primitives et constructions cryptographiques pour la
play

Primitives et constructions cryptographiques pour la confiance - PowerPoint PPT Presentation

Aug 22, 2023 •436 likes •1.27k views

Primitives et constructions cryptographiques pour la confiance numrique Damien Vergnaud Ecole normale sup erieure C.N.R.S. I.N.R.I.A. 3 avril 2014 D. Vergnaud (ENS) Cryptographic Primitives for Digital Confidence Apr. 3rd 2014,

  1. Primitives et constructions cryptographiques pour la confiance numrique Damien Vergnaud ´ Ecole normale sup´ erieure – C.N.R.S. – I.N.R.I.A. 3 avril 2014 D. Vergnaud (ENS) Cryptographic Primitives for Digital Confidence Apr. 3rd 2014, Clermont-Ferrand 1 / 44

  2. Motivation: The Concept of E-cash Bank Shop Alice D. Vergnaud (ENS) Cryptographic Primitives for Digital Confidence Apr. 3rd 2014, Clermont-Ferrand 2 / 44

  3. Motivation: The Concept of E-cash Bank Shop Alice D. Vergnaud (ENS) Cryptographic Primitives for Digital Confidence Apr. 3rd 2014, Clermont-Ferrand 2 / 44

  4. Motivation: The Concept of E-cash Bank Shop Alice D. Vergnaud (ENS) Cryptographic Primitives for Digital Confidence Apr. 3rd 2014, Clermont-Ferrand 2 / 44

  5. Motivation: The Concept of E-cash Bank Shop Alice D. Vergnaud (ENS) Cryptographic Primitives for Digital Confidence Apr. 3rd 2014, Clermont-Ferrand 2 / 44

  6. Desirable Properties of E-cash Off-line: bank not present at the time of payment Traceability of double spenders: each time a user spends a coin more than once he will be detected Anonymity: if a user does not spend a coin twice, she remains anonymous Fairness: perfect anonymity enables perfect crimes � an authority can trace coins that were acquired illegally. Transferability: received e-cash can be spend without involving the bank fundamental property of regular cash Chaum and Pederson (1992) � impossible without increasing the coin size D. Vergnaud (ENS) Cryptographic Primitives for Digital Confidence Apr. 3rd 2014, Clermont-Ferrand 3 / 44

  7. Desirable Properties of E-cash Off-line: bank not present at the time of payment Traceability of double spenders: each time a user spends a coin more than once he will be detected Anonymity: if a user does not spend a coin twice, she remains anonymous Fairness: perfect anonymity enables perfect crimes � an authority can trace coins that were acquired illegally. Transferability: received e-cash can be spend without involving the bank fundamental property of regular cash Chaum and Pederson (1992) � impossible without increasing the coin size D. Vergnaud (ENS) Cryptographic Primitives for Digital Confidence Apr. 3rd 2014, Clermont-Ferrand 3 / 44

  8. Desirable Properties of E-cash Off-line: bank not present at the time of payment Traceability of double spenders: each time a user spends a coin more than once he will be detected Anonymity: if a user does not spend a coin twice, she remains anonymous Fairness: perfect anonymity enables perfect crimes � an authority can trace coins that were acquired illegally. Transferability: received e-cash can be spend without involving the bank fundamental property of regular cash Chaum and Pederson (1992) � impossible without increasing the coin size D. Vergnaud (ENS) Cryptographic Primitives for Digital Confidence Apr. 3rd 2014, Clermont-Ferrand 3 / 44

  9. The Concept of Transferable E-cash Bank Shop Alice Bob D. Vergnaud (ENS) Cryptographic Primitives for Digital Confidence Apr. 3rd 2014, Clermont-Ferrand 4 / 44

  10. Contents Introduction 1 Groth-Sahai proof system 2 Non-interactive Zero-Knowledge proofs Bilinear maps Groth-Ostrovsky-Sahai Groth-Sahai Application: Transferable E-Cash 3 Design principle Partially-Blind Certification Transferable Anonymous Constant-Size Fair E-Cash from Certificates (Smooth-Projective Hash Functions) 4 Definitions Examples Conclusion 5 D. Vergnaud (ENS) Cryptographic Primitives for Digital Confidence Apr. 3rd 2014, Clermont-Ferrand 5 / 44

  11. Zero-Knowledge Proof Systems Goldwasser, Micali and Rackoff introduced interactive zero-knowledge proofs in 1985 the paper was rejected a couple of times . . . then they won the G¨ odel award for it � proofs that reveal nothing other than the validity of assertion being proven Central tool in study of cryptographic protocols Anonymous credentials Online voting . . . D. Vergnaud (ENS) Cryptographic Primitives for Digital Confidence Apr. 3rd 2014, Clermont-Ferrand 6 / 44

  12. Zero-Knowledge Proof Systems Goldwasser, Micali and Rackoff introduced interactive zero-knowledge proofs in 1985 the paper was rejected a couple of times . . . then they won the G¨ odel award for it � proofs that reveal nothing other than the validity of assertion being proven Central tool in study of cryptographic protocols Anonymous credentials Online voting . . . D. Vergnaud (ENS) Cryptographic Primitives for Digital Confidence Apr. 3rd 2014, Clermont-Ferrand 6 / 44

  13. Zero-Knowledge Proof Systems Goldwasser, Micali and Rackoff introduced interactive zero-knowledge proofs in 1985 the paper was rejected a couple of times . . . then they won the G¨ odel award for it � proofs that reveal nothing other than the validity of assertion being proven Central tool in study of cryptographic protocols Anonymous credentials Online voting . . . D. Vergnaud (ENS) Cryptographic Primitives for Digital Confidence Apr. 3rd 2014, Clermont-Ferrand 6 / 44

  14. Zero-knowledge Interactive Proof Alice Bob interactive method for one party to prove to another that a statement S is true, without revealing anything other than the veracity of S . Completeness: S is true � verifier will be convinced of this fact 1 Soundness: S is false � no cheating prover can convince the verifier that S 2 is true Zero-knowledge: S is true � no cheating verifier learns anything other than 3 this fact. (weaker version: Witness indistinguishability ) D. Vergnaud (ENS) Cryptographic Primitives for Digital Confidence Apr. 3rd 2014, Clermont-Ferrand 7 / 44

  15. Zero-knowledge Interactive Proof Alice Bob interactive method for one party to prove to another that a statement S is true, without revealing anything other than the veracity of S . Completeness: S is true � verifier will be convinced of this fact 1 Soundness: S is false � no cheating prover can convince the verifier that S 2 is true Zero-knowledge: S is true � no cheating verifier learns anything other than 3 this fact. (weaker version: Witness indistinguishability ) D. Vergnaud (ENS) Cryptographic Primitives for Digital Confidence Apr. 3rd 2014, Clermont-Ferrand 7 / 44

  16. Non-interactive Zero-knowledge Proof Alice Bob non-interactive method for one party to prove to another that a statement S is true, without revealing anything other than the veracity of S . Completeness: S is true � verifier will be convinced of this fact 1 Soundness: S is false � no cheating prover can convince the verifier that S 2 is true Zero-knowledge: S is true � no cheating verifier learns anything other than 3 this fact. (weaker version: Witness indistinguishability ) D. Vergnaud (ENS) Cryptographic Primitives for Digital Confidence Apr. 3rd 2014, Clermont-Ferrand 8 / 44

  17. History of NIZK Proofs Inefficient NIZK Blum-Feldman-Micali, 1988. Damgard, 1992. Killian-Petrank, 1998. Feige-Lapidot-Shamir, 1999. De Santis-Di Crescenzo-Persiano, 2002. Alternative: Fiat-Shamir heuristic transforms interactive ZK proof into NIZK But there are examples of insecure Fiat-Shamir transformation Groth-Ostrovsky-Sahai, 2006. Groth-Sahai, 2008. D. Vergnaud (ENS) Cryptographic Primitives for Digital Confidence Apr. 3rd 2014, Clermont-Ferrand 9 / 44

  18. History of NIZK Proofs Inefficient NIZK Blum-Feldman-Micali, 1988. Damgard, 1992. Killian-Petrank, 1998. Feige-Lapidot-Shamir, 1999. De Santis-Di Crescenzo-Persiano, 2002. Alternative: Fiat-Shamir heuristic transforms interactive ZK proof into NIZK But there are examples of insecure Fiat-Shamir transformation Groth-Ostrovsky-Sahai, 2006. Groth-Sahai, 2008. D. Vergnaud (ENS) Cryptographic Primitives for Digital Confidence Apr. 3rd 2014, Clermont-Ferrand 9 / 44

  19. History of NIZK Proofs Inefficient NIZK Blum-Feldman-Micali, 1988. Damgard, 1992. Killian-Petrank, 1998. Feige-Lapidot-Shamir, 1999. De Santis-Di Crescenzo-Persiano, 2002. Alternative: Fiat-Shamir heuristic transforms interactive ZK proof into NIZK But there are examples of insecure Fiat-Shamir transformation Groth-Ostrovsky-Sahai, 2006. Groth-Sahai, 2008. D. Vergnaud (ENS) Cryptographic Primitives for Digital Confidence Apr. 3rd 2014, Clermont-Ferrand 9 / 44

  20. History of NIZK Proofs Inefficient NIZK Blum-Feldman-Micali, 1988. Damgard, 1992. Killian-Petrank, 1998. Feige-Lapidot-Shamir, 1999. De Santis-Di Crescenzo-Persiano, 2002. Alternative: Fiat-Shamir heuristic transforms interactive ZK proof into NIZK But there are examples of insecure Fiat-Shamir transformation Groth-Ostrovsky-Sahai, 2006. Groth-Sahai, 2008. D. Vergnaud (ENS) Cryptographic Primitives for Digital Confidence Apr. 3rd 2014, Clermont-Ferrand 9 / 44

  21. Applications of NIZK Proofs Fancy signature schemes group signatures ring signatures . . . Efficient non-interactive proof of correctness of shuffle Non-interactive anonymous credentials CCA-2-secure encryption schemes Identification E-cash . . . D. Vergnaud (ENS) Cryptographic Primitives for Digital Confidence Apr. 3rd 2014, Clermont-Ferrand 10 / 44

  22. Composite order bilinear structure: What ? ( e , G , G T , g , n ) bilinear structure: G , G T multiplicative groups of order n = pq n = RSA integer � g � = G e : G × G → G T � e ( g , g ) � = G T e ( g a , g b ) = e ( g , g ) ab , a , b ∈ Z  deciding group membership,   group operations, efficiently computable.   bilinear map D. Vergnaud (ENS) Cryptographic Primitives for Digital Confidence Apr. 3rd 2014, Clermont-Ferrand 11 / 44

Recommend

Th eorie algorithmique des nombres et applications ` a la cryptanalyse de primitives

Th eorie algorithmique des nombres et applications ` a la cryptanalyse de primitives

Th eorie algorithmique des nombres et applications ` a la cryptanalyse de primitives cryptographiques Emmanuel Thom e 13 d ec. 2012 HDR E. Thom e 1/34 Algorithmic Number Theory and Applications to the Cryptanalysis of

620 views • 51 slides
Constructions of feebly secure cryptographic primitives Olga Melanich Steklov Institute of

Constructions of feebly secure cryptographic primitives Olga Melanich Steklov Institute of

Constructions of feebly secure cryptographic primitives Olga Melanich Steklov Institute of Mathematics at St. Petersburg 3.10.2009 1 / 12 Basic definitions Notation B n , m = { f : B n B m } , where B = { 0 , 1 } . 2 / 12 Basic

605 views • 39 slides
V erification de protocoles cryptographiques en pr esence de th eories equationnelles

V erification de protocoles cryptographiques en pr esence de th eories equationnelles

V erification de protocoles cryptographiques en pr esence de th eories equationnelles V erification de protocoles cryptographiques en pr esence de th eories equationnelles Pascal Lafourcade LSV, UMR 8643, CNRS, ENS de

1.12k views • 74 slides
S ecurit e des protocoles cryptographiques : aspects logiques et calculatoires Mathieu

S ecurit e des protocoles cryptographiques : aspects logiques et calculatoires Mathieu

Introduction Symbolic analysis Constraint solving Computational justification Conclusion S ecurit e des protocoles cryptographiques : aspects logiques et calculatoires Mathieu Baudet Laboratoire Sp ecification et V erification

963 views • 58 slides
Some Project Ideas Read & Write something Constructions not covered in class (e.g., McEliece

Some Project Ideas Read & Write something Constructions not covered in class (e.g., McEliece

Some Project Ideas Read & Write something Constructions not covered in class (e.g., McEliece PKE, lattice- based PKE), primitives not covered (e.g., Zero-Knowledge, Oblivious Transfer), proofs not covered (e.g., security of TLS),

411 views • 13 slides
ISO TC67 WG10 ISO TC252 WG2 Normalisation internationale pour les installations et

ISO TC67 WG10 ISO TC252 WG2 Normalisation internationale pour les installations et

ISO TC67 WG10 ISO TC252 WG2 Normalisation internationale pour les installations et quipements pour le Gaz Naturel Liqufi (GNL) Prsentation pour A.U.T.F. - PARIS - Septembre 2012 Normalisation internationale pour les installations et

502 views • 19 slides
Beyond Block I/O: Rethinking / Traditional Storage Primitives Traditional Storage Primitives

Beyond Block I/O: Rethinking / Traditional Storage Primitives Traditional Storage Primitives

Beyond Block I/O: Rethinking / Traditional Storage Primitives Traditional Storage Primitives Xiangyong Ouyang * , David Nellans , Robert Wipfel , David Flynn , D. K. Panda * d * D id Fl D K P * The Ohio State University

335 views • 29 slides
Implementing new Topology Mapping Primitives Guillermo Baltra Prior Work Primitives for

Implementing new Topology Mapping Primitives Guillermo Baltra Prior Work Primitives for

Implementing new Topology Mapping Primitives Guillermo Baltra Prior Work Primitives for Active Internet Topology Mapping: Toward High-Frequency Characterization, Beverly, R., Berger, A., Xie, G., IMC 2010. Demonstrated the ability of

1.2k views • 80 slides
Chapter 9: Passive Constructions Syntactic Constructions in English Kim and Michaelis (2020)

Chapter 9: Passive Constructions Syntactic Constructions in English Kim and Michaelis (2020)

Chapter 9: Passive Constructions Syntactic Constructions in English Kim and Michaelis (2020) Syntactic Constructions Chapter 9 1 / 43 Introduction 1 2 The Relationship between Active and Passive Approaches to Passive 3 From Structural

597 views • 43 slides
x ? ? ? ? computation easy One Way Hash Function (OWHF) h h h h h

x ? ? ? ? computation easy One Way Hash Function (OWHF) h h h h h

ECRYPT Bart Preneel Emerging Topics in Cryptographic Design and Cryptanalysis Generic Constructions 30 April- 4 May 2007, Samos Greece for Iterated Hash Functions Outline Generic Constructions Generic Constructions for Iterated Hash

759 views • 10 slides
Towards Optimal Constructions of Towards Optimal Constructions of Dynamically Corrected Quantum

Towards Optimal Constructions of Towards Optimal Constructions of Dynamically Corrected Quantum

Second International Conference on Quantum Error Correction University of Southern California, Dec. 5-9 2011 Towards Optimal Constructions of Towards Optimal Constructions of Dynamically Corrected Quantum Gates Dynamically Corrected Quantum

700 views • 25 slides
RenderMan Primitives RenderMan Primitives CSCD 472? Slide 1 4/5/10 Primitive Attributes

RenderMan Primitives RenderMan Primitives CSCD 472? Slide 1 4/5/10 Primitive Attributes

RenderMan Primitives RenderMan Primitives CSCD 472? Slide 1 4/5/10 Primitive Attributes Primitive Attributes Two different methods of attaching attributes to primitives: Graphics state attributes inherited by the primitive from the

318 views • 19 slides
Chapter 7: Raising and Control Constructions Syntactic Constructions in English Kim and Michaelis

Chapter 7: Raising and Control Constructions Syntactic Constructions in English Kim and Michaelis

Chapter 7: Raising and Control Constructions Syntactic Constructions in English Kim and Michaelis (2020) Syntactic Constructions Chapter 7 1 / 48 Raising and Control Predicates 1 2 Differences between Raising and Control Verbs Subject

635 views • 48 slides
Task 3 - Vulnerability and damageability of constructions under impact and explosion Florea Dinu

Task 3 - Vulnerability and damageability of constructions under impact and explosion Florea Dinu

COST C26 Final Conference: Urban Habitat Constructions under Catastrophic Events Naples, Italy, 16-18 September 2010 WG3 - Impact and explosion resistance Task 3 - Vulnerability and damageability of constructions under impact and

787 views • 36 slides
Chapter 11: Relative Clause Constructions Syntactic Constructions in English Kim and Michaelis

Chapter 11: Relative Clause Constructions Syntactic Constructions in English Kim and Michaelis

Chapter 11: Relative Clause Constructions Syntactic Constructions in English Kim and Michaelis (2020) Syntactic Constructions Chapter 11 1 / 54 Introduction 1 Nonsubject Wh-Relative Clauses 2 3 Subject Relative Clauses That-Relative

684 views • 54 slides
Investor Presentation 2 KNR Constructions Limited Disclaimer This presentation and the

Investor Presentation 2 KNR Constructions Limited Disclaimer This presentation and the

AUGUST 2017 KNR Constructions Limited Investor Presentation 2 KNR Constructions Limited Disclaimer This presentation and the accompanying slides (the Presentation), which have been prepared by KNR Constructions Limited (the

984 views • 48 slides
Descripteurs divers niveaux de concepts pour la classification concepts pour la classification

Descripteurs divers niveaux de concepts pour la classification concepts pour la classification

Descripteurs divers niveaux de concepts pour la classification concepts pour la classification dimages multi-objets Youssef Tamaazousti, Herv Le Borgne and Cline Hudelot youssef.tamaazousti@cea.fr | 1 Image Classification Labels

347 views • 22 slides
Wrap Up: Cryptographic Primitives Lecture 18 Alternate Assumptions for PKE Randomness

Wrap Up: Cryptographic Primitives Lecture 18 Alternate Assumptions for PKE Randomness

Wrap Up: Cryptographic Primitives Lecture 18 Alternate Assumptions for PKE Randomness Extractors Story So Far Basic primitives for secure communication: Shared-Key Public-Key SKE PKE Encryption MAC

498 views • 17 slides
Recovering Primitives in 3D CAD meshes Roseline B eni` ere G. Subsol, G. Gesqui` ere, F .

Recovering Primitives in 3D CAD meshes Roseline B eni` ere G. Subsol, G. Gesqui` ere, F .

Introduction Primitives Extraction Problems Conclusion Recovering Primitives in 3D CAD meshes Roseline B eni` ere G. Subsol, G. Gesqui` ere, F . Le Breton and W. Puech LIRMM, Montpellier, France C4W, Montpellier, France LSIS, Arles,

1.04k views • 57 slides
Constructions for constant dimension codes Tao ( ) Feng ( ) Department of Mathematics Beijing

Constructions for constant dimension codes Tao ( ) Feng ( ) Department of Mathematics Beijing

Constructions for constant dimension codes Tao ( ) Feng ( ) Department of Mathematics Beijing Jiaotong University Joint work with Shuangqing Liu and Yanxun Chang July 1, 2019 1 / 71 Outline 1 Background and Definitions 2 Constructions for

1.03k views • 84 slides
Constructions of Derived Equivalences of Finite Posets Sefi Ladkani Einstein Institute of

Constructions of Derived Equivalences of Finite Posets Sefi Ladkani Einstein Institute of

Constructions of derived equivalences of finite posets Constructions of Derived Equivalences of Finite Posets Sefi Ladkani Einstein Institute of Mathematics The Hebrew University of Jerusalem http://www.ma.huji.ac.il/~sefil/ 1 Constructions

346 views • 11 slides
2D graphics Vector graphics Use of geometric primitives: points, lines, curves, etc.

2D graphics Vector graphics Use of geometric primitives: points, lines, curves, etc.

Week 4 Part 2 Introduction to 2D Graphics & Java 2D 2D graphics Vector graphics Use of geometric primitives: points, lines, curves, etc. Primitives are created by using mathematical equations Can be zoomed infinitively, moved

569 views • 22 slides
Theoretical Background on Cryptographic Primitives Bogdan Groza This material intends to be a

Theoretical Background on Cryptographic Primitives Bogdan Groza This material intends to be a

Theoretical Background on Cryptographic Primitives Bogdan Groza This material intends to be a brief introduction to symmetric and asymmetric cryptographic primitives, pointing out some relevant design principles and security properties.

532 views • 26 slides
Complement Structures: Outline Complement Structures and Non-Finite Constructions in HPSG

Complement Structures: Outline Complement Structures and Non-Finite Constructions in HPSG

Complement Structures: Outline Complement Structures and Non-Finite Constructions in HPSG Category selection Nonfinite constructions: Raising and control Passive construction Introduction to HPSG 19. Mai 2009 Kordula De Kuthy 1 2

316 views • 10 slides

More recommend