cryptography
play

Cryptography Autumn 2018 Tadayoshi (Yoshi) Kohno - PowerPoint PPT Presentation

Apr 08, 2023 •211 likes •412 views

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.Washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli, John Mitchell, Franziska Roesner,

  1. CSE 484 / CSE M 584: Computer Security and Privacy Cryptography Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.Washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli, John Mitchell, Franziska Roesner, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials ...

  2. Admin • Lab 1: – Due Oct 24, 4:30pm (Today!) • TA Office Hours (especially for Lab 1): M 2:30, W 1:30, F 12 • My office hours (especially for crypto, research readings, administrivia, worksheet pick up): M 11:30 10/24/2018 CSE 484 / CSE M 584 2

  3. Challenge Question from Last Time • Alice and Bob are both cryptographers, and they are talking on the phone. They want to randomly flip a coin. If they were together, in person, they would flip a real coin and see if it was Heads or Tails. But they are not together, in person, and they don’t trust each other enough to have one of them flip a coin and tell the other person the answer. • Using the techniques we’ve discussed so far in class, how can Alice and Bob effectively flip a random coin together, over the phone, such that they both trust the answer even though they don’t trust each other? 10/24/2018 CSE 484 / CSE M 584 3

  4. Pick bit bA at C1 = Locked box with bA random Pick bit bB at random C2 = Locked box with bB Info to open first box C1 Now knows bA Info to open second box C2 Now knows bB Both compute random bit at bA xor bB 10/24/2018 CSE 484 / CSE M 584 4

  5. || denotes concatenation Pick bit bA at random Pick RA as long random C1 = H(bA || RA) string Pick bit bB at random Pick RB as C2 = H(bB || RB) long random string Send bA || RA Verify that has of Verify that message Send bB || RB has of equals C1 message equals C2 Both compute random bit at bA xor bB 10/24/2018 CSE 484 / CSE M 584 5

  6. Stepping Back: Flavors of Cryptography • Symmetric cryptography – Both communicating parties have access to a shared random string K, called the key. • Asymmetric cryptography – Each party creates a public key pk and a secret key sk. 10/24/2018 CSE 484 / CSE M 584 6

  7. Symmetric Setting Both communicating parties have access to a shared random string K, called the key. M Encapsulate Decapsulate M K K Alice Bob K K Adversary 10/24/2018 CSE 484 / CSE M 584 7

  8. Asymmetric Setting Each party creates a public key pk and a secret key sk. M Encapsulate Decapsulate M pk B ,sk A pk A ,sk B pk B pk A Alice Bob pk A ,sk A pk B ,sk B Adversary 10/24/2018 CSE 484 / CSE M 584 8

  9. Flavors of Cryptography • Symmetric cryptography – Both communicating parties have access to a shared random string K, called the key. – Challenge: How do you privately share a key? • Asymmetric cryptography – Each party creates a public key pk and a secret key sk. – Challenge: How do you validate a public key? 10/24/2018 CSE 484 / CSE M 584 9

  10. Public Key Crypto: Basic Problem public key ? public key private key Alice Bob Given: Everybody knows Bob ’ s public key Only Bob knows the corresponding private key Goals: 1. Alice wants to send a secret message to Bob 2. Bob wants to authenticate himself 10/24/2018 CSE 484 / CSE M 584 10

  11. Applications of Public Key Crypto • Session key establishment – Exchange messages to create a secret session key – Then switch to symmetric cryptography (why?) • Encryption for confidentiality – Anyone can encrypt a message • With symmetric crypto, must know secret key to encrypt – Only someone who knows private key can decrypt – Key management is simpler (or at least different) • Secret is stored only at one site: good for open environments • Digital signatures for authentication – Can “sign” a message with your private key 10/24/2018 CSE 484 / CSE M 584 11

  12. Session Key Establishment 10/24/2018 CSE 484 / CSE M 584 12

  13. Modular Arithmetic • Given g and prime p, compute: g 1 mod p, g 2 mod p, … g 100 mod p – For p=11, g= 10 • 10 1 mod 11 = 10, 10 2 mod 11 = 1, 10 3 mod 11 = 10, … • Produces cyclic group {10, 1} (order=2) – For p=11, g=7 • 7 1 mod 11 = 7, 7 2 mod 11 = 5, 7 3 mod 11 = 2, … • Produces cyclic group {7,5,2,3,10,4,6,9,8,1} (order = 10) • g=7 is a “generator” of Z 11 * – For p=11, g=3 • 3 1 mod 11 = 3, 3 2 mod 11 = 9, 3 3 mod 11 = 5, … • Produces cyclic group {3,9,5,4,1} (order = 5) 10/24/2018 CSE 484 / CSE M 584 13

  14. Diffie-Hellman Protocol (1976) • Alice and Bob never met and share no secrets • Public info: p and g – p is a large prime, g is a generator of Z p * • Z p *={1, 2 … p -1}; for all a in Z p * there exists i s.t. a=g i mod p • Modular arithmetic: numbers “wrap around” after they reach p Pick secret, random X Pick secret, random Y g x mod p g y mod p Alice Bob Compute k=(g y mod p) x =g xy mod p Compute k=(g x mod p) y =g xy mod p 10/24/2018 CSE 484 / CSE M 584 14

  15. Why is Diffie-Hellman Secure? • Discrete Logarithm (DL) problem: given g x mod p , it’s hard to extract x – There is no known efficient algorithm for doing this – This is not enough for Diffie-Hellman to be secure! • Computational Diffie-Hellman (CDH) problem: given g x mod p and g y mod p , it’s hard to compute g xy mod p – … unless you know x or y, in which case it’s easy • Decisional Diffie-Hellman (DDH) problem: given g x mod p and g y mod p , it’s hard to tell the difference between g xy mod p and g r mod p where r is random 10/24/2018 CSE 484 / CSE M 584 16

  16. Properties of Diffie-Hellman • Assuming DDH problem is hard (depends on choice of parameters!) , Diffie-Hellman protocol is a secure key establishment protocol against passive attackers – Common recommendation: • Choose p=2q+1, where q is also a large prime • Choose g that generates a subgroup of order q in Z_p* – Eavesdropper can’t tell the difference between the established key and a random value – Often hash g xy mod p , and use the hash as the key – Can use the new key for symmetric cryptography • Diffie-Hellman protocol (by itself) does not provide authentication – Party in the middle attack (often called “man in the middle attack”) 10/24/2018 CSE 484 / CSE M 584 17

  17. More on Diffie-Hellman Key Exchange • Important Note: We have discussed discrete logs modulo integers. • Significant advantages in using elliptic curve groups – groups with some similar mathematical properties (i.e., are “groups”) but have better security and performance (size) properties 10/24/2018 CSE 484 / CSE M 584 - Fall 2017 18

  18. Public Key Encryption 10/24/2018 CSE 484 / CSE M 584 19

  19. Requirements for Public Key Encryption • Key generation: computationally easy to generate a pair (public key PK, private key SK) • Encryption: given plaintext M and public key PK, easy to compute ciphertext C=E PK (M) • Decryption: given ciphertext C=E PK (M) and private key SK, easy to compute plaintext M – Infeasible to learn anything about M from C without SK – Trapdoor function: Decrypt(SK,Encrypt(PK,M))=M 10/24/2018 CSE 484 / CSE M 584 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography & http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect

273 views • 24 slides
Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M,

Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M,

Karlstad University Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M, C, E, D, K) M: the set of plaintexts C: the set of ciphertexts E: M x K -> C enciphering functions D: C x K

446 views • 40 slides
Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY Plaintext Cyphertext More definitions block cipher stream cipher hash function shared key public key digital signature

383 views • 16 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 20th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do? Authentication

711 views • 47 slides
Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

453 views • 11 slides
Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

322 views • 11 slides
Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy Authentication Prevention of alteration Lecture 4 Page 1 CS 236 Online Cryptography and Secrecy Pretty obvious Only those knowing the

303 views • 15 slides
Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but

Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but

Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but hard-to-solve problems were discovered. Computational Complexity, by Fu Yuxi Cryptography 1 / 75 Cryptography is closely related to some

785 views • 76 slides
Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information

1.95k views • 154 slides
Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography Symmetric cryptography DES 3DES AES Asymmetric cryptography Diffie-Hellman key exchange 2 Modern cryptography Moving into

338 views • 16 slides
Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is cryptography? Related fields: Cryptography ("secret writing"): Making secret messages Turning plaintext (an ordinary readable message)

1.2k views • 57 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 CCA Security SIM-CCA Security (PKE) Recv Send PK/Enc SK/Dec Replay Filter Secure (and correct) if: s.t. output of is distributed

1.26k views • 101 slides
Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Cryptography Public Key Cryptography Concepts of Public Key Cryptography Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia Prepared by Steven Gordon on 20 Feb 2020, public.tex, r1803 1

421 views • 7 slides
Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography

Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography

Homomorphic Cryptography & Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography Bike lock of Internet Provides many important building blocks for security For example, encryption or

699 views • 31 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security fail?

758 views • 72 slides
Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography

Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography

06-20008 Cryptography The University of Birmingham Autumn Semester 2012 School of Computer Science Eike Ritter 15 November, 2012 Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography Diffie-Hellman Key

207 views • 8 slides
Don Willison, Sc.D. Senior Scientist, Ontario Agency for Health Protection and Promotion

Don Willison, Sc.D. Senior Scientist, Ontario Agency for Health Protection and Promotion

Don Willison, Sc.D. Senior Scientist, Ontario Agency for Health Protection and Promotion Associate Professor, Part time, Clinical Epidemiology & Biostatistics, McMaster University don.willision@oahpp.ca Acknowledgements: Funding

651 views • 31 slides
Informatics DTF Lead Team Meeting June 8, 2018 Serving the CTSA Program through coordination,

Informatics DTF Lead Team Meeting June 8, 2018 Serving the CTSA Program through coordination,

Informatics DTF Lead Team Meeting June 8, 2018 Serving the CTSA Program through coordination, transparent communication, actionable metrics, network analytics and innovative collaboration tools. Registration Link:

498 views • 14 slides
English III: Am erican Literature Nam e:_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

English III: Am erican Literature Nam e:_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

English III: American Lit. Assignment 1 English III: Am erican Literature Nam e:_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Assignm ent 1: Persuasive Essay O BJECTIVE Using a persuasive approach, explore contemporary

246 views • 3 slides
WG Leadership Tutorial IETF 86: Orlando March 10, 2012 Margaret Wasserman

WG Leadership Tutorial IETF 86: Orlando March 10, 2012 Margaret Wasserman

WG Leadership Tutorial IETF 86: Orlando March 10, 2012 Margaret Wasserman mrw@painless-security.com Agenda 1. Introduction 2. Getting a WG started 3. Making WGs work for everyone 4. Steps in the WG process 5. Complex Situations 6.

1.1k views • 55 slides
How to Educate Doctors About Rare Diseases Educating doctors - How hard can it be? Educating

How to Educate Doctors About Rare Diseases Educating doctors - How hard can it be? Educating

How to Educate Doctors About Rare Diseases Educating doctors - How hard can it be? Educating doctors - How hard can it be? Educating doctors - How hard can it be? Reaching Doctors - Online Educating Doctors Key Points 1. Know the community

627 views • 25 slides
Physical Protection of Byproduct Material: Proposed Rule 10 CFR Part 37 October 20, 2010

Physical Protection of Byproduct Material: Proposed Rule 10 CFR Part 37 October 20, 2010

Physical Protection of Byproduct Material: Proposed Rule 10 CFR Part 37 October 20, 2010 Debbie Bray Gilley Advisory Committee on the Medical Uses of Isotopes (ACMUI) Concerns w ith the Physical Protection Proposed Rules Impact on

374 views • 10 slides
trt s s

trt s s

trt s s s tts ts ts rs

578 views • 37 slides
Simple Theories of Dark Matter Clifford Cheung Berkeley Center for Theoretical Physics, UC

Simple Theories of Dark Matter Clifford Cheung Berkeley Center for Theoretical Physics, UC

Simple Theories of Dark Matter Clifford Cheung Berkeley Center for Theoretical Physics, UC Berkeley (Berkeley, CA) Theoretical Physics Group, Lawrence Berkeley National Laboratory (Berkeley, CA) M. Baumgart, C.C., J. Ruderman, L. Wang, I. Yavin

969 views • 37 slides

More recommend