com 2 mac workshop on cryptography
play

Com 2 MaC Workshop on Cryptography 26-28 june 2000 - Pohang - South - PDF document

Aug 11, 2023 •369 likes •660 views

Com 2 MaC Workshop on Cryptography 26-28 june 2000 - Pohang - South Korea Secure Designs for Public-Key Cryptography based on the Discrete Logarithm David Pointcheval Dpartement d Informatique ENS - CNRS David.Pointcheval@ens.fr

  1. Com 2 MaC Workshop on Cryptography 26-28 june 2000 - Pohang - South Korea Secure Designs for Public-Key Cryptography based on the Discrete Logarithm David Pointcheval Département d ’Informatique ENS - CNRS David.Pointcheval@ens.fr http://www.di.ens.fr/~pointche Overview Overview ◆ Introduction ◆ Security Arguments ◆ Signature ◆ Encryption ◆ Conclusion David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 2

  2. Com 2 MaC Workshop on Cryptography 26-28 june 2000 - Pohang - South Korea Introduction David Pointcheval Département d ’Informatique ENS - CNRS David.Pointcheval@ens.fr http://www.di.ens.fr/~pointche Cryptography Cryptography Cryptography: to solve security concerns Authentication ⇒ signature Integrity ⇒ encryption Confidentiality David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 4

  3. Authentication/Integrity Authentication/Integrity Authentication Algorithm � Verification Algorithm � � σ m � True/False m Security: it is impossible to produce a new valid pair ( m, σ ) David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 5 Encryption Encryption Encryption Algorithm � Decryption Algorithm � � � c m m Security: it is impossible to get back m just from c David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 6

  4. Foundations Foundations To build such primitives, one needs (trapdoor) one-way functions : x → y = f ( x ) is easy (Encryption, Verification) y = f ( x ) → x is difficult (Decryption, Signature) David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 7 Conventional Cryptography Conventional Cryptography k k � � c m m f is an intricate network of � k = f k permutations/substitutions, � k = f k -1 parameterized by a secret key f k and f k -1 are both “easy” to compute with k f k and f k -1 are both “difficult” to compute without k difficult: heuristic! David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 8

  5. Modern Cryptography Modern Cryptography k e k d � � c m m f is a non P-problem (no polynomial algorithm) � k e ( x ) = instance I of f from k e , for which x is a solution � k d ( I ) = solution of I “easy” to build an instance with a known solution “difficult” to solve an instance (but easy with k d ) difficult: complexity theory David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 9 One- -Way Functions Way Functions One ◆ �� -complete problems: ● hard in the worst-case what about the average case? ● hard asymptotically what about the difficulty of instances of reasonable size (few bytes)? ⇒ quite few candidates (for signature) ◆ Number Theory: ● factorization ⇒ RSA, etc ● discrete logarithm ⇒ Diffie-Hellman, etc David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 10

  6. The Discrete Logarithm The Discrete Logarithm ◆ Let � = (< g >, × ) be any cyclic group of order q (noted multiplicatively) ◆ For any y ∈ � , one defines Log g ( y ) = min{ x > 0 | y = g x } ◆ One-way function → y = g x ● x easy ● y = g x → x seems difficult David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 11 Various Groups Various Groups � = sub-group of ◆ � p * , � n * ⇒ sub-exponential (NFS) ◆ an elliptic curve ⇒ exponential (in general) ◆ a Jacobian ⇒ exponential (in general) ◆ other ● ideals of number fields (NICE) ● braid group, … David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 12

  7. Any Trapdoor …? Any Trapdoor …? ◆ The Discrete Logarithm is difficult But no information could make it easier! ◆ The Diffie-Hellman Problem (1976): ◆ Given A=g a and B=g b ◆ Compute DH ( A,B ) = C=g ab Clearly DH ≤ DL: with a =Log g A , C=B a C-DH Assumption: the DH-problem is intractable David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 13 Another DL- -based Problem based Problem Another DL The Decisional Diffie-Hellman Problem : ◆ Given A, B and C in <g> ◆ Decide whether C = DH ( A,B ) Clearly D-DH ≤ DH ≤ DL D-DH Assumption: the D-DH-problem is intractable David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 14

  8. Application: El Gamal Gamal Encryption Encryption Application: El = (< g >, × ) group of order q ◆ ◆ x : secret key ◆ y=g x : public key public ( ) ( , ) ( , ) = a a → m g y m c d secret ( , ) / = x c d d c One-Wayness = C-DH Semantic Security = D-DH David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 15 Com 2 MaC Workshop on Cryptography 26-28 june 2000 - Pohang - South Korea Security Arguments David Pointcheval Département d ’Informatique ENS - CNRS David.Pointcheval@ens.fr http://www.di.ens.fr/~pointche

  9. Security Notions Security Notions Depending on the security concerns, one defines ◆ the goals that an adversary may would like to reach ◆ the means/information available for the adversary David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 17 Security Proofs Security Proofs One provides a reduction from a “difficult” problem P to an attack Atk : ◆ � reaches the “prohibited” goals ⇒ � can be used to break P ◆ no further hypothesis: standard model ◆ but that rarely leads to efficiency! ⇒ some assumptions David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 18

  10. Security Arguments Security Arguments One provides a reduction from a “difficult” problem P to an attack Atk , under some ideal assumptions: ● ideal random hash function: random oracle model ● ideal symmetric encryption: ideal cipher model ● ideal group: generic model (generic adversaries) The weakest: Random Oracle Model (ROM) David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 19 Com 2 MaC Workshop on Cryptography 26-28 june 2000 - Pohang - South Korea Signature David Pointcheval Département d ’Informatique ENS - CNRS David.Pointcheval@ens.fr http://www.di.ens.fr/~pointche

  11. Authentication Authentication Authentication Algorithm � Verification Algorithm � k a k v � σ m � True/False m Security: it is impossible to produce a new valid pair ( m, σ ) David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 21 Security Notions Security Notions Total Break: to recover the secret key Universal Forgery: to be able to sign any message Existential Forgery: to produce a new valid pair ( m , σ ) (possibly m is without any meaning) David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 22

  12. Kinds of Attacks Kinds of Attacks no-message: the adversary just knows the public key known-message: she knows some message-signature pairs (adaptively) chosen-message she has access to a signature oracle David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 23 Secure Signature Secure Signature A Signature Scheme is said SECURE if it prevents any existential forgery even under adaptively chosen-message attacks Then, the signature guarantees: ● the identity of the sender ● the non-repudiation: the sender won’t be able to deny it later David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cryptography for Embedded Devices Tobias Oder Ruhr-University Bochum Workshop on Cryptography

Cryptography for Embedded Devices Tobias Oder Ruhr-University Bochum Workshop on Cryptography

Efficient Implementation of Lattice-based Cryptography for Embedded Devices Tobias Oder Ruhr-University Bochum Workshop on Cryptography for the 09.11.2017 Internet of Things and Cloud 2017 Lattice-based Cryptography Set of vectors in n

601 views • 27 slides
Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About Cryptographic Standards History of post-quantum cryptography 2003 Daniel J. Bernstein introduces term Post-quantum cryptography. PQCrypto 2006:

623 views • 23 slides
HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &amp;

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &amp;

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &amp; http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect

273 views • 24 slides
Cryptography Made to Measure Workshop on Applied Cryptography Matt Robshaw NTU, Singapore

Cryptography Made to Measure Workshop on Applied Cryptography Matt Robshaw NTU, Singapore

Cryptography Made to Measure Workshop on Applied Cryptography Matt Robshaw NTU, Singapore Orange Labs December 3, 2020 Paris, France Orange Labs A New Kind of Network Telecommunication companies like France Tlcom / Orange are

601 views • 36 slides
Tweaking Code-Based Cryptography for Embedded Systems DIMACS Workshop on The Mathematics of

Tweaking Code-Based Cryptography for Embedded Systems DIMACS Workshop on The Mathematics of

Tweaking Code-Based Cryptography for Embedded Systems DIMACS Workshop on The Mathematics of Post-Quantum Cryptography Tim Gneysu, Ingo von Maurich 1/12/2015 Horst Grtz Institute for IT-Security, Ruhr-Universitt Bochum, Germany Motivation

920 views • 70 slides
Error-correcting codes and Cryptography Henk van Tilborg Code-based Cryptography Workshop

Error-correcting codes and Cryptography Henk van Tilborg Code-based Cryptography Workshop

Error-correcting codes and Cryptography Henk van Tilborg Code-based Cryptography Workshop Eindhoven, May 11-12, 2011 1/45 CONTENTS I Error-correcting codes; the basics II Quasi-cyclic codes; codes generated by circulants III Cyclic codes

556 views • 45 slides
Microarchitectural Attacks in the Cloud Thomas Eisenbarth 07.11.2017 Workshop on Cryptography

Microarchitectural Attacks in the Cloud Thomas Eisenbarth 07.11.2017 Workshop on Cryptography

Microarchitectural Attacks in the Cloud Thomas Eisenbarth 07.11.2017 Workshop on Cryptography for the Internet of Things and Cloud Ruhr-Universitt Bochum Outline Cloud and Cryptography Co-Location in the Cloud Cache Attacks in the

2.23k views • 37 slides
Whats the worst that could happen? Eric Rescorla RTFM, Inc. DIMACS Workshop on Cryptography:

Whats the worst that could happen? Eric Rescorla RTFM, Inc. DIMACS Workshop on Cryptography:

Whats the worst that could happen? Eric Rescorla RTFM, Inc. DIMACS Workshop on Cryptography: Theory Meets Practice Overview Cryptography alone doesnt do much Real systems combine primitives into protocols Protocols treat primitives

630 views • 39 slides
Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M,

Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M,

Karlstad University Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M, C, E, D, K) M: the set of plaintexts C: the set of ciphertexts E: M x K -&gt; C enciphering functions D: C x K

446 views • 40 slides
NIST Lightweight Cryptography Workshop 2015 Session VII: Implementations &amp; Performance

NIST Lightweight Cryptography Workshop 2015 Session VII: Implementations &amp; Performance

NIST Lightweight Cryptography Workshop 2015 Session VII: Implementations &amp; Performance Performance of State-of-the-Art Cryptography on ARM-based Microprocessors Hannes Tschofenig &amp; Manuel Pegourie-Gonnard (Hannes.Tschofenig@arm.com,

509 views • 40 slides
Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY Plaintext Cyphertext More definitions block cipher stream cipher hash function shared key public key digital signature

383 views • 16 slides
Security on the Line: Modern Curve-based Cryptography Joost Renes SCA Workshop 18 June 2019

Security on the Line: Modern Curve-based Cryptography Joost Renes SCA Workshop 18 June 2019

Security on the Line: Modern Curve-based Cryptography Joost Renes SCA Workshop 18 June 2019 Modern curve-based cryptography Modern curve-based cryptography 1 / 11 Modern curve-based cryptography Internet of Things Size &amp; speed

1.39k views • 97 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 20th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do? Authentication

711 views • 47 slides
Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

322 views • 11 slides
Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

453 views • 11 slides
Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy Authentication Prevention of alteration Lecture 4 Page 1 CS 236 Online Cryptography and Secrecy Pretty obvious Only those knowing the

303 views • 15 slides
Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson/jme 1 OUTLINE

Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson/jme 1 OUTLINE

Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson/jme 1 OUTLINE Approaches to Message Authentication Secure Hash Functions (SHA) and Keyed- Hash Message Authentication Code (HMAC) Public-Key Cryptography

458 views • 29 slides
Lecture 10: Encryption CIS 1.0 Lecture 10, by Yuqing Tang How messages being sent? Packet

Lecture 10: Encryption CIS 1.0 Lecture 10, by Yuqing Tang How messages being sent? Packet

Lecture 10: Encryption CIS 1.0 Lecture 10, by Yuqing Tang How messages being sent? Packet switching via many routers. Routers sitting between source and destination computers can access the content of the packets. To ensure the

434 views • 18 slides
Lecture 3 Encryption Suggested readings: Chs 1 &amp; 2 in KPS Ch 1 in Stinson

Lecture 3 Encryption Suggested readings: Chs 1 &amp; 2 in KPS Ch 1 in Stinson

Lecture 3 Encryption Suggested readings: Chs 1 &amp; 2 in KPS Ch 1 in Stinson (recommended) 1 Encryption Principles A cryptosystem has (at least) five ingredients: 1. Plaintext 2. Secret Key 3. Ciphertext 4. Encryption algorithm 5.

657 views • 12 slides
draft-dickinson-dnsop- nameserver-control-01 Stephen Morris stephen@isc.org 1 NSCP Function

draft-dickinson-dnsop- nameserver-control-01 Stephen Morris stephen@isc.org 1 NSCP Function

draft-dickinson-dnsop- nameserver-control-01 Stephen Morris stephen@isc.org 1 NSCP Function Breakdown Commands - start, stop, halt etc. Zone manipulation add/remove zone, ACL creation, etc. Parameters - control nameserver

326 views • 9 slides
Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography

Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography

Homomorphic Cryptography &amp; Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography Bike lock of Internet Provides many important building blocks for security For example, encryption or

699 views • 31 slides
Participant Roles Conversational Roles 2 participants: Speaker Addressee 3+

Participant Roles Conversational Roles 2 participants: Speaker Addressee 3+

M ULTIPARTY D IALOGS John Riebold Participant Roles Conversational Roles 2 participants: Speaker Addressee 3+ participants: Speaker Addressee Auditor (known, ratified) Overhearer (known, non-ratified)

403 views • 16 slides
Changing the Conversation Vision Statement The FMCC is the resource and voice for Facility

Changing the Conversation Vision Statement The FMCC is the resource and voice for Facility

ISO 55000 Changing the Conversation Vision Statement The FMCC is the resource and voice for Facility Management Consultants worldwide to leverage our collective expertise to benefit IFMA members, and the Facility Management profession.

680 views • 42 slides
Talking TIM Webinar Series Bringing to your desk the great and varied work happening on the ground

Talking TIM Webinar Series Bringing to your desk the great and varied work happening on the ground

The Future of Transportation - 2010 APWA Annual Congress and Exposition Talking TIM Webinar Series Bringing to your desk the great and varied work happening on the ground and around the country in Traffic Incident Management (TIM) Hosted by

571 views • 17 slides

More recommend