Cryptography. Andreas Hülsing. 6 September 2016

Similar documents
Lecture 02: Historical Encryption Schemes. Lecture 02: Historical Encryption Schemes

Applied Cryptography and Computer Security CSE 664 Spring 2018

Defining Encryption. Lecture 2. Simulation & Indistinguishability

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Scanned by CamScanner

Symmetric-Key Cryptography

CSC 5930/9010 Modern Cryptography: Public Key Cryptography

COMP4109 : Applied Cryptography

Cryptography CS 555. Topic 1: Course Overview & What is Cryptography

CSE 127: Computer Security Cryptography. Kirill Levchenko

Computer Security CS 526

Goals of Modern Cryptography

Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24

Chapter 3 Traditional Symmetric-Key Ciphers 3.1

Cryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1

Information Security

Feedback Week 4 - Problem Set

Lecture 1: Perfect Security

Homework 3: Solution

symmetric cryptography s642 computer security adam everspaugh

Cryptography Introduction to Computer Security. Chapter 8

Information Security CS526

Advanced Cryptography 1st Semester Symmetric Encryption

CS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong

CS 6903 Modern Cryptography February 14th, Lecture 4: Instructor: Nitesh Saxena Scribe: Neil Stewart, Chaya Pradip Vavilala

Cryptography. Lecture 03

Relaxing IND-CCA: Indistinguishability Against Chosen. Chosen Ciphertext Verification Attack

Message Authentication ( 消息认证 )

A CCA2 Secure PKE Based on McEliece Assumptions in the Standard Model

Security of Cryptosystems

Cryptography. Submitted to:- Ms Poonam Sharma Faculty, ABS,Manesar. Submitted by:- Hardeep Gaurav Jain

Lecture 15: Public Key Encryption: I

Authenticated encryption

Secure Multiparty Computation

Cryptography Functions

Crypto Background & Concepts SGX Software Attestation

CSC 580 Cryptography and Computer Security

Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack

Traditional Symmetric-Key Ciphers. A Biswas, IT, BESU Shibpur

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Computational Security, Stream and Block Cipher Functions

Strong Privacy for RFID Systems from Plaintext-Aware Encryption

Paper presentation sign up sheet is up. Please sign up for papers by next class. Lecture summaries and notes now up on course webpage

Lecture 3.4: Public Key Cryptography IV

Introduction. Cambridge University Press Mathematics of Public Key Cryptography Steven D. Galbraith Excerpt More information

2 Secure Communication in Private Key Setting

Symmetric-Key Cryptography Part 1. Tom Shrimpton Portland State University

Introduc)on to Cryptography. Credits: Slide credits to David Brumley, Dan Boneh (ß has a MOOC)

Lecture 18 - Chosen Ciphertext Security

Overview of Cryptography

ISA 562: Information Security, Theory and Practice. Lecture 1

Shared Secret = Trust

Code-Based Cryptography McEliece Cryptosystem

Introduction to Cryptography. Lecture 1. Benny Pinkas. Administrative Details. Bibliography. In the Library

Introduction to Cryptography. Lecture 1

CIS 4360 Secure Computer Systems Applied Cryptography

Lecture 07: Private-key Encryption. Private-key Encryption

2.1 Basic Cryptography Concepts

RSA Cryptography in the Textbook and in the Field. Gregory Quenell

CPSC 467: Cryptography and Computer Security

1 Achieving IND-CPA security

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Symmetric Encryption 2: Integrity

IND-CCA2 secure cryptosystems, Dan Bogdanov

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

CPSC 467: Cryptography and Computer Security

Cryptography. Intercepting Information Scenario 1. Tuesday, December 9, December 9, Wireless broadcasts information using radio signals

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

On the Security of Group-based Proxy Re-encryption Scheme

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Public key encryption: definitions and security

Notes for Lecture 14

Block ciphers used to encode messages longer than block size Needs to be done correctly to preserve security Will look at five ways of doing this

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Encrypted Data Deduplication in Cloud Storage

Crypto CS 485/ECE 440/CS 585 Fall 2017

CHAPTER 1 INTRODUCTION TO CRYPTOGRAPHY. Badran Awad Computer Department Palestine Technical college

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

SECURE AND ANONYMOUS HYBRID ENCRYPTION FROM CODING THEORY

CS 161 Computer Security

Secure Multi-Party Computation. Lecture 13

Auth. Key Exchange. Dan Boneh

Cryptography Lecture 4. Attacks against Block Ciphers Introduction to Public Key Cryptography. November 14, / 39

Crypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))

Cryptography Introduction

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

PROTECTING CONVERSATIONS

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Lecture 2. Cryptography: History + Simple Encryption,Methods & Preliminaries. Cryptography can be used at different levels

ENEE 457: Computer Systems Security 09/12/16. Lecture 4 Symmetric Key Encryption II: Security Definitions and Practical Constructions

Lecture 8 - Message Authentication Codes

Symmetric Crypto MAC. Pierre-Alain Fouque

Private-Key Encryption

Introduction to Cryptology ENEE 459E/CMSC 498R. Lecture 1 1/26/2017

CS61A Lecture #39: Cryptography

Chosen-Ciphertext Security (II)

Block ciphers, stream ciphers

What Can Be Proved About Security?

18-642: Cryptography 11/15/ Philip Koopman

Encryption from the Diffie-Hellman assumption. Eike Kiltz

Transcription:

Cryptography Andreas Hülsing 6 September 2016 1 / 21

Announcements Homepage: http: //www.hyperelliptic.org/tanja/teaching/crypto16/ Lecture is recorded First row might be on recordings. Anything organizational: Ask Tanja on Thursday... 2 / 21

Setting: Alice and Bob want to chat. Alice Bob Eve 3 / 21

Security goals Secrecy, Integrity, Authenticity, Non-repudiation, (Privacy). 4 / 21

Security goals Secrecy, We focus on this today Integrity, Authenticity, Non-repudiation, (Privacy). 4 / 21

Setting: What about Eve? Alice Bob Eve 5 / 21

Attacker capabilities Passive: Listen. Active: Intercept & Manipulate. Change, add, drop content. 6 / 21

Encryption 7 / 21

Already the Greeks... 8 / 21

Later in Rome Kdoor Fubswr 9 / 21

Later in Rome Kdoor Fubswr Hallo Crypto Caesar cipher. Also known as ROT3. Key table : a b c d e f g h i j k l m d e f g h i j k l m n o p n o p q r s t u v w x y z q r s t u v w x y z a b c 9 / 21

Symmetric encryption Aka. secret key encryption. Examples: Caesar, Skytale,..., DES, AES. ONE (secret) key: Stick, rotation, bit string. 10 / 21

Symmetric encryption Aka. secret key encryption. Examples: Caesar, Skytale,..., DES, AES. ONE (secret) key: Stick, rotation, bit string. 10 / 21

Symmetric encryption Aka. secret key encryption. Examples: Caesar, Skytale,..., DES, AES. ONE (secret) key: Stick, rotation, bit string. 10 / 21

Semi-formal definition Symmetric Encryption Scheme A symmetric encryption scheme E = (Kg, Enc, Dec) consists of three PPT algorithms: Kg(1 n ): Key generation algorithm. Upon input of security parameter n in unary, outputs a secret key sk. Enc sk (m): Encryption algorithm. Upon input of a secret key sk and plaintext message m, outputs the encryption / ciphertext c of m under sk. Dec sk (c): Decryption algorithm. Upon input of a secret key sk and a ciphertext c, outputs the decryption m of c under sk. Such that: ( sk Kg(1 n ), m) : Dec sk (Enc sk (m)) = m (Completeness) Remark: Sometimes we use Enc(sk, m) Enc sk (m). 11 / 21

Semi-formal definition Symmetric Encryption Scheme A symmetric encryption scheme E = (Kg, Enc, Dec) consists of three PPT algorithms: Kg(1 n ): Key generation algorithm. Upon input of security parameter n in unary, outputs a secret key sk. Enc sk (m): Encryption algorithm. Upon input of a secret key sk and plaintext message m, outputs the encryption / ciphertext c of m under sk. Dec sk (c): Decryption algorithm. Upon input of a secret key sk and a ciphertext c, outputs the decryption m of c under sk. Such that: ( sk Kg(1 n ), m) : Dec sk (Enc sk (m)) = m (Completeness) Remark: Sometimes we use Enc(sk, m) Enc sk (m). 11 / 21

Security? Above definition only functional. What does it mean for an encryption scheme to be secure? Is Caesar cipher secure? Why not? Kdoor Fubswr Hallo Crypto 12 / 21

Semantic security Semantic security: Everything one can learn about a plaintext given its encryption, one can also learn without knowledge of the cipher text. Complicated formal definition. Hard to work with. Technical, equivalent notion: Indistinguishable ciphertexts. 13 / 21

Security Definitions Game-based: Adversary vs. Challenger 14 / 21

Indistinguishable ciphertexts (IND) m 1, m 2 sk, b Enc sk (m b ) b Adversary Challenger 15 / 21

Indistinguishable ciphertexts under choosen plaintext attacks (IND-CPA) Adversary might see more ciphertexts than the one she wants to learn more about. Attack against Enigma. To model worst-case, attacker is allowed to choose plaintexts and learn encryption of those. 16 / 21

Indistinguishable ciphertexts under choosen plaintext attacks (IND-CPA) m Enc sk (m) sk, b Adversary m 1, m 2 Enc sk (m b ) m Enc sk (m) b Challenger 17 / 21

Indistinguishable ciphertexts under choosen Ciphertext attacks (IND-CCA) Adversary might be able to learn decryptions of ciphertexts other than the target one. Users might leak plaintexts corresponding to ciphertexts the adversary saw. Practice: Often adversary only learns if a ciphertext is well-formed. Model: Additional access to decryption oracle. (Again, worst-case.) Oracle returns either Dec sk (c) or if c is no valid ciphertext. 18 / 21

Public-key encryption Symmetric encryption is very efficient, but how to share keys? Solution: Public-key / Asymmetric encryption. Key pair: Public encryption key pk and secret decryption key / private key sk. Public key can be published without requiring secrecy. Public key can be used to send encryption of (symmetric) secret key. 19 / 21

Semi-formal definition Asymmetric Encryption Scheme A symmetric encryption scheme E = (Kg, Enc, Dec) consists of three PPT algorithms: Kg(1 n ): Key generation algorithm. Upon input of security parameter n in unary, outputs a key pair (pk,sk). Enc pk (m): Encryption algorithm. Upon input of a public key pk and plaintext message m, outputs the encryption / ciphertext c of m under pk. Dec sk (c): Decryption algorithm. Upon input of a private key sk and a ciphertext c, outputs the decryption m of c under sk. Such that: ( (pk, sk) Kg(1 n ), m) : Dec sk (Enc pk (m)) = m (Completeness) 20 / 21

Part II: Break a toy public key encryption scheme. 21 / 21

Starting position p. 3

Selected nodes = private key p. 4

Perfect code we ll build one Each node is connected to exactly one selected node. Perfect code: there exists a selection of nodes so that each node is in the neighborhood of exactly one selected node (a selected node is in its own neighborhood.) p. 5

Additional edges To hide the structure of the selected nodes, further edges are included. These edges must not touch the selected nodes. This gives a perfect code proof it! p. 6

Public key All edges, no highlighting. p. 7

Encryption of m = 13 13 = 1 + 2 + 3 4 + 5 + 4 + 3 1. Partition 13, one share per node. 3 3 4 1 1 2 4 5 p. 8

Encryption of m = 13 For each node compute the sum of values at all nodes at distance at most 1, i.e. the value at the node itself plus all nodes directly connected to it. 1 + 2 + 3 1 = 5 3 3 4 1 1 2 4 5 p. 9

Encrypted message For each node write the sum computed in the previous step next to it. 5 6 2 4 11 5 2 7 p. 10

Decryption Add values at points seleted as secret key. 5 6 2 4 11 5 2 7 4 + 2 + 7 = 13. Why does this work? p. 11

Overview 1. 2. 3. 4. 5. 33 4 1 6. 33 4 1 7. 56 2 4 8. 56 2 4 1 2 4 5 1 2 4 5 11 5 2 7 11 5 2 7 A: 1. sheet: secret key (1), 2. sheet: public key (4) decryption (8) intermediate steps (1 3) B: 1. sheet: computations (5 6) 2.sheet: black numbers next to nodes (7) Why does this system work? Break the examples. Break this for graphs with 1000 nodes. p. 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback