quantum non malleability and authentication
play

Quantum non-malleability and authentication Christian Majenz QMATH, - PowerPoint PPT Presentation

Dec 05, 2022 •163 likes •1.01k views

Quantum non-malleability and authentication Christian Majenz QMATH, University of Copenhagen Joint work with Gorjan Alagic, NIST and University of Maryland CRYPTO 2017, UCSB 24.08.2017 Motivation: a classical story... Crypto for bank

  1. Quantum non-malleability and authentication Christian Majenz QMATH, University of Copenhagen Joint work with Gorjan Alagic, NIST and University of Maryland CRYPTO 2017, UCSB 24.08.2017

  2. Motivation: a classical story...

  3. Crypto for bank transfers

  4. Crypto for bank transfers I want a new notebook!

  5. Crypto for bank transfers I want a new notebook! Transfer 1000€ to <notebook store>

  6. Crypto for bank transfers I want a new notebook! Transfer 1000€ to <notebook store>

  7. Crypto for bank transfers I want a new notebook! Transfer 1000€ to <notebook store>

  8. Crypto for bank transfers I want a new notebook! Transfer 1000€ to <notebook store> Transfer 9888€ to <notebook store>

  9. Crypto for bank transfers I want a new notebook! Transfer 1000€ to <notebook store> Transfer 9888€ to <notebook store>

  10. Crypto for bank transfers I want a new notebook! Transfer 1000€ to <notebook store> Transfer 9888€ to <notebook store>

  11. Crypto for bank transfers I want a new notebook! Transfer 1000€ to <notebook store> Transfer 9888€ to <notebook store> ◮ What cryptographic security notions would fix this problem?

  12. Non-malleability ◮ One solution is non-malleable encryption:

  13. Non-malleability ◮ One solution is non-malleable encryption: I want a new notebook!

  14. Non-malleability ◮ One solution is non-malleable encryption: I want a new notebook! Transfer 1000$ to <notebook store>

  15. Non-malleability ◮ One solution is non-malleable encryption: I want a new notebook! qAe5PSkDo3bFfq9 Transfer 1000$ to encrypt <notebook store> I5pM2jQgfPUrtdcx 7xF8WS9An

  16. Non-malleability ◮ One solution is non-malleable encryption: I want a new notebook! qAe5PSkDo3bFfq9 Transfer 1000$ to encrypt <notebook store> I5pM2jQgfPUrtdcx 7xF8WS9An zfwgpvkSR39da7U haXBA0ya18weOI0 HGP6uqfo7E

  17. Non-malleability ◮ One solution is non-malleable encryption: I want a new notebook! qAe5PSkDo3bFfq9 Transfer 1000$ to encrypt <notebook store> I5pM2jQgfPUrtdcx 7xF8WS9An decrypt zfwgpvkSR39da7U ZwOL0XEOuVF74D haXBA0ya18weOI0 8bX0vwDCwGOuSe HGP6uqfo7E

  18. Summary of Results New definition of information-theoretic quantum non-malleability which

  19. Summary of Results New definition of information-theoretic quantum non-malleability which ◮ fixes a vulnerability allowed by the previous definition

  20. Summary of Results New definition of information-theoretic quantum non-malleability which ◮ fixes a vulnerability allowed by the previous definition ◮ implies secrecy, analogously to quantum authentication

  21. Summary of Results New definition of information-theoretic quantum non-malleability which ◮ fixes a vulnerability allowed by the previous definition ◮ implies secrecy, analogously to quantum authentication ◮ serves as a primitive for building quantum authentication

  22. Summary of Results New definition of information-theoretic quantum non-malleability which ◮ fixes a vulnerability allowed by the previous definition ◮ implies secrecy, analogously to quantum authentication ◮ serves as a primitive for building quantum authentication ◮ has both a simulation-based and an entropic characterization

  23. Summary of Results New definition of information-theoretic quantum non-malleability which ◮ fixes a vulnerability allowed by the previous definition ◮ implies secrecy, analogously to quantum authentication ◮ serves as a primitive for building quantum authentication ◮ has both a simulation-based and an entropic characterization ♠ Additional result: The new definition of quantum authentication with key recycling (Garg, Yuen, Zhandry ’16, next talk!) can be fulfilled using unitary 2-designs.

  24. Non-malleability

  25. classical non-malleability (NM) ◮ NM first defined in the context of public key cryptography (Dolev, Dwork, Naor ’95)

  26. classical non-malleability (NM) ◮ NM first defined in the context of public key cryptography (Dolev, Dwork, Naor ’95) ◮ Simulation-based security definition in terms of relations on plaintext space

  27. classical non-malleability (NM) ◮ NM first defined in the context of public key cryptography (Dolev, Dwork, Naor ’95) ◮ Simulation-based security definition in terms of relations on plaintext space ! NM can be characterized as certain kind of chosen ciphertext indistinguishability (Bellare and Sahai ’99)

  28. classical non-malleability (NM) ◮ NM first defined in the context of public key cryptography (Dolev, Dwork, Naor ’95) ◮ Simulation-based security definition in terms of relations on plaintext space ! NM can be characterized as certain kind of chosen ciphertext indistinguishability (Bellare and Sahai ’99) ◮ Information theoretic definition using entropy: ( X , C ), ( ˜ X , ˜ C ) two plaintext ciphertext pairs, C � = ˜ C def: scheme is NM if I ( ˜ X : ˜ C | XC ) = 0 (Hanaoka et al. ’02)

  29. classical non-malleability (NM) ◮ NM first defined in the context of public key cryptography (Dolev, Dwork, Naor ’95) ◮ Simulation-based security definition in terms of relations on plaintext space ! NM can be characterized as certain kind of chosen ciphertext indistinguishability (Bellare and Sahai ’99) ◮ Information theoretic definition using entropy: ( X , C ), ( ˜ X , ˜ C ) two plaintext ciphertext pairs, C � = ˜ C def: scheme is NM if I ( ˜ X : ˜ C | XC ) = 0 (Hanaoka et al. ’02) ◮ later ≈ simulation-based definition (McAven, Safavi-Naini, Yung ’04)

  30. the no-cloning problem ◮ Classical NM:

  31. the no-cloning problem ◮ Classical NM:

  32. the no-cloning problem ◮ Classical NM:

  33. the no-cloning problem ◮ Classical NM:

  34. the no-cloning problem ◮ Quantum NM: ! g n i n o l C o N

  35. Quantum symmetric key encryption def: Quantum encryption scheme: ( Enc k , Dec k ) ◮ classical uniformly random key k ◮ encryption map ( Enc k ) A → C , decryption map ( Dec k ) C → ¯ A

  36. Quantum symmetric key encryption def: Quantum encryption scheme: ( Enc k , Dec k ) ◮ classical uniformly random key k ◮ encryption map ( Enc k ) A → C , decryption map ( Dec k ) C → ¯ A ◮ H ¯ A = H A ⊕ C |⊥�

  37. Quantum symmetric key encryption def: Quantum encryption scheme: ( Enc k , Dec k ) ◮ classical uniformly random key k ◮ encryption map ( Enc k ) A → C , decryption map ( Dec k ) C → ¯ A ◮ H ¯ A = H A ⊕ C |⊥� ◮ correctness: Dec k ◦ Enc k = id A

  38. Quantum symmetric key encryption def: Quantum encryption scheme: ( Enc k , Dec k ) ◮ classical uniformly random key k ◮ encryption map ( Enc k ) A → C , decryption map ( Dec k ) C → ¯ A ◮ H ¯ A = H A ⊕ C |⊥� ◮ correctness: Dec k ◦ Enc k = id A ◮ average encryption map: Enc K = E k Enc k

  39. Setup for q-non-malleability ◮ Recall: classical non-malleability setup Bob Alice Mallory

  40. Setup for q-non-malleability ◮ Recall: classical non-malleability setup ◮ add reference system Bob Alice Mallory

  41. Setup for q-non-malleability ◮ Recall: classical non-malleability setup ◮ add reference system ◮ allow side info for adversary Bob Alice Mallory

  42. Setup for q-non-malleability ◮ Recall: classical non-malleability setup ◮ add reference system ◮ allow side info for adversary def: effective map on plaintexts and side info ˜ Λ = E k [ Dec k ◦ Λ ◦ Enc k ] Bob Alice Mallory

  43. New definition ◮ idea: define NM such that Mallory cannot increase her correlations with the honest parties

  44. New definition ◮ idea: define NM such that Mallory cannot increase her correlations with the honest parties ◮ Unavoidable attack: probabilistically discard the ciphertext

  45. New definition ◮ idea: define NM such that Mallory cannot increase her correlations with the honest parties ◮ Unavoidable attack: probabilistically discard the ciphertext ⇒ only allow the unavoidable attack.

  46. New definition ◮ idea: define NM such that Mallory cannot increase her correlations with the honest parties ◮ Unavoidable attack: probabilistically discard the ciphertext ⇒ only allow the unavoidable attack. Definition (Quantum non-malleability (qNM)) A scheme Π = ( Enc k , Dec k ) is non-malleable, if for all states ρ ABR and all attacks Λ CB → C ˜ B , I ( AR : ˜ B ) σ ≤ I ( AR : B ) ρ + h ( p = (Λ , ρ )) , , BR = ˜ with σ A ˜ Λ AB → A ˜ B ( ρ ABR ) .

  47. New definition ◮ idea: define NM such that Mallory cannot increase her correlations with the honest parties ◮ Unavoidable attack: probabilistically discard the ciphertext ⇒ only allow the unavoidable attack. Definition (Quantum non-malleability (qNM)) A scheme Π = ( Enc k , Dec k ) is non-malleable, if for all states ρ ABR and all attacks Λ CB → C ˜ B , I ( AR : ˜ B ) σ ≤ I ( AR : B ) ρ + h ( p = (Λ , ρ )) , BR = ˜ with σ A ˜ Λ AB → A ˜ B ( ρ ABR ) . B ( | φ + �� φ + | CC ′ ⊗ ρ B ) , p = (Λ , ρ ) = F ( tr ˜ B Λ CB → C ˜ | φ + �� φ + | CC ′ ) 2

  48. Alternative characterization ◮ qNM can be characterized in the simulation picture!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Quantum Authentication and Encryption with Key Recycling Or: How to Re-use a One-Time Pad Even if

Quantum Authentication and Encryption with Key Recycling Or: How to Re-use a One-Time Pad Even if

Quantum Authentication and Encryption with Key Recycling Or: How to Re-use a One-Time Pad Even if P = NP Safely &amp; Feasibly Serge Fehr Louis Salvail CWI Amsterdam University of Montral Encryption &amp; Authentication Schemes with

829 views • 62 slides
Expedient Non-Malleability Notions for Hash Functions CT-RSA 2011 Paul Baecher, Marc Fischlin,

Expedient Non-Malleability Notions for Hash Functions CT-RSA 2011 Paul Baecher, Marc Fischlin,

Expedient Non-Malleability Notions for Hash Functions CT-RSA 2011 Paul Baecher, Marc Fischlin, Dominique Schr oder Darmstadt University of Technology, supported by DFG Emmy Noether Program Introduction: Non-Malleability Introduced

819 views • 22 slides
Quantum secure message authentication via blind-unforgeability Christian Majenz Joint work with

Quantum secure message authentication via blind-unforgeability Christian Majenz Joint work with

Quantum secure message authentication via blind-unforgeability Christian Majenz Joint work with Gorjan Alagic, Alexander Russell and Fang Song QCrypt 2018, Shanghai, China Message authentication Alice Bob m Message authentication Alice Bob

1.3k views • 68 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
Post-Quantum Authentication in TLS 1.3: A Performance Study Di Dimitr trios Sikeridis 1, 1,2 ,

Post-Quantum Authentication in TLS 1.3: A Performance Study Di Dimitr trios Sikeridis 1, 1,2 ,

NDSS 2020, February 26, 2020 Post-Quantum Authentication in TLS 1.3: A Performance Study Di Dimitr trios Sikeridis 1, 1,2 , Panos Kampanakis 2 , Michael Devetsikiotis 1 1 Dept. of Electrical and Computer Engineering, The University of New

795 views • 23 slides
Quantum-Secure Message Authentication Codes Dan Boneh and Mark

Quantum-Secure Message Authentication Codes Dan Boneh and Mark

Quantum-Secure Message Authentication Codes Dan Boneh and Mark Zhandry Stanford University 1/19 Classical Chosen Message Attack (CMA) m i i = S ( k, m i )

658 views • 19 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
Quantum Authentication with Key Recycling Christopher Portmann Dept. Physics, ETH Zurich,

Quantum Authentication with Key Recycling Christopher Portmann Dept. Physics, ETH Zurich,

Introduction Classical secure channel Quantum secure channel Quantum Authentication with Key Recycling Christopher Portmann Dept. Physics, ETH Zurich, Switzerland Dept. of Computer Science, ETH Zurich, Switzerland EUROCRYPT 2017, Paris, 4 May

717 views • 54 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

613 views • 27 slides
Pufferbench: Evaluating and Optimizing Malleability of Distributed Storage Nathanal Cheriere,

Pufferbench: Evaluating and Optimizing Malleability of Distributed Storage Nathanal Cheriere,

Pufferbench: Evaluating and Optimizing Malleability of Distributed Storage Nathanal Cheriere, Matthieu Dorier, Gabriel Antoniu PDSW-DISCS 2018, Dallas Data is everywhere High variety of applications High variety of needs Resource

832 views • 25 slides
Quantum-secure message authentication via blind-unforgeability Gorjan Alagic, Christian Majenz,

Quantum-secure message authentication via blind-unforgeability Gorjan Alagic, Christian Majenz,

Quantum-secure message authentication via blind-unforgeability Gorjan Alagic, Christian Majenz, Alexander Russell and Fang Song Eurocrypt 2020, in Cyberspace Introduction Integrity and authenticity Integrity and authenticity It says X

785 views • 63 slides
A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization, Sessions Authentication Determining user identity Multiple ways What you know (password) What you have (phone, RSA SecureID, Yubikey)

1.57k views • 28 slides
Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password Token-based authentication Third party authentication Local Authentication How to store and verify password? Clear Data can be hacked

615 views • 14 slides
The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch Security Engineer kbabioch@suse.de New authentication standards ... 2 Some authentication technologies ... 3 - Authentication theory -

1.28k views • 88 slides
Theories of Hyperarithmetic Analysis. Antonio Montalb an. University of Chicago Columbus, OH,

Theories of Hyperarithmetic Analysis. Antonio Montalb an. University of Chicago Columbus, OH,

Hyperarithmetic analysis in the 70s Background Hyperarithmetic analysis in the 00s Known theories Theories of Hyperarithmetic Analysis. Antonio Montalb an. University of Chicago Columbus, OH, May 2009 CONFERENCE IN HONOR OF THE 60th

270 views • 25 slides
Laconic Zero Knowledge to Public Key Cryptography Public Key Cryptography Akshay Degwekar

Laconic Zero Knowledge to Public Key Cryptography Public Key Cryptography Akshay Degwekar

Laconic Zero Knowledge to Public Key Cryptography Public Key Cryptography Akshay Degwekar (MIT) Public Key Encryption (PKE) [Diffie-Hellman76, Rivest-Shamir-Adelman78, Goldwasser-Micali82] pk sk Public Key Encryption Public Key Encryption

296 views • 25 slides
Matrices with Integer Eigenvalues 4 1 1 0 1 1 4 0 1 1

Matrices with Integer Eigenvalues 4 1 1 0 1 1 4 0 1 1

Matrices with Integer Eigenvalues 4 1 1 0 1 1 4 0 1 1 1 0 3 0 0 0 1 0 3 0 1 1 0 0 3 Ron Adin Bar-Ilan University

758 views • 27 slides
Immut able Infrastructure Rise of the Machine Images About Axel Fontaine Founder and CEO of

Immut able Infrastructure Rise of the Machine Images About Axel Fontaine Founder and CEO of

@axelfontaine Immut able Infrastructure Rise of the Machine Images About Axel Fontaine Founder and CEO of Boxfuse Over 15 years industry experience Continuous Delivery expert Regular speaker at tech conferences JavaOne

1.17k views • 92 slides
Reverse Engineering with Hardware Debuggers 11 Mar 10 11 Mar 10 JASON RABER and JASON CHEATHAM

Reverse Engineering with Hardware Debuggers 11 Mar 10 11 Mar 10 JASON RABER and JASON CHEATHAM

Reverse Engineering with Hardware Debuggers 11 Mar 10 11 Mar 10 JASON RABER and JASON CHEATHAM ATSPI Assessment Science Team ATSPI Assessment Science Team RYTA Air Force Research Laboratory Public release authorization 88 ABW-10-1497 2

231 views • 19 slides
Development of perfSONAR-Measurement Archive (MA) Capability based on PRESTA 10G NTT Network

Development of perfSONAR-Measurement Archive (MA) Capability based on PRESTA 10G NTT Network

perfSONAR workshop, 29th APAN Meeting 2010.2.11 Development of perfSONAR-Measurement Archive (MA) Capability based on PRESTA 10G NTT Network Innovation Labs. Kenji Shimizu, Katsuhiro Sebayashi 1 1 This work was partially supported by the

560 views • 12 slides
Day 13: Scripting Workflows II DAGMan 2012 Fall Cartwright 1 Computer Sciences 368 Scripting

Day 13: Scripting Workflows II DAGMan 2012 Fall Cartwright 1 Computer Sciences 368 Scripting

Computer Sciences 368 Scripting for CHTC Day 13: Scripting Workflows II DAGMan 2012 Fall Cartwright 1 Computer Sciences 368 Scripting for CHTC Homework Review 2012 Fall Cartwright 2 Computer Sciences 368 Scripting for CHTC Advanced

599 views • 32 slides
Factorisations of a group element, Hurwitz action and shellability Vivien Ripoll University of

Factorisations of a group element, Hurwitz action and shellability Vivien Ripoll University of

Factorisations of a group element, Hurwitz action and shellability Vivien Ripoll University of Vienna, Austria Combinatorial Algebra meets Algebraic Combinatorics London, Ontario 2016, January 24th uhle ( joint work with Henri M Ecole

975 views • 58 slides

More recommend