explicit optimal binary pebbling for one way hash chain
play

Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal - PowerPoint PPT Presentation

Feb 03, 2024 •127 likes •1.12k views

Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal Berry Schoenmakers Coding & Crypto group Dept of Mathematics & Computer Science TU Eindhoven, The Netherlands berry@win.tue.nl 20 th Financial Cryptography Tuesday,

  1. Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal Berry Schoenmakers Coding & Crypto group Dept of Mathematics & Computer Science TU Eindhoven, The Netherlands berry@win.tue.nl 20 th Financial Cryptography Tuesday, February 23, 2016 Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal Berry Schoenmakers

  2. Outline Background (long) hash chains & pebbling algorithms Framework for binary pebbling speed-1 / speed-2 (Jakobsson) / optimal pebbling Optimized implementations in-place (minimize storage) vs fast (maximize speed) Extensions & Conclusions Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal Berry Schoenmakers

  3. Hash Chains Famous example: Bitcoin’s block chain. We use “ordinary” hash chains: no proof of work. Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal Berry Schoenmakers

  4. Lamport’s Identification Scheme (Unix S/key One-Time Passwords) One-way hash chain for seed x 0 : Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal Berry Schoenmakers

  5. Lamport’s Identification Scheme (Unix S/key One-Time Passwords) One-way hash chain for seed x 0 : x 0 Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal Berry Schoenmakers

  6. Lamport’s Identification Scheme (Unix S/key One-Time Passwords) One-way hash chain for seed x 0 : f x 0 → x 1 − Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal Berry Schoenmakers

  7. Lamport’s Identification Scheme (Unix S/key One-Time Passwords) One-way hash chain for seed x 0 : f f x 0 → x 1 → x 2 − − Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal Berry Schoenmakers

  8. Lamport’s Identification Scheme (Unix S/key One-Time Passwords) One-way hash chain for seed x 0 : f f f x 0 → x 1 → x 2 − − − → . . . Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal Berry Schoenmakers

  9. Lamport’s Identification Scheme (Unix S/key One-Time Passwords) One-way hash chain for seed x 0 : f f f f x 0 → x 1 → x 2 → x n − 2 − − − → . . . − Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal Berry Schoenmakers

  10. Lamport’s Identification Scheme (Unix S/key One-Time Passwords) One-way hash chain for seed x 0 : f f f f f x 0 → x 1 → x 2 → x n − 2 → x n − 1 − − − → . . . − − Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal Berry Schoenmakers

  11. Lamport’s Identification Scheme (Unix S/key One-Time Passwords) One-way hash chain for seed x 0 : f f f f f f x 0 → x 1 → x 2 → x n − 2 → x n − 1 → x n − − − → . . . − − − Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal Berry Schoenmakers

  12. Lamport’s Identification Scheme (Unix S/key One-Time Passwords) One-way hash chain for seed x 0 : f f f f f f x 0 → x 1 → x 2 → x n − 2 → x n − 1 → x n − − − → . . . − − − Registration random x 0 send x n x n ← f n ( x 0 ) ( authentic message ) store x n − − − − − − − − → − Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal Berry Schoenmakers

  13. Lamport’s Identification Scheme (Unix S/key One-Time Passwords) One-way hash chain for seed x 0 : x n Registration random x 0 send x n x n ← f n ( x 0 ) ( authentic message ) store x n − − − − − − − − → − Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal Berry Schoenmakers

  14. Lamport’s Identification Scheme (Unix S/key One-Time Passwords) One-way hash chain for seed x 0 : f x n − 1 → x n − Registration random x 0 send x n x n ← f n ( x 0 ) ( authentic message ) store x n − − − − − − − − → − send x n − 1 ? x n − 1 ← f n − 1 ( x 0 ) 1st identification = f ( x n − 1 ) x n − − − − − − − − − → − store x n − 1 Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal Berry Schoenmakers

  15. Lamport’s Identification Scheme (Unix S/key One-Time Passwords) One-way hash chain for seed x 0 : f f x n − 2 → x n − 1 → x n − − Registration random x 0 send x n x n ← f n ( x 0 ) ( authentic message ) store x n − − − − − − − − → − send x n − 1 ? x n − 1 ← f n − 1 ( x 0 ) 1st identification = f ( x n − 1 ) x n − − − − − − − − − → − store x n − 1 send x n − 2 ? x n − 2 ← f n − 2 ( x 0 ) 2nd identification x n − 1 = f ( x n − 2 ) − − − − − − − − − − − → − store x n − 2 Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal Berry Schoenmakers

  16. Lamport’s Identification Scheme (Unix S/key One-Time Passwords) One-way hash chain for seed x 0 : f f f f x 2 → x n − 2 → x n − 1 → x n − → . . . − − − Registration random x 0 send x n x n ← f n ( x 0 ) ( authentic message ) store x n − − − − − − − − → − send x n − 1 ? x n − 1 ← f n − 1 ( x 0 ) 1st identification = f ( x n − 1 ) x n − − − − − − − − − → − store x n − 1 send x n − 2 ? x n − 2 ← f n − 2 ( x 0 ) 2nd identification x n − 1 = f ( x n − 2 ) − − − − − − − − − − − → − store x n − 2 . . . Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal Berry Schoenmakers

  17. Lamport’s Identification Scheme (Unix S/key One-Time Passwords) One-way hash chain for seed x 0 : f f f f f x 1 → x 2 → x n − 2 → x n − 1 → x n − − → . . . − − − Registration random x 0 send x n x n ← f n ( x 0 ) ( authentic message ) store x n − − − − − − − − → − send x n − 1 ? x n − 1 ← f n − 1 ( x 0 ) 1st identification = f ( x n − 1 ) x n − − − − − − − − − → − store x n − 1 send x n − 2 ? x n − 2 ← f n − 2 ( x 0 ) 2nd identification x n − 1 = f ( x n − 2 ) − − − − − − − − − − − → − store x n − 2 . . . send x 1 ? n − 1 st identification x 1 ← f ( x 0 ) x 2 = f ( x 1 ) − − − − − − − − − → − store x 1 Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal Berry Schoenmakers

  18. Lamport’s Identification Scheme (Unix S/key One-Time Passwords) One-way hash chain for seed x 0 : f f f f f f x 0 → x 1 → x 2 → x n − 2 → x n − 1 → x n − − − → . . . − − − Registration random x 0 send x n x n ← f n ( x 0 ) ( authentic message ) store x n − − − − − − − − → − send x n − 1 ? x n − 1 ← f n − 1 ( x 0 ) 1st identification = f ( x n − 1 ) x n − − − − − − − − − → − store x n − 1 send x n − 2 ? x n − 2 ← f n − 2 ( x 0 ) 2nd identification x n − 1 = f ( x n − 2 ) − − − − − − − − − − − → − store x n − 2 . . . send x 1 ? n − 1 st identification x 1 ← f ( x 0 ) x 2 = f ( x 1 ) − − − − − − − − − → − store x 1 send x 0 ? n th identification seed x 0 x 1 = f ( x 0 ) − − − − − − − − − → − Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal Berry Schoenmakers

  19. Lamport’s Identification Scheme (Unix S/key One-Time Passwords) One-way hash chain for seed x 0 : f f f f f f x 0 → x 1 → x 2 → x n − 2 → x n − 1 → x n − − − → . . . − − − Registration random x 0 send x n x n ← f n ( x 0 ) ( authentic message ) store x n − − − − − − − − → − send x n − 1 ? x n − 1 ← f n − 1 ( x 0 ) 1st identification = f ( x n − 1 ) x n − − − − − − − − − → − store x n − 1 send x n − 2 ? x n − 2 ← f n − 2 ( x 0 ) 2nd identification x n − 1 = f ( x n − 2 ) − − − − − − − − − − − → − store x n − 2 . . . send x 1 ? n − 1 st identification x 1 ← f ( x 0 ) x 2 = f ( x 1 ) − − − − − − − − − → − store x 1 send x 0 ? n th identification seed x 0 x 1 = f ( x 0 ) − − − − − − − − − → − Asymmetric scheme : values stored not secret . Secure against passive eavesdropper : x n of no use for 1st identification, etc. Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal Berry Schoenmakers

  20. Security Requirements for Function f Function f should be one-way on its iterates (Levin ’85, Pedersen ’96). Matyas-Meyer-Oseas one-way function f : { 0 , 1 } 128 → { 0 , 1 } 128 where f ( x ) = AES IV ( x ) ⊕ x View f as a random function. Given y = f n ( x ) , finding z such that f ( z ) = y takes 2 128 / n time. For hash chain of length n = 2 32 : security of 2 128 2 32 = 2 96 . Pebbling algorithms do not affect security. Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal Berry Schoenmakers

  21. Applications of (Long) Hash Chains Micropayment schemes: CAFE phone ticks, Payword TESLA secure routing for wireless sensor networks Multicast authentication Online auctions Communication between airplanes and DME towers DME (Distance Measuring Equipment) tower authenticates its messages to airplanes. Boneh-Wang 2010: hash chain of length n = 86400 (1 link per second for 1 day) Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal Berry Schoenmakers

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Optimal scaling and convergence of Markov chain Monte Carlo methods Alain Durmus Joint work

Optimal scaling and convergence of Markov chain Monte Carlo methods Alain Durmus Joint work

Introduction Optimal scaling of the symmetric RWM algorithm Explicit bounds for the ULA algorithm Optimal scaling and convergence of Markov chain Monte Carlo methods Alain Durmus Joint work with: Sylvain Le Corff, Eric Moulines, Gareth

1.12k views • 66 slides
ECE 242 Data Structures Lecture 22 More Binary Search Trees and Hash Tables October 30, 2009

ECE 242 Data Structures Lecture 22 More Binary Search Trees and Hash Tables October 30, 2009

ECE 242 Data Structures Lecture 22 More Binary Search Trees and Hash Tables October 30, 2009 ECE242 L25: More Binary Search Trees and Hash Tables Overview Problem: How do I represent data so that no data value is present more than once?

573 views • 20 slides
GCL SymbolTable A Chain of Hash Tables based on java.util.Hashtable Joseph Bergin 1/12/99 1

GCL SymbolTable A Chain of Hash Tables based on java.util.Hashtable Joseph Bergin 1/12/99 1

GCL SymbolTable A Chain of Hash Tables based on java.util.Hashtable Joseph Bergin 1/12/99 1 Hash Tables Keys are used index buckets anObject to determine 0 the location in which to store a Value. hasher max Joseph Bergin 1/12/99

340 views • 9 slides
MA/CSSE 473 Day 28 Optimal BSTs Dynamic Programming Example OPTIMAL BINARY SEARCH TREES 1

MA/CSSE 473 Day 28 Optimal BSTs Dynamic Programming Example OPTIMAL BINARY SEARCH TREES 1

MA/CSSE 473 Day 28 Optimal BSTs Dynamic Programming Example OPTIMAL BINARY SEARCH TREES 1 Warmup: Optimal linked list order Suppose we have n distinct data items x 1 , x 2 , , x n in a linked list. Also suppose that we know the

515 views • 15 slides
Priority queues Hash tables chaining Priority queue ADT Binary heap March 13, 2020 Cinda

Priority queues Hash tables chaining Priority queue ADT Binary heap March 13, 2020 Cinda

Priority queues Hash tables chaining Priority queue ADT Binary heap March 13, 2020 Cinda Heeren / Andy Roth / Geoffrey Tien 1 Separate chaining Separate chaining takes a different approach to collisions Each entry in the hash table

470 views • 26 slides
An Explicit Shadow Price for the Growth-Optimal Portfolio with Transaction Costs Johannes

An Explicit Shadow Price for the Growth-Optimal Portfolio with Transaction Costs Johannes

An Explicit Shadow Price for the Growth-Optimal Portfolio with Transaction Costs Johannes Muhle-Karbe Joint work with Stefan Gerhold and Walter Schachermayer Analysis, Stochastics, and Applications A Conference in honour of Walter

381 views • 21 slides
Energetically Optimal Flapping Flight via a Fully Discrete Adjoint Method with Explicit Treatment

Energetically Optimal Flapping Flight via a Fully Discrete Adjoint Method with Explicit Treatment

Energetically Optimal Flapping Flight via a Fully Discrete Adjoint Method with Explicit Treatment of Flapping Frequency Jingyi Wang, Matthew J. Zahr , and Per-Olof Persson CFD-36, Optimization Techniques for CFD AIAA Aviation Sheraton

360 views • 34 slides
SAT-based Encodings for Optimal Decision Trees with Explicit Paths s Janota 1,2 , Ant onio

SAT-based Encodings for Optimal Decision Trees with Explicit Paths s Janota 1,2 , Ant onio

SAT-based Encodings for Optimal Decision Trees with Explicit Paths s Janota 1,2 , Ant onio Morgado 1 Mikol a 1 INESC-ID/IST, Universidade de Lisboa, Portugal 2 Czech Technical University in Prague, Czech Republic SAT 2020 Janota and

1.3k views • 60 slides
On Optimal Hash Tree Traversal for Interval Time-Stamping Helger Lipmaa Helsinki University of

On Optimal Hash Tree Traversal for Interval Time-Stamping Helger Lipmaa Helsinki University of

On Optimal Hash Tree Traversal for Interval Time-Stamping Helger Lipmaa Helsinki University of Technology { helger } @tcs.hut.fi http://www.tcs.hut.fi/helger ISC02, 02.10.2002 On Optimal Hash Tree Traversal for Interval Time-Stamping

945 views • 45 slides
Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must

Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must

Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must provide o Compression output length is small o Efficiency h(x) easy to compute for any x o One-way given a value y it is infeasible to find

465 views • 42 slides
COMPARATIVE STUDY OF LEAN AND AGILE SUPPLY CHAIN MANAGEMENT ALONG WITH THE OPTIMAL MODEL

COMPARATIVE STUDY OF LEAN AND AGILE SUPPLY CHAIN MANAGEMENT ALONG WITH THE OPTIMAL MODEL

Kuwait Chapter of Arabian Journal of Business and M anagement Review Vol. 1, No.4; December 2011 COMPARATIVE STUDY OF LEAN AND AGILE SUPPLY CHAIN MANAGEMENT ALONG WITH THE OPTIMAL MODEL PRESENTATION OF AGILE SUPPLY CHAIN MANAGEMENT Shahram

233 views • 11 slides
An explicit optimal input design for first order systems identification Pascal DUFOUR 1 , 3 ,

An explicit optimal input design for first order systems identification Pascal DUFOUR 1 , 3 ,

An explicit optimal input design for first order systems identification Pascal DUFOUR 1 , 3 , Madiha NADRI 1 and Jun QIAN 1 , 2 , 3 1 Universit e de Lyon, Lyon F-69003, Universit e Lyon 1, CNRS UMR 5007, Laboratory of Process Control and

634 views • 48 slides
Deep Learning of Binary Hash Codes for Fast Image Retrieval Kevin Lin, Huei-Fang Yang, Jen-Hao

Deep Learning of Binary Hash Codes for Fast Image Retrieval Kevin Lin, Huei-Fang Yang, Jen-Hao

Deep Learning of Binary Hash Codes for Fast Image Retrieval Kevin Lin, Huei-Fang Yang, Jen-Hao Hsiao, Chu-song chen Yahoo! Taiwan CVPR 2015 2016. 11. 6. 1 Index Review Background & Motivation Method Experiment

542 views • 32 slides
csci 210: Data Structures Maps and Hash Tables Summary Topics the Map ADT Map

csci 210: Data Structures Maps and Hash Tables Summary Topics the Map ADT Map

csci 210: Data Structures Maps and Hash Tables Summary Topics the Map ADT Map vs Dictionary implementation of Map: hash tables Hashing READING: GT textbook chapter 9.1 and 9.2 Binary Search Tree BST:

654 views • 40 slides
An optimal Arc Consistency algorithm for a chain of Atmost constraints with cardinality Mohamed

An optimal Arc Consistency algorithm for a chain of Atmost constraints with cardinality Mohamed

The AtMostSeqCard constraint Filtering the domains Experimental results LAAS-CNRS Conclusion & Future work An optimal Arc Consistency algorithm for a chain of Atmost constraints with cardinality Mohamed Siala , Emmanuel Hebrard, and

1.21k views • 97 slides
MA/CSSE 473 Day 28 (and 29?) Optimal Binary Search trees. 1. Optimal linked list order (if we

MA/CSSE 473 Day 28 (and 29?) Optimal Binary Search trees. 1. Optimal linked list order (if we

MA/CSSE 473 Day 28 (and 29?) Optimal Binary Search trees. 1. Optimal linked list order (if we know the probability of search for each item) a. Item x i in list has probability p i . What is expected number of probes for search? b. Example: p 1 =

152 views • 3 slides
Scaling up phylogene/c networks to genome-size data

Scaling up phylogene/c networks to genome-size data

Scaling up phylogene/c networks to genome-size data Co-supervisor Supervisor 70 % 30 % Vincent Berry Celine Scornavacca Prof, LIRMM lab CR2,

517 views • 14 slides
Size-Noise Tradeoffs in Generative Networks Bolton Bailey Matus Telgarsky Univ. of Illinois

Size-Noise Tradeoffs in Generative Networks Bolton Bailey Matus Telgarsky Univ. of Illinois

Size-Noise Tradeoffs in Generative Networks Bolton Bailey Matus Telgarsky Univ. of Illinois Urbana-Champaign November 29, 2018 Generative networks Easy distribution X R n . What can Y be? Hard distribution Y R d . Generator Network g :

263 views • 5 slides
Building T EX Live Karl Berry ( karl@tug.org ) TL overview http://tug.org/texlive 2/11

Building T EX Live Karl Berry ( karl@tug.org ) TL overview http://tug.org/texlive 2/11

Building T EX Live Karl Berry ( karl@tug.org ) TL overview http://tug.org/texlive 2/11 cross-platform T EX distribution, yearly release, DVD sponsored by TUG, DANTE e.V., all user groups basis for distros (Debian, Fedora, BSD, . .

267 views • 11 slides
SHARK-FV 2014 The MOOD Ideas MOOD for multi-mat. flows The good The not-yet-good-enough

SHARK-FV 2014 The MOOD Ideas MOOD for multi-mat. flows The good The not-yet-good-enough

LA-UR 14-22765 Extension of the MOOD Method to the Saurel-Petitpas-Berry Model for Multi-Material Compressible Flows Fourth-order 2D results: The good & the not-yet-good-enough a Steven Diot , a Marianne Franois, b Edward Dendy. a Fluid

897 views • 67 slides
Mo Mode del Parame meter Estima mation n with h Da Data Assi Assimilation on usi sing g

Mo Mode del Parame meter Estima mation n with h Da Data Assi Assimilation on usi sing g

Mo Mode del Parame meter Estima mation n with h Da Data Assi Assimilation on usi sing g NICAM AM-LE LETKF Sh Shunji Ko Kotsuki 1 , Y. Sato 2 , K. Terasaki 1 , H. Yashiro 1 H. Tomita 1 , M. Satoh 3 , and T. Miyoshi 1 1. RIKEN Center

388 views • 20 slides
Trena Wilkerson, NCTM President Robert Berry, NCTM Past-President #nctmchange #nctmchange

Trena Wilkerson, NCTM President Robert Berry, NCTM Past-President #nctmchange #nctmchange

#nctmchange Trena Wilkerson, NCTM President Robert Berry, NCTM Past-President #nctmchange #nctmchange #nctmchange NCTM #nctmchange #nctmchange Christa Jackson Eric Milou Iowa State University Rowan University Ames Iowa Glassboro, New

456 views • 34 slides
Embodied Language Comprehension and Sentence Mood Berry Claus

Embodied Language Comprehension and Sentence Mood Berry Claus

Embodied Language Comprehension and Sentence Mood Berry Claus

699 views • 10 slides
Shelf life determination Alice Jones (Sensory Scientist) & Kevin Mutch (Peripatetic Brewer)

Shelf life determination Alice Jones (Sensory Scientist) & Kevin Mutch (Peripatetic Brewer)

Shelf life determination Alice Jones (Sensory Scientist) & Kevin Mutch (Peripatetic Brewer) 25 April 2018 Topics How Product stability Customer perception Stale beer flavours Tasting panel & tests Sensory training

131 views • 12 slides

More recommend