strong cryptography from weak secrets
play

Strong Cryptography from Weak Secrets Building Efficient PKE and IBE - PowerPoint PPT Presentation

Sep 13, 2022 •302 likes •680 views

Distributed Cryptography Distributed Password Public-Key Cryptography The Decision-Linear Case Strong Cryptography from Weak Secrets Building Efficient PKE and IBE from Distributed Passwords Xavier Boyen 1 Cline Chevalier 2 Georg Fuchsbauer 3

  1. Distributed Cryptography Distributed Password Public-Key Cryptography The Decision-Linear Case Strong Cryptography from Weak Secrets Building Efficient PKE and IBE from Distributed Passwords Xavier Boyen 1 Céline Chevalier 2 Georg Fuchsbauer 3 David Pointcheval 3 5 May 2010 1 Université de Liège, Belgium 2 Telecom ParisTech, Paris, France 3 École normale supérieure, Paris, France 1/24

  2. Distributed Cryptography Distributed Password Public-Key Cryptography The Decision-Linear Case Our Contribution Abdalla, Boyen, Chevalier, Pointcheval: Distributed Public-Key Cryptography from Weak Secrets PKC 2009 2/24

  3. Distributed Cryptography Distributed Password Public-Key Cryptography The Decision-Linear Case Our Contribution Abdalla, Boyen, Chevalier, Pointcheval: Distributed Public-Key Cryptography from Weak Secrets PKC 2009 Extend their results DDH → DLIN ABCP09 ElGamal encryption Ours Linear encryption, identity-based encryption Practical simulation-sound NIZKs ABCP09 Impractical generic construction or random oracles Ours Practical standard-model construction 2/24

  4. Distributed Cryptography Distributed Password Public-Key Cryptography The Decision-Linear Case Outline Distributed Cryptography 1 Distributed Password Public-Key Cryptography 2 Introduction Outline of Security Model Construction of Public Key Decryption The Decision-Linear Case 3 3/24

  5. Distributed Cryptography Distributed Password Public-Key Cryptography The Decision-Linear Case Outline Distributed Cryptography 1 Distributed Password Public-Key Cryptography 2 Introduction Outline of Security Model Construction of Public Key Decryption The Decision-Linear Case 3 4/24

  6. Distributed Cryptography Distributed Password Public-Key Cryptography The Decision-Linear Case Introduction Goal of distributed cryptography Base security not on a single person → Distribute the secret key among several persons − 5/24

  7. Distributed Cryptography Distributed Password Public-Key Cryptography The Decision-Linear Case Introduction Goal of distributed cryptography Base security not on a single person → Distribute the secret key among several persons − Example: safe with several locks 5/24

  8. Distributed Cryptography Distributed Password Public-Key Cryptography The Decision-Linear Case Introduction Goal of distributed cryptography Base security not on a single person → Distribute the secret key among several persons − Example: safe with several locks Every responsable possesses one key A B C D 5/24

  9. Distributed Cryptography Distributed Password Public-Key Cryptography The Decision-Linear Case Introduction Goal of distributed cryptography Base security not on a single person → Distribute the secret key among several persons − Example: safe with several locks Every responsable possesses one key → Presence of all responsables necessary − A B C D 5/24

  10. Distributed Cryptography Distributed Password Public-Key Cryptography The Decision-Linear Case ElGamal Encryption Key distribution Every player P i chooses sk i (big size and thus high entropy) P i publishes pk i = g sk i n Π Global public key: pk = i = 1 pk i n ∑ Secret key: sk = sk i i = 1 6/24

  11. Distributed Cryptography Distributed Password Public-Key Cryptography The Decision-Linear Case ElGamal Encryption Decryption Every player publishes pk i = g sk i n Π Global public key: pk = i = 1 pk i n ∑ Secret key: sk = sk i i = 1 Parameters: G cyclic, g generator and h = g sk Cyphertext: c = E ( m ; r ) = ( mh r , g r ) Every player publishes ( g r ) sk i Multiplying all shares gives ( g r ) sk = h r thus mh r / h r = m 6/24

  12. Introduction Distributed Cryptography Outline of Security Model Distributed Password Public-Key Cryptography Construction of Public Key The Decision-Linear Case Decryption Outline Distributed Cryptography 1 Distributed Password Public-Key Cryptography 2 Introduction Outline of Security Model Construction of Public Key Decryption The Decision-Linear Case 3 7/24

  13. Introduction Distributed Cryptography Outline of Security Model Distributed Password Public-Key Cryptography Construction of Public Key The Decision-Linear Case Decryption Outline Distributed Cryptography 1 Distributed Password Public-Key Cryptography 2 Introduction Outline of Security Model Construction of Public Key Decryption The Decision-Linear Case 3 8/24

  14. Introduction Distributed Cryptography Outline of Security Model Distributed Password Public-Key Cryptography Construction of Public Key The Decision-Linear Case Decryption Introduction Disadvantage Every user must memorize a key of high entropy → Use passwords − 9/24

  15. Introduction Distributed Cryptography Outline of Security Model Distributed Password Public-Key Cryptography Construction of Public Key The Decision-Linear Case Decryption Introduction Disadvantage Every user must memorize a key of high entropy → Use passwords − Passwords in public-key cryptography? If pk i = g pw i → Attack by testing every password pw: g pw ? = pk i − Offline dictionary attack 9/24

  16. Introduction Distributed Cryptography Outline of Security Model Distributed Password Public-Key Cryptography Construction of Public Key The Decision-Linear Case Decryption Introduction Disadvantage Every user must memorize a key of high entropy → Use passwords − Passwords in public-key cryptography? If pk i = g pw i → Attack by testing every password pw: g pw ? = pk i − Offline dictionary attack Best of both worlds Use many passwords to construct distributed key of high entropy 9/24

  17. Introduction Distributed Cryptography Outline of Security Model Distributed Password Public-Key Cryptography Construction of Public Key The Decision-Linear Case Decryption Distributed Password Public-Key Cryptography Model by [ABCP09] n players P 1 , ..., P n One particular player: group leader , P 1 n − 1 “mercenaries”, controlled by P 1 Every P i chooses a password pw i No assumption of secure channels, Communication controlled by the adversary who can corrupt players 10/24

  18. Introduction Distributed Cryptography Outline of Security Model Distributed Password Public-Key Cryptography Construction of Public Key The Decision-Linear Case Decryption Outline Distributed Cryptography 1 Distributed Password Public-Key Cryptography 2 Introduction Outline of Security Model Construction of Public Key Decryption The Decision-Linear Case 3 11/24

  19. Introduction Distributed Cryptography Outline of Security Model Distributed Password Public-Key Cryptography Construction of Public Key The Decision-Linear Case Decryption Universal Composability Principle Real world Ideal world Protocol Ideal Functionality properties of the protocol adversary’s goals adversary’s means 12/24

  20. Introduction Distributed Cryptography Outline of Security Model Distributed Password Public-Key Cryptography Construction of Public Key The Decision-Linear Case Decryption Universal Composability Principle Real world Ideal world Protocol Ideal Functionality properties of the protocol adversary’s goals adversary’s means Players Virtual players 12/24

  21. Introduction Distributed Cryptography Outline of Security Model Distributed Password Public-Key Cryptography Construction of Public Key The Decision-Linear Case Decryption Universal Composability Principle Real world Ideal world Protocol Ideal Functionality properties of the protocol adversary’s goals adversary’s means Players Virtual players Adversary Simulator (to construct) Indistinguishability of the two worlds 12/24

  22. Introduction Distributed Cryptography Outline of Security Model Distributed Password Public-Key Cryptography Construction of Public Key The Decision-Linear Case Decryption Proof principle Summary There exists an adversary A passive or active static or adaptive A impersonating players with passwords of his choice We have to construct a simulator plays the role of the virtual players that are not corrupted by the adversary Simulator does not know passwords chosen by adversary The two worlds must be indistinguishable → Need means to extract the passwords from the adversary − 13/24

  23. Introduction Distributed Cryptography Outline of Security Model Distributed Password Public-Key Cryptography Construction of Public Key The Decision-Linear Case Decryption Proof principle Summary There exists an adversary S A passive or active static or adaptive A S impersonating players with passwords of his choice S S We have to construct a simulator plays the role of the virtual players that are not corrupted by the adversary Simulator does not know passwords chosen by adversary The two worlds must be indistinguishable → Need means to extract the passwords from the adversary − 13/24

  24. Introduction Distributed Cryptography Outline of Security Model Distributed Password Public-Key Cryptography Construction of Public Key The Decision-Linear Case Decryption Outline Distributed Cryptography 1 Distributed Password Public-Key Cryptography 2 Introduction Outline of Security Model Construction of Public Key Decryption The Decision-Linear Case 3 14/24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Password-Based Cryptography: Strong Security from Weak Secrets Anja Lehmann IBM Research

Password-Based Cryptography: Strong Security from Weak Secrets Anja Lehmann IBM Research

Password-Based Cryptography: Strong Security from Weak Secrets Anja Lehmann IBM Research Zurich based on joint work with Jan Camenisch, Anna Lysyanskaya & Gregory Neven ROADMAP Password-Based Authentication How to make password

1.43k views • 43 slides
13. The Weak Law and the Strong Law of Large Numbers James Bernoulli proved the weak law of large

13. The Weak Law and the Strong Law of Large Numbers James Bernoulli proved the weak law of large

13. The Weak Law and the Strong Law of Large Numbers James Bernoulli proved the weak law of large numbers (WLLN) around 1700 which was published posthumously in 1713 in his treatise Ars Conjectandi. Poisson generalized Bernoullis theorem

516 views • 15 slides
Computer-aided cryptography Gilles Barthe IMDEA Software Institute, Madrid, Spain December 1,

Computer-aided cryptography Gilles Barthe IMDEA Software Institute, Madrid, Spain December 1,

Computer-aided cryptography Gilles Barthe IMDEA Software Institute, Madrid, Spain December 1, 2015 Introduction Two models of cryptography: Computational: strong guarantees but complex proofs Symbolic: automated proofs but weak

1.42k views • 26 slides
Reveal Secrets in Adoring Poitras A generic attack on white-box cryptography Junwei Wang

Reveal Secrets in Adoring Poitras A generic attack on white-box cryptography Junwei Wang

Reveal Secrets in Adoring Poitras A generic attack on white-box cryptography Junwei Wang CryptoExperts University of Luxembourg University of Paris 8 ECRYPT-NET School on Correct and Secure Implementation October 11, 2017, Crete Outline 1

595 views • 26 slides
HOST Physical Unclonable Functions II ECE 525 Weak PUF vs Strong PUF The distinction is rooted

HOST Physical Unclonable Functions II ECE 525 Weak PUF vs Strong PUF The distinction is rooted

HOST Physical Unclonable Functions II ECE 525 Weak PUF vs Strong PUF The distinction is rooted in the security properties of their challenge-response pairs One definition of a Strong PUF : Even after giving a adversary access to the PUF instance

446 views • 33 slides
Modelling and Verification Lecture 4 Properties of strong bisimilarity (reprise) Bisimulation

Modelling and Verification Lecture 4 Properties of strong bisimilarity (reprise) Bisimulation

Strong Bisimilarity (Reprise) Weak Bisimilarity Case Study: Communication Protocol Congruence Problems Modelling and Verification Lecture 4 Properties of strong bisimilarity (reprise) Bisimulation games Weak bisimilarity and weak

872 views • 47 slides
Artificial Intelligence Introduction, a Brief History, & Intelligent Agents Strong vs. Weak

Artificial Intelligence Introduction, a Brief History, & Intelligent Agents Strong vs. Weak

Artificial Intelligence Introduction, a Brief History, & Intelligent Agents Strong vs. Weak A.I. Strong A.I. Machines with an intelligence that matches or exceeds that of humans. Weak A.I. Machines can only act intelligently

934 views • 34 slides
Modelling and Verification Lecture 4 Weak bisimilarity and weak bisimulation games Properties of

Modelling and Verification Lecture 4 Weak bisimilarity and weak bisimulation games Properties of

Strong Bisimilarity (Reprise) Weak Bisimilarity Case Study: Communication Protocol Congruence Problems Modelling and Verification Lecture 4 Weak bisimilarity and weak bisimulation games Properties of weak bisimilarity Example: a

587 views • 24 slides
6-D Weak-Strong Simulation of RHIC head-on beam-beam compensation Yun Luo and Wolfram Fischer,

6-D Weak-Strong Simulation of RHIC head-on beam-beam compensation Yun Luo and Wolfram Fischer,

6-D Weak-Strong Simulation of RHIC head-on beam-beam compensation Yun Luo and Wolfram Fischer, BNL LARP CM14, FNAL, April 26-28, 2010 What's New in Coding Since CM13 What's New in Coding Since CM13 1. 6-D weak-strong beam-beam interaction a

630 views • 13 slides
Whispered Secrets Eleanor McHugh Whispered Secrets @feyeleanor http://leanpub.com/GoNotebook

Whispered Secrets Eleanor McHugh Whispered Secrets @feyeleanor http://leanpub.com/GoNotebook

Whispered Secrets Eleanor McHugh Whispered Secrets @feyeleanor http://leanpub.com/GoNotebook we all have secrets and these secrets matter to us thats what makes them secrets software should keep our secrets some secrets are awful

1k views • 75 slides
Preservation of strong mixing and weak dependence under renewal sampling Imma Valentina Curato

Preservation of strong mixing and weak dependence under renewal sampling Imma Valentina Curato

Introduction -Weak Dependence Preservation Preservation of strong mixing and weak dependence under renewal sampling Imma Valentina Curato based on a joint work with D. Brandes and R. Stelzer Institute of Mathematical Finance, University of

430 views • 20 slides
Previous class Cognitive adequacy (Strube) strong (SCA) vs weak (WCA) WCA

Previous class Cognitive adequacy (Strube) strong (SCA) vs weak (WCA) WCA

Previous class Cognitive adequacy (Strube) strong (SCA) vs weak (WCA) WCA dimensions Tasks (reading, writing, using) Facets Learning (acuainted, competent, expert) Productivity (rate of task completion over

875 views • 31 slides
CFP Board Proposed Standards: Too Weak, Too Strong, or Just Right? WealthManagement.com Tuesday,

CFP Board Proposed Standards: Too Weak, Too Strong, or Just Right? WealthManagement.com Tuesday,

CFP Board Proposed Standards: Too Weak, Too Strong, or Just Right? WealthManagement.com Tuesday, August 15, 2017 Split Screen of Threats and Opportunities Opportunity and change Industry opposition to DOL Rule, regulation, New

288 views • 12 slides
https://xkcd.com/538/ Cryptocurrencies & Security on the Blockchain Cryptography Review

https://xkcd.com/538/ Cryptocurrencies & Security on the Blockchain Cryptography Review

https://xkcd.com/538/ Cryptocurrencies & Security on the Blockchain Cryptography Review Prof. Tom Austin San Jos State University Goals of Cryptography Confidentiality Protecting secrets Integrity Notice when something

980 views • 42 slides
The Logic of Secrets LAMAS 2020, 8 May 2020 Thomas gotnes University of Bergen, Norway

The Logic of Secrets LAMAS 2020, 8 May 2020 Thomas gotnes University of Bergen, Norway

The Logic of Secrets LAMAS 2020, 8 May 2020 Thomas gotnes University of Bergen, Norway Southwest University (SWU), China Zuojun Xiong, SWU Yuzhi Zhang, SWU Secrets Of fundamental importance in, e.g., safety and security cryptography

747 views • 47 slides
Message Transmission and Key Establishment: Conditions for Equality of Weak and Strong Capacities

Message Transmission and Key Establishment: Conditions for Equality of Weak and Strong Capacities

Message Transmission and Key Establishment: Conditions for Equality of Weak and Strong Capacities Hadi Ahmadi University of Calgary (joint work with Reihaneh Safavi-Naini) October 25, 2012 1 / 20 Overview Secrecy capacity Secure message

407 views • 19 slides
machine learning JOE GARDINER (@THECYBERJOE) Who am I? Final year PhD student at Lancaster

machine learning JOE GARDINER (@THECYBERJOE) Who am I? Final year PhD student at Lancaster

Tricking binary trees: The (in)security of machine learning JOE GARDINER (@THECYBERJOE) Who am I? Final year PhD student at Lancaster University President Lancaster University Ethical Hacking Group (LUHack) Joining University of

1.41k views • 65 slides
S ecurit e des protocoles cryptographiques : aspects logiques et calculatoires Mathieu

S ecurit e des protocoles cryptographiques : aspects logiques et calculatoires Mathieu

Introduction Symbolic analysis Constraint solving Computational justification Conclusion S ecurit e des protocoles cryptographiques : aspects logiques et calculatoires Mathieu Baudet Laboratoire Sp ecification et V erification

963 views • 58 slides
Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks

Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks

Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg Free-Net Ian Clarke, Oskar Sandberg, Brandon Wiley, Theodore Hong, 2000 Goal - peer-to-peer network -

746 views • 36 slides
Hash Proof Systems and Password Protocols II Password-Authenticated Key Exchange David

Hash Proof Systems and Password Protocols II Password-Authenticated Key Exchange David

Hash Proof Systems and Password Protocols II Password-Authenticated Key Exchange David Pointcheval CNRS, Ecole normale sup erieure/PSL & INRIA 8th BIU Winter School Key Exchange February 2018 CNRS/ENS/PSL/INRIA David

319 views • 14 slides
hashing Nov. 10, 2017 1 RECALL: Map keys (type K) values (type V) Each (key, value) pairs is

hashing Nov. 10, 2017 1 RECALL: Map keys (type K) values (type V) Each (key, value) pairs is

COMP 250 Lecture 27 hashing Nov. 10, 2017 1 RECALL: Map keys (type K) values (type V) Each (key, value) pairs is an entry. For each key, there is at most one value. 2 RECALL Special Case: keys are unique positive integers in

783 views • 36 slides
Proposal for Translating Cryptology Terms to Hebrew Yossi Markovitz initiated this list. Ron

Proposal for Translating Cryptology Terms to Hebrew Yossi Markovitz initiated this list. Ron

Proposal for Translating Cryptology Terms to Hebrew Yossi Markovitz initiated this list. Ron Irmai, Shraga Irmai, Adi Shamir, Moti Yung, Orr Dunkelman and Roni Roth contributed various terms and had var- ious suggestions that improved this list.

542 views • 10 slides
Empirical Comparison of PETRARCH-1 and 2 Verb Dictionaries Philip A. Schrodt Parus Analytics

Empirical Comparison of PETRARCH-1 and 2 Verb Dictionaries Philip A. Schrodt Parus Analytics

Empirical Comparison of PETRARCH-1 and 2 Verb Dictionaries Philip A. Schrodt Parus Analytics Charlottesville, Virginia, USA schrodt735@gmail.com Presented at the RIDIR Event Data Project Annual Meeting University of Texas at Dallas, 11

505 views • 27 slides
Introduction to Logic in Computer Science: Autumn 2007 Ulle Endriss Institute for Logic,

Introduction to Logic in Computer Science: Autumn 2007 Ulle Endriss Institute for Logic,

Tableaux for Propositional Logic ILCS 2007 Introduction to Logic in Computer Science: Autumn 2007 Ulle Endriss Institute for Logic, Language and Computation University of Amsterdam Ulle Endriss 1 Tableaux for Propositional Logic ILCS 2007

587 views • 34 slides

More recommend