19 big enough what marketing says generate public keys 56
play

19 big enough? What marketing says Generate public keys 56-bit - PowerPoint PPT Presentation

Jun 10, 2023 •11 likes •121 views

Is 2 255 19 big enough? What marketing says Generate public keys 56-bit crypto: Broken. on a strong elliptic curve 128-bit crypto: Okay. over the field Z (2 255 19). 256-bit crypto: High security! Is that safe? 512-bit

  1. � � � Is 2 255 19 big enough? What marketing says Generate public keys 56-bit crypto: Broken. on a “strong” elliptic curve 128-bit crypto: Okay. over the field Z (2 255 19). 256-bit crypto: High security! Is that safe? 512-bit crypto: Broken. 1024-bit crypto: Shaky. “Size does matter!” 2 255 19 must be, um, 256 bits. Fantastic! Best possible security level.

  2. � � � � enough? What marketing says What NSA says keys 56-bit crypto: Broken. NSA approves products elliptic curve 128-bit crypto: Okay. “classified or mission (2 255 19). 256-bit crypto: High security! national security info 512-bit crypto: Broken. NSA wants “elliptic 1024-bit crypto: Shaky. matter!” GF( ), where is 2 255 greater than 2 255 .” 19 must be, um, 256 bits. Fantastic! So 2 255 + 95 is fine Best possible security level. for national securit but 2 255 19 is not.

  3. � � What marketing says What NSA says 56-bit crypto: Broken. NSA approves products for 128-bit crypto: Okay. “classified or mission critical 256-bit crypto: High security! national security information.” 512-bit crypto: Broken. NSA wants “elliptic curves over 1024-bit crypto: Shaky. GF( ), where is a prime number 2 255 greater than 2 255 .” 19 must be, um, 256 bits. Fantastic! So 2 255 + 95 is fine Best possible security level. for national security information but 2 255 19 is not.

  4. � � says What NSA says What NIST says Broken. NSA approves products for 128-bit AES keys “co Okay. “classified or mission critical ECC primes with “256-383” High security! national security information.” the amount of work Broken. “break the algorithms” NSA wants “elliptic curves over Shaky. is approximately the GF( ), where is a prime number namely 2 128 operations, greater than 2 255 .” be, um, 256 bits. by best techniques So 2 255 + 95 is fine security level. for national security information but 2 255 19 is not.

  5. � What NSA says What NIST says NSA approves products for 128-bit AES keys “correspond” to “classified or mission critical ECC primes with “256-383” bits: national security information.” the amount of work needed to “break the algorithms” NSA wants “elliptic curves over is approximately the same, GF( ), where is a prime number namely 2 128 operations, greater than 2 255 .” by best techniques known. So 2 255 + 95 is fine for national security information but 2 255 19 is not.

  6. � ✁ ✂ ✂ ✂ ✁ ✁ � What NIST says What I say roducts for 128-bit AES keys “correspond” to Given ( ) = AES 2 127 AES mission critical ECC primes with “256-383” bits: using information.” the amount of work needed to Given ( 1 ) ( 2 “break the algorithms” “elliptic curves over find all ✄ using a is approximately the same, is a prime number AES evaluations. namely 2 128 operations, .” Or find some ✄ using by best techniques known. fine evaluations. security information Standard algorithms not. negligible communication perfect parallelization: cr.yp.to/papers.html #bruteforce

  7. ✁ ✁ ✁ ✂ ✂ ✂ What NIST says What I say � (0), find 128-bit AES keys “correspond” to Given ( ) = AES 2 127 AES evaluations. ECC primes with “256-383” bits: using the amount of work needed to Given ( 1 ) ( 2 ) ( 2 40 ), “break the algorithms” 2 127 find all ✄ using a total of is approximately the same, AES evaluations. namely 2 128 operations, 2 87 AES Or find some ✄ using by best techniques known. evaluations. Standard algorithms have negligible communication and perfect parallelization: see, e.g., cr.yp.to/papers.html #bruteforce

  8. ✁ ✁ ✂ ✂ ✂ ✁ What I say Given public key on 255-bit elliptic curve � (0), find eys “correspond” to Given ( ) = AES find secret key 2 127 AES evaluations. “256-383” bits: using 2 127 additions using ork needed to Given ( 1 ) ( 2 ) ( 2 40 ), Given 2 40 public keys, rithms” 2 127 find all ✄ using a total of the same, find all secret keys AES evaluations. 2 147 additions erations, using 2 87 AES Or find some ✄ using techniques known. Finding some key is evaluations. as finding first key: 2 127 additions. Easily Standard algorithms have negligible communication and by random self-reduction. perfect parallelization: see, e.g., See, e.g., Kuhn and cr.yp.to/papers.html #bruteforce

  9. ✁ ✁ ✂ ✂ ✂ ✁ What I say Given public key on 255-bit elliptic curve , � (0), find Given ( ) = AES find secret key 2 127 AES evaluations. using 2 127 additions on using . Given ( 1 ) ( 2 ) ( 2 40 ), Given 2 40 public keys, 2 127 find all ✄ using a total of find all secret keys AES evaluations. 2 147 additions on using . 2 87 AES Or find some ✄ using Finding some key is as hard evaluations. as finding first key: 2 127 additions. Easily prove Standard algorithms have negligible communication and by random self-reduction. perfect parallelization: see, e.g., See, e.g., Kuhn and Struik, 2001. cr.yp.to/papers.html #bruteforce

  10. ✁ ✄ ✁ � ✁ ✂ ✂ ✂ Given public key on Even worse for AES: 255-bit elliptic curve , can try much less computation. � (0), find AES find secret key Success chance drops AES evaluations. 2 127 additions on using . For elliptic curves, 2 ) ( 2 40 ), Given 2 40 public keys, drops quadratically 2 127 a total of find all secret keys evaluations. Bottom line: 128-bit 2 147 additions on using . not comparable in 2 87 AES ✄ using Finding some key is as hard to 255-bit elliptic-curve as finding first key: Is 2 255 19 big enough? 2 127 additions. Easily prove rithms have Is 128-bit AES safe? communication and by random self-reduction. rallelization: see, e.g., See, e.g., Kuhn and Struik, 2001. cr.yp.to/papers.html

  11. � Given public key on Even worse for AES: Attacker 255-bit elliptic curve , can try much less computation. find secret key Success chance drops linearly. 2 127 additions on using . For elliptic curves, success chance Given 2 40 public keys, drops quadratically. find all secret keys Bottom line: 128-bit AES keys are 2 147 additions on using . not comparable in security Finding some key is as hard to 255-bit elliptic-curve keys. as finding first key: Is 2 255 19 big enough? Yes. 2 127 additions. Easily prove Is 128-bit AES safe? Unclear. by random self-reduction. See, e.g., Kuhn and Struik, 2001.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Password Human beings : Short keys; possibly used to generate longer keys Dictionary

Password Human beings : Short keys; possibly used to generate longer keys Dictionary

Password Human beings : Short keys; possibly used to generate longer keys Dictionary attack: adversary tries more common keys (easy with a large set of users) Trojan horse Countermeasures: slow login, close after several

563 views • 14 slides
How to Generate Keys from Margarita Osadchy University of Haifa Facial Images and Keep your

How to Generate Keys from Margarita Osadchy University of Haifa Facial Images and Keep your

How to Generate Keys from Margarita Osadchy University of Haifa Facial Images and Keep your Joint work with Mahmood Privacy at the Same Time Sharif and Orr Dunkelman Motivation Key-Derivation: generating a secret key, from information

1.25k views • 57 slides
Online/Digital Marketing for Schools February 14, 2018 Keys to Success Remember Your Marketing

Online/Digital Marketing for Schools February 14, 2018 Keys to Success Remember Your Marketing

Online/Digital Marketing for Schools February 14, 2018 Keys to Success Remember Your Marketing PITCH: - Pride Constantly remind people including yourself what an amazing place this is. - - Intentionality Move from All Are

978 views • 80 slides
Marketing Evolution Same Budget, Better Results, Keys to Marketing in Turbulent Times Rex Briggs

Marketing Evolution Same Budget, Better Results, Keys to Marketing in Turbulent Times Rex Briggs

Marketing Evolution Same Budget, Better Results, Keys to Marketing in Turbulent Times Rex Briggs rex@marketingevolution.com June, 2009 0 Marketing Evolution MarketingEvolution.com | CONFIDENTIAL The Fear of a CFO I will have to cut jobs to

655 views • 27 slides
A Data Remanence based Approach to Generate 100% Stable Keys from an SRAM Physical Unclonable

A Data Remanence based Approach to Generate 100% Stable Keys from an SRAM Physical Unclonable

A Data Remanence based Approach to Generate 100% Stable Keys from an SRAM Physical Unclonable Function Muqing Liu, Chen Zhou, Qianying Tang, Keshab K. Parhi and Chris H. Kim University of Minnesota, Twin Cities liux3300@umn.edu International

494 views • 28 slides
Keys to Effective Influencer Marketing Mark Lapidus Sr. Director, Digital Development BRAND USA

Keys to Effective Influencer Marketing Mark Lapidus Sr. Director, Digital Development BRAND USA

Keys to Effective Influencer Marketing Mark Lapidus Sr. Director, Digital Development BRAND USA Roberta Hatchett Director, Advertising & Media Marketing BRAND USA Agenda What is influencer marketing? What makes a successful

559 views • 17 slides
Compressing RSA/Rabin keys Public keys D. J. Bernstein Each user publishes a key 2 2047 + 1

Compressing RSA/Rabin keys Public keys D. J. Bernstein Each user publishes a key 2 2047 + 1

Compressing RSA/Rabin keys Public keys D. J. Bernstein Each user publishes a key 2 2047 + 1 2 2047 2 2048 1 . Thanks to: University of Illinois at Chicago User knows prime factors of . NSF CCR9983950

768 views • 53 slides
KEYS TO SUCCESSFUL GRAIN MARKETING Scott Irwin and Darrel Good Department of Agricultural and

KEYS TO SUCCESSFUL GRAIN MARKETING Scott Irwin and Darrel Good Department of Agricultural and

KEYS TO SUCCESSFUL GRAIN MARKETING Scott Irwin and Darrel Good Department of Agricultural and Consumer Economics University of Illinois at Urbana-Champaign Executive Summary Producer pricing performance is not as poor as advertised.

1.25k views • 68 slides
Getting started with SSH Keys with a free SYN Shop VM Host mrjones SYN Shop Wednesday May 16,

Getting started with SSH Keys with a free SYN Shop VM Host mrjones SYN Shop Wednesday May 16,

Getting started with SSH Keys with a free SYN Shop VM Host mrjones SYN Shop Wednesday May 16, 2018 mrjones@plip.com plip.com/sshkeys v5.0 Agenda Tech Review (Tech Review) How to Generate (Keys) Keys: Installing and using on free

618 views • 43 slides
Recap: Part 6 Public key cryptosystem: a pair of keys Public-key: meant for public, should

Recap: Part 6 Public key cryptosystem: a pair of keys Public-key: meant for public, should

Recap: Part 6 Public key cryptosystem: a pair of keys Public-key: meant for public, should be given out Private-key: remains always secret An operation performed by one key in the pair can be inversed only by the other key

267 views • 13 slides
Get Your Business Marketing Ready MELISSA LOVE 3 keys to success. 1.Take massive action 2.

Get Your Business Marketing Ready MELISSA LOVE 3 keys to success. 1.Take massive action 2.

Get Your Business Marketing Ready MELISSA LOVE 3 keys to success. 1.Take massive action 2. Show up consistently 3. Fail forward 4.Done is better than perfect No one has enough time, until you make the time. Scheduling is everything.

593 views • 26 slides
Public Key Encryption Systems The encrypter and decrypter have different keys C = E(K E ,P) P

Public Key Encryption Systems The encrypter and decrypter have different keys C = E(K E ,P) P

Public Key Encryption Systems The encrypter and decrypter have different keys C = E(K E ,P) P = D(K D ,C) Often, works the other way, too Lecture 4 Page 1 CS 236 Online History of Public Key Cryptography Invented by Diffie and

618 views • 24 slides
START TURNING WEBSITE TRAFFIC INTO REVENUE CORE CONCEPT Marketing is food Marketing not

START TURNING WEBSITE TRAFFIC INTO REVENUE CORE CONCEPT Marketing is food Marketing not

START TURNING WEBSITE TRAFFIC INTO REVENUE CORE CONCEPT Marketing is food Marketing not medicine 2 What We Want from our Marketing Generate more new patient enquiries... Higher end treatment plans leads... Provide Sustainable growth..

393 views • 37 slides
2010 2500 keys > 100 uses 1250 keys > 1000 uses 2018 11000 keys >

2010 2500 keys > 100 uses 1250 keys > 1000 uses 2018 11000 keys >

2010 2500 keys > 100 uses 1250 keys > 1000 uses 2018 11000 keys > 100 uses 4450 keys > 1000 uses An excursion in to the world of OSM tagging presets Simon Poole, SOtM 2018 In the beginning Bus

686 views • 50 slides
Signatures with Flexible Public Key: Introducing Equivalence Classes for Public Keys Michael

Signatures with Flexible Public Key: Introducing Equivalence Classes for Public Keys Michael

Signatures with Flexible Public Key: Introducing Equivalence Classes for Public Keys Michael Backes, Lucjan Hanzlik, Kamil Kluzcniak, Jonas Schneider This Talk New primitive! Signatures with Flexible Public Key Applications to

1.11k views • 56 slides
1 Key Exchange Diffie-Hellman Key Exchange Parties may have initial information Assume

1 Key Exchange Diffie-Hellman Key Exchange Parties may have initial information Assume

TECS Week 2005 Key Management Options Key Management Protocols Out of band and Compositionality Can set up some keys this way (Kerberos) Public-key infrastructure (PKI) Leverage small # of public signing keys Protocols for

282 views • 5 slides
Security dangers of the NIST curves Daniel J. Bernstein, Tanja Lange http://xkcd.com/927

Security dangers of the NIST curves Daniel J. Bernstein, Tanja Lange http://xkcd.com/927

Security dangers of the NIST curves Daniel J. Bernstein, Tanja Lange http://xkcd.com/927 http://xkcd.com/927 But our goal today isnt unification; its security. We come to bury the standard, not to praise it. Why do people choose

572 views • 31 slides
Wedge: Splitting Applications into Reduced-Privilege Compartments Andrea Bittau Petr Marchenko

Wedge: Splitting Applications into Reduced-Privilege Compartments Andrea Bittau Petr Marchenko

Wedge: Splitting Applications into Reduced-Privilege Compartments Andrea Bittau Petr Marchenko Mark Handley Brad Karp University College London April 17, 2008 Vulnerabilities threaten sensitive data Exploits allow running arbitrary code

845 views • 60 slides
Earnings Conference Call 2 nd Quarter 2009 July 24, 2009 July 24, 2009 Forward-Looking

Earnings Conference Call 2 nd Quarter 2009 July 24, 2009 July 24, 2009 Forward-Looking

Earnings Conference Call 2 nd Quarter 2009 July 24, 2009 July 24, 2009 Forward-Looking Statements This press release includes forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995, that are

601 views • 38 slides
Solving Hamilton-Jacobi-Bellman equations by combining a max-plus linear approximation and a

Solving Hamilton-Jacobi-Bellman equations by combining a max-plus linear approximation and a

Solving Hamilton-Jacobi-Bellman equations by combining a max-plus linear approximation and a probabilistic numerical method Marianne Akian INRIA Saclay - Ile-de-France and CMAP Ecole polytechnique CNRS RICAM Workshop: Numerical methods

276 views • 24 slides
your business your future Limited by Guarantee. Registered in England. Registration No 37818.

your business your future Limited by Guarantee. Registered in England. Registration No 37818.

The Sheep Centre, Malvern, Worcestershire, WR13 6PH, enquiries@nationalsheep.org.uk, www.nationalsheep.org.uk A company your business your future Limited by Guarantee. Registered in England. Registration No 37818. Registered charity in England and

100 views • 7 slides
Algebras of Generalized Functions and Nonstandard Analysis Hans Vernaeve (joint work with Todor

Algebras of Generalized Functions and Nonstandard Analysis Hans Vernaeve (joint work with Todor

Algebras of Generalized Functions and Nonstandard Analysis Hans Vernaeve (joint work with Todor Todorov) University of Innsbruck June 2008 Generalized Functions and N.S.A. . (Hans Vernaeve) 1 / 15 Generalized functions: introduction and

380 views • 21 slides
FIN AN C E U N IT PR ESEN T A T IO N Funding Grants received and how we allocate the

FIN AN C E U N IT PR ESEN T A T IO N Funding Grants received and how we allocate the

FIN AN C E U N IT PR ESEN T A T IO N Funding Grants received and how we allocate the funds. Sources of Funds 100% Federally funded by the USDA NSA Admin Grant Local Agencies NSA Food Grant EBT FMNP Project

279 views • 11 slides
Privacy versus government surveillance where network effects meet public choice Ross Anderson

Privacy versus government surveillance where network effects meet public choice Ross Anderson

Privacy versus government surveillance where network effects meet public choice Ross Anderson Cambridge Two views of money and power The Bay Area view: money and power are all about network effects, which help you create a platform to

393 views • 16 slides

More recommend