CSC 5930/9010 Modern Cryptography: Public Key Cryptography

Similar documents
CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure

Chapter 10 : Private-Key Management and the Public-Key Revolution

CSC 5930/9010 Modern Cryptography: Digital Signatures

Applied Cryptography and Computer Security CSE 664 Spring 2018

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Cryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1

CSC 5930/9010 Modern Cryptography: Cryptographic Hashing

Message Authentication ( 消息认证 )

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Cryptography. Andreas Hülsing. 6 September 2016

Paper presentation sign up sheet is up. Please sign up for papers by next class. Lecture summaries and notes now up on course webpage

Homework 3: Solution

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Computer Security CS 526

CSC/ECE 774 Advanced Network Security

Chapter 11 : Private-Key Encryption

Secure Multiparty Computation

Public Key Algorithms

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena

1. Diffie-Hellman Key Exchange

Session key establishment protocols

CS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong

Session key establishment protocols

CS 161 Computer Security

18733: Applied Cryptography Anupam Datta (CMU) Basic key exchange. Dan Boneh

Cryptography CS 555. Topic 1: Course Overview & What is Cryptography

CSC 474/574 Information Systems Security

Auth. Key Exchange. Dan Boneh

CSC 774 Network Security

Lecture 15: Public Key Encryption: I

Authentication Handshakes

Katz, Lindell Introduction to Modern Cryptrography

Security of Cryptosystems

CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Spring 2010: CS419 Computer Security

Public-Key Cryptography

Cryptography CS 555. Topic 8: Modes of Encryption, The Penguin and CCA security

Cryptography. Lecture 12. Arpita Patra

Key Agreement. Guilin Wang. School of Computer Science, University of Birmingham

Public-Key Encryption, Key Exchange, Digital Signatures CMSC 23200/33250, Autumn 2018, Lecture 7

RSA Cryptography in the Textbook and in the Field. Gregory Quenell

CSCI 5440: Cryptography Lecture 5 The Chinese University of Hong Kong, Spring and 6 February 2018

1 Identification protocols

Applied Cryptography and Computer Security CSE 664 Spring 2017

Key Exchange. Secure Software Systems

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

IND-CCA2 secure cryptosystems, Dan Bogdanov

Lecture 07: Private-key Encryption. Private-key Encryption

T Cryptography and Data Security

CIS 6930/4930 Computer and Network Security. Topic 6.2 Authentication Protocols

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

CIS 4360 Secure Computer Systems Applied Cryptography

Public-Key Encryption

Lecture 20: Public-key Encryption & Hybrid Encryption. Public-key Encryption

Introduction. Cambridge University Press Mathematics of Public Key Cryptography Steven D. Galbraith Excerpt More information

CPSC 467: Cryptography and Computer Security

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

CS408 Cryptography & Internet Security

CSE 127: Computer Security Cryptography. Kirill Levchenko

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

2 Secure Communication in Private Key Setting

Crypto Background & Concepts SGX Software Attestation

Lecture 2 Applied Cryptography (Part 2)

Lecture 6 - Cryptography

Cryptography Lecture 4. Attacks against Block Ciphers Introduction to Public Key Cryptography. November 14, / 39

Lecture 3.4: Public Key Cryptography IV

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

Lecture 6.2: Protocols - Authentication and Key Exchange II. CS 436/636/736 Spring Nitesh Saxena. Course Admin

Encryption. INST 346, Section 0201 April 3, 2018

Lecture 1: Perfect Security

Overview. Public Key Algorithms I

Authenticated encryption

CS 161 Computer Security

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Information Security CS526

ISA 562: Information Security, Theory and Practice. Lecture 1

2.1 Basic Cryptography Concepts

Brief Introduction to Provable Security

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

Crypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

Public Key Algorithms

Lecture 10, Zero Knowledge Proofs, Secure Computation

Online Cryptography Course. Basic key exchange. Trusted 3 rd par7es. Dan Boneh

CSC 474/574 Information Systems Security

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?

Grenzen der Kryptographie

Goals of Modern Cryptography

Chapter 9. Public Key Cryptography, RSA And Key Management

Cryptographic Systems

Lecture 7.1: Private-key Encryption. Lecture 7.1: Private-key Encryption

Public Key Algorithms

HOST Cryptography I ECE 525. Cryptography Handbook of Applied Cryptography &

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Transcription:

CSC 5930/9010 Modern Cryptography: Public Key Cryptography Professor Henry Carter Fall 2018

Recap Number theory provides useful tools for manipulating integers and primes modulo a large value Abstract algebra lets us define groups and how group values behave under some operation Number-theoretic "hard problems" provide the foundational assumptions for modern cryptography Factoring RSA Discrete Logarithm Computational/Decisional Diffie-Hellman

Symmetric-Key Cryptography Symmetric-key constructions provide a lot of useful security guarantees Secrecy, integrity, etc. These constructions are efficient and common in practice There is one logistical issue that we have not solved What's the major shortcoming of shared-key encryption?

Key Distribution All symmetric-key constructions assume both parties are able to share a key at some point This could happen a number of ways: In-person meeting Using a secure channel If there is already a way to exchange messages (keys) securely, why do we need cryptography?

Challenges with key management Key distribution How do I share a key securely? Key management How do I store keys for all potential contacts? Open systems How do I interact with contacts I have never met before?

Key Distribution Centers A key distribution center (KDC) provides key storage and distribution within a closed organization All members of the organization share a key with the KDC To establish a communication key with another organization member, users contact the KDC, who distributes session keys to the participants

KDC pros and cons Solves 2 of 3 symmetric key issues Still not applicable to open systems Introduces two issues Presents a high-value target for attackers Is a single point of failure for system availability How useful is this idea?

Needham-Schroeder The Needham-Schroeder protocol is used to produce and share session keys with a KDC Forms the basis for Kerberos, which is used in Microsoft AD and other authentication systems All users maintain a long-term key with the KDC For each communication, the KDC generates a session key and sends it to the recipient through the sender encapsulated in a "ticket"

N-S Protocol

Key Exchange Protocols For open systems, we still need a way to communicate keying information without a private pre-existing channel In 1976, Diffie and Hellman devised a scheme to agree on a random key based on a computationally hard problem A truly revolutionary discovery in modern cryptography! Key exchange protocols are the broad category of protocols designed to achieve this goal

Key Exchanges Goal: Alice and Bob wish to establish a shared secret to begin a cryptographically-secure conversation Setting: all communication may be recorded by an eavesdropping adversary Security: we want the agreed upon key to be indistinguishable from a random choice of key

KE Experiment

The Diffie-Hellman Key Exchange Based on the decisional DH problem Allows parties to agree on a random group element This group element must be converted into a bitstring before use as a key The protocol is secure against passive adversaries only! An active adversary may perform a man-in-the-middle attack

D-H Key Exchange

What do we have now? D-H key exchange is NOT an encryption scheme Very different definitions and security goals D-H key exchange is still hampered by the need for authentication This would solve the MITM attack mentioned previously D-H is still used today! As a component of TLS

The Public-Key Revolution Diffie and Hellman additionally proposed a concept for public-key encryption, allowing for encryption keys to be exchanged publicly The first instance of a public key scheme did not appear until 1977 with the development of RSA These discoveries set off a chain of research that changed cryptography and set the stage for modern network security

Public-Key Ideas Instead of sharing a key for encryption and decryption, use a public key for encryption and a private key for decryption Simplifies key distribution Instead of sharing verification keys, use a private signing key and a public verification key Provides non-repudiation in addition to message integrity (Mostly) solves all of the problems from the symmetrickey setting

Problems Solved Key distribution: send out the public key in the clear Still assumes an authenticated channel! Key management: store/retrieve public keys in a central bulletin board No security threat if compromised Open environment: exchange public keys and start talking! Assuming some shared or mutual authenticating information Con: orders of magnitude slower than symmetric-key encryption If you can use symmetric-key, do!

Public Key Encryption Gen(1 n ): takes a security parameter as input and outputs a pair (pk, sk) Enc pk(m): takes as input a public key and a message and outputs a ciphertext c Dec sk(c): takes as input a secret key and a ciphertext and outputs the underlying message Correctness is only required except with negligible probability

Security Guarantees As in the symmetric-key setting, we have many definitions of security EAV, CPA, and mult-cpa all have analogous formulations in the public-key setting What's the major improvement in power that an adversary with a public-key has?

<latexit sha1_base64="y2quypbde3o8oifuijfjliatu6w=">aaae+hicdvrlb9naehabqce8c0cui7qifniqzgwehhhwihegsg2pvkfrejoov7hxznfdelz/f26ik78g/g2zblollewlk3nsfdpftw7zrbrb7f5zwm40l11euxk1de36jzu3bq/e2tvzoqxuiczj9f7idszs4y6vnsg9xcnpwwq/h5m3lv75elwrmdq20xwhkr8rgunblbmgq8u/t77mqgwkyglrf+ghgxl5ytusg5tbwpckffv1gr6s2mqdpwsfiy6lklevkwpuswof0mik71dv/4hlkw6ycypcsdugrog2f0c1s8ttgigphcsup8dmujcqbsbyejw7hafxi8gkmxfwaeuh3u469bkcxaipyze5jue50k9/zm6d4fdqkjloizq0vgibvbcu3y4fvgwzckd1jvoaexakgfmudxyew0omy3xstdnhum7azovozj0wez/io2nz8dtpy+0grnhl5po/bwrotqsss8wwzjmsboogfaaazw+1rvqkumxmcaqohj7mji8wisaugbmhdgebbu443b14i4iwx9yavcosde2+kcbmpio5ehcf6gqkeunuhcwivecmoxnplccpqhvr1e6gqvfoxhfway+arngu+v3t/3jna16iqq4kx4kcs9c6kpsogtpnzgakevmqt2dk4psqhlwtvt7/n/pgjj+a2b84xr5aegkusr8qexu8rhts/gsjpxcob691n7v1gyugpzpwvnnpd1exvojrjgr3fetcjdn3u7kdlfxbkrkn9mjgzswej3gftmvtnioyfomvpcdpqn5vlnftqr3zfsvpjzmmiww60cz5mhp+k7zf2ojpojskveomntskistp0z1ogemnwiztmrjqkrccidmtxxjpczepzh0lakbknffinpywhzqdqavzzy/qorhb2/tj/trbe/l6tsqr3j3vvtf2fo+j99j77/w9hu80xjsworpz81vze/nh8+dj6vlsroaut3cav/4c/hubxq==</latexit> <latexit sha1_base64="y2quypbde3o8oifuijfjliatu6w=">aaae+hicdvrlb9naehabqce8c0cui7qifniqzgwehhhwihegsg2pvkfrejoov7hxznfdelz/f26ik78g/g2zblollewlk3nsfdpftw7zrbrb7f5zwm40l11euxk1de36jzu3bq/e2tvzoqxuiczj9f7idszs4y6vnsg9xcnpwwq/h5m3lv75elwrmdq20xwhkr8rgunblbmgq8u/t77mqgwkyglrf+ghgxl5ytusg5tbwpckffv1gr6s2mqdpwsfiy6lklevkwpuswof0mik71dv/4hlkw6ycypcsdugrog2f0c1s8ttgigphcsup8dmujcqbsbyejw7hafxi8gkmxfwaeuh3u469bkcxaipyze5jue50k9/zm6d4fdqkjloizq0vgibvbcu3y4fvgwzckd1jvoaexakgfmudxyew0omy3xstdnhum7azovozj0wez/io2nz8dtpy+0grnhl5po/bwrotqsss8wwzjmsboogfaaazw+1rvqkumxmcaqohj7mji8wisaugbmhdgebbu443b14i4iwx9yavcosde2+kcbmpio5ehcf6gqkeunuhcwivecmoxnplccpqhvr1e6gqvfoxhfway+arngu+v3t/3jna16iqq4kx4kcs9c6kpsogtpnzgakevmqt2dk4psqhlwtvt7/n/pgjj+a2b84xr5aegkusr8qexu8rhts/gsjpxcob691n7v1gyugpzpwvnnpd1exvojrjgr3fetcjdn3u7kdlfxbkrkn9mjgzswej3gftmvtnioyfomvpcdpqn5vlnftqr3zfsvpjzmmiww60cz5mhp+k7zf2ojpojskveomntskistp0z1ogemnwiztmrjqkrccidmtxxjpczepzh0lakbknffinpywhzqdqavzzy/qorhb2/tj/trbe/l6tsqr3j3vvtf2fo+j99j77/w9hu80xjsworpz81vze/nh8+dj6vlsroaut3cav/4c/hubxq==</latexit> <latexit sha1_base64="y2quypbde3o8oifuijfjliatu6w=">aaae+hicdvrlb9naehabqce8c0cui7qifniqzgwehhhwihegsg2pvkfrejoov7hxznfdelz/f26ik78g/g2zblollewlk3nsfdpftw7zrbrb7f5zwm40l11euxk1de36jzu3bq/e2tvzoqxuiczj9f7idszs4y6vnsg9xcnpwwq/h5m3lv75elwrmdq20xwhkr8rgunblbmgq8u/t77mqgwkyglrf+ghgxl5ytusg5tbwpckffv1gr6s2mqdpwsfiy6lklevkwpuswof0mik71dv/4hlkw6ycypcsdugrog2f0c1s8ttgigphcsup8dmujcqbsbyejw7hafxi8gkmxfwaeuh3u469bkcxaipyze5jue50k9/zm6d4fdqkjloizq0vgibvbcu3y4fvgwzckd1jvoaexakgfmudxyew0omy3xstdnhum7azovozj0wez/io2nz8dtpy+0grnhl5po/bwrotqsss8wwzjmsboogfaaazw+1rvqkumxmcaqohj7mji8wisaugbmhdgebbu443b14i4iwx9yavcosde2+kcbmpio5ehcf6gqkeunuhcwivecmoxnplccpqhvr1e6gqvfoxhfway+arngu+v3t/3jna16iqq4kx4kcs9c6kpsogtpnzgakevmqt2dk4psqhlwtvt7/n/pgjj+a2b84xr5aegkusr8qexu8rhts/gsjpxcob691n7v1gyugpzpwvnnpd1exvojrjgr3fetcjdn3u7kdlfxbkrkn9mjgzswej3gftmvtnioyfomvpcdpqn5vlnftqr3zfsvpjzmmiww60cz5mhp+k7zf2ojpojskveomntskistp0z1ogemnwiztmrjqkrccidmtxxjpczepzh0lakbknffinpywhzqdqavzzy/qorhb2/tj/trbe/l6tsqr3j3vvtf2fo+j99j77/w9hu80xjsworpz81vze/nh8+dj6vlsroaut3cav/4c/hubxq==</latexit> <latexit sha1_base64="y2quypbde3o8oifuijfjliatu6w=">aaae+hicdvrlb9naehabqce8c0cui7qifniqzgwehhhwihegsg2pvkfrejoov7hxznfdelz/f26ik78g/g2zblollewlk3nsfdpftw7zrbrb7f5zwm40l11euxk1de36jzu3bq/e2tvzoqxuiczj9f7idszs4y6vnsg9xcnpwwq/h5m3lv75elwrmdq20xwhkr8rgunblbmgq8u/t77mqgwkyglrf+ghgxl5ytusg5tbwpckffv1gr6s2mqdpwsfiy6lklevkwpuswof0mik71dv/4hlkw6ycypcsdugrog2f0c1s8ttgigphcsup8dmujcqbsbyejw7hafxi8gkmxfwaeuh3u469bkcxaipyze5jue50k9/zm6d4fdqkjloizq0vgibvbcu3y4fvgwzckd1jvoaexakgfmudxyew0omy3xstdnhum7azovozj0wez/io2nz8dtpy+0grnhl5po/bwrotqsss8wwzjmsboogfaaazw+1rvqkumxmcaqohj7mji8wisaugbmhdgebbu443b14i4iwx9yavcosde2+kcbmpio5ehcf6gqkeunuhcwivecmoxnplccpqhvr1e6gqvfoxhfway+arngu+v3t/3jna16iqq4kx4kcs9c6kpsogtpnzgakevmqt2dk4psqhlwtvt7/n/pgjj+a2b84xr5aegkusr8qexu8rhts/gsjpxcob691n7v1gyugpzpwvnnpd1exvojrjgr3fetcjdn3u7kdlfxbkrkn9mjgzswej3gftmvtnioyfomvpcdpqn5vlnftqr3zfsvpjzmmiww60cz5mhp+k7zf2ojpojskveomntskistp0z1ogemnwiztmrjqkrccidmtxxjpczepzh0lakbknffinpywhzqdqavzzy/qorhb2/tj/trbe/l6tsqr3j3vvtf2fo+j99j77/w9hu80xjsworpz81vze/nh8+dj6vlsroaut3cav/4c/hubxq==</latexit> EAV-security Experiment P ubk eav A, (n): 1. Generate pk, sk using Gen(1 n ) 2. The adversary A is given pk and outputs m 0,m 1 where m 0 = m 1 3. Generate a uniform bit b 2 {0, 1}. Give c Enc pk (m b )toa 4. A outputs bit b 0 5. Output 1 if b = b 0 and output 0 otherwise Public-key encryption scheme =(Gen, Enc, Dec) has indistinguishable encryptions in the presence of an eavesdropper (EAV-secure) if for every PPT adversary A there is a negligible function negl such that: Pr[P ubk eav A, (n) = 1] apple 1 2 + negl(n)

Public Key Access An adversary with public-key access does not need an encryption oracle EAV-security is immediately equivalent to CPA-security in this setting Perfect secrecy is now impossible CPA-security with multiple encryptions is equivalent to CPA-security The proof of which will follow

Hybrid Arguments A central idea in reduction proofs is that the outer adversary can simulate the view of the inner adversary's game in a way that is indistinguishable from the actual game This can be difficult with complex protocols A hybrid argument changes one aspect of the adversary's view at a time, and incrementally argues that each subexperiment is indistinguishable from the previous By chaining the argument together that each individual change is indistinguishable, we can argue that the adversary's entire view of the modified game is indistinguishable from a real execution

Proof of mult-cpa security Claim: if a scheme is CPA secure, then it is also secure under multiple encryptions Need to show: an adversary that gets one query to the LR-oracle can simulate the view of an adversary who makes many queries Intuitively, we will build up from an adversary who makes exactly two queries to the LR-oracle

Two-query proof Build the reduction A encrypts the 0-message in the first query and forwards the second query to its oracle Consider the distribution over ciphertexts returned Bound on the probability of success given two ciphertexts

Proof Reduction Encrypt 0 to the i th message and 1 after Send the i th message to the oracle

Proof Component probability calculations

Proof Summations and cancellations Note the multiplicative factor in the probability bound. This implies the probability is negligible but higher as more queries are made

CCA-Security In the public-key setting, CCA-security is formulated in the same way as in the symmetric-key setting New attacks are possible in practice due to the fact that a receiver may receive messages from anyone Not just a pre-agreed sender In addition to previous "oracle" attacks where the adversary observes the receiver's behavior, the adversary may now send messages directly to the receiver

CCA experiment Experiment P ubk cca A, (n): 1. Generate pk, sk using Gen(1 n ) 2. The adversary A is given pk and oracle access to Dec sk ( ), and outputs a pair of messages m 0,m 1 of equal length. 3. A uniform bit b 2 {0, 1} is chosen, and the challenge cipher text c Enc pk (m b ) is given to A 4. A continues to have oracle access but may not query Dec k ( ) withthe challenge ciphertext. A eventually outputs bit b 0 5. Output 1 if b = b 0 and output 0 otherwise A public-key encryption scheme is CCA-secure if for all PPT adversaries A there is a negligible function negl such that: Pr[P ubk cca A, (n) = 1] apple 1 2 + negl(n) where the probability is taken over all randomness used in the experiment <latexit sha1_base64="eaqadzav4bhfhpu1dlrvhpcrn+c=">aaafwhicdvtbbttgekutqu7vw9w+5mvqs4idyiboh6yoeccoe7rah6oadhlavitlakgutnyl92jhjfgv/a3+twypwzccle/dueycoxn2s1ok60aj/3bu3e/1v9p98pxgm2+/+/6hh3s/vrxag44xxett3mfmohqkl5xwet/xblmvsxyxzc9c/n01giu0onelgicvk5tibweoxno9+/++/lijeruqb/hyz399adhn7brjk+zkzmrz2g7tswgp1gh8+ydnsbcqqeurnmxho0ifwwr+qnx9q1zph2dnmxgrvaexbq6sd1s7sjwvedgsqgjmaffglxiehujcowqhxmdudlrhxfib52gtoa3xk+ttxs7bg5tptdumh8s872rvldcomtcgc6iogbvoia6mo2e1telgxsvpjehuhsupv4howrmj2lsqceigg1qosjvrmemxmhiplapli0fweclkoiisuzdowofhkusqsswdm0bfwgtfmgucwu2brd3cmc0mstn1csu2e1wrj5thbuasxemdjjlvogilunrblcfazcbmfssk3ahxfhfswhp8pxsslkfeymwaycuvj2/r/d25isywrr44eg4u3kae4herta3njbcypomu1wxtjontqh0mbt+a4wjqcboogwtb8hir0g1prgpp7oz0ycl3bkmr2gsqmbipz9eyewgrwwoevhikgsgspcge6r9yr3jxig7ogkzngrpm1jjmlkqetioxufw/6cnk+zrxmgkbvoi0p100sductpc0a0jx5cc3b950gal/tdezy4qubheaojyndwgapbvleio6umgl3uimshmhcnd3cjcyptwfhy+6dz43kpwxh62+8xrvzzedae5dozfm2stkvltjw4wtjcg6sdsqznxo1+ostmxorkya7i1p4zcor6a9jw1c592safhl7alkkdowzo/ggvnlsuvv8t8mjvakftr+slhuzrb4ejhgjgxyrxkcccanikxbu8s0o6vvnar0eo1oiflosiyrk+2h1jciuuquuz8bb0+oe7lfnoy/elki8uh0kpo5oois6fn0ivozgkcxee/t9o56v/ae9v/2y77uxy1t7+2san6ktr7+p58anohjkq==</latexit> <latexit sha1_base64="eaqadzav4bhfhpu1dlrvhpcrn+c=">aaafwhicdvtbbttgekutqu7vw9w+5mvqs4idyiboh6yoeccoe7rah6oadhlavitlakgutnyl92jhjfgv/a3+twypwzccle/dueycoxn2s1ok60aj/3bu3e/1v9p98pxgm2+/+/6hh3s/vrxag44xxett3mfmohqkl5xwet/xblmvsxyxzc9c/n01giu0onelgicvk5tibweoxno9+/++/lijeruqb/hyz399adhn7brjk+zkzmrz2g7tswgp1gh8+ydnsbcqqeurnmxho0ifwwr+qnx9q1zph2dnmxgrvaexbq6sd1s7sjwvedgsqgjmaffglxiehujcowqhxmdudlrhxfib52gtoa3xk+ttxs7bg5tptdumh8s872rvldcomtcgc6iogbvoia6mo2e1telgxsvpjehuhsupv4howrmj2lsqceigg1qosjvrmemxmhiplapli0fweclkoiisuzdowofhkusqsswdm0bfwgtfmgucwu2brd3cmc0mstn1csu2e1wrj5thbuasxemdjjlvogilunrblcfazcbmfssk3ahxfhfswhp8pxsslkfeymwaycuvj2/r/d25isywrr44eg4u3kae4herta3njbcypomu1wxtjontqh0mbt+a4wjqcboogwtb8hir0g1prgpp7oz0ycl3bkmr2gsqmbipz9eyewgrwwoevhikgsgspcge6r9yr3jxig7ogkzngrpm1jjmlkqetioxufw/6cnk+zrxmgkbvoi0p100sductpc0a0jx5cc3b950gal/tdezy4qubheaojyndwgapbvleio6umgl3uimshmhcnd3cjcyptwfhy+6dz43kpwxh62+8xrvzzedae5dozfm2stkvltjw4wtjcg6sdsqznxo1+ostmxorkya7i1p4zcor6a9jw1c592safhl7alkkdowzo/ggvnlsuvv8t8mjvakftr+slhuzrb4ejhgjgxyrxkcccanikxbu8s0o6vvnar0eo1oiflosiyrk+2h1jciuuquuz8bb0+oe7lfnoy/elki8uh0kpo5oois6fn0ivozgkcxee/t9o56v/ae9v/2y77uxy1t7+2san6ktr7+p58anohjkq==</latexit> <latexit sha1_base64="eaqadzav4bhfhpu1dlrvhpcrn+c=">aaafwhicdvtbbttgekutqu7vw9w+5mvqs4idyiboh6yoeccoe7rah6oadhlavitlakgutnyl92jhjfgv/a3+twypwzccle/dueycoxn2s1ok60aj/3bu3e/1v9p98pxgm2+/+/6hh3s/vrxag44xxett3mfmohqkl5xwet/xblmvsxyxzc9c/n01giu0onelgicvk5tibweoxno9+/++/lijeruqb/hyz399adhn7brjk+zkzmrz2g7tswgp1gh8+ydnsbcqqeurnmxho0ifwwr+qnx9q1zph2dnmxgrvaexbq6sd1s7sjwvedgsqgjmaffglxiehujcowqhxmdudlrhxfib52gtoa3xk+ttxs7bg5tptdumh8s872rvldcomtcgc6iogbvoia6mo2e1telgxsvpjehuhsupv4howrmj2lsqceigg1qosjvrmemxmhiplapli0fweclkoiisuzdowofhkusqsswdm0bfwgtfmgucwu2brd3cmc0mstn1csu2e1wrj5thbuasxemdjjlvogilunrblcfazcbmfssk3ahxfhfswhp8pxsslkfeymwaycuvj2/r/d25isywrr44eg4u3kae4herta3njbcypomu1wxtjontqh0mbt+a4wjqcboogwtb8hir0g1prgpp7oz0ycl3bkmr2gsqmbipz9eyewgrwwoevhikgsgspcge6r9yr3jxig7ogkzngrpm1jjmlkqetioxufw/6cnk+zrxmgkbvoi0p100sductpc0a0jx5cc3b950gal/tdezy4qubheaojyndwgapbvleio6umgl3uimshmhcnd3cjcyptwfhy+6dz43kpwxh62+8xrvzzedae5dozfm2stkvltjw4wtjcg6sdsqznxo1+ostmxorkya7i1p4zcor6a9jw1c592safhl7alkkdowzo/ggvnlsuvv8t8mjvakftr+slhuzrb4ejhgjgxyrxkcccanikxbu8s0o6vvnar0eo1oiflosiyrk+2h1jciuuquuz8bb0+oe7lfnoy/elki8uh0kpo5oois6fn0ivozgkcxee/t9o56v/ae9v/2y77uxy1t7+2san6ktr7+p58anohjkq==</latexit> <latexit sha1_base64="eaqadzav4bhfhpu1dlrvhpcrn+c=">aaafwhicdvtbbttgekutqu7vw9w+5mvqs4idyiboh6yoeccoe7rah6oadhlavitlakgutnyl92jhjfgv/a3+twypwzccle/dueycoxn2s1ok60aj/3bu3e/1v9p98pxgm2+/+/6hh3s/vrxag44xxett3mfmohqkl5xwet/xblmvsxyxzc9c/n01giu0onelgicvk5tibweoxno9+/++/lijeruqb/hyz399adhn7brjk+zkzmrz2g7tswgp1gh8+ydnsbcqqeurnmxho0ifwwr+qnx9q1zph2dnmxgrvaexbq6sd1s7sjwvedgsqgjmaffglxiehujcowqhxmdudlrhxfib52gtoa3xk+ttxs7bg5tptdumh8s872rvldcomtcgc6iogbvoia6mo2e1telgxsvpjehuhsupv4howrmj2lsqceigg1qosjvrmemxmhiplapli0fweclkoiisuzdowofhkusqsswdm0bfwgtfmgucwu2brd3cmc0mstn1csu2e1wrj5thbuasxemdjjlvogilunrblcfazcbmfssk3ahxfhfswhp8pxsslkfeymwaycuvj2/r/d25isywrr44eg4u3kae4herta3njbcypomu1wxtjontqh0mbt+a4wjqcboogwtb8hir0g1prgpp7oz0ycl3bkmr2gsqmbipz9eyewgrwwoevhikgsgspcge6r9yr3jxig7ogkzngrpm1jjmlkqetioxufw/6cnk+zrxmgkbvoi0p100sductpc0a0jx5cc3b950gal/tdezy4qubheaojyndwgapbvleio6umgl3uimshmhcnd3cjcyptwfhy+6dz43kpwxh62+8xrvzzedae5dozfm2stkvltjw4wtjcg6sdsqznxo1+ostmxorkya7i1p4zcor6a9jw1c592safhl7alkkdowzo/ggvnlsuvv8t8mjvakftr+slhuzrb4ejhgjgxyrxkcccanikxbu8s0o6vvnar0eo1oiflosiyrk+2h1jciuuquuz8bb0+oe7lfnoy/elki8uh0kpo5oois6fn0ivozgkcxee/t9o56v/ae9v/2y77uxy1t7+2san6ktr7+p58anohjkq==</latexit>

Recap Symmetric-key schemes all suffer from key distribution challenges To overcome these obstacles, public-key constructions allow one public key to be widely distributed Definitions of security are similar but not equivalent in the public-key setting

Next Time... Katz & Lindell Chapter 11 Remember, you need to read it BEFORE you come to class! Homework problems available on the course webpage 32

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback