from theoretical crypto to practice gloups an abominable
play

From theoretical crypto to practice: gloups an abominable gap - PowerPoint PPT Presentation

Aug 29, 2022 •386 likes •919 views

From theoretical crypto to practice: gloups an abominable gap Cryptie, Oblazy Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 1 / 35 Encryption and Signature: Just a 2 min reminder 1 Libraries 2 Funny Cryptography 3 Cryptie, O. Blazy (Xlim)

  1. From theoretical crypto to practice: gloups an abominable gap Cryptie, Oblazy Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 1 / 35

  2. Encryption and Signature: Just a 2 min reminder 1 Libraries 2 Funny Cryptography 3 Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 2 / 35

  3. Encryption and Signature: Just a 2 min reminder 1 Libraries 2 Funny Cryptography 3 Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 2 / 35

  4. Encryption and Signature: Just a 2 min reminder 1 Libraries 2 Funny Cryptography 3 Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 2 / 35

  5. Encryption and Signature: Just a 2 min reminder 1 Libraries 2 Funny Cryptography 3 Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 3 / 35

  6. Definition (Encryption Scheme) E = ( Setup , EKeyGen , Encrypt , Decrypt ) : Setup ( 1 K ) : param; EKeyGen ( param ) : public encryption key pk, private decryption key dk; Encrypt ( pk , m ; r ) : ciphertext c on m ∈ M and pk; Decrypt ( dk , c ) : decrypts c under dk. Encrypt pk , r C m dk Decrypt Indistinguishability : Given M 0 , M 1 , it should be hard to guess which one is encrypted in C . Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 4 / 35

  7. Definition An assymetric encryption scheme allows Cryptie, using the public key of Bob, to encrypt a message to Bob in such a way that only Bob, with his secret key, can read it. Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 5 / 35

  8. m Definition (Signature Scheme) S = ( Setup , SKeyGen , Sign , Verif ) : Setup ( 1 K ) : param; Sign sk ; s SKeyGen ( param ) : public verification key vk, private signing key sk; Sign ( sk , m ; s ) : signature σ on m , under sk; Verif ( vk , m , σ ) : checks whether σ is valid on m . σ ( m ) Unforgeability : Given q pairs ( m i , σ i ) , it should be hard to output a valid σ on a fresh m . Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 6 / 35

  9. Definition A signature scheme allows Cryptie, using her secret key, to sign a document in such a way that anybody knowing her public key, for example Bob, can be sure that she signs exactly this document. Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 7 / 35

  10. Definition A signature scheme allows Cryptie, using her secret key, to sign a document in such a way that anybody knowing her public key, for example Bob, can be sure that she signs exactly this document. Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 7 / 35

  11. Encryption and Signature: Just a 2 min reminder 1 Libraries 2 Funny Cryptography 3 Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 8 / 35

  12. Libre Crypto libraries? we have a lot of them NaCL Public domain Botan (simplified) BSD Boncycastle MIT License Cryptlib Sleepycat License Crypto++ Boost Software License 1.0 (Public domain for files) Libgcrypt LGPLv2.1+ Libtomcrypt Public License and WTFPL Nettle GPLv2+ and LGPLv3+ OpenSSL and LibreSSL OpenSSL License, original SSLeay Licence etc ... ⇒ You can even discover some new Free Software license ! ⇒ Mostly vanilla crypto... ⇒ Community knows the good parameter, the good curve but... Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 9 / 35

  13. Academical crypto in real world When academics says "this is broken", it is patched (nearly in a timely manner). Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 10 / 35

  14. Academical crypto in real world When academics says "this is broken", it is patched (nearly in a timely manner). Example First theoretical academic attack on SHA-1 in 2005 First academic attack that may(?) be used 2010-2015ish. Start of the end of SHA-1 2013-2015. Summer 2016: Practical attacks. Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 10 / 35

  15. Academical crypto in real world 2 What about funny crypto? 20+ years later the lucky ones are just starting to be used (in weird Blockchains). Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 11 / 35

  16. What kind of strange properties can we have? Weird signatures Strange encryption Crazy stuff ⇒ Let’s talk about funny crypto Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 12 / 35

  17. Encryption and Signature: Just a 2 min reminder 1 Libraries 2 Funny Cryptography 3 Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 13 / 35

  18. Weird signatures Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 14 / 35

  19. Sanitizable Signatures [KR00] Definition A sanitizable signature allows Alice to signs a text in such a way that she can give Cryptie the right to modify some parts of it while keeping a correct signature of her on this modified message. Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 15 / 35

  20. Group Signatures [CvH91] Definition A group signature allows Bob to signs as a member of a group in such a way that only a special (optional) entity, an "Opener", would be able to know that HE was the signer of the given message. Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 16 / 35

  21. Group Signatures [CvH91] Definition A group signature allows Bob to signs as a member of a group in such a way that only a special (optional) entity, an "Opener", would be able to know that HE was the signer of the given message. Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 16 / 35

  22. Group Signatures [CvH91] Definition A group signature allows Bob to signs as a member of a group in such a way that only a special (optional) entity, an "Opener", would be able to know that HE was the signer of the given message. Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 16 / 35

  23. Group Signatures [CvH91] Definition A group signature allows Bob to signs as a member of a group in such a way that only a special (optional) entity, an "Opener", would be able to know that HE was the signer of the given message. Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 16 / 35

  24. Group Ring Signatures [RST01] Definition A group ring signature allows Bob to signs as a member of a group , that he built alone, in such a way that only a special (optional) entity, an "Opener", no one would be able to know that HE was the signer of the given message. Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 17 / 35

  25. Group Ring Signatures [RST01] Definition A group ring signature allows Bob to signs as a member of a group , that he built alone, in such a way that only a special (optional) entity, an "Opener", no one would be able to know that HE was the signer of the given message. The only technology using it is some Blockchain implementation... Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 17 / 35

  26. Blind Signatures [Chaum83] Definition A blind signature allows Alice to signs a letter "through" its envelope. If later, she sees two documents she signs, she won’t be able to know which text she signs when. Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 18 / 35

  27. Blind Signatures [Chaum83] Definition A blind signature allows Alice to signs a letter "through" its envelope. If later, she sees two documents she signs, she won’t be able to know which text she signs when. Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 18 / 35

  28. Strange encryption Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 19 / 35

  29. Homomorphic Encryption [RSA77] Definition In an Homomorphic Encryption, a user encrypts a message M , using a public encryption key. The resulting ciphertext can then be decrypted using a secret decryption key. Ciphertexts can be combined, so that the decryption leads to the combination of the plaintext Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 20 / 35

  30. Homomorphic Encryption [RSA77] Definition In an Homomorphic Encryption, a user encrypts a message M , using a public encryption key. The resulting ciphertext can then be decrypted using a secret decryption key. Ciphertexts can be combined, so that the decryption leads to the combination of the plaintext Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 20 / 35

  31. Homomorphic Encryption [RSA77] Definition In an Homomorphic Encryption, a user encrypts a message M , using a public encryption key. The resulting ciphertext can then be decrypted using a secret decryption key. Ciphertexts can be combined, so that the decryption leads to the combination of the plaintext Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 20 / 35

  32. Homomorphic Encryption [RSA77] Definition In an Homomorphic Encryption, a user encrypts a message M , using a public encryption key. The resulting ciphertext can then be decrypted using a secret decryption key. Ciphertexts can be combined, so that the decryption leads to the combination of the plaintext Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 20 / 35

  33. Threshold Encryption [DDFY94] Definition In a Threshold Encryption, a user encrypts a message M , using a public encryption key. The resulting ciphertext can then be decrypted using at least k secret decryption keys. Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 21 / 35

  34. Threshold Encryption [DDFY94] Definition In a Threshold Encryption, a user encrypts a message M , using a public encryption key. The resulting ciphertext can then be decrypted using at least k secret decryption keys. Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 21 / 35

  35. Threshold Encryption [DDFY94] Definition In a Threshold Encryption, a user encrypts a message M , using a public encryption key. The resulting ciphertext can then be decrypted using at least k secret decryption keys. Cryptie, O. Blazy (Xlim) RMLL CC-BY-SA 4.0 21 / 35

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HOW CRYPTO FAILS IN PRACTICE GRAD SEC OCT 31 2017 TODAYS PAPERS POOR PROGRAMING

HOW CRYPTO FAILS IN PRACTICE GRAD SEC OCT 31 2017 TODAYS PAPERS POOR PROGRAMING

HOW CRYPTO FAILS IN PRACTICE GRAD SEC OCT 31 2017 TODAYS PAPERS POOR PROGRAMING CryptoLint tool to perform static analysis on Android apps to detect how they are using crypto libraries CRYPTO MISUSE IN ANDROID APPS 15,134 apps

1.6k views • 133 slides
CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE

CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE

CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE WILLIAMSBURG, VA THURSDAY, OCTOBER 17 TH , 2019 JOHN KELLY, PE IOWA DEPARTMENT OF PUBLIC HEALTH DISCLAIMER THIS PRESENTATION: IS INTENDED FOR

843 views • 40 slides
HOW CRYPTO FAILS IN PRACTICE CMSC 414 APR 3 2018 POOR PROGRAMING CryptoLint tool to perform

HOW CRYPTO FAILS IN PRACTICE CMSC 414 APR 3 2018 POOR PROGRAMING CryptoLint tool to perform

HOW CRYPTO FAILS IN PRACTICE CMSC 414 APR 3 2018 POOR PROGRAMING CryptoLint tool to perform static analysis on Android apps to detect how they are using crypto libraries CRYPTO MISUSE IN ANDROID APPS 15,134 apps from Google play

841 views • 47 slides
Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Bart Jacobs

Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Bart Jacobs

Crypto intro Crypto intro Symmetric crypto Symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen Achieving security goals with symmetric crypto Radboud University Nijmegen e-Passport example

269 views • 7 slides
- The First Crypto Merchant - Crypto Payment Crypto Payment for online shops for retail shops

- The First Crypto Merchant - Crypto Payment Crypto Payment for online shops for retail shops

- The First Crypto Merchant - Crypto Payment Crypto Payment for online shops for retail shops Did you know? Our payment system has ZERO FEES for processing payments How it works? It takes only a few minutes to complete Merchant Initiate

269 views • 11 slides
Javascript Crypto & The Case Against Crypto Reductionism Ben Adida Mozilla Workshop on

Javascript Crypto & The Case Against Crypto Reductionism Ben Adida Mozilla Workshop on

Javascript Crypto & The Case Against Crypto Reductionism Ben Adida Mozilla Workshop on Real-World Crypto January 2013 promote openness, innovation & opportunity on the Web. previously easy to deploy easy to use privacy

610 views • 22 slides
Presentation Practice education in the context of agency practice models: the implications for

Presentation Practice education in the context of agency practice models: the implications for

Presentation Practice education in the context of agency practice models: the implications for practice education and the commodification of social work knowledge . Tom Wilks Approaches to theory A specific theoretical orientation A

437 views • 20 slides
Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Achieving security

Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Achieving security

Crypto intro Crypto intro Symmetric crypto Symmetric crypto Achieving security goals with symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen Radboud University Nijmegen e-Passport example

1.11k views • 12 slides
Computer Security: Secret Key Crypto B. Jacobs Institute for Computing and Information Sciences

Computer Security: Secret Key Crypto B. Jacobs Institute for Computing and Information Sciences

Crypto intro Symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen e-Passport example Encryption: modes of operation Computer Security: Secret Key Crypto B. Jacobs Institute for Computing and Information

856 views • 73 slides
Outline Public key crypto RSA Essentials Computer Security: Public Key Crypto Public Key Crypto

Outline Public key crypto RSA Essentials Computer Security: Public Key Crypto Public Key Crypto

Public key crypto Public key crypto RSA Essentials RSA Essentials Public Key Crypto in Java Public Key Crypto in Java Radboud University Nijmegen Radboud University Nijmegen Public key protocols Public key protocols Diffie-Hellman and El

448 views • 16 slides
w w w . a d i t u s . n e t Crypto-currencies have created a new class of a ffl uent individuals

w w w . a d i t u s . n e t Crypto-currencies have created a new class of a ffl uent individuals

Aditus Luxury Access Platform for Crypto A ffl uents Presentation 21 Nov 2017 w w w . a d i t u s . n e t Crypto-currencies have created a new class of a ffl uent individuals Crypto-currency values have been the best performing asset class

206 views • 19 slides
Algorithms, cryptography and protocols DONT EVER ROLL YOUR OWN PROTOCOL, CRYPTO ALGO, CRYPTO

Algorithms, cryptography and protocols DONT EVER ROLL YOUR OWN PROTOCOL, CRYPTO ALGO, CRYPTO

Algorithms, cryptography and protocols DONT EVER ROLL YOUR OWN PROTOCOL, CRYPTO ALGO, CRYPTO Use this space to add an image. IMPLEMENTATION, OR CRYPTO RNG Insert an image and change the scale to cover this box. ALSO, KEY MANAGEMENT IS

1.01k views • 81 slides
19 big enough? What marketing says Generate public keys 56-bit crypto: Broken. on a

19 big enough? What marketing says Generate public keys 56-bit crypto: Broken. on a

Is 2 255 19 big enough? What marketing says Generate public keys 56-bit crypto: Broken. on a strong elliptic curve 128-bit crypto: Okay. over the field Z (2 255 19). 256-bit crypto: High security! Is that safe? 512-bit

121 views • 11 slides
Ethereum and the crypto landscape Different Crypto Value Propositions Name Payment Platform

Ethereum and the crypto landscape Different Crypto Value Propositions Name Payment Platform

Ethereum and the crypto landscape Different Crypto Value Propositions Name Payment Platform Stable Coin Dapps Sum $ Bitcoin 154.00 $ Ethereum 29.00 $ XRP 18.70 $ BCH 7.70 $ EOS 7.20 $ LiteCoin 7.00 $ BNB 4.70 $ Tether

160 views • 12 slides
Getting Post-Quantum Crypto Algorithms Ready for Deployment End of ECRYPT II Event: Crypto for

Getting Post-Quantum Crypto Algorithms Ready for Deployment End of ECRYPT II Event: Crypto for

Getting Post-Quantum Crypto Algorithms Ready for Deployment End of ECRYPT II Event: Crypto for 2020 Tim Gneysu Hardware Security Group Horst Grtz Institute for IT-Security, Bochum 1/24/2013 Outline Introduction Alternative Public-Key

735 views • 55 slides
Future Challenges for Lightweight Cryptography F.-X. Standaert UCL Crypto Group Crypto for 2020,

Future Challenges for Lightweight Cryptography F.-X. Standaert UCL Crypto Group Crypto for 2020,

Future Challenges for Lightweight Cryptography F.-X. Standaert UCL Crypto Group Crypto for 2020, Tenerife, January 2013 Outline 1 1. Past results 2. Future challenges 1. Block ciphers 2 TEA, NOEKEON, AES, SERPENT, ICEBERG, HIGHT,

844 views • 68 slides
HARDWARE SECURITY MODULE For automotive applications Presented by Pieter Willems

HARDWARE SECURITY MODULE For automotive applications Presented by Pieter Willems

HARDWARE SECURITY MODULE For automotive applications Presented by Pieter Willems Pieter.willems@silexinsight.com December 2019 This is Silex Insight What we do: IP provider for security and video in embedded systems Headquarters in

408 views • 22 slides
Kotlin + Ethereum = Fun by ligi (https://ligi.de) At KotlinConf 2018 new computing platform c

Kotlin + Ethereum = Fun by ligi (https://ligi.de) At KotlinConf 2018 new computing platform c

Kotlin + Ethereum = Fun by ligi (https://ligi.de) At KotlinConf 2018 new computing platform c o w m o p r u l t d e r WEB3 Not a silver bullet Vitalik Buterin: Cryptoeconomic Protocols In the Context of Wider

1.01k views • 83 slides
Lightweight Cryptography Mar a Naya-Plasencia Inria, France Summer School on real-world

Lightweight Cryptography Mar a Naya-Plasencia Inria, France Summer School on real-world

Lightweight Cryptography Mar a Naya-Plasencia Inria, France Summer School on real-world crypto and privacy Sibenik, Croatia - June 15 2018 Outline Symmetric lightweight primitives Most used cryptanalysis Impossible

1.31k views • 76 slides
Agreeing on a secret language : Diffie-Hellman Bobs secret language Alices public lock

Agreeing on a secret language : Diffie-Hellman Bobs secret language Alices public lock

Cryptography : how to talk in a secret language in public You broke ! my heart Agreeing on a secret language : Diffie-Hellman Bobs secret language Alices public lock box Only Alice Bob slams knows the the door combination

81 views • 7 slides
Security of Bitcoin light wallets (aka SPV) Renaud Lifchitz September 9th, 2017 Speakers bio

Security of Bitcoin light wallets (aka SPV) Renaud Lifchitz September 9th, 2017 Speakers bio

Security of Bitcoin light wallets (aka SPV) Renaud Lifchitz September 9th, 2017 Speakers bio Senior security expert working @ Econocom Digital Security (https://www.digitalsecurity.fr/en/) Main interests: Security of protocols

375 views • 15 slides
Blockchain 2.0 Opportunities and Risks Patrick Valduriez The Hype 2 Bitcoin Bitcoin: A

Blockchain 2.0 Opportunities and Risks Patrick Valduriez The Hype 2 Bitcoin Bitcoin: A

Blockchain 2.0 Opportunities and Risks Patrick Valduriez The Hype 2 Bitcoin Bitcoin: A Peer-to-Peer Electronic Cash System Satoshi Nakamoto (pseudo), Oct. 31, 2008 (Halloween) Cryptocurrency and payment system Blockchain is the

551 views • 44 slides
Cast of Characters Alice and Bob Applied Cryptography Week 1 Alice and Bob are always sending

Cast of Characters Alice and Bob Applied Cryptography Week 1 Alice and Bob are always sending

Cast of Characters Alice and Bob Applied Cryptography Week 1 Alice and Bob are always sending secret messages to Basic Tools and Protocols each other. Eve Frank Beatrous Eve is always listening in (Eavesdropping) on Alices and Bobs

245 views • 7 slides
Diffusion and Confusion Two properties that a good cryptosystem should have: Diffusion: change of

Diffusion and Confusion Two properties that a good cryptosystem should have: Diffusion: change of

Diffusion and Confusion Two properties that a good cryptosystem should have: Diffusion: change of one character in the plaintext results in several characters changed in the ciphertext Confusion: the key does not relate in a simple way to the

512 views • 6 slides

More recommend