full indifferentiable security of the xor of two or more
play

Full Indifferentiable Security of the Xor of Two or More Random - PowerPoint PPT Presentation

Feb 04, 2023 •172 likes •1.8k views

Full Indifferentiable Security of the Xor of Two or More Random Permutations Using the 2 Method Srimanta Bhattacharya and Mridul Nandi Indian Statistical Institute, Kolkata. Eurocrypt 2018 Tel Aviv, Israel 30th April, 2018 Outline 1

  1. Introduction XORP and XORP [ k ] PRF-Security: Indistinguishability PRF-Security: Indistinguishability $ XORP A XORP ( A ) ∶ = ∣ Pr [A XORP → 1 ] − Pr [A $ → 1 ]∣ Adv prf Focus on information theoretic security of XORP . A comutationally unbounded. A deterministic. Restrict A to q queries. 1 = ( X 1 , 1 ,...,X 1 ,q ) , XORP and $ returns X q 2 = ( X 2 , 1 ,...,X 2 ,q ) ∈ Ω q X q Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  2. Introduction XORP and XORP [ k ] PRF-Security: Indistinguishability PRF-Security: Indistinguishability $ XORP A XORP ( A ) ∶ = ∣ Pr [A XORP → 1 ] − Pr [A $ → 1 ]∣ Adv prf Focus on information theoretic security of XORP . A comutationally unbounded. A deterministic. Restrict A to q queries. 1 = ( X 1 , 1 ,...,X 1 ,q ) , XORP and $ returns X q 2 = ( X 2 , 1 ,...,X 2 ,q ) ∈ Ω q X q Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  3. Introduction XORP and XORP [ k ] PRF-Security: Indistinguishability PRF-Security: Indistinguishability $ XORP A XORP ( A ) ∶ = ∣ Pr [A XORP → 1 ] − Pr [A $ → 1 ]∣ Adv prf Focus on information theoretic security of XORP . A comutationally unbounded. A deterministic. Restrict A to q queries. 1 = ( X 1 , 1 ,...,X 1 ,q ) , XORP and $ returns X q 2 = ( X 2 , 1 ,...,X 2 ,q ) ∈ Ω q X q XORP [ k ] (A) ≤ max E⊆ Ω q ∑ x q ∈E ( Pr [ X q 1 = x q ] − Pr [ X q 2 = x q ]) . Adv prf Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  4. Introduction XORP and XORP [ k ] PRF-Security Results Upper Bounds on Adv prf XORP (A) and Adv prf XORP [ k ] (A) 3 Bellare and Impagliazzo, 1999: O ( nq 2 ) for XORP 2 3 N Lucks, 2000: O ( q k + 1 N k ) for XORP [ k ] ,k ≥ 2 . Patarin, 2008, Patarin, 2013: O ( q N ) Cogliati et al., 2014: O ( q k + 2 N k + 1 ) , O (( kq 2 k + 2 N 2 k + 1 ) 3 ) for XORP [ k ] Dai et al., 2017: O ( q N ) for XORP . XORP [ k ] ( A ) = Adv prf XORP ( A ) Mennink and Preneel, 2015: Adv prf Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  5. Introduction Indifferentiability Moving from Secret to Public Permutation Moving from Secret to Public Permutation In PRF-security (indistinguishability) setting permuatations remain secret. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  6. Introduction Indifferentiability Moving from Secret to Public Permutation Moving from Secret to Public Permutation In PRF-security (indistinguishability) setting permuatations remain secret. Motivation behind making the permutations public Sometimes block ciphers are instantiated with fixed keys. Many unkeyed permutations are designed as an underlying primitive of encryption Bertoni et al., 2011a, MAC Bertoni et al., 2011b, hash functions Bertoni et al., 2013, Rivest et al., 2008, Wu, 2011, Gauravaram et al., 2009 CAESAR candidates have been analyzed in the public permutation model. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  7. Introduction Indifferentiability Indifferentiable-Security Notion Indifferentiable-Security Notion Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  8. Introduction Indifferentiability Indifferentiable-Security Notion Indifferentiable-Security Notion Real World Ideal World F T S G A Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  9. Introduction Indifferentiability Indifferentiable-Security Notion Indifferentiable-Security Notion Real World Ideal World F T S G A T F , G S ( A ) = ∣ Pr [A T , F → 1 ] − Pr [A G , S → 1 ]∣ . Adv diff Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  10. Introduction Indifferentiability Indifferentiable-Security Notion Indifferentiable-Security Notion Real World Ideal World F T S G A T F , G S ( A ) = ∣ Pr [A T , F → 1 ] − Pr [A G , S → 1 ]∣ . Adv diff Maurer et al., 2004 ∃ S s.t. Adv diff T F , G S (A) ⇒ T is indifferentiable is negligible ∀ adversary A . from G . Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  11. Introduction Indifferentiability Indifferentiability of XORP Indifferentiability of XORP Π = ( Π 0 , Π 1 , Π − 1 0 , Π − 1 1 ) $ XORP S A Purpose of S is to simulate Π such that ( XORP , Π ) is indistinguishable from ( $ , S ) . S has oracle access to $. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  12. Introduction Indifferentiability Indifferentiability of XORP Real World and Ideal World Real World: Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  13. Introduction Indifferentiability Indifferentiability of XORP Real World and Ideal World Real World: Construction Query: A queries with x . XORP returns Π 0 ( x ) ⊕ Π 1 ( x ) to A . Primitive Query: Forward Query: A queries Π 0 or Π 1 with x and gets Π 0 ( x ) or Π 1 ( x ) . Backward Query: A queries Π 0 or Π 1 with y 0 ( y ) or and obtains Π − 1 1 ( y ) . Π − 1 Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  14. Introduction Indifferentiability Indifferentiability of XORP Real World and Ideal World Real World: Ideal World: Construction Query: A queries with x . XORP returns Π 0 ( x ) ⊕ Π 1 ( x ) to A . Primitive Query: Forward Query: A queries Π 0 or Π 1 with x and gets Π 0 ( x ) or Π 1 ( x ) . Backward Query: A queries Π 0 or Π 1 with y 0 ( y ) or and obtains Π − 1 1 ( y ) . Π − 1 Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  15. Introduction Indifferentiability Indifferentiability of XORP Real World and Ideal World Real World: Ideal World: Random Function Query: $ returns $ ( x ) . Construction Query: A queries with x . XORP Simulator Query: returns Π 0 ( x ) ⊕ Π 1 ( x ) to Forward Query: A A . queries S with ( x,b ) . S returns V b ∈ { 0 , 1 } n . Primitive Query: Backward Query: A Forward Query: A queries S with ( y,b ) . S queries Π 0 or Π 1 with x and gets Π 0 ( x ) or Π 1 ( x ) . returns V b ∈ { 0 , 1 } n ∪ {�} . Backward Query: A � indicates that S queries Π 0 or Π 1 with y aborted after certain 0 ( y ) or and obtains Π − 1 number of iterations. 1 ( y ) . Π − 1 Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  16. Introduction Indifferentiability Indifferentiability of XORP Goal Purpose of S is to simulate Π such that ( XORP , Π ) is indistinguishable from ( $ , S ) . V b should be close to Π b (or Π − 1 b in case of backward query). Construct S such that XORP , $ ( A ) = ∣ Pr [ A XORP , Π → 1 ] − Pr [ A $ , S → 1 ]∣ Adv diff should be negligible. Restrict A to q queries and obtain a concrete upper bound on XORP , $ ( A ) (in terms of parameters q and n ) Adv diff Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  17. Introduction Indifferentiability Results Results Construction Best known bound Our bound √ q 3 / 2 2 n Mennink and Preneel, 2015 q / 2 n XORP √ XORP [ k ] 2 nk ( k ≥ 4 even) Lee, 2017 q / 2 n q k + 1 Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  18. Introduction Techniques Mirror Theory Mirror Theory and It’s Limitations Introduced in Patarin, 2010; motivated from the PRF-security of XORP [ k ] type constructions. Lower bound on the number of solutions satisfying a system of linear equations involving exactly two variables. ✓ Together with the × Complex: some stpes are not H-coefficient technique clear. × Limitation in indifferentiability provides a bound on the setting: PRF-security of XORP . × No equation in single variable ✓ Powerful: Optimal security × Adversary can make public of EDM, EWCDM, permutation calls. Need to etc. Mennink and Neves, 2017a, consider single variable Mennink and Neves, 2017b equations. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  19. χ 2 Method Introduction Techniques χ 2 Method X q ∶= ( X 1 ,...,X q ) and Z q ∶= ( Z 1 ,...,Z q ) distributed over Ω q = Ω × ⋯ × Ω according to P 0 and P 1 respectively. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  20. χ 2 Method Introduction Techniques χ 2 Method X q ∶= ( X 1 ,...,X q ) and Z q ∶= ( Z 1 ,...,Z q ) distributed over Ω q = Ω × ⋯ × Ω according to P 0 and P 1 respectively. P 0 ∣ x i − 1 ( x i ) = Pr [ X i = x i ∣ X 1 = x 1 ,...,X i − 1 = x i − 1 ] , P 1 ∣ x i − 1 ( x i ) = Pr [ Z i = x i ∣ Z 1 = x 1 ,...,Z i − 1 = x i − 1 ] . Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  21. χ 2 Method Introduction Techniques χ 2 Method X q ∶= ( X 1 ,...,X q ) and Z q ∶= ( Z 1 ,...,Z q ) distributed over Ω q = Ω × ⋯ × Ω according to P 0 and P 1 respectively. P 0 ∣ x i − 1 ( x i ) = Pr [ X i = x i ∣ X 1 = x 1 ,...,X i − 1 = x i − 1 ] , P 1 ∣ x i − 1 ( x i ) = Pr [ Z i = x i ∣ Z 1 = x 1 ,...,Z i − 1 = x i − 1 ] . Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  22. χ 2 Method Introduction Techniques χ 2 Method X q ∶= ( X 1 ,...,X q ) and Z q ∶= ( Z 1 ,...,Z q ) distributed over Ω q = Ω × ⋯ × Ω according to P 0 and P 1 respectively. P 0 ∣ x i − 1 ( x i ) = Pr [ X i = x i ∣ X 1 = x 1 ,...,X i − 1 = x i − 1 ] , P 1 ∣ x i − 1 ( x i ) = Pr [ Z i = x i ∣ Z 1 = x 1 ,...,Z i − 1 = x i − 1 ] . Definition Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  23. χ 2 Method Introduction Techniques χ 2 Method X q ∶= ( X 1 ,...,X q ) and Z q ∶= ( Z 1 ,...,Z q ) distributed over Ω q = Ω × ⋯ × Ω according to P 0 and P 1 respectively. P 0 ∣ x i − 1 ( x i ) = Pr [ X i = x i ∣ X 1 = x 1 ,...,X i − 1 = x i − 1 ] , P 1 ∣ x i − 1 ( x i ) = Pr [ Z i = x i ∣ Z 1 = x 1 ,...,Z i − 1 = x i − 1 ] . Definition ∥ P 0 − P 1 ∥ ∶= 1 2 ∑ x q ∈ Ω q ∣ P 0 ( x q ) − P 1 ( x q )∣ . Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  24. χ 2 Method Introduction Techniques χ 2 Method X q ∶= ( X 1 ,...,X q ) and Z q ∶= ( Z 1 ,...,Z q ) distributed over Ω q = Ω × ⋯ × Ω according to P 0 and P 1 respectively. P 0 ∣ x i − 1 ( x i ) = Pr [ X i = x i ∣ X 1 = x 1 ,...,X i − 1 = x i − 1 ] , P 1 ∣ x i − 1 ( x i ) = Pr [ Z i = x i ∣ Z 1 = x 1 ,...,Z i − 1 = x i − 1 ] . Definition ∥ P 0 − P 1 ∥ ∶= 1 2 ∑ x q ∈ Ω q ∣ P 0 ( x q ) − P 1 ( x q )∣ . ( P 0 ∣ xi − 1 ( x i )− P 1 ∣ xi − 1 ( x i )) 2 χ 2 ( x i − 1 ) = χ 2 ( P 0 ∣ x i − 1 , P 1 ∣ x i − 1 ) ∶= ∑ x i ∈ Ω . P 1 ∣ xi − 1 ( x i ) Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  25. χ 2 Method Introduction Techniques χ 2 Method X q ∶= ( X 1 ,...,X q ) and Z q ∶= ( Z 1 ,...,Z q ) distributed over Ω q = Ω × ⋯ × Ω according to P 0 and P 1 respectively. P 0 ∣ x i − 1 ( x i ) = Pr [ X i = x i ∣ X 1 = x 1 ,...,X i − 1 = x i − 1 ] , P 1 ∣ x i − 1 ( x i ) = Pr [ Z i = x i ∣ Z 1 = x 1 ,...,Z i − 1 = x i − 1 ] . Definition ∥ P 0 − P 1 ∥ ∶= 1 2 ∑ x q ∈ Ω q ∣ P 0 ( x q ) − P 1 ( x q )∣ . ( P 0 ∣ xi − 1 ( x i )− P 1 ∣ xi − 1 ( x i )) 2 χ 2 ( x i − 1 ) = χ 2 ( P 0 ∣ x i − 1 , P 1 ∣ x i − 1 ) ∶= ∑ x i ∈ Ω . P 1 ∣ xi − 1 ( x i ) Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  26. χ 2 Method Introduction Techniques χ 2 Method X q ∶= ( X 1 ,...,X q ) and Z q ∶= ( Z 1 ,...,Z q ) distributed over Ω q = Ω × ⋯ × Ω according to P 0 and P 1 respectively. P 0 ∣ x i − 1 ( x i ) = Pr [ X i = x i ∣ X 1 = x 1 ,...,X i − 1 = x i − 1 ] , P 1 ∣ x i − 1 ( x i ) = Pr [ Z i = x i ∣ Z 1 = x 1 ,...,Z i − 1 = x i − 1 ] . Definition ∥ P 0 − P 1 ∥ ∶= 1 2 ∑ x q ∈ Ω q ∣ P 0 ( x q ) − P 1 ( x q )∣ . ( P 0 ∣ xi − 1 ( x i )− P 1 ∣ xi − 1 ( x i )) 2 χ 2 ( x i − 1 ) = χ 2 ( P 0 ∣ x i − 1 , P 1 ∣ x i − 1 ) ∶= ∑ x i ∈ Ω . P 1 ∣ xi − 1 ( x i ) Theorem (Dai et al., 2017) ∥ P 0 − P 1 ∥ ≤ ( 1 i = 1 Ex [ χ 2 ( X i − 1 )]) 1 2 ∑ q 2 Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  27. χ 2 Method Introduction Techniques χ 2 Method(contd..) Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  28. χ 2 Method Introduction Techniques χ 2 Method(contd..) Ingredients Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  29. χ 2 Method Introduction Techniques χ 2 Method(contd..) Ingredients 1 Pinsker’s inequality, 2 chain rule of Kullback-Leibler divergence (KL divergence), and 3 Jensen’s inequality. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  30. χ 2 Method Introduction Techniques χ 2 Method(contd..) Ingredients 1 Pinsker’s inequality, 2 chain rule of Kullback-Leibler divergence (KL divergence), and 3 Jensen’s inequality. Applications Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  31. χ 2 Method Introduction Techniques χ 2 Method(contd..) Ingredients 1 Pinsker’s inequality, 2 chain rule of Kullback-Leibler divergence (KL divergence), and 3 Jensen’s inequality. Applications 1 PRF-security of the truncated random permutation in Stam, 1978. 2 Full PRF-security of XORP and improved PRF-security of EDM in Dai et al., 2017. 3 Full PRF-security of the variable output length XOR pseudorandom functions in Bhattacharya and Nandi, 2018. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  32. Simulator and Transcript Simulator for XORP Simulator Overview SIM FWD and SIM BCK S consists of a pair of stateful randomized algorithms Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  33. Simulator and Transcript Simulator for XORP Simulator Overview SIM FWD and SIM BCK S consists of a pair of stateful randomized algorithms SIM FWD - algorithm for forward queries Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  34. Simulator and Transcript Simulator for XORP Simulator Overview SIM FWD and SIM BCK S consists of a pair of stateful randomized algorithms SIM FWD - algorithm for forward queries SIM BCK - algorithm for backward queries Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  35. Simulator and Transcript Simulator for XORP Simulator Overview SIM FWD and SIM BCK S consists of a pair of stateful randomized algorithms SIM FWD - algorithm for forward queries SIM BCK - algorithm for backward queries S tries to be consistent with the XORP by ‘consulting’ with $. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  36. Simulator and Transcript Simulator for XORP Simulator Overview SIM FWD and SIM BCK S consists of a pair of stateful randomized algorithms SIM FWD - algorithm for forward queries SIM BCK - algorithm for backward queries S tries to be consistent with the XORP by ‘consulting’ with $. Tries to maintain $ ( x ) = SIM FWD ( x, 0 ) ⊕ SIM FWD ( x, 1 ) for x ∈ { 0 , 1 } n . Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  37. Simulator and Transcript Simulator for XORP Simulator Overview SIM FWD and SIM BCK S consists of a pair of stateful randomized algorithms SIM FWD - algorithm for forward queries SIM BCK - algorithm for backward queries S tries to be consistent with the XORP by ‘consulting’ with $. Tries to maintain $ ( x ) = SIM FWD ( x, 0 ) ⊕ SIM FWD ( x, 1 ) for x ∈ { 0 , 1 } n . If it fails (during backward queries only) after n attempts SIM BCK returns � . Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  38. Simulator and Transcript Simulator for XORP Simulator Overview Internal State Sets D , R 0 , and R 1 simulate the domain of Π 0 and Π 1 and their ranges respectively. Lists (indexed by elements of D ) L 0 , L 1 - simulate the input-output mappings of Π 0 and Π 1 respectively. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  39. Simulator and Transcript Simulator for XORP Simulator Overview Internal State Sets D , R 0 , and R 1 simulate the domain of Π 0 and Π 1 and their ranges respectively. Lists (indexed by elements of D ) L 0 , L 1 - simulate the input-output mappings of Π 0 and Π 1 respectively. For b ∈ { 0 , 1 } ,x ∈ D ,y ∈ R b , L b ( x ) = y implies Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  40. Simulator and Transcript Simulator for XORP Simulator Overview Internal State Sets D , R 0 , and R 1 simulate the domain of Π 0 and Π 1 and their ranges respectively. Lists (indexed by elements of D ) L 0 , L 1 - simulate the input-output mappings of Π 0 and Π 1 respectively. For b ∈ { 0 , 1 } ,x ∈ D ,y ∈ R b , L b ( x ) = y implies V b = y was output on a forward query ( x,b ) , or Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  41. Simulator and Transcript Simulator for XORP Simulator Overview Internal State Sets D , R 0 , and R 1 simulate the domain of Π 0 and Π 1 and their ranges respectively. Lists (indexed by elements of D ) L 0 , L 1 - simulate the input-output mappings of Π 0 and Π 1 respectively. For b ∈ { 0 , 1 } ,x ∈ D ,y ∈ R b , L b ( x ) = y implies V b = y was output on a forward query ( x,b ) , or V b = x was output on a backward query ( y,b ) Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  42. Simulator and Transcript Simulator for XORP Simulator Overview Internal State Sets D , R 0 , and R 1 simulate the domain of Π 0 and Π 1 and their ranges respectively. Lists (indexed by elements of D ) L 0 , L 1 - simulate the input-output mappings of Π 0 and Π 1 respectively. For b ∈ { 0 , 1 } ,x ∈ D ,y ∈ R b , L b ( x ) = y implies V b = y was output on a forward query ( x,b ) , or V b = x was output on a backward query ( y,b ) For all x ∈ D , the relationship L 0 ( x ) ⊕ L 1 ( x ) = $ ( x ) is always satisfied. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  43. Simulator and Transcript Simulator for XORP Simulator Detail SIM FWD Data : x ∈ { 0 , 1 } n ,b ∈ { 0 , 1 } Result : V b ∈ { 0 , 1 } n if x ∈ D then return L b ( x ) end Z ← $ ( x ) V b ← $ { 0 , 1 } n ∖ {R b ∪ { Z ⊕ R 1 − b }} R b ← R b ∪ { V b } , R 1 − b ← R 1 − b ∪ { Z ⊕ V b } D ← D ∪ { x } L b ( x ) ← V b , L 1 − b ( x ) ← Z ⊕ V b return V b Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  44. Simulator and Transcript Simulator for XORP Simulator Detail SIM FWD Data : x ∈ { 0 , 1 } n ,b ∈ { 0 , 1 } Result : V b ∈ { 0 , 1 } n if x ∈ D then return L b ( x ) end Z ← $ ( x ) V b ← $ { 0 , 1 } n ∖ {R b ∪ { Z ⊕ R 1 − b }} R b ← R b ∪ { V b } , R 1 − b ← R 1 − b ∪ { Z ⊕ V b } D ← D ∪ { x } L b ( x ) ← V b , L 1 − b ( x ) ← Z ⊕ V b return V b Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  45. Simulator and Transcript Simulator for XORP Simulator Detail SIM FWD Data : x ∈ { 0 , 1 } n ,b ∈ { 0 , 1 } Result : V b ∈ { 0 , 1 } n if x ∈ D then return L b ( x ) end Z ← $ ( x ) V b ← $ { 0 , 1 } n ∖ {R b ∪ { Z ⊕ R 1 − b }} R b ← R b ∪ { V b } , R 1 − b ← R 1 − b ∪ { Z ⊕ V b } D ← D ∪ { x } L b ( x ) ← V b , L 1 − b ( x ) ← Z ⊕ V b return V b Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  46. Simulator and Transcript Simulator for XORP Simulator Detail SIM FWD Data : x ∈ { 0 , 1 } n ,b ∈ { 0 , 1 } Result : V b ∈ { 0 , 1 } n if x ∈ D then return L b ( x ) end Z ← $ ( x ) V b ← $ { 0 , 1 } n ∖ {R b ∪ { Z ⊕ R 1 − b }} R b ← R b ∪ { V b } , R 1 − b ← R 1 − b ∪ { Z ⊕ V b } D ← D ∪ { x } L b ( x ) ← V b , L 1 − b ( x ) ← Z ⊕ V b return V b Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  47. Simulator and Transcript Simulator for XORP Simulator Detail SIM BCK Data : y ∈ { 0 , 1 } n ,b ∈ { 0 , 1 } Result : V b ∈ { 0 , 1 } n ∪ {⊥} if y = L b ( x ) for x ∈ D then return x D ′ ← D repeat V b ← $ { 0 , 1 } n ∖ D ′ , Z ← $ ( V b ) if Z ⊕ y ∉ R 1 − b then D ← D ∪ { V b } , R b ← R b ∪ { y } , L b ( V b ) ← y, R 1 − b ← R 1 − b ∪ { Z ⊕ y } , L 1 − b ( V b ) ← Z ⊕ y return V b end D ′ ← D ′ ∪ { V b } until n times ; return � Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  48. Simulator and Transcript Simulator for XORP Simulator Detail SIM BCK Data : y ∈ { 0 , 1 } n ,b ∈ { 0 , 1 } Result : V b ∈ { 0 , 1 } n ∪ {⊥} if y = L b ( x ) for x ∈ D then return x D ′ ← D repeat V b ← $ { 0 , 1 } n ∖ D ′ , Z ← $ ( V b ) if Z ⊕ y ∉ R 1 − b then D ← D ∪ { V b } , R b ← R b ∪ { y } , L b ( V b ) ← y, R 1 − b ← R 1 − b ∪ { Z ⊕ y } , L 1 − b ( V b ) ← Z ⊕ y return V b end D ′ ← D ′ ∪ { V b } until n times ; return � Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  49. Simulator and Transcript Simulator for XORP Simulator Detail SIM BCK Data : y ∈ { 0 , 1 } n ,b ∈ { 0 , 1 } Result : V b ∈ { 0 , 1 } n ∪ {⊥} if y = L b ( x ) for x ∈ D then return x D ′ ← D repeat V b ← $ { 0 , 1 } n ∖ D ′ , Z ← $ ( V b ) if Z ⊕ y ∉ R 1 − b then D ← D ∪ { V b } , R b ← R b ∪ { y } , L b ( V b ) ← y, R 1 − b ← R 1 − b ∪ { Z ⊕ y } , L 1 − b ( V b ) ← Z ⊕ y return V b end D ′ ← D ′ ∪ { V b } until n times ; return � Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  50. Simulator and Transcript Simulator for XORP Simulator Detail SIM BCK Data : y ∈ { 0 , 1 } n ,b ∈ { 0 , 1 } Result : V b ∈ { 0 , 1 } n ∪ {⊥} if y = L b ( x ) for x ∈ D then return x D ′ ← D repeat V b ← $ { 0 , 1 } n ∖ D ′ , Z ← $ ( V b ) if Z ⊕ y ∉ R 1 − b then D ← D ∪ { V b } , R b ← R b ∪ { y } , L b ( V b ) ← y, R 1 − b ← R 1 − b ∪ { Z ⊕ y } , L 1 − b ( V b ) ← Z ⊕ y return V b end D ′ ← D ′ ∪ { V b } until n times ; return � Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  51. Simulator and Transcript Simulator for XORP Simulator Detail SIM BCK Data : y ∈ { 0 , 1 } n ,b ∈ { 0 , 1 } Result : V b ∈ { 0 , 1 } n ∪ {⊥} if y = L b ( x ) for x ∈ D then return x D ′ ← D repeat V b ← $ { 0 , 1 } n ∖ D ′ , Z ← $ ( V b ) if Z ⊕ y ∉ R 1 − b then D ← D ∪ { V b } , R b ← R b ∪ { y } , L b ( V b ) ← y, R 1 − b ← R 1 − b ∪ { Z ⊕ y } , L 1 − b ( V b ) ← Z ⊕ y return V b end D ′ ← D ′ ∪ { V b } until n times ; return � Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  52. Simulator and Transcript Simulator for XORP Simulator Detail SIM BCK Data : y ∈ { 0 , 1 } n ,b ∈ { 0 , 1 } Result : V b ∈ { 0 , 1 } n ∪ {⊥} if y = L b ( x ) for x ∈ D then return x D ′ ← D repeat V b ← $ { 0 , 1 } n ∖ D ′ , Z ← $ ( V b ) if Z ⊕ y ∉ R 1 − b then D ← D ∪ { V b } , R b ← R b ∪ { y } , L b ( V b ) ← y, R 1 − b ← R 1 − b ∪ { Z ⊕ y } , L 1 − b ( V b ) ← Z ⊕ y return V b end D ′ ← D ′ ∪ { V b } until n times ; return � Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  53. Simulator and Transcript Simulator for XORP Simulator Detail SIM BCK Data : y ∈ { 0 , 1 } n ,b ∈ { 0 , 1 } Result : V b ∈ { 0 , 1 } n ∪ {⊥} if y = L b ( x ) for x ∈ D then return x D ′ ← D repeat V b ← $ { 0 , 1 } n ∖ D ′ , Z ← $ ( V b ) if Z ⊕ y ∉ R 1 − b then D ← D ∪ { V b } , R b ← R b ∪ { y } , L b ( V b ) ← y, R 1 − b ← R 1 − b ∪ { Z ⊕ y } , L 1 − b ( V b ) ← Z ⊕ y return V b end D ′ ← D ′ ∪ { V b } until n times ; return � Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  54. Simulator and Transcript Transcript to the Adversary Additional Information Additional Information Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  55. Simulator and Transcript Transcript to the Adversary Additional Information Additional Information After the interation with real/ideal world is over Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  56. Simulator and Transcript Transcript to the Adversary Additional Information Additional Information After the interation with real/ideal world is over A is given additional information. Real World Query: A knows the tuple ( x i , Π 0 ( x i ) , Π 1 ( x i )) = S i . Distributions: p fwd and p bck for forward and backward queries. 0 0 Ideal World Query: A knows the tuple ( x i ,V 0 ,i ,V 1 ,i ) (In case of ‘abort’ ( x i ,V 0 ,i ,V 1 ,i ) = � ). Distributions: p fwd and p bck for forward 1 1 and backward queries. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  57. Main Result: Indifferentiability of XORP Result and Outline Outline Indifferentiability of XORP : Outline Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  58. Main Result: Indifferentiability of XORP Result and Outline Outline Indifferentiability of XORP : Outline √ Theorem XORP , $ ( q ) ≤ 1 . 25 q Let N ≥ 16 and q < N 2 . Then Adv diff N . Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  59. Main Result: Indifferentiability of XORP Result and Outline Outline Indifferentiability of XORP : Outline √ Theorem XORP , $ ( q ) ≤ 1 . 25 q Let N ≥ 16 and q < N 2 . Then Adv diff N . Goal is to calculate Ex [ χ 2 ( S i − 1 )] over the real world distributions ( p fwd and p bck ). 0 0 Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  60. Main Result: Indifferentiability of XORP Result and Outline Outline Indifferentiability of XORP : Outline √ Theorem XORP , $ ( q ) ≤ 1 . 25 q Let N ≥ 16 and q < N 2 . Then Adv diff N . Goal is to calculate Ex [ χ 2 ( S i − 1 )] over the real world distributions ( p fwd and p bck ). 0 0 Need to consider two cases. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  61. Main Result: Indifferentiability of XORP Result and Outline Outline Indifferentiability of XORP : Outline √ Theorem XORP , $ ( q ) ≤ 1 . 25 q Let N ≥ 16 and q < N 2 . Then Adv diff N . Goal is to calculate Ex [ χ 2 ( S i − 1 )] over the real world distributions ( p fwd and p bck ). 0 0 Need to consider two cases. s i is a forward query Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  62. Main Result: Indifferentiability of XORP Result and Outline Outline Indifferentiability of XORP : Outline √ Theorem XORP , $ ( q ) ≤ 1 . 25 q Let N ≥ 16 and q < N 2 . Then Adv diff N . Goal is to calculate Ex [ χ 2 ( S i − 1 )] over the real world distributions ( p fwd and p bck ). 0 0 Need to consider two cases. s i is a forward query s i is a backward query Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  63. Main Result: Indifferentiability of XORP Result and Outline Forward Query Forward Query Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  64. Main Result: Indifferentiability of XORP Result and Outline Forward Query Forward Query ( p fwd ( s i ∣ s i − 1 )− p fwd ( s i ∣ s i − 1 )) 2 χ 2 ( s i − 1 ) = ∑ s i . 0 1 ( s i ∣ s i − 1 ) p fwd 1 Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  65. Main Result: Indifferentiability of XORP Result and Outline Forward Query Forward Query ( p fwd ( s i ∣ s i − 1 )− p fwd ( s i ∣ s i − 1 )) 2 χ 2 ( s i − 1 ) = ∑ s i . 0 1 ( s i ∣ s i − 1 ) p fwd 1 To consider χ 2 ( S i − 1 ) for real world distribution S i − 1 . Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  66. Main Result: Indifferentiability of XORP Result and Outline Forward Query Forward Query ( p fwd ( s i ∣ s i − 1 )− p fwd ( s i ∣ s i − 1 )) 2 χ 2 ( s i − 1 ) = ∑ s i . 0 1 ( s i ∣ s i − 1 ) p fwd 1 To consider χ 2 ( S i − 1 ) for real world distribution S i − 1 . Each S j ∈ { S i − 1 } may correspond to a forward or a backward query. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  67. Main Result: Indifferentiability of XORP Result and Outline Forward Query Forward Query ( p fwd ( s i ∣ s i − 1 )− p fwd ( s i ∣ s i − 1 )) 2 χ 2 ( s i − 1 ) = ∑ s i . 0 1 ( s i ∣ s i − 1 ) p fwd 1 To consider χ 2 ( S i − 1 ) for real world distribution S i − 1 . Each S j ∈ { S i − 1 } may correspond to a forward or a backward query. The distributions p fwd and p bck are identical; the distribution of S i − 1 0 0 does not depend on the query type of each individual S j . Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  68. Main Result: Indifferentiability of XORP Result and Outline Forward Query Forward Query ( p fwd ( s i ∣ s i − 1 )− p fwd ( s i ∣ s i − 1 )) 2 χ 2 ( s i − 1 ) = ∑ s i . 0 1 ( s i ∣ s i − 1 ) p fwd 1 To consider χ 2 ( S i − 1 ) for real world distribution S i − 1 . Each S j ∈ { S i − 1 } may correspond to a forward or a backward query. The distributions p fwd and p bck are identical; the distribution of S i − 1 0 0 does not depend on the query type of each individual S j . Allows to treat χ 2 ( S i − 1 ) as a random variable and take its expectation under the distribution of S i − 1 . Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  69. Main Result: Indifferentiability of XORP Result and Outline Forward Query Forward Query ( p fwd ( s i ∣ s i − 1 )− p fwd ( s i ∣ s i − 1 )) 2 χ 2 ( s i − 1 ) = ∑ s i . 0 1 ( s i ∣ s i − 1 ) p fwd 1 To consider χ 2 ( S i − 1 ) for real world distribution S i − 1 . Each S j ∈ { S i − 1 } may correspond to a forward or a backward query. The distributions p fwd and p bck are identical; the distribution of S i − 1 0 0 does not depend on the query type of each individual S j . Allows to treat χ 2 ( S i − 1 ) as a random variable and take its expectation under the distribution of S i − 1 . Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  70. Main Result: Indifferentiability of XORP Result and Outline Forward Query Forward Query ( p fwd ( s i ∣ s i − 1 )− p fwd ( s i ∣ s i − 1 )) 2 χ 2 ( s i − 1 ) = ∑ s i . 0 1 ( s i ∣ s i − 1 ) p fwd 1 To consider χ 2 ( S i − 1 ) for real world distribution S i − 1 . Each S j ∈ { S i − 1 } may correspond to a forward or a backward query. The distributions p fwd and p bck are identical; the distribution of S i − 1 0 0 does not depend on the query type of each individual S j . Allows to treat χ 2 ( S i − 1 ) as a random variable and take its expectation under the distribution of S i − 1 . Forward Query Bound i = 1 Ex [ χ 2 ( S i − 1 )] ≤ 8 q 3 ∑ q N 3 Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  71. Main Result: Indifferentiability of XORP Result and Outline Backward Query Backward Query Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  72. Main Result: Indifferentiability of XORP Result and Outline Backward Query Backward Query Steps are similar to the backward query case. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  73. Main Result: Indifferentiability of XORP Result and Outline Backward Query Backward Query Steps are similar to the backward query case. s i ≠ ⊥ and s i = ⊥ are treated separately. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

Recommend

Verified Indifferentiable Hashing into Elliptic Curves eguelin 1 Santiago Zanella B Gilles

Verified Indifferentiable Hashing into Elliptic Curves eguelin 1 Santiago Zanella B Gilles

Verified Indifferentiable Hashing into Elliptic Curves eguelin 1 Santiago Zanella B Gilles Barthe 2 , Benjamin Gr egoire 3 , Sylvain Heraud 3 and Federico Olmedo 2 Microsoft Research Cambridge 1 IMDEA Software Institute 2 ee 3 INRIA Sophia

1.02k views • 36 slides
Indifferentiable Authenticated Encryption Pooya Farshim Manuel Barbosa (Porto) (CNRS

Indifferentiable Authenticated Encryption Pooya Farshim Manuel Barbosa (Porto) (CNRS

Indifferentiable Authenticated Encryption Pooya Farshim Manuel Barbosa (Porto) (CNRS &amp; ENS) Indifferentiable Authenticated Encryption Pooya Farshim Manuel Barbosa (Porto) (CNRS &amp; ENS) Hash Functions long &amp; short

1.25k views • 79 slides
Full Disk Encryption Larry Carson, Associate Director, Information Security Management What

Full Disk Encryption Larry Carson, Associate Director, Information Security Management What

Full Disk Encryption Larry Carson, Associate Director, Information Security Management What Security Really Looks Like at UBC New s-w orthy Security I ncidents UBC Laptop Loss &amp; UVic Loss of 11,845 VGH Loss of 450 medical Recovery with

426 views • 17 slides
Security analysis of a Full-Body Scanner Keaton Mowery, Eric Wustrow, Tom Wypych, Corey

Security analysis of a Full-Body Scanner Keaton Mowery, Eric Wustrow, Tom Wypych, Corey

Security analysis of a Full-Body Scanner Keaton Mowery, Eric Wustrow, Tom Wypych, Corey Singleton, Chris Comfort, Eric Rescorla, Stephen Checkoway, J. Alex Halderman, Hovav Shacham How many people been through airport security in the USA? TSA

733 views • 16 slides
Intro to Bitcoin Research or Why Bitcoin is a full employment act for security engineers

Intro to Bitcoin Research or Why Bitcoin is a full employment act for security engineers

Intro to Bitcoin Research or Why Bitcoin is a full employment act for security engineers Joseph Bonneau CITP, Princeton Thanks to Andrew Miller, Arvind Narayanan, Jeremy Clark, Joshua Kroll, Ed Felten Part I: Bitcoin in 6 easy steps

752 views • 32 slides
full year results full year results full year results full full year results full year results full

full year results full year results full year results full full year results full year results full

AMP results presentation FULL YEAR RESULTS 2010 full year results full year results full year results full full year results full year results full year results full 2010 full year results Craig Dunn Chief Executive Officer Paul Leaming Chief

691 views • 24 slides
HSEye Full Full- Full Full - - -Time HSE eye Time HSE eye Time HSE eye Time HSE eye 1

HSEye Full Full- Full Full - - -Time HSE eye Time HSE eye Time HSE eye Time HSE eye 1

HSEye Full Full- Full Full - - -Time HSE eye Time HSE eye Time HSE eye Time HSE eye 1 Health, Safety, and Environment ( HSE ) is crucial for any Oil &amp; Gas and Construction business 2 Main Main accident kinds for the latest three

317 views • 13 slides
Lightweight Symmetric Crypto on a Full Circle: From Industry to Academia and Back Christian

Lightweight Symmetric Crypto on a Full Circle: From Industry to Academia and Back Christian

Lightweight Symmetric Crypto on a Full Circle: From Industry to Academia and Back Christian Rechberger TU Graz and DTU Security of modern IT Systems User Secure System Communication Protocol Cryptographic Primitive Security of modern IT

523 views • 51 slides
A STRONG FOURTH QUARTER CONCLUDED A SOLID YEAR -ACCELERATING INVESTMENTS IN CORPORATE SECURITY IN

A STRONG FOURTH QUARTER CONCLUDED A SOLID YEAR -ACCELERATING INVESTMENTS IN CORPORATE SECURITY IN

Samu Konttinen, CEO Interim Results Q4 and full year 2016 A STRONG FOURTH QUARTER CONCLUDED A SOLID YEAR -ACCELERATING INVESTMENTS IN CORPORATE SECURITY IN 2017 AGENDA Highlights from Q4 and full year Business &amp; Market update

515 views • 28 slides
Relaxing Full-Codebook Security: A Refined Analysis of Key-Length Extension Schemes Peter Gai 1

Relaxing Full-Codebook Security: A Refined Analysis of Key-Length Extension Schemes Peter Gai 1

Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Relaxing Full-Codebook Security: A Refined Analysis of Key-Length Extension Schemes Peter Gai 1 Jooyoung Lee 2 Yannick Seurin 3 John Steinberger 4 Stefano

1.35k views • 102 slides
New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective

New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective

New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques Allison Lewko Brent Waters Roots of Attribute-Based Encryption Moving beyond Public Key Encryption: CEO Manager 1 Manager 2 Bob

341 views • 19 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Security II: Security Strikes Back 15-441/641 Fall 2019 Profs Peter Steenkiste &amp; Justine

Security II: Security Strikes Back 15-441/641 Fall 2019 Profs Peter Steenkiste &amp; Justine

Security II: Security Strikes Back 15-441/641 Fall 2019 Profs Peter Steenkiste &amp; Justine Sherry What should my graph look like? Real graph from last year Getting full credit on your graph Needs to show phases of TCP! You might need

564 views • 45 slides
Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides
CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

458 views • 18 slides
2010 Full Year Result 2010 Full Year Result 23 February 2011 2010 Full Year Result 2010 Full

2010 Full Year Result 2010 Full Year Result 23 February 2011 2010 Full Year Result 2010 Full

2010 Full Year Result 2010 Full Year Result 23 February 2011 2010 Full Year Result 2010 Full Year Result Terry Davis Group Managing Director Highlights of 2010 Result Strong operational performances Australian beverages EBIT up 7.3% and

565 views • 21 slides
Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security WS 06/07 Seminar Prof. Dr.-Ing. Jana Dittmann &amp; Dr.-Ing. Claus Vielhauer with support from Tobias Scheidat

419 views • 16 slides
1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

Course Overview Course Requirements EECS 498-7/8 Cryptography and Network Security: www.citi.umich.edu/u/honey/security Principles and Practice (Third Edition) Computer Security Monday &amp; Friday, 9:00 10:30 William Stallings

670 views • 19 slides
Company Overview 1 February 2010 Introduction BAE Systems is a global defence, security and

Company Overview 1 February 2010 Introduction BAE Systems is a global defence, security and

Company Overview 1 February 2010 Introduction BAE Systems is a global defence, security and aerospace company delivering a full range of products and services for air, land and naval forces, as well as advanced electronics, security,

390 views • 12 slides
Connecting Academic Security Research to Applied Systems in the Field Dr. Danny De Cock 6

Connecting Academic Security Research to Applied Systems in the Field Dr. Danny De Cock 6

Connecting Academic Security Research to Applied Systems in the Field Dr. Danny De Cock 6 October 2016 COSIC Staff Department Electrical Engineering-ESAT COSIC = COmputer Security and Industrial Cryptography ( o 1978) 5 full-time 90

502 views • 28 slides
Full year ended 30 June 2012 12 September 2012 Full Year 2012 2 Bob Lawson Chairman

Full year ended 30 June 2012 12 September 2012 Full Year 2012 2 Bob Lawson Chairman

Full Year 2012 1 Results presentation Full year ended 30 June 2012 12 September 2012 Full Year 2012 2 Bob Lawson Chairman Nightingale Woods,Wendover Full Year 2012 3 Mark Clare Group Chief Executive Newberry Corner, Churchinford Full

928 views • 60 slides
A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
Fast forwarding Mobile Security with the MSTG Jeroen Willemsen XSECCON Gamma About me Jeroen

Fast forwarding Mobile Security with the MSTG Jeroen Willemsen XSECCON Gamma About me Jeroen

Fast forwarding Mobile Security with the MSTG Jeroen Willemsen XSECCON Gamma About me Jeroen Willemsen @commjoenie jeroen.willemsen@owasp.org Security architect Full-stack developer Mobile security @OWASP_MSTG Agenda

727 views • 50 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides

More recommend