enter the threshold
play

Enter the Threshold The NIST Threshold Cryptography Project - PowerPoint PPT Presentation

Dec 02, 2022 •388 likes •1.21k views

Enter the Threshold The NIST Threshold Cryptography Project National Institute of Standards and Technology NIST Threshold Cryptography Workshop 2019 (#NTCW2019) March 11, 2019 @ NIST campus, Gaithersburg MD, USA Contact email:

  1. Enter the Threshold The NIST Threshold Cryptography Project National Institute of Standards and Technology NIST Threshold Cryptography Workshop 2019 (#NTCW2019) March 11, 2019 @ NIST campus, Gaithersburg MD, USA Contact email: threshold-crypto@nist.gov 1/16

  2. Outline 1. Intro 2. NISTIR (report) 3. NTCW (workshop) 2/16

  3. Should we share a secret? openclipart.org/detail/76603 3/16

  4. Should we share a secret? “ Three may keep a secret ” (In: “Poor Richard’s Almanack.” Benjamin Franklin, 1735) [Sau34] “ Two may keep counsel ” (In: “Romeo and Juliet.” William Shakespeare, 1597) [Sha97] “ For three may kepe counseil ” (In: The Ten Commandments of Love . Geoffrey Chaucer, 1340–1400) [Cha00] openclipart.org/detail/76603 3/16

  5. Should we share a secret? “ Three may keep a secret, if two of them are dead. ” (In: “Poor Richard’s Almanack.” Benjamin Franklin, 1735) [Sau34] “ Two may keep counsel, putting one away. ” (In: “Romeo and Juliet.” William Shakespeare, 1597) [Sha97] “ For three may kepe counseil if twain be away! ” (In: The Ten Commandments of Love . Geoffrey Chaucer, 1340–1400) [Cha00] openclipart.org/detail/76603 3/16

  6. Should we share a secret? Proverbial wisdom tells us to be careful “ Three may keep a secret, if two of them are dead. ” (In: “Poor Richard’s Almanack.” Benjamin Franklin, 1735) [Sau34] ∗ /mw02322/Benjamin-Franklin.jpg “ Two may keep counsel, putting one away. ” (In: “Romeo and Juliet.” William Shakespeare, 1597) [Sha97] ∗ /mw11574/William-Shakespeare.jpg “ For three may kepe counseil if twain be away! ” (In: The Ten Commandments of Love . Geoffrey Chaucer, 1340–1400) [Cha00] openclipart.org/detail/76603 ∗ /mw01262/Geoffrey-Chaucer.jpg ∗ = https://collectionimages.npg.org.uk/large/ 3/16

  7. Should we share a secret? Proverbial wisdom tells us to be careful “ Three may keep a secret, if two of them are dead. ” (In: “Poor Richard’s Almanack.” Benjamin Franklin, 1735) [Sau34] ∗ /mw02322/Benjamin-Franklin.jpg “ Two may keep counsel, putting one away. ” (In: “Romeo and Juliet.” William Shakespeare, 1597) [Sha97] ∗ /mw11574/William-Shakespeare.jpg “ For three may kepe counseil if twain be away! ” (In: The Ten Commandments of Love . Geoffrey Chaucer, 1340–1400) [Cha00] openclipart.org/detail/76603 ∗ /mw01262/Geoffrey-Chaucer.jpg ∗ = https://collectionimages.npg.org.uk/large/ Is this relevant today, for modern cryptography? 3/16

  8. Should we share a secret? Proverbial wisdom tells us to be careful “ Three may keep a secret, if two of them are dead. ” (In: “Poor Richard’s Almanack.” Benjamin Franklin, 1735) [Sau34] ∗ /mw02322/Benjamin-Franklin.jpg “ Two may keep counsel, putting one away. ” (In: “Romeo and Juliet.” William Shakespeare, 1597) [Sha97] ∗ /mw11574/William-Shakespeare.jpg “ For three may kepe counseil if twain be away! ” (In: The Ten Commandments of Love . Geoffrey Chaucer, 1340–1400) [Cha00] openclipart.org/detail/76603 ∗ /mw01262/Geoffrey-Chaucer.jpg ∗ = https://collectionimages.npg.org.uk/large/ Is this relevant today, for modern cryptography? Yes! crypto key openclipart.org/detail/101407 3/16

  9. Should we share a secret? Proverbial wisdom tells us to be careful “ Three may keep a secret, if two of them are dead. ” (In: “Poor Richard’s Almanack.” Benjamin Franklin, 1735) [Sau34] ∗ /mw02322/Benjamin-Franklin.jpg “ Two may keep counsel, putting one away. ” (In: “Romeo and Juliet.” William Shakespeare, 1597) [Sha97] ∗ /mw11574/William-Shakespeare.jpg “ For three may kepe counseil if twain be away! ” (In: The Ten Commandments of Love . Geoffrey Chaucer, 1340–1400) [Cha00] openclipart.org/detail/76603 ∗ /mw01262/Geoffrey-Chaucer.jpg ∗ = https://collectionimages.npg.org.uk/large/ Is this relevant today, for modern cryptography? Yes! Cryptography relies on: ◮ secrecy, correctness, availability ... of cryptographic keys crypto key ◮ implementations that use keys in an algorithm openclipart.org/detail/101407 3/16

  10. Should we share a secret? Proverbial wisdom tells us to be careful “ Three may keep a secret, if two of them are dead. ” (In: “Poor Richard’s Almanack.” Benjamin Franklin, 1735) [Sau34] ∗ /mw02322/Benjamin-Franklin.jpg “ Two may keep counsel, putting one away. ” (In: “Romeo and Juliet.” William Shakespeare, 1597) [Sha97] ∗ /mw11574/William-Shakespeare.jpg “ For three may kepe counseil if twain be away! ” (In: The Ten Commandments of Love . Geoffrey Chaucer, 1340–1400) [Cha00] openclipart.org/detail/76603 ∗ /mw01262/Geoffrey-Chaucer.jpg ∗ = https://collectionimages.npg.org.uk/large/ Is this relevant today, for modern cryptography? Yes! Cryptography relies on: ◮ secrecy, correctness, availability ... of cryptographic keys crypto key ◮ implementations that use keys in an algorithm openclipart.org/detail/101407 3/16

  11. Crypto is affected by implementation vulnerabilities! 4/16

  12. Crypto is affected by implementation vulnerabilities! Attacks can exploit differences between ideal vs. real implementations 4/16

  13. Crypto is affected by implementation vulnerabilities! Attacks can exploit differences between ideal vs. real implementations “Bellcore Cold-boot Heartbleed “ZigBee Chain Meltdown & Foreshadow attack” (1997) attacks (2009) bug (2014) reaction” (2017) Spectre (2017) (2018) [BDL97] [HSH + 09] [DLK + 14] [RSWO17] [LSG + 18, KGG + 18] [BMW + 18, WBM + 18] [SH07] [Don13] heartbleed.com [RSWO17] meltdownattack.com foreshadowattack.eu 4/16

  14. Crypto is affected by implementation vulnerabilities! Attacks can exploit differences between ideal vs. real implementations “Bellcore Cold-boot Heartbleed “ZigBee Chain Meltdown & Foreshadow attack” (1997) attacks (2009) bug (2014) reaction” (2017) Spectre (2017) (2018) [BDL97] [HSH + 09] [DLK + 14] [RSWO17] [LSG + 18, KGG + 18] [BMW + 18, WBM + 18] [SH07] [Don13] heartbleed.com [RSWO17] meltdownattack.com foreshadowattack.eu Also, operators of cryptographic implementations can go rogue 4/16

  15. Crypto is affected by implementation vulnerabilities! Attacks can exploit differences between ideal vs. real implementations “Bellcore Cold-boot Heartbleed “ZigBee Chain Meltdown & Foreshadow attack” (1997) attacks (2009) bug (2014) reaction” (2017) Spectre (2017) (2018) [BDL97] [HSH + 09] [DLK + 14] [RSWO17] [LSG + 18, KGG + 18] [BMW + 18, WBM + 18] [SH07] [Don13] heartbleed.com [RSWO17] meltdownattack.com foreshadowattack.eu Also, operators of cryptographic implementations can go rogue How can we oppose single-points of failure? *question-2.html *4296.html *colored-elephant.html * = clker.com/clipart- 4/16

  16. The threshold approach 5/16

  17. The threshold approach At high-level: use redundancy & diversity to mitigate the compromise of up to a threshold number ( f -out-of- n ) of components The red dancing devil is from clker.com/clipart-13643.html 5/16

  18. The threshold approach At high-level: use redundancy & diversity to mitigate the compromise of up to a threshold number ( f -out-of- n ) of components The red dancing devil is from clker.com/clipart-13643.html NIST-CSD wants to standardize threshold schemes for cryptographic primitives 5/16

  19. The threshold approach At high-level: use redundancy & diversity to mitigate the compromise of up to a threshold number ( f -out-of- n ) of components The red dancing devil is from clker.com/clipart-13643.html NIST-CSD wants to standardize threshold schemes for cryptographic primitives Potential primitives: key-generation, signing, decryption, enciphering, RNGen, ... 5/16

  20. The threshold approach At high-level: use redundancy & diversity to mitigate the compromise of up to a threshold number ( f -out-of- n ) of components The red dancing devil is from clker.com/clipart-13643.html NIST-CSD wants to standardize threshold schemes for cryptographic primitives Potential primitives: key-generation, signing, decryption, enciphering, RNGen, ... ◮ secret keys never in one place; ◮ operation withstands several compromised components; ◮ resistance against side-channel attacks ◮ ... 5/16

  21. The NIST Threshold Cryptography Project 6/16

  22. The NIST Threshold Cryptography Project ◮ Project within the NIST Computer Security Division (CSD) https://csrc.nist.gov/Projects/Threshold-Cryptography 6/16

  23. The NIST Threshold Cryptography Project ◮ Project within the NIST Computer Security Division (CSD) https://csrc.nist.gov/Projects/Threshold-Cryptography ◮ To drive an open and transparent process towards standardization of threshold schemes for cryptographic primitives . (See NISTIR 7977 [Gro16]) 6/16

  24. The NIST Threshold Cryptography Project ◮ Project within the NIST Computer Security Division (CSD) https://csrc.nist.gov/Projects/Threshold-Cryptography ◮ To drive an open and transparent process towards standardization of threshold schemes for cryptographic primitives . (See NISTIR 7977 [Gro16]) NISTIR 8214 (report) NISTIR 8214 Threshold Schemes for Cryptographic Primitives Challenges and Opportunities in Standardization and Validation of Threshold Cryptography Luís T. A. N. Brandão Nicky Mouha Apostol Vassilev This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8214 6/16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Watershed Below TMDL Threshold At TMDL Threshold Above TMDL Threshold Water Quality Overview

Watershed Below TMDL Threshold At TMDL Threshold Above TMDL Threshold Water Quality Overview

Nantucket Harbor Watershed Below TMDL Threshold At TMDL Threshold Above TMDL Threshold Water Quality Overview Routine monitoring: June-September. Water quality, dissolved oxygen, algae, eelgrass. Work with State agencies to

631 views • 19 slides
Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure countermeasure Against (first) order power analysis based on multi party computation and secret sharing 2 Outline Threshold Implementations

990 views • 58 slides
Threshold resummation far from threshold GGI, Firenze, September 7 th , 2011 Giovanni Ridolfi

Threshold resummation far from threshold GGI, Firenze, September 7 th , 2011 Giovanni Ridolfi

Threshold resummation far from threshold GGI, Firenze, September 7 th , 2011 Giovanni Ridolfi Universit` a di Genova and INFN Genova, Italy Plan of the talk: 1. When is threshold resummation relevant? 2. Ambiguities in resummed results

939 views • 69 slides
Polynomial threshold functions and Boolean threshold circuits Kristoffer Arnsfelt Hansen 1

Polynomial threshold functions and Boolean threshold circuits Kristoffer Arnsfelt Hansen 1

Polynomial threshold functions and Boolean threshold circuits Kristoffer Arnsfelt Hansen 1 Vladimir V. Podolskii 2 1 Aarhus University 2 Steklov Mathematical Institute MFCS 2013 1 / 27 Boolean Threshold Functions Boolean function f : { a , b } n

927 views • 44 slides
Welcome to the Public Hearing for the improvement of US 30 from IL 47 to IL 31. [Enter] 1 The

Welcome to the Public Hearing for the improvement of US 30 from IL 47 to IL 31. [Enter] 1 The

Welcome to the Public Hearing for the improvement of US 30 from IL 47 to IL 31. [Enter] 1 The main goal of todays public hearing is to [enter] Provide a brief overview of the study [enter] Present the Preferred Alternative [enter] Answer

719 views • 24 slides
Near-Threshold Computing: How Close Should We Get? Alaa R. Alameldeen Intel Labs Workshop on

Near-Threshold Computing: How Close Should We Get? Alaa R. Alameldeen Intel Labs Workshop on

Near-Threshold Computing: How Close Should We Get? Alaa R. Alameldeen Intel Labs Workshop on Near-Threshold Computing June 14, 2014 Overview High-level talk summarizing my architectural perspective on near-threshold computing

850 views • 41 slides
Threshold Cryptosystems from Threshold Fully Homomorphic Encryption Aayush Jain, UCLA AUTHORS:

Threshold Cryptosystems from Threshold Fully Homomorphic Encryption Aayush Jain, UCLA AUTHORS:

Threshold Cryptosystems from Threshold Fully Homomorphic Encryption Aayush Jain, UCLA AUTHORS: DAN BONEH, ROSARIO GENNARO, STEVEN GOLDFEDER, AAYUSH JAIN, SAM KIM, PETER M. R. RASMUSSEN AND AMIT SAHAI Introduction to Characters Thanos: Bad Guy

567 views • 36 slides
June 12, 2020 Type to enter a caption. Greeter Graham Drake Type to enter a caption. Give

June 12, 2020 Type to enter a caption. Greeter Graham Drake Type to enter a caption. Give

June 12, 2020 Type to enter a caption. Greeter Graham Drake Type to enter a caption. Give Thanks / Sunshine Report / Story Brian Gentles Type to enter a caption. Club Assembly Directors Intro Ginny Murphy Type to enter a

998 views • 64 slides
Greenhouse Gas CEQA Greenhouse Gas CEQA Significance Threshold Significance Threshold

Greenhouse Gas CEQA Greenhouse Gas CEQA Significance Threshold Significance Threshold

Greenhouse Gas CEQA Greenhouse Gas CEQA Significance Threshold Significance Threshold Stakeholder Working Group # 3 Stakeholder Working Group # 3 June 19, 2008 SCAQMD Diamond Bar, California GHG Significance Threshold GHG Significance

691 views • 12 slides
SUBSTANDARD BUILDINGS USE CAUTION! You can not enter onto private property. You can not

SUBSTANDARD BUILDINGS USE CAUTION! You can not enter onto private property. You can not

SUBSTANDARD BUILDINGS USE CAUTION! You can not enter onto private property. You can not enter go inside of private residence. You should never enter a dangerous and unsafe structure. Respect curtilage and the expectation of

364 views • 21 slides
Greenhouse Gas CEQA Greenhouse Gas CEQA Significance Threshold Significance Threshold

Greenhouse Gas CEQA Greenhouse Gas CEQA Significance Threshold Significance Threshold

Greenhouse Gas CEQA Greenhouse Gas CEQA Significance Threshold Significance Threshold Stakeholder Working Group # 8 Stakeholder Working Group # 8 January 28, 2009 SCAQMD Diamond Bar, California Agenda Item #2 Staff s Interim Agenda

226 views • 19 slides
Q UESTIONS ? C ARL R. D ARNALL A RMY M EDICAL C ENTER R EPLACEMENT

Q UESTIONS ? C ARL R. D ARNALL A RMY M EDICAL C ENTER R EPLACEMENT

C ARL R. D ARNALL A RMY M EDICAL C ENTER M ARISSA C ALDWELL M ECHANICAL O PTION C ARL R. D ARNALL A RMY M EDICAL C ENTER B UILDING OVERVIEW T HESIS G OALS D EPTH D EDICATED O UTDOOR A IR S YSTEM V ARIABLE R EFRIGERANT F LOW W ATER S OURCE H EAT P

484 views • 31 slides
Threshold Networks over undirected graphs Universidad Adolfo

Threshold Networks over undirected graphs Universidad Adolfo

Threshold Networks over undirected graphs Universidad Adolfo Ibez, SanHago, Chile Antonio.chacc@gmail.com Threshold networks x {0,1} n n for 1 i n x i = H ( w ij x j

424 views • 41 slides
Lower and upper estimates on the excitation threshold for DNLS lattices J. Cuevas, N.I.

Lower and upper estimates on the excitation threshold for DNLS lattices J. Cuevas, N.I.

Definition of the excitation threshold Upper and lower estimates for the excitation threshold Figures from numerical studies Discussion Lower and upper estimates on the excitation threshold for DNLS lattices J. Cuevas, N.I. Karachalios and F.

246 views • 22 slides
Overview of 2016 10:15a.m. 11:45a.m. Materiality Threshold & Reporting Companies Time

Overview of 2016 10:15a.m. 11:45a.m. Materiality Threshold & Reporting Companies Time

Overview of 2016 10:15a.m. 11:45a.m. Materiality Threshold & Reporting Companies Time Period Total ONRR Materiality Annual # of Revenues Threshold Payments Companies CY 2013 $12.4 billion 83% $50.0 million 45 FY 2015 $8.9

174 views • 6 slides
Lecture 12- ECE 240a Threshold Mirror Loss Ver Chap. 8-9 Threshold Conditions Homogeneous

Lecture 12- ECE 240a Threshold Mirror Loss Ver Chap. 8-9 Threshold Conditions Homogeneous

Lecture 12- ECE 240a Review Small Signal Gain Resonant Frequencies Lasing Conditions Lasing Lecture 12- ECE 240a Threshold Mirror Loss Ver Chap. 8-9 Threshold Conditions Homogeneous Gain Media Gain Saturation 1 ECE 240a Lasers -

425 views • 40 slides
STAN Current State and Future Work Scalable Hardware-Aided Trusted Data Management Nico

STAN Current State and Future Work Scalable Hardware-Aided Trusted Data Management Nico

STAN Current State and Future Work Scalable Hardware-Aided Trusted Data Management Nico Weichbrodt, 2019-09-03/04 Moving Databases to the Cloud Everyone moves to the cloud Higher scalability and availability But: no trust in the cloud

502 views • 15 slides
Well-balanced DG scheme for Euler equations with gravity Praveen Chandrashekar

Well-balanced DG scheme for Euler equations with gravity Praveen Chandrashekar

Well-balanced DG scheme for Euler equations with gravity Praveen Chandrashekar praveen@tifrbng.res.in Center for Applicable Mathematics Tata Institute of Fundamental Research Bangalore 560065 Higher Order Numerical Methods for Evolutionary

729 views • 55 slides
Proof Search in Minimal Logic Helmut Schwichtenberg Mathematisches Institut, Universit at M

Proof Search in Minimal Logic Helmut Schwichtenberg Mathematisches Institut, Universit at M

Proof Search in Minimal Logic Helmut Schwichtenberg Mathematisches Institut, Universit at M unchen 1 Motivation Proof carrying code (Lee, Necula) Why? Proofs are machine checkable (easily) Here: code carrying proofs Prospects:

541 views • 36 slides
Is Haskell ready for everyday computing? An informal experience report. Jeff Polakow CUFP 2008

Is Haskell ready for everyday computing? An informal experience report. Jeff Polakow CUFP 2008

Is Haskell ready for everyday computing? An informal experience report. Jeff Polakow CUFP 2008 Talk Overview My background Job background System description Points of interest Conclusions About Me Theoretical PL

426 views • 15 slides
Local Search Topology Implications for planner performance Mark Roberts Adele Howe Colorado

Local Search Topology Implications for planner performance Mark Roberts Adele Howe Colorado

Local Search Topology Implications for planner performance Mark Roberts Adele Howe Colorado State University Fort Collins, Colorado Hoffmanns Topological Analyses: The Taxonomy M BW4oop Mystery Mprime I M Mic-ADL N. Schedule

459 views • 9 slides
Integer-Forcing: An Algebraic Approach to Interference Management Bobak Nazer Boston University

Integer-Forcing: An Algebraic Approach to Interference Management Bobak Nazer Boston University

Integer-Forcing: An Algebraic Approach to Interference Management Bobak Nazer Boston University Thanks to Wenbo He, Engin Tunali, and Krishna Narayanan for help with the plots. Communications Theory Workshop Interference Management Session

755 views • 53 slides
Approximating Pareto Curves using Semidefinite Relaxations Victor MAGRON Postdoc LAAS-CNRS

Approximating Pareto Curves using Semidefinite Relaxations Victor MAGRON Postdoc LAAS-CNRS

Pareto Curves Parametric POP Outer Approximations of f ( S ) Perspectives Approximating Pareto Curves using Semidefinite Relaxations Victor MAGRON Postdoc LAAS-CNRS (Joint work with Didier Henrion and Jean-Bernard Lasserre) Optimisation Non

769 views • 66 slides
Learning and Using Image Manifolds Robert Pless Associate Professor of Computer Science What

Learning and Using Image Manifolds Robert Pless Associate Professor of Computer Science What

Learning and Using Image Manifolds Robert Pless Associate Professor of Computer Science What are image manifolds? Sets of images that locally have only a few degrees of freedom. For example, 8 s from the NIST character

1.01k views • 65 slides

More recommend