identity based cryptosystems and quadratic residuosity
play

Identity-Based Cryptosystems and Quadratic Residuosity Marc Joye - PowerPoint PPT Presentation

Apr 04, 2023 •256 likes •655 views

Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Identity-Based Cryptosystems and Quadratic Residuosity Marc Joye Proxy: Fabrice Benhamouda PKC 2016 Tapei, Taiwan 1 / 20 Identity-Based Encryption

  1. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Identity-Based Cryptosystems and Quadratic Residuosity Marc Joye Proxy: Fabrice Benhamouda PKC 2016 · Tapei, Taiwan 1 / 20

  2. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Identity-Based Encryption Definition An identity-based encryption scheme is a set of 4 algorithms 1 Setup Input: security parameter κ Output: master public/secret key mpk / msk 2 / 20

  3. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Identity-Based Encryption Definition An identity-based encryption scheme is a set of 4 algorithms 1 Setup Input: security parameter κ Output: master public/secret key mpk / msk 2 Encryption Input: master public key mpk , identity id , message m Output: C = E ( mpk , id , m ) 2 / 20

  4. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Identity-Based Encryption Definition An identity-based encryption scheme is a set of 4 algorithms 1 Setup Input: security parameter κ Output: master public/secret key mpk / msk 2 Encryption Input: master public key mpk , identity id , message m Output: C = E ( mpk , id , m ) 3 Key derivation Input: identity id , master secret key msk Output: user’s private key usk 2 / 20

  5. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Identity-Based Encryption Definition An identity-based encryption scheme is a set of 4 algorithms 1 Setup Input: security parameter κ Output: master public/secret key mpk / msk 2 Encryption Input: master public key mpk , identity id , message m Output: C = E ( mpk , id , m ) 3 Key derivation Input: identity id , master secret key msk Output: user’s private key usk 4 Decryption Input: decryption key usk , ciphertext C Output: m = D ( usk , C ) 2 / 20

  6. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion This Talk Study of Cocks IBE scheme Clifford Cocks (mathematician, GCHQ) Our Main Contribution Discovery of the algebraic structure underlying Cocks encryption better understanding of its properties and its security new applications 3 / 20

  7. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Outline Cocks IBE Scheme 1 Algebraic Structure 2 Applications 3 Conclusion 4 4 / 20

  8. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Preliminaries If p prime number, a ∈ F p , Legendre symbol:  0 if a ≡ 0 mod p � a �   if a is a square ( a = b 2 mod p ) = 1 p  − 1 else  5 / 20

  9. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Preliminaries If p prime number, a ∈ F p , Legendre symbol:  0 if a ≡ 0 mod p � a �   if a is a square ( a = b 2 mod p ) = 1 p  − 1 else  If N = pq RSA modulus, a ∈ Z N , Jacobi symbol: � a � � a � � a � = · p q N (efficiently computable) 5 / 20

  10. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Preliminaries If p prime number, a ∈ F p , Legendre symbol:  0 if a ≡ 0 mod p � a �   if a is a square ( a = b 2 mod p ) = 1 p  − 1 else  If N = pq RSA modulus, a ∈ Z N , Jacobi symbol: � a � � a � � a � = · p q N (efficiently computable) � a � � a � a is a square mod N ⇐ ⇒ = = 1 p q 5 / 20

  11. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Preliminaries If p prime number, a ∈ F p , Legendre symbol:  0 if a ≡ 0 mod p � a �   if a is a square ( a = b 2 mod p ) = 1 p  − 1 else  If N = pq RSA modulus, a ∈ Z N , Jacobi symbol: � a � � a � � a � = · p q N (efficiently computable) � a � a � � a � � a is a square mod N ⇐ ⇒ = = 1 = ⇒ = 1 p q N 5 / 20

  12. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Cocks Cryptosystem First pairing-free IBE scheme (2001) works in standard RSA groups semantically secure under QR assumption (in the ROM) Quadratic Residuosity Assumption Let N = pq be an RSA-type modulus. The distributions of � � � � a ∈ Z × � a a ∈ Z × � a � a � � � J N = N | = 1 and QR N = N | = = 1 p q N are indistinguishable 6 / 20

  13. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Cocks Cryptosystem (cont’d) Setup mpk = { N , u , H} , msk = { p , q } where: N = pq an RSA modulus u ∈ J N \ QR N H : { 0 , 1 } ∗ → J N hash function (RO) Key derivation compute D id = H ( id ) and returns � ( D id ) 1 / 2 if D id ∈ QR N usk = δ id = ( uD id ) 1 / 2 if D id ∈ J N \ QR N Remark: Original cryptosystem defined with p , q ≡ 3 (mod 4) and u = − 1 7 / 20

  14. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Cocks Cryptosystem (cont’d) Setup mpk = { N , u , H} , msk = { p , q } where: N = pq an RSA modulus u ∈ J N \ QR N H : { 0 , 1 } ∗ → J N hash function (RO) Key derivation compute D id = H ( id ) and returns � ( D id ) 1 / 2 if D id ∈ QR N usk = δ id = ( uD id ) 1 / 2 if D id ∈ J N \ QR N Remark: Original cryptosystem defined with p , q ≡ 3 (mod 4) and u = − 1 7 / 20

  15. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Cocks Cryptosystem (cont’d) mpk Alice Bob δ id = H ( id ) 1 / 2 mod N message m ∈ {− 1 , 1 } ∈ R Z N s.t. t � t � = m N c = t + H ( id ) C =( c ) mod N − − − − − − − → γ = c t � γ + 2 δ id � m = N 7 / 20

  16. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Cocks Cryptosystem (cont’d) mpk Alice Bob δ id = H ( id ) 1 / 2 mod N message m ∈ {− 1 , 1 } or δ id = ( u H ( id )) 1 / 2 mod N t , ¯ t ∈ R Z N s.t. � t � ¯ � � t = = m N N c = t + H ( id ) C =( c , ¯ c ) mod N − − − − − − − → γ = c or ¯ c t � γ + 2 δ id � t + u H ( id ) m = c = ¯ ¯ mod N ¯ N t 7 / 20

  17. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Outline Cocks IBE Scheme 1 Algebraic Structure 2 Applications 3 Conclusion 4 8 / 20

  18. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Pell Curve Consider the Pell curve given by the Pell equation x 2 − ∆ y 2 = 1 over F p , where ∆ = δ 2 ∈ F × p 9 / 20

  19. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Pell Curve Consider the Pell curve given by the Pell equation x 2 − ∆ y 2 = 1 over F p , where ∆ = δ 2 ∈ F × p Set of points ( x , y ) on the Pell curve forms a group C ( F p ) order p − 1 neutral element: O = (0 , 1) 9 / 20

  20. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Pell Curve Consider the Pell curve given by the Pell equation x 2 − ∆ y 2 = 1 over F p , where ∆ = δ 2 ∈ F × p Set of points ( x , y ) on the Pell curve forms a group C ( F p ) ∼ = F × p order p − 1 neutral element: O = (0 , 1) 9 / 20

  21. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Group Law Geometric interpretation 10 / 20

  22. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Group Law Geometric interpretation 10 / 20

  23. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Group Law Geometric interpretation 10 / 20

  24. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Group Law Geometric interpretation Algebraically: ( x 1 , y 1 ) ⊕ ( x 2 , y 2 ) = ( x 1 x 2 + ∆ y 1 y 2 , x 1 y 2 + x 2 y 1 ) 10 / 20

  25. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Compact Representation Slope line through P P and O : y = s ( x − 1) P ∆ y for efficiency, let t := ∆ s = x − 1 � � � t 2 +∆ 2 t t �→ P P P = t 2 − ∆ , t 2 − ∆ ψ : F p ∪ {∞} → C ( F p ) , ∞ �→ O Remark: ψ not defined at ± δ when ∆ ∈ QR p 11 / 20

  26. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion The Group Z N , ∆ We recall that ∆ = δ 2 ∈ QR p Define the group ( F p , ∆ , ⊛ ) with neutral element ∞ , where F p , ∆ = ( F p \ {± δ } ) ∪ {∞} = { ψ − 1 ( P P P ) | P P P ∈ C ( F p ) } = { t ∈ F p | t 2 � = ∆ } ∪ {∞} under the law ⊛ : t 1 ⊛ t 2 = t 1 t 2 + ∆ t 1 + t 2 12 / 20

  27. Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion The Group Z N , ∆ We recall that ∆ = δ 2 ∈ QR p Define the group ( F p , ∆ , ⊛ ) with neutral element ∞ , where F p , ∆ = ( F p \ {± δ } ) ∪ {∞} = { ψ − 1 ( P P P ) | P P P ∈ C ( F p ) } = { t ∈ F p | t 2 � = ∆ } ∪ {∞} ∼ = F × p under the law ⊛ : t 1 ⊛ t 2 = t 1 t 2 + ∆ t 1 + t 2 12 / 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Discrete-Log Based Public Key Cryptosystems Jim Royer September 25, 2018 Introduction to

Discrete-Log Based Public Key Cryptosystems Jim Royer September 25, 2018 Introduction to

Note: Log = logarithm, not Discrete-Log Based Public Key Cryptosystems Jim Royer September 25, 2018 Introduction to Cryptography 1 References Symmetric and Asymmetric Cryptosystems Public-Key Cryptosystems Based on the Discrete

436 views • 9 slides
Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based

Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based

Contents Background Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based Signature Conclusion Manik Lal Das DA-IICT, Gandhinagar, India About DA-IICT and Our Group DA-IICT is a private university,

563 views • 35 slides
The RSA Algorithm Private-key cryptosystems: - Alice and Bob agree on the key before the

The RSA Algorithm Private-key cryptosystems: - Alice and Bob agree on the key before the

The RSA Algorithm Private-key cryptosystems: - Alice and Bob agree on the key before the communication - all cryptosystems we discussed so far - also called: symmetric-key cryptosystems Public-key cryptosystems (Chapter 6) : - what to do if

281 views • 4 slides
A Reaction Attack against Cryptosystems based on LRPC Codes Gustavo Banegas joint work with

A Reaction Attack against Cryptosystems based on LRPC Codes Gustavo Banegas joint work with

A Reaction Attack against Cryptosystems based on LRPC Codes Gustavo Banegas joint work with Simona Samardjiska, Paolo Santini and Edoardo Persichetti Latincrypt 2019 October 3rd, 2019 A Reaction Attack against Cryptosystems based on LRPC

590 views • 33 slides
Cryptosystems from 1900 to 1975 Late Classical Cryptosystems From 1900 up to the mid-1970s

Cryptosystems from 1900 to 1975 Late Classical Cryptosystems From 1900 up to the mid-1970s

Cryptosystems from 1900 to 1975 Late Classical Cryptosystems From 1900 up to the mid-1970s Many important and storied examples. See: http://users.telenet.be/d.rijmenants/ Jim Royer Well talk about just one in detail: the one-time pad .

250 views • 6 slides
Elliptic Curve Isogeny Based Cryptosystems Frederik Vercauteren Open Security Research (China)

Elliptic Curve Isogeny Based Cryptosystems Frederik Vercauteren Open Security Research (China)

Elliptic Curve Isogeny Based Cryptosystems Frederik Vercauteren Open Security Research (China) KU Leuven ESAT/COSIC (Belgium) frederik.vercauteren@gmail.com 23 August 2016 Frederik Vercauteren Elliptic Curve Isogeny Based Cryptosystems 23

839 views • 52 slides
Outline Yet More On Cryptography Symmetric cryptosystems CS 239 Asymmetric

Outline Yet More On Cryptography Symmetric cryptosystems CS 239 Asymmetric

Outline Yet More On Cryptography Symmetric cryptosystems CS 239 Asymmetric cryptosystems Computer Security Digital signatures January 30, 2006 Digital hashes Key recovery cryptosystems Lecture 4 Lecture 4 Page 1 Page

358 views • 11 slides
A Complete and Explicit Security Reduction Algorithm for RSA-based Cryptosystems Asiacrypt 2003,

A Complete and Explicit Security Reduction Algorithm for RSA-based Cryptosystems Asiacrypt 2003,

A Complete and Explicit Security Reduction Algorithm for RSA-based Cryptosystems Asiacrypt 2003, Taipei Kaoru Kurosawa 1 , Katja Schmidt-Samoa 2 , Tsuyoshi Takagi 2 1 Ibaraki University 2 Technische Universit at Darmstadt A Complete and

408 views • 39 slides
Unbreakable Cryptosystems ??? Almost all of the practical cryptosystems are theoretically

Unbreakable Cryptosystems ??? Almost all of the practical cryptosystems are theoretically

Unbreakable Cryptosystems ??? Almost all of the practical cryptosystems are theoretically breakable given the time are theoretically breakable given the time Security Notions and computational resources. However,

307 views • 10 slides
Fast and Secure Root Finding for Code-based Cryptosystems Falko Strenzke Cryptography and

Fast and Secure Root Finding for Code-based Cryptosystems Falko Strenzke Cryptography and

Fast and Secure Root Finding for Code-based Cryptosystems Falko Strenzke Cryptography and Computeralgebra, Department of Computer Science, Technische Universit at Darmstadt, Germany, fstrenzke@crypto-source.de April 13, 2015 Fast and

494 views • 38 slides
Public-Key Cryptosystems from the Worst-Case Shortest Vector Problem Chris Peikert SRI

Public-Key Cryptosystems from the Worst-Case Shortest Vector Problem Chris Peikert SRI

Public-Key Cryptosystems from the Worst-Case Shortest Vector Problem Chris Peikert SRI Georgia Tech Impagliazzos World Workshop 1 / 16 This Talk 1 State of Lattice-Based Cryptography 2 Main Result: Public-Key Encryption based on GapSVP

908 views • 73 slides
Efficiency and Implementation Security of Code-based Cryptosystems PhD Thesis by Falko Strenzke

Efficiency and Implementation Security of Code-based Cryptosystems PhD Thesis by Falko Strenzke

Efficiency and Implementation Security of Code-based Cryptosystems PhD Thesis by Falko Strenzke Falko Strenzke Cryptography and Computeralgebra, Department of Computer Science, Technische Universit at Darmstadt, Germany,

1.73k views • 160 slides
Outline Threshold Homomorphic Cryptosystems (THCs) Basic examples Secure multiparty

Outline Threshold Homomorphic Cryptosystems (THCs) Basic examples Secure multiparty

ECRYPT: Achievements and Perspectives Antwerp / May 27, 2008 PROVILAB Focus 2 Secure Multiparty Computation Based on Threshold Homomorphic Cryptosystems Berry Schoenmakers Coding & Crypto group Dept. Math & CS TU Eindhoven Outline

583 views • 13 slides
MIT 6.875 & Berkeley CS276 Foundations of Cryptography Lecture 10 Today: Constructions of

MIT 6.875 & Berkeley CS276 Foundations of Cryptography Lecture 10 Today: Constructions of

MIT 6.875 & Berkeley CS276 Foundations of Cryptography Lecture 10 Today: Constructions of Public-Key Encryption 1: Trapdoor Permutations (RSA) composite N/factoring 2: Quadratic Residuosity/Goldwasser-Micali composite N/factoring 3:

528 views • 39 slides
DNN-based Branch-and-bound for the Quadratic Assignment Problem *Koichi Fujii, Naoki Ito, Yuji

DNN-based Branch-and-bound for the Quadratic Assignment Problem *Koichi Fujii, Naoki Ito, Yuji

DNN Relaxation of Quadratic Assignment Problem DNN Optimization DNN-based Branch-and-bound DNN-based Branch-and-bound for the Quadratic Assignment Problem *Koichi Fujii, Naoki Ito, Yuji Shinano NTT DATA Mathematical Systems Inc., , FAST

453 views • 27 slides
Symmetric Key Cryptosystems Modern Symmetric Key Cryptosystems Public key cryptosystems (PKCs) and

Symmetric Key Cryptosystems Modern Symmetric Key Cryptosystems Public key cryptosystems (PKCs) and

Modern Block Ciphers DES Games with Block Ciphers Modern Block Ciphers DES Games with Block Ciphers Symmetric Key Cryptosystems Modern Symmetric Key Cryptosystems Public key cryptosystems (PKCs) and their applications are the primary focus

521 views • 5 slides
Overview of the Active Neighbourhoods for Older Australians (ANOA) project for funded houses

Overview of the Active Neighbourhoods for Older Australians (ANOA) project for funded houses

Overview of the Active Neighbourhoods for Older Australians (ANOA) project for funded houses Musculoskeletal Australia (MSK) Musculoskeletal Australia has been supporting people with arthritis and musculoskeletal conditions for 50 years.

441 views • 20 slides
Identity-based encryption and Generic group model (work in progress) Peeter Laud Arvutiteaduse

Identity-based encryption and Generic group model (work in progress) Peeter Laud Arvutiteaduse

Identity-based encryption and Generic group model (work in progress) Peeter Laud Arvutiteaduse teooriaseminar Tallinn, 05.01.2012 Identity-based encryption Public-key encryption, where public key = name no PKI necessary

815 views • 24 slides
EAP Efficient Re-authentication Vidya Narayanan , vidyan@qualcomm.com Lakshminath Dondeti ,

EAP Efficient Re-authentication Vidya Narayanan , vidyan@qualcomm.com Lakshminath Dondeti ,

EAP Efficient Re-authentication Vidya Narayanan , vidyan@qualcomm.com Lakshminath Dondeti , ldondeti@qualcomm.com January 2007 Contents EAP Re-authentication and Fast Re-authentication Requirements for low latency re-authentication

1.05k views • 27 slides
Extensions to EAP Keying hierarchy for Efficient Re-authentication and Visited domain Keying

Extensions to EAP Keying hierarchy for Efficient Re-authentication and Visited domain Keying

Extensions to EAP Keying hierarchy for Efficient Re-authentication and Visited domain Keying Vidya Narayanan , vidyan@qualcomm.com Lakshminath Dondeti , ldondeti@qualcomm.com IETF-67 San Diego, CA November 2006 Contents EAP keying

614 views • 15 slides
Functional Encryption Lecture 23 ABE from LWE Functional

Functional Encryption Lecture 23 ABE from LWE Functional

Functional Encryption Lecture 23 ABE from LWE Functional Encryption f g h KeyGen PK SK SK f PK f(x) Dec SK g x g(x) Enc Dec Ciphertext SK h h(x) Dec Index-Payload Functions Message x=(

166 views • 13 slides
70 Years of MV cables in Brazil R eliability of: Cables; Splices and Potheads F(t)=1-e^(-((t-

70 Years of MV cables in Brazil R eliability of: Cables; Splices and Potheads F(t)=1-e^(-((t-

70 Years of MV cables in Brazil R eliability of: Cables; Splices and Potheads F(t)=1-e^(-((t- )/ ) ^ )) Defeitos em Cabos PILC - Weibull 2P t Cabo Emenda Total 14 0,0791 0,0535 0,0739 1,2000 15 0,1022 0,0746 0,1023 16 0,1293

242 views • 20 slides
Unintrusive Aging Analysis based on Offline Learning Frank Sill Torres* + , Pedro Fausto Rodrigues

Unintrusive Aging Analysis based on Offline Learning Frank Sill Torres* + , Pedro Fausto Rodrigues

Unintrusive Aging Analysis based on Offline Learning Frank Sill Torres* + , Pedro Fausto Rodrigues Leite Jr.*, Rolf Drechsler + *Universidade Federal de Minas Gerias, Belo Horizonte, Brazil + University of Bremen, Bremen, Germany Sill Torres -

579 views • 12 slides
Present and Future Present and Future Supercomputer Architectures Supercomputer Architectures

Present and Future Present and Future Supercomputer Architectures Supercomputer Architectures

Hong Kong, China, 13-15 Dec. 2004 Present and Future Present and Future Supercomputer Architectures Supercomputer Architectures Jack Dongarra University of Tennessee and Oak Ridge National Laboratory 12/12/2004 1 A Growth- A Growth

526 views • 17 slides

More recommend