PostQuantum Cryptography #2


 Elinor Ryan
 2 years ago
 Views:
Transcription
1 PostQuantum Cryptography #2 Prof. Claude Crépeau McGill University 49
2 PostQuantum Cryptography Finite Fields based cryptography Codes Multivariate Polynomials Integers based cryptography Approximate Integer GCD Lattices 50
3 ( 51
4 Public Key Encryption 52
5 Asymmetric Encryption (PublicKey Cryptography) Encryption K e P C K d Decryption Complexity Theoretical Security 53
6 $ Asymmetric Encryption (PublicKey Cryptography) Encryption K e P C K d Decryption Complexity Theoretical Security 53
7 $ Asymmetric Encryption (PublicKey Cryptography) Encryption K e P C K d Decryption Complexity Theoretical Security 53
8 Will you marry me?» PublicKey Cryptography»»»»»» Decryption Encryption»» marry me? 54
9 Will you marry me?» PublicKey Cryptography»»»»»» Decryption Encryption»» marry me? 54
10 Will you marry me?» PublicKey Cryptography»»»»»» Decryption Encryption»» marry me? 54
11 Digital Signatures 55
12 Asymmetric Authentication (Digital Signature Scheme) Authentication M K a K v T Verification Complexity Theoretical Security 56
13 Digital Signature»»»» Will you marry me?» Verification»» Authentication» VALID Will you marry me?» marry me? 57
14 Digital Signature»»»» Will you marry me?» Verification»» Authentication» VALID Will you marry me?» marry me? 57
15 Digital Signature»»»» Will you marry me?» Verification»» Authentication» VALID Will you marry me?» marry me? 57
16 ) 58
17 Code Equivalence 59
18 Code Equivalence Two [n,k,d] linear codes C,C are (permutation) equivalent if there exists a kxk nonsingular matrix S & an nxn permutation matrix P s.t. 59
19 Code Equivalence Two [n,k,d] linear codes C,C are (permutation) equivalent if there exists a kxk nonsingular matrix S & an nxn permutation matrix P s.t. G = SGP 59
20 Code Equivalence Two [n,k,d] linear codes C,C are (permutation) equivalent if there exists a kxk nonsingular matrix S & an nxn permutation matrix P s.t. G = SGP the codewords of C and C have exactly all the same weights 59
21 Code Equivalence 60
22 Code Equivalence Let C be an [n,k,d] linear code equivalent to a code C. 60
23 Code Equivalence Let C be an [n,k,d] linear code equivalent to a code C. Let Cor:{0,1} n C be an efficient nearest codeword errorcorrecting procedure for C (upto d1 / 2 errors) 60
24 Code Equivalence Let C be an [n,k,d] linear code equivalent to a code C. Let Cor:{0,1} n C be an efficient nearest codeword errorcorrecting procedure for C (upto d1 / 2 errors) Define C or(w):=cor(wp 1 )P, 60
25 Code Equivalence Let C be an [n,k,d] linear code equivalent to a code C. Let Cor:{0,1} n C be an efficient nearest codeword errorcorrecting procedure for C (upto d1 / 2 errors) Define C or(w):=cor(wp 1 )P, then C or:{0,1} n C is an efficient nearest codeword errorcorrecting procedure for C (upto d1 / 2 errors) 60
26 McEliece Cryptosystem 61
27 McEliece Cryptosystem Let G r Goppa t, S r F 2 kxk, & P r Perm be the privatekey, & G = SGP be the publickey, 61
28 McEliece Cryptosystem Let G r Goppa t, S r F 2 kxk, & P r Perm be the privatekey, & G = SGP be the publickey, Let e r {error vector of weight t} & m {0,1} k a plaintext let w=mg +e be a ciphertext. 61
29 McEliece Cryptosystem Let G r Goppa t, S r F 2 kxk, & P r Perm be the privatekey, & G = SGP be the publickey, Let e r {error vector of weight t} & m {0,1} k a plaintext let w=mg +e be a ciphertext. Given (only) G,w finding 61
30 McEliece Cryptosystem Let G r Goppa t, S r F 2 kxk, & P r Perm be the privatekey, & G = SGP be the publickey, Let e r {error vector of weight t} & m {0,1} k a plaintext let w=mg +e be a ciphertext. Given (only) G,w finding c = C or(w) is difficult. 61
31 Niederreiter Cryptosystem 62
32 Niederreiter Cryptosystem Let G r GRS t, S r F 2 kxk, & P r Perm be the privatekey, & G = SGP be the publickey, 62
33 Niederreiter Cryptosystem Let G r GRS t, S r F 2 kxk, & P r Perm be the privatekey, & G = SGP be the publickey, Let m {error vector of weight t} a plaintext & c r C let w=c +m be a ciphertext. 62
34 Niederreiter Cryptosystem Let G r GRS t, S r F 2 kxk, & P r Perm be the privatekey, & G = SGP be the publickey, Let m {error vector of weight t} a plaintext & c r C let w=c +m be a ciphertext. Given (only) G,w finding 62
35 Niederreiter Cryptosystem Let G r GRS t, S r F 2 kxk, & P r Perm be the privatekey, & G = SGP be the publickey, Let m {error vector of weight t} a plaintext & c r C let w=c +m be a ciphertext. Given (only) G,w finding c = C or(w) is difficult. 62
36 Both Cryptosystems 63
37 Both Cryptosystems Let G r GRS/Goppa t, S r F 2 kxk, & P r Perm be the privatekey, & G = SGP be the publickey, e {error vector of weight t} and let w=c+e for c C(G ). 63
38 Both Cryptosystems Let G r GRS/Goppa t, S r F 2 kxk, & P r Perm be the privatekey, & G = SGP be the publickey, e {error vector of weight t} and let w=c+e for c C(G ). Given G,S,P, w finding c=cor(w) and e=wc is easy. 63
39 64
40 Families of Codes Nicolas Sendrier 65
41 Families of Codes Binary Goppa codes seem safe, but not Nicolas Sendrier 65
42 Families of Codes Binary Goppa codes seem safe, but not (Generalized) ReedSolomon codes, Nicolas Sendrier 65
43 Families of Codes Binary Goppa codes seem safe, but not (Generalized) ReedSolomon codes, concatenated codes, Nicolas Sendrier 65
44 Families of Codes Binary Goppa codes seem safe, but not (Generalized) ReedSolomon codes, concatenated codes, elliptic codes, Nicolas Sendrier 65
45 Families of Codes Binary Goppa codes seem safe, but not (Generalized) ReedSolomon codes, concatenated codes, elliptic codes, ReedMuller codes, Nicolas Sendrier 65
46 Families of Codes Binary Goppa codes seem safe, but not (Generalized) ReedSolomon codes, concatenated codes, elliptic codes, ReedMuller codes, Convolutional codes Nicolas Sendrier 65
47 Code based cryptography 66
48 Code based cryptography Courtois, Finiasz and Sendrier signature scheme 66
49 Code based cryptography Courtois, Finiasz and Sendrier signature scheme Stern s identification scheme 66
50 Code based cryptography Courtois, Finiasz and Sendrier signature scheme Stern s identification scheme Code based PRNG 66
51 Code based cryptography Courtois, Finiasz and Sendrier signature scheme Stern s identification scheme Code based PRNG Code based hash function 66
52 0 Code based cryptography 67
53 PostQuantum Cryptography Finite Fields based cryptography Codes Multivariate Polynomials Integers based cryptography Approximate Integer GCD Lattices 68
54 Multivariate Poly based cryptography 69
55 Multivariate Poly based cryptography 70
56 Multivariate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F n. 70
57 Multivariate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F n. z k = p k (x) := i P ik x i + i Q ik x i 2 + i<j R ijk x i x j 70
58 Multivariate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F n. z k = p k (x) := i P ik x i + i Q ik x i 2 + i<j R ijk x i x j When we are working over F=F 2, note that x 2 = x, so it suffices to consider multilinear polynomials: z k = p k (x) := i P ik x i + i<j R ijk x i x j 70
59 Multivariate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F n. z k = p k (x) := i P ik x i + i Q ik x i 2 + i<j R ijk x i x j When we are working over F=F 2, note that x 2 = x, so it suffices to consider multilinear polynomials: z k = p k (x) := i P ik x i + i<j R ijk x i x j In general, finding x from z=p(x) is NPhard. 70
60 Multivariate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F n. z k = p k (x) := i P ik x i + i Q ik x i 2 + i<j R ijk x i x j When we are working over F=F 2, note that x 2 = x, so it suffices to consider multilinear polynomials: z k = p k (x) := i P ik x i + i<j R ijk x i x j In general, finding x from z=p(x) is NPhard. We seek more : finding x from z=p(x) being hard on average. 70
61 Multivariate Poly based cryptography 71
62 Multivariate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F 2n. 71
63 Multivariate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F 2n. z k = p k (x) := i P ik x i + i<j R ijk x i x j 71
64 Multivariate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F 2n. z k = p k (x) := i P ik x i + i<j R ijk x i x j Publickey: P 71
65 Multivariate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F 2n. z k = p k (x) := i P ik x i + i<j R ijk x i x j Publickey: P Enc P (x)=p(x) 71
66 Multivariate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F 2n. z k = p k (x) := i P ik x i + i<j R ijk x i x j Publickey: P Enc P (x)=p(x) Dec(z)= find x s.t. z=p(x) (specific to P s design) 71
67 Multivariate Poly based cryptography 72
68 Multivariate Poly based cryptography MPKCs almost always hide a private map Q via composition with secret affine maps S, and T. 72
69 Multivariate Poly based cryptography MPKCs almost always hide a private map Q via composition with secret affine maps S, and T. So, P=T Q S: F n F m, or P(x):=M T Q( M S x+c S ) + c T 72
70 Multivariate Poly based cryptography MPKCs almost always hide a private map Q via composition with secret affine maps S, and T. So, P=T Q S: F n F m, or P(x):=M T Q( M S x+c S ) + c T In any given scheme, the central map Q belongs to a certain class of quadratic maps whose inverse can be computed relatively easily. 72
71 Multivariate Poly based cryptography MPKCs almost always hide a private map Q via composition with secret affine maps S, and T. So, P=T Q S: F n F m, or P(x):=M T Q( M S x+c S ) + c T In any given scheme, the central map Q belongs to a certain class of quadratic maps whose inverse can be computed relatively easily. x = MS 1 Q 1 ( M T 1 P(x)c T )  c S where c T := M T 1 c T and c S := M S 1 c S 72
72 Multivariate Poly based cryptography 73
73 Multivariate Poly based cryptography MPKCs almost always hide a private map Q via composition with secret affine maps S, and T. So, P=T Q S: F n F m, or P(x):=M T Q( M S x+c S ) + c T 73
74 Multivariate Poly based cryptography MPKCs almost always hide a private map Q via composition with secret affine maps S, and T. So, P=T Q S: F n F m, or P(x):=M T Q( M S x+c S ) + c T Privatekey: (M T 1, c T ), (M S 1, c S ), Q 1 Dec(y) = MS 1 Q 1 ( M T 1 yc T )  c S where c T := M T 1 c T and c S := M S 1 c S 73
75 Matsumoto Imai 74
76 Matsumoto Imai Example: ( a sort of RSA type system ) 74
77 Matsumoto Imai Example: ( a sort of RSA type system ) Any single univariate f over F 2 n can be represented by n multivariate algebraic functions y i = f i (x 1,x 2,...,x n ) over F 2. 74
78 Matsumoto Imai Example: ( a sort of RSA type system ) Any single univariate f over F 2 n can be represented by n multivariate algebraic functions y i = f i (x 1,x 2,...,x n ) over F 2. Q(x) := x 2a +1, a<n, over F 2 n such that gcd(2 a +1,2 n 1)=1 (squaring over F 2 n is actually a linear transform over F 2 n ) * 74
79 Matsumoto Imai Example: ( a sort of RSA type system ) Any single univariate f over F 2 n can be represented by n multivariate algebraic functions y i = f i (x 1,x 2,...,x n ) over F 2. Q(x) := x 2a +1, a<n, over F 2 n such that gcd(2 a +1,2 n 1)=1 (squaring over F 2 n is actually a linear transform over F 2 n ) * Then there exists h := (2 a +1) 1 mod 2 n 1 such that Q 1 (y)=y h over F 2 n 74
80 Squaring over F 2 n is linear over F 2 (x n1,...,x 1,x 0 ) 2 =(x n1 x n x 1 x+x 0 ) 2 mod P(x) = x n1 x 2n x 1 x 2 +x 0 mod P(x) / / 1 \ / x 2 \... / x 2n2 \ \ / x 0 \ = mod mod... mod x 1 \ \ P / \ P /... \ P / /... \x n1 / = M sq x 75
81 Squaring over F 2 n is linear over F 2 (x n1,...,x 1,x 0 ) 2 =(x n1 x n x 1 x+x 0 ) 2 mod P(x) = x n1 x 2n x 1 x 2 +x 0 mod P(x) / / 1 \ / x 2 \... / x 2n2 \ \ / x 0 \ = mod mod... mod x 1 \ \ P / \ P /... \ P / /... \x n1 / = M sq x 75
82 Squaring over F 2 n is linear over F 2 (x n1,...,x 1,x 0 ) 2 =(x n1 x n x 1 x+x 0 ) 2 mod P(x) = x n1 x 2n x 1 x 2 +x 0 mod P(x) / / 1 \ / x 2 \... / x 2n2 \ \ / x 0 \ = mod mod... mod x 1 \ \ P / \ P /... \ P / /... \x n1 / = M sq x 75
83 Squaring over F 2 n is linear over F 2 (x n1,...,x 1,x 0 ) 2 =(x n1 x n x 1 x+x 0 ) 2 mod P(x) = x n1 x 2n x 1 x 2 +x 0 mod P(x) / / 1 \ / x 2 \... / x 2n2 \ \ / x 0 \ = mod mod... mod x 1 \ \ P / \ P /... \ P / /... \x n1 / = M sq x 75
84 x 2i over F 2 n is linear over F 2 (y n1,...,y 1,y 0 ) = (x n1,...,x 1,x 0 ) 2i = M i sq x is a system of n degree 1 equations y 0 = (M i sq) 0 x y 1 = (M i sq) 1 x y 2 = (M i sq) 2 x... y n1 = (M i sq) n1 x 76
85 x 2 i+1 over F 2 n is quadratic over F 2 (z n1,...,z 1,z 0 ) = (x n1,...,x 1,x 0 ) 2 i+1 = (y n1,...,y 1,y 0 )*(x n1,...,x 1,x 0 ) is a system of n degree 2 equations 77
86 MI vs RSA 78
87 MI vs RSA Unlike the RSA scheme, the size q n 1 of the multiplicative group of F n 2 is known, and thus anyone can compute h from 2 a
88 MI vs RSA Unlike the RSA scheme, the size q n 1 of the multiplicative group of F n 2 is known, and thus anyone can compute h from 2 a +1. MI thus based the security of the scheme on the different principle of mapping obfuscation. (à la McEliece) 78
89 SFLASH 79
90 SFLASH The MI scheme was broken by a very clever attack developed by Patarin in
91 SFLASH The MI scheme was broken by a very clever attack developed by Patarin in Based on an idea of Shamir from 1993, Patarin et al proposed to avoid their own attack by deleting r out of the n equations from the MI public key, and called the resulting scheme SFLASH. 79
92 SFLASH 80
93 SFLASH If we denote the final truncation, the SFLASH public key is: P = T Q S 80
94 SFLASH If we denote the final truncation, the SFLASH public key is: P = T Q S Such truncated keys can be used in signature schemes but not in encryption schemes, since they cannot be inverted uniquely. 80
95 SFLASH & NESSIE 81
96 SFLASH & NESSIE The SFLASH scheme was selected in 2003 by the new european schemes for signatures integrity and encryption Consortium as one of only three recommended public key signature schemes, and as the best known solution for low cost smart cards 81
97 SFLASH & NESSIE The SFLASH scheme was selected in 2003 by the new european schemes for signatures integrity and encryption Consortium as one of only three recommended public key signature schemes, and as the best known solution for low cost smart cards The first version of SFLASH, called SFLASH v1, had a subtle bug which was discovered by Gilbert and Minier. It was replaced by two versions (SFLASH v2 & v3 ). 81
98 SFLASH & NESSIE The SFLASH scheme was selected in 2003 by the new european schemes for signatures integrity and encryption Consortium as one of only three recommended public key signature schemes, and as the best known solution for low cost smart cards The first version of SFLASH, called SFLASH v1, had a subtle bug which was discovered by Gilbert and Minier. It was replaced by two versions (SFLASH v2 & v3 ). They differ only in their security parameters: for SFLASH v2 : q = 2 7, n = 37, a = 11 and r = 11 for SFLASH v3 : q = 2 7, n = 67, a = 33 and r = 11 81
99 SFLASH & NESSIE The SFLASH scheme was selected in 2003 by the new european schemes for signatures integrity and encryption Consortium as one of only three recommended public key signature schemes, and as the best known solution for low cost smart cards The first version of SFLASH, called SFLASH v1, had a subtle bug which was discovered by Gilbert and Minier. It was replaced by two versions (SFLASH v2 & v3 ). They differ only in their security parameters: for SFLASH v2 : q = 2 7, n = 37, a = 11 and r = 11 for SFLASH v3 : q = 2 7, n = 67, a = 33 and r = 11 Dubois, Fouque, Shamir, Stern broke SFLASH v2 & v3 in
100 Variations 82
101 Variations * *as of
102 Multivariate Poly based cryptography 84
103 PostQuantum Cryptography Finite Fields based cryptography Codes Multivariate Polynomials Integers based cryptography Approximate Integer GCD Lattices 85
104 Cryptographic Money based on hidden codes (hidden subspaces) 86
105 Hidden (Linear) Code 87
106 Hidden (Linear) Code a linear [n,k,d] code C F n over arbitrary finite field F. 87
107 Hidden (Linear) Code a linear [n,k,d] code C F n over arbitrary finite field F. a positive integer degree D, 87
108 Hidden (Linear) Code a linear [n,k,d] code C F n over arbitrary finite field F. a positive integer degree D, I D,C = { degreed polynomials that vanish on C }. 87
109 Hidden (Linear) Code a linear [n,k,d] code C F n over arbitrary finite field F. a positive integer degree D, I D,C = { degreed polynomials that vanish on C }. For simplicity, assume we use F=F 2. 87
110 Hidden Code 88
111 Hidden Code Lemma A It is possible to sample a uniformlyrandom element of I D,C in time O(n D ). 88
112 Hidden Code Lemma A It is possible to sample a uniformlyrandom element of I D,C in time O(n D ). Lemma B Fix C F n 2 and β > 1, and choose βn independent uniformlyrandom samples from I D,C. With probability 1 2 Ω(n), the set of points on which they are all zero is exactly C. 88
113 Aaronson Public QMoney Christiano 89
114 Aaronson Public QMoney Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Publickey) 89
115 Aaronson Public QMoney Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Publickey) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Publickey) 89
116 Aaronson Public QMoney Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Publickey) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Publickey) c C,c C,i,j P i (c)=0 and Q j (c )=0 89
117 Aaronson Public QMoney Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Publickey) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Publickey) c C,c C,i,j P i (c)=0 and Q j (c )=0 $ = c C c, [H] n $ = c C c 89
118 Aaronson Public QMoney Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Publickey) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Publickey) c C,c C,i,j P i (c)=0 and Q j (c )=0 $ = c C c, [H] n $ = c C c checking $ : using P 1 (x),...,p βn (x), validate that $ is made only of states from C and using Q 1 (x),...,q βn (x), validate that [H] $ is made only of states from C. 89
119 Aaronson Public QMoney Christiano 90
120 Aaronson Public QMoney Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Publickey) 90
121 Aaronson Public QMoney Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Publickey) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Publickey) 90
122 Aaronson Public QMoney Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Publickey) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Publickey) c C,c C,i,j P i (c)=0 and Q j (c )=0 90
123 Aaronson Public QMoney Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Publickey) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Publickey) c C,c C,i,j P i (c)=0 and Q j (c )=0 The special structure of (C,C ), yields an attack for degree 2 polynomials. So D must be at least 3. 90
124 Aaronson Public QMoney Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Publickey) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Publickey) c C,c C,i,j P i (c)=0 and Q j (c )=0 The special structure of (C,C ), yields an attack for degree 2 polynomials. So D must be at least 3. In QMoney C or C may be sampled once. 90
125 Public QMoney Aaronson P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) Christiano (Publickey) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Publickey) c C,c C,i,j P i (c)=0 and Q j (c )=0 The special structure of (C,C ), yields an attack for degree 2 polynomials. So D must be at least 3. In QMoney C or C may be sampled once. Weakens the security. Degree D=4 with sample is as hard as degree 3 without a sample. So they choose D=4. 90
126 Hidden Code Let Z D,C, ℇ be the distribution which sets Z D,C, ℇ ={ I D,C with probability 1ℇ I D, with probability ℇ where is a random code of dimension k. Lemma C Fix C F n 2 and ℇ <1, let β=32/(1ℇ) 2, and choose βn independent samples from Z D,C, ℇ. Let δ = 1/2 + (1 ℇ)/4. With probability 1 2 Ω(n) the set of points on which at least δβn polynomials are zero is exactly C. 91
127 Public QMoney 92
128 Public QMoney P 1 (x), P 2 (x),...,p β n (x) define C=Span(G) (Publickey) 92
129 Public QMoney P 1 (x), P 2 (x),...,p β n (x) define C=Span(G) (Publickey) Q 1 (x), Q 2 (x),...,q β n (x) define C =Ker(G) (Publickey) 92
130 Public QMoney P 1 (x), P 2 (x),...,p β n (x) define C=Span(G) (Publickey) Q 1 (x), Q 2 (x),...,q β n (x) define C =Ker(G) (Publickey) c C, c C P i (c)=0 and Q j (c )=0 with probability δ. 92
131 Public QMoney P 1 (x), P 2 (x),...,p β n (x) define C=Span(G) (Publickey) Q 1 (x), Q 2 (x),...,q β n (x) define C =Ker(G) (Publickey) c C, c C P i (c)=0 and Q j (c )=0 with probability δ. Adding misleading polynomials may only make the assumption harder to break... 92
132 Cryptographic Money based on hidden codes (hidden subspaces) 93
Practical Cryptanalysis of SFLASH
Practical Cryptanalysis of SFLASH Vivien Dubois 1, PierreAlain Fouque 1, Adi Shamir 1,2, and Jacques Stern 1 1 École normale supérieure Département d Informatique 45, rue d Ulm 75230 Paris cedex 05, France
More informationMasao KASAHARA. Public Key Cryptosystem, ErrorCorrecting Code, ReedSolomon code, CBPKC, McEliece PKC.
A New Class of Public Key Cryptosystems Constructed Based on ReedSolomon Codes, K(XII)SEPKC. Along with a presentation of K(XII)SEPKC over the extension field F 2 8 extensively used for present day various
More informationAdvanced Cryptography
Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.
More informationSFLASH v3, a fast asymmetric signature scheme
SFLASH v3, a fast asymmetric signature scheme Specification of SFLASH, version 3.0., 17 October 2003 The authors still recommend SFLASHv2, see below. Nicolas T. Courtois 1, Louis Goubin 1 and Jacques
More informationRSA Attacks. By Abdulaziz Alrasheed and Fatima
RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.
More informationPostQuantum Cryptography #4
PostQuantum Cryptography #4 Prof. Claude Crépeau McGill University http://crypto.cs.mcgill.ca/~crepeau/waterloo 185 ( 186 Attack scenarios Ciphertextonly attack: This is the most basic type of attack
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationThe Mathematics of the RSA PublicKey Cryptosystem
The Mathematics of the RSA PublicKey Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through
More informationFAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION
FAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION INTRODUCTION GANESH ESWAR KUMAR. P Dr. M.G.R University, Maduravoyal, Chennai. Email: geswarkumar@gmail.com Every day, millions of people
More informationKALE: A HighDegree AlgebraicResistant Variant of The Advanced Encryption Standard
KALE: A HighDegree AlgebraicResistant Variant of The Advanced Encryption Standard Dr. Gavekort c/o Vakiopaine Bar Kauppakatu 6, 41 Jyväskylä FINLAND mjos@iki.fi Abstract. We have discovered that the
More informationCryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur
Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Module No. # 01 Lecture No. # 05 Classic Cryptosystems (Refer Slide Time: 00:42)
More informationCryptography and Network Security Chapter 9
Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationNotes on Network Security Prof. Hemant K. Soni
Chapter 9 Public Key Cryptography and RSA PrivateKey Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications
More informationQUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University
QUANTUM COMPUTERS AND CRYPTOGRAPHY Mark Zhandry Stanford University Classical Encryption pk m c = E(pk,m) sk m = D(sk,c) m??? Quantum Computing Attack pk m aka Postquantum Crypto c = E(pk,m) sk m = D(sk,c)
More informationQuantum Computers vs. Computers Security. @veorq http://aumasson.jp
Quantum Computers vs. Computers Security @veorq http://aumasson.jp Schrodinger equation Entanglement Bell states EPR pairs Wave functions Uncertainty principle Tensor products Unitary matrices Hilbert
More informationA Factoring and Discrete Logarithm based Cryptosystem
Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511517 HIKARI Ltd, www.mhikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques
More informationCryptography: Authentication, Blind Signatures, and Digital Cash
Cryptography: Authentication, Blind Signatures, and Digital Cash Rebecca Bellovin 1 Introduction One of the most exciting ideas in cryptography in the past few decades, with the widest array of applications,
More informationPublic Key (asymmetric) Cryptography
PublicKey Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,
More informationCryptography and Network Security
Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA PrivateKey Cryptography traditional private/secret/single key cryptography uses one key shared
More informationFactorization Algorithms for Polynomials over Finite Fields
Degree Project Factorization Algorithms for Polynomials over Finite Fields Sajid Hanif, Muhammad Imran 20110503 Subject: Mathematics Level: Master Course code: 4MA11E Abstract Integer factorization is
More informationLecture Note 5 PUBLICKEY CRYPTOGRAPHY. Sourav Mukhopadhyay
Lecture Note 5 PUBLICKEY CRYPTOGRAPHY Sourav Mukhopadhyay Cryptography and Network Security  MA61027 Modern/Publickey cryptography started in 1976 with the publication of the following paper. W. Diffie
More informationLecture 3: OneWay Encryption, RSA Example
ICS 180: Introduction to Cryptography April 13, 2004 Lecturer: Stanislaw Jarecki Lecture 3: OneWay Encryption, RSA Example 1 LECTURE SUMMARY We look at a different security property one might require
More informationLightweight codebased identification and signature
Lightweight codebased identification and signature Philippe Gaborit XLIMDMI, Université de Limoges, 123 av Albert Thomas, 87000, Limoges, France Email: gaborit@unilimfr Marc Girault France Télécom Division
More informationElements of Applied Cryptography Public key encryption
Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let
More informationCRYPTOGRAPHIC LONGTERM SECURITY PERSPECTIVES FOR
By JOHANNES BUCHMANN, ALEXANDER MAY, and ULRICH VOLLMER PERSPECTIVES FOR CRYPTOGRAPHIC LONGTERM SECURITY Cryptographic longterm security is needed, but difficult to achieve. Use flexible cryptographic
More informationPrinciples of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms
Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport
More informationPrivacy Preserving Similarity Evaluation of Time Series Data
Privacy Preserving Similarity Evaluation of Time Series Data Haohan Zhu Department of Computer Science Boston University zhu@cs.bu.edu Xianrui Meng Department of Computer Science Boston University xmeng@cs.bu.edu
More informationAssociate Prof. Dr. Victor Onomza Waziri
BIG DATA ANALYTICS AND DATA SECURITY IN THE CLOUD VIA FULLY HOMOMORPHIC ENCRYPTION Associate Prof. Dr. Victor Onomza Waziri Department of Cyber Security Science, School of ICT, Federal University of Technology,
More informationImplementing Network Security Protocols
Implementing Network Security Protocols based on Elliptic Curve Cryptography M. Aydos, E. Savaş, and Ç. K. Koç Electrical & Computer Engineering Oregon State University Corvallis, Oregon 97331, USA {aydos,savas,koc}@ece.orst.edu
More informationIntroduction to Hill cipher
Introduction to Hill cipher We have explored three simple substitution ciphers that generated ciphertext C from plaintext p by means of an arithmetic operation modulo 26. Caesar cipher: The Caesar cipher
More informationCSC474/574  Information Systems Security: Homework1 Solutions Sketch
CSC474/574  Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a oneround Feistel cipher
More informationLUC: A New Public Key System
LUC: A New Public Key System Peter J. Smith a and Michael J. J. Lennon b a LUC Partners, Auckland UniServices Ltd, The University of Auckland, Private Bag 92019, Auckland, New Zealand. b Department of
More informationSECRET sharing schemes were introduced by Blakley [5]
206 IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 52, NO. 1, JANUARY 2006 Secret Sharing Schemes From Three Classes of Linear Codes Jin Yuan Cunsheng Ding, Senior Member, IEEE Abstract Secret sharing has
More informationNetwork Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 035742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室
Network Security 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 035742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination
More informationIntroduction to postquantum cryptography
Introduction to postquantum cryptography Daniel J. Bernstein Department of Computer Science, University of Illinois at Chicago. 1 Is cryptography dead? Imagine that it s fifteen years from now and someone
More informationMathematical Model Based Total Security System with Qualitative and Quantitative Data of Human
Int Jr of Mathematics Sciences & Applications Vol3, No1, JanuaryJune 2013 Copyright Mind Reader Publications ISSN No: 22309888 wwwjournalshubcom Mathematical Model Based Total Security System with Qualitative
More informationShort Programs for functions on Curves
Short Programs for functions on Curves Victor S. Miller Exploratory Computer Science IBM, Thomas J. Watson Research Center Yorktown Heights, NY 10598 May 6, 1986 Abstract The problem of deducing a function
More informationPublic Key Cryptography: RSA and Lots of Number Theory
Public Key Cryptography: RSA and Lots of Number Theory Public vs. PrivateKey Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver
More information3. Applications of Number Theory
3. APPLICATIONS OF NUMBER THEORY 163 3. Applications of Number Theory 3.1. Representation of Integers. Theorem 3.1.1. Given an integer b > 1, every positive integer n can be expresses uniquely as n = a
More informationSECURITY IMPROVMENTS TO THE DIFFIEHELLMAN SCHEMES
www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIEHELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,
More informationSemantic Security for the McEliece Cryptosystem without Random Oracles
Semantic Security for the McEliece Cryptosystem without Random Oracles Ryo Nojima 1, Hideki Imai 23, Kazukuni Kobara 3, and Kirill Morozov 3 1 National Institute of Information and Communications Technology
More informationEmbedding more security in digital signature system by using combination of public key cryptography and secret sharing scheme
International Journal of Computer Sciences and Engineering Open Access Research Paper Volume4, Issue3 EISSN: 23472693 Embedding more security in digital signature system by using combination of public
More information36 Toward Realizing PrivacyPreserving IPTraceback
36 Toward Realizing PrivacyPreserving IPTraceback The IPtraceback technology enables us to trace widely spread illegal users on Internet. However, to deploy this attractive technology, some problems
More informationA New Generic Digital Signature Algorithm
Groups Complex. Cryptol.? (????), 1 16 DOI 10.1515/GCC.????.??? de Gruyter???? A New Generic Digital Signature Algorithm Jennifer Seberry, Vinhbuu To and Dongvu Tonien Abstract. In this paper, we study
More informationCIS 5371 Cryptography. 8. Encryption 
CIS 5371 Cryptography p y 8. Encryption  Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: Allornothing secrecy.
More informationPublic Key Cryptography. Performance Comparison and Benchmarking
Public Key Cryptography Performance Comparison and Benchmarking Tanja Lange Department of Mathematics Technical University of Denmark tanja@hyperelliptic.org 28.08.2006 Tanja Lange Benchmarking p. 1 What
More informationEXAM questions for the course TTM4135  Information Security June 2010. Part 1
EXAM questions for the course TTM4135  Information Security June 2010 Part 1 This part consists of 6 questions all from one common topic. The number of maximal points for every correctly answered question
More informationSolutions to Problem Set 1
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Handout #8 Zheng Ma February 21, 2005 Solutions to Problem Set 1 Problem 1: Cracking the Hill cipher Suppose
More informationMA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins
MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins The RSA encryption scheme works as follows. In order to establish the necessary public
More informationBasic Algorithms In Computer Algebra
Basic Algorithms In Computer Algebra Kaiserslautern SS 2011 Prof. Dr. Wolfram Decker 2. Mai 2011 References Cohen, H.: A Course in Computational Algebraic Number Theory. Springer, 1993. Cox, D.; Little,
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; DH key exchange; Hash functions; Application of hash
More informationMathematics Course 111: Algebra I Part IV: Vector Spaces
Mathematics Course 111: Algebra I Part IV: Vector Spaces D. R. Wilkins Academic Year 19967 9 Vector Spaces A vector space over some field K is an algebraic structure consisting of a set V on which are
More informationPolynomials and Cryptography
.... Polynomials and Cryptography Michele Elia Dipartimento di Elettronica Politecnico di Torino Bunny 1 Trento, 10 marzo 2011 Preamble Polynomials have always occupied a prominent position in mathematics.
More informationCryptography. Helmer Aslaksen Department of Mathematics National University of Singapore
Cryptography Helmer Aslaksen Department of Mathematics National University of Singapore aslaksen@math.nus.edu.sg www.math.nus.edu.sg/aslaksen/sfm/ 1 Basic Concepts There are many situations in life where
More informationSoftware Implementation of GongHarn Publickey Cryptosystem and Analysis
Software Implementation of GongHarn Publickey Cryptosystem and Analysis by Susana Sin A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master
More informationNetwork Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5)
Network Security Security Crytographic algorithms Security Services Secret key (DES) Public key (RSA) Message digest (MD5) privacy authenticity Message integrity Secret Key Encryption Plain text Plain
More informationAn efficient and provably secure public key encryption scheme based on coding theory
SECUITY AND COMMUNICATION NETWOKS Security Comm. Networks (2010) Published online in Wiley Online Library (wileyonlinelibrary.com)..274 ESEACH ATICLE An efficient and provably secure public key encryption
More informationCryptography and Network Security Chapter 10
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 10 Other Public Key Cryptosystems Amongst the tribes of Central
More informationSymmetric Key cryptosystem
SFWR C03: Computer Networks and Computer Security Mar 811 200 Lecturer: Kartik Krishnan Lectures 222 Symmetric Key cryptosystem Symmetric encryption, also referred to as conventional encryption or single
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Introduction to Cryptography What is cryptography?
More informationNumber Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may
Number Theory Divisibility and Primes Definition. If a and b are integers and there is some integer c such that a = b c, then we say that b divides a or is a factor or divisor of a and write b a. Definition
More informationApplication of cube attack to block and stream ciphers
Application of cube attack to block and stream ciphers Janusz Szmidt joint work with Piotr Mroczkowski Military University of Technology Military Telecommunication Institute Poland 23 czerwca 2009 1. Papers
More informationInternational Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013
FACTORING CRYPTOSYSTEM MODULI WHEN THE COFACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II MohammediaCasablanca,
More informationApplied Cryptography Public Key Algorithms
Applied Cryptography Public Key Algorithms Sape J. Mullender Huygens Systems Research Laboratory Universiteit Twente Enschede 1 Public Key Cryptography Independently invented by Whitfield Diffie & Martin
More informationAn Efficient Data Security in Cloud Computing Using the RSA Encryption Process Algorithm
An Efficient Data Security in Cloud Computing Using the RSA Encryption Process Algorithm V.Masthanamma 1,G.Lakshmi Preya 2 UG Scholar, Department of Information Technology, Saveetha School of Engineering
More informationECE 842 Report Implementation of Elliptic Curve Cryptography
ECE 842 Report Implementation of Elliptic Curve Cryptography WeiYang Lin December 15, 2004 Abstract The aim of this report is to illustrate the issues in implementing a practical elliptic curve cryptographic
More informationCryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs
Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a
More information2010 JOURNAL OF SOFTWARE, VOL. 9, NO. 8, AUGUST 2014
2010 JOURNAL OF SOFTWARE VOL. 9 NO. 8 AUGUST 2014 Analysis of a Multivariate Public Key Cryptosystem and Its Application in Software Copy Protection Ning Huang Center of Modern Educational Technology Gannan
More informationReview of methods for secret sharing in cloud computing
Review of methods for secret sharing in cloud computing Dnyaneshwar Supe Amit Srivastav Dr. Rajesh S. Prasad Abstract: Cloud computing provides various IT services. Many companies especially those who
More informationLukasz Pater CMMS Administrator and Developer
Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? Oneway functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign
More informationALGEBRAIC CRYPTANALYSIS OF AES: AN OVERVIEW
ALGEBRAIC CRYPTANALYSIS OF AES: AN OVERVIEW HARRIS NOVER Abstract. In this paper, we examine algebraic attacks on the Advanced Encryption Standard (AES, also known as Rijndael). We begin with a brief review
More informationDigital Signature. Raj Jain. Washington University in St. Louis
Digital Signature Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse57111/
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 3: Block ciphers and DES Ion Petre Department of IT, Åbo Akademi University January 17, 2012 1 Data Encryption Standard
More informationTable of Contents. Bibliografische Informationen http://dnb.info/996514864. digitalisiert durch
1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...
More informationComputer Science 308547A Cryptography and Data Security. Claude Crépeau
Computer Science 308547A Cryptography and Data Security Claude Crépeau These notes are, largely, transcriptions by Anton Stiglic of class notes from the former course Cryptography and Data Security (308647A)
More informationDiscrete Mathematics, Chapter 4: Number Theory and Cryptography
Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility
More informationFuzzy IdentityBased Encryption
Fuzzy IdentityBased Encryption Janek Jochheim June 20th 2013 Overview Overview Motivation (Fuzzy) IdentityBased Encryption Formal definition Security Idea Ingredients Construction Security Extensions
More informationImplementation of Elliptic Curve Digital Signature Algorithm
Implementation of Elliptic Curve Digital Signature Algorithm Aqeel Khalique Kuldip Singh Sandeep Sood Department of Electronics & Computer Engineering, Indian Institute of Technology Roorkee Roorkee, India
More informationSoftware Tool for Implementing RSA Algorithm
Software Tool for Implementing RSA Algorithm Adriana Borodzhieva, Plamen Manoilov Rousse University Angel Kanchev, Rousse, Bulgaria Abstract: RSA is one of the mostcommon used algorithms for publickey
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIENCHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationOutline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg
Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian
More informationCapture Resilient ElGamal Signature Protocols
Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department
More informationMathematics of Cryptography Modular Arithmetic, Congruence, and Matrices. A Biswas, IT, BESU SHIBPUR
Mathematics of Cryptography Modular Arithmetic, Congruence, and Matrices A Biswas, IT, BESU SHIBPUR McGrawHill The McGrawHill Companies, Inc., 2000 Set of Integers The set of integers, denoted by Z,
More informationEFFICIENT ROOT FINDING OF POLYNOMIALS OVER FIELDS OF CHARACTERISTIC 2
EFFICIENT ROOT FINDING OF POLYNOMIALS OVER FIELDS OF CHARACTERISTIC 2 Vincent Herbert (Joint work with Bhaskar Biswas) WEWoRC 2009 INRIA Paris Rocquencourt V. Herbert (WEWoRC 2009) SECRET Project Team
More information1 Message Authentication
Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions
More informationOverview of PublicKey Cryptography
CS 361S Overview of PublicKey Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.16 slide 2 PublicKey Cryptography public key public key? private key Alice Bob Given: Everybody knows
More informationSecure Network Communication Part II II Public Key Cryptography. Public Key Cryptography
Kommunikationssysteme (KSy)  Block 8 Secure Network Communication Part II II Public Key Cryptography Dr. Andreas Steffen 20002001 A. Steffen, 28.03.2001, KSy_RSA.ppt 1 Secure Key Distribution Problem
More informationThe Dirichlet Unit Theorem
Chapter 6 The Dirichlet Unit Theorem As usual, we will be working in the ring B of algebraic integers of a number field L. Two factorizations of an element of B are regarded as essentially the same if
More informationLecture 6  Cryptography
Lecture 6  Cryptography CSE497b  Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497bs07 Question 2 Setup: Assume you and I don t know anything about
More informationOn an algorithm for classification of binary selfdual codes with minimum distance four
Thirteenth International Workshop on Algebraic and Combinatorial Coding Theory June 1521, 2012, Pomorie, Bulgaria pp. 105 110 On an algorithm for classification of binary selfdual codes with minimum
More informationCryptography & Digital Signatures
Cryptography & Digital Signatures CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration Prof. Sloan s Slides, 2007, 2008 Robert H.
More informationNetwork Security: Cryptography CS/SS G513 S.K. Sahay
Network Security: Cryptography CS/SS G513 S.K. Sahay BITSPilani, K.K. Birla Goa Campus, Goa S.K. Sahay Network Security: Cryptography 1 Introduction Network security: measure to protect data/information
More informationOutline. Cryptography. Bret Benesh. Math 331
Outline 1 College of St. Benedict/St. John s University Department of Mathematics Math 331 2 3 The internet is a lawless place, and people have access to all sorts of information. What is keeping people
More informationStudy of algorithms for factoring integers and computing discrete logarithms
Study of algorithms for factoring integers and computing discrete logarithms First IndoFrench Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department
More informationSecurity in communication networks
Security in communication networks by MARTIN E. HELLMAN Stanford University Stanford, California INTRODUCTION It may seem anomolous that electronic mail and other computer communication systems require
More informationarxiv:1010.3163v1 [cs.cr] 15 Oct 2010
The Digital Signature Scheme MQQSIG Intellectual Property Statement and Technical Description 10 October 2010 Danilo Gligoroski 1 and Svein Johan Knapskog 2 and Smile Markovski 3 and Rune Steinsmo Ødegård
More informationLecture Note 8 ATTACKS ON CRYPTOSYSTEMS I. Sourav Mukhopadhyay
Lecture Note 8 ATTACKS ON CRYPTOSYSTEMS I Sourav Mukhopadhyay Cryptography and Network Security  MA61027 Attacks on Cryptosystems Up to this point, we have mainly seen how ciphers are implemented. We
More information