Foundations of Cryptography CS Shweta Agrawal

Similar documents
CS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong

Secure Multiparty Computation

Introduction to Cryptography Lecture 7

Lecture 10, Zero Knowledge Proofs, Secure Computation

Crypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Cryptography: More Primitives

Secure Multiparty Computation

CPSC 467b: Cryptography and Computer Security

More crypto and security

CPSC 467: Cryptography and Computer Security

Homomorphic Encryption

Notes for Lecture 14

Cryptography. Lecture 12. Arpita Patra

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

Cryptography CS 555. Topic 1: Course Overview & What is Cryptography

An Overview of Secure Multiparty Computation

Introduction to Cryptography Lecture 7

Lecture 15: Public Key Encryption: I

Research Statement. Yehuda Lindell. Dept. of Computer Science Bar-Ilan University, Israel.

Cryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

Introduction to Secure Multi-Party Computation

Introduction to Cryptology ENEE 459E/CMSC 498R. Lecture 1 1/26/2017

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Lecture 18 Message Integrity. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422

Goals of Modern Cryptography

APPLICATIONS AND PROTOCOLS. Mihir Bellare UCSD 1

Lecture 18 - Chosen Ciphertext Security

CS 6903: Modern Cryptography Spring 2011

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Chapter 10 : Private-Key Management and the Public-Key Revolution

Introduction. Cambridge University Press Mathematics of Public Key Cryptography Steven D. Galbraith Excerpt More information

Lecture 02: Historical Encryption Schemes. Lecture 02: Historical Encryption Schemes

2 Secure Communication in Private Key Setting

Cryptography. and Network Security. Lecture 0. Manoj Prabhakaran. IIT Bombay

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

symmetric cryptography s642 computer security adam everspaugh

Cryptography. Andreas Hülsing. 6 September 2016

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Homework 3: Solution

1 A Tale of Two Lovers

Paper presentation sign up sheet is up. Please sign up for papers by next class. Lecture summaries and notes now up on course webpage

CSC 5930/9010 Modern Cryptography: Public Key Cryptography

Public-key Cryptography: Theory and Practice

Lecture 7 - Applied Cryptography

Lecture 1: Perfect Security

Homomorphic encryption (whiteboard)

Lecture 6 - Cryptography

Notes for Lecture 24

Cryptographic Primitives A brief introduction. Ragesh Jaiswal CSE, IIT Delhi

Secure Multi-Party Computation. Lecture 13

RSA Cryptography in the Textbook and in the Field. Gregory Quenell

CPSC 467: Cryptography and Computer Security

CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure

Lecture 3: Symmetric Key Encryption

Proofs for Key Establishment Protocols

Cryptography Today. Ali El Kaafarani. Mathematical Institute Oxford University. 1 of 44

Other Topics in Cryptography. Truong Tuan Anh

Privacy Protected Spatial Query Processing

Computer Security CS 526

Information Security CS526

CS 161 Computer Security

Secure Multiparty Computation: Introduction. Ran Cohen (Tel Aviv University)

Key-Insulated Symmetric Key Cryptography and Mitigating Attacks against Cryptographic Cloud Software

Lecture IV : Cryptography, Fundamentals

Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions. Shashank Agrawal and David J. Wu

Cryptography: Symmetric Encryption [continued]

RSA. Public Key CryptoSystem

Cryptography [Symmetric Encryption]

Key Protection for Endpoint, Cloud and Data Center

Cryptography Introduction to Computer Security. Chapter 8

Defining Encryption. Lecture 2. Simulation & Indistinguishability

Cryptography Lecture 4. Attacks against Block Ciphers Introduction to Public Key Cryptography. November 14, / 39

Crypto Background & Concepts SGX Software Attestation

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption

Notes for Lecture 5. 2 Non-interactive vs. Interactive Key Exchange

Authenticated encryption

An Efficient Certificateless Proxy Re-Encryption Scheme without Pairing

1 Identification protocols

CSE 127: Computer Security Cryptography. Kirill Levchenko

Pseudorandomness and Cryptographic Applications

Tools for Computing on Encrypted Data

CS61A Lecture #39: Cryptography

Overview of Cryptography

Bitcoin, Security for Cloud & Big Data

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

10.1 Introduction 10.2 Asymmetric-Key Cryptography Asymmetric-Key Cryptography 10.3 RSA Cryptosystem

Lecture 19 - Oblivious Transfer (OT) and Private Information Retrieval (PIR)

Public Key Cryptography and the RSA Cryptosystem

CPSC 467b: Cryptography and Computer Security

Uses of Cryptography

Lecture 10. Data Integrity: Message Authentication Schemes. Shouhuai Xu CS4363 Cryptography Spring

CSC 474/574 Information Systems Security

Key Exchange. Secure Software Systems

Public-Key Cryptography

CSC 5930/9010 Modern Cryptography: Digital Signatures

the Presence of Adversaries Sharon Goldberg David Xiao, Eran Tromer, Boaz Barak, Jennifer Rexford

Lecture 14 Alvaro A. Cardenas Kavitha Swaminatha Nicholas Sze. 1 A Note on Adaptively-Secure NIZK. 2 The Random Oracle Model

2 What does it mean that a crypto system is secure?

Transcription:

Foundations of Cryptography CS 6111 Shweta Agrawal

Course Information 4-5 homeworks (20% total) A midsem (25%) A major (35%) A project (20%) Attendance required as per institute policy Challenge questions (Extra Credit) Course Webpage : http://www.cse.iitm.ac.in/~shwetaag/cs6111.htm

Policies etc Ask questions! Make the class interactive. We re all here to learn. Switch of cellphones, laptops, anything distracting. Highest ethical standards expected. Any dishonesty/cheating of any kind will result in failing the course.

Course Reading Will not follow any one book. But Katz- Kindell s Introduction to Modern Cryptography will be handy. Bellare-Goldwasser s lecture notes http://cseweb.ucsd.edu/~mihir/papers/gb.pdf Lecture notes by Yevgeniy Dodis (http://www.cs.nyu.edu/courses/spring12/csci- GA.3210-001/index.html ) and Luca Trevisan (http://theory.stanford.edu/~trevisan/cs276/ )

Teaching Assistants Suvradip Monosij Please email them anytime. Office hours will be announced on website. End of lecture feedback after every class.

What is this course about Theoretical foundations of cryptography Mathematical modeling of real world attack scenarios Reductions between crypto primitives and hard number theoretic problems Using cryptographic building blocks to build more complex real world protocols

What this course is NOT about Implementing secure systems Real world attacks / hacking Analyzing hardness of underlying number theoretic problems such as factoring etc You can do your projects on these topics if you like!

Course Outline Foundations : Principles of crypto design, number theory, OWF, OWP, TDP, PRGs, PRFs, MACs Constructions : symmetric and public key crypto, digital signatures, MPC Advanced Topics: Zero Knowledge, Functional encryption, fully homomorphic encryption, broadcast encryption etc

Cryptography A mathematical science of controlling access to information Cryptography deals with methods for protecting privacy and integrity while preserving functionality of computer and communication systems. What would we like to achieve?

Real World Problems

#1 : Secure Elections Multi-party computation! VOTES VOTE COUNTING Winner? CORRECT : Winner determined correctly SECURITY : individual vote privacy maintained

#2 : Protecting your code I know a better algorithm to factor numbers! Program Obfuscation! code O B F U S C A T O R Obfuscated code Produces correct output Impossible to reverse engineer

#3 : Activism with safety Probabilistic algorithm C = Encrypt ( The election was rigged, R) R, R : Random bits Under coercion, reveal R s.t. C =( Really like to cook, R ) Deniable Encryption!

#4: Computing on encrypted data Users access data and infrastructure on-the-go Cloud stores data about you, me and many more I should learn information about myself but no information about you

#5: Traitor Tracing I ll buy one license And use it to forge and sell new licenses Can we catch him? 15

#5: Traitor Tracing N users in system, One PK, N SKs Anyone can encrypt, only legitimate user should decrypt If collusion of traitors create new secret key SK *, can trace at least one guilty traitor. 16

This course. 1. How can we build these things from math? 2. What guarantees can we have? 3. How do we move from messy real world scenarios to clean mathematical definitions? 4. How do theorems in math say anything about real world attacks?

Building Blocks St. Pancreas International Station - 18 months, 150,000 LEGO bricks Warren Elsemore

What he started with

Same idea! Building cryptography One way functions, trapdoor permutations, Pseudo random generators, PRFs Symmetric key crypto, public key crypto, Digital signatures Multiparty computation, homomorphic encryption, functional encryption, deniable signatures, obfuscation, traitor tracing..

Principles of Crypto Design [Katz-Lindell] 1. Formulate a rigorous and precise definition of security for cryptosystem security model. 2. Precisely formulate the mathematical assumption (e.g. factoring) on which the security of the cryptosystem relies. 3. Construct cryptosystem (algorithms) and provide proof (reduction) that cryptosystem satisfying security model in (1) is as hard to break as mathematical assumption in (2).

1: Security Model Real world attacks Crypto Proofs Security Model : Mathematical definition that scheme has to satisfy Scheme achieves security in given model = Scheme secure against attacks captured by that model

Case Study : Secure encryption Every pair of users must share a unique secret key Need key to encrypt and decrypt. Intuitively, only holder of secret key should be able to decrypt

Case Study : Secure encryption Syntax We must construct the following algorithms: 1. Keygen : Algorithm that generates secret key K 2. Encrypt(K,m) : Algorithm used by Alice to garble message m into ciphertext CT 3. Decrypt(K, CT) : Algorithm used by Bob to recover message m from ciphertext CT.

Case Study : Secure encryption How should security of encryption be defined? Answer 1 : Upon seeing ciphertext, Eve should not be able to find the secret key. But our goal is to protect the message! Consider encrypt algorithm that ignores the secret key and just outputs the message. An attacker cannot learn the key from the ciphertext but learns the entire message!

Case Study : Secure encryption Answer 2 : Upon seeing ciphertext, Eve should not be able to find the message. Is it secure intuitively to find 99% of the mesg? Answer 3 : Upon seeing ciphertext, Eve should not be able to find a single character of the message. Is it ok to leak some property of the mesg, such as whether m> k?

Case Study : Secure encryption Answer 4 : Any function that Eve can compute given the ciphertext, she can compute without the ciphertext. Still need to specify : Can Eve see ciphertexts of messages of her choice? Can Eve see decryptions of some ciphertexts? How much power does she have?

What about security of real world functionalities?

Ideal Security definition REAL IDEAL adversary A Cryptographic protocol Trusted party

Ideal Security definition REAL IDEAL adversary A adversary S Cryptographic protocol Trusted party

Ideal Security definition REAL IDEAL adversary A adversary S Cryptographic protocol Trusted party

2: Mathematical Assumption Trivial assumption : my scheme is secure Use minimal assumptions Existence of one way functions Use well studied assumptions Examples: factoring, discrete log, shortest vector problem etc

3: Reduction Instance x of hard Problem X Reduction B Cryptosystem Π Break on Π Attacker A Solution to x

3: Reduction Show how to use an adversary for breaking primitive 1 in order to break primitive 2 Important : Run time: how does T 1 relate to T 2 Probability of success: how does Succ 1 relate to Succ 2 Access to the system 1 vs. 2

Secret Key Encryption Construction Keygen : Pick a random string r. Set K = r. Give to both Alice and Bob Encrypt (m, K ) : CT = m r Decrypt ( CT, K) : m r r =m Only works for single use of r! How to generate shared key?

Public Key Cryptography

What we need 1. Invertible: It must be possible for Alice to decrypt encrypted messages. 2. Efficient to compute: It must be reasonable for people to encrypt messages for Alice. 3. Difficult to invert: Eve should not be able to compute m from the encryption f(m). 4. Easy to invert given some auxiliary information: Alice should restore m using SK.

What we need 1. Invertible 1. Efficient to compute 2. Difficult to invert One way functions! 3. Easy to invert given some auxiliary information

What we need 1. Invertible 1. Efficient to compute 2. Difficult to invert One way permutations! 3. Easy to invert given some auxiliary information

What we need 1. Invertible 1. Efficient to compute 2. Difficult to invert 3. Easy to invert given some auxiliary information Trapdoor permutations!

Up Next Discuss some number theory Introduce conjectured hard problems such as factoring, discrete log. Build candidate one way functions, one way permutations and trapdoor permutations Construct proofs of security.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback