Coding-theoretic problems in public key cryptography

Similar documents
The McEliece Cryptosystem

Code-Based Cryptography Error-Correcting Codes and Cryptography

International Journal of Scientific & Engineering Research Volume 9, Issue 5, May ISSN

CS 161 Computer Security

RSA. Public Key CryptoSystem

Public Key Cryptography and the RSA Cryptosystem

CPSC 467b: Cryptography and Computer Security

Failure of the McEliece Public-Key Cryptosystem Under Message-Resend and Related-Message Attack

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

Senior Math Circles Cryptography and Number Theory Week 1

Table of Contents. Preface... vii Abstract... vii Kurzfassung... x Acknowledgements... xiii. I The Preliminaries 1

CPSC 467: Cryptography and Computer Security

Introduction to Cryptography Lecture 7

Cryptography Worksheet

CS 161 Computer Security. Week of September 11, 2017: Cryptography I

Nature Sunday Academy Lesson Plan

Uzzah and the Ark of the Covenant

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Cryptography Functions

Algorithms (III) Yijia Chen Shanghai Jiaotong University

L2. An Introduction to Classical Cryptosystems. Rocky K. C. Chang, 23 January 2015

Algorithms (III) Yu Yu. Shanghai Jiaotong University

Computational Security, Stream and Block Cipher Functions

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

McEliece Cryptosystem in real life: security and implementation

Lecture 02: Historical Encryption Schemes. Lecture 02: Historical Encryption Schemes

Introduction to Cryptography and Security Mechanisms. Abdul Hameed

Other Topics in Cryptography. Truong Tuan Anh

How many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?

Code-Based Cryptography McEliece Cryptosystem

1 Quantum Cryptography

CPSC 467b: Cryptography and Computer Security

A note on CCA2-protected McEliece cryptosystem with a systematic public key

Algorithms (III) Yijia Chen Shanghai Jiaotong University

CRC Press has granted the following specific permissions for the electronic version of this book:

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

CS Network Security. Nasir Memon Polytechnic University Module 7 Public Key Cryptography. RSA.

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption

Advances in Implementations of Code-based Cryptography on Embedded Systems

Lecture 3 Algorithms with numbers (cont.)

EE 595 (PMP) Introduction to Security and Privacy Homework 1 Solutions

Cryptography (Overview)

Public Key Algorithms

Shared Secret = Trust

Network Security Technology Project

Great Theoretical Ideas in Computer Science. Lecture 27: Cryptography

Introduction to Cryptography Lecture 7

Comparison between Separable and Irreducible Goppa Code in McEliece Cryptosystem

Homework 1 CS161 Computer Security, Spring 2008 Assigned 2/4/08 Due 2/13/08

Chapter 9 Public Key Cryptography. WANG YANG

CPSC 467: Cryptography and Computer Security

1 A Tale of Two Lovers

Authentication Part IV NOTE: Part IV includes all of Part III!

SECURE AND ANONYMOUS HYBRID ENCRYPTION FROM CODING THEORY

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Foundations of Cryptography CS Shweta Agrawal

Defining Encryption. Lecture 2. Simulation & Indistinguishability

Traditional Symmetric-Key Ciphers. A Biswas, IT, BESU Shibpur

CPSC 467: Cryptography and Computer Security

1 Achieving IND-CPA security

Diffie-Hellman. Part 1 Cryptography 136

CS 161 Computer Security

RSA (algorithm) History

CPSC 467b: Cryptography and Computer Security

CS61A Lecture #39: Cryptography

Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

A Tour of Classical and Modern Cryptography

Introduction. Cambridge University Press Mathematics of Public Key Cryptography Steven D. Galbraith Excerpt More information

EEC-484/584 Computer Networks

Key Establishment and Authentication Protocols EECE 412

Classic Cryptography: From Caesar to the Hot Line

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

INSE 6110 Midterm LAST NAME FIRST NAME. Fall 2016 Duration: 80 minutes ID NUMBER. QUESTION Total GRADE. Notes:

Cryptography. Submitted to:- Ms Poonam Sharma Faculty, ABS,Manesar. Submitted by:- Hardeep Gaurav Jain

INTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET)

CS 161 Computer Security

Overview. Public Key Algorithms I

TECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 31 October 2017

Chapter 3 Traditional Symmetric-Key Ciphers 3.1

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Cryptography III Want to make a billion dollars? Just factor this one number!

Encrypted Data Deduplication in Cloud Storage

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

2 What does it mean that a crypto system is secure?

Lecture 07: Private-key Encryption. Private-key Encryption

Cryptanalyzing the Polynomial Reconstruction based Public-Key System under Optimal Parameter Choice

Blum-Blum-Shub cryptosystem and generator. Blum-Blum-Shub cryptosystem and generator

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

Secret Key Cryptography

More on Cryptography CS 136 Computer Security Peter Reiher January 19, 2017

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

A CCA2 Secure PKE Based on McEliece Assumptions in the Standard Model

Goals of Modern Cryptography

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Notes for Lecture 14

Kurose & Ross, Chapters (5 th ed.)

Topics. Number Theory Review. Public Key Cryptography

Transcription:

Coding-theoretic problems in public key cryptography Carl Löndahl Department of Electrical and Information Technology Lund University, Sweden SWITS 12 June 3rd, 2012

Outline 1 Error correcting codes 2 Public key cryptography

Outline 1 Error correcting codes 2 Public key cryptography

Error correcting codes The big picture... How to transmit information over a noisy channel. Fundamental structure The structure of an information bearing system: u Encoder v Channel e û Decoder v + e By adding redundancy, we create an error-correcting code which is used by the encoder and decoder.

Error correcting codes In general, we work with linear codes. The encoded codeword v is created by multiplying the information sequence with a generator matrix G: ug = v, where G is a n k matrix, u F k and v F n. This gives us n k bits of redundancy.

Error correcting codes In general, we work with linear codes. The encoded codeword v is created by multiplying the information sequence with a generator matrix G: ug = v, where G is a n k matrix, u F k and v F n. This gives us n k bits of redundancy. Example (Repetition code) Let G = [ 1 1 1 ]. Then, 1 0 1 111 000 111 110 000 111 1 0 1 1 0 1 111 000 111 010 000 111 0 0 1 Can correct at most one error in every block.

Error correcting codes Problem statement: General (linear) decoding problem Find u using v = ug + e, such that the weight of e is minimized. Basically the least squares problem over the field F. Why is this interesting?

Error correcting codes Problem statement: General (linear) decoding problem Find u using v = ug + e, such that the weight of e is minimized. Basically the least squares problem over the field F. Why is this interesting? In 1978, Berlekamp, McEliece and van Tilborg proved that the general problem is N P-hard! We can use this to construct a public key cryptosystem!

Outline 1 Error correcting codes 2 Public key cryptography

What is public key cryptography? A public key cryptosystem has 1. A public key for encryption, known by everyone...

What is public key cryptography? A public key cryptosystem has 1. A public key for encryption, known by everyone... 2....and a private key decryption, which is secret.

What is public key cryptography? A public key cryptosystem has 1. A public key for encryption, known by everyone... 2....and a private key decryption, which is secret. The ideal situation Eve Bob (has key!) Encrypt O(poly(n)) O(poly(n)) Decrypt O(exp(n)) O(poly(n))

How to construct a public key cryptosystem? 1. A problem with a set S E with easy instances

How to construct a public key cryptosystem? 1. A problem with a set S E with easy instances 2....and a set S H of hard instances

How to construct a public key cryptosystem? 1. A problem with a set S E with easy instances 2....and a set S H of hard instances 3....and an invertable function transforming a problem in S E into a problem in S H. The function is often called a trap-door function.

McEliece public key cryptosystem: McEliece suggested in a paper in 1978 to use the decoding problem. It is hard for the random case... Step 1 Alice randomly chooses a triple (S, G, P) as her secret key. She constructs the product SGP = Ĝ, which is the public key. Now Alice publishes Ĝ.

Now, suppose we want to encrypt... Step 2 Bob encrypts a message m by computing the vector c = mĝ, using Alice s public key Ĝ. He then adds a randomly generated error vector e of weight t to form the ciphertext, c = c + e.

Alice now wants to decrypt the message c sent to her, where Ĝ is random (or at least random-looking!). This is hard, but we have a trumph card up our sleeve... remember the trap-door?

Alice now wants to decrypt the message c sent to her, where Ĝ is random (or at least random-looking!). This is hard, but we have a trumph card up our sleeve... remember the trap-door? c = hard {}}{ mĝ + e = m(sgp) + e = (ms)gp + e cp 1 = ((ms)gp + e)p 1 = (ms)g + ep 1 = ˆmG + ê }{{} easy Note: P is a permutation matrix and does not change the number of errors in e, i.e. weight(e) = weight(ê)!

Alice now wants to decrypt the message c sent to her, where Ĝ is random (or at least random-looking!). This is hard, but we have a trumph card up our sleeve... remember the trap-door? c = hard {}}{ mĝ + e = m(sgp) + e = (ms)gp + e cp 1 = ((ms)gp + e)p 1 = (ms)g + ep 1 = ˆmG + ê }{{} easy Note: P is a permutation matrix and does not change the number of errors in e, i.e. weight(e) = weight(ê)! Step 3 Alice decrypts the ciphertext by computing ĉ = cp 1 and uses the efficient decoding algorithm to decode ĉ to ˆm = ms. Finally, the plaintext m is given by ˆmS 1 = (ms)s 1 = m.

What about security? A trivial attack 1. Choose k columns from Ĝ. 2. Form a k k matrix G and hope that the errors are in the remaining n k columns. 3. Invert the matrix. Now m = c G 1. Probabilistic algorithm, expected exponential complexity. Best algorithms use information set decoding. See [JL11], [MMT11], [BJMM12]. Still expected exponential complexity.

My research right now: Some codes however have efficent decoding algorithms, even without knowing the key. These kinds of attacks are called structural attacks. The original approach use a set of easy instances based on a class of codes called Goppa codes. They have a well-defined structure making them susceptable to structural attacks. We have approached the problem of low entropy by using time-variant convolutional codes. These codes have large sets of independent random parity bits (or variables) = lots of entropy.

Thank you for your attention! Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback