security proofs asymmetric encryption
play

Security Proofs ---- Asymmetric Encryption Introduction without - PDF document

Feb 27, 2024 •543 likes •638 views

Summary Summary Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security Asymmetric Encryption Rennes January 2004 New Schemes Joint work with Duong Hieu Phan David Pointcheval David Pointcheval

  1. Summary Summary Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security Asymmetric Encryption Rennes – January 2004 New Schemes Joint work with Duong Hieu Phan David Pointcheval David Pointcheval David Pointcheval David Pointcheval David Pointcheval CNRS-ENS, Paris, France CNRS-ENS, Paris, France CNRS-ENS, Paris, France CNRS-ENS, Paris, France CNRS-ENS, Paris, France David Pointcheval – CNRS - ENS Security Proofs and Asymmetric Encryption without Redundancy Encryption / decryption Encryption / decryption Summary Summary attack attack Granted Bob’s public key, r e t y s e c M Alice can lock the safe, s i with the message inside . . … / . ( encrypt the message ) Introduction Provable Security Asymmetric Encryption New Schemes David Pointcheval – CNRS - ENS Security Proofs and Asymmetric Encryption without Redundancy David Pointcheval – CNRS - ENS Security Proofs and Asymmetric Encryption without Redundancy Encryption / decryption Encryption / decryption Encryption / decryption Encryption / decryption attack attack attack attack Granted Bob’s public key, Granted Bob’s public key, e t e t s e c r s e c r M y M y Alice can lock the safe, Alice can lock the safe, s s i i with the message inside with the message inside . . … / . . … / . . ( encrypt the message ) ( encrypt the message ) Excepted Bob, granted his private key (Bob can decrypt) Alice sends the safe to Bob Alice sends the safe to Bob no one can unlock it no one can unlock it ( impossible to break ) ( impossible to break ) David Pointcheval – CNRS - ENS Security Proofs and Asymmetric Encryption without Redundancy David Pointcheval – CNRS - ENS Security Proofs and Asymmetric Encryption without Redundancy

  2. Kerckhoffs’ Principles (1) Kerckhoffs’ Principles (1) Kerckhoffs’ Principles (2) Kerckhoffs’ Principles (2) In 1883, in “La Cryptographie Militaire” Il faut qu’il n’exige pas le secret, et qu’il puisse Kerckhoffs wrote: sans inconvénient tomber entre les mains de Le système doit être matériellement, sinon l’ennemi mathématiquement, indéchiffrable Compromise of the system should not inconvenience The system should be, if not theoretically the correspondents unbreakable, unbreakable in practice David Pointcheval – CNRS - ENS Security Proofs and Asymmetric Encryption without Redundancy David Pointcheval – CNRS - ENS Security Proofs and Asymmetric Encryption without Redundancy Symmetric Encryption Symmetric Encryption Kerckhoffs’ Principles (3) Kerckhoffs’ Principles (3) Principles 2 and 3 define the concept of the symmetric cryptography: La clef doit pouvoir en être communiquée et Encryption Algorithm, � Decryption Algorithm, � retenue sans le secours de notes écrites, et être k k changée ou modifiée au gré des correspondants the key should be rememberable without notes and � � c m m should be easily changeable Security : heuristic Security = secrecy: etc … 1 st Principle impossible to recover m from c only (without k ) David Pointcheval – CNRS - ENS Security Proofs and Asymmetric Encryption without Redundancy David Pointcheval – CNRS - ENS Security Proofs and Asymmetric Encryption without Redundancy Integer Factoring and RSA Asymmetric Cryptography Asymmetric Cryptography Integer Factoring and RSA secrecy One-Way Multiplication/Factorization: Alice Bob Extends 2 nd principle Function authenticity p, q � n = p.q easy (quadratic) Diffie-Hellman 1976 n = p.q � p, q difficult (super-polynomial) Asymmetric Encryption: Bob owns two “keys” A public key (encryption k e ) known by everybody ⇒ (included Alice) so that anybody can encrypt a message for him A private key (decryption k d ) ⇒ known by Bob only to help him to decrypt David Pointcheval – CNRS - ENS Security Proofs and Asymmetric Encryption without Redundancy David Pointcheval – CNRS - ENS Security Proofs and Asymmetric Encryption without Redundancy

  3. Integer Factoring and RSA Integer Factoring and RSA Integer Factoring and RSA Integer Factoring and RSA One-Way One-Way Multiplication/Factorization: Multiplication/Factorization: Function Function p, q � n = p.q easy (quadratic) p, q � n = p.q easy (quadratic) n = p.q � p, q difficult (super-polynomial) n = p.q � p, q difficult (super-polynomial) RSA Function, from � n in � n (with n=pq ) RSA Function, from � n in � n (with n=pq ) for a fixed exponent e Rivest-Shamir-Adleman 1978 for a fixed exponent e Rivest-Shamir-Adleman 1978 x � x e mod n easy (cubic) x � x e mod n easy (cubic) y=x e mod n � x difficult (without p or q ) y=x e mod n � x difficult (without p or q ) RSA Problem x = y d mod n where d = e -1 mod � ( n ) x = y d mod n where d = e -1 mod � ( n ) encryption David Pointcheval – CNRS - ENS Security Proofs and Asymmetric Encryption without Redundancy David Pointcheval – CNRS - ENS Security Proofs and Asymmetric Encryption without Redundancy Integer Factoring and RSA Integer Factoring and RSA Integer Factoring and RSA Integer Factoring and RSA One-Way One-Way Multiplication/Factorization: Multiplication/Factorization: Function Function p, q � n = p.q easy (quadratic) p, q � n = p.q easy (quadratic) n = p.q � p, q difficult (super-polynomial) n = p.q � p, q difficult (super-polynomial) RSA Function, from � n in � n (with n=pq ) RSA Function, from � n in � n (with n=pq ) for a fixed exponent e for a fixed exponent e Rivest-Shamir-Adleman 1978 Rivest-Shamir-Adleman 1978 x � x e mod n easy (cubic) x � x e mod n easy (cubic) y=x e mod n � x difficult (without p or q ) y=x e mod n � x difficult (without p or q ) trapdoor x = y d mod n where d = e -1 mod � ( n ) x = y d mod n where d = e -1 mod � ( n ) difficult key decryption to break David Pointcheval – CNRS - ENS Security Proofs and Asymmetric Encryption without Redundancy David Pointcheval – CNRS - ENS Security Proofs and Asymmetric Encryption without Redundancy Algorithmic Assumptions Algorithmic Assumptions Summary Summary necessary necessary RSA Encryption n=pq : public � ( m ) = m e mod n modulus e : public exponent � ( c ) = c d mod n Introduction d=e -1 mod � ( n ) : private Provable Security Asymmetric Encryption If the RSA problem is easy, New Schemes secrecy is not satisfied: anybody may recover m from c David Pointcheval – CNRS - ENS Security Proofs and Asymmetric Encryption without Redundancy David Pointcheval – CNRS - ENS Security Proofs and Asymmetric Encryption without Redundancy

  4. � � Algorithmic Assumptions Algorithmic Assumptions Proof by Reduction Proof by Reduction sufficient? sufficient? Reduction of a problem �� to an attack Atk : Let � be an adversary that breaks the scheme Security proofs give the guarantee that the Then � can be used to solve � assumption is enough for secrecy: if an adversary can break the secrecy one can break the assumption � “reductionist” proof Extends the 1 st Principle David Pointcheval – CNRS - ENS Security Proofs and Asymmetric Encryption without Redundancy David Pointcheval – CNRS - ENS Security Proofs and Asymmetric Encryption without Redundancy Provably Secure Scheme Provably Secure Scheme Practical Security Practical Security Algorithm Adversary against � To prove the security of a cryptographic scheme, within t one has to make precise within t’ = T ( t ) the algorithmic assumptions some have been presented the security notions to be guaranteed Complexity theory: T polynomial depends on the scheme Exact Security: T explicit a reduction: Practical Security: T small (linear) an adversary can help to break the assumption David Pointcheval – CNRS - ENS Security Proofs and Asymmetric Encryption without Redundancy David Pointcheval – CNRS - ENS Security Proofs and Asymmetric Encryption without Redundancy

Recommend

Asymmetric Cryptography Key Exchange 3 Recapitulation: Symmetric Encryption One problem: key

Asymmetric Cryptography Key Exchange 3 Recapitulation: Symmetric Encryption One problem: key

Network and Communications Security (IN3210/IN4210) Asymmetric Cryptography Key Exchange 3 Recapitulation: Symmetric Encryption One problem: key exchange Eve 6R4Y2 hlbMZ CB... Dear Dear Bob Decryption Bob Encryption .... ....

831 views • 63 slides
Comparing proofs of security The target KEMs (all proposed for lattice-based encryption for wide

Comparing proofs of security The target KEMs (all proposed for lattice-based encryption for wide

1 2 Comparing proofs of security The target KEMs (all proposed for lattice-based encryption for wide deployment, IND-CCA2): 640 , 976 , 1344 . frodo Daniel J. Bernstein 512 , 768 , 1024 . kyber 128 , 192 , 256 . lac Primary objective of

1.2k views • 104 slides
Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Defining Encryption (ctd.) Lecture 3 CPA/CCA security Computational Indistinguishability Pseudo-randomness, One-Way Functions Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too strong (though too

1.36k views • 113 slides
Session 3 Hash Function, Asymmetric Encryption and Signature Sbastien Combfis Fall 2019

Session 3 Hash Function, Asymmetric Encryption and Signature Sbastien Combfis Fall 2019

I5020 Computer Security Session 3 Hash Function, Asymmetric Encryption and Signature Sbastien Combfis Fall 2019 This work is licensed under a Creative Commons Attribution NonCommercial NoDerivatives 4.0 International License.

740 views • 53 slides
Recall: symmetric setting CS 4803 A Computer and Network Security K K Alexandra (Sasha)

Recall: symmetric setting CS 4803 A Computer and Network Security K K Alexandra (Sasha)

Recall: symmetric setting CS 4803 A Computer and Network Security K K Alexandra (Sasha) Boldyreva S R Public-key encryption 1 2 Public-key (asymmetric) setting Asymmetric encryption schemes A scheme AE is specified a key generation

280 views • 4 slides
Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth workshop Introduction to the workshop PROOFS: Security Proofs for Embedded Systems UCSB August 20, 2016 5th edition of PROOFS PROOFS 2012:

311 views • 7 slides
Outline The Game-based Methodology 1 Cryptography for Computational Security Proofs

Outline The Game-based Methodology 1 Cryptography for Computational Security Proofs

Cryptography Game-based Proofs Assumptions BF IB-Encryption Conclusion Outline The Game-based Methodology 1 Cryptography for Computational Security Proofs Introduction Provable Security David Pointcheval 2 Game-based Methodology

722 views • 10 slides
Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1 Martin

Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1 Martin

Automatic Proofs for Symmetric Encryption Modes Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1 Martin Gagn Reihaneh Safavi-Naini 2 1 Universit e Grenoble 1, CNRS, Verimag , FRANCE 2 Department of

538 views • 29 slides
Towards Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1

Towards Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1

Block cipher modes Generic Encryption Mode Our Approach Our Hoare Logic Result Conclusion Towards Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1 Martin Gagn Reihaneh Safavi-Naini 2 1 Universit

663 views • 35 slides
Asymmetric Message Franking Content Moderation for Metadata-Private End-to-End Encryption Nirvan

Asymmetric Message Franking Content Moderation for Metadata-Private End-to-End Encryption Nirvan

Asymmetric Message Franking Content Moderation for Metadata-Private End-to-End Encryption Nirvan Tyagi Paul Grubbs Julia Len Ian Miers Tom Ristenpart CRYPTO 2019 1 Setting: End-to-end encrypted messaging Hello From: Alice To: Bob

1k views • 75 slides
Outline Security Proofs 1 Cryptography Introduction using the Game-based Methodology Provable

Outline Security Proofs 1 Cryptography Introduction using the Game-based Methodology Provable

Cryptography Game-based Proofs Assumptions BLS Signature BF IB-Encryption Conclusion Outline Security Proofs 1 Cryptography Introduction using the Game-based Methodology Provable Security Game-based Methodology 2 Game-based Approach

345 views • 12 slides
ASYMMETRIC ENCRYPTION 1 / 1 Recommended Book Steven Levy. Crypto . Penguin books. 2001. A

ASYMMETRIC ENCRYPTION 1 / 1 Recommended Book Steven Levy. Crypto . Penguin books. 2001. A

ASYMMETRIC ENCRYPTION 1 / 1 Recommended Book Steven Levy. Crypto . Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters involved. 2 / 1 Recall Symmetric Cryptography Before

1.93k views • 145 slides
Breaking and Repairing GCM Security Proofs Tetsu Iwata, Nagoya University Keisuke Ohashi, Nagoya

Breaking and Repairing GCM Security Proofs Tetsu Iwata, Nagoya University Keisuke Ohashi, Nagoya

Breaking and Repairing GCM Security Proofs Tetsu Iwata, Nagoya University Keisuke Ohashi, Nagoya University Kazuhiko Minematsu, NEC Corporation CRYPTO 2012 August 20, 2012, Santa Barbara, USA GCM Galois/Counter Mode authenticated encryption

414 views • 29 slides
Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key Cryptography Security Requirements Advantages Modes of Use Diffie-Hellman Key Exchange RSA Cryptosystem ElGamal

584 views • 32 slides
Overview Goals of Cryptography Cryptographic Technologies Encryption and Decryption

Overview Goals of Cryptography Cryptographic Technologies Encryption and Decryption

Overview Goals of Cryptography Cryptographic Technologies Encryption and Decryption Algorithms Symmetric Algorithms: DES and AES Asymmetric Algorithm: RSA Pretty Good Privacy (PGP) Chapter 5 Symmetric vs. Asymmetric

363 views • 8 slides
Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable

Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable

Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Gneysu Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim

590 views • 22 slides
Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange

Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange

Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange Shared/Symmetric-Key PKE scheme Encryption (a.k.a. private-key encryption) a.k.a. asymmetric-key encryption PKE SKE: Syntax Syntax KeyGen outputs KeyGen

366 views • 13 slides
Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1 Martin

Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1 Martin

Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1 Martin Gagn Reihaneh Safavi-Naini 2 1 Universit e Grenoble 1, CNRS, Verimag , FRANCE 2 Department of Computer Science, University of Calgary, Canada

400 views • 23 slides
Authenticated Encryption Kenny Paterson Information Security Group @kennyog ;

Authenticated Encryption Kenny Paterson Information Security Group @kennyog ;

Authenticated Encryption Kenny Paterson Information Security Group @kennyog ; www.isg.rhul.ac.uk/~kp Motivation for Authenticated Encryption Authenticated Encryption (AE) m 1 m 2 Security goals: Confidentiality and integrity of messages

649 views • 60 slides
Formal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers

Formal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers

Formal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers Sarani Bhattacharya and Debdeep Mukhopadhyay Indian Institute of Technology Kharagpur PROOFS 2016 August 20, 2016 PROOFS 2016 Sarani Bhattacharya

591 views • 42 slides
ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto .

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto .

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto . Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters involved. Mihir Bellare UCSD 2

917 views • 59 slides
Security proofs in the symbolic model web services security, manual and automated proofs

Security proofs in the symbolic model web services security, manual and automated proofs

Security proofs in the symbolic model web services security, manual and automated proofs Karthikeyan Bhargavan INRIA karthikeyan.bhargavan@inria.fr http://prosecco.inria.fr/personal/karthik September 2013 Karthikeyan Bhargavan (INRIA)

800 views • 58 slides
Encryption Debdeep Mukhopadhyay IIT Kharagpur Notion of Security A Good disguise should

Encryption Debdeep Mukhopadhyay IIT Kharagpur Notion of Security A Good disguise should

Encryption Debdeep Mukhopadhyay IIT Kharagpur Notion of Security A Good disguise should not reveal the persons height Shafi Goldwasser and Silvio Micali, 1982 1 Design of Encryption Algorithms Encryption algorithms are

421 views • 7 slides
Tools for Security Physical security Access control Encryption Authentication

Tools for Security Physical security Access control Encryption Authentication

Tools for Security Physical security Access control Encryption Authentication Encapsulation Intrusion detection Common sense Lecture 2 Page 1 CS 236 Online Physical Security Lock up your computer Actually,

465 views • 35 slides

More recommend