react rapid enhanced security asymmetric cryptosystems
play

REACT: Rapid Enhanced-security Asymmetric Cryptosystems Transform - PDF document

Apr 13, 2023 •209 likes •297 views

REACT: Rapid Enhanced-security Asymmetric Cryptosystems Transform RSA Conference 2001 San Francisco, California, April 2001 Tatsuaki Okamoto David Pointcheval NTT ENS - CNRS Yokosuka - Japan Paris - France David.Pointcheval@ens.fr

  1. REACT: Rapid Enhanced-security Asymmetric Cryptosystems Transform RSA Conference ‘ 2001 San Francisco, California, April 2001 Tatsuaki Okamoto David Pointcheval NTT ENS - CNRS Yokosuka - Japan Paris - France David.Pointcheval@ens.fr http://www.di.ens.fr/users/pointche Overview Overview ◆ Introduction to Encryption ◆ Previous conversions ◆ REACT: the new conversion ● Description ● Security Result ◆ Conclusion David Pointcheval Rapid Enhanced-security Asymmetric Cryptosystems Transform ENS-CNRS RSA Conference ‘2001 - San Francisco - April 2001 - 2

  2. Asymmetric Encryption Asymmetric Encryption Encryption Algorithm Encryption key k e Decryption Algorithm Decryption key k d k e k d c m m Security: it is impossible to get back m just from c, k e , and (without k d ) David Pointcheval Rapid Enhanced-security Asymmetric Cryptosystems Transform ENS-CNRS RSA Conference ‘2001 - San Francisco - April 2001 - 3 Security Notions Security Notions ◆ the goals ● One-Wayness ● Semantic Security (Indistinguishability) ◆ the means/information available ● Chosen-Plaintext Attacks ● Chosen-Ciphertext Attacks ⇒ OW-CPA = weakest notion IND-CCA = strongest notion David Pointcheval Rapid Enhanced-security Asymmetric Cryptosystems Transform ENS-CNRS RSA Conference ‘2001 - San Francisco - April 2001 - 4

  3. Examples Examples ◆ RSA: n = pq , e , public, d = e -1 mod ϕ ( n ), secret ( m ) = m e mod n ( c ) = c d mod n OW-CPA = RSA problem = (< g >, × ), y=g x , public , x : secret ◆ El Gamal: ( m ) = ( g a , y a m ) ( c,d ) = d/c x OW-CPA = CDH problem IND-CPA = DDH problem David Pointcheval Rapid Enhanced-security Asymmetric Cryptosystems Transform ENS-CNRS RSA Conference ‘2001 - San Francisco - April 2001 - 5 Generic Conversions Generic Conversions ◆ Any trapdoor one-way (injective) function leads to a OW-CPA cryptosystem ◆ But OW-CPA not enough ◆ How to reach IND-CCA ? ⇒ generic conversions from OW-CPA to IND-CCA ( , ) is assumed to be weakly secure and one designs a secure ( , ) David Pointcheval Rapid Enhanced-security Asymmetric Cryptosystems Transform ENS-CNRS RSA Conference ‘2001 - San Francisco - April 2001 - 6

  4. Previous Conversions: OAEP Previous Conversions: OAEP Bellare-Rogaway (EC ‘94) proposed OAEP , a very efficient conversion ◆ believed to provide a conversion of any trapdoor OW permutation into IND-CCA ◆ actually, it just provides a conversion of any trapdoor partial-domain OW permutation Anyway, RSA is the sole application RSA-OAEP: IND-CCA=RSA [ FOPS’00 ] But the security reduction remains costly ⇒ no guarantee for actual parameters David Pointcheval Rapid Enhanced-security Asymmetric Cryptosystems Transform ENS-CNRS RSA Conference ‘2001 - San Francisco - April 2001 - 7 Recent Generic Conversions Recent Generic Conversions Fujisaki-Okamoto (PKC ‘99) from IND-CPA into IND-CCA Fujisaki-Okamoto (Crypto ‘99) and Pointcheval (PKC ‘00) from OW-CPA into IND-CCA Efficiency: ● efficient security reduction ● optimal encryption (just few more hashings) ● non-optimal decryption (1 re-encryption) David Pointcheval Rapid Enhanced-security Asymmetric Cryptosystems Transform ENS-CNRS RSA Conference ‘2001 - San Francisco - April 2001 - 8

  5. New Conversion: REACT New Conversion: REACT PK-Cryptosystem ( � , � ): �� × � → � Block-Cipher E k , D k : {0,1} λ → {0,1} λ Hash functions G , H ( m,r || s ) = a = � ( r, s ) with r ∈ ��� s ∈ � b = E k ( m ) where k = G ( r ) c = H( m,r,a,b ) ( a,b,c ): Compute r = � ( a ) and k = G( r ) extract m = D k ( b ) if c = H( m,r,a,b ) and r ∈ � then output m David Pointcheval Rapid Enhanced-security Asymmetric Cryptosystems Transform ENS-CNRS RSA Conference ‘2001 - San Francisco - April 2001 - 9 New Conversion: REACT New Conversion: REACT Efficiency: ● optimal encryption (just 2 more hashings) ● optimal decryption (just 2 more hashings) Security: conversion ● in the random oracle model ● of any OW-PCA cryptosystem into an IND-CCA cryptosystem ● under the (weak) security of ( E k , D k ) David Pointcheval Rapid Enhanced-security Asymmetric Cryptosystems Transform ENS-CNRS RSA Conference ‘2001 - San Francisco - April 2001 - 10

  6. Basic Security Basic Security ◆ Plaintext Checking Attack (PCA): the adversary has access to an oracle which, on input a pair ( m,c ) , answers whether c encrypts m , or not plain RSA: OW-PCA = RSA El Gamal: OW-PCA = GDH ◆ Weak security for ( E k , D k ) semantic security against passive attacks One-Time Pad: perfectly secure AES: very good security David Pointcheval Rapid Enhanced-security Asymmetric Cryptosystems Transform ENS-CNRS RSA Conference ‘2001 - San Francisco - April 2001 - 11 Applications Applications ◆ El Gamal: OW-PCA = GDH ⇒ REACT-El Gamal: IND-CCA=GDH Rk : On Elliptic Curves = PSEC-3 ◆ RSA: OW-PCA = RSA ⇒ REACT-RSA: IND-CCA=RSA alternative to RSA-OAEP David Pointcheval Rapid Enhanced-security Asymmetric Cryptosystems Transform ENS-CNRS RSA Conference ‘2001 - San Francisco - April 2001 - 12

  7. REACT- -RSA RSA vs vs. OAEP . OAEP- -RSA RSA REACT ◆ Very efficient security reduction (much better than that of RSA-OAEP(+), SAEP+) ⇒ guarantees security for actual size (1024 bits) ◆ The (overall) security of the hybrid usage of RSA and symmetric encryption (e.g. AES) is theoretically guaranteed (No theoretical guarantee is given for the hybrid usage of OAEP-RSA) David Pointcheval Rapid Enhanced-security Asymmetric Cryptosystems Transform ENS-CNRS RSA Conference ‘2001 - San Francisco - April 2001 - 13 Hybridity Hybridity ◆ Already very efficient with One-Time Pad ◆ Hybridity (use of AES, etc…) ● makes it much more practical ● security proof ◆ Enhanced hybridity: to encrypt many messages a = ( r, s ) and k = G( r ) b i = E k ( m i ) and c i = H( m i ,r,a,b i ) David Pointcheval Rapid Enhanced-security Asymmetric Cryptosystems Transform ENS-CNRS RSA Conference ‘2001 - San Francisco - April 2001 - 14

  8. Conclusion Conclusion REACT is a new conversion: ◆ From any OW-PCA scheme, one makes an IND-CCA scheme ⇒ the best security level ◆ The cost is just: 2 more hashings in encryption/decryption ⇒ almost optimal ◆ Can integrate symmetric encryption ⇒ improved efficiency David Pointcheval Rapid Enhanced-security Asymmetric Cryptosystems Transform ENS-CNRS RSA Conference ‘2001 - San Francisco - April 2001 - 15

Recommend

Outline Yet More On Cryptography Symmetric cryptosystems CS 239 Asymmetric

Outline Yet More On Cryptography Symmetric cryptosystems CS 239 Asymmetric

Outline Yet More On Cryptography Symmetric cryptosystems CS 239 Asymmetric cryptosystems Computer Security Digital signatures January 30, 2006 Digital hashes Key recovery cryptosystems Lecture 4 Lecture 4 Page 1 Page

358 views • 11 slides
REACT: A Framework for Rapid Exploration of Approximate

REACT: A Framework for Rapid Exploration of Approximate

REACT: A Framework for Rapid Exploration of Approximate Computing Techniques Mark Wyse , Andr Baixo, Thierry Moreau, Bill Zorn James Bornholt, Adrian Sampson,

356 views • 13 slides
Discrete-Log Based Public Key Cryptosystems Jim Royer September 25, 2018 Introduction to

Discrete-Log Based Public Key Cryptosystems Jim Royer September 25, 2018 Introduction to

Note: Log = logarithm, not Discrete-Log Based Public Key Cryptosystems Jim Royer September 25, 2018 Introduction to Cryptography 1 References Symmetric and Asymmetric Cryptosystems Public-Key Cryptosystems Based on the Discrete

436 views • 9 slides
Contents Introduction to data security Public key cryptosystems: Classical

Contents Introduction to data security Public key cryptosystems: Classical

Contents Introduction to data security Public key cryptosystems: Classical cryptosystems RSA Introduction to modern Prime number generation cryptography Polynomial arithmetic T-79.159 Block ciphers: DES, IDEA,

439 views • 15 slides
T-79.159 Cryptography and Data Security Lecture 2: 2.1 Classical cryptosystems 2.2.Introduction

T-79.159 Cryptography and Data Security Lecture 2: 2.1 Classical cryptosystems 2.2.Introduction

T-79.159 Cryptography and Data Security Lecture 2: 2.1 Classical cryptosystems 2.2.Introduction to modern cryptographic primitives Kaufman et al: Chapter 2 Stallings: Chapter 2 1 2.1 Classical Cryptosystems Ceasar Cipher, or Shift Cipher

555 views • 21 slides
Unbreakable Cryptosystems ??? Almost all of the practical cryptosystems are theoretically

Unbreakable Cryptosystems ??? Almost all of the practical cryptosystems are theoretically

Unbreakable Cryptosystems ??? Almost all of the practical cryptosystems are theoretically breakable given the time are theoretically breakable given the time Security Notions and computational resources. However,

307 views • 10 slides
The RSA Algorithm Private-key cryptosystems: - Alice and Bob agree on the key before the

The RSA Algorithm Private-key cryptosystems: - Alice and Bob agree on the key before the

The RSA Algorithm Private-key cryptosystems: - Alice and Bob agree on the key before the communication - all cryptosystems we discussed so far - also called: symmetric-key cryptosystems Public-key cryptosystems (Chapter 6) : - what to do if

281 views • 4 slides
On the Security of Supersingular Isogeny Cryptosystems Yan Bo Ti Department of Mathematics,

On the Security of Supersingular Isogeny Cryptosystems Yan Bo Ti Department of Mathematics,

On the Security of Supersingular Isogeny Cryptosystems Yan Bo Ti Department of Mathematics, University of Auckland AsiaCrypt 2016, 5th of December 1/17 Outline Joint work with Steven Galbraith , Christophe Petit and Barak Shani . 1

242 views • 23 slides
Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security

Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security

Summary Summary Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security Asymmetric Encryption Rennes January 2004 New Schemes Joint work with Duong Hieu Phan David Pointcheval David Pointcheval

638 views • 8 slides
webrx-react Monadic Development for the Web Using RxJS and React Follow Along @

webrx-react Monadic Development for the Web Using RxJS and React Follow Along @

webrx-react Monadic Development for the Web Using RxJS and React Follow Along @ https://git.io/vQ10Y Who Am I? Pat Sissons Senior Software Developer at Marine Learning Systems /patsissons /marinels webrx-react? webrx-react is a single

495 views • 28 slides
Building React web and React Native apps with shared code Tyrone Trevorrow: @tyrone_mpolee Tim

Building React web and React Native apps with shared code Tyrone Trevorrow: @tyrone_mpolee Tim

Building React web and React Native apps with shared code Tyrone Trevorrow: @tyrone_mpolee Tim Sawtell: @saw083 Damon Smith: @damondefault Outline 1. Why Sportsbet would consider React and React Native 2. What React and React Native offers

872 views • 40 slides
Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key Cryptography Security Requirements Advantages Modes of Use Diffie-Hellman Key Exchange RSA Cryptosystem ElGamal

584 views • 32 slides
Security Notions 1

Security Notions 1

Security Notions 1 Unbreakable Cryptosystems ??? Almost all of the practical cryptosystems are theoretically breakable given the time are theoretically breakable given

1.1k views • 37 slides
React Native Navigation Screens, moving, parameters React Navigation React Navigation is not

React Native Navigation Screens, moving, parameters React Navigation React Navigation is not

React Native Navigation Screens, moving, parameters React Navigation React Navigation is not from facebook; its created by the React Native community Uses platform-specific native primitives. Must install the React Navigation

628 views • 34 slides
Why Cryptosystems Fail? Ross J. Anderson - Communications of the ACM 1994 By Hassan Shahid Khan

Why Cryptosystems Fail? Ross J. Anderson - Communications of the ACM 1994 By Hassan Shahid Khan

CS 598 - COMPUTER SECURITY IN THE PHYSICAL WORLD Why Cryptosystems Fail? Ross J. Anderson - Communications of the ACM 1994 By Hassan Shahid Khan What are cryptosystems? - A suite of cryptographic algorithms (generation, encryption and

834 views • 16 slides
Security- -Enhanced Darwin: Enhanced Darwin: Security Porting SELinux to Mac OS X Porting

Security- -Enhanced Darwin: Enhanced Darwin: Security Porting SELinux to Mac OS X Porting

Security- -Enhanced Darwin: Enhanced Darwin: Security Porting SELinux to Mac OS X Porting SELinux to Mac OS X SELinux Symposium 2007 ELinux Symposium 2007 S Chris Vance Information Systems Security Operation, SPARTA, Inc.

700 views • 26 slides
Cryptosystems from 1900 to 1975 Late Classical Cryptosystems From 1900 up to the mid-1970s

Cryptosystems from 1900 to 1975 Late Classical Cryptosystems From 1900 up to the mid-1970s

Cryptosystems from 1900 to 1975 Late Classical Cryptosystems From 1900 up to the mid-1970s Many important and storied examples. See: http://users.telenet.be/d.rijmenants/ Jim Royer Well talk about just one in detail: the one-time pad .

250 views • 6 slides
A Complete and Explicit Security Reduction Algorithm for RSA-based Cryptosystems Asiacrypt 2003,

A Complete and Explicit Security Reduction Algorithm for RSA-based Cryptosystems Asiacrypt 2003,

A Complete and Explicit Security Reduction Algorithm for RSA-based Cryptosystems Asiacrypt 2003, Taipei Kaoru Kurosawa 1 , Katja Schmidt-Samoa 2 , Tsuyoshi Takagi 2 1 Ibaraki University 2 Technische Universit at Darmstadt A Complete and

408 views • 39 slides
COMPSCI 326 Web Programming React State and Interactivity Objectives Understand React State

COMPSCI 326 Web Programming React State and Interactivity Objectives Understand React State

COMPSCI 326 Web Programming React State and Interactivity Objectives Understand React State Understand React Interactivity React Props React has a one-way data flow beginning from the top-most component and working its way down through

766 views • 60 slides
Public-Key Cryptosystems Resilient to Key Leakage Moni Naor Gil Segev Weizmann Institute of

Public-Key Cryptosystems Resilient to Key Leakage Moni Naor Gil Segev Weizmann Institute of

Public-Key Cryptosystems Resilient to Key Leakage Moni Naor Gil Segev Weizmann Institute of Science Israel Foundations of Cryptography Rigorous analysis of the security of cryptographic schemes Adversarial model Notion of security

428 views • 20 slides
Elliptic Curve Isogeny Based Cryptosystems Frederik Vercauteren Open Security Research (China)

Elliptic Curve Isogeny Based Cryptosystems Frederik Vercauteren Open Security Research (China)

Elliptic Curve Isogeny Based Cryptosystems Frederik Vercauteren Open Security Research (China) KU Leuven ESAT/COSIC (Belgium) frederik.vercauteren@gmail.com 23 August 2016 Frederik Vercauteren Elliptic Curve Isogeny Based Cryptosystems 23

839 views • 52 slides
Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Security-Enhanced Linux Trent

474 views • 26 slides
Efficiency and Implementation Security of Code-based Cryptosystems PhD Thesis by Falko Strenzke

Efficiency and Implementation Security of Code-based Cryptosystems PhD Thesis by Falko Strenzke

Efficiency and Implementation Security of Code-based Cryptosystems PhD Thesis by Falko Strenzke Falko Strenzke Cryptography and Computeralgebra, Department of Computer Science, Technische Universit at Darmstadt, Germany,

1.73k views • 160 slides
React A JavaScript library for building user interfaces What is React? JavaScript library

React A JavaScript library for building user interfaces What is React? JavaScript library

React A JavaScript library for building user interfaces What is React? JavaScript library created by Facebook Open source Runs on Node.js and renders in the browser Why use React? Declarative Modular Stateful

380 views • 17 slides

More recommend