efficient uc secure authenticated key exchange for
play

Efficient UC-Secure Authenticated Key-Exchange for Algebraic - PowerPoint PPT Presentation

Jan 16, 2024 •458 likes •914 views

Efficient UC-Secure Authenticated Key-Exchange for Algebraic Languages PKC 2013 , Fabrice Ben Hamouda Olivier Blazy Cline Chevalier David Pointcheval Damien Vergnaud Horst Grtz Institute for IT Security / Ruhr-University Bochum ENS /

  1. Efficient UC-Secure Authenticated Key-Exchange for Algebraic Languages PKC 2013 , Fabrice Ben Hamouda Olivier Blazy Céline Chevalier David Pointcheval Damien Vergnaud Horst Görtz Institute for IT Security / Ruhr-University Bochum ENS / CNRS / INRIA / Université Panthéon-Assas

  2. 1 Introduction LAKE | Horst Görtz Institute for IT-Security | PKC 2013 2/26

  3. 1 Introduction 2 Building Blocks LAKE | Horst Görtz Institute for IT-Security | PKC 2013 2/26

  4. 1 Introduction 2 Building Blocks 3 Language Authenticated Key Exchange LAKE | Horst Görtz Institute for IT-Security | PKC 2013 2/26

  5. 1 Introduction 2 Building Blocks 3 Language Authenticated Key Exchange 4 Conclusion LAKE | Horst Görtz Institute for IT-Security | PKC 2013 2/26

  6. Outline 1 Introduction 2 Building Blocks 3 Language Authenticated Key Exchange 4 Conclusion

  7. Authenticated Key Exchange Alice Bob − − − − − − − − − − − − − − − → ← − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − → K AB Share a common session key iff everything goes well. LAKE | Horst Görtz Institute for IT-Security | PKC 2013 4/26

  8. Password Authenticated Key Exchange [BM92] Alice Bob − − − − − − − − − − − − − − − → ← − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − → pw A pw B Share a common session key iff they possess the same password. LAKE | Horst Görtz Institute for IT-Security | PKC 2013 5/26

  9. Secret Handshakes [BDSS03] Alice Bob − − − − − − − − − − − − − − − → ← − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − → σ A σ B Share a common session key iff their signatures fit. LAKE | Horst Görtz Institute for IT-Security | PKC 2013 6/26

  10. Credential Authenticated Key Exchange [CCGS10] Alice Bob − − − − − − − − − − − − − − − → ← − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − → Cred ( A ) Cred ( B ) Share a common session key iff they possess the required credentials. LAKE | Horst Görtz Institute for IT-Security | PKC 2013 7/26

  11. Language Authenticated Key Exchange Alice Bob − − − − − − − − − − − − − − − → ← − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − → w A w B Share a common session key iff their (words/languages) fit. LAKE | Horst Görtz Institute for IT-Security | PKC 2013 8/26

  12. Outline 1 Introduction 2 Building Blocks Cramer Shoup Encryption Revisited Smooth Projective Hash Functions and their language Manageable Languages 3 Language Authenticated Key Exchange 4 Conclusion

  13. Cramer Shoup Encryption Definition [CS02] § Setup ( 1 λ ) : Generates a multiplicative group ( p , G , g 1 , g 2 ) . $ ← Z 6 § EKeyGen E ( param ) : dk = ( µ 1 , 2 , ν 1 , 2 , η 1 , 2 ) p , pk = ( c = g µ 1 1 g µ 2 2 , h = g η 1 1 g η 2 2 , d = g ν 1 1 g ν 2 2 ) . $ § Encrypt ( pk , M ; α ) : For M , and α ← Z p , defines C = CS ( M ; α ) as � u = ( g α 1 , g α 2 ) , e = Mh α , v = ( cd ξ ) α � . ξ = Hash ( u , e ) § Decrypt ( dk = ( µ, ν, η ) , C = ( u , e , v )) : If v = � u µ i + ξν i , then M = e · � u − η i . i i IND-CCA under DDH LAKE | Horst Görtz Institute for IT-Security | PKC 2013 10/26

  14. Double Cramer Shoup Encryption Definition § Setup ( 1 λ ) : Generates a multiplicative group ( p , G , g 1 , g 2 ) . § EKeyGen E ( param ) : dk $ ← Z 6 p , pk. § Encrypt 1 ( pk , M ; α ) : C = CS ( M ; α ) . ← Z p , defines C ′ = CS ′ ( N , ξ ; α ) $ § Encrypt 2 ( pk , N , ξ ; α ′ ) : For N , and α as u ′ = ( g α ′ 2 ) , e ′ = Mh α ′ , v ′ = ( cd ξ ) α ′ � 1 , g α ′ � . § Decrypt ( dk = ( µ, ν, η ) , C = ( u , e , v ) , C ′ ) : If v = � u µ i + ξν i , then M = e · � u − η i . i i If v ′ = � u ′ µ i + ξν i , then N = e ′ · � u ′ − η i . i i IND-PD-CCA under DDH (IND-CCA on CS, IND-CPA on CS’) LAKE | Horst Görtz Institute for IT-Security | PKC 2013 11/26

  15. Multi Double Cramer Shoup Encryption Definition § Setup ( 1 λ ) : Generates a multiplicative group ( p , G , g 1 , g 2 ) . § EKeyGen E ( param ) : dk $ ← Z 6 p , pk. § Encrypt 1 ( pk , M ; α ) : C = CS ( M ; α ) , where ξ = Hash ( u , e ) . § Encrypt 2 ( pk , N , ξ ; α ′ ) : C ′ = CS ′ ( N , ξ ; α ′ ) . § Decrypt ( dk = ( µ, ν, η ) , C , C ′ ) : If v = � u i µ i + ξν i , then M = e · � u i − η i . If v ′ = � u ′ µ i + ξν i , then N = e ′ · � u ′ − η i . i i IND-PD-CCA under DDH. LAKE | Horst Görtz Institute for IT-Security | PKC 2013 12/26

  16. Smooth Projective Hash Functions Definition [CS02,GL03] Let { H } be a family of functions: § X , domain of these functions § L , subset (a language) of this domain such that, for any point x in L , H ( x ) can be computed by using § either a secret hashing key hk: H ( x ) = Hash L ( hk ; x ) ; § or a public projected key hp: H ′ ( x ) = ProjHash L ( hp ; x , w ) Public mapping hk �→ hp = ProjKG L ( hk , x ) LAKE | Horst Görtz Institute for IT-Security | PKC 2013 13/26

  17. Properties For any x ∈ X , H ( x ) = Hash L ( hk ; x ) For any x ∈ L , H ( x ) = ProjHash L ( hp ; x , w ) w witness that x ∈ L LAKE | Horst Görtz Institute for IT-Security | PKC 2013 14/26

  18. Properties For any x ∈ X , H ( x ) = Hash L ( hk ; x ) For any x ∈ L , H ( x ) = ProjHash L ( hp ; x , w ) w witness that x ∈ L Smoothness For any x �∈ L , H ( x ) and hp are independent LAKE | Horst Görtz Institute for IT-Security | PKC 2013 14/26

  19. Properties For any x ∈ X , H ( x ) = Hash L ( hk ; x ) For any x ∈ L , H ( x ) = ProjHash L ( hp ; x , w ) w witness that x ∈ L Smoothness For any x �∈ L , H ( x ) and hp are independent Pseudo-Randomness For any x ∈ L , H ( x ) is pseudo-random, without a witness w LAKE | Horst Görtz Institute for IT-Security | PKC 2013 14/26

  20. Properties For any x ∈ X , H ( x ) = Hash L ( hk ; x ) For any x ∈ L , H ( x ) = ProjHash L ( hp ; x , w ) w witness that x ∈ L Smoothness For any x �∈ L , H ( x ) and hp are independent Pseudo-Randomness For any x ∈ L , H ( x ) is pseudo-random, without a witness w The latter property requires L to be a hard-partitioned subset of X : Hard-Partitioned Subset L is a hard-partitioned subset of X if it is computationally hard to distinguish a random element in L from a random element in X \ L LAKE | Horst Görtz Institute for IT-Security | PKC 2013 14/26

  21. Straightforward Languages § Diffie Hellman / Linear Tuple ( g , h , G = g a , H = h a ) Valid Diffie Hellman tuple? hp a = G κ H λ hp : g κ h λ Oblivious Transfer, Implicit Opening of a ciphertext LAKE | Horst Görtz Institute for IT-Security | PKC 2013 15/26

  22. Straightforward Languages § Diffie Hellman / Linear Tuple ( g , h , G = g a , H = h a ) Valid Diffie Hellman tuple? hp a = G κ H λ hp : g κ h λ Oblivious Transfer, Implicit Opening of a ciphertext ( U = u a , V = v b , W = g a + b ) Valid Linear tuple? hp : u κ g λ , v µ g λ hp a 1 hp b 2 = U κ V µ W λ LAKE | Horst Görtz Institute for IT-Security | PKC 2013 15/26

  23. Straightforward Languages § Diffie Hellman / Linear Tuple § Conjunction / Disjunction L 1 ∩ L 2 Simultaneous verification H ′ 1 · H ′ hp : hp 1 , hp 2 2 = H 1 · H 2 ∧ A i LAKE | Horst Görtz Institute for IT-Security | PKC 2013 15/26

  24. Straightforward Languages § Diffie Hellman / Linear Tuple § Conjunction / Disjunction L 1 ∪ L 2 One out of 2 conditions H ′ = L 1 ? hp w 1 : hp w 2 2 · hp ∆ = X hk 1 hp = hp 1 , hp 2 , hp ∆ 1 1 Is it a bit? LAKE | Horst Görtz Institute for IT-Security | PKC 2013 15/26

  25. Advanced Languages § (Linear) Cramer-Shoup Encryption ( u 1 = g r 1 , u 2 = g r 2 , e = h r M , v = ( cd ξ ) r ) Verifiability of the CS hp r = u κ 1 g µ 1 u µ hp : g κ 2 ( cd ξ ) η h λ 2 v η ( e / M ) λ Implicit Opening of a ciphertext, verifiability of a ciphertext, PAKE LAKE | Horst Görtz Institute for IT-Security | PKC 2013 16/26

  26. Advanced Languages § (Linear) Cramer-Shoup Encryption ( u 1 = g r 1 , u 2 = g r 2 , e = h r M , v = ( cd ξ ) r ) Verifiability of the CS hp r = u κ 1 g µ 1 u µ hp : g κ 2 ( cd ξ ) η h λ 2 v η ( e / M ) λ Implicit Opening of a ciphertext, verifiability of a ciphertext, PAKE 2 , g r + s 2 M , ( c 1 d ξ 1 ) r ( c 2 d ξ ( g r 1 , g s , h r 1 h s 2 ) s ) Verifiability of the LCS 3 3 ( c 1 d ξ 1 ) η h λ , g µ 3 ( c 2 d ξ 1 u µ hp : g κ 1 g θ 2 g θ 2 ) η h λ hp r 1 hp s 2 = u κ 2 u θ 3 v η ( e / M ) λ LAKE | Horst Görtz Institute for IT-Security | PKC 2013 16/26

  27. Advanced Languages § (Linear) Cramer-Shoup Encryption § Commitment of a commitment ( U = u a , V = v s , G = h s g a ) ELin hp : u η g λ , v θ h λ hp a 1 hp s 2 = U η V θ G λ LAKE | Horst Görtz Institute for IT-Security | PKC 2013 16/26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Strongly Secure One-Round Group Authenticated Key Exchange in the Standard Model Yong Li, Zheng

Strongly Secure One-Round Group Authenticated Key Exchange in the Standard Model Yong Li, Zheng

Strongly Secure One-Round GAKE Strongly Secure One-Round Group Authenticated Key Exchange in the Standard Model Yong Li, Zheng Yang Ruhr-University Bochum CANS 2013 1 / 40 Introduction, Motivation and Contributions GAKE Security Model

515 views • 50 slides
CS 4803 Computer and Network Security Alexandra (Sasha) Boldyreva Authenticated key exchange 1

CS 4803 Computer and Network Security Alexandra (Sasha) Boldyreva Authenticated key exchange 1

Diffie-Hellman key exchange Secure against passive eavesdropping but insecure against a man-in-the-middle attack CS 4803 Computer and Network Security Alexandra (Sasha) Boldyreva Authenticated key exchange 1 2 Adding key

492 views • 5 slides
Practical and Tightly-Secure Digital Signatures and Authenticated Key Exchange Kristian Gjsteen

Practical and Tightly-Secure Digital Signatures and Authenticated Key Exchange Kristian Gjsteen

Practical and Tightly-Secure Digital Signatures and Authenticated Key Exchange Kristian Gjsteen 1 Tibor Jager 2 NTNU - Norwegian University of Science and Technology, Trondheim, Norway, kristian.gjosteen@ntnu.no Paderborn University, Paderborn,

360 views • 34 slides
Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1

Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1

PAKE Game-based Security Universal Composability LAKE Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1 David Pointcheval Ecole Normale Sup erieure Game-based Security 2 Universal

927 views • 10 slides
Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data

Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data

Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data Weichao Wang, Zhiwei Li, Rodney Owens, Bharat Bhargava CCSW 2009: The ACM Cloud Computing Security Workshop 1 The Problem Providing secure and

414 views • 19 slides
Ouroboros: a simple, secure and efficient key exchange protocol based on coding theory

Ouroboros: a simple, secure and efficient key exchange protocol based on coding theory

Ouroboros: a simple, secure and efficient key exchange protocol based on coding theory Jean-Christophe Deneuville < jean-christophe.deneuville@xlim.fr > June the 26 th , 2017 PQCrypto 17 Utrecht Joint work with: P. Gaborit G. Z

1.54k views • 84 slides
PURPOSE Mission - to support, promote, and encourage the exchange of secure and reliable

PURPOSE Mission - to support, promote, and encourage the exchange of secure and reliable

PURPOSE Mission - to support, promote, and encourage the exchange of secure and reliable health information among stakeholders and regional networks Vision to develop a framework for the efficient exchange of patient-centric health

478 views • 21 slides
Secure Information Exchange for Secure Information Exchange for Omniscience Omniscience Chung

Secure Information Exchange for Secure Information Exchange for Omniscience Omniscience Chung

Secure Information Exchange for Secure Information Exchange for Omniscience Omniscience Chung Chan (CityU) Joint work with Navin Kashyap (IISc), Praneeth Kumar Vippathalla, (IISc) and Qiaoqiao Zhou (CUHK) Audio slides:

443 views • 17 slides
Authenticated Key Exchange from Ring Learning with Errors Jiang Zhang Zhenfeng Zhang Jintai

Authenticated Key Exchange from Ring Learning with Errors Jiang Zhang Zhenfeng Zhang Jintai

Learning with Errors Classic Key Exchange Lattice-based Key Exchange Authenticated Key Exchange from Ring Learning with Errors Jiang Zhang Zhenfeng Zhang Jintai Ding Michael Snook zgr Dagdelen DIMACS Workshop on the Mathematics of

339 views • 33 slides
A Scalable Password-based Group Key Exchange Protocol in the Standard Model David Pointcheval

A Scalable Password-based Group Key Exchange Protocol in the Standard Model David Pointcheval

A Scalable Password-based Group Key Exchange Protocol in the Standard Model David Pointcheval cole normale suprieure & CNRS Joint work with: Michel Abdalla Authenticated Key Exchange (AKE) Goal: Secure channel Allows two parties

283 views • 12 slides
Privacy-Preserving Authenticated Key Exchange and the Case of IKEv2 Sven Schge, Jrg Schwenk,

Privacy-Preserving Authenticated Key Exchange and the Case of IKEv2 Sven Schge, Jrg Schwenk,

Privacy-Preserving Authenticated Key Exchange and the Case of IKEv2 Sven Schge, Jrg Schwenk, Sebastian Lauer Ruhr-University Bochum Classical Key Exchange Setting m1 Bob Alice m2 skA skB pkB pkA mq-1 mq derive K derive K 2

185 views • 18 slides
Real-World Authenticated Key Exchange Tibor Jager Paderborn University Summer School on

Real-World Authenticated Key Exchange Tibor Jager Paderborn University Summer School on

Real-World Authenticated Key Exchange Tibor Jager Paderborn University Summer School on Real-World Crypto and Privacy ibenik, Croatia June 17 th , 2019 Outline Security of the Diffie-Hellman Key Exchange Man-in-the-Middle attacks

1.09k views • 85 slides
Beetle Family of Lightweight and Secure Authenticated Encryption Ciphers Avik Chakraborti 1 ,

Beetle Family of Lightweight and Secure Authenticated Encryption Ciphers Avik Chakraborti 1 ,

Introduction Motivation Specification for Beetle Hardware Implementation Results of Beetle Conclusions Beetle Family of Lightweight and Secure Authenticated Encryption Ciphers Avik Chakraborti 1 , Nilanjan Datta 2 , Mridul Nandi 3 and Kan

614 views • 32 slides
Authenticated Encryption in SSH Kenny Paterson Information Security Group @kennyog;

Authenticated Encryption in SSH Kenny Paterson Information Security Group @kennyog;

Authenticated Encryption in SSH Kenny Paterson Information Security Group @kennyog; www.isg.rhul.ac.uk/~kp Overview (both lectures) Secure channels and their properties AEAD (revision) AEAD secure channel the [APW09] attack

1.63k views • 72 slides
Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message

Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message

Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message Transmission Schemes Yvo Desmedt 1 , 2 Stelios Erotokritou 1 Reihaneh Safavi-Naini 3 1 Department of Computer Science University College London, UK 2

459 views • 33 slides
Hash Proof Systems and Password Protocols II Password-Authenticated Key Exchange David

Hash Proof Systems and Password Protocols II Password-Authenticated Key Exchange David

Hash Proof Systems and Password Protocols II Password-Authenticated Key Exchange David Pointcheval CNRS, Ecole normale sup erieure/PSL & INRIA 8th BIU Winter School Key Exchange February 2018 CNRS/ENS/PSL/INRIA David

319 views • 14 slides
Vision Improve the Health Statement: A and Quality of Life Trusted Leader of the

Vision Improve the Health Statement: A and Quality of Life Trusted Leader of the

Healthcare Purchasing Alliance LLC. In Partnership with Orlando Health Inc. Mission : To Vision Improve the Health Statement: A and Quality of Life Trusted Leader of the Individuals Inspiring Hope and Communities through the we

307 views • 6 slides
Impact of recent physics changes on IFS Impact of recent physics changes on IFS forecast

Impact of recent physics changes on IFS Impact of recent physics changes on IFS forecast

Impact of recent physics changes on IFS Impact of recent physics changes on IFS forecast performance forecast performance CY25R3 Y25R3 The recent physics changes concerne: Change in convective trigger (see former presentations)

497 views • 21 slides
Introducing the Cray XMT Petr Konecny November 29 th 2007 Agenda Shared memory programming

Introducing the Cray XMT Petr Konecny November 29 th 2007 Agenda Shared memory programming

Introducing the Cray XMT Petr Konecny November 29 th 2007 Agenda Shared memory programming model Benefits/challenges/solutions Origins of the Cray XMT Cray XMT system architecture Cray XT infrastructure Cray Threadstorm

633 views • 20 slides
Pyrrolidine analogs of arylceramide HPA-12 22nd International Electronic Conference on

Pyrrolidine analogs of arylceramide HPA-12 22nd International Electronic Conference on

SLOVAK UNIVERSITY OF TECHNOLOGY IN BRATISLAVA FACULTY OF CHEMICAL AND FOOD TECHNOLOGY Pyrrolidine analogs of arylceramide HPA-12 22nd International Electronic Conference on Synthetic Organic Chemistry Corresponding author: Marin Zeman

715 views • 26 slides
Data Assimilation: Finding the Initial Conditions in Large Dynamical Systems Eric Kostelich

Data Assimilation: Finding the Initial Conditions in Large Dynamical Systems Eric Kostelich

Data Assimilation: Finding the Initial Conditions in Large Dynamical Systems Eric Kostelich Data Mining Seminar, Feb. 6, 2006 kostelich@asu.edu Co-Workers Istvan Szunyogh, Gyorgyi Gyarmati, Ed Ott, Brian Hunt, Eugenia Kalnay, D. J. Patil,

506 views • 34 slides
Ensemble sensitivity and sampling error correction evaluated using a convective-scale 1000 member

Ensemble sensitivity and sampling error correction evaluated using a convective-scale 1000 member

Ensemble sensitivity and sampling error correction evaluated using a convective-scale 1000 member ensemble Tobias Necker (LMU) M. Weissmann (LMU, DWD), S. Geiss (LMU), T. Miyoshi (RIKEN), J. Ruiz (CIMA), G.-Y. Lien (TCBW) and J. Anderson (NCAR)

610 views • 16 slides
Oregon APAC- Leveraging Race & Ethnicity Data From Other State Data Sources 2020 NAHDO

Oregon APAC- Leveraging Race & Ethnicity Data From Other State Data Sources 2020 NAHDO

Oregon APAC- Leveraging Race & Ethnicity Data From Other State Data Sources 2020 NAHDO Conference Presentation 8/26/20 Mary Ann Evans, MS, MPH, PhD Analyst, Oregon Health Authority, Health Analytics Collaboration & Acknowledgement

511 views • 18 slides
Hash Proof Systems and Password Protocols III SPHF-based PAKE David Pointcheval CNRS, Ecole

Hash Proof Systems and Password Protocols III SPHF-based PAKE David Pointcheval CNRS, Ecole

Hash Proof Systems and Password Protocols III SPHF-based PAKE David Pointcheval CNRS, Ecole normale sup erieure/PSL & INRIA 8th BIU Winter School Key Exchange February 2018 CNRS/ENS/PSL/INRIA David Pointcheval 1/53 Intuition

475 views • 18 slides

More recommend