Zero-Knowledge Proof and Authentication Protocols
|
|
- Erik Skinner
- 6 years ago
- Views:
Transcription
1 Zero-Knowledge Proof and Authentication Protocols Ben Lipton April 26, 2016
2 Outline Background Zero-Knowledge Proofs Zero-Knowledge Authentication History Example Protocols Guillou-Quisquater Non-zero-knowledge Anonymous Group Identification Practical Challenges
3 Zero-Knowledge Proofs Concept: Prover wishes to convince verifier of an assertion, without revealing any information besides that the assertion is true. Requirements [1]: Completeness - If the assertion is true, the verifier will be convinced (with high probability). Soundness - If the statement is false, the prover will (with high probability) fail to convince the verifier. Zero knowledge - The transcript of the proof reveals no information about the assertion.
4 Zero-Knowledge Authentication / Proofs of Identity In computing, we need authentication protocols to confirm identity of user Risk of eavesdropping, server compromise Best case - attacker learns nothing from exchange they didn t already know
5 History Idea of zero-knowledge proofs introduced [2] First zero-knowledge proof of identity (Fiat-Shamir [3]) Single-round zero-knowledge identification (Guillou-Quisquater [4]) 1990s - Lots of protocols, theory Since New applications: Group authentication [5] [6], anti-phishing [7], deniable authentication [8]
6 Guillou-Quisquater Identification Scheme - Setup The trusted authority (TA) chooses: primes p, q such that factoring their product n = pq is infeasible another large prime b b and n are published; p and q are kept secret. Alice s private key is an integer u Z n, and her public key is v = (u 1 ) b mod n. TA issues Alice a certificate (using any secure signature scheme): Cert(Alice) = (ID(Alice), v, sig TA (ID(Alice) v)) Note: This formulation from Stinson, original paper derives public key from user identity.
7 Guillou-Quisquater Identification Scheme - Protocol 1. Alice chooses random k Z n 2. Alice sends Bob Cert(Alice), γ = k b mod n 3. Bob verifies ver TA (ID(Alice) v, s) = true 4. Bob sends Alice a random number r (0 r b 1) 5. Alice computes and sends back 6. Bob verifies that y = ku r mod n γ v r y b (mod n)
8 Is this really zero-knowledge authentication? 1. A B: v = (u 1 ) b mod n; γ = k b mod n 2. B A: r 3. A B: y = ku r mod n 4. B: γ v r y b (mod n)? Completeness Soundness Zero knowledge
9 Public-key Authentication Example of a non-zero-knowledge protocol 1. Bob sends random challenge r to Alice 2. Alice sends back Cert(Alice) and y = sig Alice (ID(Bob) r) 3. Bob verifies Cert(Alice) and extracts public key ver Alice from it. 4. Bob accepts if and only if ver Alice (ID(Bob) r, y) = true Only Alice can generate y, so a transcript is proof that Alice was authenticated!
10 Anonymous Group Identification - Setup Goal: Convince verifier that prover is a member of an authorized group, without revealing which member it is. TA generates two large primes p, q, p q 3 (mod 4), and publishes their product n = pq. TA generates and distributes a private key w i to each user. The corresponding public key is the quadratic residue y i = w 2 i mod n.
11 Anonymous Group Identification - Protocol 1. Prover U i selects a random subset R of {y 1,..., y m }, and a random r Z n. 2. Prover computes and sends to verifier u = r 2 y R y mod n 3. Verifier sends random bit b to prover 4. Prover returns either: s = r, if b R (mod 2) s = rwi, if b R (mod 2) and y i R s = rw 1 i, if b R (mod 2) and y i R 5. Verifier confirms that s 2 mod n times a subset of the y i s with parity b is equal to u (mod n) 6. Repeat until verifier is convinced
12 Anonymous Group Identification - Zero-Knowledge To simulate a transcript of this protocol without access to the private keys: 1. Randomly select bit b, integer r, and subset R whose order has parity b. 2. Let s = r and let u = r 2 y R y mod n This transcript will pass verification because u = s 2 y R y mod n and the parity of R is b. And since s is always indistinguishable from random (including when multiplied by a secret value) these transcripts should have a distribution that is indistinguishable from real protocol executions.
13 Challenges Zero-knowledge is not preserved under parallel execution However, some protocols have proofs of weaker but still useful properties (zero transferable information [9], witness hiding [10]) Not an obvious fit with current web technologies (needs secure implementation on client side)
14 Questions?
15 [1] O. Goldreich, S. Micali, and A. Wigderson, Proofs That Yield Nothing but Their Validity or All Languages in NP Have Zero-knowledge Proof Systems, J. ACM, vol. 38, no. 3, pp , Jul [2] S. Goldwasser, S. Micali, and C. Rackoff, The Knowledge Complexity of Interactive Proof-systems, in Proceedings of the Seventeenth Annual ACM Symposium on Theory of Computing, ser. STOC 85. New York, NY, USA: ACM, 1985, pp [3] A. Fiat and A. Shamir, How To Prove Yourself: Practical Solutions to Identification and Signature Problems, in Advances in Cryptology CRYPTO 86, ser. Lecture Notes in Computer Science, A. M. Odlyzko, Ed. Springer Berlin Heidelberg, Aug. 1986, no. 263, pp [4] L. C. Guillou and J.-J. Quisquater, A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory, in Advances in Cryptology EUROCRYPT 88, ser. Lecture Notes in
16 Computer Science, D. Barstow, W. Brauer, P. B. Hansen, D. Gries, D. Luckham, C. Moler, A. Pnueli, G. Seegmller, J. Stoer, N. Wirth, and C. G. Gnther, Eds. Springer Berlin Heidelberg, May 1988, no. 330, pp [5] A. De Santis, G. Di Crescenzo, and G. Persiano, Communication-efficient Anonymous Group Identification, in Proceedings of the 5th ACM Conference on Computer and Communications Security, ser. CCS 98. New York, NY, USA: ACM, 1998, pp [6] R. Gretzinger, Zero-Knowledge Proofs In Anonymous Group Identification, Rochester Institute of Technology, Tech. Rep., Feb [7] M. Sharifi, A. Saberi, M. Vahidi, and M. Zorufi, A Zero Knowledge Password Proof Mutual Authentication Technique Against Real-Time Phishing Attacks, in Information Systems Security, ser. Lecture Notes in Computer Science, P. McDaniel and S. K. Gupta, Eds. Springer Berlin Heidelberg, Dec. 2007, no. 4812, pp
17 [8] M. Di Raimondo and R. Gennaro, New Approaches for Deniable Authentication, in Proceedings of the 12th ACM Conference on Computer and Communications Security, ser. CCS 05. New York, NY, USA: ACM, 2005, pp [9] U. Feige, A. Fiat, and A. Shamir, Zero-knowledge proofs of identity, Journal of Cryptology, vol. 1, no. 2, pp , Jun [10] U. Feige and A. Shamir, Witness Indistinguishable and Witness Hiding Protocols, in Proceedings of the Twenty-second Annual ACM Symposium on Theory of Computing, ser. STOC 90. New York, NY, USA: ACM, 1990, pp
Zero Knowledge Protocol
Akash Patel (SJSU) Zero Knowledge Protocol Zero knowledge proof or protocol is method in which a party A can prove that given statement X is certainly true to party B without revealing any additional information
More informationICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification
ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification Hossen Asiful Mustafa Introduction Entity Authentication is a technique designed to let one party prove the identity of another
More informationZero-Knowledge Proofs of Knowledge
Zero-Knowledge Proofs of Knowledge Stéphanie Delaune September 6, 2013 Stéphanie Delaune () Proofs of Knowledge September 6, 2013 1 / 16 Proofs of knowledge Proof of knowledge are often used to prove one
More informationCryptographic protocols
Cryptographic protocols Lecture 3: Zero-knowledge protocols for identification 6/16/03 (c) Jussipekka Leiwo www.ialan.com Overview of ZK Asymmetric identification techniques that do not rely on digital
More informationForward-Secure Signatures for Unbounded Time Periods in Mobile Computing Applications
208 Forward-Secure Signatures for Unbounded Time Periods in Mobile Computing Applications N..Sunitha B.B.Amberker Prashant Koulgi Department of Computer Science Department of Computer Science Department
More informationIdentification Schemes
Identification Schemes Lecture Outline Identification schemes passwords one-time passwords challenge-response zero knowledge proof protocols Authentication Data source authentication (message authentication):
More informationZERO KNOWLEDGE PROOFS FOR EXACT COVER AND 0-1 KNAPSACK
Proceedings of the 6th Annual ISC Graduate Research Symposium ISC-GRS 01 April 13, 01, Rolla, Missouri ZERO KNOWLEDGE PROOFS FOR EXACT COVER AND 0-1 KNAPSACK ABSTRACT Zero Knowledge Proofs (ZKPs) are interactive
More informationResearch Statement. Yehuda Lindell. Dept. of Computer Science Bar-Ilan University, Israel.
Research Statement Yehuda Lindell Dept. of Computer Science Bar-Ilan University, Israel. lindell@cs.biu.ac.il www.cs.biu.ac.il/ lindell July 11, 2005 The main focus of my research is the theoretical foundations
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationStudy Guide for the Final Exam
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Handout #22 Professor M. J. Fischer April 30, 2005 1 Exam Coverage Study Guide for the Final Exam The final
More informationLecture 9: Zero-Knowledge Proofs
Great Ideas in Theoretical Computer Science Summer 2013 Lecture 9: Zero-Knowledge Proofs Lecturer: Kurt Mehlhorn & He Sun A zero-knowledge proof is an interactive protocol (game) between two parties, a
More informationA Mathematical Proof. Zero Knowledge Protocols. Interactive Proof System. Other Kinds of Proofs. When referring to a proof in logic we usually mean:
A Mathematical Proof When referring to a proof in logic we usually mean: 1. A sequence of statements. 2. Based on axioms. Zero Knowledge Protocols 3. Each statement is derived via the derivation rules.
More informationZero Knowledge Protocols. c Eli Biham - May 3, Zero Knowledge Protocols (16)
Zero Knowledge Protocols c Eli Biham - May 3, 2005 442 Zero Knowledge Protocols (16) A Mathematical Proof When referring to a proof in logic we usually mean: 1. A sequence of statements. 2. Based on axioms.
More informationCryptographic proof of custody for incentivized file-sharing
Cryptographic proof of custody for incentivized file-sharing Pavel Kravchenko 1, Vlad Zamfir 2 1 Distributed Lab, pavel@distributedlab.com 2 Coinculture, vlad@coinculture.info Abstract. A cryptographic
More informationConcurrent Zero Knowledge in Polylogarithmic Rounds. 2 Concurrent Composable Zero Knowledge: The Construction
6.876/18.426: Advanced Cryptography 28.4.2003. Lecture 19: Concurrent Zero Knowledge in Polylogarithmic Rounds Scribed by: Nenad Dedić 1 Introduction The subject of these notes is concurrent zero knowledge,
More informationComparison of ZKP based Authentication Mechanisms for securing the web server
Comparison of ZKP based Authentication Mechanisms for securing the web server Kayathri Devi D #1, Akilan S S *2 # Department of Information technology, Kamaraj College of Engineering and technology Virudhunagar,
More informationSecure Multiparty Computation
CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationLecture 6: ZK Continued and Proofs of Knowledge
600.641 Special Topics in Theoretical Cryptography 02/06/06 Lecture 6: ZK Continued and Proofs of Knowledge Instructor: Susan Hohenberger Scribe: Kevin Snow 1 Review / Clarification At the end of last
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor Identification (User Authentication) Fiat-Shamir Scheme Lecture 12 Tel-Aviv University 4 January 2010 Model and Major Issues Alice wishes to prove to Bob
More informationCS549: Cryptography and Network Security
CS549: Cryptography and Network Security by Xiang-Yang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared
More informationCS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong
CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationEfficient and Non-malleable Proofs of Plaintext Knowledge and Applications
Efficient and Non-malleable Proofs of Plaintext Knowledge and Applications (Extended Abstract) Jonathan Katz Dept. of Computer Science, University of Maryland, College Park, MD jkatz@cs.umd.edu Abstract.
More informationMULTIPARTY COMPARISON An Improved Multiparty Protocol for Comparison of Secret-shared Values
MULTIPARTY COMPARISON An Improved Multiparty Protocol for Comparison of Secret-shared Values Tord Ingolf Reistad Department of Telematics, O.S. Bragstads plass 2B, NTNU, Trondheim, Norway tordr@item.ntnu.no
More informationDistributed ID-based Signature Using Tamper-Resistant Module
, pp.13-18 http://dx.doi.org/10.14257/astl.2013.29.03 Distributed ID-based Signature Using Tamper-Resistant Module Shinsaku Kiyomoto, Tsukasa Ishiguro, and Yutaka Miyake KDDI R & D Laboratories Inc., 2-1-15,
More informationElements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 2 Due: Friday, 10/28/2016 at 11:55pm PT Will be posted on
More informationHomework 2 CS161 Computer Security, Spring 2008 Assigned 2/13/08 Due 2/25/08
Homework 2 CS161 Computer Security, Spring 2008 Assigned 2/13/08 Due 2/25/08 1. Signatures and Attacks Recall that to use the ElGamal signature scheme, Alice randomly selects her private signing key x
More informationProvable Partial Key Escrow
Provable Partial Key Escrow Kooshiar Azimian Electronic Research Center, Sharif University of Technology, and Computer Engineering Department, Sharif University of Technology Tehran, Iran Email: Azimian@ce.sharif.edu
More informationAnonymous Authentication of Membership in Dynamic Groups
Anonymous Authentication of Membership in Dynamic Groups Stuart Schechter 1, Todd Parnell 2, and Alexander Hartemink 2 1 Harvard University stuart@post.harvard.edu 2 Massachusetts Institute of Technology
More informationZero-Knowledge Proofs in M2M Communication
Zero-Knowledge Proofs in M2M Communication Michael Schukat 1, Padraig Flood 2 1 Department of Information Technology NUI Galway, Galway, Ireland Email: michael.schukat@nuigalway.ie 2 Department of Information
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More informationThe Five Card Trick. Bert den Boer. Cenrrum voor Wiskunde en Informa!ica. Kruislaan 413, IO98 SJ Amsterdam, The Nefherlands
More Efficient Match-Making The Five Card Trick and Satisfiability Bert den Boer Cenrrum voor Wiskunde en Informa!ica Kruislaan 413, IO98 SJ Amsterdam, The Nefherlands Abstract. A two-party cryptographic
More informationDawn Song
1 Secret-Sharing & Zero-knowledge Proof Dawn Song dawnsong@cs.berkeley.edu Review DH key exchange protocol Password authentication protocol Random number generation 2 Lessons Learned Seeds must be unpredictable
More informationDigital Signatures. Sven Laur University of Tartu
Digital Signatures Sven Laur swen@math.ut.ee University of Tartu Formal Syntax Digital signature scheme pk (sk, pk) Gen (m, s) (m,s) m M 0 s Sign sk (m) Ver pk (m, s)? = 1 To establish electronic identity,
More informationEfficient identity-based GQ multisignatures
Int. J. Inf. Secur. DOI 10.1007/s10207-008-0072-z REGULAR CONTRIBUTION Efficient identity-based GQ multisignatures Lein Harn Jian Ren Changlu Lin Springer-Verlag 2008 Abstract ISO/IEC 14888 specifies a
More informationHomomorphic encryption (whiteboard)
Crypto Tutorial Homomorphic encryption Proofs of retrievability/possession Attribute based encryption Hidden vector encryption, predicate encryption Identity based encryption Zero knowledge proofs, proofs
More informationOn Privacy and Anonymity in Knowledge Externalization
On Privacy and Anonymity in Knowledge Externalization Yuen-Yan Chan and Chi-Hong Leung The Chinese University of Hong Kong rosannachan@cuhk.edu.hk, leung_chi_hong@yahoo.com.hk Secure Knowledge Management
More informationOptimistic Fair Exchange in a Multi-User Setting
Optimistic Fair Exchange in a Multi-User Setting Yevgeniy Dodis 1, Pil Joong Lee 2, and Dae Hyun Yum 2 1 Department of Computer Science, New York University, NY, USA dodis@cs.nyu.edu 2 Department of Electronic
More informationA SIGNATURE ALGORITHM BASED ON DLP AND COMPUTING SQUARE ROOTS
A SIGNATURE ALGORITHM BASED ON DLP AND COMPUTING SQUARE ROOTS Ounasser Abid 1 and Omar Khadir 2 1, 2 Laboratory of Mathematics, Cryptography and Mechanics, FSTM University Hassan II of Casablanca, Morocco
More informationFrom Identification to Signatures via the Fiat-Shamir Transform: Minimizing Assumptions for Security and Forward-Security
From Identification to Signatures via the Fiat-Shamir Transform: Minimizing Assumptions for Security and Forward-Security Michel Abdalla 1, Jee Hea An 2, Mihir Bellare 3, and Chanathip Namprempre 3 1 Magis
More informationSession Key Distribution
Session Key Distribution The TA shares secret keys with network users. The TA chooses session keys and distributes them in encrypted form upon request of network users. We will need to define appropriate
More informationOverview. Public Key Algorithms I
Public Key Algorithms I Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601-04/ Louisiana State
More informationPublic Key Algorithms
Public Key Algorithms 1 Public Key Algorithms It is necessary to know some number theory to really understand how and why public key algorithms work Most of the public key algorithms are based on modular
More informationEfficient Identification Schemes Using Two Prover Interactive Proofs
Efficient Identification Schemes Using Two Prover Interactive Proofs Michael Ben-Or Hebrew University Shafi Goldwasser* MIT Avi Wigderson Hebrew Universoity Joe Kilimt MIT Abstract We present two efficient
More informationNotes for Lecture 24
U.C. Berkeley CS276: Cryptography Handout N24 Luca Trevisan April 21, 2009 Notes for Lecture 24 Scribed by Milosh Drezgich, posted May 11, 2009 Summary Today we introduce the notion of zero knowledge proof
More informationEfficient and Non-Malleable Proofs of Plaintext Knowledge and Applications
Efficient and Non-Malleable Proofs of Plaintext Knowledge and Applications (Extended Abstract ) Jonathan Katz Abstract We describe very efficient protocols for non-malleable (interactive) proofs of plaintext
More informationCSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography Outline 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationLecture 5: Zero Knowledge for all of NP
600.641 Special Topics in Theoretical Cryptography February 5, 2007 Lecture 5: Zero Knowledge for all of NP Instructor: Susan Hohenberger Scribe: Lori Kraus 1 Administrative The first problem set goes
More informationOutline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography 1. Introduction 2. RSA Outline 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationAlternative Protocols for Generalized Oblivious Transfer
Alternative Protocols for Generalized Oblivious Transfer Bhavani Shankar 1, Kannan Srinathan 1, and C. Pandu Rangan 2 1 Center for Security, Theory and Algorithmic Research (C-STAR), International Institute
More informationCPSC 467b: Cryptography and Computer Security
Outline ZKIP Other IP CPSC 467b: Cryptography and Computer Security Lecture 19 Michael J. Fischer Department of Computer Science Yale University March 31, 2010 Michael J. Fischer CPSC 467b, Lecture 19
More informationVerifiably Encrypted Signature Scheme with Threshold Adjudication
Verifiably Encrypted Signature Scheme with Threshold Adjudication M. Choudary Gorantla and Ashutosh Saxena Institute for Development and Research in Banking Technology Road No. 1, Castle Hills, Masab Tank,
More informationFall 2005 Joseph/Tygar/Vazirani/Wagner Final
CS 161 Computer Security Fall 2005 Joseph/Tygar/Vazirani/Wagner Final PRINT your name:, (last) SIGN your name: (first) PRINT your Unix account name: PRINT your TA s name: You may consult any books, notes,
More informationOutline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)
Outline AIT 682: Network and Systems Security 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard Topic 5.2 Public Key Cryptography Instructor: Dr. Kun Sun 2 Public Key
More informationl20 nov zero-knowledge proofs
l0 nov 00 zero-knowledge proofs what properties should an interactive proof system have? Alice Bob if c= o.w. quadratic equations prove that equation has a solution without revealing the solution! Alice
More informationCryptography Today. Ali El Kaafarani. Mathematical Institute Oxford University. 1 of 44
Cryptography Today Ali El Kaafarani Mathematical Institute Oxford University 1 of 44 About the Course Regular classes with worksheets so you can work with some concrete examples (every Friday at 1pm).
More informationAnonymous authentication with subset queries, but without identity escrow, follows as an application of proofs of partial knowledge [15, 17, 16]. Ther
Anonymous Authentication With Subset Queries (Extended Abstract) Dan Boneh Λ dabo@cs.stanford.edu Matt Franklin franklin@parc.xerox.com Abstract We develop new schemes for anonymous authentication that
More information6.842 Randomness and Computation September 25-27, Lecture 6 & 7. Definition 1 Interactive Proof Systems (IPS) [Goldwasser, Micali, Rackoff]
6.84 Randomness and Computation September 5-7, 017 Lecture 6 & 7 Lecturer: Ronitt Rubinfeld Scribe: Leo de Castro & Kritkorn Karntikoon 1 Interactive Proof Systems An interactive proof system is a protocol
More informationENEE 459-C Computer Security. Security protocols
ENEE 459-C Computer Security Security protocols Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p and g public.
More informationAuthentication, Enhanced Security and Error Correcting Codes. (Extended Abstract) Yonatan Aumann t and Michael O. Rabin 2
Authentication, Enhanced Security and Error Correcting Codes (Extended Abstract) Yonatan Aumann t and Michael O. Rabin 2 1 Department of Mathematics and Computer Science, Bar Ilan University, Ramat-Gan,
More informationLecture 10, Zero Knowledge Proofs, Secure Computation
CS 4501-6501 Topics in Cryptography 30 Mar 2018 Lecture 10, Zero Knowledge Proofs, Secure Computation Lecturer: Mahmoody Scribe: Bella Vice-Van Heyde, Derrick Blakely, Bobby Andris 1 Introduction Last
More informationSecurity properties of two authenticated conference key agreement protocols
Security properties of two authenticated conference key agreement protocols Qiang Tang and Chris J. Mitchell Information Security Group Royal Holloway, University of London Egham, Surrey TW20 0EX, UK {qiang.tang,
More informationEfficiency Optimisation Of Tor Using Diffie-Hellman Chain
Efficiency Optimisation Of Tor Using Diffie-Hellman Chain Kun Peng Institute for Infocomm Research, Singapore dr.kun.peng@gmail.com Abstract Onion routing is the most common anonymous communication channel.
More informationChapter 9 Public Key Cryptography. WANG YANG
Chapter 9 Public Key Cryptography WANG YANG wyang@njnet.edu.cn Content Introduction RSA Diffie-Hellman Key Exchange Introduction Public Key Cryptography plaintext encryption ciphertext decryption plaintext
More informationSecuring Bitcoin wallets: A new DSA threshold signature scheme that is usable in the real world
Securing Bitcoin wallets: A new DSA threshold signature scheme that is usable in the real world https://eprint.iacr.org/2016/013 Rosario Gennaro, Steven Goldfeder, Arvind Narayanan Spending bitcoins is
More informationMTAT Research Seminar in Cryptography IND-CCA2 secure cryptosystems
MTAT.07.006 Research Seminar in Cryptography IND-CCA2 secure cryptosystems Dan Bogdanov October 31, 2005 Abstract Standard security assumptions (IND-CPA, IND- CCA) are explained. A number of cryptosystems
More informationPAijpam.eu SECURE SCHEMES FOR SECRET SHARING AND KEY DISTRIBUTION USING PELL S EQUATION P. Muralikrishna 1, S. Srinivasan 2, N. Chandramowliswaran 3
International Journal of Pure and Applied Mathematics Volume 85 No. 5 2013, 933-937 ISSN: 1311-8080 (printed version); ISSN: 1314-3395 (on-line version) url: http://www.ijpam.eu doi: http://dx.doi.org/10.12732/ijpam.v85i5.11
More informationPublic Key Cryptography and the RSA Cryptosystem
Public Key Cryptography and the RSA Cryptosystem Two people, say Alice and Bob, would like to exchange secret messages; however, Eve is eavesdropping: One technique would be to use an encryption technique
More informationESIGN: An Efficient Digital Signature
ESIGN: An Efficient Digital Signature Implementation for Smart Cards Atsushi Fujioka Tatsuaki Okamoto Shoji Miyaguchi NTT Laboratories Nippon Telegraph and Telephone Corporation 1-2356, Take, Yokosu ka-
More informationEfficient Compilers for Authenticated Group Key Exchange
Efficient Compilers for Authenticated Group Key Exchange Qiang Tang and Chris J. Mitchell Information Security Group, Royal Holloway, University of London Egham, Surrey TW20 0EX, UK {qiang.tang, c.mitchell}@rhul.ac.uk
More informationLecture 22 - Oblivious Transfer (OT) and Private Information Retrieval (PIR)
Lecture 22 - Oblivious Transfer (OT) and Private Information Retrieval (PIR) Boaz Barak December 8, 2005 Oblivious Transfer We are thinking of the following situation: we have a server and a client (or
More informationPublic-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7
Public-Key Cryptography Professor Yanmin Gong Week 3: Sep. 7 Outline Key exchange and Diffie-Hellman protocol Mathematical backgrounds for modular arithmetic RSA Digital Signatures Key management Problem:
More informationCryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1
Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography CS555 Spring 2012/Topic 16 1 Outline and Readings Outline Private key management between two parties Key management
More informationk Anonymous Private Query Based on Blind Signature and Oblivious Transfer
Edith Cowan University Research Online International Cyber Resilience conference Conferences, Symposia and Campus Events 2011 k Anonymous Private Query Based on Blind Signature and Oblivious Transfer Russell
More informationApplications of The Montgomery Exponent
Applications of The Montgomery Exponent Shay Gueron 1,3 1 Dept. of Mathematics, University of Haifa, Israel (shay@math.haifa.ac.il) Or Zuk 2,3 2 Dept. of Physics of Complex Systems, Weizmann Institute
More informationENEE 459-C Computer Security. Security protocols (continued)
ENEE 459-C Computer Security Security protocols (continued) Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p
More informationLightweight Signatures for (A Defense Against Phishing)
Lightweight Signatures for Email (A Defense Against Phishing) Ben Adida ben@mit.edu Cryptography and Information Security Group CSAIL, MIT 6.857 - December 7th, 2005 (joint with David Chau, Susan Hohenberger
More informationImprovement of Camenisch-Neven-Shelat Oblivious Transfer Scheme
Improvement of Camenisch-Neven-Shelat Oblivious Transfer Scheme Zhengjun Cao and Hanyue Cao Department of Mathematics, Shanghai University, Shanghai, China caozhj@shu.edu.cn Abstract. In 2007, Camenisch,
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationAn Overview of Active Security in Garbled Circuits
An Overview of Active Security in Garbled Circuits Author: Cesar Pereida Garcia Supervisor: Pille Pullonen Department of Mathematics and Computer Science. University of Tartu Tartu, Estonia. December 15,
More informationCSC/ECE 774 Advanced Network Security
Computer Science CSC/ECE 774 Advanced Network Security Topic 2. Network Security Primitives CSC/ECE 774 Dr. Peng Ning 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange;
More informationThe Non-interactive Equivocable Non-malleable Commitment and its Applications
MM Research Preprints, 218 229 MMRC, AMSS, Academia, Sinica, Beijing No. 21, December 2002 The Non-interactive Equivocable Non-malleable Commitment and its Applications Chunming Tang Zhuojun Liu 1) Abstract.
More informationReal-Time Detection from Various Social Network Using SSO
2017 IJSRSET Volume 3 Issue 2 Print ISSN: 2395-1990 Online ISSN : 2394-4099 Themed Section: Engineering and Technology Real-Time Detection from Various Social Network Using SSO ABSTRACT C. Jayaseelan,
More informationSearchable Encryption. Nuttiiya Seekhao
Searchable Encryption Nuttiiya Seekhao Overview Motivation Literature Background Solutions Scheme I, II, III, IV Discussion Runtime Possible Extensions Conclusion Motivation Motivation Motivation Searchable
More informationAnonymizable Ring Signature Without Pairing
Anonymizable Ring Signature Without Pairing Olivier Blazy, Xavier Bultel, Pascal Lafourcade To cite this version: Olivier Blazy, Xavier Bultel, Pascal Lafourcade. Anonymizable Ring Signature Without Pairing.
More informationA public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks
A public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks Jan Camenisch 1, Nishanth Chandran 2, and Victor Shoup 3 1 IBM Research, work funded
More informationPeer to Peer Authentication for Small Embedded Systems
Peer to Peer Authentication for Small Embedded Systems A zero-knowledge-based approach to security for the Internet of Things Pádraig Flood, Michael Schukat OSNA Cyber Security Research Group NUI Galway
More informationLecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena
Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall 2009 Nitesh Saxena *Adopted from a previous lecture by Gene Tsudik Course Admin HW3 Problem 3 due Friday midnight
More informationDeniable Ring Authentication
Deniable Ring Authentication Moni Naor Weizmann Institute of Science Rehovot 76100, Israel naor@wisdom.weizmann.ac.il Abstract Digital Signatures enable authenticating messages in a way that disallows
More information1 Identification protocols
ISA 562: Information Security, Theory and Practice Lecture 4 1 Identification protocols Now that we know how to authenticate messages using MACs, a natural question is, how can we use MACs to prove that
More informationCryptanalysis of Brenner et al. s Somewhat Homomorphic Encryption Scheme
Proceedings of the Eleventh Australasian Information Security Conference (AISC 2013), Adelaide, Australia Cryptanalysis of Brenner et al. s Somewhat Homomorphic Encryption Scheme Russell Paulet Xun Yi
More informationAn IBE Scheme to Exchange Authenticated Secret Keys
An IBE Scheme to Exchange Authenticated Secret Keys Waldyr Dias Benits Júnior 1, Routo Terada (Advisor) 1 1 Instituto de Matemática e Estatística Universidade de São Paulo R. do Matão, 1010 Cidade Universitária
More informationSecure Multiparty Computation: Introduction. Ran Cohen (Tel Aviv University)
Secure Multiparty Computation: Introduction Ran Cohen (Tel Aviv University) Scenario 1: Private Dating Alice and Bob meet at a pub If both of them want to date together they will find out If Alice doesn
More informationA Ring Signature Scheme with Strong Designated Verifiers to Provide Signer Anonymity
A Ring Signature Scheme with Strong Designated Verifiers to Provide Signer Anonymity Shin-Jia Hwang Department of Computer Science and Information Engineering,Tamkang University, Tamsui, Taipei Hsien,
More informationOther Topics in Cryptography. Truong Tuan Anh
Other Topics in Cryptography Truong Tuan Anh 2 Outline Public-key cryptosystem Cryptographic hash functions Signature schemes Public-Key Cryptography Truong Tuan Anh CSE-HCMUT 4 Outline Public-key cryptosystem
More informationDigital Multi Signature Schemes Premalatha A Grandhi
Digital Multi Signature Schemes Premalatha A Grandhi (pgrandhi@cise.ufl.edu) Digital Signatures can be classified into o Single Signatures o Multiple Signatures (multi-signatures) Types of Multiple Signatures
More informationCS 161 Authentication Protocols. Zero knowledge review
CS 161 Authentication Protocols 27 September 2006 2006 Doug Tygar 1 CS 161 27 September 2006 Zero knowledge review Goal: authenticate without leaking any information What you need to know about Rabin signatures:
More informationCHAPTER Identification Schemes Feige-Fiat-Shamir GUILLOU-QUISQUATER SCHNORR... CONVERTING IDENTIFICATION...
CHAPTER 2 1... 502 Identification Schemes... 502 Feige-Fiat-Shamir... 502 Simplified Feige-Fiat-Shamir Identificati... 502 Feige-Fia t-shamir Identification Scheme... 503 An Example... 504 Enhancements...
More informationAn Overview of Secure Multiparty Computation
An Overview of Secure Multiparty Computation T. E. Bjørstad The Selmer Center Department of Informatics University of Bergen Norway Prøveforelesning for PhD-graden 2010-02-11 Outline Background 1 Background
More informationOn Deniability in the Common Reference String and Random Oracle Model
On Deniability in the Common Reference String and Random Oracle Model Rafael Pass Department of Numerical Analysis and Computer Science Royal Institute of Technology, Stockholm, Sweden rafael@nada.kth.se
More informationIntroduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell
Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell 1 Cryptography Merriam-Webster Online Dictionary: 1. secret writing 2. the enciphering and deciphering
More information