conception of a language for cryptographic reductions
play

Conception of a language for cryptographic reductions L. Ducas, - PowerPoint PPT Presentation

Oct 08, 2023 •245 likes •521 views

L. Ducas, Master Thesis Conception of a language 1. Introduction 2 3 4 for cryptographic reductions Supervisor : M. Baudet Presentation Master thesis of Lo Ducas, supervised by Mathieu Baudet (ANSSI). Conception of a language for

  1. L. Ducas, Master Thesis Conception of a language 1. Introduction 2 3 4 for cryptographic reductions Supervisor : M. Baudet Presentation Master thesis of Léo Ducas, supervised by Mathieu Baudet (ANSSI). Conception of a language for cryptographic reductions

  2. L. Ducas, Master Thesis Conception of a language 1. Introduction 2 3 4 for cryptographic reductions Supervisor : M. Baudet Cryptographic reduction A cryptographic reduction transform an attacker against a cryptographic construction into a solver of some believed hard problem Exemple : An attacker on the Cramer-Shoup encryption can be transformed into an algorithm solving the Diffie-Hellman problem.

  3. L. Ducas, Master Thesis Conception of a language 1. Introduction 2 3 4 for cryptographic reductions Supervisor : M. Baudet Reliability of proofs Cryptographic reductions deals with many probabilistic algorithms with complex interactions Mistakes in security proofs are possible ! Ex : OAEP Scheme [Bellar & Rogaway, 1994] Formal proofs More reliable May be assited / automatisable But also Logical and pedagogical interest

  4. L. Ducas, Master Thesis Conception of a language 1. Introduction 2 3 4 for cryptographic reductions Supervisor : M. Baudet Existing formal frameworks for cryptographic proofs - CryptoVerif Tool [Blanchet, 2006] Concrete security, game-based proofs, automatised - Pseudo-code of Backes et al. [Backes et al., 2008] asymptotic security, game-based proofs, assisted by Isabelle/HOL - The computational SLR [Yu Zhang, 2009] asymptotic security, game-based proofs, manual - Framework for language-based cryptographic proofs [Barthe et al., 2009] Concrete security, game-based proofs, assisted by Coq

  5. L. Ducas, Master Thesis Conception of a language 1. Introduction 2 3 4 for cryptographic reductions Supervisor : M. Baudet Our Approach Constructive approach, with explicit reductions As suggested by P. Rogaway [Rogaway, 2006] 3 steps to prove security : 1/ Explicitly write reductions 2/ Prove its correctness 3/ Prove its efficiencity (concrete or asymptotic) Our work focuses on step 1/

  6. L. Ducas, Master Thesis Conception of a language 1. Introduction 2 3 4 for cryptographic reductions Supervisor : M. Baudet Goals Conception of a language for cryptographic reductions Complete enough describe modern cryptographic concept and state corresponding security results Simple enough to allow futures formals proofs on the programs written in this language Based on Lambda-Calculus (higher order) With polymorphic typing (a posteriori)

  7. L. Ducas, Master Thesis Conception of a language 1. Introduction 2 3 4 for cryptographic reductions Supervisor : M. Baudet Summary 1. Introduction 2. The langage Higher order in cryptography Lambda-Calculus « à la Moggi » Implémentation examples 3. Algebraic models Presentation of algebraic (or generic) models Taking advantage of polymorphism 4. Conclusion Results Other problems Bibliography

  8. L. Ducas, Master Thesis Conception of a language 2. The language 3 4 for cryptographic reductions Supervisor : M. Baudet Higher order in Cryptography Oracles are used to modelize information the attacker can get Ex : (Signature scheme) the attacker may know many signed messages. In the worst case, he can choose those messages. request Oracle answser → Oracle : Request answer (Ordre 1)

  9. L. Ducas, Master Thesis Conception of a language 2. The language 3 4 for cryptographic reductions Supervisor : M. Baudet Higher order in Cryptography Oracle Oracle Attacker Answer → Attacker : oracle answer (Ordre 2)

  10. L. Ducas, Master Thesis Conception of a language 2. The language 3 4 for cryptographic reductions Supervisor : M. Baudet Higher order in Cryptography oracle Attaquant Attacker criterion b : bool, successfull attack ? → Critère : attacker bool (Ordre 3)

  11. L. Ducas, Master Thesis Conception of a language 2. The language 3 4 for cryptographic reductions Supervisor : M. Baudet Higher order in Cryptography oracle Attacker Reduction criterion b : bool, successfull attack ? → Réduction : attacker attacker' (Ordre 3)

  12. L. Ducas, Master Thesis Conception of a language 2. The language 3 4 for cryptographic reductions Supervisor : M. Baudet Higher order in Cryptography Reduction Oracle Pseudo- attacker Meta-reduction → Meta-reduction : reduction attacker (Ordre 4)

  13. L. Ducas, Master Thesis Conception of a language 2. The language 3 4 for cryptographic reductions Supervisor : M. Baudet Lambda-Calculus « à la Moggi » The Syntax : Variable Predefined Constant (primitives) Abstraction Application Definition Sequence of computation Unitary computation Among predefined constant : Constructors for integers, lists, trees ... Primitive induction operators on each types References (on pure types only) Randomness generation NB : no fixpoint operator

  14. L. Ducas, Master Thesis Conception of a language 2. The language 3 4 for cryptographic reductions Supervisor : M. Baudet Lambda-Calculus « à la Moggi » Typing rules : → → → → ref : a T (Ref a) ( ! ) deref : Ref a T a ( := ) assign : Ref a a T U → rand_bool : T bool rand_int : int T int Polymorphic types State monade with references and random tape, Monadic types Denotationnal semantic in Set

  15. Conception d’un langage pour les L. Ducas, Master Thesis Stage M2 : L. Ducas Conception of a language 2. The language 3 4 réductions cryptographiques for cryptographic reductions Encadré par M. Baudet Supervisor : M. Baudet Implementation examples 3 examples implemented : Hash-Then-Sign construction (as choosed in [Rogaway, 2006]) Goldreich, Goldwasser & Micali construction (PRG to PRF) [GGM, 1986] Meta-reduction of Paillier & Vergnaud [Paillier & Vergnaud, 2005] Programming style : Re-use of code (modularity) Sandboxing references whenever possible Think ahead the formal proof

  16. L. Ducas, Master Thesis Conception of a language 2. The language 3 4 for cryptographic reductions Supervisor : M. Baudet Implementation examples let call_limiter n f = let m <= ref n in val(fun x -> let m1<= !m in if (m1 = 0) then exit else begin m := (m1-1); f x end );; int α ∀ α β → α → β → α → β . int ( T ) T ( T ) β

  17. L. Ducas, Master Thesis Conception of a language 2. The language 3 4 for cryptographic reductions Supervisor : M. Baudet Implementation examples let logger f = let l <= ref nil in Val( (fun x -> let ll<= !l in L l:=cons x ll; x ), (!l) );; α α ∀ List α β α → β → α → β α . ( T ) T (( T ) × T ( List)) L β

  18. L. Ducas, Master Thesis Conception of a language 2. The language 3 4 for cryptographic reductions Supervisor : M. Baudet Implementation examples Public key Signature Scheme Private key gen message sign verif Hash Hached value hash Then signature sign Boolean Critère Existencial forgery Attacker

  19. L. Ducas, Master Thesis Conception of a language 2. The language 3 4 for cryptographic reductions Supervisor : M. Baudet Implementation examples Public key Private key message Hached value signature Boolean Signature scheme gen sign verif Réduction ? hash Attacker Criterion Existencial forgery or collision

  20. L. Ducas, Master Thesis Conception of a language 2. The language 3 4 for cryptographic reductions Supervisor : M. Baudet Implementation examples Public key Private key Existencial forgery or collision message Hached value signature Boolean List of Criterion logger h logger a s h listh Attaquant Réduction

  21. L. Ducas, Master Thesis Conception of a language 2. The language 3 4 for cryptographic reductions Supervisor : M. Baudet Implementation examples Public key Private key Existencial forgery or collision hash message Hached value signature Boolean List iter List of Criterion logger h a s h listh Attaquant Réduction

  22. L. Ducas, Master Thesis Conception of a language 3. Algebraics Models 4 for cryptographic reductions Supervisor : M. Baudet Presentation of algebraic (generic) models - Restriction of permitted operation (to a certain API) - Useful to extract information from the attacker (how he build certain objects) and limit its view - Usually formalised with an intermediate register machine receiving orders Used in : Many proofs in the generic group model, Reduction from RSA to factoring, Meta-reduction de Paillier & Vergnaud Cryptographic game order ← ← R3 R1 + R6; R2 R3 / R5 Challenger R1 R2 R3 … answer

  23. L. Ducas, Master Thesis Conception of a language 3. Algebraics Models 4 for cryptographic reductions Supervisor : M. Baudet Taking advantage of polymorphism Normal Cheated API API + - Trees (formulas) Attacker Attacker Theorem (informal) : If we replace a normal API by the cheated API, the attacker's behaviour isn't changed much, namely it will output trees instead of normal elements, But such that those trees represent the same elements. Moreover, thoses trees have for only leaves elements given to the attacker as inputs. The proof of this theorem used parametricity introduced by [Walder, 1989]

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cryptographic Reductions: Classification and Applications to Ideal Models Paul Baecher

Cryptographic Reductions: Classification and Applications to Ideal Models Paul Baecher

Cryptographic Reductions: Classification and Applications to Ideal Models Paul Baecher Cryptographic Reductions: Classification and Applications to Ideal Models Paul Baecher Three Ways to Argue for Cryptographic Security Cryptanalysis

933 views • 75 slides
High-Assurance and High-Speed Cryptographic Implementations Using the Jasmin Language J.B.

High-Assurance and High-Speed Cryptographic Implementations Using the Jasmin Language J.B.

High-Assurance and High-Speed Cryptographic Implementations Using the Jasmin Language J.B. Almeida, M. Barbosa, G. Barthe, B. Grgoire, A. Koutsos , V. La- porte, T. Oliveira, P-Y. Strub Octobre 9th, 2019 1 Context 2 Context Cryptographic

985 views • 57 slides
CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools Cryptographic Tools Cryptographic algorithms important element in security services Review various types of elements symmetric encryption secure

1.27k views • 23 slides
Programming Language Techniques for Cryptographic Proofs Gilles Barthe 1 egoire 2 eguelin 1

Programming Language Techniques for Cryptographic Proofs Gilles Barthe 1 egoire 2 eguelin 1

Programming Language Techniques for Cryptographic Proofs Gilles Barthe 1 egoire 2 eguelin 1 Benjamin Gr Santiago Zanella-B 1 IMDEA Software, Madrid, Spain 2 INRIA Sophia Antipolis - M editerran ee, France ITP 2010 Formal verification

521 views • 31 slides
Polynomial-time reductions We have seen several reductions: Polynomial-time reductions Informal

Polynomial-time reductions We have seen several reductions: Polynomial-time reductions Informal

Polynomial-time reductions We have seen several reductions: Polynomial-time reductions Informal explanation of reductions: We have two problems, X and Y. Suppose we have a black-box solving problem X in polynomial-time. Can we use the black-box

1.38k views • 32 slides
The MA &amp; PhD: from conception to delivery Dr Scott Burchill School of International &amp;

The MA &amp; PhD: from conception to delivery Dr Scott Burchill School of International &amp;

The MA &amp; PhD: from conception to delivery Dr Scott Burchill School of International &amp; Political Studies Deakin University HDR Seminar - 26th March, 2010 Pre-conception: Understanding yourself Our varying rates of intellectual

433 views • 9 slides
Definition Definition Pre-conception Care Pre-conception Care for Primary Care for Primary

Definition Definition Pre-conception Care Pre-conception Care for Primary Care for Primary

Definition Definition Pre-conception Care Pre-conception Care for Primary Care for Primary Care Providers Providers Biomedical &amp; behavioral interventions that identify and address reversible risks to a woman s health that must be

427 views • 13 slides
Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction to cryptographic protocols communication (various security goals) Bruno Blanchet use cryptographic primitives (e.g. encryption, hash function,

451 views • 14 slides
CertiCrypt Language-Based Cryptographic Proofs in Coq Gilles Barthe 1 , 2 Benjamin Grgoire 1 , 3

CertiCrypt Language-Based Cryptographic Proofs in Coq Gilles Barthe 1 , 2 Benjamin Grgoire 1 , 3

CertiCrypt Language-Based Cryptographic Proofs in Coq Gilles Barthe 1 , 2 Benjamin Grgoire 1 , 3 Santiago Zanella 1 , 3 1 Microsoft Research - INRIA Joint Centre, France 2 IMDEA Software, Madrid, Spain 3 INRIA Sophia Antipolis - Mditerrane,

580 views • 35 slides
A Verifying Core for a Cryptographic Language Compiler Lee Pike (presenting) Mark Shields 1 John

A Verifying Core for a Cryptographic Language Compiler Lee Pike (presenting) Mark Shields 1 John

A Verifying Core for a Cryptographic Language Compiler Lee Pike (presenting) Mark Shields 1 John Matthews Galois Connections August 15, 2006 1 Presently at Microsoft. Thanks Rockwell Collins Advanced Technology Center, especially David

655 views • 27 slides
Reductions So far, two reductions that preserve the CS 611 meaning of a lambda calculus

Reductions So far, two reductions that preserve the CS 611 meaning of a lambda calculus

Reductions So far, two reductions that preserve the CS 611 meaning of a lambda calculus Advanced Programming Languages expression: Andrew Myers ( x e ) ( x e { x / x }) (if x FV e ) Cornell University

358 views • 3 slides
Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic protocols and how to prove it? Yu ZHANG Including joint work with J. Goubault-Larrecq, D. Nowak and S. Lasota EVEREST, INRIA Sophia-Antipolis February

487 views • 37 slides
CS 301 Lecture 20 Reductions Stephen Checkoway April 9, 2018 1 / 17 Reductions Reductions

CS 301 Lecture 20 Reductions Stephen Checkoway April 9, 2018 1 / 17 Reductions Reductions

CS 301 Lecture 20 Reductions Stephen Checkoway April 9, 2018 1 / 17 Reductions Reductions are a way of saying, If problem B can be solved, then problem A can as well 2 / 17 Reductions Reductions are a way of saying, If problem B

640 views • 28 slides
How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic

How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic

Department of Informatics Security and Privacy Maximilian Blochberger How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic pitfalls by design Goal Raise awareness of cryptographic misuse Disclaimer

910 views • 29 slides
Chapter 2 Reductions and NP CS 573: Algorithms, Fall 2013 August 29, 2013 2.1 Reductions

Chapter 2 Reductions and NP CS 573: Algorithms, Fall 2013 August 29, 2013 2.1 Reductions

Chapter 2 Reductions and NP CS 573: Algorithms, Fall 2013 August 29, 2013 2.1 Reductions Continued 2.1.1 The Satisfiability Problem (SAT) 2.1.1.1 Propositional Formulas Definition 2.1.1. Consider a set of boolean variables x 1 , x 2 , . . .

355 views • 12 slides
Budget Proposal Personnel/BOCES Personnel Reductions Personnel Reductions Assistant

Budget Proposal Personnel/BOCES Personnel Reductions Personnel Reductions Assistant

2020-2021 Staffing and Budget Proposal Personnel/BOCES Personnel Reductions Personnel Reductions Assistant Superintendent for School Administration Supervisor of Special Programs HS English positions due to retirement BOCES

595 views • 13 slides
Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support.

Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support.

Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support. http://free-electrons.com 1/45 Thomas Petazzoni CTO and Embedded Linux engineer at Free Electrons Embedded Linux development : kernel and

774 views • 45 slides
WCED02, Anchorage, USA WCED02, Anchorage, USA Power Estimation of a C algorithm on a VLIW

WCED02, Anchorage, USA WCED02, Anchorage, USA Power Estimation of a C algorithm on a VLIW

WCED02, Anchorage, USA WCED02, Anchorage, USA Power Estimation of a C algorithm on a VLIW Power Estimation of a C algorithm on a VLIW Processor Processor Nathalie Julien, Eric Senn , Johann Laurent, Eric Martin LESTER, University of

288 views • 17 slides
Americans Opinions on Abor0on January 2019 Pro-Life or Pro-Choice? On the issue of abortion,

Americans Opinions on Abor0on January 2019 Pro-Life or Pro-Choice? On the issue of abortion,

Americans Opinions on Abor0on January 2019 Pro-Life or Pro-Choice? On the issue of abortion, do you Democrat Republican Independent consider yourself pro-life or pro-choice? 20% 70% 38% Pro-Life Adults 75% 25% 55% Pro-Choice 5%

689 views • 10 slides
E v a l u a t i o n R e s e a r c h S c W k 2 4 0

E v a l u a t i o n R e s e a r c h S c W k 2 4 0

E v a l u a t i o n R e s e a r c h S c W k 2 4 0 W e e k 1 4 S l i d e s

338 views • 20 slides
Solar+Storage Microgrids: A New Critical Load Tiering Approach August 11, 2020 HOUSEKEEPING

Solar+Storage Microgrids: A New Critical Load Tiering Approach August 11, 2020 HOUSEKEEPING

Valuing Resilience in Solar+Storage Microgrids: A New Critical Load Tiering Approach August 11, 2020 HOUSEKEEPING Join audio: Choose Mic &amp; Speakers to use VoIP Choose Telephone and dial using the information provided Use the

764 views • 38 slides
The Benefits of Parental/Family Interviews: The Power of Stories Telling Each Story to Save Lives

The Benefits of Parental/Family Interviews: The Power of Stories Telling Each Story to Save Lives

The Benefits of Parental/Family Interviews: The Power of Stories Telling Each Story to Save Lives Nationally KEY FUNDING PARTNER FEDERAL ACKNOWLEDGEMENT The National Center is funded in part by Cooperative Agreement Numbers UG7MC28482 and

774 views • 51 slides
Generalizing G odels Constructible Universe: Ultimate L W. Hugh Woodin Harvard University

Generalizing G odels Constructible Universe: Ultimate L W. Hugh Woodin Harvard University

Generalizing G odels Constructible Universe: Ultimate L W. Hugh Woodin Harvard University IMS Graduate Summer School in Logic June 2018 Ordinals: the transfinite numbers is the smallest ordinal: this is 0. {} is the next

1.01k views • 44 slides
DSRIP, Shared Savings, and the Path towards Value Based Payment New York State Department of

DSRIP, Shared Savings, and the Path towards Value Based Payment New York State Department of

Redesign Medicaid in New York State DSRIP, Shared Savings, and the Path towards Value Based Payment New York State Department of Health New York, New York The DSRIP Challenge Transforming the Delivery System DSRIP is a major effort to

447 views • 21 slides

More recommend