gg xx, gg yy, but cannot sees xx, yy, gg xxxx. In the view of attacker gg xxxx looks like
25 DH Key Exchange Translatesto LWE Diffie-Hellman key exchange LWE key exchange [DXL12] yy Parameters gg, p Client Server g x g y xx Client small vectors yy, eee Parameter A Server small vectors xx, ee gg xxyy gg xxyy Attacker sees gg, gg xx, gg yy, but cannot sees xx, yy, gg xxxx. In the view of attacker gg xxxx looks like
26 DH Key Exchange Translatesto LWE Diffie-Hellman key exchange LWE key exchange [DXL12] yy Parameters gg, p Client Server g x g y xx Client small vectors yy, eee Parameter A Ax+e ya+e Server small vectors xx, ee gg xxyy gg xxyy Attacker sees gg, gg xx, gg yy, but cannot sees xx, yy, gg xxxx. In the view of attacker gg xxxx looks like
27 DH Key Exchange Translatesto LWE Diffie-Hellman key exchange LWE key exchange [DXL12] yy Parameters gg, p Client Server g x g y xx Client small vectors yy, eee Parameter A Ax+e ya+e Server small vectors xx, ee gg xxyy gg xxyy Attacker sees gg, gg xx, gg yy, but cannot sees xx, yy, gg xxxx. In the view of attacker gg xxxx looks like Compute y(ax + e) yax Compute (ya + e )x yax
28 DH Key Exchange Translatesto LWE Diffie-Hellman key exchange LWE key exchange [DXL12] yy Parameters gg, p Client Server g x g y xx Client small vectors yy, eee Parameter A Ax+e ya+e Server small vector xx, ee gg xxyy gg xxyy Attacker sees gg, gg xx, gg yy, but cannot sees xx, yy, gg xxxx. In the view of attacker gg xxxx looks like Compute y(ax + e) yax Compute (ya + e )x yax Attacker sees A, Ax+e, ya+e, but cannot sees yy, eee, xx, ee.. In the view of attacker KeyCon(yAx) looks like
29 Key Exchange Implementation NewHope [ADPS 15]: Ring-LWE key exchange a la [LPR 10,P 14], with many optimizations and conjectured 200-bit quantum security. Comparable to or even faster than state-of-the-art ECDH w/ 128-bit (nonquantum) security. Google has experimentally deployed NewHope+ECDH in Chrome canary and its own web servers. Frodo [BCDMNNRS 16]: Plain-LWE key exchange, with many tricks and optimizations. Conjectured 128-bit quantum security. About 10x slower than NewHope, but only 2x slower than ECDH
30 Next Mission Now you are a cryptanalyst Our goal: Given a pair (AA, bb), want to know whether it is generated as AA, bb = AA ss + ee mmmmmm pp Dual Attack: If we can find a short vector ww such that ww AA mmoooo pp = 0, OR Then compute inner product ww, bb AA, bb = rrrrrrrrrrrr
31 Next Mission Now you are a cryptanalyst Our goal: Given a pair (AA, bb), want to know whether it is generated as AA, bb = AA ss + ee mmmmmm pp OR AA, bb = rrrrrrrrrrrr ww bb ww bb
32 Next Mission Now you are a cryptanalyst Our goal: Given a pair (AA, bb), want to know whether it is generated as AA, bb = AA ss + ee mmmmmm pp OR AA, bb = rrrrrrrrrrrr ww bb = ww(aa ss + ee) ww bb
33 Next Mission Now you are a cryptanalyst Our goal: Given a pair (AA, bb), want to know whether it is generated as AA, bb = AA ss + ee mmmmmm pp OR AA, bb = rrrrrrrrrrrr ww bb = ww(aa ss + ee) = (wwaa) ss + ww ee ww bb
34 Next Mission Now you are a cryptanalyst Our goal: Given a pair (AA, bb), want to know whether it is generated as AA, bb = AA ss + ee mmmmmm pp OR AA, bb = rrrrrrrrrrrr ww bb = ww(aa ss + ee) = (wwaa) ss + ww ee = ww ee = small small ww bb
35 Next Mission Now you are a cryptanalyst Our goal: Given a pair (AA, bb), want to know whether it is generated as AA, bb = AA ss + ee mmmmmm pp OR AA, bb = rrrrrrrrrrrr ww bb = ww(aa ss + ee) = (wwaa) ss + ww ee = ww ee = small small ww bb = rraaaaaaaaaa
36 Next Mission Now you are a cryptanalyst Our goal: Given a pair (AA, bb), want to know whether it is generated as AA, bb = AA ss + ee mmmmmm pp OR AA, bb = rrrrrrrrrrrr ww bb = ww(aa ss + ee) = (wwaa) ss + ww ee = ww ee = small small ww bb = rraaaaaaaaaa
37 Next Mission Now you are a cryptanalyst Our goal: Given a pair (AA, bb), want to know whether it is generated as AA, bb = AA ss + ee mmmmmm pp AA, bb = rrrrrrrrrrrr If we can find a short vector ww such that ww AA mmoooo pp = 0, Then compute inner product ww, bb Wait That sounds very easy to attack, why LWE is hard? OR
38 Next Mission Now you are a cryptanalyst Our goal: Given a pair (AA, bb), want to know whether it is generated as HARD AA, bb = AA ss + ee mmmmmm pp OR AA, bb = rrrrrrrrrrrr If we can find a short vector ww such that ww AA mmoooo pp = 0, Then compute inner product ww, bb Wait That sounds very easy to attack, why LWE is hard?
39 For more check Short Integer Solution Problem!
40
Intro to Public Key Cryptography Diffie & Hellman Key Exchange
Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary Introduction Stream & Block Ciphers Block Ciphers Modes (ECB,CBC,OFB) Advanced Encryption Standard (AES) Message Authentication
More informationIntroduction to Post-Quantum Cryptography
Introduction to Post-Quantum Cryptography CERG @ GMU http://cryptography.gmu.edu 10 PhD students 3 MS students Features Required from Today s Ciphers STRENGTH PERFORMANCE software hardware FUNCTIONALITY
More informationIntroduction to Post-Quantum Cryptography
Introduction to Post-Quantum Cryptography CERG @ GMU http://cryptography.gmu.edu 10 PhD students 3 MS students 1 Features Required from Today s Ciphers STRENGTH PERFORMANCE software hardware FUNCTIONALITY
More information8/30/17. Introduction to Post-Quantum Cryptography. Features Required from Today s Ciphers. Secret-key (Symmetric) Ciphers
CERG @ GMU http://cryptography.gmu.edu Introduction to Post-Quantum Cryptography 10 PhD students 3 MS students Features Required from Today s Ciphers Secret-key (Symmetric) Ciphers STRENGTH PERFORMANCE
More informationIntroduction to Public-Key Cryptography
Introduction to Public-Key Cryptography Nadia Heninger University of Pennsylvania June 11, 2018 We stand today on the brink of a revolution in cryptography. Diffie and Hellman, 1976 Symmetric cryptography
More informationPOST-QUANTUM CRYPTOGRAPHY VIENNA CYBER SECURITY WEEK DR. DANIEL SLAMANIG
POST-QUANTUM CRYPTOGRAPHY VIENNA CYBER SECURITY WEEK 2018 02.02.2018 DR. DANIEL SLAMANIG WHAT IS POST-QUANTUM CRYPTOGRAPHY? Also called quantum safe/resistant cryptography NOT quantum cryptography (= quantum
More informationVPN Overview. VPN Types
VPN Types A virtual private network (VPN) connection establishes a secure tunnel between endpoints over a public network such as the Internet. This chapter applies to Site-to-site VPNs on Firepower Threat
More informationElliptic Curve Public Key Cryptography
Why? Elliptic Curve Public Key Cryptography ECC offers greater security for a given key size. Why? Elliptic Curve Public Key Cryptography ECC offers greater security for a given key size. The smaller key
More informationThe State of Post- Quantum Cryptography. Presented by the Quantum Safe Security Working Group
The State of Post- Quantum Cryptography Presented by the Quantum Safe Security Working Group 2018 Cloud Security Alliance All Rights Reserved. You may download, store, display on your computer, view, print,
More informationAtLast: Another Three-party Lattice-based PAKE Scheme
Copyright c 2018 The Institute of Electronics, Information and Communication Engineers SCIS 2018 2018 Symposium on Cryptography and Information Security Niigata, Japan, Jan. 23-26, 2018 The Institute of
More informationPost-Quantum Cryptography A Collective Challenge
Post-Quantum Cryptography A Collective Challenge Christophe Petit University of Oxford Mathematical Institute Christophe Petit -Oxford Crypto Day 1 Cryptography is very useful Cryptography is the science
More informationCryptography Today. Ali El Kaafarani. Mathematical Institute Oxford University. 1 of 44
Cryptography Today Ali El Kaafarani Mathematical Institute Oxford University 1 of 44 About the Course Regular classes with worksheets so you can work with some concrete examples (every Friday at 1pm).
More informationImplementation and Benchmarking of Elliptic Curve Cryptography Algorithms
Implementation and Benchmarking of Elliptic Curve Cryptography Algorithms Yulin Ou yulin_ou@umail.ucsb.edu Department of Electrical and Computer Engineering University of California Santa Barbara June
More informationUnderstanding Cryptography by Christof Paar and Jan Pelzl. Chapter 9 Elliptic Curve Cryptography
Understanding Cryptography by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 9 Elliptic Curve Cryptography ver. February 2nd, 2015 These slides were prepared by Tim Güneysu, Christof Paar
More informationThe transition to post-quantum cryptography. Peter Schwabe February 19, 2018
The transition to post-quantum cryptography Peter Schwabe peter@cryptojedi.org https://cryptojedi.org February 19, 2018 About me Assistant professor at Radboud University Working on high-speed high-security
More informationIntroduction to Cryptography Lecture 7
Introduction to Cryptography Lecture 7 El Gamal Encryption RSA Encryption Benny Pinkas page 1 1 Public key encryption Alice publishes a public key PK Alice. Alice has a secret key SK Alice. Anyone knowing
More informationOptimizing Post-Quantum Cryptographic Algorithms for Modern and Future Processor Architectures
Post-quantum cryptography for long-term security PQCRYPTO ICT-645622 PQCrypto Review Meeting / Workshop, Utrecht, the Netherlands, June 28, 2016 Optimizing Post-Quantum Cryptographic Algorithms for Modern
More informationPublic-Key Cryptography
Computer Security Spring 2008 Public-Key Cryptography Aggelos Kiayias University of Connecticut A paradox Classic cryptography (ciphers etc.) Alice and Bob share a short private key using a secure channel.
More informationGrenzen der Kryptographie
Microsoft Research Grenzen der Kryptographie Dieter Gollmann Microsoft Research 1 Summary Crypto does not solve security problems Crypto transforms security problems Typically, the new problems relate
More informationEncryption from the Diffie-Hellman assumption. Eike Kiltz
Encryption from the Diffie-Hellman assumption Eike Kiltz Elliptic curve public-key crypto Key-agreement Signatures Encryption Diffie-Hellman 76 passive security ElGamal 84 passive security Hybrid DH (ECDH)
More informationCryptographic Systems
CPSC 426/526 Cryptographic Systems Ennan Zhai Computer Science Department Yale University Recall: Lec-10 In lec-10, we learned: - Consistency models - Two-phase commit - Consensus - Paxos Lecture Roadmap
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationDiffie-Hellman. Part 1 Cryptography 136
Diffie-Hellman Part 1 Cryptography 136 Diffie-Hellman Invented by Williamson (GCHQ) and, independently, by D and H (Stanford) A key exchange algorithm o Used to establish a shared symmetric key Not for
More informationVikram Hegde, Hanqing Zhao, Kefeng Shi, and Yi Yang Fontbonne University St. Louis, Missouri
SECURE MOBILE APPS BASED ON NTRU Vikram Hegde, Hanqing Zhao, Kefeng Shi, and Yi Yang Fontbonne University St. Louis, Missouri The need for mobile security The inefficiency of traditional algorithms in
More informationScalar Blinding on Elliptic Curves with Special Structure
Scalar Blinding on Elliptic Curves with Special Structure Scott Fluhrer Cisco Systems August 11, 2015 1 Abstract This paper shows how scalar blinding can provide protection against side channel attacks
More informationDistributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 26. Cryptographic Systems: An Introduction Paul Krzyzanowski Rutgers University Fall 2015 1 Cryptography Security Cryptography may be a component of a secure system Adding cryptography
More informationRecommendation to Protect Your Data in the Future
Recommendation to Protect Your Data in the Future Prof. Dr.-Ing. Tim Güneysu Arbeitsgruppe Technische Informatik / IT-Sicherheit (CEITS) LEARNTEC Karlsruhe 27.01.2016 Long-Term Security in the Real World
More informationPost-Quantum Cryptography
Post-Quantum Cryptography Professor Máire O Neill www.csit.qub.ac.uk CSIT is a Research Centre of the ECIT Institute 1 Rationale What happens if/when quantum computers become a reality? Commonly used Public-key
More informationCRYPTANALYSIS AGAINST SYMMETRIC- KEY SCHEMES WITH ONLINE CLASSICAL QUERIES AND OFFLINE QUANTUM COMPUTATIONS
#RSAC SESSION ID: CRYP-W14 CRYPTANALYSIS AGAINST SYMMETRIC- KEY SCHEMES WITH ONLINE CLASSICAL QUERIES AND OFFLINE QUANTUM COMPUTATIONS Akinori Hosoyamada Researcher NTT Secure Platform Laboratories Cryptanalysis
More informationIND-CCA2 secure cryptosystems, Dan Bogdanov
MTAT.07.006 Research Seminar in Cryptography IND-CCA2 secure cryptosystems Dan Bogdanov University of Tartu db@ut.ee 1 Overview Notion of indistinguishability The Cramer-Shoup cryptosystem Newer results
More informationExtended Diffie-Hellman Technique to Generate Multiple Shared Keys at a Time with Reduced KEOs and its Polynomial Time Complexity
ISSN (Online): 1694-0784 ISSN (Print): 1694-0814 Extended Diffie-Hellman Technique to Generate Multiple Shared Keys at a Time with Reduced KEOs and its Polynomial Time Complexity 26 Nistala V.E.S. Murthy
More informationKey Management and Distribution
CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 10 Key Management; Other Public Key Cryptosystems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan
More informationPublic Key Cryptography
graphy CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L07, Steve/Courses/2011/S2/CSS322/Lectures/rsa.tex,
More informationCSC 5930/9010 Modern Cryptography: Digital Signatures
CSC 5930/9010 Modern Cryptography: Digital Signatures Professor Henry Carter Fall 2018 Recap Implemented public key schemes in practice commonly encapsulate a symmetric key for the rest of encryption KEM/DEM
More informationProvable Partial Key Escrow
Provable Partial Key Escrow Kooshiar Azimian Electronic Research Center, Sharif University of Technology, and Computer Engineering Department, Sharif University of Technology Tehran, Iran Email: Azimian@ce.sharif.edu
More information(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography
Code No: RR410504 Set No. 1 1. Write short notes on (a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography 3. (a) Illustrate Diffie-hellman Key Exchange scheme for GF(P) [6M] (b) Consider
More informationCryptography and Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 10 Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would
More informationIntroduction to Cryptography Lecture 7
Introduction to Cryptography Lecture 7 Public-Key Encryption: El-Gamal, RSA Benny Pinkas page 1 1 Public key encryption Alice publishes a public key PK Alice. Alice has a secret key SK Alice. Anyone knowing
More informationPublic Key Algorithms
Public Key Algorithms 1 Public Key Algorithms It is necessary to know some number theory to really understand how and why public key algorithms work Most of the public key algorithms are based on modular
More informationPreparing for post-quantum and hybrid cryptography on the Internet
Preparing for post-quantum and hybrid cryptography on the Internet Douglas Stebila Concordia March 15, 2017 Concordia 2017-03-16 Preparing for post-quantum and hybrid cryptography on the Internet 2 Acknowledgements
More informationKeep your fingers off my keys today & tomorrow
SIGS SE February 2017 Keep your fingers off my keys today & tomorrow Marcel Dasen VP Engineering Securosys SA Keys? Encryption keys asymmetric e.g. RSA, ECC public/private key pairs for wrapping symmetric
More informationPublic-Key Cryptanalysis
http://www.di.ens.fr/ pnguyen INRIA and École normale supérieure, Paris, France MPRI, 2010 Outline 1 Introduction Asymmetric Cryptology Course Overview 2 Textbook RSA 3 Euclid s Algorithm Applications
More informationReminder: Homework 4. Due: Friday at the beginning of class
Reminder: Homework 4 Due: Friday at the beginning of class 1 Cryptography CS 555 Topic 33: Digital Signatures Part 2 2 Recap El-Gamal/RSA-OAEP Digital Signatures Similarities and differences with MACs
More informationCryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1
Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography CS555 Spring 2012/Topic 16 1 Outline and Readings Outline Private key management between two parties Key management
More informationIntroduction to Cryptography. Lecture 6
Introduction to Cryptography Lecture 6 Benny Pinkas page 1 1 Data Integrity, Message Authentication Risk: an active adversary might change messages exchanged between Alice and Bob M Alice M M M Bob Eve
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationKey Establishment and Authentication Protocols EECE 412
Key Establishment and Authentication Protocols EECE 412 1 where we are Protection Authorization Accountability Availability Access Control Data Protection Audit Non- Repudiation Authentication Cryptography
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Public Key Cryptography Modular Arithmetic RSA
More informationPost-Quantum Cryptography. Dr. Thomas Pöppelmann Infineon Technologies AG
Post-Quantum Cryptography Dr. Thomas Pöppelmann Infineon Technologies AG Agenda 1 Introduction 2 Post-Quantum Cryptography 3 Lattice-Based Cryptography 4 Hash- and Code-Based Cryptography 5 Outlook 2 Agenda
More informationComputer Security 3/23/18
s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks
More informationPractical Implementations of Program Obfuscators for Point Functions
Practical Implementations of Program Obfuscators for Point Functions Giovanni Di Crescenzo Lisa Bahler, Brian Coan Applied Communication Sciences Basking Ridge, NJ, 07920, USA Email: gdicrescenzo@appcomsci.com
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 6 Introduction to Public-Key Cryptography ver. November 18, 2010 These
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 2 Cryptographic Tools First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Cryptographic Tools cryptographic algorithms
More informationLecture IV : Cryptography, Fundamentals
Lecture IV : Cryptography, Fundamentals Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University Spring 2012 Basic Principles
More informationElements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 2 Due: Friday, 10/28/2016 at 11:55pm PT Will be posted on
More informationKey Exchange. Secure Software Systems
1 Key Exchange 2 Challenge Exchanging Keys &!"#h%&'() & & 1 2 6(6 1) 2 15! $ The more parties in communication, the more keys that need to be securely exchanged " # Do we have to use out-of-band methods?
More informationLecture 9. Public Key Cryptography: Algorithms, Key Sizes, & Standards. Public-Key Cryptography
Lecture 9 Public Key Cryptography: Algorithms, Key Sizes, & Standards Public-Key Cryptography 1 Bases of the public cryptosystems security Factorization Discrete Logarithm Elliptic Curve Discrete Logarithm
More informationLecture 9. Public Key Cryptography: Algorithms, Key Sizes, & Standards. Public-Key Cryptography. Elliptic Curve over GF(p) y 2 =x 3 +x
Lecture 9 Public Key Cryptography: Algorithms, Key Sizes, & Standards Public-Key Cryptography Bases of the public cryptosystems security Factorization Discrete Logarithm Elliptic Curve Discrete Logarithm
More informationOn the Security of a Certificateless Public-Key Encryption
On the Security of a Certificateless Public-Key Encryption Zhenfeng Zhang, Dengguo Feng State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100080,
More informationCS408 Cryptography & Internet Security
CS408 Cryptography & Internet Security Lectures 16, 17: Security of RSA El Gamal Cryptosystem Announcement Final exam will be on May 11, 2015 between 11:30am 2:00pm in FMH 319 http://www.njit.edu/registrar/exams/finalexams.php
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 6 Introduction to Public-Key Cryptography ver. November 18, 2010 These
More informationElliptic Curves over Prime and Binary Fields in Cryptography
Elliptic Curves over Prime and Binary Fields in Cryptography Authors Dana Neustadter (danan@ellipticsemi.com) Tom St Denis (tstdenis@ellipticsemi.com) Copyright 2008 Elliptic Semiconductor Inc. Elliptic
More informationIntroduction to Cryptographic Systems. Asst. Prof. Mihai Chiroiu
Introduction to Cryptographic Systems Asst. Prof. Mihai Chiroiu Vocabulary In cryptography, cyphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Decryption
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 1 Introduction to Cryptography ver. October 28, 2010 These slides were
More informationECC Elliptic Curve Cryptography. Foundations of Cryptography - ECC pp. 1 / 31
ECC Elliptic Curve Cryptography Foundations of Cryptography - ECC pp. 1 / 31 Elliptic Curve an elliptic curve E is a smooth, projective, algebraic curve defined by the following equation: y 2 3 2 a xy
More informationCS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD
ERIK JONSSON SCHOOL OF ENGINEERING & COMPUTER SCIENCE Cyber Security Research and Education Institute CS 6324: Information Security Dr. Junia Valente Department of Computer Science The University of Texas
More informationT Cryptography and Data Security
T-79.159 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Kaufman et al: Ch 11.6; 9.7-9; Stallings:
More informationAnalysis, demands, and properties of pseudorandom number generators
Analysis, demands, and properties of pseudorandom number generators Jan Krhovják Department of Computer Systems and Communications Faculty of Informatics, Masaryk University Brno, Czech Republic Jan Krhovják
More informationREMOVE KEY ESCROW FROM THE IDENTITY-BASED ENCRYPTION SYSTEM
REMOVE KEY ESCROW FROM THE IDENTITY-BASED ENCRYPTION SYSTEM Zhaohui Cheng, Richard Comley Luminita Vasiu School of Computing Science, Middlesex University White Hart Lane, London N17 8HR, United Kingdom
More informationThis chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest
1 2 3 This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest PKCS, Diffie- Hellman key exchange. This first published
More informationT Cryptography and Data Security
T-79.4501 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Stallings: Ch 7.4; 7.3; 10.1 1 The Use
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationPublic-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7
Public-Key Cryptography Professor Yanmin Gong Week 3: Sep. 7 Outline Key exchange and Diffie-Hellman protocol Mathematical backgrounds for modular arithmetic RSA Digital Signatures Key management Problem:
More informationDiffie-Hellman Protocol as a Symmetric Cryptosystem
IJCSNS International Journal of Computer Science and Network Security, VOL.18 No.7, July 2018 33 Diffie-Hellman Protocol as a Symmetric Cryptosystem Karel Burda, Brno University of Technology, Brno, Czech
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationCryptography and Network Security Chapter 10. Fourth Edition by William Stallings
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Chapter 10 Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture out of the
More informationAbhijith Chandrashekar and Dushyant Maheshwary
By Abhijith Chandrashekar and Dushyant Maheshwary Introduction What are Elliptic Curves? Curve with standard form y 2 = x 3 + ax + b a, b ϵ R Characteristics of Elliptic Curve Forms an abelian group Symmetric
More information18733: Applied Cryptography Anupam Datta (CMU) Basic key exchange. Dan Boneh
18733: Applied Cryptography Anupam Datta (CMU) Basic key exchange Online Cryptography Course Basic key exchange Trusted 3 rd parties Key management Problem: n users. Storing mutual secret keys is difficult
More informationElliptic Curve Cryptography and its Application in the Secure Socket Layer/Transport Layer Security Protocol
Elliptic Curve Cryptography and its Application in the Secure Socket Layer/Transport Layer Security Protocol M. Cimi Thomas 1* and S. Sheeja 2 1* Research Scholar, Department of Computer Science, Karpagam
More informationRSA. Public Key CryptoSystem
RSA Public Key CryptoSystem DIFFIE AND HELLMAN (76) NEW DIRECTIONS IN CRYPTOGRAPHY Split the Bob s secret key K to two parts: K E, to be used for encrypting messages to Bob. K D, to be used for decrypting
More informationThe most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who
1 The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who exchange messages from any third party. However, it does
More informationNetwork Security. Chapter 4 Public Key Cryptography. Public Key Cryptography (4) Public Key Cryptography
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Encryption/Decryption using Public Key Cryptography Network Security Chapter 4 Public Key Cryptography However,
More informationPUBLIC KEY CRYPTO. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA
PUBLIC KEY CRYPTO Anwitaman DATTA SCSE, NTU Singapore Acknowledgement: The following lecture slides are based on, and uses material from the text book Cryptography and Network Security (various eds) by
More informationModelling the Security of Key Exchange
Modelling the Security of Key Exchange Colin Boyd including joint work with Janaka Alawatugoda, Juan Gonzalez Nieto Department of Telematics, NTNU Workshop on Tools and Techniques for Security Analysis
More informationCSC/ECE 774 Advanced Network Security
Computer Science CSC/ECE 774 Advanced Network Security Topic 2. Network Security Primitives CSC/ECE 774 Dr. Peng Ning 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange;
More informationPROTECTING CONVERSATIONS
PROTECTING CONVERSATIONS Basics of Encrypted Network Communications Naïve Conversations Captured messages could be read by anyone Cannot be sure who sent the message you are reading Basic Definitions Authentication
More informationA Simple User Authentication Scheme for Grid Computing
A Simple User Authentication Scheme for Grid Computing Rongxing Lu, Zhenfu Cao, Zhenchuai Chai, Xiaohui Liang Department of Computer Science and Engineering, Shanghai Jiao Tong University 800 Dongchuan
More information- 0 - CryptoLib: Cryptography in Software John B. Lacy 1 Donald P. Mitchell 2 William M. Schell 3 AT&T Bell Laboratories ABSTRACT
- 0 - CryptoLib: Cryptography in Software John B. Lacy 1 Donald P. Mitchell 2 William M. Schell 3 AT&T Bell Laboratories ABSTRACT With the capacity of communications channels increasing at the current
More informationPreparing for post-quantum cryptography in TLS
Preparing for post-quantum cryptography in TLS Douglas Stebila Funding acknowledgements: TLS:DIV workshop April 30, 2017 TLS:DIV 2017-04-30 Preparing for post-quantum cryptography in TLS Douglas Stebila
More informationEncryption 2. Tom Chothia Computer Security: Lecture 3
Encryption 2 Tom Chothia Computer Security: Lecture 3 This Lecture Counter Mode (CTR) enryption Diffie Helleman key exchange Public Key Encryption RSA Signing Combining public and symmetric key encryption
More informationApplied Cryptography and Computer Security CSE 664 Spring 2018
Applied Cryptography and Computer Security Lecture 13: Public-Key Cryptography and RSA Department of Computer Science and Engineering University at Buffalo 1 Public-Key Cryptography What we already know
More informationRef:
Cryptography & digital signature Dec. 2013 Ref: http://cis.poly.edu/~ross/ 2 Cryptography Overview Symmetric Key Cryptography Public Key Cryptography Message integrity and digital signatures References:
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers Ruben Niederhagen September 18th, 2013 Introduction 2/22 Recall from last lecture: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationState of TLS usage current and future. Dave Thompson
State of TLS usage current and future Dave Thompson TLS Client/Server surveys Balancing backward compatibility with security. As new vulnerabilities are discovered, when can we shutdown less secure TLS
More informationDeploying a New Hash Algorithm. Presented By Archana Viswanath
Deploying a New Hash Algorithm Presented By Archana Viswanath 1 function? Hash function - takes a message of any length as input - produces a fixed length string as output - termed as a message digest
More informationPROGRAM obfuscation is the process of making it unintelligible
INTL JOURNAL OF ELECTRONICS AND TELECOMMUNICATIONS, 2018, VOL. 64, NO. 2, PP. 173 178 Manuscript received January 24, 2018; revised March, 2018. DOI: 10.24425/119366 Block Cipher Based Public Key Encryption
More informationCryptanalyzing the Polynomial Reconstruction based Public-Key System under Optimal Parameter Choice
Cryptanalyzing the Polynomial Reconstruction based Public-Key System under Optimal Parameter Choice Aggelos Kiayias - Moti Yung U. of Connecticut - Columbia U. (Public-Key) Cryptography intractability
More informationCSC 5930/9010 Modern Cryptography: Public Key Cryptography
CSC 5930/9010 Modern Cryptography: Public Key Cryptography Professor Henry Carter Fall 2018 Recap Number theory provides useful tools for manipulating integers and primes modulo a large value Abstract
More informationECE 297:11 Reconfigurable Architectures for Computer Security
ECE 297:11 Reconfigurable Architectures for Computer Security Course web page: http://mason.gmu.edu/~kgaj/ece297 Instructors: Kris Gaj (GMU) Tarek El-Ghazawi (GWU) TA: Pawel Chodowiec (GMU) Kris Gaj George
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More information