encryption based on card shuffle
play

Encryption based on Card Shuffle Jooyoung Lee Faculty of - PowerPoint PPT Presentation

Aug 04, 2023 •292 likes •594 views

Encryption based on Card Shuffle Jooyoung Lee Faculty of Mathematics and Statistics, Sejong University October 3, 2015 Jooyoung Lee Encryption based on Card Shuffle Block Cipher k n n E u v A block cipher is a function E : { 0 , 1 }

  1. Encryption based on Card Shuffle Jooyoung Lee Faculty of Mathematics and Statistics, Sejong University October 3, 2015 Jooyoung Lee Encryption based on Card Shuffle

  2. Block Cipher k κ n n E u v A block cipher is a function E : { 0 , 1 } κ × { 0 , 1 } n → { 0 , 1 } n such that for all k ∈ { 0 , 1 } κ the mapping E ( k , · ) is a permutation on { 0 , 1 } n . Most block ciphers such as DES and AES operate on 64 ∼ 128 bit blocks Jooyoung Lee Encryption based on Card Shuffle

  3. Security of Encryption Scheme: Indistinguishability E -1 k ( x )/P -1 ( x ) x y E k ( x )/P( x ) An adversary makes a certain number of oracle queries to the black box in two different directions Ideal World: a truly random permutation P Real World: a keyed block cipher E k for a random secret key k The adversarial goal is to tell apart the two worlds If the distinguishing advantage is small, this block cipher is said to be secure Jooyoung Lee Encryption based on Card Shuffle

  4. Encryption of Data of Small Size If we need to encrypt all the credit card numbers in the data base as the ciphertexts of the same format Data size is too small Using AES? A new block cipher? Jooyoung Lee Encryption based on Card Shuffle

  5. Feistel Network L R K 0 ⊕ f Even in the case the round function is perfectly secure (namely, truly random): K 1 ⊕ f the entire permutation is secure only up to n 2 queries for a sufficient number of 2 rounds, where n is the block size K 2 ⊕ f Not suitable if the data size n is too small K 3 ⊕ f S T Jooyoung Lee Encryption based on Card Shuffle

  6. Card Shuffle The final position of a card of a certain position(=plaintext) 1 is viewed as the encryption of the plaintext Card shuffle is a Markov process 2 Mixing time=number of rounds Should be oblivious: one should be able to trace the 3 trajectory of a card without attending to lots of other cards Jooyoung Lee Encryption based on Card Shuffle

  7. Thorp Shuffle 3-bit values represent the positions of the cards The cards at 0 ∗ ∗ and 1 ∗ ∗ are matched They come together, while swapped or not according to the evaluation of a round function at “ ∗ ∗ " This process is a single round of a blockcipher structure Secure up to 2 n / n queries (Crypto 2009) for O ( n 2 ) rounds 000 001 010 011 100 101 110 111 000 001 010 011 100 101 110 111 Jooyoung Lee Encryption based on Card Shuffle

  8. Thorp Shuffle 3-bit values represent the positions of the cards The cards at 0 ∗ ∗ and 1 ∗ ∗ are matched They come together, while swapped or not according to the evaluation of a round function at “ ∗ ∗ " This process is a single round of a blockcipher structure Secure up to 2 n / n queries (Crypto 2009) for O ( n 2 ) rounds 000 001 010 011 100 101 110 111 000 001 010 011 100 101 110 111 Jooyoung Lee Encryption based on Card Shuffle

  9. Swap-or-Not Shuffle (Crypto 2012) A round key K ( � = 0 ) is chosen uniformly at random from { 0 , 1 } 3 The cards at positions x and x ⊕ K are matched They are swapped or not according to the evaluation of a round function at "max { x , x ⊕ K } " Secure up to ( 1 − ǫ ) 2 n queries for any ǫ > 0 for O ( n ) rounds ⊕ K (=011) 000 001 010 011 100 101 110 111 Swap or Not 000 001 010 011 100 101 110 111 Jooyoung Lee Encryption based on Card Shuffle

  10. Another View of the SN Shuffle {0,1} n For each element, a distinct element is chosen uniformly at 1 random. A single pairing might determine all the other pairings. A random permutation is applied to the pair of size two. 2 The random permutations applied to the pairs are all independent. Jooyoung Lee Encryption based on Card Shuffle

  11. New Construction: Partition-and-Mix {0,1} n For each element, D − 1 distinct elements are chosen 1 uniformly at random ( D ≥ 2). A single block might determine all the other blocks. A random permutation is applied to the set of size D . 2 The random permutations applied to the blocks are all independent. Jooyoung Lee Encryption based on Card Shuffle

  12. New Construction: Partition-and-Mix Definition Let N , D ≥ 2 be integers such that D | N , ε > 0 and let B K = { B i K } i = 1 ,..., N D be a keyed partition of [ N ] = { 0 , 1 , . . . , N − 1 } into blocks of size D . Then B K is called ε -almost D -uniform if for any set U of size D Pr [ K ← $ K : U ∈ B K ] ≤ 1 + ε � . � N − 1 D − 1 Remark If a partition of [ N ] into blocks of size D is chosen uniformly at random from the set of all possible partitions, then for any set U of size D 1 Pr [ U ∈ B K ] = � . � N − 1 D − 1 Jooyoung Lee Encryption based on Card Shuffle

  13. Security of the Partition-and-Mix Theorem Let PM r be the r-round partition-and-mix shuffle on [ N ] defined by an ε -almost D-uniform keyed partition. Then r r 4 + 1 4 N 4 ( 1 + ε ) 2 Adv cca PM r ( q ) ≤ 4 − 1 . r r 4 ( N − q ) ( r − 4 ) D Result D The number of rounds is reduced by a factor of log 2 1 + ε for a same level of security. Jooyoung Lee Encryption based on Card Shuffle

  14. Efficient Implementation of the Partition-and-Mix Problem How to implement a (almost) D -uniform random partition for a given D ? Definition A family of permutations on N elements is perfect D -wise independent if it acts uniformly on tuples of D elements. Example A keyed permutation family g such that g K 1 , K 2 ( v ) = K 1 · v + K 2 is perfect 2-wise independent. multiplication and addition are done in GF ( 2 n ) and K 1 is nonzero Jooyoung Lee Encryption based on Card Shuffle

  15. Partition: Using D -wise Independent Permutation Family {0,1} n {0,1} n u Each element u is mapped by g − 1 , where g is (implicitly 1 keyed) D -wise independent permutation. g − 1 ( u ) is contained in a certain block V in a fixed partition 2 of { 0 , 1 } n . U = g ( V ) is defined as a random block containing u . 3 Jooyoung Lee Encryption based on Card Shuffle

  16. Partition: Using D -wise Independent Permutation Family {0,1} n {0,1} n u g -1 ( u ) Each element u is mapped by g − 1 , where g is (implicitly 1 keyed) D -wise independent permutation. g − 1 ( u ) is contained in a certain block V in a fixed partition 2 of { 0 , 1 } n . U = g ( V ) is defined as a random block containing u . 3 Jooyoung Lee Encryption based on Card Shuffle

  17. Partition: Using D -wise Independent Permutation Family {0,1} n {0,1} n u g -1 ( u ) Each element u is mapped by g − 1 , where g is (implicitly 1 keyed) D -wise independent permutation. g − 1 ( u ) is contained in a certain block V in a fixed partition 2 of { 0 , 1 } n . U = g ( V ) is defined as a random block containing u . 3 Jooyoung Lee Encryption based on Card Shuffle

  18. Partition: Using D -wise Independent Permutation Family {0,1} n {0,1} n g u Each element u is mapped by g − 1 , where g is (implicitly 1 keyed) D -wise independent permutation. g − 1 ( u ) is contained in a certain block V in a fixed partition 2 of { 0 , 1 } n . U = g ( V ) is defined as a random block containing u . 3 Jooyoung Lee Encryption based on Card Shuffle

  19. Example: 2-wise Independent Permutation Family Suppse that the fixed partition is V = {{ v , v + 1 } : v ∈ { 0 , 1 } n } A random permutation is defined as g K 1 , K 2 ( v ) = K 1 · v + K 2 Given u ∈ { 0 , 1 } n , g − 1 K 1 , K 2 ( u ) = K − 1 · ( u + K 2 ) 1 Then u is paired with � � � � g − 1 K − 1 g K 1 , K 2 ( u ) + 1 = K 1 · · ( u + K 2 ) + 1 + K 2 = u + K 1 1 Same as used in the swap-or-not shuffle Negative result: no nontrivial subgroups of S n ( n ≥ 25) which are 4-wise independent Jooyoung Lee Encryption based on Card Shuffle

  20. Partition: Using Hamming Codes (3-dimension) K 3 K 1 K 2 For each round, linearly independent round keys K 1 , K 2 , K 3 1 are chosen uniformly at random Set { 0 , 1 } n is decomposed into the cosets of � K 1 , K 2 , K 3 � 2 Two vertices on a diagonal line are randomly chosen for 3 each coset Each coset is again decomposed into two blocks around 4 the vertices Jooyoung Lee Encryption based on Card Shuffle

  21. Partition: Using Hamming Codes (3-dimension) K 3 K 1 K 2 For each round, linearly independent round keys K 1 , K 2 , K 3 1 are chosen uniformly at random Set { 0 , 1 } n is decomposed into the cosets of � K 1 , K 2 , K 3 � 2 Two vertices on a diagonal line are randomly chosen for 3 each coset Each coset is again decomposed into two blocks around 4 the vertices Jooyoung Lee Encryption based on Card Shuffle

  22. Partition: Using Hamming Codes (3-dimension) For each round, linearly independent round keys K 1 , K 2 , K 3 1 are chosen uniformly at random Set { 0 , 1 } n is decomposed into the cosets of � K 1 , K 2 , K 3 � 2 Two vertices on a diagonal line are randomly chosen for 3 each coset Each coset is again decomposed into two blocks around 4 the vertices Jooyoung Lee Encryption based on Card Shuffle

  23. Partition: Using Hamming Codes (3-dimension) For each round, linearly independent round keys K 1 , K 2 , K 3 1 are chosen uniformly at random Set { 0 , 1 } n is decomposed into the cosets of � K 1 , K 2 , K 3 � 2 Two vertices on a diagonal line are randomly chosen for 3 each coset Each coset is again decomposed into two blocks around 4 the vertices Jooyoung Lee Encryption based on Card Shuffle

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

An enciphering scheme based on a card shuffle Ben Morris Mathematics, UC Davis Joint work with

An enciphering scheme based on a card shuffle Ben Morris Mathematics, UC Davis Joint work with

An enciphering scheme based on a card shuffle Ben Morris Mathematics, UC Davis Joint work with Viet Tung Hoang (Computer Science, UC Davis) and Phil Rogaway (Computer Science, UC Davis). Setting Blockcipher construction pseudorandom function

317 views • 27 slides
How to Encipher Messages on a Small Domain Deterministic Encryption and the Thorp Shuffle Ben

How to Encipher Messages on a Small Domain Deterministic Encryption and the Thorp Shuffle Ben

How to Encipher Messages on a Small Domain Deterministic Encryption and the Thorp Shuffle Ben Morris Phil Rogaway Till Stegers University of California, Davis University of California, Davis Dept of Mathematics Dept of Computer

1.01k views • 25 slides
A SHUFFLE ARGUMENT SECURE IN THE GENERIC MODEL Prastudy Fauzi, Helger Lipmaa, Michal Zajac

A SHUFFLE ARGUMENT SECURE IN THE GENERIC MODEL Prastudy Fauzi, Helger Lipmaa, Michal Zajac

A SHUFFLE ARGUMENT SECURE IN THE GENERIC MODEL Prastudy Fauzi, Helger Lipmaa, Michal Zajac University of Tartu, Estonia ASIACRYPT 2016 OUR RESULTS A new efficient CRS-based NIZK shuffle argument OUR RESULTS A new efficient CRS-based

1.4k views • 113 slides
Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

. . . . . . Permutation-based encryption, authentication and authenticated encryption Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint work with DIAC 2012, Stockholm, July 6 Guido Bertoni 1 ,

739 views • 49 slides
Innovations in permutation-based encryption & authentication . based on joint work with

Innovations in permutation-based encryption & authentication . based on joint work with

Innovations in permutation-based encryption & authentication . based on joint work with Fast Software Encryption Conference 2017 1 Joan Daemen 1 , 2 Guido Bertoni 1 , Michal Peeters 1 , Gilles Van Assche 1 and Ronny Van Keer 1 1

855 views • 30 slides
Browser based approach for Smart Card Connectivity My Smart Card My Smart Card Kapil Sachdeva

Browser based approach for Smart Card Connectivity My Smart Card My Smart Card Kapil Sachdeva

Browser based approach for Smart Card Connectivity My Smart Card My Smart Card Kapil Sachdeva expiration: 09/10 Karen Lu Ksheerabdhi Krishna Challenges Installing crypto providers Breaks mobility Breaks ubiquity of web

425 views • 8 slides
Kindergarten Standards-based Report Card May 13, 2019 K-2 Standards-based Report Card

Kindergarten Standards-based Report Card May 13, 2019 K-2 Standards-based Report Card

Kindergarten Standards-based Report Card May 13, 2019 K-2 Standards-based Report Card Historical Overview Pilot Implementation at Bethel Manor Division Implementation Plan 2 Historical Overview 3 Current Elementary Report Card 4

542 views • 18 slides
Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan

Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan

Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan Daemen 1 , Michal Peeters 2 , and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Abstract. While mainstream symmetric cryptography has

519 views • 12 slides
On optimal threshold defender structures of resharing-based oblivious shuffle protocols for

On optimal threshold defender structures of resharing-based oblivious shuffle protocols for

On optimal threshold defender structures of resharing-based oblivious shuffle protocols for secret-shared secure multi-party computations Jan Willemson Cybernetica Trve Theory Days October 7th-9th, 2011 Secret Shared Databases If we

710 views • 16 slides
Eigenvalues of symmetrized shuffling operators Nadia Lafrenire Universit du Qubec

Eigenvalues of symmetrized shuffling operators Nadia Lafrenire Universit du Qubec

Eigenvalues of symmetrized shuffling operators Nadia Lafrenire Universit du Qubec Montral FPSAC 2019 Pick a cardany card! Pick a cardany card! Pick a cardany card! Pick a cardany card! The random-to-random shuffle The

562 views • 30 slides
New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective

New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective

New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques Allison Lewko Brent Waters Roots of Attribute-Based Encryption Moving beyond Public Key Encryption: CEO Manager 1 Manager 2 Bob

341 views • 19 slides
Some applications and protocols Internet Casino Identity-based encryption Commitment

Some applications and protocols Internet Casino Identity-based encryption Commitment

Some applications and protocols Internet Casino Identity-based encryption Commitment Functional encryption Shared coin flips Fully-homomorphic encryption APPLICATIONS AND PROTOCOLS Threshold cryptography Searchable

399 views • 11 slides
A History of Lattice-Based Encryption (in order of increasing efficiency) Vadim Lyubashevsky

A History of Lattice-Based Encryption (in order of increasing efficiency) Vadim Lyubashevsky

A History of Lattice-Based Encryption (in order of increasing efficiency) Vadim Lyubashevsky INRIA / ENS, Paris Lattice-Based Crypto & Applications 1 Bar-Ilan University, Israel 2012 Lattice-Based Encryption Schemes 1. NTRU [Hoffstein,

849 views • 47 slides
Lincoln Public Schools Elementary Standards Based Report Card Standards Based Grading Rational

Lincoln Public Schools Elementary Standards Based Report Card Standards Based Grading Rational

Lincoln Public Schools Elementary Standards Based Report Card Standards Based Grading Rational Meaningful: The Standards Based Report Card focuses on the attainment of state, national, and local standards. The report card provides a framework

246 views • 14 slides
Shuffle Phase Executed only in the case of one or more reducers Transfers data between the

Shuffle Phase Executed only in the case of one or more reducers Transfers data between the

Shuffle Phase Executed only in the case of one or more reducers Transfers data between the mappers and reducers Groups records by their keys to ensure local processing in the reduce phase 01/23/2018 15 Shuffle Phase Map 1 Map 2 Map 3

102 views • 8 slides
PAEQ: Parallelizable Permutation-based Authenticated Encryption Alex Biryukov and Dmitry

PAEQ: Parallelizable Permutation-based Authenticated Encryption Alex Biryukov and Dmitry

PAEQ: Parallelizable Permutation-based Authenticated Encryption Alex Biryukov and Dmitry Khovratovich University of Luxembourg 12 October 2014 Authenticated encryption Simple encryption If you just want to protect confidentiality of your

991 views • 32 slides
Mult ltilinear Maps From Id Ideal Lattic ices Sanjam Garg (IBM) Joint work with Craig Gentry

Mult ltilinear Maps From Id Ideal Lattic ices Sanjam Garg (IBM) Joint work with Craig Gentry

Mult ltilinear Maps From Id Ideal Lattic ices Sanjam Garg (IBM) Joint work with Craig Gentry (IBM) and Shai Halevi (IBM) Outline Bilinear Maps: Recall and Applications Motivating Multilinear maps Our Results Definitions of

694 views • 52 slides
Integrability for the AdS 3 / CFT 2 spectral problem Spectral problem for AdS 3 / CFT 2 : Energy

Integrability for the AdS 3 / CFT 2 spectral problem Spectral problem for AdS 3 / CFT 2 : Energy

Integrability in AdS 3 / CFT 2 Olof Ohlsson Sax Nov 16, 2015 Based on work done together with A. Babichenko, R. Borsato, A. Dekel, T. Lloyd, A. Sfondrini, B. Stefaski and A. Torrielli AdS 3 / CFT 2 AdS 3 backgrounds preserving 16

1.19k views • 103 slides
Analysis of Absorbing Sets Using Cosets and Syndromes IEEE International Symposium on Information

Analysis of Absorbing Sets Using Cosets and Syndromes IEEE International Symposium on Information

Analysis of Absorbing Sets Using Cosets and Syndromes IEEE International Symposium on Information Theory Emily McMillon Allison Beemer Christine A. Kelley University of Nebraska Lincoln University of Wisconsin Eau

697 views • 69 slides
Section 10 Cosets and the Theorem of Lagrange Instructor: Yifan Yang Fall 2006 Instructor:

Section 10 Cosets and the Theorem of Lagrange Instructor: Yifan Yang Fall 2006 Instructor:

Cosets Theorem of Lagrange Section 10 Cosets and the Theorem of Lagrange Instructor: Yifan Yang Fall 2006 Instructor: Yifan Yang Section 10 Cosets and the Theorem of Lagrange Cosets Theorem of Lagrange Outline Cosets 1 Theorem

1.03k views • 92 slides
Introduction Connecting Architecture There is a wealth of re-engineering tools

Introduction Connecting Architecture There is a wealth of re-engineering tools

Introduction Introduction Connecting Architecture There is a wealth of re-engineering tools Reconstruction Frameworks Often, we would like to combine these Differences in tool storage formats and Ivan Bowman, Michael Godfrey, Ric

189 views • 4 slides
Rectangular W-algebras of types so and sp and dual coset CFTs Takahiro Uetoko (Ritsumeikan

Rectangular W-algebras of types so and sp and dual coset CFTs Takahiro Uetoko (Ritsumeikan

Rectangular W-algebras of types so and sp and dual coset CFTs Takahiro Uetoko (Ritsumeikan Univ.) Based on: [arXiv:1906.05872] w/ Thomas Creutzig (Alberta Univ.), Yasuaki Hikida (YITP, Kyoto Univ.) Aug. 22 (2019) @YITP Strings and Fields

614 views • 46 slides
How big is the 1 2 3 4 2 m 1

How big is the 1 2 3 4 2 m 1

Generators of subgroups d G is the maximum of d H over all subgroups H G . n 2 McIver and Neumann showed that d S n for 3 . This

466 views • 4 slides
Cosets of the large N = 4 superconformal algebra and the diagonal coset of sl 2 Andrew Linshaw

Cosets of the large N = 4 superconformal algebra and the diagonal coset of sl 2 Andrew Linshaw

Cosets of the large N = 4 superconformal algebra and the diagonal coset of sl 2 Andrew Linshaw University of Denver Joint work with Thomas Creutzig and Boris Feigin 1. Two-parameter families of vertex algebras Ex : Affine vertex algebra V k ( D

1.42k views • 118 slides

More recommend