Post-Quantum Cryptography #2
|
|
- Elinor Ryan
- 8 years ago
- Views:
Transcription
1 Post-Quantum Cryptography #2 Prof. Claude Crépeau McGill University 49
2 Post-Quantum Cryptography Finite Fields based cryptography Codes Multi-variate Polynomials Integers based cryptography Approximate Integer GCD Lattices 50
3 ( 51
4 Public Key Encryption 52
5 Asymmetric Encryption (Public-Key Cryptography) Encryption K e P C K d Decryption Complexity Theoretical Security 53
6 $ Asymmetric Encryption (Public-Key Cryptography) Encryption K e P C K d Decryption Complexity Theoretical Security 53
7 $ Asymmetric Encryption (Public-Key Cryptography) Encryption K e P C K d Decryption Complexity Theoretical Security 53
8 Will you marry me?» Public-Key Cryptography»»»»»» Decryption Encryption»» marry me? 54
9 Will you marry me?» Public-Key Cryptography»»»»»» Decryption Encryption»» marry me? 54
10 Will you marry me?» Public-Key Cryptography»»»»»» Decryption Encryption»» marry me? 54
11 Digital Signatures 55
12 Asymmetric Authentication (Digital Signature Scheme) Authentication M K a K v T Verification Complexity Theoretical Security 56
13 Digital Signature»»»» Will you marry me?» Verification»» Authentication» VALID Will you marry me?» marry me? 57
14 Digital Signature»»»» Will you marry me?» Verification»» Authentication» VALID Will you marry me?» marry me? 57
15 Digital Signature»»»» Will you marry me?» Verification»» Authentication» VALID Will you marry me?» marry me? 57
16 ) 58
17 Code Equivalence 59
18 Code Equivalence Two [n,k,d] linear codes C,C are (permutation) equivalent if there exists a kxk non-singular matrix S & an nxn permutation matrix P s.t. 59
19 Code Equivalence Two [n,k,d] linear codes C,C are (permutation) equivalent if there exists a kxk non-singular matrix S & an nxn permutation matrix P s.t. G = SGP 59
20 Code Equivalence Two [n,k,d] linear codes C,C are (permutation) equivalent if there exists a kxk non-singular matrix S & an nxn permutation matrix P s.t. G = SGP the codewords of C and C have exactly all the same weights 59
21 Code Equivalence 60
22 Code Equivalence Let C be an [n,k,d] linear code equivalent to a code C. 60
23 Code Equivalence Let C be an [n,k,d] linear code equivalent to a code C. Let Cor:{0,1} n C be an efficient nearest codeword error-correcting procedure for C (upto d-1 / 2 errors) 60
24 Code Equivalence Let C be an [n,k,d] linear code equivalent to a code C. Let Cor:{0,1} n C be an efficient nearest codeword error-correcting procedure for C (upto d-1 / 2 errors) Define C or(w):=cor(wp -1 )P, 60
25 Code Equivalence Let C be an [n,k,d] linear code equivalent to a code C. Let Cor:{0,1} n C be an efficient nearest codeword error-correcting procedure for C (upto d-1 / 2 errors) Define C or(w):=cor(wp -1 )P, then C or:{0,1} n C is an efficient nearest codeword error-correcting procedure for C (upto d-1 / 2 errors) 60
26 McEliece Cryptosystem 61
27 McEliece Cryptosystem Let G r Goppa t, S r F 2 kxk, & P r Perm be the private-key, & G = SGP be the public-key, 61
28 McEliece Cryptosystem Let G r Goppa t, S r F 2 kxk, & P r Perm be the private-key, & G = SGP be the public-key, Let e r {error vector of weight t} & m {0,1} k a plaintext let w=mg +e be a ciphertext. 61
29 McEliece Cryptosystem Let G r Goppa t, S r F 2 kxk, & P r Perm be the private-key, & G = SGP be the public-key, Let e r {error vector of weight t} & m {0,1} k a plaintext let w=mg +e be a ciphertext. Given (only) G,w finding 61
30 McEliece Cryptosystem Let G r Goppa t, S r F 2 kxk, & P r Perm be the private-key, & G = SGP be the public-key, Let e r {error vector of weight t} & m {0,1} k a plaintext let w=mg +e be a ciphertext. Given (only) G,w finding c = C or(w) is difficult. 61
31 Niederreiter Cryptosystem 62
32 Niederreiter Cryptosystem Let G r GRS t, S r F 2 kxk, & P r Perm be the private-key, & G = SGP be the public-key, 62
33 Niederreiter Cryptosystem Let G r GRS t, S r F 2 kxk, & P r Perm be the private-key, & G = SGP be the public-key, Let m {error vector of weight t} a plaintext & c r C let w=c +m be a ciphertext. 62
34 Niederreiter Cryptosystem Let G r GRS t, S r F 2 kxk, & P r Perm be the private-key, & G = SGP be the public-key, Let m {error vector of weight t} a plaintext & c r C let w=c +m be a ciphertext. Given (only) G,w finding 62
35 Niederreiter Cryptosystem Let G r GRS t, S r F 2 kxk, & P r Perm be the private-key, & G = SGP be the public-key, Let m {error vector of weight t} a plaintext & c r C let w=c +m be a ciphertext. Given (only) G,w finding c = C or(w) is difficult. 62
36 Both Cryptosystems 63
37 Both Cryptosystems Let G r GRS/Goppa t, S r F 2 kxk, & P r Perm be the privatekey, & G = SGP be the public-key, e {error vector of weight t} and let w=c+e for c C(G ). 63
38 Both Cryptosystems Let G r GRS/Goppa t, S r F 2 kxk, & P r Perm be the privatekey, & G = SGP be the public-key, e {error vector of weight t} and let w=c+e for c C(G ). Given G,S,P, w finding c=cor(w) and e=w-c is easy. 63
39 64
40 Families of Codes Nicolas Sendrier 65
41 Families of Codes Binary Goppa codes seem safe, but not Nicolas Sendrier 65
42 Families of Codes Binary Goppa codes seem safe, but not (Generalized) Reed-Solomon codes, Nicolas Sendrier 65
43 Families of Codes Binary Goppa codes seem safe, but not (Generalized) Reed-Solomon codes, concatenated codes, Nicolas Sendrier 65
44 Families of Codes Binary Goppa codes seem safe, but not (Generalized) Reed-Solomon codes, concatenated codes, elliptic codes, Nicolas Sendrier 65
45 Families of Codes Binary Goppa codes seem safe, but not (Generalized) Reed-Solomon codes, concatenated codes, elliptic codes, Reed-Muller codes, Nicolas Sendrier 65
46 Families of Codes Binary Goppa codes seem safe, but not (Generalized) Reed-Solomon codes, concatenated codes, elliptic codes, Reed-Muller codes, Convolutional codes Nicolas Sendrier 65
47 Code based cryptography 66
48 Code based cryptography Courtois, Finiasz and Sendrier signature scheme 66
49 Code based cryptography Courtois, Finiasz and Sendrier signature scheme Stern s identification scheme 66
50 Code based cryptography Courtois, Finiasz and Sendrier signature scheme Stern s identification scheme Code based PRNG 66
51 Code based cryptography Courtois, Finiasz and Sendrier signature scheme Stern s identification scheme Code based PRNG Code based hash function 66
52 0 Code based cryptography 67
53 Post-Quantum Cryptography Finite Fields based cryptography Codes Multi-variate Polynomials Integers based cryptography Approximate Integer GCD Lattices 68
54 Multi-variate Poly based cryptography 69
55 Multi-variate Poly based cryptography 70
56 Multi-variate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F n. 70
57 Multi-variate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F n. z k = p k (x) := i P ik x i + i Q ik x i 2 + i<j R ijk x i x j 70
58 Multi-variate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F n. z k = p k (x) := i P ik x i + i Q ik x i 2 + i<j R ijk x i x j When we are working over F=F 2, note that x 2 = x, so it suffices to consider multilinear polynomials: z k = p k (x) := i P ik x i + i<j R ijk x i x j 70
59 Multi-variate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F n. z k = p k (x) := i P ik x i + i Q ik x i 2 + i<j R ijk x i x j When we are working over F=F 2, note that x 2 = x, so it suffices to consider multilinear polynomials: z k = p k (x) := i P ik x i + i<j R ijk x i x j In general, finding x from z=p(x) is NP-hard. 70
60 Multi-variate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F n. z k = p k (x) := i P ik x i + i Q ik x i 2 + i<j R ijk x i x j When we are working over F=F 2, note that x 2 = x, so it suffices to consider multilinear polynomials: z k = p k (x) := i P ik x i + i<j R ijk x i x j In general, finding x from z=p(x) is NP-hard. We seek more : finding x from z=p(x) being hard on average. 70
61 Multi-variate Poly based cryptography 71
62 Multi-variate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F 2n. 71
63 Multi-variate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F 2n. z k = p k (x) := i P ik x i + i<j R ijk x i x j 71
64 Multi-variate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F 2n. z k = p k (x) := i P ik x i + i<j R ijk x i x j Public-key: P 71
65 Multi-variate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F 2n. z k = p k (x) := i P ik x i + i<j R ijk x i x j Public-key: P Enc P (x)=p(x) 71
66 Multi-variate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F 2n. z k = p k (x) := i P ik x i + i<j R ijk x i x j Public-key: P Enc P (x)=p(x) Dec(z)= find x s.t. z=p(x) (specific to P s design) 71
67 Multi-variate Poly based cryptography 72
68 Multi-variate Poly based cryptography MPKCs almost always hide a private map Q via composition with secret affine maps S, and T. 72
69 Multi-variate Poly based cryptography MPKCs almost always hide a private map Q via composition with secret affine maps S, and T. So, P=T Q S: F n F m, or P(x):=M T Q( M S x+c S ) + c T 72
70 Multi-variate Poly based cryptography MPKCs almost always hide a private map Q via composition with secret affine maps S, and T. So, P=T Q S: F n F m, or P(x):=M T Q( M S x+c S ) + c T In any given scheme, the central map Q belongs to a certain class of quadratic maps whose inverse can be computed relatively easily. 72
71 Multi-variate Poly based cryptography MPKCs almost always hide a private map Q via composition with secret affine maps S, and T. So, P=T Q S: F n F m, or P(x):=M T Q( M S x+c S ) + c T In any given scheme, the central map Q belongs to a certain class of quadratic maps whose inverse can be computed relatively easily. x = MS -1 Q -1 ( M T -1 P(x)-c T ) - c S where c T := M T -1 c T and c S := M S -1 c S 72
72 Multi-variate Poly based cryptography 73
73 Multi-variate Poly based cryptography MPKCs almost always hide a private map Q via composition with secret affine maps S, and T. So, P=T Q S: F n F m, or P(x):=M T Q( M S x+c S ) + c T 73
74 Multi-variate Poly based cryptography MPKCs almost always hide a private map Q via composition with secret affine maps S, and T. So, P=T Q S: F n F m, or P(x):=M T Q( M S x+c S ) + c T Private-key: (M T -1, c T ), (M S -1, c S ), Q -1 Dec(y) = MS -1 Q -1 ( M T -1 y-c T ) - c S where c T := M T -1 c T and c S := M S -1 c S 73
75 Matsumoto- Imai 74
76 Matsumoto- Imai Example: ( a sort of RSA type system ) 74
77 Matsumoto- Imai Example: ( a sort of RSA type system ) Any single univariate f over F 2 n can be represented by n multivariate algebraic functions y i = f i (x 1,x 2,...,x n ) over F 2. 74
78 Matsumoto- Imai Example: ( a sort of RSA type system ) Any single univariate f over F 2 n can be represented by n multivariate algebraic functions y i = f i (x 1,x 2,...,x n ) over F 2. Q(x) := x 2a +1, a<n, over F 2 n such that gcd(2 a +1,2 n -1)=1 (squaring over F 2 n is actually a linear transform over F 2 n ) * 74
79 Matsumoto- Imai Example: ( a sort of RSA type system ) Any single univariate f over F 2 n can be represented by n multivariate algebraic functions y i = f i (x 1,x 2,...,x n ) over F 2. Q(x) := x 2a +1, a<n, over F 2 n such that gcd(2 a +1,2 n -1)=1 (squaring over F 2 n is actually a linear transform over F 2 n ) * Then there exists h := (2 a +1) -1 mod 2 n -1 such that Q -1 (y)=y h over F 2 n 74
80 Squaring over F 2 n is linear over F 2 (x n-1,...,x 1,x 0 ) 2 =(x n-1 x n x 1 x+x 0 ) 2 mod P(x) = x n-1 x 2n x 1 x 2 +x 0 mod P(x) / / 1 \ / x 2 \... / x 2n-2 \ \ / x 0 \ = mod mod... mod x 1 \ \ P / \ P /... \ P / /... \x n-1 / = M sq x 75
81 Squaring over F 2 n is linear over F 2 (x n-1,...,x 1,x 0 ) 2 =(x n-1 x n x 1 x+x 0 ) 2 mod P(x) = x n-1 x 2n x 1 x 2 +x 0 mod P(x) / / 1 \ / x 2 \... / x 2n-2 \ \ / x 0 \ = mod mod... mod x 1 \ \ P / \ P /... \ P / /... \x n-1 / = M sq x 75
82 Squaring over F 2 n is linear over F 2 (x n-1,...,x 1,x 0 ) 2 =(x n-1 x n x 1 x+x 0 ) 2 mod P(x) = x n-1 x 2n x 1 x 2 +x 0 mod P(x) / / 1 \ / x 2 \... / x 2n-2 \ \ / x 0 \ = mod mod... mod x 1 \ \ P / \ P /... \ P / /... \x n-1 / = M sq x 75
83 Squaring over F 2 n is linear over F 2 (x n-1,...,x 1,x 0 ) 2 =(x n-1 x n x 1 x+x 0 ) 2 mod P(x) = x n-1 x 2n x 1 x 2 +x 0 mod P(x) / / 1 \ / x 2 \... / x 2n-2 \ \ / x 0 \ = mod mod... mod x 1 \ \ P / \ P /... \ P / /... \x n-1 / = M sq x 75
84 x 2i over F 2 n is linear over F 2 (y n-1,...,y 1,y 0 ) = (x n-1,...,x 1,x 0 ) 2i = M i sq x is a system of n degree 1 equations y 0 = (M i sq) 0 x y 1 = (M i sq) 1 x y 2 = (M i sq) 2 x... y n-1 = (M i sq) n-1 x 76
85 x 2 i+1 over F 2 n is quadratic over F 2 (z n-1,...,z 1,z 0 ) = (x n-1,...,x 1,x 0 ) 2 i+1 = (y n-1,...,y 1,y 0 )*(x n-1,...,x 1,x 0 ) is a system of n degree 2 equations 77
86 MI vs RSA 78
87 MI vs RSA Unlike the RSA scheme, the size q n 1 of the multiplicative group of F n 2 is known, and thus anyone can compute h from 2 a
88 MI vs RSA Unlike the RSA scheme, the size q n 1 of the multiplicative group of F n 2 is known, and thus anyone can compute h from 2 a +1. MI thus based the security of the scheme on the different principle of mapping obfuscation. (à la McEliece) 78
89 SFLASH 79
90 SFLASH The MI scheme was broken by a very clever attack developed by Patarin in
91 SFLASH The MI scheme was broken by a very clever attack developed by Patarin in Based on an idea of Shamir from 1993, Patarin et al proposed to avoid their own attack by deleting r out of the n equations from the MI public key, and called the resulting scheme SFLASH. 79
92 SFLASH 80
93 SFLASH If we denote the final truncation, the SFLASH public key is: P = T Q S 80
94 SFLASH If we denote the final truncation, the SFLASH public key is: P = T Q S Such truncated keys can be used in signature schemes but not in encryption schemes, since they cannot be inverted uniquely. 80
95 SFLASH & NESSIE 81
96 SFLASH & NESSIE The SFLASH scheme was selected in 2003 by the new european schemes for signatures integrity and encryption Consortium as one of only three recommended public key signature schemes, and as the best known solution for low cost smart cards 81
97 SFLASH & NESSIE The SFLASH scheme was selected in 2003 by the new european schemes for signatures integrity and encryption Consortium as one of only three recommended public key signature schemes, and as the best known solution for low cost smart cards The first version of SFLASH, called SFLASH v1, had a subtle bug which was discovered by Gilbert and Minier. It was replaced by two versions (SFLASH v2 & v3 ). 81
98 SFLASH & NESSIE The SFLASH scheme was selected in 2003 by the new european schemes for signatures integrity and encryption Consortium as one of only three recommended public key signature schemes, and as the best known solution for low cost smart cards The first version of SFLASH, called SFLASH v1, had a subtle bug which was discovered by Gilbert and Minier. It was replaced by two versions (SFLASH v2 & v3 ). They differ only in their security parameters: for SFLASH v2 : q = 2 7, n = 37, a = 11 and r = 11 for SFLASH v3 : q = 2 7, n = 67, a = 33 and r = 11 81
99 SFLASH & NESSIE The SFLASH scheme was selected in 2003 by the new european schemes for signatures integrity and encryption Consortium as one of only three recommended public key signature schemes, and as the best known solution for low cost smart cards The first version of SFLASH, called SFLASH v1, had a subtle bug which was discovered by Gilbert and Minier. It was replaced by two versions (SFLASH v2 & v3 ). They differ only in their security parameters: for SFLASH v2 : q = 2 7, n = 37, a = 11 and r = 11 for SFLASH v3 : q = 2 7, n = 67, a = 33 and r = 11 Dubois, Fouque, Shamir, Stern broke SFLASH v2 & v3 in
100 Variations 82
101 Variations * *as of
102 Multi-variate Poly based cryptography 84
103 Post-Quantum Cryptography Finite Fields based cryptography Codes Multi-variate Polynomials Integers based cryptography Approximate Integer GCD Lattices 85
104 Cryptographic Money based on hidden codes (hidden sub-spaces) 86
105 Hidden (Linear) Code 87
106 Hidden (Linear) Code a linear [n,k,d] code C F n over arbitrary finite field F. 87
107 Hidden (Linear) Code a linear [n,k,d] code C F n over arbitrary finite field F. a positive integer degree D, 87
108 Hidden (Linear) Code a linear [n,k,d] code C F n over arbitrary finite field F. a positive integer degree D, I D,C = { degree-d polynomials that vanish on C }. 87
109 Hidden (Linear) Code a linear [n,k,d] code C F n over arbitrary finite field F. a positive integer degree D, I D,C = { degree-d polynomials that vanish on C }. For simplicity, assume we use F=F 2. 87
110 Hidden Code 88
111 Hidden Code Lemma A It is possible to sample a uniformly-random element of I D,C in time O(n D ). 88
112 Hidden Code Lemma A It is possible to sample a uniformly-random element of I D,C in time O(n D ). Lemma B Fix C F n 2 and β > 1, and choose βn independent uniformly-random samples from I D,C. With probability 1 2 Ω(n), the set of points on which they are all zero is exactly C. 88
113 Aaronson Public Q-Money Christiano 89
114 Aaronson Public Q-Money Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Public-key) 89
115 Aaronson Public Q-Money Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Public-key) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Public-key) 89
116 Aaronson Public Q-Money Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Public-key) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Public-key) c C,c C,i,j P i (c)=0 and Q j (c )=0 89
117 Aaronson Public Q-Money Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Public-key) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Public-key) c C,c C,i,j P i (c)=0 and Q j (c )=0 $ = c C c, [H] n $ = c C c 89
118 Aaronson Public Q-Money Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Public-key) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Public-key) c C,c C,i,j P i (c)=0 and Q j (c )=0 $ = c C c, [H] n $ = c C c checking $ : using P 1 (x),...,p βn (x), validate that $ is made only of states from C and using Q 1 (x),...,q βn (x), validate that [H] $ is made only of states from C. 89
119 Aaronson Public Q-Money Christiano 90
120 Aaronson Public Q-Money Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Public-key) 90
121 Aaronson Public Q-Money Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Public-key) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Public-key) 90
122 Aaronson Public Q-Money Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Public-key) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Public-key) c C,c C,i,j P i (c)=0 and Q j (c )=0 90
123 Aaronson Public Q-Money Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Public-key) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Public-key) c C,c C,i,j P i (c)=0 and Q j (c )=0 The special structure of (C,C ), yields an attack for degree 2 polynomials. So D must be at least 3. 90
124 Aaronson Public Q-Money Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Public-key) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Public-key) c C,c C,i,j P i (c)=0 and Q j (c )=0 The special structure of (C,C ), yields an attack for degree 2 polynomials. So D must be at least 3. In Q-Money C or C may be sampled once. 90
125 Public Q-Money Aaronson P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) Christiano (Public-key) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Public-key) c C,c C,i,j P i (c)=0 and Q j (c )=0 The special structure of (C,C ), yields an attack for degree 2 polynomials. So D must be at least 3. In Q-Money C or C may be sampled once. Weakens the security. Degree D=4 with sample is as hard as degree 3 without a sample. So they choose D=4. 90
126 Hidden Code Let Z D,C, ℇ be the distribution which sets Z D,C, ℇ ={ I D,C with probability 1-ℇ I D, with probability ℇ where is a random code of dimension k. Lemma C Fix C F n 2 and ℇ <1, let β=32/(1-ℇ) 2, and choose βn independent samples from Z D,C, ℇ. Let δ = 1/2 + (1 ℇ)/4. With probability 1 2 Ω(n) the set of points on which at least δβn polynomials are zero is exactly C. 91
127 Public Q-Money 92
128 Public Q-Money P 1 (x), P 2 (x),...,p β n (x) define C=Span(G) (Public-key) 92
129 Public Q-Money P 1 (x), P 2 (x),...,p β n (x) define C=Span(G) (Public-key) Q 1 (x), Q 2 (x),...,q β n (x) define C =Ker(G) (Public-key) 92
130 Public Q-Money P 1 (x), P 2 (x),...,p β n (x) define C=Span(G) (Public-key) Q 1 (x), Q 2 (x),...,q β n (x) define C =Ker(G) (Public-key) c C, c C P i (c)=0 and Q j (c )=0 with probability δ. 92
131 Public Q-Money P 1 (x), P 2 (x),...,p β n (x) define C=Span(G) (Public-key) Q 1 (x), Q 2 (x),...,q β n (x) define C =Ker(G) (Public-key) c C, c C P i (c)=0 and Q j (c )=0 with probability δ. Adding misleading polynomials may only make the assumption harder to break... 92
132 Cryptographic Money based on hidden codes (hidden sub-spaces) 93
Practical Cryptanalysis of SFLASH
Practical Cryptanalysis of SFLASH Vivien Dubois 1, Pierre-Alain Fouque 1, Adi Shamir 1,2, and Jacques Stern 1 1 École normale supérieure Département d Informatique 45, rue d Ulm 75230 Paris cedex 05, France
More informationMasao KASAHARA. Public Key Cryptosystem, Error-Correcting Code, Reed-Solomon code, CBPKC, McEliece PKC.
A New Class of Public Key Cryptosystems Constructed Based on Reed-Solomon Codes, K(XII)SEPKC. Along with a presentation of K(XII)SEPKC over the extension field F 2 8 extensively used for present day various
More informationRSA Attacks. By Abdulaziz Alrasheed and Fatima
RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.
More informationAdvanced Cryptography
Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.
More informationSFLASH v3, a fast asymmetric signature scheme
SFLASH v3, a fast asymmetric signature scheme Specification of SFLASH, version 3.0., 17 October 2003 The authors still recommend SFLASH-v2, see below. Nicolas T. Courtois 1, Louis Goubin 1 and Jacques
More informationPost-Quantum Cryptography #4
Post-Quantum Cryptography #4 Prof. Claude Crépeau McGill University http://crypto.cs.mcgill.ca/~crepeau/waterloo 185 ( 186 Attack scenarios Ciphertext-only attack: This is the most basic type of attack
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationThe Mathematics of the RSA Public-Key Cryptosystem
The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through
More informationKALE: A High-Degree Algebraic-Resistant Variant of The Advanced Encryption Standard
KALE: A High-Degree Algebraic-Resistant Variant of The Advanced Encryption Standard Dr. Gavekort c/o Vakiopaine Bar Kauppakatu 6, 41 Jyväskylä FINLAND mjos@iki.fi Abstract. We have discovered that the
More informationFAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION
FAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION INTRODUCTION GANESH ESWAR KUMAR. P Dr. M.G.R University, Maduravoyal, Chennai. Email: geswarkumar@gmail.com Every day, millions of people
More informationCryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur
Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Module No. # 01 Lecture No. # 05 Classic Cryptosystems (Refer Slide Time: 00:42)
More informationCryptography: Authentication, Blind Signatures, and Digital Cash
Cryptography: Authentication, Blind Signatures, and Digital Cash Rebecca Bellovin 1 Introduction One of the most exciting ideas in cryptography in the past few decades, with the widest array of applications,
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationCryptography and Network Security Chapter 9
Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,
More informationQuantum Computers vs. Computers Security. @veorq http://aumasson.jp
Quantum Computers vs. Computers Security @veorq http://aumasson.jp Schrodinger equation Entanglement Bell states EPR pairs Wave functions Uncertainty principle Tensor products Unitary matrices Hilbert
More informationNotes on Network Security Prof. Hemant K. Soni
Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications
More informationFactorization Algorithms for Polynomials over Finite Fields
Degree Project Factorization Algorithms for Polynomials over Finite Fields Sajid Hanif, Muhammad Imran 2011-05-03 Subject: Mathematics Level: Master Course code: 4MA11E Abstract Integer factorization is
More informationQUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University
QUANTUM COMPUTERS AND CRYPTOGRAPHY Mark Zhandry Stanford University Classical Encryption pk m c = E(pk,m) sk m = D(sk,c) m??? Quantum Computing Attack pk m aka Post-quantum Crypto c = E(pk,m) sk m = D(sk,c)
More informationA Factoring and Discrete Logarithm based Cryptosystem
Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511-517 HIKARI Ltd, www.m-hikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques
More informationPublic Key (asymmetric) Cryptography
Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,
More informationLecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay
Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Modern/Public-key cryptography started in 1976 with the publication of the following paper. W. Diffie
More informationCryptography and Network Security
Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared
More informationLecture 3: One-Way Encryption, RSA Example
ICS 180: Introduction to Cryptography April 13, 2004 Lecturer: Stanislaw Jarecki Lecture 3: One-Way Encryption, RSA Example 1 LECTURE SUMMARY We look at a different security property one might require
More informationLightweight code-based identification and signature
Lightweight code-based identification and signature Philippe Gaborit XLIM-DMI, Université de Limoges, 123 av Albert Thomas, 87000, Limoges, France Email: gaborit@unilimfr Marc Girault France Télécom Division
More informationCRYPTOGRAPHIC LONG-TERM SECURITY PERSPECTIVES FOR
By JOHANNES BUCHMANN, ALEXANDER MAY, and ULRICH VOLLMER PERSPECTIVES FOR CRYPTOGRAPHIC LONG-TERM SECURITY Cryptographic long-term security is needed, but difficult to achieve. Use flexible cryptographic
More informationPrivacy Preserving Similarity Evaluation of Time Series Data
Privacy Preserving Similarity Evaluation of Time Series Data Haohan Zhu Department of Computer Science Boston University zhu@cs.bu.edu Xianrui Meng Department of Computer Science Boston University xmeng@cs.bu.edu
More informationElements of Applied Cryptography Public key encryption
Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let
More informationAssociate Prof. Dr. Victor Onomza Waziri
BIG DATA ANALYTICS AND DATA SECURITY IN THE CLOUD VIA FULLY HOMOMORPHIC ENCRYPTION Associate Prof. Dr. Victor Onomza Waziri Department of Cyber Security Science, School of ICT, Federal University of Technology,
More informationLUC: A New Public Key System
LUC: A New Public Key System Peter J. Smith a and Michael J. J. Lennon b a LUC Partners, Auckland UniServices Ltd, The University of Auckland, Private Bag 92019, Auckland, New Zealand. b Department of
More informationPrinciples of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms
Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport
More informationImplementing Network Security Protocols
Implementing Network Security Protocols based on Elliptic Curve Cryptography M. Aydos, E. Savaş, and Ç. K. Koç Electrical & Computer Engineering Oregon State University Corvallis, Oregon 97331, USA {aydos,savas,koc}@ece.orst.edu
More informationCSC474/574 - Information Systems Security: Homework1 Solutions Sketch
CSC474/574 - Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a one-round Feistel cipher
More informationIntroduction to Hill cipher
Introduction to Hill cipher We have explored three simple substitution ciphers that generated ciphertext C from plaintext p by means of an arithmetic operation modulo 26. Caesar cipher: The Caesar cipher
More informationSECRET sharing schemes were introduced by Blakley [5]
206 IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 52, NO. 1, JANUARY 2006 Secret Sharing Schemes From Three Classes of Linear Codes Jin Yuan Cunsheng Ding, Senior Member, IEEE Abstract Secret sharing has
More informationNetwork Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室
Network Security 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination
More informationIntroduction to post-quantum cryptography
Introduction to post-quantum cryptography Daniel J. Bernstein Department of Computer Science, University of Illinois at Chicago. 1 Is cryptography dead? Imagine that it s fifteen years from now and someone
More informationMathematical Model Based Total Security System with Qualitative and Quantitative Data of Human
Int Jr of Mathematics Sciences & Applications Vol3, No1, January-June 2013 Copyright Mind Reader Publications ISSN No: 2230-9888 wwwjournalshubcom Mathematical Model Based Total Security System with Qualitative
More informationShort Programs for functions on Curves
Short Programs for functions on Curves Victor S. Miller Exploratory Computer Science IBM, Thomas J. Watson Research Center Yorktown Heights, NY 10598 May 6, 1986 Abstract The problem of deducing a function
More informationSECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES
www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,
More informationPublic Key Cryptography: RSA and Lots of Number Theory
Public Key Cryptography: RSA and Lots of Number Theory Public vs. Private-Key Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver
More informationEmbedding more security in digital signature system by using combination of public key cryptography and secret sharing scheme
International Journal of Computer Sciences and Engineering Open Access Research Paper Volume-4, Issue-3 E-ISSN: 2347-2693 Embedding more security in digital signature system by using combination of public
More information3-6 Toward Realizing Privacy-Preserving IP-Traceback
3-6 Toward Realizing Privacy-Preserving IP-Traceback The IP-traceback technology enables us to trace widely spread illegal users on Internet. However, to deploy this attractive technology, some problems
More informationA New Generic Digital Signature Algorithm
Groups Complex. Cryptol.? (????), 1 16 DOI 10.1515/GCC.????.??? de Gruyter???? A New Generic Digital Signature Algorithm Jennifer Seberry, Vinhbuu To and Dongvu Tonien Abstract. In this paper, we study
More informationCIS 5371 Cryptography. 8. Encryption --
CIS 5371 Cryptography p y 8. Encryption -- Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: All-or-nothing secrecy.
More informationPublic Key Cryptography. Performance Comparison and Benchmarking
Public Key Cryptography Performance Comparison and Benchmarking Tanja Lange Department of Mathematics Technical University of Denmark tanja@hyperelliptic.org 28.08.2006 Tanja Lange Benchmarking p. 1 What
More informationSemantic Security for the McEliece Cryptosystem without Random Oracles
Semantic Security for the McEliece Cryptosystem without Random Oracles Ryo Nojima 1, Hideki Imai 23, Kazukuni Kobara 3, and Kirill Morozov 3 1 National Institute of Information and Communications Technology
More informationSolutions to Problem Set 1
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Handout #8 Zheng Ma February 21, 2005 Solutions to Problem Set 1 Problem 1: Cracking the Hill cipher Suppose
More informationBasic Algorithms In Computer Algebra
Basic Algorithms In Computer Algebra Kaiserslautern SS 2011 Prof. Dr. Wolfram Decker 2. Mai 2011 References Cohen, H.: A Course in Computational Algebraic Number Theory. Springer, 1993. Cox, D.; Little,
More informationMathematics Course 111: Algebra I Part IV: Vector Spaces
Mathematics Course 111: Algebra I Part IV: Vector Spaces D. R. Wilkins Academic Year 1996-7 9 Vector Spaces A vector space over some field K is an algebraic structure consisting of a set V on which are
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationSymmetric Key cryptosystem
SFWR C03: Computer Networks and Computer Security Mar 8-11 200 Lecturer: Kartik Krishnan Lectures 22-2 Symmetric Key cryptosystem Symmetric encryption, also referred to as conventional encryption or single
More informationEXAM questions for the course TTM4135 - Information Security June 2010. Part 1
EXAM questions for the course TTM4135 - Information Security June 2010 Part 1 This part consists of 6 questions all from one common topic. The number of maximal points for every correctly answered question
More informationSoftware Implementation of Gong-Harn Public-key Cryptosystem and Analysis
Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis by Susana Sin A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master
More informationNetwork Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5)
Network Security Security Crytographic algorithms Security Services Secret key (DES) Public key (RSA) Message digest (MD5) privacy authenticity Message integrity Secret Key Encryption Plain text Plain
More informationAn efficient and provably secure public key encryption scheme based on coding theory
SECUITY AND COMMUNICATION NETWOKS Security Comm. Networks (2010) Published online in Wiley Online Library (wileyonlinelibrary.com)..274 ESEACH ATICLE An efficient and provably secure public key encryption
More informationCryptography and Network Security Chapter 10
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 10 Other Public Key Cryptosystems Amongst the tribes of Central
More informationAn Efficient Data Security in Cloud Computing Using the RSA Encryption Process Algorithm
An Efficient Data Security in Cloud Computing Using the RSA Encryption Process Algorithm V.Masthanamma 1,G.Lakshmi Preya 2 UG Scholar, Department of Information Technology, Saveetha School of Engineering
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Introduction to Cryptography What is cryptography?
More informationApplication of cube attack to block and stream ciphers
Application of cube attack to block and stream ciphers Janusz Szmidt joint work with Piotr Mroczkowski Military University of Technology Military Telecommunication Institute Poland 23 czerwca 2009 1. Papers
More informationECE 842 Report Implementation of Elliptic Curve Cryptography
ECE 842 Report Implementation of Elliptic Curve Cryptography Wei-Yang Lin December 15, 2004 Abstract The aim of this report is to illustrate the issues in implementing a practical elliptic curve cryptographic
More informationInternational Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013
FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,
More informationReview of methods for secret sharing in cloud computing
Review of methods for secret sharing in cloud computing Dnyaneshwar Supe Amit Srivastav Dr. Rajesh S. Prasad Abstract:- Cloud computing provides various IT services. Many companies especially those who
More information2010 JOURNAL OF SOFTWARE, VOL. 9, NO. 8, AUGUST 2014
2010 JOURNAL OF SOFTWARE VOL. 9 NO. 8 AUGUST 2014 Analysis of a Multivariate Public Key Cryptosystem and Its Application in Software Copy Protection Ning Huang Center of Modern Educational Technology Gannan
More informationApplied Cryptography Public Key Algorithms
Applied Cryptography Public Key Algorithms Sape J. Mullender Huygens Systems Research Laboratory Universiteit Twente Enschede 1 Public Key Cryptography Independently invented by Whitfield Diffie & Martin
More informationCryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs
Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a
More informationNumber Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may
Number Theory Divisibility and Primes Definition. If a and b are integers and there is some integer c such that a = b c, then we say that b divides a or is a factor or divisor of a and write b a. Definition
More informationLukasz Pater CMMS Administrator and Developer
Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign
More informationDigital Signature. Raj Jain. Washington University in St. Louis
Digital Signature Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 3: Block ciphers and DES Ion Petre Department of IT, Åbo Akademi University January 17, 2012 1 Data Encryption Standard
More informationImplementation of Elliptic Curve Digital Signature Algorithm
Implementation of Elliptic Curve Digital Signature Algorithm Aqeel Khalique Kuldip Singh Sandeep Sood Department of Electronics & Computer Engineering, Indian Institute of Technology Roorkee Roorkee, India
More informationTable of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch
1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...
More informationComputer Science 308-547A Cryptography and Data Security. Claude Crépeau
Computer Science 308-547A Cryptography and Data Security Claude Crépeau These notes are, largely, transcriptions by Anton Stiglic of class notes from the former course Cryptography and Data Security (308-647A)
More informationSoftware Tool for Implementing RSA Algorithm
Software Tool for Implementing RSA Algorithm Adriana Borodzhieva, Plamen Manoilov Rousse University Angel Kanchev, Rousse, Bulgaria Abstract: RSA is one of the most-common used algorithms for public-key
More informationHow To Prove The Dirichlet Unit Theorem
Chapter 6 The Dirichlet Unit Theorem As usual, we will be working in the ring B of algebraic integers of a number field L. Two factorizations of an element of B are regarded as essentially the same if
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationLecture 6 - Cryptography
Lecture 6 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07 Question 2 Setup: Assume you and I don t know anything about
More informationOutline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg
Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian
More informationDiscrete Mathematics, Chapter 4: Number Theory and Cryptography
Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility
More information1 Message Authentication
Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions
More informationCapture Resilient ElGamal Signature Protocols
Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department
More informationSecure Network Communication Part II II Public Key Cryptography. Public Key Cryptography
Kommunikationssysteme (KSy) - Block 8 Secure Network Communication Part II II Public Key Cryptography Dr. Andreas Steffen 2000-2001 A. Steffen, 28.03.2001, KSy_RSA.ppt 1 Secure Key Distribution Problem
More informationOn an algorithm for classification of binary self-dual codes with minimum distance four
Thirteenth International Workshop on Algebraic and Combinatorial Coding Theory June 15-21, 2012, Pomorie, Bulgaria pp. 105 110 On an algorithm for classification of binary self-dual codes with minimum
More informationOverview of Public-Key Cryptography
CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows
More informationCryptography & Digital Signatures
Cryptography & Digital Signatures CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration Prof. Sloan s Slides, 2007, 2008 Robert H.
More informationNetwork Security: Cryptography CS/SS G513 S.K. Sahay
Network Security: Cryptography CS/SS G513 S.K. Sahay BITS-Pilani, K.K. Birla Goa Campus, Goa S.K. Sahay Network Security: Cryptography 1 Introduction Network security: measure to protect data/information
More informationLecture Note 8 ATTACKS ON CRYPTOSYSTEMS I. Sourav Mukhopadhyay
Lecture Note 8 ATTACKS ON CRYPTOSYSTEMS I Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Attacks on Cryptosystems Up to this point, we have mainly seen how ciphers are implemented. We
More informationSecurity in communication networks
Security in communication networks by MARTIN E. HELLMAN Stanford University Stanford, California INTRODUCTION It may seem anomolous that electronic mail and other computer communication systems require
More informationStudy of algorithms for factoring integers and computing discrete logarithms
Study of algorithms for factoring integers and computing discrete logarithms First Indo-French Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department
More informationarxiv:1010.3163v1 [cs.cr] 15 Oct 2010
The Digital Signature Scheme MQQ-SIG Intellectual Property Statement and Technical Description 10 October 2010 Danilo Gligoroski 1 and Svein Johan Knapskog 2 and Smile Markovski 3 and Rune Steinsmo Ødegård
More informationAn Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC
An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC Laxminath Tripathy 1 Nayan Ranjan Paul 2 1Department of Information technology, Eastern Academy of Science and
More informationIndex Calculation Attacks on RSA Signature and Encryption
Index Calculation Attacks on RSA Signature and Encryption Jean-Sébastien Coron 1, Yvo Desmedt 2, David Naccache 1, Andrew Odlyzko 3, and Julien P. Stern 4 1 Gemplus Card International {jean-sebastien.coron,david.naccache}@gemplus.com
More informationImproved Online/Offline Signature Schemes
Improved Online/Offline Signature Schemes Adi Shamir and Yael Tauman Applied Math. Dept. The Weizmann Institute of Science Rehovot 76100, Israel {shamir,tauman}@wisdom.weizmann.ac.il Abstract. The notion
More informationPart VII. Digital signatures
Part VII Digital signatures CHAPTER 7: Digital signatures Digital signatures are one of the most important inventions/applications of modern cryptography. The problem is how can a user sign a message such
More informationSFWR ENG 4C03 - Computer Networks & Computer Security
KEY MANAGEMENT SFWR ENG 4C03 - Computer Networks & Computer Security Researcher: Jayesh Patel Student No. 9909040 Revised: April 4, 2005 Introduction Key management deals with the secure generation, distribution,
More information7! Cryptographic Techniques! A Brief Introduction
7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (Public-Key) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures
More informationNetwork Security Technology Network Management
COMPUTER NETWORKS Network Security Technology Network Management Source Encryption E(K,P) Decryption D(K,C) Destination The author of these slides is Dr. Mark Pullen of George Mason University. Permission
More informationPublic Key Cryptography. c Eli Biham - March 30, 2011 258 Public Key Cryptography
Public Key Cryptography c Eli Biham - March 30, 2011 258 Public Key Cryptography Key Exchange All the ciphers mentioned previously require keys known a-priori to all the users, before they can encrypt
More informationLattice-Based Threshold-Changeability for Standard Shamir Secret-Sharing Schemes
Lattice-Based Threshold-Changeability for Standard Shamir Secret-Sharing Schemes Ron Steinfeld (Macquarie University, Australia) (email: rons@ics.mq.edu.au) Joint work with: Huaxiong Wang (Macquarie University)
More information