secret key exchange
play

Secret key exchange Problem: Obtain a joint secret key via - PowerPoint PPT Presentation

Nov 27, 2023 •313 likes •518 views

Secret key exchange Problem: Obtain a joint secret key via interaction over a public channel: Alice Bob $ x ... ; X ... COMPUTATIONAL NUMBER THEORY X ! $ ... ; Y ... y Y K A F A (

  1. Secret key exchange Problem: Obtain a joint secret key via interaction over a public channel: Alice Bob $ x ... ; X ... COMPUTATIONAL NUMBER THEORY X � � � � � � ! $ ... ; Y ... y Y � � � � � � K A F A ( x , Y ) K B F B ( y , X ) Desired properties of the protocol: • K A = K B , meaning Alice and Bob agree on a key • Adversary given X , Y can’t compute K A Mihir Bellare UCSD 1 Mihir Bellare UCSD 2 Secret Key Exchange Secret Key Exchange Can you build a secret key exchange protocol? Can you build a secret key exchange protocol? Symmetric cryptography has existed for thousands of years. But no secret key exchange protocol was found in that time. Many people thought it was impossible. Mihir Bellare UCSD 3 Mihir Bellare UCSD 4

  2. Secret Key Exchange DH Key Exchange Video Can you build a secret key exchange protocol? Symmetric cryptography has existed for thousands of years. But no secret key exchange protocol was found in that time. http://www.youtube.com/watch?v=3QnD2c4Xovk Many people thought it was impossible. In 1976, Di ffi e and Hellman proposed one. This was the birth of public-key (asymmetric) cryptography. Mihir Bellare UCSD 5 Mihir Bellare UCSD 6 DH Secret Key Exchange DH Secret Key Exchange: Questions The following are assumed to be public: A large prime p and a number g called a generator mod p . Let Z p � 1 = { 0 , 1 , . . . , p � 2 } . • How do we pick a large prime p , and how large is large enough? Alice Bob • What does it mean for g to be a generator modulo p ? Z p � 1 ; X g x mod p $ • How do we find a generator modulo p ? x • How can Alice quickly compute x 7! g x mod p ? X � � � � � � ! • How can Bob quickly compute y 7! g y mod p ? Z p � 1 ; Y g y mod p $ y • Why is it hard to compute ( g x mod p , g y mod p ) 7! g xy mod p ? Y � � � � � � K A Y x mod p K B X y mod p • . . . • Y x = ( g y ) x = g xy = ( g x ) y = X y modulo p , so K A = K B To answer all that and more, we will forget about DH secret key exchange for a while and take a trip into computational number theory ... • Adversary is faced with computing g xy mod p given g x mod p and g y mod p , which nobody knows how to do e ffi ciently for large p . Mihir Bellare UCSD 7 Mihir Bellare UCSD 8

  3. Notation Integers mod N For N 2 Z + , let Z = { . . . , � 2 , � 1 , 0 , 1 , 2 , . . . } • Z N = { 0 , 1 , . . . , N � 1 } • Z ⇤ N = { a 2 Z N : gcd( a , N ) = 1 } N = { 0 , 1 , 2 , . . . } • ϕ ( N ) = | Z ⇤ N | Z + = { 1 , 2 , 3 , . . . } Example: N = 12 For a , N 2 Z let gcd( a , N ) be the largest d 2 Z + such that d divides both • Z 12 = { 0 , 1 , 2 , 3 , 4 , 5 , 6 , 7 , 8 , 9 , 10 , 11 } a and N . • Z ⇤ 12 = Example: gcd(30 , 70) = 10. Mihir Bellare UCSD 9 Mihir Bellare UCSD 10 Integers mod N Integers mod N For N 2 Z + , let For N 2 Z + , let • Z N = { 0 , 1 , . . . , N � 1 } • Z N = { 0 , 1 , . . . , N � 1 } • Z ⇤ N = { a 2 Z N : gcd( a , N ) = 1 } • Z ⇤ N = { a 2 Z N : gcd( a , N ) = 1 } • ϕ ( N ) = | Z ⇤ • ϕ ( N ) = | Z ⇤ N | N | Example: N = 12 Example: N = 12 • Z 12 = { 0 , 1 , 2 , 3 , 4 , 5 , 6 , 7 , 8 , 9 , 10 , 11 } • Z 12 = { 0 , 1 , 2 , 3 , 4 , 5 , 6 , 7 , 8 , 9 , 10 , 11 } • Z ⇤ 12 = { 1 , 5 , 7 , 11 } • Z ⇤ 12 = { 1 , 5 , 7 , 11 } • ϕ (12) = • ϕ (12) = 4 Mihir Bellare UCSD 11 Mihir Bellare UCSD 12

  4. Division and mod Groups INT - DIV ( a , N ) returns ( q , r ) such that • a = qN + r Let G be a non-empty set, and let · be a binary operation on G . This • 0  r < N means that for every two points a , b 2 G , a value a · b is defined. Refer to q as the quotient and r as the remainder. Then Example: G = Z ⇤ 12 and “ · ” is multiplication modulo 12, meaning a mod N = r 2 Z N a · b = ab mod 12 is the remainder when a is divided by N . Def: We say that G is a group if it has four properties called closure, Example: INT - DIV (17 , 3) = (5 , 2) and 17 mod 3 = 2. associativity, identity and inverse that we present next. Fact: If N 2 Z + then G = Z ⇤ N with a · b = ab mod N is a group. Def: a ⌘ b (mod N ) if a mod N = b mod N . Example: 17 ⌘ 14 (mod 3) Mihir Bellare UCSD 13 Mihir Bellare UCSD 14 Groups: Closure Groups: Associativity Associativity: For every a , b , c 2 G we have ( a · b ) · c = a · ( b · c ). Closure: For every a , b 2 G we have a · b is also in G . Fact: If N 2 Z + then G = Z ⇤ N with a · b = ab mod N satisfies associativity, meaning Example: G = Z 12 with a · b = ab does not have closure because 7 · 5 = 35 62 Z 12 . (( ab mod N ) c ) mod N = ( a ( bc mod N )) mod N Fact: If N 2 Z + then G = Z ⇤ N with a · b = ab mod N satisfies closure, Example: meaning (5 · 7 mod 12) · 11 mod 12 = (35 mod 12) · 11 mod 12 gcd( a , N ) = gcd( b , N ) = 1 implies gcd( ab mod N , N ) = 1 = 11 · 11 mod 12 = 1 Example: Let G = Z ⇤ 12 = { 1 , 5 , 7 , 11 } . Then 5 · (7 · 11 mod 12) mod 12 = 5 · (77 mod 12) mod 12 5 · 7 mod 12 = 35 mod 12 = 11 2 Z ⇤ 12 = 5 · 5 mod 12 = 1 Exercise: Prove the above Fact. Exercise: Given an example of a set G and a natural operation a , b 7! a · b on G that satisfies closure but not associativity. Mihir Bellare UCSD 15 Mihir Bellare UCSD 16

  5. Groups: Identity element Groups: Inverses Inverses: For every a 2 G there exists a unique b 2 G such that a · b = b · a = 1 . Identity element: There exists an element 1 2 G such that This b is called the inverse of a and is denoted a � 1 if G is understood. a · 1 = 1 · a = a for all a 2 G . Fact: If N 2 Z + and G = Z ⇤ N with a · b = ab mod N then Fact: If N 2 Z + and G = Z ⇤ N with a · b = ab mod N then 1 is the identity 8 a 2 Z ⇤ 9 b 2 Z ⇤ N such that a · b mod N = 1. N element because a · 1 mod N = 1 · a mod N = a for all a . We denote this unique inverse b by a � 1 mod N . Example: 5 � 1 mod 12 is the b 2 Z ⇤ 12 satisfying 5 b mod 12 = 1, so b = Mihir Bellare UCSD 17 Mihir Bellare UCSD 18 Groups: Inverses Exercises Inverses: For every a 2 G there exists a unique b 2 G such that Let N 2 Z + and let G = Z N . Prove that G is a group under the operation a · b = b · a = 1 . a · b = ( a + b ) mod N . This b is called the inverse of a and is denoted a � 1 if G is understood. Let n 2 Z + and let G = { 0 , 1 } n . Prove that G is a group under the Fact: If N 2 Z + and G = Z ⇤ N with a · b = ab mod N then operation a · b = a � b . 8 a 2 Z ⇤ 9 b 2 Z ⇤ N such that a · b mod N = 1. N Let n 2 Z + and let G = { 0 , 1 } n . Prove that G is not a group under the We denote this unique inverse b by a � 1 mod N . operation a · b = a ^ b . (This is bit-wise AND, for example Example: 5 � 1 mod 12 is the b 2 Z ⇤ 12 satisfying 5 b mod 12 = 1, so b = 5 0110 ^ 1101 = 0100.) Mihir Bellare UCSD 19 Mihir Bellare UCSD 20

  6. Computational Shortcuts Computational Shortcuts What is 5 · 8 · 10 · 16 mod 21? What is 5 · 8 · 10 · 16 mod 21? Slow way: First compute 5 · 8 · 10 · 16 = 40 · 10 · 16 = 400 · 16 = 6400 and then compute 6400 mod 21 = Mihir Bellare UCSD 21 Mihir Bellare UCSD 22 Computational Shortcuts Exponentiation Let G be a group and a 2 G . We let a 0 = 1 be the identity element and What is 5 · 8 · 10 · 16 mod 21? for n � 1, we let a n = a · a · · · a . Slow way: First compute | {z } n 5 · 8 · 10 · 16 = 40 · 10 · 16 = 400 · 16 = 6400 Also we let a � n = a � 1 · a � 1 · · · a � 1 . | {z } and then compute 6400 mod 21 = 16 n This ensures that for all i , j 2 Z , Fast way: • a i + j = a i · a j • 5 · 8 mod 21 = 40 mod 21 = 19 • a ij = ( a i ) j = ( a j ) i • 19 · 10 mod 21 = 190 mod 21 = 1 • a � i = ( a i ) � 1 = ( a � 1 ) i • 1 · 16 mod 21 = 16 Meaning we can manipulate exponents “as usual”. Mihir Bellare UCSD 23 Mihir Bellare UCSD 24

  7. Examples Examples Let N = 14 and G = Z ⇤ N . Then modulo N we have Let N = 14 and G = Z ⇤ N . Then modulo N we have 5 3 = 5 3 = 5 · 5 · 5 Mihir Bellare UCSD 25 Mihir Bellare UCSD 26 Examples Examples Let N = 14 and G = Z ⇤ N . Then modulo N we have Let N = 14 and G = Z ⇤ N . Then modulo N we have 5 3 = 5 · 5 · 5 ⌘ 25 · 5 ⌘ 11 · 5 ⌘ 55 ⌘ 13 5 3 = 5 · 5 · 5 ⌘ 25 · 5 ⌘ 11 · 5 ⌘ 55 ⌘ 13 and and 5 � 3 = 5 � 3 = 5 � 1 · 5 � 1 · 5 � 1 Mihir Bellare UCSD 27 Mihir Bellare UCSD 28

  8. Examples Examples Let N = 14 and G = Z ⇤ N . Then modulo N we have Let N = 14 and G = Z ⇤ N . Then modulo N we have 5 3 = 5 · 5 · 5 ⌘ 25 · 5 ⌘ 11 · 5 ⌘ 55 ⌘ 13 5 3 = 5 · 5 · 5 ⌘ 25 · 5 ⌘ 11 · 5 ⌘ 55 ⌘ 13 and and 5 � 3 = 5 � 1 · 5 � 1 · 5 � 1 ⌘ 3 · 3 · 3 5 � 3 = 5 � 1 · 5 � 1 · 5 � 1 ⌘ 3 · 3 · 3 ⌘ 27 ⌘ 13 Mihir Bellare UCSD 29 Mihir Bellare UCSD 30 Group Orders Group Orders The order of a group G is its size | G | , meaning the number of elements in The order of a group G is its size | G | , meaning the number of elements in it. it. Example: The order of Z ⇤ 21 is Example: The order of Z ⇤ 21 is 12 because Z ⇤ 21 = { 1 , 2 , 4 , 5 , 8 , 10 , 11 , 13 , 16 , 17 , 19 , 20 } Fact: Let G be a group of order m and a 2 G . Then, a m = 1 . Examples: Modulo 21 we have • 5 12 ⌘ (5 3 ) 4 ⌘ 20 4 ⌘ ( � 1) 4 ⌘ 1 • 8 12 ⌘ (8 2 ) 6 ⌘ (1) 6 ⌘ 1 Mihir Bellare UCSD 31 Mihir Bellare UCSD 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 Diffie-Hellman exponential key exchange Diffie-Hellman exponential key exchange Alice has

1 Diffie-Hellman exponential key exchange Diffie-Hellman exponential key exchange Alice has

Symmetric cryptography Both parties must agree on a secret key, K message is encrypted, sent, decrypted at other side E K (P) D K (C) Secure Communication Bob Alice Key distribution must be secret otherwise messages can be

553 views • 10 slides
How to Textbook key exchange manipulate curve standards: using standard

How to Textbook key exchange manipulate curve standards: using standard

How to Textbook key exchange manipulate curve standards: using standard point P a white paper for the black hat on a standard elliptic curve E : Alices Bobs Daniel J. Bernstein secret key a secret key b Tung

779 views • 73 slides
Bloom Filter Encryption and Applications to Efficient Forward-Secret 0-RTT Key Exchange David

Bloom Filter Encryption and Applications to Efficient Forward-Secret 0-RTT Key Exchange David

Bloom Filter Encryption and Applications to Efficient Forward-Secret 0-RTT Key Exchange David Derler , Tibor Jager , Daniel Slamanig , Christoph Striecks May 3, 2018E urocrypt 2018, Tel Aviv, Israel Key Establishment

1k views • 46 slides
Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing Constructions Moir Cryptography Issues Secret Sharing Secret Sharing Threshold Secret Sharing (Shamir, Blakely 1979) Motivation

1.32k views • 62 slides
Optimistic Fair Exchange Based on Publicly Verifiable Secret Sharing Gildas A VOINE &amp; Serge V

Optimistic Fair Exchange Based on Publicly Verifiable Secret Sharing Gildas A VOINE &amp; Serge V

COLE POLYTECHNIQUE FDRALE DE LAUSANNE Optimistic Fair Exchange Based on Publicly Verifiable Secret Sharing Gildas A VOINE &amp; Serge V AUDENAY EPFL The 9th Australasian Conference on Information Security and Privacy 13-15 July 2004,

856 views • 52 slides
VICTORIA'S SECRET THE WORLD'S BEST BRAS OVERVIEW Victoria's Secret Victoria's PINK Secret

VICTORIA'S SECRET THE WORLD'S BEST BRAS OVERVIEW Victoria's Secret Victoria's PINK Secret

NEW YORK LONDON SHANGHAI VICTORIA'S SECRET THE WORLD'S BEST BRAS OVERVIEW Victoria's Secret Victoria's PINK Secret Sport WE ARE MISSION VISION VALUES 8.1% GROWTH BY 2022 3BN DOMESTIC VALUE STATS WE OFFER LINGERIE PANTIES

340 views • 30 slides
Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is

Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is

Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is it? Any one of you knows nothing! Any two of you can figure it out! Example Applications: Nuclear launch: need at least 3 out of 5 people to

513 views • 23 slides
Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp.

Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp.

Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp. 612613 Eli Biham - May 3, 2005 c 497 Secret Sharing (17) How to Keep a Secret Key Securely Information can be secured by encryption under a

597 views • 23 slides
set to take off at the secret is out! The Secret is out! This years Emmys gift bags will be the

set to take off at the secret is out! The Secret is out! This years Emmys gift bags will be the

set to take off at the secret is out! The Secret is out! This years Emmys gift bags will be the international launchpad of a new Australian owned moisturizer specifically formulated for airline passengers and cabin crew. Aviation

493 views • 3 slides
Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last

Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last

Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last time (n,t) secret-sharing (n,n) via additive secret-sharing Shamir secret-sharing for general (n,t) Shamir secret-sharing is a linear

611 views • 14 slides
TOP SECRET DEFENCE ESTATE &amp; TOP SECRET INFRASTRUCTURE New Zealand Defence Industry

TOP SECRET DEFENCE ESTATE &amp; TOP SECRET INFRASTRUCTURE New Zealand Defence Industry

TOP SECRET DEFENCE ESTATE &amp; TOP SECRET INFRASTRUCTURE New Zealand Defence Industry Association Members Meeting 9 May 2018, Wellington UNCLASSIFIED 2 Estate Regeneration: Building DEI capability through an Alliance TOP SECRET

715 views • 17 slides
1 What makes something a secret? What is worth keeping secret? Should secrets be

1 What makes something a secret? What is worth keeping secret? Should secrets be

S E W OME N S B USINE SS : CRE T I NOUS R S , A NT OGY , AND T HE NDIGE IGHT HROPOL H INDMARSH I AND B RIDGE C ONT RSY SL ROVE 1 What makes something a secret? What is worth keeping secret? Should secrets be revealed?

260 views • 14 slides
Secret Com puters - transcript of presentation video Hi Im Kevin McCarthy and I work on secret

Secret Com puters - transcript of presentation video Hi Im Kevin McCarthy and I work on secret

Secret Com puters - transcript of presentation video Hi Im Kevin McCarthy and I work on secret computing at Inpher and Im part of team Secret Computers. Hi Im Simon Bucket I work for Standard Chartered in Financial Crime investigations.

64 views • 4 slides
Lecture Outline Review of Diffie-Hellman key exchange Looking at Authentication from a

Lecture Outline Review of Diffie-Hellman key exchange Looking at Authentication from a

Lecture Outline Review of Diffie-Hellman key exchange Looking at Authentication from a number of perspectives Today: authenticating users, services Agreeing on Secret Keys Without Prior Arrangement Diffie-Hellman Key Exchange

1.07k views • 73 slides
SECRET i. Is it the SECRET 2 - SECURITY RUN:2t1A.1.444 1. Is it the present British

SECRET i. Is it the SECRET 2 - SECURITY RUN:2t1A.1.444 1. Is it the present British

COPY SECRET SECURITY INFORAI 718 CIWULE -- SUDJECT :uestions for Presentation toL_ London, England TO: Info:L 1. Per reference a, it is requested that you secure answers to the following questions fropel Are there any basic

385 views • 11 slides
How to Keep a Secret Key Securely Information can be secured by encryption under a secret key.

How to Keep a Secret Key Securely Information can be secured by encryption under a secret key.

How to Keep a Secret Key Securely Information can be secured by encryption under a secret key. The ciphertext can be replicated. Even if one replicated copy is lost, or stolen, Secret Sharing the information

181 views • 6 slides
Interaction laws of monads and comonads Tarmo Uustalu joint work with Shin-ya Katsumata and

Interaction laws of monads and comonads Tarmo Uustalu joint work with Shin-ya Katsumata and

Interaction laws of monads and comonads Tarmo Uustalu joint work with Shin-ya Katsumata and Exequiel Rivas OWLS seminar, 29 July 2020 Effects happen in interaction To run, an effectful program behaving as a computation needs to interact with

362 views • 24 slides
Optimal Design Scenario Problem: Definition and Evaluation of Projected Hessians Min f ( y, u

Optimal Design Scenario Problem: Definition and Evaluation of Projected Hessians Min f ( y, u

Optimal Design Scenario Problem: Definition and Evaluation of Projected Hessians Min f ( y, u ) s.t. c ( y, u ) = 0 for Piggyback Optimization where y R m and u R n are state and design variables Andreas Griewank, Nicolas Gauger, Jan

270 views • 8 slides
A Tutorial on Radiation Dose and Dose Rate Kurt Sickafus Dose = Absorbed Energy Density

A Tutorial on Radiation Dose and Dose Rate Kurt Sickafus Dose = Absorbed Energy Density

A Tutorial on Radiation Dose and Dose Rate Kurt Sickafus Dose = Absorbed Energy Density Absorbed energy normalized by weight, volume, atoms, etc. 1 Gy = 1 J kg SI units 2 Water: heat to boiling point J H 2 O = 4.1813 c p g K (@

724 views • 61 slides
Hello Im Carlos Im Brad Full Stack Drupal Developer Web Designer &amp; Developer Who Are

Hello Im Carlos Im Brad Full Stack Drupal Developer Web Designer &amp; Developer Who Are

Hello Im Carlos Im Brad Full Stack Drupal Developer Web Designer &amp; Developer Who Are These Guys? Whats the Problem? DEVELOPER STRAIN NO CMS MORE EVENTS Increasing number of hosted Developers were required for Historically

1.17k views • 28 slides
Rethinking Supercompilation Neil Mitchell ICFP 2010 community.haskell.org/~ndm/supero

Rethinking Supercompilation Neil Mitchell ICFP 2010 community.haskell.org/~ndm/supero

Rethinking Supercompilation Neil Mitchell ICFP 2010 community.haskell.org/~ndm/supero Supercompilation Whole program optimisation technique From Turchin 1982 Run the program at compile time Source Program Residual Program map/map

558 views • 30 slides
Bergey Windpower Co. Bergey Windpower Co. g y g y p p Norman, OK Norman, OK Bergey

Bergey Windpower Co. Bergey Windpower Co. g y g y p p Norman, OK Norman, OK Bergey

Bergey Windpower Co. Bergey Windpower Co. g y g y p p Norman, OK Norman, OK Bergey Windpower Co. Bergey Windpower Co. A World Leader in Small Wind A World Leader in Small Wind Established in 1977, Mfg. Since 1980 Since 1980 Over

302 views • 19 slides
HOW TO AGGREGATE THE CL SIGNATURE SCHEME Dominique Schroeder* University of Maryland, USA

HOW TO AGGREGATE THE CL SIGNATURE SCHEME Dominique Schroeder* University of Maryland, USA

HOW TO AGGREGATE THE CL SIGNATURE SCHEME Dominique Schroeder* University of Maryland, USA *Partly supported by a DAAD postdoctoral fellowship AGGREGATE SIGNATURES (Boneh, Gentry, Lynn, and Shacham) sk 1 , m 1 sk i , m i sk n , m n . . . . .

214 views • 19 slides
PROGR OGRAMMING NG IN N HA HASKE KELL LL Chapter 2 - First Steps 0 Glasgow Haskell

PROGR OGRAMMING NG IN N HA HASKE KELL LL Chapter 2 - First Steps 0 Glasgow Haskell

PROGR OGRAMMING NG IN N HA HASKE KELL LL Chapter 2 - First Steps 0 Glasgow Haskell Compiler GHC is the leading implementation of Haskell, and comprises a compiler and interpreter; The interactive nature of the interpreter makes it

403 views • 23 slides

More recommend