on symmetric key broadcast encryption
play

On Symmetric Key Broadcast Encryption Sanjay Bhattacherjee and - PowerPoint PPT Presentation

Oct 11, 2022 •715 likes •1.67k views

On Symmetric Key Broadcast Encryption Sanjay Bhattacherjee and Palash Sarkar Indian Statistical Institute, Kolkata Elliptic Curve Cryptography (This is not) 2014 isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 1 / 53

  1. On Symmetric Key Broadcast Encryption Sanjay Bhattacherjee and Palash Sarkar Indian Statistical Institute, Kolkata Elliptic Curve Cryptography (This is not) 2014 isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 1 / 53

  2. Conventional Symmetric Key Encryption Receiver Sender message M public channel ciphertext Encrypt Decrypt secret key K adversary secret key K isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 2 / 53

  3. Symmetric Key Broadcast Encryption Users Users Broadcast Users Centre isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 3 / 53

  4. Symmetric Key BE Functionality The centre pre-distributes secret information to the users. A broadcast takes place in a session. For each session: Some users are privileged and the rest are revoked. The actual message is encrypted once using a session key. The session key undergoes a number of separate encryptions. This determines the header. Only the privileged users are able to decrypt. A coalition of all the revoked users get no information about the message. isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 4 / 53

  5. Parameters of Interest Size of the header. Size of the secret information required to be stored by the users. Time required by the centre to encrypt. Time required by a user to decrypt. Hdr sz and enc time are proportional to # enc of the session key. Requirement: Reduce header size, user storage and decryption time. isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 5 / 53

  6. Applications of BE AACS standard: content protection in optical discs: Disney, Intel, Microsoft, Panasonic, Warner Bros., IBM, Toshiba and Sony. Pay-TV : BSkyB in UK and Ireland has a subscriber base of over 10 million; Cable Television Networks (Regulation) Amendment Act, 2011 (India). File Sharing in Encrypted File Systems. Encrypted Email to Mailing Lists. Military Broadcasts: Global Broadcast Service (US), Joint Broadcast System (Europe). . . . isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 6 / 53

  7. Subset Cover Schemes Identify a collection S consisting of subsets of users. Assign keys to each subset in S . To each user, assign secret information such that it is able to generate secret keys for each subset in S to which it belongs; and no more. During a broadcast, form a partition { S 1 , . . . , S h } of the set of privileged users with S i ∈ S . The session key is encrypted using the keys for S 1 , . . . , S h . Each privileged user can decrypt; no coalition of revoked users gains any information about the session key (or the message). isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 7 / 53

  8. Subset Difference Scheme Naor-Naor-Lotspiech (2001): patented, AACS standard. Assumes an underlying full binary tree Level Numbers 0 4 2 1 3 3 4 5 6 2 10 11 12 13 14 7 8 9 1 0 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 8 / 53

  9. Subsets in the collection S S i , j = T i \ T j : has all users that are in T i but not in T j i j Collection S : has all subsets S i , j such that j ( � = i ) is in the subtree T i . isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 9 / 53

  10. Key Assignment Pseudo-random generator (PRG): G : { 0 , 1 } k → { 0 , 1 } 3 k G ( seed ) = G L ( seed ) || G M ( seed ) || G R ( seed ) Figure : Key of S i , j : L i , j = G M ( G R ( G L ( G L ( seed i )))) isilogo

  11. Key Assignment Pseudo-random generator (PRG): G : { 0 , 1 } k → { 0 , 1 } 3 k G ( seed ) = G L ( seed ) || G M ( seed ) || G R ( seed ) seed i Figure : Key of S i , j : L i , j = G M ( G R ( G L ( G L ( seed i )))) isilogo

  12. Key Assignment Pseudo-random generator (PRG): G : { 0 , 1 } k → { 0 , 1 } 3 k G ( seed ) = G L ( seed ) || G M ( seed ) || G R ( seed ) seed i j Figure : Key of S i , j : L i , j = G M ( G R ( G L ( G L ( seed i )))) isilogo

  13. Key Assignment Pseudo-random generator (PRG): G : { 0 , 1 } k → { 0 , 1 } 3 k G ( seed ) = G L ( seed ) || G M ( seed ) || G R ( seed ) seed i G L ( seed i ) G R ( seed i ) j Figure : Key of S i , j : L i , j = G M ( G R ( G L ( G L ( seed i )))) isilogo

  14. Key Assignment Pseudo-random generator (PRG): G : { 0 , 1 } k → { 0 , 1 } 3 k G ( seed ) = G L ( seed ) || G M ( seed ) || G R ( seed ) seed i G L ( seed i ) G R ( seed i ) G L ( G L ( seed i )) G R ( G L ( seed i )) j Figure : Key of S i , j : L i , j = G M ( G R ( G L ( G L ( seed i )))) isilogo

  15. Key Assignment Pseudo-random generator (PRG): G : { 0 , 1 } k → { 0 , 1 } 3 k G ( seed ) = G L ( seed ) || G M ( seed ) || G R ( seed ) seed i G L ( seed i ) G R ( seed i ) G L ( G L ( seed i )) G R ( G L ( seed i )) j G R ( G L ( G L ( seed i ))) Figure : Key of S i , j : L i , j = G M ( G R ( G L ( G L ( seed i )))) isilogo

  16. Key Assignment Pseudo-random generator (PRG): G : { 0 , 1 } k → { 0 , 1 } 3 k G ( seed ) = G L ( seed ) || G M ( seed ) || G R ( seed ) seed i G L ( seed i ) G R ( seed i ) G L ( G L ( seed i )) G R ( G L ( seed i )) j G R ( G L ( G L ( seed i ))) Figure : Key of S i , j : L i , j = G M ( G R ( G L ( G L ( seed i )))) isilogo

  17. Key Assignment Pseudo-random generator (PRG): G : { 0 , 1 } k → { 0 , 1 } 3 k G ( seed ) = G L ( seed ) || G M ( seed ) || G R ( seed ) seed i G L ( seed i ) G R ( seed i ) G L ( G L ( seed i )) G R ( G L ( seed i )) j G R ( G L ( G L ( seed i ))) L i , j = G M ( G R ( G L ( G L ( seed i )))) Figure : Key of S i , j : L i , j = G M ( G R ( G L ( G L ( seed i )))) isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 10 / 53

  18. Assigning seeds to users isilogo Figure : From one derived seed, keys of many subsets can be generated

  19. Assigning seeds to users T i u T i u isilogo Figure : From one derived seed, keys of many subsets can be generated

  20. Assigning seeds to users T i T j u T i u isilogo Figure : From one derived seed, keys of many subsets can be generated

  21. Assigning seeds to users T i T j u T i u isilogo Figure : From one derived seed, keys of many subsets can be generated

  22. Assigning seeds to users T i T j u T i T j u isilogo Figure : From one derived seed, keys of many subsets can be generated

  23. Assigning seeds to users T i T j u T i T j u isilogo Figure : From one derived seed, keys of many subsets can be generated Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 11 / 53

  24. Assigning seeds to users T i u T i u isilogo Figure : From one derived seed, keys of many subsets can be generated

  25. Assigning seeds to users T i T j u T i u isilogo Figure : From one derived seed, keys of many subsets can be generated

  26. Assigning seeds to users T i T j u T i u isilogo Figure : From one derived seed, keys of many subsets can be generated

  27. Assigning seeds to users T i T j u T i u T j isilogo Figure : From one derived seed, keys of many subsets can be generated

  28. Assigning seeds to users T i T j u T i u T j isilogo Figure : From one derived seed, keys of many subsets can be generated Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 12 / 53

  29. User Storage Figure : Secrets stored by u User u stores: for every T i to which it belongs, the derived labels of nodes “falling-off” from the path between i and u , derived from seed i . isilogo

  30. User Storage u Figure : Secrets stored by u User u stores: for every T i to which it belongs, the derived labels of nodes “falling-off” from the path between i and u , derived from seed i . isilogo

  31. User Storage seed i u Figure : Secrets stored by u User u stores: for every T i to which it belongs, the derived labels of nodes “falling-off” from the path between i and u , derived from seed i . isilogo

  32. User Storage seed i u Figure : Secrets stored by u User u stores: for every T i to which it belongs, the derived labels of nodes “falling-off” from the path between i and u , derived from seed i . isilogo

  33. User Storage seed i G R ( seed i ) u Figure : Secrets stored by u User u stores: for every T i to which it belongs, the derived labels of nodes “falling-off” from the path between i and u , derived from seed i . isilogo

  34. User Storage seed i G L ( seed i ) G R ( seed i ) u Figure : Secrets stored by u User u stores: for every T i to which it belongs, the derived labels of nodes “falling-off” from the path between i and u , derived from seed i . isilogo

  35. User Storage seed i G L ( seed i ) G R ( seed i ) u Figure : Secrets stored by u User u stores: for every T i to which it belongs, the derived labels of nodes “falling-off” from the path between i and u , derived from seed i . isilogo

  36. User Storage seed i G L ( seed i ) G R ( seed i ) G R ( G L ( seed i )) u Figure : Secrets stored by u User u stores: for every T i to which it belongs, the derived labels of nodes “falling-off” from the path between i and u , derived from seed i . isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 13 / 53

  37. User Storage seed i G R ( seed i ) G R ( G L ( seed i )) u Figure : Secrets stored by u User u stores: for every T i to which it belongs, the derived labels of nodes “falling-off” from the path between i and u , derived from seed i . isilogo

Recommend

Broadcast Encryption and Some Other Primitives Lecture 24 Broadcast Encryption Broadcast

Broadcast Encryption and Some Other Primitives Lecture 24 Broadcast Encryption Broadcast

Broadcast Encryption and Some Other Primitives Lecture 24 Broadcast Encryption Broadcast Encryption Encrypt to a subset of users in the system Broadcast Encryption Encrypt to a subset of users in the system e.g., subscribers who haven t

1.62k views • 113 slides
SYMMETRIC ENCRYPTION Mihir Bellare UCSD 1 Syntax A symmetric encryption scheme SE = ( K , E , D

SYMMETRIC ENCRYPTION Mihir Bellare UCSD 1 Syntax A symmetric encryption scheme SE = ( K , E , D

SYMMETRIC ENCRYPTION Mihir Bellare UCSD 1 Syntax A symmetric encryption scheme SE = ( K , E , D ) consists of three algorithms: K and E may be randomized, but D must be deterministic. Mihir Bellare UCSD 2 Correct decryption requirement More

1.19k views • 53 slides
Brute Force March 8, 2020 1 / 17 Symmetric Encryption k k m c m E D We often model

Brute Force March 8, 2020 1 / 17 Symmetric Encryption k k m c m E D We often model

Brute Force March 8, 2020 1 / 17 Symmetric Encryption k k m c m E D We often model encryption as a key alternating cipher: k 1 k 2 k 3 m c F 1 F 2 F 3 2 / 17 Symmetric Encryption (2) Two main constructions for practical

603 views • 17 slides
SYMMETRIC ENCRYPTION K is randomized E can be randomized or stateful D is deterministic

SYMMETRIC ENCRYPTION K is randomized E can be randomized or stateful D is deterministic

Syntax A symmetric encryption scheme SE = ( K , E , D ) consists of three algorithms: SYMMETRIC ENCRYPTION K is randomized E can be randomized or stateful D is deterministic 1 / 116 2 / 116 Correct decryption requirement Example:

430 views • 29 slides
Defining Encryption Lecture 2 1 Roadmap 2 Roadmap First, Symmetric Key Encryption 2 Roadmap

Defining Encryption Lecture 2 1 Roadmap 2 Roadmap First, Symmetric Key Encryption 2 Roadmap

Defining Encryption Lecture 2 1 Roadmap 2 Roadmap First, Symmetric Key Encryption 2 Roadmap First, Symmetric Key Encryption Defining the problem Well do it elaborately, so that it will be easy to see different levels of security 2

1.67k views • 136 slides
Symmetric-Key Encryption: constructions Lecture 4 PRG, Stream Cipher Story So Far We defined

Symmetric-Key Encryption: constructions Lecture 4 PRG, Stream Cipher Story So Far We defined

Symmetric-Key Encryption: constructions Lecture 4 PRG, Stream Cipher Story So Far We defined (passive) security of Symmetric Key Encryption (SKE) SIM-CPA = IND-CPA + almost perfect correctness Restricts to PPT entities Allows negligible advantage

1.1k views • 13 slides
Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security Authentication not required. i.e., Adversary allowed to send own messages (possibly error) Key/ Key/ Recv Enc Dec Send Replay SIM-CCA

192 views • 16 slides
Protection and Security - II Encrypts a block of data at a time (64 bit messages, with 56 bit

Protection and Security - II Encrypts a block of data at a time (64 bit messages, with 56 bit

CSC 4103 - Operating Systems Symmetric Encryption Spring 2007 Same key used to encrypt and decrypt E ( k ) can be derived from D ( k ), and vice versa Lecture - XXI DES is most commonly used symmetric block-encryption algorithm

496 views • 4 slides
Sophos and Diane Searchable Symmetric Encryption with (Very) Low Overhead Raphael Bost, Brice

Sophos and Diane Searchable Symmetric Encryption with (Very) Low Overhead Raphael Bost, Brice

Sophos and Diane Searchable Symmetric Encryption with (Very) Low Overhead Raphael Bost, Brice Minaud RHUL ISG seminar, November 24th 2016 Plan 1. Symmetric Searchable Encryption. 2. Leakage and Forward-Privacy. 3. Sophos and Diane schemes. 4.

479 views • 45 slides
Symmetric Encryption Scheme adapted to Fully Homomorphic Encryption Scheme: New Criteria for

Symmetric Encryption Scheme adapted to Fully Homomorphic Encryption Scheme: New Criteria for

Symmetric Encryption Scheme adapted to Fully Homomorphic Encryption Scheme: New Criteria for Boolean functions Pierrick M AUX cole normale suprieure, INRIA, CNRS, PSL Boolean Functions and their Applications (BFA) Os, Norway Tuesday

1.23k views • 101 slides
Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1 Martin

Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1 Martin

Automatic Proofs for Symmetric Encryption Modes Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1 Martin Gagn Reihaneh Safavi-Naini 2 1 Universit e Grenoble 1, CNRS, Verimag , FRANCE 2 Department of

538 views • 29 slides
Towards Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1

Towards Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1

Block cipher modes Generic Encryption Mode Our Approach Our Hoare Logic Result Conclusion Towards Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1 Martin Gagn Reihaneh Safavi-Naini 2 1 Universit

663 views • 35 slides
Asymmetric Cryptography Key Exchange 3 Recapitulation: Symmetric Encryption One problem: key

Asymmetric Cryptography Key Exchange 3 Recapitulation: Symmetric Encryption One problem: key

Network and Communications Security (IN3210/IN4210) Asymmetric Cryptography Key Exchange 3 Recapitulation: Symmetric Encryption One problem: key exchange Eve 6R4Y2 hlbMZ CB... Dear Dear Bob Decryption Bob Encryption .... ....

831 views • 63 slides
Cryptography: Symmetric Encryption (continued), Hash Functions,

Cryptography: Symmetric Encryption (continued), Hash Functions,

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption (continued), Hash Functions, Message Authentication Codes Spring

676 views • 23 slides
Symmetric-Key Encryption: constructions Lecture 4 PRG, Stream Cipher Story So Far Story So Far

Symmetric-Key Encryption: constructions Lecture 4 PRG, Stream Cipher Story So Far Story So Far

Symmetric-Key Encryption: constructions Lecture 4 PRG, Stream Cipher Story So Far Story So Far We defined (passive) security of Symmetric Key Encryption (SKE) Story So Far We defined (passive) security of Symmetric Key Encryption (SKE)

1.13k views • 67 slides
1 Confidentiality using Symmetric Encryption have two major placement alternatives link

1 Confidentiality using Symmetric Encryption have two major placement alternatives link

Information System Security Chapter 7 Confidentiality Using Symmetric Encryption Dr. Loai Tawalbeh Faculty of Information system and Technology, The Arab Academy for Banking and Financial Sciences. Jordan Dr. Loai Tawalbeh Summer

698 views • 8 slides
New MILP Modelings for Symmetric-Key Primitives Christina Boura (Joint-work with Daniel Coggia)

New MILP Modelings for Symmetric-Key Primitives Christina Boura (Joint-work with Daniel Coggia)

New MILP Modelings for Symmetric-Key Primitives Christina Boura (Joint-work with Daniel Coggia) University of Versailles and Inria de Paris August 6, 2020 1 / 43 Symmetric-key encryption Alice and Bob share the same secret key for encryption

983 views • 47 slides
Symmetric-Key Encryption: One-Way Functions Lecture 6 PRG from One-Way Permutations RECALL

Symmetric-Key Encryption: One-Way Functions Lecture 6 PRG from One-Way Permutations RECALL

Symmetric-Key Encryption: One-Way Functions Lecture 6 PRG from One-Way Permutations RECALL Story So far m Enc SC PRG (i.e., a Stream Cipher) for one-time SKE K Mode of operation: msg pseudorandom pad PRF (i.e., a Block Cipher)

251 views • 12 slides
Symmetric-Key Encryption: One-Way Functions Lecture 6 PRG from One-Way Permutations RECALL

Symmetric-Key Encryption: One-Way Functions Lecture 6 PRG from One-Way Permutations RECALL

Symmetric-Key Encryption: One-Way Functions Lecture 6 PRG from One-Way Permutations RECALL Story So far m Enc SC PRG (i.e., a Stream Cipher) for one-time SKE K Mode of operation: msg pseudorandom pad PRF (i.e., a Block Cipher)

426 views • 13 slides
Berkeley CS276 & MIT 6.875 Pseudorandom Permutations and Symmetric Key Encryption Lecturer:

Berkeley CS276 & MIT 6.875 Pseudorandom Permutations and Symmetric Key Encryption Lecturer:

Berkeley CS276 & MIT 6.875 Pseudorandom Permutations and Symmetric Key Encryption Lecturer: Raluca Ada Popa Sept 15, 2020 Announcements Starting to record Psets grading policy: We count your best 5 out of 6 psets Total

728 views • 48 slides
Lecture 5 Encryption Continued... 1 Other Old Symmetric Ciphers Skipjack Classified

Lecture 5 Encryption Continued... 1 Other Old Symmetric Ciphers Skipjack Classified

Lecture 5 Encryption Continued... 1 Other Old Symmetric Ciphers Skipjack Classified algorithm originally designed for the NSA-sponsored Clipper chip declassified in 1998 32 rounds, breakable with 31 rounds 80 bit key, inadequate

464 views • 12 slides
Cryptography [Symmetric Encryption] Fall 2017 Franziska (Franzi) Roesner

Cryptography [Symmetric Encryption] Fall 2017 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography [Symmetric Encryption] Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John Manferdelli,

224 views • 18 slides
Cryptography [Symmetric Encryption] Fall 2017 Franziska (Franzi) Roesner

Cryptography [Symmetric Encryption] Fall 2017 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography [Symmetric Encryption] Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John Manferdelli,

439 views • 19 slides
Cryptography [Symmetric Encryption] Spring 2017 Franziska (Franzi) Roesner

Cryptography [Symmetric Encryption] Spring 2017 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography [Symmetric Encryption] Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John

390 views • 27 slides

More recommend