com 2 mac workshop on cryptography
play

Com 2 MaC Workshop on Cryptography 26-28 june 2000 - Pohang - South - PDF document

Aug 11, 2023 •369 likes •660 views

Com 2 MaC Workshop on Cryptography 26-28 june 2000 - Pohang - South Korea Secure Designs for Public-Key Cryptography based on the Discrete Logarithm David Pointcheval Dpartement d Informatique ENS - CNRS David.Pointcheval@ens.fr

  1. Com 2 MaC Workshop on Cryptography 26-28 june 2000 - Pohang - South Korea Secure Designs for Public-Key Cryptography based on the Discrete Logarithm David Pointcheval Département d ’Informatique ENS - CNRS David.Pointcheval@ens.fr http://www.di.ens.fr/~pointche Overview Overview ◆ Introduction ◆ Security Arguments ◆ Signature ◆ Encryption ◆ Conclusion David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 2

  2. Com 2 MaC Workshop on Cryptography 26-28 june 2000 - Pohang - South Korea Introduction David Pointcheval Département d ’Informatique ENS - CNRS David.Pointcheval@ens.fr http://www.di.ens.fr/~pointche Cryptography Cryptography Cryptography: to solve security concerns Authentication ⇒ signature Integrity ⇒ encryption Confidentiality David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 4

  3. Authentication/Integrity Authentication/Integrity Authentication Algorithm � Verification Algorithm � � σ m � True/False m Security: it is impossible to produce a new valid pair ( m, σ ) David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 5 Encryption Encryption Encryption Algorithm � Decryption Algorithm � � � c m m Security: it is impossible to get back m just from c David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 6

  4. Foundations Foundations To build such primitives, one needs (trapdoor) one-way functions : x → y = f ( x ) is easy (Encryption, Verification) y = f ( x ) → x is difficult (Decryption, Signature) David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 7 Conventional Cryptography Conventional Cryptography k k � � c m m f is an intricate network of � k = f k permutations/substitutions, � k = f k -1 parameterized by a secret key f k and f k -1 are both “easy” to compute with k f k and f k -1 are both “difficult” to compute without k difficult: heuristic! David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 8

  5. Modern Cryptography Modern Cryptography k e k d � � c m m f is a non P-problem (no polynomial algorithm) � k e ( x ) = instance I of f from k e , for which x is a solution � k d ( I ) = solution of I “easy” to build an instance with a known solution “difficult” to solve an instance (but easy with k d ) difficult: complexity theory David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 9 One- -Way Functions Way Functions One ◆ �� -complete problems: ● hard in the worst-case what about the average case? ● hard asymptotically what about the difficulty of instances of reasonable size (few bytes)? ⇒ quite few candidates (for signature) ◆ Number Theory: ● factorization ⇒ RSA, etc ● discrete logarithm ⇒ Diffie-Hellman, etc David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 10

  6. The Discrete Logarithm The Discrete Logarithm ◆ Let � = (< g >, × ) be any cyclic group of order q (noted multiplicatively) ◆ For any y ∈ � , one defines Log g ( y ) = min{ x > 0 | y = g x } ◆ One-way function → y = g x ● x easy ● y = g x → x seems difficult David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 11 Various Groups Various Groups � = sub-group of ◆ � p * , � n * ⇒ sub-exponential (NFS) ◆ an elliptic curve ⇒ exponential (in general) ◆ a Jacobian ⇒ exponential (in general) ◆ other ● ideals of number fields (NICE) ● braid group, … David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 12

  7. Any Trapdoor …? Any Trapdoor …? ◆ The Discrete Logarithm is difficult But no information could make it easier! ◆ The Diffie-Hellman Problem (1976): ◆ Given A=g a and B=g b ◆ Compute DH ( A,B ) = C=g ab Clearly DH ≤ DL: with a =Log g A , C=B a C-DH Assumption: the DH-problem is intractable David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 13 Another DL- -based Problem based Problem Another DL The Decisional Diffie-Hellman Problem : ◆ Given A, B and C in <g> ◆ Decide whether C = DH ( A,B ) Clearly D-DH ≤ DH ≤ DL D-DH Assumption: the D-DH-problem is intractable David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 14

  8. Application: El Gamal Gamal Encryption Encryption Application: El = (< g >, × ) group of order q ◆ ◆ x : secret key ◆ y=g x : public key public ( ) ( , ) ( , ) = a a → m g y m c d secret ( , ) / = x c d d c One-Wayness = C-DH Semantic Security = D-DH David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 15 Com 2 MaC Workshop on Cryptography 26-28 june 2000 - Pohang - South Korea Security Arguments David Pointcheval Département d ’Informatique ENS - CNRS David.Pointcheval@ens.fr http://www.di.ens.fr/~pointche

  9. Security Notions Security Notions Depending on the security concerns, one defines ◆ the goals that an adversary may would like to reach ◆ the means/information available for the adversary David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 17 Security Proofs Security Proofs One provides a reduction from a “difficult” problem P to an attack Atk : ◆ � reaches the “prohibited” goals ⇒ � can be used to break P ◆ no further hypothesis: standard model ◆ but that rarely leads to efficiency! ⇒ some assumptions David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 18

  10. Security Arguments Security Arguments One provides a reduction from a “difficult” problem P to an attack Atk , under some ideal assumptions: ● ideal random hash function: random oracle model ● ideal symmetric encryption: ideal cipher model ● ideal group: generic model (generic adversaries) The weakest: Random Oracle Model (ROM) David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 19 Com 2 MaC Workshop on Cryptography 26-28 june 2000 - Pohang - South Korea Signature David Pointcheval Département d ’Informatique ENS - CNRS David.Pointcheval@ens.fr http://www.di.ens.fr/~pointche

  11. Authentication Authentication Authentication Algorithm � Verification Algorithm � k a k v � σ m � True/False m Security: it is impossible to produce a new valid pair ( m, σ ) David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 21 Security Notions Security Notions Total Break: to recover the secret key Universal Forgery: to be able to sign any message Existential Forgery: to produce a new valid pair ( m , σ ) (possibly m is without any meaning) David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 22

  12. Kinds of Attacks Kinds of Attacks no-message: the adversary just knows the public key known-message: she knows some message-signature pairs (adaptively) chosen-message she has access to a signature oracle David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 23 Secure Signature Secure Signature A Signature Scheme is said SECURE if it prevents any existential forgery even under adaptively chosen-message attacks Then, the signature guarantees: ● the identity of the sender ● the non-repudiation: the sender won’t be able to deny it later David Pointcheval Secure Designs for Public-Key Cryptography based on the Discrete Logarithm ENS-CNRS Pohang - South Korea - June 26th 2000 - 24

Recommend

Cryptography for Embedded Devices Tobias Oder Ruhr-University Bochum Workshop on Cryptography

Cryptography for Embedded Devices Tobias Oder Ruhr-University Bochum Workshop on Cryptography

Efficient Implementation of Lattice-based Cryptography for Embedded Devices Tobias Oder Ruhr-University Bochum Workshop on Cryptography for the 09.11.2017 Internet of Things and Cloud 2017 Lattice-based Cryptography Set of vectors in n

601 views • 27 slides
Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About

Standardization of post-quantum cryptography Tanja Lange 08 May 2016 A Workshop About Cryptographic Standards History of post-quantum cryptography 2003 Daniel J. Bernstein introduces term Post-quantum cryptography. PQCrypto 2006:

623 views • 23 slides
HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &amp;

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &amp;

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &amp; http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect

273 views • 24 slides
Cryptography Made to Measure Workshop on Applied Cryptography Matt Robshaw NTU, Singapore

Cryptography Made to Measure Workshop on Applied Cryptography Matt Robshaw NTU, Singapore

Cryptography Made to Measure Workshop on Applied Cryptography Matt Robshaw NTU, Singapore Orange Labs December 3, 2020 Paris, France Orange Labs A New Kind of Network Telecommunication companies like France Tlcom / Orange are

601 views • 36 slides
Tweaking Code-Based Cryptography for Embedded Systems DIMACS Workshop on The Mathematics of

Tweaking Code-Based Cryptography for Embedded Systems DIMACS Workshop on The Mathematics of

Tweaking Code-Based Cryptography for Embedded Systems DIMACS Workshop on The Mathematics of Post-Quantum Cryptography Tim Gneysu, Ingo von Maurich 1/12/2015 Horst Grtz Institute for IT-Security, Ruhr-Universitt Bochum, Germany Motivation

920 views • 70 slides
Error-correcting codes and Cryptography Henk van Tilborg Code-based Cryptography Workshop

Error-correcting codes and Cryptography Henk van Tilborg Code-based Cryptography Workshop

Error-correcting codes and Cryptography Henk van Tilborg Code-based Cryptography Workshop Eindhoven, May 11-12, 2011 1/45 CONTENTS I Error-correcting codes; the basics II Quasi-cyclic codes; codes generated by circulants III Cyclic codes

556 views • 45 slides
Microarchitectural Attacks in the Cloud Thomas Eisenbarth 07.11.2017 Workshop on Cryptography

Microarchitectural Attacks in the Cloud Thomas Eisenbarth 07.11.2017 Workshop on Cryptography

Microarchitectural Attacks in the Cloud Thomas Eisenbarth 07.11.2017 Workshop on Cryptography for the Internet of Things and Cloud Ruhr-Universitt Bochum Outline Cloud and Cryptography Co-Location in the Cloud Cache Attacks in the

2.23k views • 37 slides
Whats the worst that could happen? Eric Rescorla RTFM, Inc. DIMACS Workshop on Cryptography:

Whats the worst that could happen? Eric Rescorla RTFM, Inc. DIMACS Workshop on Cryptography:

Whats the worst that could happen? Eric Rescorla RTFM, Inc. DIMACS Workshop on Cryptography: Theory Meets Practice Overview Cryptography alone doesnt do much Real systems combine primitives into protocols Protocols treat primitives

630 views • 39 slides
Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M,

Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M,

Karlstad University Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M, C, E, D, K) M: the set of plaintexts C: the set of ciphertexts E: M x K -&gt; C enciphering functions D: C x K

446 views • 40 slides
NIST Lightweight Cryptography Workshop 2015 Session VII: Implementations &amp; Performance

NIST Lightweight Cryptography Workshop 2015 Session VII: Implementations &amp; Performance

NIST Lightweight Cryptography Workshop 2015 Session VII: Implementations &amp; Performance Performance of State-of-the-Art Cryptography on ARM-based Microprocessors Hannes Tschofenig &amp; Manuel Pegourie-Gonnard (Hannes.Tschofenig@arm.com,

509 views • 40 slides
Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY Plaintext Cyphertext More definitions block cipher stream cipher hash function shared key public key digital signature

383 views • 16 slides
Security on the Line: Modern Curve-based Cryptography Joost Renes SCA Workshop 18 June 2019

Security on the Line: Modern Curve-based Cryptography Joost Renes SCA Workshop 18 June 2019

Security on the Line: Modern Curve-based Cryptography Joost Renes SCA Workshop 18 June 2019 Modern curve-based cryptography Modern curve-based cryptography 1 / 11 Modern curve-based cryptography Internet of Things Size &amp; speed

1.39k views • 97 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 20th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do? Authentication

711 views • 47 slides
Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

322 views • 11 slides
Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

453 views • 11 slides
Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy Authentication Prevention of alteration Lecture 4 Page 1 CS 236 Online Cryptography and Secrecy Pretty obvious Only those knowing the

303 views • 15 slides
Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but

Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but

Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but hard-to-solve problems were discovered. Computational Complexity, by Fu Yuxi Cryptography 1 / 75 Cryptography is closely related to some

785 views • 76 slides
Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information

1.95k views • 154 slides
Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography Symmetric cryptography DES 3DES AES Asymmetric cryptography Diffie-Hellman key exchange 2 Modern cryptography Moving into

338 views • 16 slides
Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is cryptography? Related fields: Cryptography (&quot;secret writing&quot;): Making secret messages Turning plaintext (an ordinary readable message)

1.2k views • 57 slides
Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU

Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU

Privacy Preserving Protocols Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU Leuven - COSIC 20 November 2012 Privacy Preserving Protocols Introduction Cryptography in Daily Life RFID Privacy

1.04k views • 60 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 CCA Security SIM-CCA Security (PKE) Recv Send PK/Enc SK/Dec Replay Filter Secure (and correct) if: s.t. output of is distributed

1.26k views • 101 slides
Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Cryptography Public Key Cryptography Concepts of Public Key Cryptography Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia Prepared by Steven Gordon on 20 Feb 2020, public.tex, r1803 1

421 views • 7 slides
Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography

Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography

Homomorphic Cryptography &amp; Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography Bike lock of Internet Provides many important building blocks for security For example, encryption or

699 views • 31 slides

More recommend