onetime encryption
play

Onetime Encryption Perfect Secrecy Perfect secrecy : m, m M K 0 - PowerPoint PPT Presentation

Oct 13, 2023 •460 likes •1.45k views

Defining Encryption (ctd.) Lecture 3 SIM & IND security Beyond One-Time: CPA security Computational Indistinguishability Recall Onetime Encryption Perfect Secrecy Perfect secrecy : m, m M K 0 1 2 3 M {Enc(m,K)} K KeyGen

  1. Defining Encryption (ctd.) Lecture 3 SIM & IND security Beyond One-Time: CPA security Computational Indistinguishability

  2. Recall Onetime Encryption Perfect Secrecy Perfect secrecy : ∀ m, m’ ∈ M K 0 1 2 3 M {Enc(m,K)} K ← KeyGen = {Enc(m’,K)} K ← KeyGen a x y y z Distribution of the ciphertext is defined 
 Distribution of the ciphertext by the randomness in the key b y x z y In addition, require correctness Assuming K uniformly drawn from K ∀ m, K, Dec( Enc(m,K), K) = m Pr[ Enc(a,K)=x ] = ¼ , 
 Pr[ Enc(a,K)=y ] = ½ , 
 E.g. One-time pad: M = K = C = {0,1} n and Pr[ Enc(a,K)=z ] = ¼ ______________ 
 Enc(m,K) = m ⊕ K, Dec(c,K) = c ⊕ K Same for Enc(b,K). More generally M = K = C = G (a finite group) and Enc(m,K) = m+K, Dec(c,K) = c-K

  3. Recall Onetime Encryption SIM-Onetime Security Class of environments which send only one message Key/ Key/ Recv Enc Dec Send SIM-Onetime secure if: ∀ ∃ s.t. ∀ IDEAL=REAL Env Env IDEAL REAL

  4. Recall Onetime Encryption Equivalent to perfect secrecy SIM-Onetime Security + correctness Class of environments which send only one message Key/ Key/ Recv Enc Dec Send SIM-Onetime secure if: ∀ ∃ s.t. ∀ IDEAL=REAL Env Env IDEAL REAL

  5. Onetime Encryption IND-Onetime Security

  6. Onetime Encryption IND-Onetime Security IND-Onetime Experiment

  7. Onetime Encryption IND-Onetime Security IND-Onetime Experiment .

  8. Onetime Encryption IND-Onetime Security IND-Onetime Experiment .

  9. Onetime Encryption IND-Onetime Security IND-Onetime Experiment Experiment picks a random bit b. It also runs KeyGen to get a key K . b ← {0,1}

  10. Onetime Encryption IND-Onetime Security IND-Onetime Experiment Key/ Enc Experiment picks a random bit b. It also runs KeyGen to get a key K . b ← {0,1}

  11. Onetime Encryption IND-Onetime Security IND-Onetime Experiment Key/ Enc Experiment picks a random bit b. It also runs KeyGen to get a key K Adversary sends two messages m 0 , m 1 to the experiment m 0 ,m 1 . b ← {0,1}

  12. Onetime Encryption IND-Onetime Security IND-Onetime Experiment Key/ Enc Experiment picks a random bit b. It also runs KeyGen to get a key K Adversary sends two messages m 0 , m 1 to the experiment Experiment replies with Enc(m b ,K) m 0 ,m 1 . b ← {0,1}

  13. Onetime Encryption IND-Onetime Security IND-Onetime Experiment Key/ Enc Experiment picks a random bit b. It also runs KeyGen to get a key K Enc(m b ,K) Adversary sends two messages m 0 , m b m 1 to the experiment Experiment replies with Enc(m b ,K) m 0 ,m 1 . b ← {0,1}

  14. Onetime Encryption IND-Onetime Security IND-Onetime Experiment Key/ Enc Experiment picks a random bit b. It also runs KeyGen to get a key K Enc(m b ,K) Adversary sends two messages m 0 , m b m 1 to the experiment Experiment replies with Enc(m b ,K) m 0 ,m 1 Adversary returns a guess b’ b’ . b ← {0,1}

  15. Onetime Encryption IND-Onetime Security IND-Onetime Experiment Key/ Enc Experiment picks a random bit b. It also runs KeyGen to get a key K Enc(m b ,K) Adversary sends two messages m 0 , m b m 1 to the experiment Experiment replies with Enc(m b ,K) m 0 ,m 1 Adversary returns a guess b’ b’ . b ← {0,1} b’=b?

  16. Onetime Encryption IND-Onetime Security IND-Onetime Experiment Key/ Enc Experiment picks a random bit b. It also runs KeyGen to get a key K Enc(m b ,K) Adversary sends two messages m 0 , m b m 1 to the experiment Experiment replies with Enc(m b ,K) m 0 ,m 1 Adversary returns a guess b’ b’ . Experiments outputs 1 iff b’=b b ← {0,1} b’=b? Yes/No

  17. Onetime Encryption IND-Onetime Security IND-Onetime Experiment Key/ Enc Experiment picks a random bit b. It also runs KeyGen to get a key K Enc(m b ,K) Adversary sends two messages m 0 , m b m 1 to the experiment Experiment replies with Enc(m b ,K) m 0 ,m 1 Adversary returns a guess b’ b’ . Experiments outputs 1 iff b’=b b ← {0,1} b’=b? IND-Onetime secure if for every Yes/No adversary, Pr[b’=b] = 1/2

  18. Onetime Encryption IND-Onetime Security Equivalent to perfect IND-Onetime Experiment secrecy Key/ Enc Experiment picks a random bit b. It also runs KeyGen to get a key K Enc(m b ,K) Adversary sends two messages m 0 , m b m 1 to the experiment Experiment replies with Enc(m b ,K) m 0 ,m 1 Adversary returns a guess b’ b’ . Experiments outputs 1 iff b’=b b ← {0,1} b’=b? IND-Onetime secure if for every Yes/No adversary, Pr[b’=b] = 1/2

  19. Perspective on Definitions

  20. Perspective on Definitions “Technical” vs. “Convincing”

  21. Perspective on Definitions “Technical” vs. “Convincing” For simple scenarios technical definitions could be convincing

  22. Perspective on Definitions “Technical” vs. “Convincing” For simple scenarios technical definitions could be convincing e.g. Perfect Secrecy

  23. Perspective on Definitions “Technical” vs. “Convincing” For simple scenarios technical definitions could be convincing e.g. Perfect Secrecy IND- definitions tend to be technical: more low-level details, but may not make the big picture clear. Could have “weaknesses”

  24. Perspective on Definitions “Technical” vs. “Convincing” For simple scenarios technical definitions could be convincing e.g. Perfect Secrecy IND- definitions tend to be technical: more low-level details, but may not make the big picture clear. Could have “weaknesses” SIM- definitions give the big picture, but may not give details of what is involved in satisfying it. Could be “too strong”

  25. Perspective on Definitions “Technical” vs. “Convincing” For simple scenarios technical definitions could be convincing e.g. Perfect Secrecy IND- definitions tend to be technical: more low-level details, but may not make the big picture clear. Could have “weaknesses” SIM- definitions give the big picture, but may not give details of what is involved in satisfying it. Could be “too strong” Best of both worlds when they are equivalent: use IND- definition while say, proving security of a construction; use SIM- definition when low-level details are not important

  26. Security of Encryption

  27. Security of Encryption Perfect secrecy is too strong for multiple messages (though too weak in some other respects...)

  28. Security of Encryption Perfect secrecy is too strong for multiple messages (though too weak in some other respects...) Requires keys as long as the messages

  29. Security of Encryption Perfect secrecy is too strong for multiple messages (though too weak in some other respects...) Requires keys as long as the messages Relax the requirement by restricting to computationally bounded adversaries (and environments)

  30. Security of Encryption Perfect secrecy is too strong for multiple messages (though too weak in some other respects...) Requires keys as long as the messages Relax the requirement by restricting to computationally bounded adversaries (and environments) Coming up: Formalizing notions of “computational” security (as opposed to perfect/statistical security)

  31. Security of Encryption Perfect secrecy is too strong for multiple messages (though too weak in some other respects...) Requires keys as long as the messages Relax the requirement by restricting to computationally bounded adversaries (and environments) Coming up: Formalizing notions of “computational” security (as opposed to perfect/statistical security) Then, security definitions used for encryption of multiple messages

  32. Symmetric-Key Encryption The Syntax Shared-key (Private-key) Encryption Key Generation: Randomized K ← K , uniformly randomly drawn from the key-space (or according to a key-distribution) Encryption: Randomized Enc: M × K × R → C . During encryption a fresh random string will be chosen uniformly at random from R Decryption: Deterministic Dec: C × K → M

  33. Symmetric-Key Encryption SIM-CPA Security Key/ Key/ Recv Enc Dec Send SIM-CPA secure if: ∀ ∃ s.t. ∀ IDEAL ≈ REAL Env Env IDEAL REAL

  34. Symmetric-Key Encryption SIM-CPA Security Same as SIM-onetime security, but not restricted to environments which send only one message. All entities “efficient. ” Key/ Key/ Recv Enc Dec Send SIM-CPA secure if: ∀ ∃ s.t. ∀ IDEAL ≈ REAL Env Env IDEAL REAL

  35. Symmetric-Key Encryption SIM-CPA Security Same as SIM-onetime security, but not restricted to environments which send only one message. All entities “efficient. ” Key/ Key/ Recv Enc Dec Send SIM-CPA secure if: ∀ ∃ s.t. ∀ IDEAL ≈ REAL Env Env Later IDEAL REAL

  36. Symmetric-Key Encryption IND-CPA Security

  37. Symmetric-Key Encryption IND-CPA Security Experiment picks a random bit b. It also runs KeyGen to get a key K Key/ Enc b ← {0,1}

  38. Symmetric-Key Encryption IND-CPA Security Experiment picks a random bit b. It also runs KeyGen to get a key K Key/ Enc For as long as Adversary wants b ← {0,1}

  39. Symmetric-Key Encryption IND-CPA Security Experiment picks a random bit b. It also runs KeyGen to get a key K Key/ Enc For as long as Adversary wants Adv sends two messages m 0 , m 1 to the experiment m 0 ,m 1 b ← {0,1}

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Defining Encryption (ctd.) Lecture 3 CPA/CCA security Computational Indistinguishability Pseudo-randomness, One-Way Functions Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too strong (though too

1.36k views • 113 slides
Onetime Encryption Perfect Secrecy Perfect secrecy : m, m M K 0 1 2 3 M

Onetime Encryption Perfect Secrecy Perfect secrecy : m, m M K 0 1 2 3 M

Defining Encryption (ctd.) Lecture 3 SIM & IND security Beyond One-Time: CPA security Computational Indistinguishability Recall Onetime Encryption Perfect Secrecy Perfect secrecy : m, m M K 0 1 2 3 M {Enc(m,K)} K KeyGen

619 views • 20 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

842 views • 26 slides
RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of encryption Wednesday, but none of these is good enough to be used in actual situations. Today well talk about one method, RSA Encryption, which is

1.01k views • 59 slides
Saanich Police 2018 Budget Introduction o Provide Context o Operational Requirements o Onetime

Saanich Police 2018 Budget Introduction o Provide Context o Operational Requirements o Onetime

Saanich Police 2018 Budget Introduction o Provide Context o Operational Requirements o Onetime Funding o Capital o Staffing Requirements / Challenges o Reductions o Initiatives to Improve Efficiency o Future Challenges Context Operations

416 views • 41 slides
Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a way that only authorized parties can read the content of the original message History of encryption dates back to 1900 BC Two types of

533 views • 38 slides
Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data, but result remains encrypted Functional

987 views • 61 slides
Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2 What is Encryption? Want to prevent someone (an attacker) from accessing private data Permissions arent good enough Root user can

788 views • 20 slides
Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption [DH76,M78,RSA78,GM84] Avoid Prior Secret Exchange PubK SK 2 Functional Encryption [SW05] Functionality: f( , ) MSK Authority Key: y 2 {0,1}* y SK CT: x

945 views • 16 slides
Lecture 3 Encryption Suggested readings: Chs 1 & 2 in KPS Ch 1 in Stinson

Lecture 3 Encryption Suggested readings: Chs 1 & 2 in KPS Ch 1 in Stinson

Lecture 3 Encryption Suggested readings: Chs 1 & 2 in KPS Ch 1 in Stinson (recommended) 1 Encryption Principles A cryptosystem has (at least) five ingredients: 1. Plaintext 2. Secret Key 3. Ciphertext 4. Encryption algorithm 5.

657 views • 12 slides
Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption Standardization Consortium HomomorphicEncryption.org 0.1 Presenters Roger A. Hallman (SPAWAR Systems Center Pacific; Thayer School of

1.36k views • 91 slides
Goals of Encryption authenticated encryption sender Daniel J. Bernstein

Goals of Encryption authenticated encryption sender Daniel J. Bernstein

Goals of Encryption authenticated encryption sender Daniel J. Bernstein University of Illinois at Chicago & m Technische Universiteit Eindhoven c k More details, credits: competitions.cr.yp.to network

1.33k views • 118 slides
Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption

Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption

Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption Standard AES - Advanced Encryption Standard US governmental encryption standard Open (world) competition announced January 97 Blocks: 128 bits Keys:

403 views • 39 slides
Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

. . . . . . Permutation-based encryption, authentication and authenticated encryption Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint work with DIAC 2012, Stockholm, July 6 Guido Bertoni 1 ,

739 views • 49 slides
Encryption at Scale on AWS Matt Campagna campagna@amazon.com Agenda Describe the AWS Key

Encryption at Scale on AWS Matt Campagna campagna@amazon.com Agenda Describe the AWS Key

Encryption at Scale on AWS Matt Campagna campagna@amazon.com Agenda Describe the AWS Key Management Service Client Side Encryption AWS Encryption SDK Server Side Encryption S3 Object Encryption Amazon Simple Storage Service

387 views • 22 slides
SENSEFUL an SDN-based Joint Access and Backhaul Coordination for Dense Wi-Fi Small Cells Eduard

SENSEFUL an SDN-based Joint Access and Backhaul Coordination for Dense Wi-Fi Small Cells Eduard

SENSEFUL an SDN-based Joint Access and Backhaul Coordination for Dense Wi-Fi Small Cells Eduard Garcia-Villegas , David Sesto-Castilla , Sven Zehl , Anatolij Zubow , August Betzler and Daniel Camps- Mur

767 views • 23 slides
CS886: Lecture 3 January 14 Probabilistic inference Bayesian networks Variable

CS886: Lecture 3 January 14 Probabilistic inference Bayesian networks Variable

CS886: Lecture 3 January 14 Probabilistic inference Bayesian networks Variable elimination algorithm 1 CSC 886 Lecture Slides (c) 2009, C. Boutilier and P. Poupart Some Important Properties Product Rule: Pr(ab) = Pr(a|b)Pr(b)

396 views • 38 slides
CMS commissioning status L. Malgeri - CERN - on behalf of the CMS coll. 30/5/08 - HCP08 - Galena

CMS commissioning status L. Malgeri - CERN - on behalf of the CMS coll. 30/5/08 - HCP08 - Galena

CMS commissioning status L. Malgeri - CERN - on behalf of the CMS coll. 30/5/08 - HCP08 - Galena (IL-US) A special thank to: D. Acosta, T. Camporesi and the commissioning teams Outline CMS and its status muons(DT+CSC+RPC) calorimeters

832 views • 64 slides
SDN Solution Overview Ericsson SDN Solution Agenda Market Opportunity Solution Overview

SDN Solution Overview Ericsson SDN Solution Agenda Market Opportunity Solution Overview

SDN Solution Overview Ericsson SDN Solution Agenda Market Opportunity Solution Overview Applications Customer Benefits and Value Summary Why operators deploy SDN Need for programmable connectivity infrastructure to realize the full

190 views • 16 slides
AI Large Practical: Assignment 3 ctd Alan Smaill School of Informatics Nov 15 2017 Alan Smaill

AI Large Practical: Assignment 3 ctd Alan Smaill School of Informatics Nov 15 2017 Alan Smaill

N I V E U R S E I H T T Y O H F G R E U D I B N AI Large Practical: Assignment 3 ctd Alan Smaill School of Informatics Nov 15 2017 Alan Smaill AI Large Practical: Assignment 3 ctd Nov 15 2017 1/19 Organisation N I

530 views • 17 slides
60 GHz Flyways: Adding mul5-Gbps wireless links to data

60 GHz Flyways: Adding mul5-Gbps wireless links to data

60 GHz Flyways: Adding mul5-Gbps wireless links to data centers Daniel Halperin Srikanth Kandula, Jitu Padhye Victor Bahl, David Wetherall Todays

447 views • 42 slides
FY 2021 & FY 2022 Unified Planning Work Program Overview and Projects Discussion MPO

FY 2021 & FY 2022 Unified Planning Work Program Overview and Projects Discussion MPO

FY 2021 & FY 2022 Unified Planning Work Program Overview and Projects Discussion MPO Planning Tasks & Budget April 14, 2020 p l a n h i l l s b o r o u g h . o r g Required Biennial Update Effective July 1, 2020 June 30,

321 views • 13 slides
Web Dynamics http://www.mpi inf.mpg.de/departments/d5/teaching/ss09/dyn/ Summer Term 2009 Web

Web Dynamics http://www.mpi inf.mpg.de/departments/d5/teaching/ss09/dyn/ Summer Term 2009 Web

Web Dynamics http://www.mpi inf.mpg.de/departments/d5/teaching/ss09/dyn/ Summer Term 2009 Web Dynamics 0 1 Lecturers Dr. Ing. Ralf Schenkel Group Leader, MMCI Associated Senior Researcher, MPI INF Dr. Marc Spaniol Postdoc, MPI

510 views • 7 slides

More recommend