CSC 5930/9010 Modern Cryptography: Public Key Cryptography
|
|
- Laura Jacobs
- 5 years ago
- Views:
Transcription
1 CSC 5930/9010 Modern Cryptography: Public Key Cryptography Professor Henry Carter Fall 2018
2 Recap Number theory provides useful tools for manipulating integers and primes modulo a large value Abstract algebra lets us define groups and how group values behave under some operation Number-theoretic "hard problems" provide the foundational assumptions for modern cryptography Factoring RSA Discrete Logarithm Computational/Decisional Diffie-Hellman
3 Symmetric-Key Cryptography Symmetric-key constructions provide a lot of useful security guarantees Secrecy, integrity, etc. These constructions are efficient and common in practice There is one logistical issue that we have not solved What's the major shortcoming of shared-key encryption?
4 Key Distribution All symmetric-key constructions assume both parties are able to share a key at some point This could happen a number of ways: In-person meeting Using a secure channel If there is already a way to exchange messages (keys) securely, why do we need cryptography?
5 Challenges with key management Key distribution How do I share a key securely? Key management How do I store keys for all potential contacts? Open systems How do I interact with contacts I have never met before?
6 Key Distribution Centers A key distribution center (KDC) provides key storage and distribution within a closed organization All members of the organization share a key with the KDC To establish a communication key with another organization member, users contact the KDC, who distributes session keys to the participants
7 KDC pros and cons Solves 2 of 3 symmetric key issues Still not applicable to open systems Introduces two issues Presents a high-value target for attackers Is a single point of failure for system availability How useful is this idea?
8 Needham-Schroeder The Needham-Schroeder protocol is used to produce and share session keys with a KDC Forms the basis for Kerberos, which is used in Microsoft AD and other authentication systems All users maintain a long-term key with the KDC For each communication, the KDC generates a session key and sends it to the recipient through the sender encapsulated in a "ticket"
9 N-S Protocol
10 Key Exchange Protocols For open systems, we still need a way to communicate keying information without a private pre-existing channel In 1976, Diffie and Hellman devised a scheme to agree on a random key based on a computationally hard problem A truly revolutionary discovery in modern cryptography! Key exchange protocols are the broad category of protocols designed to achieve this goal
11 Key Exchanges Goal: Alice and Bob wish to establish a shared secret to begin a cryptographically-secure conversation Setting: all communication may be recorded by an eavesdropping adversary Security: we want the agreed upon key to be indistinguishable from a random choice of key
12 KE Experiment
13 The Diffie-Hellman Key Exchange Based on the decisional DH problem Allows parties to agree on a random group element This group element must be converted into a bitstring before use as a key The protocol is secure against passive adversaries only! An active adversary may perform a man-in-the-middle attack
14 D-H Key Exchange
15 What do we have now? D-H key exchange is NOT an encryption scheme Very different definitions and security goals D-H key exchange is still hampered by the need for authentication This would solve the MITM attack mentioned previously D-H is still used today! As a component of TLS
16 The Public-Key Revolution Diffie and Hellman additionally proposed a concept for public-key encryption, allowing for encryption keys to be exchanged publicly The first instance of a public key scheme did not appear until 1977 with the development of RSA These discoveries set off a chain of research that changed cryptography and set the stage for modern network security
17 Public-Key Ideas Instead of sharing a key for encryption and decryption, use a public key for encryption and a private key for decryption Simplifies key distribution Instead of sharing verification keys, use a private signing key and a public verification key Provides non-repudiation in addition to message integrity (Mostly) solves all of the problems from the symmetrickey setting
18 Problems Solved Key distribution: send out the public key in the clear Still assumes an authenticated channel! Key management: store/retrieve public keys in a central bulletin board No security threat if compromised Open environment: exchange public keys and start talking! Assuming some shared or mutual authenticating information Con: orders of magnitude slower than symmetric-key encryption If you can use symmetric-key, do!
19 Public Key Encryption Gen(1 n ): takes a security parameter as input and outputs a pair (pk, sk) Enc pk(m): takes as input a public key and a message and outputs a ciphertext c Dec sk(c): takes as input a secret key and a ciphertext and outputs the underlying message Correctness is only required except with negligible probability
20 Security Guarantees As in the symmetric-key setting, we have many definitions of security EAV, CPA, and mult-cpa all have analogous formulations in the public-key setting What's the major improvement in power that an adversary with a public-key has?
21 <latexit sha1_base64="y2quypbde3o8oifuijfjliatu6w=">aaae+hicdvrlb9naehabqce8c0cui7qifniqzgwehhhwihegsg2pvkfrejoov7hxznfdelz/f26ik78g/g2zblollewlk3nsfdpftw7zrbrb7f5zwm40l11euxk1de36jzu3bq/e2tvzoqxuiczj9f7idszs4y6vnsg9xcnpwwq/h5m3lv75elwrmdq20xwhkr8rgunblbmgq8u/t77mqgwkyglrf+ghgxl5ytusg5tbwpckffv1gr6s2mqdpwsfiy6lklevkwpuswof0mik71dv/4hlkw6ycypcsdugrog2f0c1s8ttgigphcsup8dmujcqbsbyejw7hafxi8gkmxfwaeuh3u469bkcxaipyze5jue50k9/zm6d4fdqkjloizq0vgibvbcu3y4fvgwzckd1jvoaexakgfmudxyew0omy3xstdnhum7azovozj0wez/io2nz8dtpy+0grnhl5po/bwrotqsss8wwzjmsboogfaaazw+1rvqkumxmcaqohj7mji8wisaugbmhdgebbu443b14i4iwx9yavcosde2+kcbmpio5ehcf6gqkeunuhcwivecmoxnplccpqhvr1e6gqvfoxhfway+arngu+v3t/3jna16iqq4kx4kcs9c6kpsogtpnzgakevmqt2dk4psqhlwtvt7/n/pgjj+a2b84xr5aegkusr8qexu8rhts/gsjpxcob691n7v1gyugpzpwvnnpd1exvojrjgr3fetcjdn3u7kdlfxbkrkn9mjgzswej3gftmvtnioyfomvpcdpqn5vlnftqr3zfsvpjzmmiww60cz5mhp+k7zf2ojpojskveomntskistp0z1ogemnwiztmrjqkrccidmtxxjpczepzh0lakbknffinpywhzqdqavzzy/qorhb2/tj/trbe/l6tsqr3j3vvtf2fo+j99j77/w9hu80xjsworpz81vze/nh8+dj6vlsroaut3cav/4c/hubxq==</latexit> <latexit sha1_base64="y2quypbde3o8oifuijfjliatu6w=">aaae+hicdvrlb9naehabqce8c0cui7qifniqzgwehhhwihegsg2pvkfrejoov7hxznfdelz/f26ik78g/g2zblollewlk3nsfdpftw7zrbrb7f5zwm40l11euxk1de36jzu3bq/e2tvzoqxuiczj9f7idszs4y6vnsg9xcnpwwq/h5m3lv75elwrmdq20xwhkr8rgunblbmgq8u/t77mqgwkyglrf+ghgxl5ytusg5tbwpckffv1gr6s2mqdpwsfiy6lklevkwpuswof0mik71dv/4hlkw6ycypcsdugrog2f0c1s8ttgigphcsup8dmujcqbsbyejw7hafxi8gkmxfwaeuh3u469bkcxaipyze5jue50k9/zm6d4fdqkjloizq0vgibvbcu3y4fvgwzckd1jvoaexakgfmudxyew0omy3xstdnhum7azovozj0wez/io2nz8dtpy+0grnhl5po/bwrotqsss8wwzjmsboogfaaazw+1rvqkumxmcaqohj7mji8wisaugbmhdgebbu443b14i4iwx9yavcosde2+kcbmpio5ehcf6gqkeunuhcwivecmoxnplccpqhvr1e6gqvfoxhfway+arngu+v3t/3jna16iqq4kx4kcs9c6kpsogtpnzgakevmqt2dk4psqhlwtvt7/n/pgjj+a2b84xr5aegkusr8qexu8rhts/gsjpxcob691n7v1gyugpzpwvnnpd1exvojrjgr3fetcjdn3u7kdlfxbkrkn9mjgzswej3gftmvtnioyfomvpcdpqn5vlnftqr3zfsvpjzmmiww60cz5mhp+k7zf2ojpojskveomntskistp0z1ogemnwiztmrjqkrccidmtxxjpczepzh0lakbknffinpywhzqdqavzzy/qorhb2/tj/trbe/l6tsqr3j3vvtf2fo+j99j77/w9hu80xjsworpz81vze/nh8+dj6vlsroaut3cav/4c/hubxq==</latexit> <latexit sha1_base64="y2quypbde3o8oifuijfjliatu6w=">aaae+hicdvrlb9naehabqce8c0cui7qifniqzgwehhhwihegsg2pvkfrejoov7hxznfdelz/f26ik78g/g2zblollewlk3nsfdpftw7zrbrb7f5zwm40l11euxk1de36jzu3bq/e2tvzoqxuiczj9f7idszs4y6vnsg9xcnpwwq/h5m3lv75elwrmdq20xwhkr8rgunblbmgq8u/t77mqgwkyglrf+ghgxl5ytusg5tbwpckffv1gr6s2mqdpwsfiy6lklevkwpuswof0mik71dv/4hlkw6ycypcsdugrog2f0c1s8ttgigphcsup8dmujcqbsbyejw7hafxi8gkmxfwaeuh3u469bkcxaipyze5jue50k9/zm6d4fdqkjloizq0vgibvbcu3y4fvgwzckd1jvoaexakgfmudxyew0omy3xstdnhum7azovozj0wez/io2nz8dtpy+0grnhl5po/bwrotqsss8wwzjmsboogfaaazw+1rvqkumxmcaqohj7mji8wisaugbmhdgebbu443b14i4iwx9yavcosde2+kcbmpio5ehcf6gqkeunuhcwivecmoxnplccpqhvr1e6gqvfoxhfway+arngu+v3t/3jna16iqq4kx4kcs9c6kpsogtpnzgakevmqt2dk4psqhlwtvt7/n/pgjj+a2b84xr5aegkusr8qexu8rhts/gsjpxcob691n7v1gyugpzpwvnnpd1exvojrjgr3fetcjdn3u7kdlfxbkrkn9mjgzswej3gftmvtnioyfomvpcdpqn5vlnftqr3zfsvpjzmmiww60cz5mhp+k7zf2ojpojskveomntskistp0z1ogemnwiztmrjqkrccidmtxxjpczepzh0lakbknffinpywhzqdqavzzy/qorhb2/tj/trbe/l6tsqr3j3vvtf2fo+j99j77/w9hu80xjsworpz81vze/nh8+dj6vlsroaut3cav/4c/hubxq==</latexit> <latexit sha1_base64="y2quypbde3o8oifuijfjliatu6w=">aaae+hicdvrlb9naehabqce8c0cui7qifniqzgwehhhwihegsg2pvkfrejoov7hxznfdelz/f26ik78g/g2zblollewlk3nsfdpftw7zrbrb7f5zwm40l11euxk1de36jzu3bq/e2tvzoqxuiczj9f7idszs4y6vnsg9xcnpwwq/h5m3lv75elwrmdq20xwhkr8rgunblbmgq8u/t77mqgwkyglrf+ghgxl5ytusg5tbwpckffv1gr6s2mqdpwsfiy6lklevkwpuswof0mik71dv/4hlkw6ycypcsdugrog2f0c1s8ttgigphcsup8dmujcqbsbyejw7hafxi8gkmxfwaeuh3u469bkcxaipyze5jue50k9/zm6d4fdqkjloizq0vgibvbcu3y4fvgwzckd1jvoaexakgfmudxyew0omy3xstdnhum7azovozj0wez/io2nz8dtpy+0grnhl5po/bwrotqsss8wwzjmsboogfaaazw+1rvqkumxmcaqohj7mji8wisaugbmhdgebbu443b14i4iwx9yavcosde2+kcbmpio5ehcf6gqkeunuhcwivecmoxnplccpqhvr1e6gqvfoxhfway+arngu+v3t/3jna16iqq4kx4kcs9c6kpsogtpnzgakevmqt2dk4psqhlwtvt7/n/pgjj+a2b84xr5aegkusr8qexu8rhts/gsjpxcob691n7v1gyugpzpwvnnpd1exvojrjgr3fetcjdn3u7kdlfxbkrkn9mjgzswej3gftmvtnioyfomvpcdpqn5vlnftqr3zfsvpjzmmiww60cz5mhp+k7zf2ojpojskveomntskistp0z1ogemnwiztmrjqkrccidmtxxjpczepzh0lakbknffinpywhzqdqavzzy/qorhb2/tj/trbe/l6tsqr3j3vvtf2fo+j99j77/w9hu80xjsworpz81vze/nh8+dj6vlsroaut3cav/4c/hubxq==</latexit> EAV-security Experiment P ubk eav A, (n): 1. Generate pk, sk using Gen(1 n ) 2. The adversary A is given pk and outputs m 0,m 1 where m 0 = m 1 3. Generate a uniform bit b 2 {0, 1}. Give c Enc pk (m b )toa 4. A outputs bit b 0 5. Output 1 if b = b 0 and output 0 otherwise Public-key encryption scheme =(Gen, Enc, Dec) has indistinguishable encryptions in the presence of an eavesdropper (EAV-secure) if for every PPT adversary A there is a negligible function negl such that: Pr[P ubk eav A, (n) = 1] apple negl(n)
22 Public Key Access An adversary with public-key access does not need an encryption oracle EAV-security is immediately equivalent to CPA-security in this setting Perfect secrecy is now impossible CPA-security with multiple encryptions is equivalent to CPA-security The proof of which will follow
23 Hybrid Arguments A central idea in reduction proofs is that the outer adversary can simulate the view of the inner adversary's game in a way that is indistinguishable from the actual game This can be difficult with complex protocols A hybrid argument changes one aspect of the adversary's view at a time, and incrementally argues that each subexperiment is indistinguishable from the previous By chaining the argument together that each individual change is indistinguishable, we can argue that the adversary's entire view of the modified game is indistinguishable from a real execution
24 Proof of mult-cpa security Claim: if a scheme is CPA secure, then it is also secure under multiple encryptions Need to show: an adversary that gets one query to the LR-oracle can simulate the view of an adversary who makes many queries Intuitively, we will build up from an adversary who makes exactly two queries to the LR-oracle
25 Two-query proof Build the reduction A encrypts the 0-message in the first query and forwards the second query to its oracle Consider the distribution over ciphertexts returned Bound on the probability of success given two ciphertexts
26 Proof Reduction Encrypt 0 to the i th message and 1 after Send the i th message to the oracle
27 Proof Component probability calculations
28 Proof Summations and cancellations Note the multiplicative factor in the probability bound. This implies the probability is negligible but higher as more queries are made
29 CCA-Security In the public-key setting, CCA-security is formulated in the same way as in the symmetric-key setting New attacks are possible in practice due to the fact that a receiver may receive messages from anyone Not just a pre-agreed sender In addition to previous "oracle" attacks where the adversary observes the receiver's behavior, the adversary may now send messages directly to the receiver
30 CCA experiment Experiment P ubk cca A, (n): 1. Generate pk, sk using Gen(1 n ) 2. The adversary A is given pk and oracle access to Dec sk ( ), and outputs a pair of messages m 0,m 1 of equal length. 3. A uniform bit b 2 {0, 1} is chosen, and the challenge cipher text c Enc pk (m b ) is given to A 4. A continues to have oracle access but may not query Dec k ( ) withthe challenge ciphertext. A eventually outputs bit b 0 5. Output 1 if b = b 0 and output 0 otherwise A public-key encryption scheme is CCA-secure if for all PPT adversaries A there is a negligible function negl such that: Pr[P ubk cca A, (n) = 1] apple negl(n) where the probability is taken over all randomness used in the experiment <latexit sha1_base64="eaqadzav4bhfhpu1dlrvhpcrn+c=">aaafwhicdvtbbttgekutqu7vw9w+5mvqs4idyiboh6yoeccoe7rah6oadhlavitlakgutnyl92jhjfgv/a3+twypwzccle/dueycoxn2s1ok60aj/3bu3e/1v9p98pxgm2+/+/6hh3s/vrxag44xxett3mfmohqkl5xwet/xblmvsxyxzc9c/n01giu0onelgicvk5tibweoxno9+/++/lijeruqb/hyz399adhn7brjk+zkzmrz2g7tswgp1gh8+ydnsbcqqeurnmxho0ifwwr+qnx9q1zph2dnmxgrvaexbq6sd1s7sjwvedgsqgjmaffglxiehujcowqhxmdudlrhxfib52gtoa3xk+ttxs7bg5tptdumh8s872rvldcomtcgc6iogbvoia6mo2e1telgxsvpjehuhsupv4howrmj2lsqceigg1qosjvrmemxmhiplapli0fweclkoiisuzdowofhkusqsswdm0bfwgtfmgucwu2brd3cmc0mstn1csu2e1wrj5thbuasxemdjjlvogilunrblcfazcbmfssk3ahxfhfswhp8pxsslkfeymwaycuvj2/r/d25isywrr44eg4u3kae4herta3njbcypomu1wxtjontqh0mbt+a4wjqcboogwtb8hir0g1prgpp7oz0ycl3bkmr2gsqmbipz9eyewgrwwoevhikgsgspcge6r9yr3jxig7ogkzngrpm1jjmlkqetioxufw/6cnk+zrxmgkbvoi0p100sductpc0a0jx5cc3b950gal/tdezy4qubheaojyndwgapbvleio6umgl3uimshmhcnd3cjcyptwfhy+6dz43kpwxh62+8xrvzzedae5dozfm2stkvltjw4wtjcg6sdsqznxo1+ostmxorkya7i1p4zcor6a9jw1c592safhl7alkkdowzo/ggvnlsuvv8t8mjvakftr+slhuzrb4ejhgjgxyrxkcccanikxbu8s0o6vvnar0eo1oiflosiyrk+2h1jciuuquuz8bb0+oe7lfnoy/elki8uh0kpo5oois6fn0ivozgkcxee/t9o56v/ae9v/2y77uxy1t7+2san6ktr7+p58anohjkq==</latexit> <latexit sha1_base64="eaqadzav4bhfhpu1dlrvhpcrn+c=">aaafwhicdvtbbttgekutqu7vw9w+5mvqs4idyiboh6yoeccoe7rah6oadhlavitlakgutnyl92jhjfgv/a3+twypwzccle/dueycoxn2s1ok60aj/3bu3e/1v9p98pxgm2+/+/6hh3s/vrxag44xxett3mfmohqkl5xwet/xblmvsxyxzc9c/n01giu0onelgicvk5tibweoxno9+/++/lijeruqb/hyz399adhn7brjk+zkzmrz2g7tswgp1gh8+ydnsbcqqeurnmxho0ifwwr+qnx9q1zph2dnmxgrvaexbq6sd1s7sjwvedgsqgjmaffglxiehujcowqhxmdudlrhxfib52gtoa3xk+ttxs7bg5tptdumh8s872rvldcomtcgc6iogbvoia6mo2e1telgxsvpjehuhsupv4howrmj2lsqceigg1qosjvrmemxmhiplapli0fweclkoiisuzdowofhkusqsswdm0bfwgtfmgucwu2brd3cmc0mstn1csu2e1wrj5thbuasxemdjjlvogilunrblcfazcbmfssk3ahxfhfswhp8pxsslkfeymwaycuvj2/r/d25isywrr44eg4u3kae4herta3njbcypomu1wxtjontqh0mbt+a4wjqcboogwtb8hir0g1prgpp7oz0ycl3bkmr2gsqmbipz9eyewgrwwoevhikgsgspcge6r9yr3jxig7ogkzngrpm1jjmlkqetioxufw/6cnk+zrxmgkbvoi0p100sductpc0a0jx5cc3b950gal/tdezy4qubheaojyndwgapbvleio6umgl3uimshmhcnd3cjcyptwfhy+6dz43kpwxh62+8xrvzzedae5dozfm2stkvltjw4wtjcg6sdsqznxo1+ostmxorkya7i1p4zcor6a9jw1c592safhl7alkkdowzo/ggvnlsuvv8t8mjvakftr+slhuzrb4ejhgjgxyrxkcccanikxbu8s0o6vvnar0eo1oiflosiyrk+2h1jciuuquuz8bb0+oe7lfnoy/elki8uh0kpo5oois6fn0ivozgkcxee/t9o56v/ae9v/2y77uxy1t7+2san6ktr7+p58anohjkq==</latexit> <latexit sha1_base64="eaqadzav4bhfhpu1dlrvhpcrn+c=">aaafwhicdvtbbttgekutqu7vw9w+5mvqs4idyiboh6yoeccoe7rah6oadhlavitlakgutnyl92jhjfgv/a3+twypwzccle/dueycoxn2s1ok60aj/3bu3e/1v9p98pxgm2+/+/6hh3s/vrxag44xxett3mfmohqkl5xwet/xblmvsxyxzc9c/n01giu0onelgicvk5tibweoxno9+/++/lijeruqb/hyz399adhn7brjk+zkzmrz2g7tswgp1gh8+ydnsbcqqeurnmxho0ifwwr+qnx9q1zph2dnmxgrvaexbq6sd1s7sjwvedgsqgjmaffglxiehujcowqhxmdudlrhxfib52gtoa3xk+ttxs7bg5tptdumh8s872rvldcomtcgc6iogbvoia6mo2e1telgxsvpjehuhsupv4howrmj2lsqceigg1qosjvrmemxmhiplapli0fweclkoiisuzdowofhkusqsswdm0bfwgtfmgucwu2brd3cmc0mstn1csu2e1wrj5thbuasxemdjjlvogilunrblcfazcbmfssk3ahxfhfswhp8pxsslkfeymwaycuvj2/r/d25isywrr44eg4u3kae4herta3njbcypomu1wxtjontqh0mbt+a4wjqcboogwtb8hir0g1prgpp7oz0ycl3bkmr2gsqmbipz9eyewgrwwoevhikgsgspcge6r9yr3jxig7ogkzngrpm1jjmlkqetioxufw/6cnk+zrxmgkbvoi0p100sductpc0a0jx5cc3b950gal/tdezy4qubheaojyndwgapbvleio6umgl3uimshmhcnd3cjcyptwfhy+6dz43kpwxh62+8xrvzzedae5dozfm2stkvltjw4wtjcg6sdsqznxo1+ostmxorkya7i1p4zcor6a9jw1c592safhl7alkkdowzo/ggvnlsuvv8t8mjvakftr+slhuzrb4ejhgjgxyrxkcccanikxbu8s0o6vvnar0eo1oiflosiyrk+2h1jciuuquuz8bb0+oe7lfnoy/elki8uh0kpo5oois6fn0ivozgkcxee/t9o56v/ae9v/2y77uxy1t7+2san6ktr7+p58anohjkq==</latexit> <latexit sha1_base64="eaqadzav4bhfhpu1dlrvhpcrn+c=">aaafwhicdvtbbttgekutqu7vw9w+5mvqs4idyiboh6yoeccoe7rah6oadhlavitlakgutnyl92jhjfgv/a3+twypwzccle/dueycoxn2s1ok60aj/3bu3e/1v9p98pxgm2+/+/6hh3s/vrxag44xxett3mfmohqkl5xwet/xblmvsxyxzc9c/n01giu0onelgicvk5tibweoxno9+/++/lijeruqb/hyz399adhn7brjk+zkzmrz2g7tswgp1gh8+ydnsbcqqeurnmxho0ifwwr+qnx9q1zph2dnmxgrvaexbq6sd1s7sjwvedgsqgjmaffglxiehujcowqhxmdudlrhxfib52gtoa3xk+ttxs7bg5tptdumh8s872rvldcomtcgc6iogbvoia6mo2e1telgxsvpjehuhsupv4howrmj2lsqceigg1qosjvrmemxmhiplapli0fweclkoiisuzdowofhkusqsswdm0bfwgtfmgucwu2brd3cmc0mstn1csu2e1wrj5thbuasxemdjjlvogilunrblcfazcbmfssk3ahxfhfswhp8pxsslkfeymwaycuvj2/r/d25isywrr44eg4u3kae4herta3njbcypomu1wxtjontqh0mbt+a4wjqcboogwtb8hir0g1prgpp7oz0ycl3bkmr2gsqmbipz9eyewgrwwoevhikgsgspcge6r9yr3jxig7ogkzngrpm1jjmlkqetioxufw/6cnk+zrxmgkbvoi0p100sductpc0a0jx5cc3b950gal/tdezy4qubheaojyndwgapbvleio6umgl3uimshmhcnd3cjcyptwfhy+6dz43kpwxh62+8xrvzzedae5dozfm2stkvltjw4wtjcg6sdsqznxo1+ostmxorkya7i1p4zcor6a9jw1c592safhl7alkkdowzo/ggvnlsuvv8t8mjvakftr+slhuzrb4ejhgjgxyrxkcccanikxbu8s0o6vvnar0eo1oiflosiyrk+2h1jciuuquuz8bb0+oe7lfnoy/elki8uh0kpo5oois6fn0ivozgkcxee/t9o56v/ae9v/2y77uxy1t7+2san6ktr7+p58anohjkq==</latexit>
31 Recap Symmetric-key schemes all suffer from key distribution challenges To overcome these obstacles, public-key constructions allow one public key to be widely distributed Definitions of security are similar but not equivalent in the public-key setting
32 Next Time... Katz & Lindell Chapter 11 Remember, you need to read it BEFORE you come to class! Homework problems available on the course webpage 32
CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure
CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure Professor Henry Carter Fall 2018 Recap Digital signatures provide message authenticity and integrity in the public-key setting As well as public
More informationChapter 10 : Private-Key Management and the Public-Key Revolution
COMP547 Claude Crépeau INTRODUCTION TO MODERN CRYPTOGRAPHY _ Second Edition _ Jonathan Katz Yehuda Lindell Chapter 10 : Private-Key Management and the Public-Key Revolution 1 Chapter 10 Private-Key Management
More informationCSC 5930/9010 Modern Cryptography: Digital Signatures
CSC 5930/9010 Modern Cryptography: Digital Signatures Professor Henry Carter Fall 2018 Recap Implemented public key schemes in practice commonly encapsulate a symmetric key for the rest of encryption KEM/DEM
More informationApplied Cryptography and Computer Security CSE 664 Spring 2018
Applied Cryptography and Computer Security Lecture 13: Public-Key Cryptography and RSA Department of Computer Science and Engineering University at Buffalo 1 Public-Key Cryptography What we already know
More informationCryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1
Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography CS555 Spring 2012/Topic 16 1 Outline and Readings Outline Private key management between two parties Key management
More informationCryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1
Cryptography CS 555 Topic 11: Encryption Modes and CCA Security CS555 Spring 2012/Topic 11 1 Outline and Readings Outline Encryption modes CCA security Readings: Katz and Lindell: 3.6.4, 3.7 CS555 Spring
More informationCSC 5930/9010 Modern Cryptography: Cryptographic Hashing
CSC 5930/9010 Modern Cryptography: Cryptographic Hashing Professor Henry Carter Fall 2018 Recap Message integrity guarantees that a message has not been modified by an adversary Definition requires that
More informationMessage Authentication ( 消息认证 )
Message Authentication ( 消息认证 ) Sheng Zhong Yuan Zhang Computer Science and Technology Department Nanjing University 2017 Fall Sheng Zhong, Yuan Zhang (CS@NJU) Message Authentication ( 消息认证 ) 2017 Fall
More informationIntroduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell
Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell 1 Cryptography Merriam-Webster Online Dictionary: 1. secret writing 2. the enciphering and deciphering
More informationCryptography. Andreas Hülsing. 6 September 2016
Cryptography Andreas Hülsing 6 September 2016 1 / 21 Announcements Homepage: http: //www.hyperelliptic.org/tanja/teaching/crypto16/ Lecture is recorded First row might be on recordings. Anything organizational:
More informationPaper presentation sign up sheet is up. Please sign up for papers by next class. Lecture summaries and notes now up on course webpage
1 Announcements Paper presentation sign up sheet is up. Please sign up for papers by next class. Lecture summaries and notes now up on course webpage 2 Recap and Overview Previous lecture: Symmetric key
More informationHomework 3: Solution
Homework 3: Solution March 28, 2013 Thanks to Sachin Vasant and Xianrui Meng for contributing their solutions. Exercise 1 We construct an adversary A + that does the following to win the CPA game: 1. Select
More informationPublic-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7
Public-Key Cryptography Professor Yanmin Gong Week 3: Sep. 7 Outline Key exchange and Diffie-Hellman protocol Mathematical backgrounds for modular arithmetic RSA Digital Signatures Key management Problem:
More informationComputer Security CS 526
Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability
More informationCSC/ECE 774 Advanced Network Security
Computer Science CSC/ECE 774 Advanced Network Security Topic 2. Network Security Primitives CSC/ECE 774 Dr. Peng Ning 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange;
More informationChapter 11 : Private-Key Encryption
COMP547 Claude Crépeau INTRODUCTION TO MODERN CRYPTOGRAPHY _ Second Edition _ Jonathan Katz Yehuda Lindell Chapter 11 : Private-Key Encryption 1 Chapter 11 Public-Key Encryption Apologies: all numbering
More informationSecure Multiparty Computation
CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationPublic Key Algorithms
Public Key Algorithms 1 Public Key Algorithms It is necessary to know some number theory to really understand how and why public key algorithms work Most of the public key algorithms are based on modular
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationLecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena
Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall 2009 Nitesh Saxena *Adopted from a previous lecture by Gene Tsudik Course Admin HW3 Problem 3 due Friday midnight
More information1. Diffie-Hellman Key Exchange
e-pgpathshala Subject : Computer Science Paper: Cryptography and Network Security Module: Diffie-Hellman Key Exchange Module No: CS/CNS/26 Quadrant 1 e-text Cryptography and Network Security Objectives
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationCS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong
CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Discussion 5 Week of February 19, 2017 Question 1 Diffie Hellman key exchange (15 min) Recall that in a Diffie-Hellman key exchange, there are values
More information18733: Applied Cryptography Anupam Datta (CMU) Basic key exchange. Dan Boneh
18733: Applied Cryptography Anupam Datta (CMU) Basic key exchange Online Cryptography Course Basic key exchange Trusted 3 rd parties Key management Problem: n users. Storing mutual secret keys is difficult
More informationCryptography CS 555. Topic 1: Course Overview & What is Cryptography
Cryptography CS 555 Topic 1: Course Overview & What is Cryptography 1 Administrative Note Professor Blocki is traveling and will be back on Wednesday. E-mail: jblocki@purdue.edu Thanks to Professor Spafford
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 3.3: Security Handshake Pitfalls CSC 474/574 Dr. Peng Ning 1 Authentication Handshakes Secure communication almost always includes an initial authentication
More informationAuth. Key Exchange. Dan Boneh
Auth. Key Exchange Review: key exchange Alice and want to generate a secret key Saw key exchange secure against eavesdropping Alice k eavesdropper?? k This lecture: Authenticated Key Exchange (AKE) key
More informationCSC 774 Network Security
CSC 774 Network Security Topic 2. Review of Cryptographic Techniques CSC 774 Dr. Peng Ning 1 Outline Encryption/Decryption Digital signatures Hash functions Pseudo random functions Key exchange/agreement/distribution
More informationLecture 15: Public Key Encryption: I
CSE 594 : Modern Cryptography 03/28/2017 Lecture 15: Public Key Encryption: I Instructor: Omkant Pandey Scribe: Arun Ramachandran, Parkavi Sundaresan 1 Setting In Public-key Encryption (PKE), key used
More informationAuthentication Handshakes
AIT 682: Network and Systems Security Topic 6.2 Authentication Protocols Instructor: Dr. Kun Sun Authentication Handshakes Secure communication almost always includes an initial authentication handshake.
More informationKatz, Lindell Introduction to Modern Cryptrography
Katz, Lindell Introduction to Modern Cryptrography Slides Chapter 4 Markus Bläser, Saarland University Message authentication How can you be sure that a message has not been modified? Encyrption is not
More informationSecurity of Cryptosystems
Security of Cryptosystems Sven Laur swen@math.ut.ee University of Tartu Formal Syntax Symmetric key cryptosystem m M 0 c Enc sk (m) sk Gen c sk m Dec sk (c) A randomised key generation algorithm outputs
More informationCS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD
ERIK JONSSON SCHOOL OF ENGINEERING & COMPUTER SCIENCE Cyber Security Research and Education Institute CS 6324: Information Security Dr. Junia Valente Department of Computer Science The University of Texas
More informationModule: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security
CMPSC443 - Introduction to Computer and Network Security Module: Cryptographic Protocols Professor Patrick McDaniel Spring 2009 1 Key Distribution/Agreement Key Distribution is the process where we assign
More informationCryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology
Cryptography & Key Exchange Protocols Faculty of Computer Science & Engineering HCMC University of Technology Outline 1 Cryptography-related concepts 2 3 4 5 6 7 Key channel for symmetric cryptosystems
More informationKey Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings
Key Exchange References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings Outlines Primitives Root Discrete Logarithm Diffie-Hellman ElGamal Shamir s Three Pass
More informationSpring 2010: CS419 Computer Security
Spring 2010: CS419 Computer Security Vinod Ganapathy Lecture 7 Topic: Key exchange protocols Material: Class handout (lecture7_handout.pdf) Chapter 2 in Anderson's book. Today s agenda Key exchange basics
More informationPublic-Key Cryptography
Computer Security Spring 2008 Public-Key Cryptography Aggelos Kiayias University of Connecticut A paradox Classic cryptography (ciphers etc.) Alice and Bob share a short private key using a secure channel.
More informationCryptography CS 555. Topic 8: Modes of Encryption, The Penguin and CCA security
Cryptography CS 555 Topic 8: Modes of Encryption, The Penguin and CCA security 1 Reminder: Homework 1 Due on Friday at the beginning of class Please typeset your solutions 2 Recap Pseudorandom Functions
More informationCryptography. Lecture 12. Arpita Patra
Cryptography Lecture 12 Arpita Patra Digital Signatures q In PK setting, privacy is provided by PKE q Integrity/authenticity is provided by digital signatures (counterpart of MACs in PK world) q Definition:
More informationKey Agreement. Guilin Wang. School of Computer Science, University of Birmingham
Key Agreement Guilin Wang School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk 1 Motivations As we know, symmetric key encryptions are usually much more efficient than public key encryptions,
More informationPublic-Key Encryption, Key Exchange, Digital Signatures CMSC 23200/33250, Autumn 2018, Lecture 7
Public-Key Encryption, Key Exchange, Digital Signatures CMSC 23200/33250, Autumn 2018, Lecture 7 David Cash University of Chicago Plan 1. Security of RSA 2. Key Exchange, Diffie-Hellman 3. Begin digital
More informationRSA Cryptography in the Textbook and in the Field. Gregory Quenell
RSA Cryptography in the Textbook and in the Field Gregory Quenell 1 In the beginning... 2 In the beginning... Diffie and Hellman 1976: A one-way function can be used to pass secret information over an insecure
More informationCSCI 5440: Cryptography Lecture 5 The Chinese University of Hong Kong, Spring and 6 February 2018
CSCI 5440: Cryptography Lecture 5 The Chinese University of Hong Kong, Spring 2018 5 and 6 February 2018 Identification schemes are mechanisms for Alice to prove her identity to Bob They comprise a setup
More information1 Identification protocols
ISA 562: Information Security, Theory and Practice Lecture 4 1 Identification protocols Now that we know how to authenticate messages using MACs, a natural question is, how can we use MACs to prove that
More informationApplied Cryptography and Computer Security CSE 664 Spring 2017
Applied Cryptography and Computer Security Lecture 18: Key Distribution and Agreement Department of Computer Science and Engineering University at Buffalo 1 Key Distribution Mechanisms Secret-key encryption
More informationKey Exchange. Secure Software Systems
1 Key Exchange 2 Challenge Exchanging Keys &!"#h%&'() & & 1 2 6(6 1) 2 15! $ The more parties in communication, the more keys that need to be securely exchanged " # Do we have to use out-of-band methods?
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationIND-CCA2 secure cryptosystems, Dan Bogdanov
MTAT.07.006 Research Seminar in Cryptography IND-CCA2 secure cryptosystems Dan Bogdanov University of Tartu db@ut.ee 1 Overview Notion of indistinguishability The Cramer-Shoup cryptosystem Newer results
More informationLecture 07: Private-key Encryption. Private-key Encryption
Lecture 07: Three algorithms Key Generation: Generate the secret key sk Encryption: Given the secret key sk and a message m, it outputs the cipher-text c (Note that the encryption algorithm can be a randomized
More informationT Cryptography and Data Security
T-79.4501 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Stallings: Ch 7.4; 7.3; 10.1 1 The Use
More informationCIS 6930/4930 Computer and Network Security. Topic 6.2 Authentication Protocols
CIS 6930/4930 Computer and Network Security Topic 6.2 Authentication Protocols 1 Authentication Handshakes Secure communication almost always includes an initial authentication handshake. Authenticate
More informationCS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:
50fb6be35f4c3105 9d4ed08fb86d8887 b746c452a9c9443b 15b22f450c76218e CS 470 Spring 2017 9df7031cdbff9d10 b700a92855f16328 5b757e66d2131841 62fedd7d9131e42e Mike Lam, Professor Security a.k.a. Why on earth
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Public Key Cryptography Modular Arithmetic RSA
More informationCIS 4360 Secure Computer Systems Applied Cryptography
CIS 4360 Secure Computer Systems Applied Cryptography Professor Qiang Zeng Spring 2017 Symmetric vs. Asymmetric Cryptography Symmetric cipher is much faster With asymmetric ciphers, you can post your Public
More informationPublic-Key Encryption
Public-Key Encryption Glorianna Jagfeld & Rahiel Kasim University of Amsterdam 10 March 2016 Glorianna Jagfeld & Rahiel Kasim Public-Key Encryption 10 March 2016 1 / 24 Warmup: crossword puzzle! Please
More informationLecture 20: Public-key Encryption & Hybrid Encryption. Public-key Encryption
Lecture 20: & Hybrid Encryption Lecture 20: & Hybrid Encryption Overview Suppose there is a 2-round Key-Agreement protocol. This means that there exists a protocol where Bob sends the first message m B
More informationIntroduction. Cambridge University Press Mathematics of Public Key Cryptography Steven D. Galbraith Excerpt More information
1 Introduction Cryptography is an interdisciplinary field of great practical importance. The subfield of public key cryptography has notable applications, such as digital signatures. The security of a
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 4, 2017 CPSC 467, Lecture 11 1/39 ElGamal Cryptosystem Message Integrity and Authenticity Message authentication codes
More informationDistributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 26. Cryptographic Systems: An Introduction Paul Krzyzanowski Rutgers University Fall 2015 1 Cryptography Security Cryptography may be a component of a secure system Adding cryptography
More informationCS408 Cryptography & Internet Security
CS408 Cryptography & Internet Security Lectures 16, 17: Security of RSA El Gamal Cryptosystem Announcement Final exam will be on May 11, 2015 between 11:30am 2:00pm in FMH 319 http://www.njit.edu/registrar/exams/finalexams.php
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More information2 Secure Communication in Private Key Setting
CSA E0 235: Cryptography January 11, 2016 Instructor: Arpita Patra Scribe for Lecture 2 Submitted by: Jayam Modi 1 Discrete Probability Background Probability Distribution -A probability distribution over
More informationCrypto Background & Concepts SGX Software Attestation
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 4b Slide deck extracted from Kamran s tutorial on SGX, presented during ECE 6095 Spring 2017 on Secure Computation and Storage, a precursor to this course
More informationLecture 2 Applied Cryptography (Part 2)
Lecture 2 Applied Cryptography (Part 2) Patrick P. C. Lee Tsinghua Summer Course 2010 2-1 Roadmap Number theory Public key cryptography RSA Diffie-Hellman DSA Certificates Tsinghua Summer Course 2010 2-2
More informationLecture 6 - Cryptography
Lecture 6 - Cryptography CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12 Question Setup: Assume you and I donʼt know anything about
More informationCryptography Lecture 4. Attacks against Block Ciphers Introduction to Public Key Cryptography. November 14, / 39
Cryptography 2017 Lecture 4 Attacks against Block Ciphers Introduction to Public Key Cryptography November 14, 2017 1 / 39 What have seen? What are we discussing today? What is coming later? Lecture 3
More informationLecture 3.4: Public Key Cryptography IV
Lecture 3.4: Public Key Cryptography IV CS 436/636/736 Spring 2012 Nitesh Saxena Course Administration HW1 submitted Trouble with BB Trying to check with BB support HW1 solution will be posted very soon
More informationThis chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest
1 2 3 This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest PKCS, Diffie- Hellman key exchange. This first published
More informationASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1
ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters
More informationLecture 6.2: Protocols - Authentication and Key Exchange II. CS 436/636/736 Spring Nitesh Saxena. Course Admin
Lecture 6.2: Protocols - Authentication and Key II CS 436/636/736 Spring 2012 Nitesh Saxena Mid-Term Grading Course Admin Will be done over the break Scores will be posted online and graded exams distribute
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationLecture 1: Perfect Security
CS 290G (Fall 2014) Introduction to Cryptography Oct 2nd, 2014 Instructor: Rachel Lin 1 Recap Lecture 1: Perfect Security Scribe: John Retterer-Moore Last class, we introduced modern cryptography and gave
More informationOverview. Public Key Algorithms I
Public Key Algorithms I Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601-04/ Louisiana State
More informationAuthenticated encryption
Authenticated encryption Mac forgery game M {} k R 0,1 s m t M M {m } t mac k (m ) Repeat as many times as the adversary wants (m, t) Wins if m M verify m, t = 1 Mac forgery game Allow the adversary to
More informationCS 161 Computer Security
Raluca Popa Spring 2018 CS 161 Computer Security Homework 2 Due: Wednesday, February 14, at 11:59pm Instructions. This homework is due Wednesday, February 14, at 11:59pm. No late homeworks will be accepted.
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationISA 562: Information Security, Theory and Practice. Lecture 1
ISA 562: Information Security, Theory and Practice Lecture 1 1 Encryption schemes 1.1 The semantics of an encryption scheme. A symmetric key encryption scheme allows two parties that share a secret key
More information2.1 Basic Cryptography Concepts
ENEE739B Fall 2005 Part 2 Secure Media Communications 2.1 Basic Cryptography Concepts Min Wu Electrical and Computer Engineering University of Maryland, College Park Outline: Basic Security/Crypto Concepts
More informationBrief Introduction to Provable Security
Brief Introduction to Provable Security Michel Abdalla Département d Informatique, École normale supérieure michel.abdalla@ens.fr http://www.di.ens.fr/users/mabdalla 1 Introduction The primary goal of
More informationCryptography and Network Security Chapter 10. Fourth Edition by William Stallings
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Chapter 10 Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture out of the
More informationCrypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))
Introduction (Mihir Bellare Text/Notes: http://cseweb.ucsd.edu/users/mihir/cse207/) Cryptography provides: Data Privacy Data Integrity and Authenticity Crypto-systems all around us ATM machines Remote
More informationASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1
ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters
More informationPublic Key Algorithms
CSE597B: Special Topics in Network and Systems Security Public Key Cryptography Instructor: Sencun Zhu The Pennsylvania State University Public Key Algorithms Public key algorithms RSA: encryption and
More informationLecture 10, Zero Knowledge Proofs, Secure Computation
CS 4501-6501 Topics in Cryptography 30 Mar 2018 Lecture 10, Zero Knowledge Proofs, Secure Computation Lecturer: Mahmoody Scribe: Bella Vice-Van Heyde, Derrick Blakely, Bobby Andris 1 Introduction Last
More informationOnline Cryptography Course. Basic key exchange. Trusted 3 rd par7es. Dan Boneh
Online Cryptography Course Dan Boneh Basic key exchange Trusted 3 rd par7es Key management Problem: n users. Storing mutual secret keys is difficult Total: O(n) keys per user A befer solu7on Online Trusted
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.5 Public Key Algorithms CSC 474/574 Dr. Peng Ning 1 Public Key Algorithms Public key algorithms covered in this class RSA: encryption and digital signature
More informationCS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?
50fb6be35f4c3105 9d4ed08fb86d8887 b746c452a9c9443b 15b22f450c76218e CS 470 Spring 2018 9df7031cdbff9d10 b700a92855f16328 5b757e66d2131841 62fedd7d9131e42e Mike Lam, Professor Security a.k.a. Why on earth
More informationGrenzen der Kryptographie
Microsoft Research Grenzen der Kryptographie Dieter Gollmann Microsoft Research 1 Summary Crypto does not solve security problems Crypto transforms security problems Typically, the new problems relate
More informationGoals of Modern Cryptography
Goals of Modern Cryptography Providing information security: Data Privacy Data Integrity and Authenticity in various computational settings. Data Privacy M Alice Bob The goal is to ensure that the adversary
More informationChapter 9. Public Key Cryptography, RSA And Key Management
Chapter 9 Public Key Cryptography, RSA And Key Management RSA by Rivest, Shamir & Adleman of MIT in 1977 The most widely used public-key cryptosystem is RSA. The difficulty of attacking RSA is based on
More informationCryptographic Systems
CPSC 426/526 Cryptographic Systems Ennan Zhai Computer Science Department Yale University Recall: Lec-10 In lec-10, we learned: - Consistency models - Two-phase commit - Consensus - Paxos Lecture Roadmap
More informationLecture 7.1: Private-key Encryption. Lecture 7.1: Private-key Encryption
Private-key Encryption Alice and Bob share a secret s {0, 1} n Private-key Encryption Alice and Bob share a secret s {0, 1} n Encryption and Decryption algorithms are efficient Private-key Encryption Alice
More informationPublic Key Algorithms
Public Key Algorithms CS 472 Spring 13 Lecture 6 Mohammad Almalag 2/19/2013 Public Key Algorithms - Introduction Public key algorithms are a motley crew, how? All hash algorithms do the same thing: Take
More informationHOST Cryptography I ECE 525. Cryptography Handbook of Applied Cryptography &
Cryptography Handbook of Applied Cryptography & http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect
More informationCSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography Outline 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More information