Cryptography Mohammad Mahmoody Last time Secrecy based on - - PowerPoint PPT Presentation

cryptography
SMART_READER_LITE
LIVE PREVIEW

Cryptography Mohammad Mahmoody Last time Secrecy based on - - PowerPoint PPT Presentation

Dec 30, 2023 334 likes •502 views

Special Topics in Cryptography Mohammad Mahmoody Last time Secrecy based on (unproven) computational assumptions Pseudorandom generators How to encrypt longer messages in an ind-secure way using a PRG Today How to make PRGs

slide-1
SLIDE 1

Special Topics in Cryptography

Mohammad Mahmoody

slide-2
SLIDE 2

Last time

  • Secrecy based on (unproven) computational assumptions
  • Pseudorandom generators
  • How to encrypt longer messages in an ind-secure way using a PRG
  • How to make PRGs stretch more
  • How to use Cryptographic Hash Functions to get PRGs
  • Chosen plain-text security
  • Pseudorandom generators (functions) -> CPA secure encryption

Today

slide-3
SLIDE 3

Recall: using PRGs to encrypt longer messages

  • Key 𝑙 of length 𝑜
  • Message 𝑛 of length 2𝑜
  • A PRG 𝑕: 0,1 𝑜 → 0,1 2𝑜
  • Enc 𝑙, 𝑛 = 𝑕 𝑙 ⊕ 𝑛
  • Dec 𝑙, 𝑑 = 𝑑 ⊕ 𝑕(𝑙)
slide-4
SLIDE 4

How to make PRGs stretch the output more?

slide-5
SLIDE 5

Continuing Proof of security

slide-6
SLIDE 6

Two main questions:

  • 1. How to get PRGs?
  • 2. Is “indistinguishability-based security” enough in practice?

a) How to define stronger security notions? b) How to achieve them again using PRGs!

slide-7
SLIDE 7

Cryptographic Hash Functions

  • Two general ways to talk about Hash functions:

1. ℎ ∶ 0,1 ∗ → 0,1 𝑒 for a constant 𝑒 2. ℎ ∶ 0,1 𝑑 → 0,1 𝑒 for constants 𝑒, 𝑑

  • The output is called the “message digest”
  • SHA1: 160-bit digest
  • SHA2: 224, 256, 384 or 512 bits
  • SHA3: digest size: arbitrary

Key insight: a “secure” hash shall be unpredictable as it could be (practically like a random function) In particular, it should be pseudorandom!

  • http://www.sha1-online.com/
  • https://emn178.github.io/online-tools/sha3_512.html
slide-8
SLIDE 8
slide-9
SLIDE 9

Less Practical, but More Robust Constructions

  • PRGs based on “one way functions”
slide-10
SLIDE 10

Two main questions:

  • 1. How to get PRGs?
  • 2. Is “indistinguishability-based security” enough in practice?

a) How to define stronger security notions? b) How to achieve them again using PRGs (or something similar!)

slide-11
SLIDE 11

What is wrong with Ind-based definition tailored to *one message* security games?

slide-12
SLIDE 12

Necessity for *Randomized* Encryption

slide-13
SLIDE 13
slide-14
SLIDE 14

Security against Chosen Plaintext Attacks (CPA Security)

slide-15
SLIDE 15

Chosen Plaintext Security

slide-16
SLIDE 16

Next time

  • 1. How to get PRGs?
  • 2. Is “indistinguishability-based security” enough in practice?

a) How to define stronger security notions? b) How to achieve CPA security using PRGs (or something similar!)