Introduction to Security Reduction
|
|
- Jasmin Ferguson
- 5 years ago
- Views:
Transcription
1 springer.com Computer Science : Data Structures, Cryptology and Information Theory Springer 1st edition Printed book Hardcover Printed book Hardcover ISBN Ca. $ 109,00 Planned Discount group Professional Books (2) Product category Monograph Due st ed. 2018, 253 p. 4 illus. Guo, F., Susilo, W., Mu, Y., University of Wollongong, Wollongong, NSW, Australia Introduction to Security Reduction Security proofs are essential to public-key cryptography Illustrates important notions in security reductions Suitable for researchers and graduate students engaged with public-key cryptography This monograph illustrates important notions in security reductions and essential techniques in security reductions for group-based cryptosystems. Using digital signatures and encryption as examples, the authors explain how to program correct security reductions for those cryptographic primitives. Various schemes are selected and re-proven in this book to demonstrate and exemplify correct security reductions. This book is suitable for researchers and graduate students engaged with public-key cryptography. Order online at springer.com/booksellers Springer Customer Service Center LLC 233 Spring Street New York, NY USA T: SPRINGER NATURE ( ) or customerservice@springernature.com Prices and other details are subject to change without notice. All errors and omissions excepted. Americas: Tax will be added where applicable. Canadian residents please add PST, QST or GST. Please add $5.00 for shipping one book and $ 1.00 for each additional book. Outside the US and Canada add $ for first book, $5.00 for each additional book. If an order cannot be fulfilled within 90 days, payment will be refunded upon request. Prices are payable in US currency or its equivalent. ISBN / BIC: UMB / SPRINGER NATURE: SCI15009 Part of
2 Preface Security reduction is a very popular approach for proving security in public-key cryptography. With security reduction, roughly speaking, we can show that breaking a proposed scheme is as difficult as solving a mathematical hard problem. However, how to program a correct security reduction using an adversary s adaptive attack is rather complicated. The reason is that there is no universal security reduction for all proposed schemes. Security reductions given in cryptographic research papers are often hard for beginners to fully comprehend. To aid the beginners, some cryptography textbooks have illustrated how to correctly program security reductions with simpler examples. However, security reductions mentioned in research papers and previous textbooks are usually for specific schemes. The difference in security reductions for different schemes leads to confusion for the beginners. There is a need for a book that systematically introduces how to correctly program a security reduction for a cryptosystem, not for a specific scheme. With this in mind, we wrote this book, which we hope will help the reader understand how to correctly program a security reduction. The contents of this book, especially the foundations of security reductions, are based on our understanding and experience. The reader might find that the explanations of concepts are slightly different from those in other sources, because we have added some condiments to help the reader understand these concepts. For example, in a security reduction, the adversary is not a black-box adversary but a malicious adversary who has unbounded computational power. We thought this book would be completed within one year, but we underestimated its difficulty. It has taken more than four years to complete the writing of this book. There must still be errors that have not yet been found. We welcome any comments and suggestions. University of Wollongong, Australia Fuchun Guo, Willy Susilo, and Yi Mu May 2018 vii
3 Contents 1 Guide to This Book Notions, Definitions, and Models Digital Signatures Public-Key Encryption Identity-Based Encryption Further Reading Foundations of Group-Based Cryptography Finite Fields Definition Field Operations Field Choices Computations over a Prime Field Cyclic Groups Definitions Cyclic Groups of Prime Order Group Exponentiations Discrete Logarithms Cyclic Groups from Finite Fields Group Choice 1: Multiplicative Groups Group Choice 2: Elliptic Curve Groups Computations over a Group Bilinear Pairings Symmetric Pairing Asymmetric Pairing Computations over a Pairing Group Hash Functions Further Reading xi
4 xii Contents 4 Foundations of Security Reduction Introduction to Basic Concepts Mathematical Primitives and Superstructures Mathematical Problems and Problem Instances Cryptography, Cryptosystems, and Schemes Algorithm Classification Polynomial Time and Exponential Time Negligible and Non-negligible Insecure and Secure Easy and Hard Algorithm Classification Algorithms in Cryptography Hard Problems in Cryptography Security Levels Hard Problems and Hardness Assumptions Security Reductions and Security Proofs An Overview of Easy/Hard Problems Computational Easy Problems Computational Hard Problems Decisional Easy Problems Decisional Hard Problems How to Prove New Hard Problems Weak Assumptions and Strong Assumptions An Overview of Security Reduction Security Models Weak Security Models and Strong Security Models Proof by Testing Proof by Contradiction What Is Security Reduction? Real Scheme and Simulated Scheme Challenger and Simulator Real Attack and Simulation Attacks and Hard Problems Reduction Cost and Reduction Loss Loose Reduction and Tight Reduction Security Level Revisited Ideal Security Reduction An Overview of Correct Security Reduction What Should Bob Do? Understanding Security Reduction Successful Simulation and Indistinguishable Simulation Failed Attack and Successful Attack Useless Attack and Useful Attack Attack in Simulation Successful/Correct Security Reduction
5 Contents xiii Components of a Security Proof An Overview of the Adversary Black-Box Adversary What Is an Adaptive Attack? Malicious Adversary The Adversary in a Toy Game Adversary s Successful Attack and Its Probability Adversary s Computational Ability The Adversary s Computational Ability in a Reduction The Adversary in a Reduction What the Adversary Knows What the Adversary Never Knows How to Distinguish the Given Scheme How to Generate a Useless Attack Summary of Adversary An Overview of Probability and Advantage Definitions of Probability Definitions of Advantage Malicious Adversary Revisited Adaptive Choice Revisited Useless, Useful, Loose, and Tight Revisited Important Probability Formulas An Overview of Random and Independent What Are Random and Independent? Randomness Simulation with a General Function Randomness Simulation with a Linear System Randomness Simulation with a Polynomial Indistinguishable Simulation and Useful Attack Together Advantage and Probability in Absolutely Hard Problems An Overview of Random Oracles Security Proof with Random Oracles Hash Functions vs Random Oracles Hash List How to Program Security Reductions with Random Oracles Oracle Response and Its Probability Analysis Summary of Using Random Oracles Security Proofs for Digital Signatures Proof Structure Advantage Calculation Simulatable and Reducible Simulation of Secret Key Partition Tight Reduction and Loose Reduction Revisited Summary of Correct Security Reduction Security Proofs for Encryption Under Decisional Assumptions
6 xiv Contents Proof Structure Classification of Ciphertexts Classification of the Challenge Ciphertext Simulation of the Challenge Ciphertext Advantage Calculation Probability P T of Breaking the True Challenge Ciphertext Probability P F of Breaking the False Challenge Ciphertext Advantage Calculation Definition of One-Time Pad Examples of One-Time Pad Analysis of One-Time Pad Simulation of Decryption Simulation of Challenge Decryption Key Probability Analysis for P F Examples of Advantage Results for A K F and AI F Advantage Calculation Summary of Correct Security Reduction Security Proofs for Encryption Under Computational Assumptions Random and Independent Revisited One-Time Pad Revisited Solution to Hard Problem Revisited Simulation of Challenge Ciphertext Proof Structure Challenge Ciphertext and Challenge Hash Query Advantage Calculation Analysis of No Advantage Requirements of Decryption Simulation An Example of Decryption Simulation Summary of Correct Security Reduction Simulatable and Reducible with Random Oracles H-Type: Hashing to Group C-Type: Commutative I-Type: Inverse of Group Exponent Examples of Incorrect Security Reductions Example 1: Distinguishable Example 2: Useless Attack by Public Key Example 3: Useless Attack by Signature Examples of Correct Security Reductions One-Time Signature with Random Oracles One-Time Signature Without Random Oracles One-Time Signature with Indistinguishable Partition Summary of Concepts Concepts Related to Proof Preliminaries and Proof by Contradiction Security Reduction and Its Difficulty
7 Contents xv Simulation and Its Requirements Towards a Correct Security Reduction Other Confusing Concepts Digital Signatures with Random Oracles BLS Scheme BLS + Scheme BLS # Scheme BB RO Scheme ZSS Scheme ZSS + Scheme ZSS # Scheme BLS G Scheme Digital Signatures Without Random Oracles Boneh-Boyen Scheme Gentry Scheme GMS Scheme Waters Scheme Hohenberger-Waters Scheme Public-Key Encryption with Random Oracles Hashed ElGamal Scheme Twin Hashed ElGamal Scheme Iterated Hashed ElGamal Scheme Fujisaki-Okamoto Hashed ElGamal Scheme Public-Key Encryption Without Random Oracles ElGamal Scheme Cramer-Shoup Scheme Identity-Based Encryption with Random Oracles Boneh-Franklin Scheme Boneh-Boyen RO Scheme Park-Lee Scheme Sakai-Kasahara Scheme Identity-Based Encryption Without Random Oracles Boneh-Boyen Scheme Boneh-Boyen + Scheme Waters Scheme Gentry Scheme References
Contributions to pairing-based cryptography
University of Wollongong Research Online University of Wollongong Thesis Collection 1954-2016 University of Wollongong Thesis Collections 2010 Contributions to pairing-based cryptography Tsz Hon Yuen University
More informationEncryption from the Diffie-Hellman assumption. Eike Kiltz
Encryption from the Diffie-Hellman assumption Eike Kiltz Elliptic curve public-key crypto Key-agreement Signatures Encryption Diffie-Hellman 76 passive security ElGamal 84 passive security Hybrid DH (ECDH)
More informationCS408 Cryptography & Internet Security
CS408 Cryptography & Internet Security Lectures 16, 17: Security of RSA El Gamal Cryptosystem Announcement Final exam will be on May 11, 2015 between 11:30am 2:00pm in FMH 319 http://www.njit.edu/registrar/exams/finalexams.php
More informationIND-CCA2 secure cryptosystems, Dan Bogdanov
MTAT.07.006 Research Seminar in Cryptography IND-CCA2 secure cryptosystems Dan Bogdanov University of Tartu db@ut.ee 1 Overview Notion of indistinguishability The Cramer-Shoup cryptosystem Newer results
More informationMTAT Research Seminar in Cryptography IND-CCA2 secure cryptosystems
MTAT.07.006 Research Seminar in Cryptography IND-CCA2 secure cryptosystems Dan Bogdanov October 31, 2005 Abstract Standard security assumptions (IND-CPA, IND- CCA) are explained. A number of cryptosystems
More informationBrief Introduction to Provable Security
Brief Introduction to Provable Security Michel Abdalla Département d Informatique, École normale supérieure michel.abdalla@ens.fr http://www.di.ens.fr/users/mabdalla 1 Introduction The primary goal of
More informationOn the Security of a Certificateless Public-Key Encryption
On the Security of a Certificateless Public-Key Encryption Zhenfeng Zhang, Dengguo Feng State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100080,
More informationIntroduction to Public-Key Cryptography
Introduction to Public-Key Cryptography Nadia Heninger University of Pennsylvania June 11, 2018 We stand today on the brink of a revolution in cryptography. Diffie and Hellman, 1976 Symmetric cryptography
More informationCRYPTOGRAPHY AGAINST CONTINUOUS MEMORY ATTACKS
CRYPTOGRAPHY AGAINST CONTINUOUS MEMORY ATTACKS Yevgeniy Dodis, Kristiyan Haralambiev, Adriana Lopez-Alt and Daniel Wichs NYU NY Area Crypto Reading Group Continuous Leakage Resilience (CLR): A Brief History
More informationGroup-based Proxy Re-encryption Scheme Secure against Chosen Ciphertext Attack
International Journal of Network Security, Vol.8, No., PP.266 270, May 2009 266 Group-based Proxy Re-encryption Scheme Secure against Chosen Ciphertext Attack Chunbo Ma and Jun Ao (Corresponding author:
More informationImprovement of Camenisch-Neven-Shelat Oblivious Transfer Scheme
Improvement of Camenisch-Neven-Shelat Oblivious Transfer Scheme Zhengjun Cao and Hanyue Cao Department of Mathematics, Shanghai University, Shanghai, China caozhj@shu.edu.cn Abstract. In 2007, Camenisch,
More informationUnderstanding Cryptography by Christof Paar and Jan Pelzl. Chapter 9 Elliptic Curve Cryptography
Understanding Cryptography by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 9 Elliptic Curve Cryptography ver. February 2nd, 2015 These slides were prepared by Tim Güneysu, Christof Paar
More informationEfficient Re-Keyed Encryption Schemes for Secure Communications
I J E E E C International Journal of Electrical, Electronics ISSN No. (Online): 2277-2626 and Computer Engineering 3(2): 132-137(2014) Efficient Re-Keyed Encryption Schemes for Secure Communications Md
More informationIntroduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption
Introduction to Cryptography and Security Mechanisms: Unit 5 Public-Key Encryption Learning Outcomes Explain the basic principles behind public-key cryptography Recognise the fundamental problems that
More informationPublic-Key Cryptography
Computer Security Spring 2008 Public-Key Cryptography Aggelos Kiayias University of Connecticut A paradox Classic cryptography (ciphers etc.) Alice and Bob share a short private key using a secure channel.
More informationA Survey of Certificateless Encryption Schemes and Security Models
A Survey of Certificateless Encryption Schemes and Security Models Alexander W. Dent Information Security Group, Royal Holloway, Egham Hill, Egham, Surrey, U.K. a.dent@rhul.ac.uk Abstract. In this paper
More informationComputer Security CS 526
Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability
More informationAn Efficient ID-KEM Based On The Sakai Kasahara Key Construction
An Efficient ID-KEM Based On The Sakai Kasahara Key Construction L. Chen 1, Z. Cheng 2, J. Malone Lee 3, and N.P. Smart 3 1 Hewlett-Packard Laboratories, Filton Road, Stoke Gifford, Bristol, BS34 8QZ,
More informationIntroduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell
Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell 1 Cryptography Merriam-Webster Online Dictionary: 1. secret writing 2. the enciphering and deciphering
More informationAdvanced Cryptography 1st Semester Symmetric Encryption
Advanced Cryptography 1st Semester 2007-2008 Pascal Lafourcade Université Joseph Fourrier, Verimag Master: October 22th 2007 1 / 58 Last Time (I) Security Notions Cyclic Groups Hard Problems One-way IND-CPA,
More informationINDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Stamp / Signature of the Invigilator
INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Stamp / Signature of the Invigilator EXAMINATION ( End Semester ) SEMESTER ( Spring ) Roll Number Section Name Subject Number C S 6 0 0 8 8 Subject Name Foundations
More informationCryptography and Network Security
Cryptography and Network Security CRYPTOGRAPHY AND NETWORK SECURITY PRAKASH C. GUPTA Former Head Department of Information Technology Maharashtra Institute of Technology Pune Delhi-110092 2015 CRYPTOGRAPHY
More informationAn Improved Remote User Authentication Scheme with Smart Cards using Bilinear Pairings
An Improved Remote User Authentication Scheme with Smart Cards using Bilinear Pairings Debasis Giri and P. D. Srivastava Department of Mathematics Indian Institute of Technology, Kharagpur 721 302, India
More informationAn IBE Scheme to Exchange Authenticated Secret Keys
An IBE Scheme to Exchange Authenticated Secret Keys Waldyr Dias Benits Júnior 1, Routo Terada (Advisor) 1 1 Instituto de Matemática e Estatística Universidade de São Paulo R. do Matão, 1010 Cidade Universitária
More informationChannel Coding and Cryptography Part II: Introduction to Cryptography
Channel Coding and Cryptography Part II: Introduction to Cryptography Prof. Dr.-Ing. habil. Andreas Ahrens Communications Signal Processing Group, University of Technology, Business and Design Email: andreas.ahrens@hs-wismar.de
More informationPublic Key Cryptography
graphy CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L07, Steve/Courses/2011/S2/CSS322/Lectures/rsa.tex,
More informationREMOVE KEY ESCROW FROM THE IDENTITY-BASED ENCRYPTION SYSTEM
REMOVE KEY ESCROW FROM THE IDENTITY-BASED ENCRYPTION SYSTEM Zhaohui Cheng, Richard Comley Luminita Vasiu School of Computing Science, Middlesex University White Hart Lane, London N17 8HR, United Kingdom
More informationTable of Contents. Preface... vii Abstract... vii Kurzfassung... x Acknowledgements... xiii. I The Preliminaries 1
Preface............................................ vii Abstract............................................ vii Kurzfassung.......................................... x Acknowledgements......................................
More informationSecurity of Identity Based Encryption - A Different Perspective
Security of Identity Based Encryption - A Different Perspective Priyanka Bose and Dipanjan Das priyanka@cs.ucsb.edu,dipanjan@cs.ucsb.edu Department of Computer Science University of California Santa Barbara
More informationPseudorandomness and Cryptographic Applications
Pseudorandomness and Cryptographic Applications Michael Luby PRINCETON UNIVERSITY PRESS PRINCETON, NEW JERSEY Overview and Usage Guide Mini-Courses Acknowledgments ix xiii xv Preliminaries 3 Introduction
More informationPublic-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7
Public-Key Cryptography Professor Yanmin Gong Week 3: Sep. 7 Outline Key exchange and Diffie-Hellman protocol Mathematical backgrounds for modular arithmetic RSA Digital Signatures Key management Problem:
More informationThe Twin Diffie-Hellman Problem and Applications
An extended abstract of this paper appears in Advances in Cryptology EUROCRYPT 08, Lecture Notes in Computer Science Vol.????, N. Smart ed., Springer-Verlag, 2008. This is the full version. The Twin Diffie-Hellman
More informationFine-Grained Data Sharing Supporting Attribute Extension in Cloud Computing
wwwijcsiorg 10 Fine-Grained Data Sharing Supporting Attribute Extension in Cloud Computing Yinghui Zhang 12 1 National Engineering Laboratory for Wireless Security Xi'an University of Posts and Telecommunications
More informationLecture 3.4: Public Key Cryptography IV
Lecture 3.4: Public Key Cryptography IV CS 436/636/736 Spring 2012 Nitesh Saxena Course Administration HW1 submitted Trouble with BB Trying to check with BB support HW1 solution will be posted very soon
More informationInter-domain Identity-based Proxy Re-encryption
Inter-domain Identity-based Proxy Re-encryption Qiang Tang, Pieter Hartel, Willem Jonker Faculty of EWI, University of Twente, the Netherlands {q.tang, pieter.hartel, jonker}@utwente.nl August 19, 2008
More informationCryptography Today. Ali El Kaafarani. Mathematical Institute Oxford University. 1 of 44
Cryptography Today Ali El Kaafarani Mathematical Institute Oxford University 1 of 44 About the Course Regular classes with worksheets so you can work with some concrete examples (every Friday at 1pm).
More informationHierarchical Identity-Based Online/Offline Encryption
University of Wollongong Research Online Faculty of Informatics - Papers Archive Faculty of Engineering and Information Sciences 2008 Hierarchical Identity-Based Online/Offline Encryption Zhongren Liu
More informationThe most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who
1 The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who exchange messages from any third party. However, it does
More informationECC Elliptic Curve Cryptography. Foundations of Cryptography - ECC pp. 1 / 31
ECC Elliptic Curve Cryptography Foundations of Cryptography - ECC pp. 1 / 31 Elliptic Curve an elliptic curve E is a smooth, projective, algebraic curve defined by the following equation: y 2 3 2 a xy
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationRSA Cryptography in the Textbook and in the Field. Gregory Quenell
RSA Cryptography in the Textbook and in the Field Gregory Quenell 1 In the beginning... 2 In the beginning... Diffie and Hellman 1976: A one-way function can be used to pass secret information over an insecure
More informationVerifiably Encrypted Signature Scheme with Threshold Adjudication
Verifiably Encrypted Signature Scheme with Threshold Adjudication M. Choudary Gorantla and Ashutosh Saxena Institute for Development and Research in Banking Technology Road No. 1, Castle Hills, Masab Tank,
More informationAttribute-based encryption with encryption and decryption outsourcing
Edith Cowan University Research Online Australian Information Security Management Conference Conferences, Symposia and Campus Events 2014 Attribute-based encryption with encryption and decryption outsourcing
More informationApplied Cryptography and Computer Security CSE 664 Spring 2018
Applied Cryptography and Computer Security Lecture 13: Public-Key Cryptography and RSA Department of Computer Science and Engineering University at Buffalo 1 Public-Key Cryptography What we already know
More informationPublic-Key Cryptanalysis
http://www.di.ens.fr/ pnguyen INRIA and École normale supérieure, Paris, France MPRI, 2010 Outline 1 Introduction Asymmetric Cryptology Course Overview 2 Textbook RSA 3 Euclid s Algorithm Applications
More informationINDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Stamp / Signature of the Invigilator
INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Stamp / Signature of the Invigilator EXAMINATION ( Mid Semester ) SEMESTER ( Spring ) Roll Number Section Name Subject Number C S 6 0 0 8 8 Subject Name Foundations
More informationCertificateless Onion Routing
Certificateless Onion Routing Dario Catalano Dipartimento di Matematica e Informatica Università di Catania - Italy catalano@dmi.unict.it Dario Fiore Dipartimento di Matematica e Informatica Università
More informationThe Twin Diffie-Hellman Problem and Applications
The Twin Diffie-Hellman Problem and Applications David Cash, Eike Kiltz, and Victor Shoup Abstract. We propose a new computational problem called the twin Diffie-Hellman problem. This problem is closely
More informationOn the Application of Generic CCA-Secure Transformations to Proxy Re-Encryption
D. Nuñez, I. Agudo, and J. Lopez, On the Application of Generic CCA-Secure Transformations to Proxy Re-Encryption, Security and Communication Networks, vol. 9, pp. 1769-1785, 2016. http://doi.org/10.1002/sec.1434
More informationSecurity Analysis of Batch Verification on Identity-based Signature Schemes
Proceedings of the 11th WSEAS International Conference on COMPUTERS, Agios Nikolaos, Crete Island, Greece, July 26-28, 2007 50 Security Analysis of Batch Verification on Identity-based Signature Schemes
More informationTightly-Secure Authenticated Key Exchange without NAXOS Approach Based on Decision Linear Problem
Open Access Library Journal 016, Volume 3, e3033 ISSN Online: 333-971 ISSN Print: 333-9705 Tightly-Secure Authenticated Key Exchange without NAXOS Approach Based on Decision Linear Problem Mojahed Mohamed
More informationElliptic Curve Public Key Cryptography
Why? Elliptic Curve Public Key Cryptography ECC offers greater security for a given key size. Why? Elliptic Curve Public Key Cryptography ECC offers greater security for a given key size. The smaller key
More informationThis chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest
1 2 3 This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest PKCS, Diffie- Hellman key exchange. This first published
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Michael J. Fischer Lecture 4 September 11, 2017 CPSC 467, Lecture 4 1/23 Analyzing Confidentiality of Cryptosystems Secret ballot elections Information protection Adversaries
More informationComputer Security 3/23/18
s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks
More informationPart VI. Public-key cryptography
Part VI Public-key cryptography Drawbacks with symmetric-key cryptography Symmetric-key cryptography: Communicating parties a priori share some secret information. Secure Channel Alice Unsecured Channel
More informationIntroduction to Cryptography and Security Mechanisms. Abdul Hameed
Introduction to Cryptography and Security Mechanisms Abdul Hameed http://informationtechnology.pk Before we start 3 Quiz 1 From a security perspective, rather than an efficiency perspective, which of the
More informationCryptography: More Primitives
Design and Analysis of Algorithms May 8, 2015 Massachusetts Institute of Technology 6.046J/18.410J Profs. Erik Demaine, Srini Devadas and Nancy Lynch Recitation 11 Cryptography: More Primitives 1 Digital
More informationASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1
ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters
More informationASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1
ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters
More informationCryptanalysis on Two Certificateless Signature Schemes
Int. J. of Computers, Communications & Control, ISSN 1841-9836, E-ISSN 1841-9844 Vol. V (2010), No. 4, pp. 586-591 Cryptanalysis on Two Certificateless Signature Schemes F. Zhang, S. Li, S. Miao, Y. Mu,
More informationMulti-authority attribute based encryption with honest-but-curious central authority
Proceedings of the 10th International Conference on Computational and Mathematical Methods in Science and Engineering, CMMSE 2010 27 30 June 2010. Multi-authority attribute based encryption with honest-but-curious
More informationProvably Secure and Efficient Cryptography
Provably Secure and Efficient Cryptography Tsuyoshi TAKAGI TU Darmstadt ttakagi@cdc.informatik.tu-darmstadt.de http://www.informatik.tu-darmstadt.de/ti/ Contents Overview NICE Cryptosystem Provable Security
More informationCrypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))
Introduction (Mihir Bellare Text/Notes: http://cseweb.ucsd.edu/users/mihir/cse207/) Cryptography provides: Data Privacy Data Integrity and Authenticity Crypto-systems all around us ATM machines Remote
More informationSecurely Combining Public-Key Cryptosystems
Securely Combining Public-Key Cryptosystems Stuart Haber Benny Pinkas STAR Lab, Intertrust Tech. 821 Alexander Road Princeton, NJ 08540 {stuart,bpinkas}@intertrust.com Abstract It is a maxim of sound computer-security
More informationIntroduction to Cryptography Lecture 7
Introduction to Cryptography Lecture 7 El Gamal Encryption RSA Encryption Benny Pinkas page 1 1 Public key encryption Alice publishes a public key PK Alice. Alice has a secret key SK Alice. Anyone knowing
More informationWhat Can Be Proved About Security?
What Can Be Proved About Security? Palash Sarkar Applied Statistics Unit Indian Statistical Institute, Kolkata India palash@isical.ac.in Centre for Artificial Intelligence and Robotics Bengaluru 23 rd
More informationWeak adaptive chosen ciphertext secure hybrid encryption scheme
Weak adaptive chosen ciphertext secure hybrid encryption scheme Xianhui Lu 1, Xuejia Lai 2, Dake He 1, Guomin Li 1 Email:luxianhui@gmail.com 1:School of Information Science & Technology, SWJTU, Chengdu,
More informationEfficient chosen ciphertext secure PKE scheme with short ciphertext
Efficient chosen ciphertext secure PKE scheme with short ciphertext Xianhui Lu 1, Xuejia Lai 2, Dake He 1, Guomin Li 1 Email:lu xianhui@gmail.com 1:School of Information Science & Technology, SWJTU, Chengdu,
More informationStudy Guide for the Final Exam
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Handout #22 Professor M. J. Fischer April 30, 2005 1 Exam Coverage Study Guide for the Final Exam The final
More informationIntroduction to Cryptography Lecture 7
Introduction to Cryptography Lecture 7 Public-Key Encryption: El-Gamal, RSA Benny Pinkas page 1 1 Public key encryption Alice publishes a public key PK Alice. Alice has a secret key SK Alice. Anyone knowing
More informationIntroduction. Cambridge University Press Mathematics of Public Key Cryptography Steven D. Galbraith Excerpt More information
1 Introduction Cryptography is an interdisciplinary field of great practical importance. The subfield of public key cryptography has notable applications, such as digital signatures. The security of a
More informationTECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 31 October 2017
Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 31 October 2017 Name : TU/e student number : Exercise 1 2 3 4 5 6 total points Notes: Please hand in this sheet at the end of the exam.
More informationPublic Key Cryptography and RSA
Public Key Cryptography and RSA Major topics Principles of public key cryptosystems The RSA algorithm The Security of RSA Motivations A public key system is asymmetric, there does not have to be an exchange
More informationDefinitions and Notations
Chapter 2 Definitions and Notations In this chapter, we present definitions and notation. We start with the definition of public key encryption schemes and their security models. This forms the basis of
More informationOn the Security of Group-based Proxy Re-encryption Scheme
On the Security of Group-based Proxy Re-encryption Scheme Purushothama B R 1, B B Amberker Department of Computer Science and Engineering National Institute of Technology Warangal Warangal, Andhra Pradesh-506004,
More informationLecture IV : Cryptography, Fundamentals
Lecture IV : Cryptography, Fundamentals Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University Spring 2012 Basic Principles
More informationCS Network Security. Nasir Memon Polytechnic University Module 7 Public Key Cryptography. RSA.
CS 393 - Network Security Nasir Memon Polytechnic University Module 7 Public Key Cryptography. RSA. Course Logistics Homework 2 revised. Due next Tuesday midnight. 2/26,28/02 Module 7 - Pubic Key Crypto
More informationA New Hierarchical ID-Based Cryptosystem and CCA-Secure PKE
A New Hierarchical ID-Based Cryptosystem and CCA-Secure PKE Jin Li 1, Fangguo Zhang 2,3, and Yanming Wang 1,4 1 School of Mathematics and Computational Science, Sun Yat-sen University, Guangzhou, 510275,
More informationPublic Key Algorithms
Public Key Algorithms 1 Public Key Algorithms It is necessary to know some number theory to really understand how and why public key algorithms work Most of the public key algorithms are based on modular
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 2 Basics 2.2 Public Key Cryptography Encryption/Decryption using Public Key Cryptography
More informationNetwork Security. Chapter 4 Public Key Cryptography. Public Key Cryptography (4) Public Key Cryptography
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Encryption/Decryption using Public Key Cryptography Network Security Chapter 4 Public Key Cryptography However,
More informationRelaxing IND-CCA: Indistinguishability Against Chosen. Chosen Ciphertext Verification Attack
Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Indian Statistical Institute Kolkata January 14, 2012 Outline 1 Definitions Encryption Scheme IND-CPA IND-CCA IND-CCVA
More informationRSA. Public Key CryptoSystem
RSA Public Key CryptoSystem DIFFIE AND HELLMAN (76) NEW DIRECTIONS IN CRYPTOGRAPHY Split the Bob s secret key K to two parts: K E, to be used for encrypting messages to Bob. K D, to be used for decrypting
More informationSecure Multiparty Computation
CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationSECURE AND ANONYMOUS HYBRID ENCRYPTION FROM CODING THEORY
SECURE AND ANONYMOUS HYBRID ENCRYPTION FROM CODING THEORY Edoardo Persichetti University of Warsaw 06 June 2013 (UNIVERSITY OF WARSAW) SECURE AND ANONYMOUS KEM 06 JUNE 2013 1 / 20 Part I PRELIMINARIES
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Public Key Cryptography Modular Arithmetic RSA
More informationKey Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings
Key Exchange References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings Outlines Primitives Root Discrete Logarithm Diffie-Hellman ElGamal Shamir s Three Pass
More informationStructure-Preserving Certificateless Encryption and Its Application
SESSION ID: CRYP-T06 Structure-Preserving Certificateless Encryption and Its Application Prof. Sherman S. M. Chow Department of Information Engineering Chinese University of Hong Kong, Hong Kong @ShermanChow
More informationElliptic Curve Cryptography
Elliptic Curve Cryptography Dimitri Dimoulakis, Steve Jones, and Lee Haughton May 05 2000 Abstract. Elliptic curves can provide methods of encryption that, in some cases, are faster and use smaller keys
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationSecure digital certificates with a blockchain protocol
Secure digital certificates with a blockchain protocol Federico Pintore 1 Trento, 10 th February 2017 1 University of Trento Federico Pintore Blockchain and innovative applications Trento, 10 th February
More informationDigital Signatures. KG November 3, Introduction 1. 2 Digital Signatures 2
Digital Signatures KG November 3, 2017 Contents 1 Introduction 1 2 Digital Signatures 2 3 Hash Functions 3 3.1 Attacks.................................... 4 3.2 Compression Functions............................
More informationHow to Construct Identity-Based Signatures without the Key Escrow Problem
How to Construct Identity-Based Signatures without the Key Escrow Problem Tsz Hon Yuen, Willy Susilo, and Yi Mu University of Wollongong, Australia {thy738, wsusilo, ymu}@uow.edu.au Abstract. The inherent
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationSecurity of Cryptosystems
Security of Cryptosystems Sven Laur swen@math.ut.ee University of Tartu Formal Syntax Symmetric key cryptosystem m M 0 c Enc sk (m) sk Gen c sk m Dec sk (c) A randomised key generation algorithm outputs
More informationGroup Oriented Identity-Based Deniable Authentication Protocol from the Bilinear Pairings
International Journal of Network Security, Vol.5, No.3, PP.283 287, Nov. 2007 283 Group Oriented Identity-Based Deniable Authentication Protocol from the Bilinear Pairings Rongxing Lu and Zhenfu Cao (Corresponding
More information10.1 Introduction 10.2 Asymmetric-Key Cryptography Asymmetric-Key Cryptography 10.3 RSA Cryptosystem
[Part 2] Asymmetric-Key Encipherment Asymmetric-Key Cryptography To distinguish between two cryptosystems: symmetric-key and asymmetric-key; To discuss the RSA cryptosystem; To introduce the usage of asymmetric-key
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 6 Introduction to Public-Key Cryptography ver. November 18, 2010 These
More informationRandom Oracles - OAEP
Random Oracles - OAEP Anatoliy Gliberman, Dmitry Zontov, Patrick Nordahl September 23, 2004 Reading Overview There are two papers presented this week. The first paper, Random Oracles are Practical: A Paradigm
More information