tools for symmetric key provable security
play

Tools for Symmetric Key Provable Security Mridul Nandi Indian - PowerPoint PPT Presentation

Mar 09, 2023 •743 likes •1.48k views

Probability in Cryptography Two Tools: H-Coefficient and 2 Some Constructions and Applications Tools for Symmetric Key Provable Security Mridul Nandi Indian Statistical Institute, Kolkata ASK Workshop, Changsha 10 Dec. 2017 1 / 72

  1. Probability in Cryptography Two Tools: H-Coefficient and χ 2 Some Constructions and Applications Tools for Symmetric Key Provable Security Mridul Nandi Indian Statistical Institute, Kolkata ASK Workshop, Changsha 10 Dec. 2017 1 / 72

  2. Probability in Cryptography Two Tools: H-Coefficient and χ 2 Some Constructions and Applications Outline of the talk 1 Probability in Cryptography Well Known Distribution in Cryptography Some Metrics on Probability Distributions Two Tools: H-Coefficient and χ 2 2 H-Coefficient Technique Mirror theory χ 2 Method 3 Some Constructions and Applications Encrypted Davies-Meyer (EDM) Construction Truncation Construction Sum of Permutations Construction 2 / 72

  3. Probability in Cryptography Well Known Distribution in Cryptography Two Tools: H-Coefficient and χ 2 Some Metrics on Probability Distributions Some Constructions and Applications Outline of the talk 1 Probability in Cryptography Well Known Distribution in Cryptography Some Metrics on Probability Distributions 2 Two Tools: H-Coefficient and χ 2 H-Coefficient Technique Mirror theory χ 2 Method 3 Some Constructions and Applications Encrypted Davies-Meyer (EDM) Construction Truncation Construction Sum of Permutations Construction 3 / 72

  4. Probability in Cryptography Well Known Distribution in Cryptography Two Tools: H-Coefficient and χ 2 Some Metrics on Probability Distributions Some Constructions and Applications Outline of the talk 1 Probability in Cryptography Well Known Distribution in Cryptography Some Metrics on Probability Distributions Two Tools: H-Coefficient and χ 2 2 H-Coefficient Technique Mirror theory χ 2 Method 3 Some Constructions and Applications Encrypted Davies-Meyer (EDM) Construction Truncation Construction Sum of Permutations Construction 4 / 72

  5. Probability in Cryptography Well Known Distribution in Cryptography Two Tools: H-Coefficient and χ 2 Some Metrics on Probability Distributions Some Constructions and Applications Notations for Probability 1 X ← Ω: X is a random variable with sample space Ω. 2 Pr X denotes the probability function of X . 3 For an event E ⊆ Ω we denote the probability of the event E realized by X as Pr X ( E ) or Pr( X ∈ E ) 4 Pr X ( E | F ) is the conditional probability defined only when Pr X ( F ) is positive and it is defined as Pr X ( E ∩ F ) / Pr X ( F ) . 5 / 72

  6. Probability in Cryptography Well Known Distribution in Cryptography Two Tools: H-Coefficient and χ 2 Some Metrics on Probability Distributions Some Constructions and Applications Notations for Probability 1 x t := ( x 1 , . . . , x t ) for any positive t . X t := ( X 1 , . . . , X t ) ← Ω = Ω 1 × · · · × Ω t is also called joint random variable. 2 We denote Pr( X i = x i | X i − 1 = x i − 1 ) as Pr X ( x i | x i − 1 ). 3 Let X ← Ω, f : Ω → R then � Ex ( f ( X )) = f ( x ) Pr X ( x ) . x ∈ Ω 4 If X is a real valued random variable Var ( X ) = E (( X − Ex ( X )) 2 ) . 6 / 72

  7. Probability in Cryptography Well Known Distribution in Cryptography Two Tools: H-Coefficient and χ 2 Some Metrics on Probability Distributions Some Constructions and Applications Notations for Probability 1 x t := ( x 1 , . . . , x t ) for any positive t . X t := ( X 1 , . . . , X t ) ← Ω = Ω 1 × · · · × Ω t is also called joint random variable. 2 We denote Pr( X i = x i | X i − 1 = x i − 1 ) as Pr X ( x i | x i − 1 ). 3 Let X ← Ω, f : Ω → R then � Ex ( f ( X )) = f ( x ) Pr X ( x ) . x ∈ Ω 4 If X is a real valued random variable Var ( X ) = E (( X − Ex ( X )) 2 ) . 7 / 72

  8. Probability in Cryptography Well Known Distribution in Cryptography Two Tools: H-Coefficient and χ 2 Some Metrics on Probability Distributions Some Constructions and Applications With and Without Replacement Sample 1 Examples . In statistics with replacement (WR) and without replacement sample (WOR) sampling are very popular. 2 U := ( U 1 , . . . , U t ) ← wr S says that U ← $ S t . So we specify Pr U completely as Pr U ( x t ) = |S| − t . 3 WOR sample V := ( V 1 , . . . , V t ) ← wor S is specified through conditional probability as Pr V ( x i | x i − 1 ) = 1 |S|− i +1 , for all distinct x 1 , . . . , x i ∈ S . 8 / 72

  9. Probability in Cryptography Well Known Distribution in Cryptography Two Tools: H-Coefficient and χ 2 Some Metrics on Probability Distributions Some Constructions and Applications With and Without Replacement Sample 1 Examples . In statistics with replacement (WR) and without replacement sample (WOR) sampling are very popular. 2 U := ( U 1 , . . . , U t ) ← wr S says that U ← $ S t . So we specify Pr U completely as Pr U ( x t ) = |S| − t . 3 WOR sample V := ( V 1 , . . . , V t ) ← wor S is specified through conditional probability as Pr V ( x i | x i − 1 ) = 1 |S|− i +1 , for all distinct x 1 , . . . , x i ∈ S . 9 / 72

  10. Probability in Cryptography Well Known Distribution in Cryptography Two Tools: H-Coefficient and χ 2 Some Metrics on Probability Distributions Some Constructions and Applications Why do we study WR and WOR in Cryptography? 1 Let f ← $ Func ( D, R ) (random function). Then, for any distinct x 1 , . . . , x q ∈ D , ( f ( x 1 ) , . . . , f ( x q )) ← wr R. 2 If π ← $ Perm ( R ) (random permutation - we use it for block cipher or permutation in the ideal model) then ( π ( x 1 ) , . . . , π ( x q )) ← wor R. 3 The both results are true even if x i ’s are some functions of y i − 1 where y j = f ( x j ) (or y j = π ( x j )). This happens for adaptive adversary interacting with f or π . 10 / 72

  11. Probability in Cryptography Well Known Distribution in Cryptography Two Tools: H-Coefficient and χ 2 Some Metrics on Probability Distributions Some Constructions and Applications Why do we study WR and WOR in Cryptography? 1 Let f ← $ Func ( D, R ) (random function). Then, for any distinct x 1 , . . . , x q ∈ D , ( f ( x 1 ) , . . . , f ( x q )) ← wr R. 2 If π ← $ Perm ( R ) (random permutation - we use it for block cipher or permutation in the ideal model) then ( π ( x 1 ) , . . . , π ( x q )) ← wor R. 3 The both results are true even if x i ’s are some functions of y i − 1 where y j = f ( x j ) (or y j = π ( x j )). This happens for adaptive adversary interacting with f or π . 11 / 72

  12. Probability in Cryptography Well Known Distribution in Cryptography Two Tools: H-Coefficient and χ 2 Some Metrics on Probability Distributions Some Constructions and Applications Why do we study WR and WOR in Cryptography? 1 Let f ← $ Func ( D, R ) (random function). Then, for any distinct x 1 , . . . , x q ∈ D , ( f ( x 1 ) , . . . , f ( x q )) ← wr R. 2 If π ← $ Perm ( R ) (random permutation - we use it for block cipher or permutation in the ideal model) then ( π ( x 1 ) , . . . , π ( x q )) ← wor R. 3 The both results are true even if x i ’s are some functions of y i − 1 where y j = f ( x j ) (or y j = π ( x j )). This happens for adaptive adversary interacting with f or π . 12 / 72

  13. Probability in Cryptography Well Known Distribution in Cryptography Two Tools: H-Coefficient and χ 2 Some Metrics on Probability Distributions Some Constructions and Applications Why do we study WR and WOR in Cryptography? 1 In cryptography blockcipher modeled to be pseudorandom permutation. 2 This means (using hybrid argument) that we can replace random permutation instead of a blockcipher. 3 Consider the XOR construction: E K ( x � 0) ⊕ E K ( x � 1). 4 If we replace blockcipher by random permutation, te output distribution of the XOR construction is same as X t where X 1 = V 1 ⊕ V 2 , . . . , X t = V 2 t − 1 ⊕ V 2 t and ( V 1 , . . . , V t ) ← wor { 0 , 1 } n . 13 / 72

  14. Probability in Cryptography Well Known Distribution in Cryptography Two Tools: H-Coefficient and χ 2 Some Metrics on Probability Distributions Some Constructions and Applications Why do we study WR and WOR in Cryptography? 1 In cryptography blockcipher modeled to be pseudorandom permutation. 2 This means (using hybrid argument) that we can replace random permutation instead of a blockcipher. 3 Consider the XOR construction: E K ( x � 0) ⊕ E K ( x � 1). 4 If we replace blockcipher by random permutation, te output distribution of the XOR construction is same as X t where X 1 = V 1 ⊕ V 2 , . . . , X t = V 2 t − 1 ⊕ V 2 t and ( V 1 , . . . , V t ) ← wor { 0 , 1 } n . 14 / 72

  15. Probability in Cryptography Well Known Distribution in Cryptography Two Tools: H-Coefficient and χ 2 Some Metrics on Probability Distributions Some Constructions and Applications Outline of the talk 1 Probability in Cryptography Well Known Distribution in Cryptography Some Metrics on Probability Distributions Two Tools: H-Coefficient and χ 2 2 H-Coefficient Technique Mirror theory χ 2 Method 3 Some Constructions and Applications Encrypted Davies-Meyer (EDM) Construction Truncation Construction Sum of Permutations Construction 15 / 72

  16. Probability in Cryptography Well Known Distribution in Cryptography Two Tools: H-Coefficient and χ 2 Some Metrics on Probability Distributions Some Constructions and Applications Total variation Definition Total variation (or statistical distance) is a metric on the set of probability functions over Ω. � P 0 − P 1 � = 1 � | P 0 ( x ) − P 1 ( x ) | . 2 x ∈ Ω 16 / 72

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Another Look at Provable Security Alfred Menezes (joint work with Sanjit Chatterjee, Neal

Another Look at Provable Security Alfred Menezes (joint work with Sanjit Chatterjee, Neal

Another Look at Provable Security Alfred Menezes (joint work with Sanjit Chatterjee, Neal Koblitz, Palash Sarkar) EUROCRYPT 2012 1 Provable security Goal: To prove that a protocol P is secure with respect to a computational problem or

1.32k views • 91 slides
The fundamental goal of provable security D. J. Bernstein University of Illinois at

The fundamental goal of provable security D. J. Bernstein University of Illinois at

The fundamental goal of provable security D. J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Lets focus on what provable security is trying to do. Lets not get distracted by current

623 views • 9 slides
Outline Cryptographic Algorithm Engineering and Provable Security Crypto refresher

Outline Cryptographic Algorithm Engineering and Provable Security Crypto refresher

Bart Preneel September 2007 Cryptographic Algorithm Engineering and Provable Security Outline Cryptographic Algorithm Engineering and Provable Security Crypto refresher Basic concepts Foundations of Security Analysis and

958 views • 31 slides
Introduction to Provable Security Alejandro Hevia Dept. of Computer Science, Universidad de

Introduction to Provable Security Alejandro Hevia Dept. of Computer Science, Universidad de

Introduction to Provable Security Introduction to Provable Security Alejandro Hevia Dept. of Computer Science, Universidad de Chile Advanced Crypto School, Florian opolis October 17, 2013 1/77 Introduction to Cryptography Part I

1.15k views • 99 slides
Provable Security in Cryptography ----- DL-based Systems ECC - Sept 24th 2002 - Essen David

Provable Security in Cryptography ----- DL-based Systems ECC - Sept 24th 2002 - Essen David

Provable Security in Cryptography ----- DL-based Systems ECC - Sept 24th 2002 - Essen David Pointcheval Ecole normale suprieure France Summary Summary The Methodology of Provable Security Complexity Assumptions

351 views • 24 slides
Beyond Provable Security: Verifiable IND-CCA Security of OAEP Gilles Barthe 1 Benjamin Grgoire 2

Beyond Provable Security: Verifiable IND-CCA Security of OAEP Gilles Barthe 1 Benjamin Grgoire 2

Beyond Provable Security: Verifiable IND-CCA Security of OAEP Gilles Barthe 1 Benjamin Grgoire 2 Yassine Lakhnech 3 Santiago Zanella Beguelin 1 1 IMDEA Software, Madrid, Spain 2 INRIA Sophia Antipolis - Mditerrane, France 2 VERIMAG, CNRS

675 views • 14 slides
Revisiting MAC Forgeries, Weak Keys and Provable Security of GCM Bo Zhu, Yin Tan and Guang Gong

Revisiting MAC Forgeries, Weak Keys and Provable Security of GCM Bo Zhu, Yin Tan and Guang Gong

Revisiting MAC Forgeries, Weak Keys and Provable Security of GCM Bo Zhu, Yin Tan and Guang Gong University of Waterloo, Canada CANS 2013 Nov 20, 2013 1 of 28 MAC Forgeries, Weak Keys and Provable Security of GCM Galois/Counter Mode (GCM)

957 views • 56 slides
Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com

Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com

Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com MCrypt Seminar Aug. 11th 2014 Outline 1 Introduction 2 Modeling side-channel leakage 3 Achieving provable security against SCA

1.62k views • 92 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security fail?

758 views • 72 slides
CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools Cryptographic Tools Cryptographic algorithms important element in security services Review various types of elements symmetric encryption secure

1.27k views • 23 slides
Group Key Exchange and Provable Security joint work with E. Bresson and O. Chevassut David

Group Key Exchange and Provable Security joint work with E. Bresson and O. Chevassut David

Group Key Exchange and Provable Security joint work with E. Bresson and O. Chevassut David Pointcheval Dpartement dInformatique ENS - CNRS David.Pointcheval@ens.fr http://www.di.ens.fr/~pointche Overview Overview Provable

365 views • 21 slides
Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security Authentication not required. i.e., Adversary allowed to send own messages (possibly error) Key/ Key/ Recv Enc Dec Send Replay SIM-CCA

192 views • 16 slides
Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security

Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security

Summary Summary Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security Asymmetric Encryption Rennes January 2004 New Schemes Joint work with Duong Hieu Phan David Pointcheval David Pointcheval

638 views • 8 slides
On the Provable Security of the Dragonfly protocol Jean Lancrenon 1 Marjan krobot 1 1

On the Provable Security of the Dragonfly protocol Jean Lancrenon 1 Marjan krobot 1 1

PAKEs Dragonfly Results Conclusion On the Provable Security of the Dragonfly protocol Jean Lancrenon 1 Marjan krobot 1 1 Interdisciplinary Centre for Security, Reliability and Trust University of Luxembourg ISC 2015 1 / 18 PAKEs

915 views • 65 slides
AEZ v2 2. Enciphering-based AE 3. Robust-AE 4. Accelerated provable-security Authenticated

AEZ v2 2. Enciphering-based AE 3. Robust-AE 4. Accelerated provable-security Authenticated

1. Why we created AEZ AEZ v2 2. Enciphering-based AE 3. Robust-AE 4. Accelerated provable-security Authenticated Encryption 5. Components FF0 and EME4 by Enciphering 6. AEZ Extensions Viet Tung Hoang Ted Krovetz

721 views • 31 slides
Provable Security Evaluation of Structures against Impossible Differential and Zero Correlation

Provable Security Evaluation of Structures against Impossible Differential and Zero Correlation

Outline Introduction Preliminaries Impossible differential Conclusion Provable Security Evaluation of Structures against Impossible Differential and Zero Correlation Linear Cryptanalysis Jian Guo Nanyang Technological University, Singapore

796 views • 51 slides
Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (Indian

Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (Indian

Introduction Idealized Combined Feedback Construction : iCOFB Specification for COFB Hardware Implimentation Results of COFB Conclusion Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (Indian Statistical

457 views • 35 slides
Optimal three-treatment response-adaptive designs for phase III clinical trials with binary

Optimal three-treatment response-adaptive designs for phase III clinical trials with binary

Optimal three-treatment response-adaptive designs for phase III clinical trials with binary responses Atanu Biswas Indian Statistical Institute, Kolkata, India atanu@isical.ac.in Saumen Mandal University of Manitoba, Winnipeg, Canada saumen

173 views • 14 slides
Stability of INEX 2007 Evaluation Measures Sukomal Pal Mandar Mitra Arnab Chakraborty { sukomal

Stability of INEX 2007 Evaluation Measures Sukomal Pal Mandar Mitra Arnab Chakraborty { sukomal

Stability of INEX 2007 Evaluation Measures Sukomal Pal Mandar Mitra Arnab Chakraborty { sukomal r, mandar } @isical.ac.in arnabc@stanfordalumni.org Information Retrieval Lab, CVPR Unit Indian Statistical Institute Kolkata - 700108, India. ISI

674 views • 35 slides
Different Features of ELmD, EME Based Authenticated Encryption Schemes Nilanjan Datta and Mridul

Different Features of ELmD, EME Based Authenticated Encryption Schemes Nilanjan Datta and Mridul

ELmD Authenticated Encryption Scheme EME based Authenticated Encryption Schemes Comparative Study of ELmD with other EME based AEs Different Features of ELmD, EME Based Authenticated Encryption Schemes Nilanjan Datta and Mridul Nandi Indian

364 views • 20 slides
On Dihedral Group Invariant Boolean Functions (Extended Abstract) Subhamoy Maitra 1 Sumanta

On Dihedral Group Invariant Boolean Functions (Extended Abstract) Subhamoy Maitra 1 Sumanta

Motivation Our Results/Contribution Summary On Dihedral Group Invariant Boolean Functions (Extended Abstract) Subhamoy Maitra 1 Sumanta Sarkar 1 Deepak Kumar Dalai 2 1 Applied Statistics Unit Indian Statistical Institute, Kolkata. 2 Project

1.16k views • 87 slides
Using Negative Information in Search Sauparna Palchowdhury Sukomal Pal Mandar Mitra Indian

Using Negative Information in Search Sauparna Palchowdhury Sukomal Pal Mandar Mitra Indian

Using Negative Information in Search Sauparna Palchowdhury Sukomal Pal Mandar Mitra Indian Statistical Institute 203 B T Road, Kolkata 700108 West Bengal, India February 18, 2011 Introduction Problem Verbose queries give users more

341 views • 20 slides
A generalization of unitaries T. S. S. R. K. Rao StatMath Unit Indian Statistical Institute

A generalization of unitaries T. S. S. R. K. Rao StatMath Unit Indian Statistical Institute

A generalization of unitaries T. S. S. R. K. Rao StatMath Unit Indian Statistical Institute R. V. College P.O. Bangalore 560059, India, E-mail : tss@isibang.ac.in Abstract: In this talk we give a new geometric generalization of the notion

504 views • 16 slides
Stefano Rovetta University of Genova Department of Computer and Information Sciences ICT for

Stefano Rovetta University of Genova Department of Computer and Information Sciences ICT for

ICT for Eu-India cross-cultural dissemination Co-financed by the European Commission Stefano Rovetta University of Genova Department of Computer and Information Sciences ICT for Eu-India cross-cultural dissemination Workgroup 8 Semantic

502 views • 32 slides

More recommend