foundation of cryptography 0368 4162 01 lecture 8
play

Foundation of Cryptography (0368-4162-01), Lecture 8 Encryption - PowerPoint PPT Presentation

Aug 16, 2022 •196 likes •1.33k views

Definitions Constructions Active Adversaries Foundation of Cryptography (0368-4162-01), Lecture 8 Encryption Schemes Iftach Haitner, Tel Aviv University January 3 17, 2012 Definitions Constructions Active Adversaries Section 1

  1. Definitions Constructions Active Adversaries Indistinguishablity Indistinguishablity of encryptions – private-key model Definition 3 (Indistinguishablity of encryptions – private-key model) An encryption scheme ( G , E , D ) has indistinguishable encryptions in the private-key model, if for any p , ℓ ∈ poly, { x n , y n ∈ { 0 , 1 } ℓ ( n ) } n ∈ N , { z n ∈ { 0 , 1 } p ( n ) } n ∈ N and poly-time B, � � � Pr e ← G ( 1 n ) 1 [ B ( z n , E e ( x n )) = 1 ] − Pr e ← G ( 1 n ) 1 [ B ( z n , E e ( y n )) = 1 ] � = neg ( n ) Non-uniform definition

  2. Definitions Constructions Active Adversaries Indistinguishablity Indistinguishablity of encryptions – private-key model Definition 3 (Indistinguishablity of encryptions – private-key model) An encryption scheme ( G , E , D ) has indistinguishable encryptions in the private-key model, if for any p , ℓ ∈ poly, { x n , y n ∈ { 0 , 1 } ℓ ( n ) } n ∈ N , { z n ∈ { 0 , 1 } p ( n ) } n ∈ N and poly-time B, � � � Pr e ← G ( 1 n ) 1 [ B ( z n , E e ( x n )) = 1 ] − Pr e ← G ( 1 n ) 1 [ B ( z n , E e ( y n )) = 1 ] � = neg ( n ) Non-uniform definition Public-key variant

  3. Definitions Constructions Active Adversaries Equivalence Equivalence of definitions Theorem 4 An encryption scheme ( G , E , D ) is semantically secure iff is has indistinguishable encryptions.

  4. Definitions Constructions Active Adversaries Equivalence Equivalence of definitions Theorem 4 An encryption scheme ( G , E , D ) is semantically secure iff is has indistinguishable encryptions. We prove the private key case

  5. Definitions Constructions Active Adversaries Equivalence Indistinguishability = ⇒ Semantic Security

  6. Definitions Constructions Active Adversaries Equivalence Indistinguishability = ⇒ Semantic Security Fix M , A, f and h , be as in Definition 2.

  7. Definitions Constructions Active Adversaries Equivalence Indistinguishability = ⇒ Semantic Security Fix M , A, f and h , be as in Definition 2. We construct A ′ as Algorithm 5 ( A ′ ) Input: 1 n , 1 | m | and h ( m ) e ← G ( 1 n ) 1 1 c = E e ( 1 | m | ) 2 Output A ( 1 n , 1 | m | , h ( m ) , c ) 3

  8. Definitions Constructions Active Adversaries Equivalence Indistinguishability = ⇒ Semantic Security Fix M , A, f and h , be as in Definition 2. We construct A ′ as Algorithm 5 ( A ′ ) Input: 1 n , 1 | m | and h ( m ) e ← G ( 1 n ) 1 1 c = E e ( 1 | m | ) 2 Output A ( 1 n , 1 | m | , h ( m ) , c ) 3 Claim 6 A ′ is a good simulator for A (according to Definition 2)

  9. Definitions Constructions Active Adversaries Equivalence Proving Claim 6 For n ∈ N , let � Pr m ←M n , e ← G ( 1 n ) 1 [ A ( 1 n , 1 | m | , h ( 1 n , m ) , E e ( m )) = f ( 1 n , m )] � δ ( n ) := − Pr m ←M n [ A ′ ( 1 n , 1 | m | , h ( 1 n , m )) = f ( 1 n , m )] � �

  10. Definitions Constructions Active Adversaries Equivalence Proving Claim 6 For n ∈ N , let � Pr m ←M n , e ← G ( 1 n ) 1 [ A ( 1 n , 1 | m | , h ( 1 n , m ) , E e ( m )) = f ( 1 n , m )] � δ ( n ) := − Pr m ←M n [ A ′ ( 1 n , 1 | m | , h ( 1 n , m )) = f ( 1 n , m )] � � Claim 7 For every n ∈ N , exists x n ∈ Supp ( M n ) with � Pr e ← G ( 1 n ) 1 [ A ( 1 n , 1 | x n | , h ( 1 n , x n ) , E e ( x n )) = f ( 1 n , x n )] � δ ( n ) ≤ − Pr [ A ′ ( 1 n , 1 | x n | , h ( 1 n , x n )) = f ( 1 n , x n )] � �

  11. Definitions Constructions Active Adversaries Equivalence Proving Claim 6 For n ∈ N , let � Pr m ←M n , e ← G ( 1 n ) 1 [ A ( 1 n , 1 | m | , h ( 1 n , m ) , E e ( m )) = f ( 1 n , m )] � δ ( n ) := − Pr m ←M n [ A ′ ( 1 n , 1 | m | , h ( 1 n , m )) = f ( 1 n , m )] � � Claim 7 For every n ∈ N , exists x n ∈ Supp ( M n ) with � Pr e ← G ( 1 n ) 1 [ A ( 1 n , 1 | x n | , h ( 1 n , x n ) , E e ( x n )) = f ( 1 n , x n )] � δ ( n ) ≤ − Pr [ A ′ ( 1 n , 1 | x n | , h ( 1 n , x n )) = f ( 1 n , x n )] � � Proof : Write the lhs and rhs terms in the definition of δ ( n ) as sums over the different choices of m ∈ Supp ( M n ) , and use | a + b | ≤ | a | + | b |

  12. Definitions Constructions Active Adversaries Equivalence Assume ∃ an infinite I ⊆ N and p ∈ poly s.t. δ ( n ) > 1 / p ( n ) for every n ∈ I .

  13. Definitions Constructions Active Adversaries Equivalence Assume ∃ an infinite I ⊆ N and p ∈ poly s.t. δ ( n ) > 1 / p ( n ) for every n ∈ I . The following algorithm contradicts the indistinguishability of ( G , E , D ) with respect to { ( x n , y n = 1 | x n | ) } n ∈ N and { z n = ( 1 n , 1 | x n | , h ( 1 n , x n ) , f ( 1 n , x n )) } n ∈ N . Algorithm 8 ( B ) Input: z n = ( 1 n , 1 | x n | , h ( 1 n , x n ) , f ( 1 n , x n )) , c Output 1 iff A ( 1 n , 1 | x n | , h ( x n ) , c ) = f ( 1 n , x n )

  14. Definitions Constructions Active Adversaries Equivalence Semantic Security = ⇒ Indistinguishability Assume ∃ PPT B, { x n , y n ∈ { 0 , 1 } ℓ ( n ) } n ∈ N and a { z n } n ∈ N , such that (wlg) for infinitely many n ’s: (1) 1 Pr e ← G ( 1 n ) 1 [ B ( z n , E e ( x n ))= 1 ] − Pr e ← G ( 1 n ) 1 [ B ( z n , E e ( y n ))= 1 ] ≥ p ( n )

  15. Definitions Constructions Active Adversaries Equivalence Semantic Security = ⇒ Indistinguishability Assume ∃ PPT B, { x n , y n ∈ { 0 , 1 } ℓ ( n ) } n ∈ N and a { z n } n ∈ N , such that (wlg) for infinitely many n ’s: (1) 1 Pr e ← G ( 1 n ) 1 [ B ( z n , E e ( x n ))= 1 ] − Pr e ← G ( 1 n ) 1 [ B ( z n , E e ( y n ))= 1 ] ≥ p ( n ) Let M n be x n wp 1 2 and y n otherwise. Let f ( 1 n , x n ) = 1, f ( 1 n , y n ) = 0 and h ( 1 n , · ) = z n ) . Define A ( 1 n , 1 ℓ ( n ) , z n , c ) to return B ( z n , c ) .

  16. Definitions Constructions Active Adversaries Equivalence Semantic Security = ⇒ Indistinguishability Assume ∃ PPT B, { x n , y n ∈ { 0 , 1 } ℓ ( n ) } n ∈ N and a { z n } n ∈ N , such that (wlg) for infinitely many n ’s: (1) 1 Pr e ← G ( 1 n ) 1 [ B ( z n , E e ( x n ))= 1 ] − Pr e ← G ( 1 n ) 1 [ B ( z n , E e ( y n ))= 1 ] ≥ p ( n ) Let M n be x n wp 1 2 and y n otherwise. Let f ( 1 n , x n ) = 1, f ( 1 n , y n ) = 0 and h ( 1 n , · ) = z n ) . Define A ( 1 n , 1 ℓ ( n ) , z n , c ) to return B ( z n , c ) . (2) Pr m ←M n , e ← G ( 1 n ) 1 [ A ( 1 n , 1 | m | , h ( 1 n , m ) , E e ( m ))= f ( 1 n , m )] ≥ 1 1 2 + p ( n )

  17. Definitions Constructions Active Adversaries Equivalence Semantic Security = ⇒ Indistinguishability Assume ∃ PPT B, { x n , y n ∈ { 0 , 1 } ℓ ( n ) } n ∈ N and a { z n } n ∈ N , such that (wlg) for infinitely many n ’s: (1) 1 Pr e ← G ( 1 n ) 1 [ B ( z n , E e ( x n ))= 1 ] − Pr e ← G ( 1 n ) 1 [ B ( z n , E e ( y n ))= 1 ] ≥ p ( n ) Let M n be x n wp 1 2 and y n otherwise. Let f ( 1 n , x n ) = 1, f ( 1 n , y n ) = 0 and h ( 1 n , · ) = z n ) . Define A ( 1 n , 1 ℓ ( n ) , z n , c ) to return B ( z n , c ) . (2) Pr m ←M n , e ← G ( 1 n ) 1 [ A ( 1 n , 1 | m | , h ( 1 n , m ) , E e ( m ))= f ( 1 n , m )] ≥ 1 1 2 + p ( n ) where for any A ′ (3) Pr m ←M n , e ← G ( 1 n ) 1 [ A ( 1 n , 1 | m | , h ( 1 n , m ) , E e ( m )) = f ( 1 n , m )] ≤ 1 2

  18. Definitions Constructions Active Adversaries Multiple Encryptions Security Under Multiple Encryptions

  19. Definitions Constructions Active Adversaries Multiple Encryptions Security Under Multiple Encryptions Definition 9 (Indistinguishablity for multiple encryptions – private-key model) An encryption scheme ( G , E , D ) has indistinguishable encryptions for multiple messages in the private-key model, if for any p , ℓ, t ∈ poly, { x n , 1 , . . . x n , t ( n ) , y n , 1 , . . . , y n , t ( n ) ∈ { 0 , 1 } ℓ ( n ) } n ∈ N , { z n ∈ { 0 , 1 } p ( n ) } n ∈ N and polynomial-time B, � � Pr e ← G ( 1 n ) 1 [ B ( z n , E e ( x n , 1 ) , . . . E e ( x n , t ( n ) )) = 1 ] � − Pr e ← G ( 1 n ) 1 [ B ( z n , E e ( y n , 1 ) , . . . E e ( y n , t ( n ) )) = 1 � = neg ( n )

  20. Definitions Constructions Active Adversaries Multiple Encryptions Security Under Multiple Encryptions Definition 9 (Indistinguishablity for multiple encryptions – private-key model) An encryption scheme ( G , E , D ) has indistinguishable encryptions for multiple messages in the private-key model, if for any p , ℓ, t ∈ poly, { x n , 1 , . . . x n , t ( n ) , y n , 1 , . . . , y n , t ( n ) ∈ { 0 , 1 } ℓ ( n ) } n ∈ N , { z n ∈ { 0 , 1 } p ( n ) } n ∈ N and polynomial-time B, � � Pr e ← G ( 1 n ) 1 [ B ( z n , E e ( x n , 1 ) , . . . E e ( x n , t ( n ) )) = 1 ] � − Pr e ← G ( 1 n ) 1 [ B ( z n , E e ( y n , 1 ) , . . . E e ( y n , t ( n ) )) = 1 � = neg ( n ) Extensions : Different length messages

  21. Definitions Constructions Active Adversaries Multiple Encryptions Security Under Multiple Encryptions Definition 9 (Indistinguishablity for multiple encryptions – private-key model) An encryption scheme ( G , E , D ) has indistinguishable encryptions for multiple messages in the private-key model, if for any p , ℓ, t ∈ poly, { x n , 1 , . . . x n , t ( n ) , y n , 1 , . . . , y n , t ( n ) ∈ { 0 , 1 } ℓ ( n ) } n ∈ N , { z n ∈ { 0 , 1 } p ( n ) } n ∈ N and polynomial-time B, � � Pr e ← G ( 1 n ) 1 [ B ( z n , E e ( x n , 1 ) , . . . E e ( x n , t ( n ) )) = 1 ] � − Pr e ← G ( 1 n ) 1 [ B ( z n , E e ( y n , 1 ) , . . . E e ( y n , t ( n ) )) = 1 � = neg ( n ) Extensions : Different length messages Semantic security version

  22. Definitions Constructions Active Adversaries Multiple Encryptions Security Under Multiple Encryptions Definition 9 (Indistinguishablity for multiple encryptions – private-key model) An encryption scheme ( G , E , D ) has indistinguishable encryptions for multiple messages in the private-key model, if for any p , ℓ, t ∈ poly, { x n , 1 , . . . x n , t ( n ) , y n , 1 , . . . , y n , t ( n ) ∈ { 0 , 1 } ℓ ( n ) } n ∈ N , { z n ∈ { 0 , 1 } p ( n ) } n ∈ N and polynomial-time B, � � Pr e ← G ( 1 n ) 1 [ B ( z n , E e ( x n , 1 ) , . . . E e ( x n , t ( n ) )) = 1 ] � − Pr e ← G ( 1 n ) 1 [ B ( z n , E e ( y n , 1 ) , . . . E e ( y n , t ( n ) )) = 1 � = neg ( n ) Extensions : Different length messages Semantic security version Public-key definition

  23. Definitions Constructions Active Adversaries Multiple Encryptions Multiple Encryption in the Public-Key Model Theorem 10 A public-key encryption scheme has indistinguishable encryptions for multiple messages, iff it has indistinguishable encryptions for a single message.

  24. Definitions Constructions Active Adversaries Multiple Encryptions Multiple Encryption in the Public-Key Model Theorem 10 A public-key encryption scheme has indistinguishable encryptions for multiple messages, iff it has indistinguishable encryptions for a single message. Proof : Assume ( G , E , D ) is public-key secure for a single message and not for multiple messages with respect to B, { x 1 , t ( n ) , . . . x n , t ( n ) , y n , 1 , . . . , y n , t ( n ) ∈ { 0 , 1 } ℓ ( n ) } n ∈ N , { z n ∈ { 0 , 1 } p ( n ) } n ∈ N .

  25. Definitions Constructions Active Adversaries Multiple Encryptions Multiple Encryption in the Public-Key Model Theorem 10 A public-key encryption scheme has indistinguishable encryptions for multiple messages, iff it has indistinguishable encryptions for a single message. Proof : Assume ( G , E , D ) is public-key secure for a single message and not for multiple messages with respect to B, { x 1 , t ( n ) , . . . x n , t ( n ) , y n , 1 , . . . , y n , t ( n ) ∈ { 0 , 1 } ℓ ( n ) } n ∈ N , { z n ∈ { 0 , 1 } p ( n ) } n ∈ N . It follows that for some function i ( n ) ∈ [ t ( n )] � Pr [ B ( 1 n , e , E e ( x n , 1 ) , . . . , E e ( x n , i − 1 ) , E e ( y n , i ) . . . , E e ( y n , t ( n ) )) = 1 ] � − Pr [ B ( 1 n , e , E e ( x n , 1 ) , . . . , E e ( x n , i ) , E e ( y n , i + 1 ) . . . , E e ( y n , t ( n ) )) = 1 ] � � > neg ( n ) where in both cases e ← G ( 1 n ) 1

  26. Definitions Constructions Active Adversaries Multiple Encryptions Algorithm 11 ( B ′ ) Input: 1 n , z n = ( i ( n ) , x 1 , t ( n ) , . . . x n , t ( n ) , y n , 1 , . . . , y n , t ( n ) , e , c Return B ( c , E e ( x n , 1 ) , . . . , E e ( x n , i − 1 ) , c , E e ( y n , i + 1 ) . . . , E e ( y n , t ( n ) ))

  27. Definitions Constructions Active Adversaries Multiple Encryptions Algorithm 11 ( B ′ ) Input: 1 n , z n = ( i ( n ) , x 1 , t ( n ) , . . . x n , t ( n ) , y n , 1 , . . . , y n , t ( n ) , e , c Return B ( c , E e ( x n , 1 ) , . . . , E e ( x n , i − 1 ) , c , E e ( y n , i + 1 ) . . . , E e ( y n , t ( n ) )) B ′ is critically using the public key

  28. Definitions Constructions Active Adversaries Multiple Encryptions Multiple Encryption in the Private-Key Model Fact 12 Assuming (non uniform) OWFs exists, there exists an encryption scheme that has private-key indistinguishable encryptions for a single messages, but not for multiple messages

  29. Definitions Constructions Active Adversaries Multiple Encryptions Multiple Encryption in the Private-Key Model Fact 12 Assuming (non uniform) OWFs exists, there exists an encryption scheme that has private-key indistinguishable encryptions for a single messages, but not for multiple messages Proof : Let g : { 0 , 1 } n �→ { 0 , 1 } n + 1 be a (non-uniform) PRG, and for i ∈ N let g i be its ”iterated extension" to output of length i (see Lecture 2, Construction 15).

  30. Definitions Constructions Active Adversaries Multiple Encryptions Multiple Encryption in the Private-Key Model Fact 12 Assuming (non uniform) OWFs exists, there exists an encryption scheme that has private-key indistinguishable encryptions for a single messages, but not for multiple messages Proof : Let g : { 0 , 1 } n �→ { 0 , 1 } n + 1 be a (non-uniform) PRG, and for i ∈ N let g i be its ”iterated extension" to output of length i (see Lecture 2, Construction 15). Construction 13 G ( 1 n ) outputs e ← { 0 , 1 } n , E e ( m ) outputs g | m | ( e ) ⊕ m D e ( c ) outputs g | c | ( e ) ⊕ c

  31. Definitions Constructions Active Adversaries Multiple Encryptions Claim 14 ( G , E , D ) has private-key indistinguishable encryptions for a single message Proof :

  32. Definitions Constructions Active Adversaries Multiple Encryptions Claim 14 ( G , E , D ) has private-key indistinguishable encryptions for a single message Proof : Assume not, and let B, { x n , y n ∈ { 0 , 1 } ℓ ( n ) } n ∈ N and { z n ∈ { 0 , 1 } p ( n ) } n ∈ N be the triplet that realizes it.

  33. Definitions Constructions Active Adversaries Multiple Encryptions Claim 14 ( G , E , D ) has private-key indistinguishable encryptions for a single message Proof : Assume not, and let B, { x n , y n ∈ { 0 , 1 } ℓ ( n ) } n ∈ N and { z n ∈ { 0 , 1 } p ( n ) } n ∈ N be the triplet that realizes it. Wlog, � � Pr [ B ( z n , g | x n | ( U n ) ⊕ x n ) = 1 ] − Pr [ B ( z n , U | x n | ⊕ x n ) = 1 ] � � > neg ( n ) (4)

  34. Definitions Constructions Active Adversaries Multiple Encryptions Claim 14 ( G , E , D ) has private-key indistinguishable encryptions for a single message Proof : Assume not, and let B, { x n , y n ∈ { 0 , 1 } ℓ ( n ) } n ∈ N and { z n ∈ { 0 , 1 } p ( n ) } n ∈ N be the triplet that realizes it. Wlog, � � Pr [ B ( z n , g | x n | ( U n ) ⊕ x n ) = 1 ] − Pr [ B ( z n , U | x n | ⊕ x n ) = 1 ] � � > neg ( n ) (4) Hence, B implies a (non-uniform) distinguisher for g

  35. Definitions Constructions Active Adversaries Multiple Encryptions Claim 14 ( G , E , D ) has private-key indistinguishable encryptions for a single message Proof : Assume not, and let B, { x n , y n ∈ { 0 , 1 } ℓ ( n ) } n ∈ N and { z n ∈ { 0 , 1 } p ( n ) } n ∈ N be the triplet that realizes it. Wlog, � � Pr [ B ( z n , g | x n | ( U n ) ⊕ x n ) = 1 ] − Pr [ B ( z n , U | x n | ⊕ x n ) = 1 ] � � > neg ( n ) (4) Hence, B implies a (non-uniform) distinguisher for g Claim 15 ( G , E , D ) does not have a private-key indistinguishable encryptions for multiple messages

  36. Definitions Constructions Active Adversaries Multiple Encryptions Claim 14 ( G , E , D ) has private-key indistinguishable encryptions for a single message Proof : Assume not, and let B, { x n , y n ∈ { 0 , 1 } ℓ ( n ) } n ∈ N and { z n ∈ { 0 , 1 } p ( n ) } n ∈ N be the triplet that realizes it. Wlog, � � Pr [ B ( z n , g | x n | ( U n ) ⊕ x n ) = 1 ] − Pr [ B ( z n , U | x n | ⊕ x n ) = 1 ] � � > neg ( n ) (4) Hence, B implies a (non-uniform) distinguisher for g Claim 15 ( G , E , D ) does not have a private-key indistinguishable encryptions for multiple messages Proof :

  37. Definitions Constructions Active Adversaries Multiple Encryptions Claim 14 ( G , E , D ) has private-key indistinguishable encryptions for a single message Proof : Assume not, and let B, { x n , y n ∈ { 0 , 1 } ℓ ( n ) } n ∈ N and { z n ∈ { 0 , 1 } p ( n ) } n ∈ N be the triplet that realizes it. Wlog, � Pr [ B ( z n , g | x n | ( U n ) ⊕ x n ) = 1 ] − Pr [ B ( z n , U | x n | ⊕ x n ) = 1 ] � � � > neg ( n ) (4) Hence, B implies a (non-uniform) distinguisher for g Claim 15 ( G , E , D ) does not have a private-key indistinguishable encryptions for multiple messages Proof : Take x n , 1 = x n , 2 , y n , 1 � = y n , 2 and D ( c 1 , c 2 ) outputs 1 iff c 1 = c 2

  38. Definitions Constructions Active Adversaries Section 2 Constructions

  39. Definitions Constructions Active Adversaries Private key indistinguishable encryptions for multiple messages Suffice to encrypt messages of some fixed length (here the length is n ).

  40. Definitions Constructions Active Adversaries Private key indistinguishable encryptions for multiple messages Suffice to encrypt messages of some fixed length (here the length is n ). Let F be a (non-uniform) length preserving PRF

  41. Definitions Constructions Active Adversaries Private key indistinguishable encryptions for multiple messages Suffice to encrypt messages of some fixed length (here the length is n ). Let F be a (non-uniform) length preserving PRF Construction 16 G ( 1 n ) : output e ← F n , E e ( m ) : choose r ← { 0 , 1 } n and output ( r , e ( r ) ⊕ m ) D e ( r , c ) : output e ( r ) ⊕ c

  42. Definitions Constructions Active Adversaries Private key indistinguishable encryptions for multiple messages Suffice to encrypt messages of some fixed length (here the length is n ). Let F be a (non-uniform) length preserving PRF Construction 16 G ( 1 n ) : output e ← F n , E e ( m ) : choose r ← { 0 , 1 } n and output ( r , e ( r ) ⊕ m ) D e ( r , c ) : output e ( r ) ⊕ c Claim 17 ( G , E , D ) has private-key indistinguishable encryptions for a multiple messages

  43. Definitions Constructions Active Adversaries Private key indistinguishable encryptions for multiple messages Suffice to encrypt messages of some fixed length (here the length is n ). Let F be a (non-uniform) length preserving PRF Construction 16 G ( 1 n ) : output e ← F n , E e ( m ) : choose r ← { 0 , 1 } n and output ( r , e ( r ) ⊕ m ) D e ( r , c ) : output e ( r ) ⊕ c Claim 17 ( G , E , D ) has private-key indistinguishable encryptions for a multiple messages Proof :

  44. Definitions Constructions Active Adversaries Public-key indistinguishable encryptions for multiple messages Let ( G , f , Inv ) be a (non-uniform) TDP , and let b be an hardcore predicate for f .

  45. Definitions Constructions Active Adversaries Public-key indistinguishable encryptions for multiple messages Let ( G , f , Inv ) be a (non-uniform) TDP , and let b be an hardcore predicate for f . Construction 18 (bit encryption) G ( 1 n ) : output ( e , d ) ← G ( 1 n ) E e ( m ) : choose r ← { 0 , 1 } n and output ( y = f e ( r ) , c = b ( r ) ⊕ m ) D d ( y , c ) : output b ( Inv d ( y )) ⊕ c

  46. Definitions Constructions Active Adversaries Public-key indistinguishable encryptions for multiple messages Let ( G , f , Inv ) be a (non-uniform) TDP , and let b be an hardcore predicate for f . Construction 18 (bit encryption) G ( 1 n ) : output ( e , d ) ← G ( 1 n ) E e ( m ) : choose r ← { 0 , 1 } n and output ( y = f e ( r ) , c = b ( r ) ⊕ m ) D d ( y , c ) : output b ( Inv d ( y )) ⊕ c Claim 19 ( G , E , D ) has public-key indistinguishable encryptions for a multiple messages

  47. Definitions Constructions Active Adversaries Public-key indistinguishable encryptions for multiple messages Let ( G , f , Inv ) be a (non-uniform) TDP , and let b be an hardcore predicate for f . Construction 18 (bit encryption) G ( 1 n ) : output ( e , d ) ← G ( 1 n ) E e ( m ) : choose r ← { 0 , 1 } n and output ( y = f e ( r ) , c = b ( r ) ⊕ m ) D d ( y , c ) : output b ( Inv d ( y )) ⊕ c Claim 19 ( G , E , D ) has public-key indistinguishable encryptions for a multiple messages We believe that public-key encryptions schemes are “more complex" than private-key ones

  48. Definitions Constructions Active Adversaries Section 3 Active Adversaries

  49. Definitions Constructions Active Adversaries Active Adversaries Chosen plaintext attack (CPA): The adversary can ask for encryption and choose the messages to distinguish accordingly

  50. Definitions Constructions Active Adversaries Active Adversaries Chosen plaintext attack (CPA): The adversary can ask for encryption and choose the messages to distinguish accordingly Chosen ciphertext attack (CPA): The adversary can also ask for decryptions of certain messages

  51. Definitions Constructions Active Adversaries Active Adversaries Chosen plaintext attack (CPA): The adversary can ask for encryption and choose the messages to distinguish accordingly Chosen ciphertext attack (CPA): The adversary can also ask for decryptions of certain messages

  52. Definitions Constructions Active Adversaries Active Adversaries Chosen plaintext attack (CPA): The adversary can ask for encryption and choose the messages to distinguish accordingly Chosen ciphertext attack (CPA): The adversary can also ask for decryptions of certain messages In the public-key settings, the adversary is also given the public key

  53. Definitions Constructions Active Adversaries Active Adversaries Chosen plaintext attack (CPA): The adversary can ask for encryption and choose the messages to distinguish accordingly Chosen ciphertext attack (CPA): The adversary can also ask for decryptions of certain messages In the public-key settings, the adversary is also given the public key We focus on indistinguishability, but each of the above definitions has an equivalent semantic security variant.

  54. Definitions Constructions Active Adversaries CPA Security Let ( G , E , D ) be an encryption scheme. For a pair of algorithms A = ( A 1 , A 2 ) , n ∈ N , z ∈ { 0 , 1 } ∗ and b ∈ { 0 , 1 } , let: Experiment 20 ( Exp CPA A , n , z ( b ) ) ( e , d ) ← G ( 1 n ) 1 ( m 0 , m 1 , s ) ← A E e ( · ) ( 1 n , z ) 2 1 c ← E e ( m b ) 3 Output A E e ( · ) ( 1 n , s , c ) 4 2

  55. Definitions Constructions Active Adversaries CPA Security Let ( G , E , D ) be an encryption scheme. For a pair of algorithms A = ( A 1 , A 2 ) , n ∈ N , z ∈ { 0 , 1 } ∗ and b ∈ { 0 , 1 } , let: Experiment 20 ( Exp CPA A , n , z ( b ) ) ( e , d ) ← G ( 1 n ) 1 ( m 0 , m 1 , s ) ← A E e ( · ) ( 1 n , z ) 2 1 c ← E e ( m b ) 3 Output A E e ( · ) ( 1 n , s , c ) 4 2 Definition 21 (private key CPA ) ( G , E , D ) has indistinguishable encryptions in the private-key model under CPA attack, if ∀ PPT A 1 , A 2 , and poly-bounded { z n } n ∈ N : | Pr [ Exp CPA A , n , z n ( 0 ) = 1 ] − Pr [ Exp CPA A , n , z n ( 1 ) = 1 ] | = neg ( n )

  56. Definitions Constructions Active Adversaries public-key variant...

  57. Definitions Constructions Active Adversaries public-key variant... The scheme from Construction 16 has indistinguishable encryptions in the private-key model under CPA attack(for short, private-key CPA secure)

  58. Definitions Constructions Active Adversaries public-key variant... The scheme from Construction 16 has indistinguishable encryptions in the private-key model under CPA attack(for short, private-key CPA secure) The scheme from Construction 18 has indistinguishable encryptions in the public-key model (for short, public-key CPA secure)

  59. Definitions Constructions Active Adversaries public-key variant... The scheme from Construction 16 has indistinguishable encryptions in the private-key model under CPA attack(for short, private-key CPA secure) The scheme from Construction 18 has indistinguishable encryptions in the public-key model (for short, public-key CPA secure) In both cases, definitions are not equivalent

  60. Definitions Constructions Active Adversaries CCA Security Experiment 22 ( Exp CCA1 A , n , z ( b ) ) ( e , d ) ← G ( 1 n ) 1 ( m 0 , m 1 , s ) ← A E e ( · ) , D d ( · ) ( 1 n , z ) 2 1 c ← E e ( m b ) 3 Output A E e ( · ) ( 1 n , s , c ) 4 2

  61. Definitions Constructions Active Adversaries CCA Security Experiment 22 ( Exp CCA1 A , n , z ( b ) ) ( e , d ) ← G ( 1 n ) 1 ( m 0 , m 1 , s ) ← A E e ( · ) , D d ( · ) ( 1 n , z ) 2 1 c ← E e ( m b ) 3 Output A E e ( · ) ( 1 n , s , c ) 4 2 Experiment 23 ( Exp CCA2 A , n , z n ( b ) ) ( e , d ) ← G ( 1 n ) 1 ( x 0 , x 1 , s ) ← A E e ( · ) , D d ( · ) ( 1 n , z ) 2 1 c ← E e ( x b ) 3 E e ( · ) , D ¬ c d ( · ) ( 1 n , s , c ) Output A 4 2

  62. Definitions Constructions Active Adversaries Definition 24 (private key CCA1 / CCA2 ) ( G , E , D ) has indistinguishable encryptions in the private-key model under x ∈ { CCA1 , CCA2 } attack, if ∀ PPT A 1 , A 2 , and poly-bounded { z n } n ∈ N : | Pr [ Exp x A , n , z n ( 0 ) = 1 ] − Pr [ Exp x A , n , z n ( 1 ) = 1 ] | = neg ( n )

  63. Definitions Constructions Active Adversaries Definition 24 (private key CCA1 / CCA2 ) ( G , E , D ) has indistinguishable encryptions in the private-key model under x ∈ { CCA1 , CCA2 } attack, if ∀ PPT A 1 , A 2 , and poly-bounded { z n } n ∈ N : | Pr [ Exp x A , n , z n ( 0 ) = 1 ] − Pr [ Exp x A , n , z n ( 1 ) = 1 ] | = neg ( n ) The public key definition is analogous

  64. Definitions Constructions Active Adversaries Private-key CCA2 Private-key CCA2 Is the scheme from Construction 16 private-key CCA1 secure?

  65. Definitions Constructions Active Adversaries Private-key CCA2 Private-key CCA2 Is the scheme from Construction 16 private-key CCA1 secure? CCA2 secure? Let ( G , E , D ) be a private key CPA scheme, and let ( Gen M , Mac , Vrfy ) be an existential unforgeable strong MAC. Construction 25 G ′ ( 1 n ) : Output ( e ← G E ( 1 n ) , k ← Gen M ( 1 n )) . a E ′ d , k ( m ) : let c = E e ( m ) and output ( c , t = Mac k ( c )) D e , k ( c , t ) : if Vrfy k ( c , t ) = 1, output D e ( c ) . Otherwise, output ⊥ a We assume for simplicity that the encryption and decryption keys are the same.

  66. Definitions Constructions Active Adversaries Private-key CCA2 Private-key CCA2 Is the scheme from Construction 16 private-key CCA1 secure? CCA2 secure? Let ( G , E , D ) be a private key CPA scheme, and let ( Gen M , Mac , Vrfy ) be an existential unforgeable strong MAC. Construction 25 G ′ ( 1 n ) : Output ( e ← G E ( 1 n ) , k ← Gen M ( 1 n )) . a E ′ d , k ( m ) : let c = E e ( m ) and output ( c , t = Mac k ( c )) D e , k ( c , t ) : if Vrfy k ( c , t ) = 1, output D e ( c ) . Otherwise, output ⊥ a We assume for simplicity that the encryption and decryption keys are the same.

  67. Definitions Constructions Active Adversaries Private-key CCA2 Theorem 26 Construction 25 is a private-key CCA2 -secure encryption scheme.

  68. Definitions Constructions Active Adversaries Private-key CCA2 Theorem 26 Construction 25 is a private-key CCA2 -secure encryption scheme. Proof : ?

  69. Definitions Constructions Active Adversaries Public-key CCA1 Public-key CCA1

  70. Definitions Constructions Active Adversaries Public-key CCA1 Public-key CCA1 Let ( G , E , D ) be a public-key CPA scheme and let ( P , V ) be a NIZK for L = { ( c 0 , c 1 , pk 0 , pk 1 ): ∃ ( m , z 0 , z 1 ) s . t . c 0 = E pk 0 ( m , z 0 ) ∧ c 1 = E pk 1 ( m , z 1 ) }

  71. Definitions Constructions Active Adversaries Public-key CCA1 Public-key CCA1 Let ( G , E , D ) be a public-key CPA scheme and let ( P , V ) be a NIZK for L = { ( c 0 , c 1 , pk 0 , pk 1 ): ∃ ( m , z 0 , z 1 ) s . t . c 0 = E pk 0 ( m , z 0 ) ∧ c 1 = E pk 1 ( m , z 1 ) } Construction 27 (The Naor-Yung Paradigm) G ′ ( 1 n ) : For i ∈ { 0 , 1 } : set ( sk i , pk i ) ← G ( 1 n ) . 1 Let r ← { 0 , 1 } ℓ ( n ) , and output pk ′ = ( pk 0 , pk 1 , r ) and 2 sk ′ = ( pk ′ , sk 0 , sk 1 ) E ′ pk ′ ( m ) : For i ∈ { 0 , 1 } : c i = E pk i ( m , z i ) , where z i is a uniformly 1 chosen string of the right length π ← P (( c 0 , c 1 , pk 0 , pk 1 ) , ( m , z 0 , z 1 ) , r ) 2 Output ( c 0 , c 1 , π ) . 3 D ′ sk ′ ( c 0 , c 1 , π ) : If V (( c 0 , c 1 , pk 0 , pk 1 ) , π, r ) = 1, return D sk 0 ( c 0 ) . Otherwise, return ⊥

  72. Definitions Constructions Active Adversaries Public-key CCA1 Omitted details: We assume for simplicity that the encryption key output by G ( 1 n ) is of length at least n . ℓ is an arbitrary polynomial, and determines the maximum message length to encrypt using ”security parameter" n .

  73. Definitions Constructions Active Adversaries Public-key CCA1 Omitted details: We assume for simplicity that the encryption key output by G ( 1 n ) is of length at least n . ℓ is an arbitrary polynomial, and determines the maximum message length to encrypt using ”security parameter" n . Is the scheme CCA1 secure?

  74. Definitions Constructions Active Adversaries Public-key CCA1 Omitted details: We assume for simplicity that the encryption key output by G ( 1 n ) is of length at least n . ℓ is an arbitrary polynomial, and determines the maximum message length to encrypt using ”security parameter" n . Is the scheme CCA1 secure? We need the NIZK to be “adaptive secure". Theorem 28 Assuming that ( P , V ) is adaptive secure, then Construction 27 is a public-key CCA1 secure encryption scheme.

  75. Definitions Constructions Active Adversaries Public-key CCA1 Omitted details: We assume for simplicity that the encryption key output by G ( 1 n ) is of length at least n . ℓ is an arbitrary polynomial, and determines the maximum message length to encrypt using ”security parameter" n . Is the scheme CCA1 secure? We need the NIZK to be “adaptive secure". Theorem 28 Assuming that ( P , V ) is adaptive secure, then Construction 27 is a public-key CCA1 secure encryption scheme. Proof : Given an attacker A ′ for the CCA1 security of ( G ′ , E ′ , D ′ ) , we use it to construct an attacker A on the CPA security of ( G , E , D ) . Let S = ( S 1 , S 2 ) be the (adaptive) simulator for ( P , V , L )

  76. Definitions Constructions Active Adversaries Public-key CCA1 Algorithm 29 ( A ) Input: ( 1 n , pk ) let j ← { 0 , 1 } , pk 1 − j = pk , ( pk j , sk j ) ← G ( 1 n ) and 1 ( r , s ) ← S 1 ( 1 n ) Emulate A ′ ( 1 n , pk ′ = ( pk 0 , pk 1 , r )) as follows: 2 On query ( c 0 , c 1 , π ) of A ′ to D ′ : 3 If V (( c 0 , c 1 , pk 0 , pk 1 ) , π, r ) = 1, answer D sk j ( c j ) . Otherwise, answer ⊥ . Output the same pair ( m 0 , m 1 ) as A ′ does 4 On challenge c ( = E pk ( m b ) ): 5 Set c 1 − j = c , a ← { 0 , 1 } , c j = E pk j ( m a ) , and π ← S 2 (( c 0 , c 1 , pk 0 , pk 1 ) , r , s ) Send c ′ = ( c 0 , c 1 , π ) to A ′ Output the same value that A ′ does 6

  77. Definitions Constructions Active Adversaries Public-key CCA1 Claim 30 Assume that A ′ breaks the CCA1 security of ( G ′ , E ′ , D ′ ) with probability δ ( n ) , then A breaks the CPA security of ( G , E , D ) with probability ( δ ( n ) − neg ( n )) / 2.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Foundation of Cryptography (0368-4162-01), Lecture 0 Adminstration + Introduction Iftach

Foundation of Cryptography (0368-4162-01), Lecture 0 Adminstration + Introduction Iftach

Foundation of Cryptography (0368-4162-01), Lecture 0 Adminstration + Introduction Iftach Haitner, Tel Aviv University November 1, 2011 Administration Course Topics Part I Administration and Course Overview Administration Course Topics

714 views • 24 slides
Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge Iftach Haitner, Tel Aviv University December 4, 2011 IP for GNI Part I Interactive Proofs IP for GNI Interactive Vs. Interactive Proofs Definition 1 (

1.51k views • 110 slides
Foundation of Cryptography (0368-4162-01), Lecture 7 MACs and Signatures Iftach Haitner, Tel

Foundation of Cryptography (0368-4162-01), Lecture 7 MACs and Signatures Iftach Haitner, Tel

Message Authentication Code (MAC) Constructions Signature Schemes OWFs = Signatures Foundation of Cryptography (0368-4162-01), Lecture 7 MACs and Signatures Iftach Haitner, Tel Aviv University December 27, 2011 Message Authentication

1.25k views • 89 slides
Foundation of Cryptography (0368-4162-01), Lecture 3 Hardcore Predicates for Any One-way Function

Foundation of Cryptography (0368-4162-01), Lecture 3 Hardcore Predicates for Any One-way Function

The Information Theoretic Case The Computational Case Foundation of Cryptography (0368-4162-01), Lecture 3 Hardcore Predicates for Any One-way Function Iftach Haitner, Tel Aviv University November 22, 2011 The Information Theoretic Case The

1.03k views • 85 slides
Foundation of Cryptography (0368-4162-01), Lecture 4 Pseudorandom Functions Iftach Haitner, Tel

Foundation of Cryptography (0368-4162-01), Lecture 4 Pseudorandom Functions Iftach Haitner, Tel

Function Families PRF from OWF PRP from PRF Applications Foundation of Cryptography (0368-4162-01), Lecture 4 Pseudorandom Functions Iftach Haitner, Tel Aviv University November 29, 2011 Function Families PRF from OWF PRP from PRF

1.17k views • 58 slides
Foundation of Cryptography (0368-4162-01), Lecture 1 One Way Functions Iftach Haitner, Tel Aviv

Foundation of Cryptography (0368-4162-01), Lecture 1 One Way Functions Iftach Haitner, Tel Aviv

Notation One Way Functions Foundation of Cryptography (0368-4162-01), Lecture 1 One Way Functions Iftach Haitner, Tel Aviv University November 1-8, 2011 Notation One Way Functions Section 1 Notation Notation One Way Functions Notation I

988 views • 67 slides
Foundation of Cryptography (0368-4162-01), Lecture 2 Pseudorandom Generators Iftach Haitner, Tel

Foundation of Cryptography (0368-4162-01), Lecture 2 Pseudorandom Generators Iftach Haitner, Tel

Foundation of Cryptography (0368-4162-01), Lecture 2 Pseudorandom Generators Iftach Haitner, Tel Aviv University Tel Aviv University. February 25, 2014 Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 1 / 26 Part I

1.38k views • 76 slides
Foundation of Cryptography (0368-4162-01), Intoduction Adminstration + Introduction Iftach

Foundation of Cryptography (0368-4162-01), Intoduction Adminstration + Introduction Iftach

Foundation of Cryptography (0368-4162-01), Intoduction Adminstration + Introduction Iftach Haitner, Tel Aviv University Tel Aviv University. February 18, 2014 Iftach Haitner (TAU) Foundation of Cryptography February 18, 2014 1 / 16 Part I

763 views • 34 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 CCA Security SIM-CCA Security (PKE) Recv Send PK/Enc SK/Dec Replay Filter Secure (and correct) if: s.t. output of is distributed

1.26k views • 101 slides
Foundation of Cryptography, Lecture 5 MACs and Signatures Iftach Haitner, Tel Aviv University

Foundation of Cryptography, Lecture 5 MACs and Signatures Iftach Haitner, Tel Aviv University

Foundation of Cryptography, Lecture 5 MACs and Signatures Iftach Haitner, Tel Aviv University Tel Aviv University. March 17, 2013 Iftach Haitner (TAU) Foundation of Cryptography March 17, 2013 1 / 39 Part I Message Authentication Codes

1.41k views • 113 slides
Foundation of Cryptography, Lecture 7 Non-Interactive ZK and Proof of Knowledge Iftach Haitner,

Foundation of Cryptography, Lecture 7 Non-Interactive ZK and Proof of Knowledge Iftach Haitner,

Foundation of Cryptography, Lecture 7 Non-Interactive ZK and Proof of Knowledge Iftach Haitner, Tel Aviv University Tel Aviv University. April 1, 2014 Iftach Haitner (TAU) Foundation of Cryptography April 1, 2014 1 / 33 Part I

1.79k views • 152 slides
Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information

1.95k views • 154 slides
Lecture 7 Public Key Cryptography I: Encryption + Signatures [lecture slides are adapted from

Lecture 7 Public Key Cryptography I: Encryption + Signatures [lecture slides are adapted from

Lecture 7 Public Key Cryptography I: Encryption + Signatures [lecture slides are adapted from previous slides by Prof. Gene Tsudik] 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and

478 views • 23 slides
Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy:

Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy:

Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy: Secret-Sharing Secrecy Secrecy Cryptography is all about controlling access to information Access to learning and/or influencing

2.01k views • 171 slides
Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption:

256 views • 22 slides
Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption:

810 views • 42 slides
Symmetric Cryptography Nadia Heninger and Deian Stefan Some slides adopted from Kirill Levchenko

Symmetric Cryptography Nadia Heninger and Deian Stefan Some slides adopted from Kirill Levchenko

CSE 127: Computer Security Symmetric Cryptography Nadia Heninger and Deian Stefan Some slides adopted from Kirill Levchenko and Dan Boneh Cryptography Cryptography Is: A tremendous tool The basis for many security mechanisms

783 views • 67 slides
Penultimate Review IT Security Ido Rosen University of Chicago 3 March 2007 Ido Rosen

Penultimate Review IT Security Ido Rosen University of Chicago 3 March 2007 Ido Rosen

Policy Cryptography Network Security Penultimate Review IT Security Ido Rosen University of Chicago 3 March 2007 Ido Rosen Penultimate Review Policy Cryptography Network Security 1 Policy Information Security Framework Defining

538 views • 32 slides
Objectives Models for Cryptanalysis Cryptanalysis of Monoalphabetic Ciphers

Objectives Models for Cryptanalysis Cryptanalysis of Monoalphabetic Ciphers

Cryptanalysis of Classical Ciphers Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Models for Cryptanalysis Cryptanalysis of

657 views • 20 slides
Computer and Network Security Alberto Marchetti Spaccamela Slides are strongly based on

Computer and Network Security Alberto Marchetti Spaccamela Slides are strongly based on

Computer and Network Security Alberto Marchetti Spaccamela Slides are strongly based on material by Amos Fiat Good crypto courses on the Web with interesting material on web site of: Ron Rivest, MIT Dan Boneh, Stanford. Phil

895 views • 27 slides
Cryptography in the Age of Quantum Computers Mark Zhandry MIT Based on joint works with:

Cryptography in the Age of Quantum Computers Mark Zhandry MIT Based on joint works with:

Cryptography in the Age of Quantum Computers Mark Zhandry MIT Based on joint works with: Dan Boneh, zgr Dagdelen, Marc Fischlin, Anja Lehmann, Christian Schaffner Typical Crypto Application m ! Solution: (Private Key) Encryption c ! c

865 views • 58 slides
Communication Systems Firewalls University of Freiburg Computer Science Computer Networks and

Communication Systems Firewalls University of Freiburg Computer Science Computer Networks and

Communication Systems Firewalls University of Freiburg Computer Science Computer Networks and Telematics Prof. Christian Schindelhauer Organization I. Data and voice communication in IP networks II. Security issues in networking

909 views • 39 slides
Computer Worms A program that copies itself from one computer to another Origins:

Computer Worms A program that copies itself from one computer to another Origins:

Computer Worms A program that copies itself from one computer to another Origins: distributed computations Schoch and Hupp: animations, broadcast messages Segment: part of program copied onto workstation Segment processes

861 views • 35 slides
...Let them hate so long as they fear... oderint dum metuant /WARNING!/:

...Let them hate so long as they fear... oderint dum metuant /WARNING!/:

#UFONet = ( To0L.AlienWare ) / ninja [ DDoS + DoS ] \ (multi- ProXY / DarkNet ( HTTP(s) / WebAbuse [ Layer7 ] ) +(extra[Layer3]+d0rKng+eVas(h)iVe(CA- che/ge0) +FngPrinting+ sTAT[RanKiNgs+F0RuMS + WarGameS (P2P/ClAns-RanKings)] Denial of

690 views • 51 slides

More recommend