symmetric key encryption constructions
play

Symmetric-Key Encryption: constructions Lecture 5 PRG from One-Way - PowerPoint PPT Presentation

Oct 03, 2022 •284 likes •1.69k views

Symmetric-Key Encryption: constructions Lecture 5 PRG from One-Way Permutations PRF , Block Cipher RECALL PRG One-bit stretch PRG, G k : {0,1} k {0,1} k+1 k k G R k 1 Increasing the stretch Can use part of the PRG output as a new

  1. Goldreich-Levin Predicate Given any OWF f, can slightly modify it to get a OWF g f such that

  2. Goldreich-Levin Predicate Given any OWF f, can slightly modify it to get a OWF g f such that g f has a simple hardcore predicate

  3. Goldreich-Levin Predicate Given any OWF f, can slightly modify it to get a OWF g f such that g f has a simple hardcore predicate g f is almost as efficient as f; is a permutation if f is one

  4. Goldreich-Levin Predicate Given any OWF f, can slightly modify it to get a OWF g f such that g f has a simple hardcore predicate g f is almost as efficient as f; is a permutation if f is one g f (x,r) = (f(x), r), where |r|=|x|

  5. Goldreich-Levin Predicate Given any OWF f, can slightly modify it to get a OWF g f such that g f has a simple hardcore predicate g f is almost as efficient as f; is a permutation if f is one g f (x,r) = (f(x), r), where |r|=|x| Input distribution: x as for f, and r independently random

  6. Goldreich-Levin Predicate Given any OWF f, can slightly modify it to get a OWF g f such that g f has a simple hardcore predicate g f is almost as efficient as f; is a permutation if f is one g f (x,r) = (f(x), r), where |r|=|x| Input distribution: x as for f, and r independently random GL-predicate: B(x,r) = <x,r> (dot product of bit vectors)

  7. Goldreich-Levin Predicate Given any OWF f, can slightly modify it to get a OWF g f such that g f has a simple hardcore predicate g f is almost as efficient as f; is a permutation if f is one g f (x,r) = (f(x), r), where |r|=|x| Input distribution: x as for f, and r independently random GL-predicate: B(x,r) = <x,r> (dot product of bit vectors) Can show that a predictor of B(x,r) with non-negligible advantage can be turned into an inversion algorithm for f

  8. Goldreich-Levin Predicate Given any OWF f, can slightly modify it to get a OWF g f such that g f has a simple hardcore predicate g f is almost as efficient as f; is a permutation if f is one g f (x,r) = (f(x), r), where |r|=|x| Input distribution: x as for f, and r independently random GL-predicate: B(x,r) = <x,r> (dot product of bit vectors) Can show that a predictor of B(x,r) with non-negligible advantage can be turned into an inversion algorithm for f Predictor for B(x,r) is a “noisy channel” through which x, encoded as (<x,0>,<x,1>...<x,2 |x| -1>) (Walsh-Hadamard code), is transmitted. Can recover x by error-correction (local list decoding)

  9. PRG from One-Way Permutations

  10. PRG from One-Way Permutations One-bit stretch PRG, G k : {0,1} k → {0,1} k+1

  11. PRG from One-Way Permutations One-bit stretch PRG, G k : {0,1} k → {0,1} k+1 k k G R k 1

  12. PRG from One-Way Permutations One-bit stretch PRG, G k : {0,1} k → {0,1} k+1 k k G R k G(x) = f(x) ◦ B(x) 1

  13. PRG from One-Way Permutations One-bit stretch PRG, G k : {0,1} k → {0,1} k+1 k k G R k G(x) = f(x) ◦ B(x) 1 Where f: {0,1} k → {0,1} k is a one-way permutation, and B a hardcore predicate for f

  14. PRG from One-Way Permutations One-bit stretch PRG, G k : {0,1} k → {0,1} k+1 k k G R k G(x) = f(x) ◦ B(x) 1 Where f: {0,1} k → {0,1} k is a one-way permutation, and B a hardcore predicate for f bijection

  15. PRG from One-Way Permutations One-bit stretch PRG, G k : {0,1} k → {0,1} k+1 k k G R k G(x) = f(x) ◦ B(x) 1 Where f: {0,1} k → {0,1} k is a one-way permutation, and B a hardcore predicate for f bijection Claim: G is a PRG

  16. PRG from One-Way Permutations One-bit stretch PRG, G k : {0,1} k → {0,1} k+1 k k G R k G(x) = f(x) ◦ B(x) 1 Where f: {0,1} k → {0,1} k is a one-way permutation, and B a hardcore predicate for f bijection Claim: G is a PRG For a random x, f(x) is also random, and hence all of f(x) is next-bit unpredictable. B is a hardcore predicate, so B(x) remains unpredictable after seeing f(x)

  17. PRG from One-Way Permutations One-bit stretch PRG, G k : {0,1} k → {0,1} k+1 k k G R k G(x) = f(x) ◦ B(x) 1 Where f: {0,1} k → {0,1} k is a one-way permutation, and B a hardcore predicate for f bijection Claim: G is a PRG For a random x, f(x) is also random, and hence all of f(x) is next-bit unpredictable. B is a hardcore predicate, so B(x) remains unpredictable after seeing f(x) Important: holds only when the seed x is kept hidden, and is random

  18. PRG from One-Way Permutations One-bit stretch PRG, G k : {0,1} k → {0,1} k+1 k k G R k G(x) = f(x) ◦ B(x) 1 Where f: {0,1} k → {0,1} k is a one-way permutation, and B a hardcore predicate for f bijection Claim: G is a PRG For a random x, f(x) is also random, and hence all of f(x) is next-bit unpredictable. B is a hardcore predicate, so B(x) remains unpredictable after seeing f(x) Important: holds only when the seed x is kept hidden, and is random ... or pseudorandom

  19. PRG from One-Way Permutations k k One-bit stretch PRG, G k : {0,1} k → {0,1} k+1 G R k 1

  20. PRG from One-Way Permutations k k One-bit stretch PRG, G k : {0,1} k → {0,1} k+1 G R k 1 Increasing the stretch

  21. 
 
 PRG from One-Way Permutations k k One-bit stretch PRG, G k : {0,1} k → {0,1} k+1 G R k 1 Increasing the stretch Can use part of the PRG output as a new seed 


  22. 
 
 PRG from One-Way Permutations k k One-bit stretch PRG, G k : {0,1} k → {0,1} k+1 G R k 1 Increasing the stretch Can use part of the PRG output as a new seed 
 ... G G G G G R k

  23. 
 
 PRG from One-Way Permutations k k One-bit stretch PRG, G k : {0,1} k → {0,1} k+1 G R k 1 Increasing the stretch Can use part of the PRG output as a new seed 
 ... G G G G G R k If the intermediate seeds are never output, can keep stretching on demand (for any “polynomial length”)

  24. 
 
 PRG from One-Way Permutations k k One-bit stretch PRG, G k : {0,1} k → {0,1} k+1 G R k 1 Increasing the stretch Can use part of the PRG output as a new seed 
 ... G G G G G R k If the intermediate seeds are never output, can keep stretching on demand (for any “polynomial length”) A stream cipher SC K

  25. PRG Summary

  26. PRG Summary OWF , OWP, Hardcore predicates

  27. PRG Summary OWF , OWP, Hardcore predicates Output of a PRG on a random (hidden) seed is computationally indistinguishable from random

  28. PRG Summary OWF , OWP, Hardcore predicates Output of a PRG on a random (hidden) seed is computationally indistinguishable from random A PRG can be constructed from a OWP and a hardcore predicate.

  29. PRG Summary OWF , OWP, Hardcore predicates Output of a PRG on a random (hidden) seed is computationally indistinguishable from random A PRG can be constructed from a OWP and a hardcore predicate. Possible from OWF too, but more complicated. (And, many candidate OWFs are in fact permutations.)

  30. PRG Summary OWF , OWP, Hardcore predicates Output of a PRG on a random (hidden) seed is computationally indistinguishable from random A PRG can be constructed from a OWP and a hardcore predicate. Possible from OWF too, but more complicated. (And, many candidate OWFs are in fact permutations.) Useful in SKE: Can use PRG to stretch a short key to a long (one-time) pad. Or use as a Stream Cipher.

  31. PRG Summary OWF , OWP, Hardcore predicates Output of a PRG on a random (hidden) seed is computationally indistinguishable from random A PRG can be constructed from a OWP and a hardcore predicate. Possible from OWF too, but more complicated. (And, many candidate OWFs are in fact permutations.) Useful in SKE: Can use PRG to stretch a short key to a long (one-time) pad. Or use as a Stream Cipher. Next: Constructing a proper (multi-message) SKE scheme

  32. Beyond One-Time

  33. Beyond One-Time Need to make sure same part of the one-time pad is never reused

  34. Beyond One-Time Need to make sure same part of the one-time pad is never reused Sender and receiver will need to maintain state and stay in sync (indicating how much of the pad has already been used)

  35. Beyond One-Time Need to make sure same part of the one-time pad is never reused Sender and receiver will need to maintain state and stay in sync (indicating how much of the pad has already been used) Or only sender maintains the index, but sends it to the receiver. Then receiver will need to run the stream- cipher to get to that index.

  36. Beyond One-Time Need to make sure same part of the one-time pad is never reused Sender and receiver will need to maintain state and stay in sync (indicating how much of the pad has already been used) Or only sender maintains the index, but sends it to the receiver. Then receiver will need to run the stream- cipher to get to that index. A PRG with direct access to any part of the output stream?

  37. Beyond One-Time Need to make sure same part of the one-time pad is never reused Sender and receiver will need to maintain state and stay in sync (indicating how much of the pad has already been used) Or only sender maintains the index, but sends it to the receiver. Then receiver will need to run the stream- cipher to get to that index. A PRG with direct access to any part of the output stream? Pseudo Random Function (PRF)

  38. Pseudorandom Function (PRF)

  39. Pseudorandom Function (PRF) A compact representation of an exponentially long (pseudorandom) string

  40. Pseudorandom Function (PRF) A compact representation of an exponentially long (pseudorandom) string Allows “random-access” (instead of just sequential access)

  41. Pseudorandom Function (PRF) A compact representation of an exponentially long (pseudorandom) string Allows “random-access” (instead of just sequential access) A function F(s;i) outputs the i th block of the pseudorandom string corresponding to seed s

  42. Pseudorandom Function (PRF) A compact representation of an exponentially long (pseudorandom) string Allows “random-access” (instead of just sequential access) A function F(s;i) outputs the i th block of the pseudorandom string corresponding to seed s Exponentially many blocks (i.e., large domain for i)

  43. Pseudorandom Function (PRF) A compact representation of an exponentially long (pseudorandom) string Allows “random-access” (instead of just sequential access) A function F(s;i) outputs the i th block of the pseudorandom string corresponding to seed s Exponentially many blocks (i.e., large domain for i) Pseudorandom Function

  44. Pseudorandom Function (PRF) A compact representation of an exponentially long (pseudorandom) string Allows “random-access” (instead of just sequential access) A function F(s;i) outputs the i th block of the pseudorandom string corresponding to seed s Exponentially many blocks (i.e., large domain for i) Pseudorandom Function Need to define pseudorandomness for a function (not a string)

  45. Pseudorandom Function (PRF)

  46. Pseudorandom Function (PRF) F: {0,1} k × {0,1} m(k) → {0,1} n(k) is a PRF if all PPT adversaries have negligible advantage in the PRF experiment

  47. Pseudorandom Function (PRF) F: {0,1} k × {0,1} m(k) → {0,1} n(k) is a PRF if all PPT F s adversaries have negligible advantage in MUX the PRF experiment R Adversary given oracle access to either F with a random seed, or a random function R: {0,1} m(k) → {0,1} n(k) . Needs to guess which.

  48. Pseudorandom Function (PRF) F: {0,1} k × {0,1} m(k) → {0,1} n(k) is a PRF if all PPT F s adversaries have negligible advantage in MUX the PRF experiment R Adversary given oracle access to either F with a random seed, or a random function R: {0,1} m(k) → {0,1} n(k) . Needs to b guess which. b ← {0,1}

  49. Pseudorandom Function (PRF) F: {0,1} k × {0,1} m(k) → {0,1} n(k) is a PRF if all PPT F s adversaries have negligible advantage in MUX the PRF experiment R Adversary given oracle access to either F with a random seed, or a random function R: {0,1} m(k) → {0,1} n(k) . Needs to b guess which. b’ b ← {0,1} b’=b? Yes/No

  50. Pseudorandom Function (PRF) F: {0,1} k × {0,1} m(k) → {0,1} n(k) is a PRF if all PPT F s adversaries have negligible advantage in MUX the PRF experiment R Adversary given oracle access to either F with a random seed, or a random function R: {0,1} m(k) → {0,1} n(k) . Needs to b guess which. b’ Note: Only 2 k seeds for F b ← {0,1} b’=b? Yes/No

  51. Pseudorandom Function (PRF) F: {0,1} k × {0,1} m(k) → {0,1} n(k) is a PRF if all PPT F s adversaries have negligible advantage in MUX the PRF experiment R Adversary given oracle access to either F with a random seed, or a random function R: {0,1} m(k) → {0,1} n(k) . Needs to b guess which. b’ Note: Only 2 k seeds for F b ← {0,1} b’=b? But 2^(n2 m ) functions R Yes/No

  52. Pseudorandom Function (PRF) F: {0,1} k × {0,1} m(k) → {0,1} n(k) is a PRF if all PPT F s adversaries have negligible advantage in MUX the PRF experiment R Adversary given oracle access to either F with a random seed, or a random function R: {0,1} m(k) → {0,1} n(k) . Needs to b guess which. b’ Note: Only 2 k seeds for F b ← {0,1} b’=b? But 2^(n2 m ) functions R Yes/No PRF stretches k bits to n2 m bits

  53. Pseudorandom Function (PRF)

  54. Pseudorandom Function (PRF) A PRF can be constructed from any PRG

  55. Pseudorandom Function (PRF) A PRF can be constructed from any PRG K 0 G K K 1

  56. Pseudorandom Function (PRF) A PRF can be constructed from any PRG G is a length- K 0 doubling PRG G K K 1

  57. Pseudorandom Function (PRF) A PRF can be constructed from any PRG G is a length- G K 0 doubling PRG G K G K 1

  58. Pseudorandom Function (PRF) A PRF can be constructed from any PRG G is a K 00 length- G K 0 doubling PRG K 01 G K K 10 G K 1 K 11

  59. Pseudorandom Function (PRF) A PRF can be constructed from any PRG K 000 G G is a K 00 K 001 length- G K 0 doubling K 010 PRG G K 01 K 011 G K K 100 G K 10 K 101 G K 1 K 110 G K 11 K 111

  60. Pseudorandom Function (PRF) A PRF can be constructed from any PRG K 000 G G is a K 00 K 001 length- G K 0 doubling K 010 PRG G K 01 K 011 G ... K K 100 G K 10 K 101 G K 1 K 110 G K 11 K 111

  61. Pseudorandom Function (PRF) A PRF can be constructed from any PRG K 000 G G is a K 00 K 001 length- G K 0 doubling K 010 PRG G K 01 K 011 G ... K K 100 G K 10 K 101 G K 1 K 110 G K 11 K 111

Recommend

Symmetric-Key Encryption: constructions Lecture 4 PRG, Stream Cipher Story So Far We defined

Symmetric-Key Encryption: constructions Lecture 4 PRG, Stream Cipher Story So Far We defined

Symmetric-Key Encryption: constructions Lecture 4 PRG, Stream Cipher Story So Far We defined (passive) security of Symmetric Key Encryption (SKE) SIM-CPA = IND-CPA + almost perfect correctness Restricts to PPT entities Allows negligible advantage

1.1k views • 13 slides
Brute Force March 8, 2020 1 / 17 Symmetric Encryption k k m c m E D We often model

Brute Force March 8, 2020 1 / 17 Symmetric Encryption k k m c m E D We often model

Brute Force March 8, 2020 1 / 17 Symmetric Encryption k k m c m E D We often model encryption as a key alternating cipher: k 1 k 2 k 3 m c F 1 F 2 F 3 2 / 17 Symmetric Encryption (2) Two main constructions for practical

603 views • 17 slides
Symmetric-Key Encryption: constructions Lecture 5 PRF , Block Cipher PRG from One-Way RECALL

Symmetric-Key Encryption: constructions Lecture 5 PRF , Block Cipher PRG from One-Way RECALL

Symmetric-Key Encryption: constructions Lecture 5 PRF , Block Cipher PRG from One-Way RECALL Permutations One-bit stretch PRG, G k : {0,1} k {0,1} k+1 k k G R 1 Increasing the stretch Can use part of the PRG output as a new seed

1.31k views • 107 slides
Symmetric-Key Encryption: constructions Lecture 5 PRF , Block Cipher RECALL PRG m

Symmetric-Key Encryption: constructions Lecture 5 PRF , Block Cipher RECALL PRG m

Symmetric-Key Encryption: constructions Lecture 5 PRF , Block Cipher RECALL PRG m (stream) Enc G is a PRG if {G k (x)} x {0,1}k U n(k) and G PPT A PRG can be used to obtain a one-time SC PRG K CPA-secure SKE Stream

320 views • 11 slides
Symmetric-Key Encryption: constructions Lecture 5 PRF , Block Cipher RECALL PRG m

Symmetric-Key Encryption: constructions Lecture 5 PRF , Block Cipher RECALL PRG m

Symmetric-Key Encryption: constructions Lecture 5 PRF , Block Cipher RECALL PRG m (stream) Enc G is a PRG if {G k (x)} x {0,1}k U n(k) and G PPT A PRG can be used to obtain a one-time SC PRG K CPA-secure SKE Stream

555 views • 10 slides
Symmetric-Key Encryption: constructions Lecture 4 PRG, Stream Cipher Story So Far Story So Far

Symmetric-Key Encryption: constructions Lecture 4 PRG, Stream Cipher Story So Far Story So Far

Symmetric-Key Encryption: constructions Lecture 4 PRG, Stream Cipher Story So Far Story So Far We defined (passive) security of Symmetric Key Encryption (SKE) Story So Far We defined (passive) security of Symmetric Key Encryption (SKE)

1.13k views • 67 slides
Symmetric-Key Encryption: constructions Lecture 4 OWF , PRG, Stream Cipher One-Way Function,

Symmetric-Key Encryption: constructions Lecture 4 OWF , PRG, Stream Cipher One-Way Function,

Symmetric-Key Encryption: constructions Lecture 4 OWF , PRG, Stream Cipher One-Way Function, RECALL Hardcore Predicate One-Way Function, RECALL Hardcore Predicate f k : {0,1} k {0,1} n(k) is a one-way function (OWF) if f is polynomial

1.15k views • 97 slides
Symmetric-Key Encryption: constructions Lecture 4 OWF , PRG, Stream Cipher One-Way Function,

Symmetric-Key Encryption: constructions Lecture 4 OWF , PRG, Stream Cipher One-Way Function,

Symmetric-Key Encryption: constructions Lecture 4 OWF , PRG, Stream Cipher One-Way Function, RECALL Hardcore Predicate One-Way Function, RECALL Hardcore Predicate f k : {0,1} k {0,1} n(k) is a one-way function (OWF) if f is polynomial

3.06k views • 96 slides
Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation Alexandra Boldyreva,

Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation Alexandra Boldyreva,

Ciphertext Fragmentation and Related Problems Formalizing Fragmentation Security Notions Constructions and Comparison Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation Alexandra Boldyreva, Jean Paul Degabriele , Kenny

924 views • 43 slides
SYMMETRIC ENCRYPTION Mihir Bellare UCSD 1 Syntax A symmetric encryption scheme SE = ( K , E , D

SYMMETRIC ENCRYPTION Mihir Bellare UCSD 1 Syntax A symmetric encryption scheme SE = ( K , E , D

SYMMETRIC ENCRYPTION Mihir Bellare UCSD 1 Syntax A symmetric encryption scheme SE = ( K , E , D ) consists of three algorithms: K and E may be randomized, but D must be deterministic. Mihir Bellare UCSD 2 Correct decryption requirement More

1.19k views • 53 slides
SYMMETRIC ENCRYPTION K is randomized E can be randomized or stateful D is deterministic

SYMMETRIC ENCRYPTION K is randomized E can be randomized or stateful D is deterministic

Syntax A symmetric encryption scheme SE = ( K , E , D ) consists of three algorithms: SYMMETRIC ENCRYPTION K is randomized E can be randomized or stateful D is deterministic 1 / 116 2 / 116 Correct decryption requirement Example:

430 views • 29 slides
Defining Encryption Lecture 2 1 Roadmap 2 Roadmap First, Symmetric Key Encryption 2 Roadmap

Defining Encryption Lecture 2 1 Roadmap 2 Roadmap First, Symmetric Key Encryption 2 Roadmap

Defining Encryption Lecture 2 1 Roadmap 2 Roadmap First, Symmetric Key Encryption 2 Roadmap First, Symmetric Key Encryption Defining the problem Well do it elaborately, so that it will be easy to see different levels of security 2

1.67k views • 136 slides
Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security Authentication not required. i.e., Adversary allowed to send own messages (possibly error) Key/ Key/ Recv Enc Dec Send Replay SIM-CCA

192 views • 16 slides
Protection and Security - II Encrypts a block of data at a time (64 bit messages, with 56 bit

Protection and Security - II Encrypts a block of data at a time (64 bit messages, with 56 bit

CSC 4103 - Operating Systems Symmetric Encryption Spring 2007 Same key used to encrypt and decrypt E ( k ) can be derived from D ( k ), and vice versa Lecture - XXI DES is most commonly used symmetric block-encryption algorithm

496 views • 4 slides
Sophos and Diane Searchable Symmetric Encryption with (Very) Low Overhead Raphael Bost, Brice

Sophos and Diane Searchable Symmetric Encryption with (Very) Low Overhead Raphael Bost, Brice

Sophos and Diane Searchable Symmetric Encryption with (Very) Low Overhead Raphael Bost, Brice Minaud RHUL ISG seminar, November 24th 2016 Plan 1. Symmetric Searchable Encryption. 2. Leakage and Forward-Privacy. 3. Sophos and Diane schemes. 4.

479 views • 45 slides
CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong

CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong

CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong Last Lecture Symmetric &amp; Public key encryption Secure Multiparty Computations Problem and security definitions General constructions

846 views • 55 slides
CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong

CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong

CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong Last Lecture Symmetric &amp; Public key encryption Secure Multiparty Computations Problem and security definitions General constructions

492 views • 48 slides
Symmetric Encryption Scheme adapted to Fully Homomorphic Encryption Scheme: New Criteria for

Symmetric Encryption Scheme adapted to Fully Homomorphic Encryption Scheme: New Criteria for

Symmetric Encryption Scheme adapted to Fully Homomorphic Encryption Scheme: New Criteria for Boolean functions Pierrick M AUX cole normale suprieure, INRIA, CNRS, PSL Boolean Functions and their Applications (BFA) Os, Norway Tuesday

1.23k views • 101 slides
Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1 Martin

Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1 Martin

Automatic Proofs for Symmetric Encryption Modes Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1 Martin Gagn Reihaneh Safavi-Naini 2 1 Universit e Grenoble 1, CNRS, Verimag , FRANCE 2 Department of

538 views • 29 slides
On Some Constructions for Authenticated Encryption with Associated Data Palash Sarkar Applied

On Some Constructions for Authenticated Encryption with Associated Data Palash Sarkar Applied

On Some Constructions for Authenticated Encryption with Associated Data Palash Sarkar Applied Statistics Unit Indian Statistical Institute, Kolkata India palash@isical.ac.in (Partially based on joint work with Debrup Chakraborty) Directions

1.01k views • 61 slides
Towards Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1

Towards Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1

Block cipher modes Generic Encryption Mode Our Approach Our Hoare Logic Result Conclusion Towards Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1 Martin Gagn Reihaneh Safavi-Naini 2 1 Universit

663 views • 35 slides
Asymmetric Cryptography Key Exchange 3 Recapitulation: Symmetric Encryption One problem: key

Asymmetric Cryptography Key Exchange 3 Recapitulation: Symmetric Encryption One problem: key

Network and Communications Security (IN3210/IN4210) Asymmetric Cryptography Key Exchange 3 Recapitulation: Symmetric Encryption One problem: key exchange Eve 6R4Y2 hlbMZ CB... Dear Dear Bob Decryption Bob Encryption .... ....

831 views • 63 slides
Cryptography: Symmetric Encryption (continued), Hash Functions,

Cryptography: Symmetric Encryption (continued), Hash Functions,

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption (continued), Hash Functions, Message Authentication Codes Spring

676 views • 23 slides
1 Confidentiality using Symmetric Encryption have two major placement alternatives link

1 Confidentiality using Symmetric Encryption have two major placement alternatives link

Information System Security Chapter 7 Confidentiality Using Symmetric Encryption Dr. Loai Tawalbeh Faculty of Information system and Technology, The Arab Academy for Banking and Financial Sciences. Jordan Dr. Loai Tawalbeh Summer

698 views • 8 slides

More recommend