Post-Quantum Cryptography #2

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Post-Quantum Cryptography #2"

Transcription

1 Post-Quantum Cryptography #2 Prof. Claude Crépeau McGill University 49

2 Post-Quantum Cryptography Finite Fields based cryptography Codes Multi-variate Polynomials Integers based cryptography Approximate Integer GCD Lattices 50

3 ( 51

4 Public Key Encryption 52

5 Asymmetric Encryption (Public-Key Cryptography) Encryption K e P C K d Decryption Complexity Theoretical Security 53

6 $ Asymmetric Encryption (Public-Key Cryptography) Encryption K e P C K d Decryption Complexity Theoretical Security 53

7 $ Asymmetric Encryption (Public-Key Cryptography) Encryption K e P C K d Decryption Complexity Theoretical Security 53

8 Will you marry me?» Public-Key Cryptography»»»»»» Decryption Encryption»» marry me? 54

9 Will you marry me?» Public-Key Cryptography»»»»»» Decryption Encryption»» marry me? 54

10 Will you marry me?» Public-Key Cryptography»»»»»» Decryption Encryption»» marry me? 54

11 Digital Signatures 55

12 Asymmetric Authentication (Digital Signature Scheme) Authentication M K a K v T Verification Complexity Theoretical Security 56

13 Digital Signature»»»» Will you marry me?» Verification»» Authentication» VALID Will you marry me?» marry me? 57

14 Digital Signature»»»» Will you marry me?» Verification»» Authentication» VALID Will you marry me?» marry me? 57

15 Digital Signature»»»» Will you marry me?» Verification»» Authentication» VALID Will you marry me?» marry me? 57

16 ) 58

17 Code Equivalence 59

18 Code Equivalence Two [n,k,d] linear codes C,C are (permutation) equivalent if there exists a kxk non-singular matrix S & an nxn permutation matrix P s.t. 59

19 Code Equivalence Two [n,k,d] linear codes C,C are (permutation) equivalent if there exists a kxk non-singular matrix S & an nxn permutation matrix P s.t. G = SGP 59

20 Code Equivalence Two [n,k,d] linear codes C,C are (permutation) equivalent if there exists a kxk non-singular matrix S & an nxn permutation matrix P s.t. G = SGP the codewords of C and C have exactly all the same weights 59

21 Code Equivalence 60

22 Code Equivalence Let C be an [n,k,d] linear code equivalent to a code C. 60

23 Code Equivalence Let C be an [n,k,d] linear code equivalent to a code C. Let Cor:{0,1} n C be an efficient nearest codeword error-correcting procedure for C (upto d-1 / 2 errors) 60

24 Code Equivalence Let C be an [n,k,d] linear code equivalent to a code C. Let Cor:{0,1} n C be an efficient nearest codeword error-correcting procedure for C (upto d-1 / 2 errors) Define C or(w):=cor(wp -1 )P, 60

25 Code Equivalence Let C be an [n,k,d] linear code equivalent to a code C. Let Cor:{0,1} n C be an efficient nearest codeword error-correcting procedure for C (upto d-1 / 2 errors) Define C or(w):=cor(wp -1 )P, then C or:{0,1} n C is an efficient nearest codeword error-correcting procedure for C (upto d-1 / 2 errors) 60

26 McEliece Cryptosystem 61

27 McEliece Cryptosystem Let G r Goppa t, S r F 2 kxk, & P r Perm be the private-key, & G = SGP be the public-key, 61

28 McEliece Cryptosystem Let G r Goppa t, S r F 2 kxk, & P r Perm be the private-key, & G = SGP be the public-key, Let e r {error vector of weight t} & m {0,1} k a plaintext let w=mg +e be a ciphertext. 61

29 McEliece Cryptosystem Let G r Goppa t, S r F 2 kxk, & P r Perm be the private-key, & G = SGP be the public-key, Let e r {error vector of weight t} & m {0,1} k a plaintext let w=mg +e be a ciphertext. Given (only) G,w finding 61

30 McEliece Cryptosystem Let G r Goppa t, S r F 2 kxk, & P r Perm be the private-key, & G = SGP be the public-key, Let e r {error vector of weight t} & m {0,1} k a plaintext let w=mg +e be a ciphertext. Given (only) G,w finding c = C or(w) is difficult. 61

31 Niederreiter Cryptosystem 62

32 Niederreiter Cryptosystem Let G r GRS t, S r F 2 kxk, & P r Perm be the private-key, & G = SGP be the public-key, 62

33 Niederreiter Cryptosystem Let G r GRS t, S r F 2 kxk, & P r Perm be the private-key, & G = SGP be the public-key, Let m {error vector of weight t} a plaintext & c r C let w=c +m be a ciphertext. 62

34 Niederreiter Cryptosystem Let G r GRS t, S r F 2 kxk, & P r Perm be the private-key, & G = SGP be the public-key, Let m {error vector of weight t} a plaintext & c r C let w=c +m be a ciphertext. Given (only) G,w finding 62

35 Niederreiter Cryptosystem Let G r GRS t, S r F 2 kxk, & P r Perm be the private-key, & G = SGP be the public-key, Let m {error vector of weight t} a plaintext & c r C let w=c +m be a ciphertext. Given (only) G,w finding c = C or(w) is difficult. 62

36 Both Cryptosystems 63

37 Both Cryptosystems Let G r GRS/Goppa t, S r F 2 kxk, & P r Perm be the privatekey, & G = SGP be the public-key, e {error vector of weight t} and let w=c+e for c C(G ). 63

38 Both Cryptosystems Let G r GRS/Goppa t, S r F 2 kxk, & P r Perm be the privatekey, & G = SGP be the public-key, e {error vector of weight t} and let w=c+e for c C(G ). Given G,S,P, w finding c=cor(w) and e=w-c is easy. 63

39 64

40 Families of Codes Nicolas Sendrier 65

41 Families of Codes Binary Goppa codes seem safe, but not Nicolas Sendrier 65

42 Families of Codes Binary Goppa codes seem safe, but not (Generalized) Reed-Solomon codes, Nicolas Sendrier 65

43 Families of Codes Binary Goppa codes seem safe, but not (Generalized) Reed-Solomon codes, concatenated codes, Nicolas Sendrier 65

44 Families of Codes Binary Goppa codes seem safe, but not (Generalized) Reed-Solomon codes, concatenated codes, elliptic codes, Nicolas Sendrier 65

45 Families of Codes Binary Goppa codes seem safe, but not (Generalized) Reed-Solomon codes, concatenated codes, elliptic codes, Reed-Muller codes, Nicolas Sendrier 65

46 Families of Codes Binary Goppa codes seem safe, but not (Generalized) Reed-Solomon codes, concatenated codes, elliptic codes, Reed-Muller codes, Convolutional codes Nicolas Sendrier 65

47 Code based cryptography 66

48 Code based cryptography Courtois, Finiasz and Sendrier signature scheme 66

49 Code based cryptography Courtois, Finiasz and Sendrier signature scheme Stern s identification scheme 66

50 Code based cryptography Courtois, Finiasz and Sendrier signature scheme Stern s identification scheme Code based PRNG 66

51 Code based cryptography Courtois, Finiasz and Sendrier signature scheme Stern s identification scheme Code based PRNG Code based hash function 66

52 0 Code based cryptography 67

53 Post-Quantum Cryptography Finite Fields based cryptography Codes Multi-variate Polynomials Integers based cryptography Approximate Integer GCD Lattices 68

54 Multi-variate Poly based cryptography 69

55 Multi-variate Poly based cryptography 70

56 Multi-variate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F n. 70

57 Multi-variate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F n. z k = p k (x) := i P ik x i + i Q ik x i 2 + i<j R ijk x i x j 70

58 Multi-variate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F n. z k = p k (x) := i P ik x i + i Q ik x i 2 + i<j R ijk x i x j When we are working over F=F 2, note that x 2 = x, so it suffices to consider multilinear polynomials: z k = p k (x) := i P ik x i + i<j R ijk x i x j 70

59 Multi-variate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F n. z k = p k (x) := i P ik x i + i Q ik x i 2 + i<j R ijk x i x j When we are working over F=F 2, note that x 2 = x, so it suffices to consider multilinear polynomials: z k = p k (x) := i P ik x i + i<j R ijk x i x j In general, finding x from z=p(x) is NP-hard. 70

60 Multi-variate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F n. z k = p k (x) := i P ik x i + i Q ik x i 2 + i<j R ijk x i x j When we are working over F=F 2, note that x 2 = x, so it suffices to consider multilinear polynomials: z k = p k (x) := i P ik x i + i<j R ijk x i x j In general, finding x from z=p(x) is NP-hard. We seek more : finding x from z=p(x) being hard on average. 70

61 Multi-variate Poly based cryptography 71

62 Multi-variate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F 2n. 71

63 Multi-variate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F 2n. z k = p k (x) := i P ik x i + i<j R ijk x i x j 71

64 Multi-variate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F 2n. z k = p k (x) := i P ik x i + i<j R ijk x i x j Public-key: P 71

65 Multi-variate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F 2n. z k = p k (x) := i P ik x i + i<j R ijk x i x j Public-key: P Enc P (x)=p(x) 71

66 Multi-variate Poly based cryptography P = (p 1 (x 1,...,x n ),...,p m (x 1,...,x n )) for x=(x 1,...,x n ) over F 2n. z k = p k (x) := i P ik x i + i<j R ijk x i x j Public-key: P Enc P (x)=p(x) Dec(z)= find x s.t. z=p(x) (specific to P s design) 71

67 Multi-variate Poly based cryptography 72

68 Multi-variate Poly based cryptography MPKCs almost always hide a private map Q via composition with secret affine maps S, and T. 72

69 Multi-variate Poly based cryptography MPKCs almost always hide a private map Q via composition with secret affine maps S, and T. So, P=T Q S: F n F m, or P(x):=M T Q( M S x+c S ) + c T 72

70 Multi-variate Poly based cryptography MPKCs almost always hide a private map Q via composition with secret affine maps S, and T. So, P=T Q S: F n F m, or P(x):=M T Q( M S x+c S ) + c T In any given scheme, the central map Q belongs to a certain class of quadratic maps whose inverse can be computed relatively easily. 72

71 Multi-variate Poly based cryptography MPKCs almost always hide a private map Q via composition with secret affine maps S, and T. So, P=T Q S: F n F m, or P(x):=M T Q( M S x+c S ) + c T In any given scheme, the central map Q belongs to a certain class of quadratic maps whose inverse can be computed relatively easily. x = MS -1 Q -1 ( M T -1 P(x)-c T ) - c S where c T := M T -1 c T and c S := M S -1 c S 72

72 Multi-variate Poly based cryptography 73

73 Multi-variate Poly based cryptography MPKCs almost always hide a private map Q via composition with secret affine maps S, and T. So, P=T Q S: F n F m, or P(x):=M T Q( M S x+c S ) + c T 73

74 Multi-variate Poly based cryptography MPKCs almost always hide a private map Q via composition with secret affine maps S, and T. So, P=T Q S: F n F m, or P(x):=M T Q( M S x+c S ) + c T Private-key: (M T -1, c T ), (M S -1, c S ), Q -1 Dec(y) = MS -1 Q -1 ( M T -1 y-c T ) - c S where c T := M T -1 c T and c S := M S -1 c S 73

75 Matsumoto- Imai 74

76 Matsumoto- Imai Example: ( a sort of RSA type system ) 74

77 Matsumoto- Imai Example: ( a sort of RSA type system ) Any single univariate f over F 2 n can be represented by n multivariate algebraic functions y i = f i (x 1,x 2,...,x n ) over F 2. 74

78 Matsumoto- Imai Example: ( a sort of RSA type system ) Any single univariate f over F 2 n can be represented by n multivariate algebraic functions y i = f i (x 1,x 2,...,x n ) over F 2. Q(x) := x 2a +1, a<n, over F 2 n such that gcd(2 a +1,2 n -1)=1 (squaring over F 2 n is actually a linear transform over F 2 n ) * 74

79 Matsumoto- Imai Example: ( a sort of RSA type system ) Any single univariate f over F 2 n can be represented by n multivariate algebraic functions y i = f i (x 1,x 2,...,x n ) over F 2. Q(x) := x 2a +1, a<n, over F 2 n such that gcd(2 a +1,2 n -1)=1 (squaring over F 2 n is actually a linear transform over F 2 n ) * Then there exists h := (2 a +1) -1 mod 2 n -1 such that Q -1 (y)=y h over F 2 n 74

80 Squaring over F 2 n is linear over F 2 (x n-1,...,x 1,x 0 ) 2 =(x n-1 x n x 1 x+x 0 ) 2 mod P(x) = x n-1 x 2n x 1 x 2 +x 0 mod P(x) / / 1 \ / x 2 \... / x 2n-2 \ \ / x 0 \ = mod mod... mod x 1 \ \ P / \ P /... \ P / /... \x n-1 / = M sq x 75

81 Squaring over F 2 n is linear over F 2 (x n-1,...,x 1,x 0 ) 2 =(x n-1 x n x 1 x+x 0 ) 2 mod P(x) = x n-1 x 2n x 1 x 2 +x 0 mod P(x) / / 1 \ / x 2 \... / x 2n-2 \ \ / x 0 \ = mod mod... mod x 1 \ \ P / \ P /... \ P / /... \x n-1 / = M sq x 75

82 Squaring over F 2 n is linear over F 2 (x n-1,...,x 1,x 0 ) 2 =(x n-1 x n x 1 x+x 0 ) 2 mod P(x) = x n-1 x 2n x 1 x 2 +x 0 mod P(x) / / 1 \ / x 2 \... / x 2n-2 \ \ / x 0 \ = mod mod... mod x 1 \ \ P / \ P /... \ P / /... \x n-1 / = M sq x 75

83 Squaring over F 2 n is linear over F 2 (x n-1,...,x 1,x 0 ) 2 =(x n-1 x n x 1 x+x 0 ) 2 mod P(x) = x n-1 x 2n x 1 x 2 +x 0 mod P(x) / / 1 \ / x 2 \... / x 2n-2 \ \ / x 0 \ = mod mod... mod x 1 \ \ P / \ P /... \ P / /... \x n-1 / = M sq x 75

84 x 2i over F 2 n is linear over F 2 (y n-1,...,y 1,y 0 ) = (x n-1,...,x 1,x 0 ) 2i = M i sq x is a system of n degree 1 equations y 0 = (M i sq) 0 x y 1 = (M i sq) 1 x y 2 = (M i sq) 2 x... y n-1 = (M i sq) n-1 x 76

85 x 2 i+1 over F 2 n is quadratic over F 2 (z n-1,...,z 1,z 0 ) = (x n-1,...,x 1,x 0 ) 2 i+1 = (y n-1,...,y 1,y 0 )*(x n-1,...,x 1,x 0 ) is a system of n degree 2 equations 77

86 MI vs RSA 78

87 MI vs RSA Unlike the RSA scheme, the size q n 1 of the multiplicative group of F n 2 is known, and thus anyone can compute h from 2 a

88 MI vs RSA Unlike the RSA scheme, the size q n 1 of the multiplicative group of F n 2 is known, and thus anyone can compute h from 2 a +1. MI thus based the security of the scheme on the different principle of mapping obfuscation. (à la McEliece) 78

89 SFLASH 79

90 SFLASH The MI scheme was broken by a very clever attack developed by Patarin in

91 SFLASH The MI scheme was broken by a very clever attack developed by Patarin in Based on an idea of Shamir from 1993, Patarin et al proposed to avoid their own attack by deleting r out of the n equations from the MI public key, and called the resulting scheme SFLASH. 79

92 SFLASH 80

93 SFLASH If we denote the final truncation, the SFLASH public key is: P = T Q S 80

94 SFLASH If we denote the final truncation, the SFLASH public key is: P = T Q S Such truncated keys can be used in signature schemes but not in encryption schemes, since they cannot be inverted uniquely. 80

95 SFLASH & NESSIE 81

96 SFLASH & NESSIE The SFLASH scheme was selected in 2003 by the new european schemes for signatures integrity and encryption Consortium as one of only three recommended public key signature schemes, and as the best known solution for low cost smart cards 81

97 SFLASH & NESSIE The SFLASH scheme was selected in 2003 by the new european schemes for signatures integrity and encryption Consortium as one of only three recommended public key signature schemes, and as the best known solution for low cost smart cards The first version of SFLASH, called SFLASH v1, had a subtle bug which was discovered by Gilbert and Minier. It was replaced by two versions (SFLASH v2 & v3 ). 81

98 SFLASH & NESSIE The SFLASH scheme was selected in 2003 by the new european schemes for signatures integrity and encryption Consortium as one of only three recommended public key signature schemes, and as the best known solution for low cost smart cards The first version of SFLASH, called SFLASH v1, had a subtle bug which was discovered by Gilbert and Minier. It was replaced by two versions (SFLASH v2 & v3 ). They differ only in their security parameters: for SFLASH v2 : q = 2 7, n = 37, a = 11 and r = 11 for SFLASH v3 : q = 2 7, n = 67, a = 33 and r = 11 81

99 SFLASH & NESSIE The SFLASH scheme was selected in 2003 by the new european schemes for signatures integrity and encryption Consortium as one of only three recommended public key signature schemes, and as the best known solution for low cost smart cards The first version of SFLASH, called SFLASH v1, had a subtle bug which was discovered by Gilbert and Minier. It was replaced by two versions (SFLASH v2 & v3 ). They differ only in their security parameters: for SFLASH v2 : q = 2 7, n = 37, a = 11 and r = 11 for SFLASH v3 : q = 2 7, n = 67, a = 33 and r = 11 Dubois, Fouque, Shamir, Stern broke SFLASH v2 & v3 in

100 Variations 82

101 Variations * *as of

102 Multi-variate Poly based cryptography 84

103 Post-Quantum Cryptography Finite Fields based cryptography Codes Multi-variate Polynomials Integers based cryptography Approximate Integer GCD Lattices 85

104 Cryptographic Money based on hidden codes (hidden sub-spaces) 86

105 Hidden (Linear) Code 87

106 Hidden (Linear) Code a linear [n,k,d] code C F n over arbitrary finite field F. 87

107 Hidden (Linear) Code a linear [n,k,d] code C F n over arbitrary finite field F. a positive integer degree D, 87

108 Hidden (Linear) Code a linear [n,k,d] code C F n over arbitrary finite field F. a positive integer degree D, I D,C = { degree-d polynomials that vanish on C }. 87

109 Hidden (Linear) Code a linear [n,k,d] code C F n over arbitrary finite field F. a positive integer degree D, I D,C = { degree-d polynomials that vanish on C }. For simplicity, assume we use F=F 2. 87

110 Hidden Code 88

111 Hidden Code Lemma A It is possible to sample a uniformly-random element of I D,C in time O(n D ). 88

112 Hidden Code Lemma A It is possible to sample a uniformly-random element of I D,C in time O(n D ). Lemma B Fix C F n 2 and β > 1, and choose βn independent uniformly-random samples from I D,C. With probability 1 2 Ω(n), the set of points on which they are all zero is exactly C. 88

113 Aaronson Public Q-Money Christiano 89

114 Aaronson Public Q-Money Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Public-key) 89

115 Aaronson Public Q-Money Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Public-key) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Public-key) 89

116 Aaronson Public Q-Money Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Public-key) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Public-key) c C,c C,i,j P i (c)=0 and Q j (c )=0 89

117 Aaronson Public Q-Money Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Public-key) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Public-key) c C,c C,i,j P i (c)=0 and Q j (c )=0 $ = c C c, [H] n $ = c C c 89

118 Aaronson Public Q-Money Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Public-key) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Public-key) c C,c C,i,j P i (c)=0 and Q j (c )=0 $ = c C c, [H] n $ = c C c checking $ : using P 1 (x),...,p βn (x), validate that $ is made only of states from C and using Q 1 (x),...,q βn (x), validate that [H] $ is made only of states from C. 89

119 Aaronson Public Q-Money Christiano 90

120 Aaronson Public Q-Money Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Public-key) 90

121 Aaronson Public Q-Money Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Public-key) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Public-key) 90

122 Aaronson Public Q-Money Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Public-key) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Public-key) c C,c C,i,j P i (c)=0 and Q j (c )=0 90

123 Aaronson Public Q-Money Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Public-key) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Public-key) c C,c C,i,j P i (c)=0 and Q j (c )=0 The special structure of (C,C ), yields an attack for degree 2 polynomials. So D must be at least 3. 90

124 Aaronson Public Q-Money Christiano P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) (Public-key) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Public-key) c C,c C,i,j P i (c)=0 and Q j (c )=0 The special structure of (C,C ), yields an attack for degree 2 polynomials. So D must be at least 3. In Q-Money C or C may be sampled once. 90

125 Public Q-Money Aaronson P 1 (x), P 2 (x),...,p βn (x) define C=Span(G) Christiano (Public-key) Q 1 (x), Q 2 (x),...,q βn (x) define C =Ker(G) (Public-key) c C,c C,i,j P i (c)=0 and Q j (c )=0 The special structure of (C,C ), yields an attack for degree 2 polynomials. So D must be at least 3. In Q-Money C or C may be sampled once. Weakens the security. Degree D=4 with sample is as hard as degree 3 without a sample. So they choose D=4. 90

126 Hidden Code Let Z D,C, ℇ be the distribution which sets Z D,C, ℇ ={ I D,C with probability 1-ℇ I D, with probability ℇ where is a random code of dimension k. Lemma C Fix C F n 2 and ℇ <1, let β=32/(1-ℇ) 2, and choose βn independent samples from Z D,C, ℇ. Let δ = 1/2 + (1 ℇ)/4. With probability 1 2 Ω(n) the set of points on which at least δβn polynomials are zero is exactly C. 91

127 Public Q-Money 92

128 Public Q-Money P 1 (x), P 2 (x),...,p β n (x) define C=Span(G) (Public-key) 92

129 Public Q-Money P 1 (x), P 2 (x),...,p β n (x) define C=Span(G) (Public-key) Q 1 (x), Q 2 (x),...,q β n (x) define C =Ker(G) (Public-key) 92

130 Public Q-Money P 1 (x), P 2 (x),...,p β n (x) define C=Span(G) (Public-key) Q 1 (x), Q 2 (x),...,q β n (x) define C =Ker(G) (Public-key) c C, c C P i (c)=0 and Q j (c )=0 with probability δ. 92

131 Public Q-Money P 1 (x), P 2 (x),...,p β n (x) define C=Span(G) (Public-key) Q 1 (x), Q 2 (x),...,q β n (x) define C =Ker(G) (Public-key) c C, c C P i (c)=0 and Q j (c )=0 with probability δ. Adding misleading polynomials may only make the assumption harder to break... 92

132 Cryptographic Money based on hidden codes (hidden sub-spaces) 93

Practical Cryptanalysis of SFLASH

Practical Cryptanalysis of SFLASH Practical Cryptanalysis of SFLASH Vivien Dubois 1, Pierre-Alain Fouque 1, Adi Shamir 1,2, and Jacques Stern 1 1 École normale supérieure Département d Informatique 45, rue d Ulm 75230 Paris cedex 05, France

More information

Masao KASAHARA. Public Key Cryptosystem, Error-Correcting Code, Reed-Solomon code, CBPKC, McEliece PKC.

Masao KASAHARA. Public Key Cryptosystem, Error-Correcting Code, Reed-Solomon code, CBPKC, McEliece PKC. A New Class of Public Key Cryptosystems Constructed Based on Reed-Solomon Codes, K(XII)SEPKC. Along with a presentation of K(XII)SEPKC over the extension field F 2 8 extensively used for present day various

More information

Advanced Cryptography

Advanced Cryptography Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.

More information

SFLASH v3, a fast asymmetric signature scheme

SFLASH v3, a fast asymmetric signature scheme SFLASH v3, a fast asymmetric signature scheme Specification of SFLASH, version 3.0., 17 October 2003 The authors still recommend SFLASH-v2, see below. Nicolas T. Courtois 1, Louis Goubin 1 and Jacques

More information

RSA Attacks. By Abdulaziz Alrasheed and Fatima

RSA Attacks. By Abdulaziz Alrasheed and Fatima RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.

More information

Post-Quantum Cryptography #4

Post-Quantum Cryptography #4 Post-Quantum Cryptography #4 Prof. Claude Crépeau McGill University http://crypto.cs.mcgill.ca/~crepeau/waterloo 185 ( 186 Attack scenarios Ciphertext-only attack: This is the most basic type of attack

More information

CS 758: Cryptography / Network Security

CS 758: Cryptography / Network Security CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the

More information

The Mathematics of the RSA Public-Key Cryptosystem

The Mathematics of the RSA Public-Key Cryptosystem The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through

More information

FAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION

FAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION FAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION INTRODUCTION GANESH ESWAR KUMAR. P Dr. M.G.R University, Maduravoyal, Chennai. Email: geswarkumar@gmail.com Every day, millions of people

More information

KALE: A High-Degree Algebraic-Resistant Variant of The Advanced Encryption Standard

KALE: A High-Degree Algebraic-Resistant Variant of The Advanced Encryption Standard KALE: A High-Degree Algebraic-Resistant Variant of The Advanced Encryption Standard Dr. Gavekort c/o Vakiopaine Bar Kauppakatu 6, 41 Jyväskylä FINLAND mjos@iki.fi Abstract. We have discovered that the

More information

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Module No. # 01 Lecture No. # 05 Classic Cryptosystems (Refer Slide Time: 00:42)

More information

Cryptography and Network Security Chapter 9

Cryptography and Network Security Chapter 9 Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,

More information

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike

More information

Notes on Network Security Prof. Hemant K. Soni

Notes on Network Security Prof. Hemant K. Soni Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications

More information

QUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University

QUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University QUANTUM COMPUTERS AND CRYPTOGRAPHY Mark Zhandry Stanford University Classical Encryption pk m c = E(pk,m) sk m = D(sk,c) m??? Quantum Computing Attack pk m aka Post-quantum Crypto c = E(pk,m) sk m = D(sk,c)

More information

Quantum Computers vs. Computers Security. @veorq http://aumasson.jp

Quantum Computers vs. Computers Security. @veorq http://aumasson.jp Quantum Computers vs. Computers Security @veorq http://aumasson.jp Schrodinger equation Entanglement Bell states EPR pairs Wave functions Uncertainty principle Tensor products Unitary matrices Hilbert

More information

A Factoring and Discrete Logarithm based Cryptosystem

A Factoring and Discrete Logarithm based Cryptosystem Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511-517 HIKARI Ltd, www.m-hikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques

More information

Cryptography: Authentication, Blind Signatures, and Digital Cash

Cryptography: Authentication, Blind Signatures, and Digital Cash Cryptography: Authentication, Blind Signatures, and Digital Cash Rebecca Bellovin 1 Introduction One of the most exciting ideas in cryptography in the past few decades, with the widest array of applications,

More information

Public Key (asymmetric) Cryptography

Public Key (asymmetric) Cryptography Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared

More information

Factorization Algorithms for Polynomials over Finite Fields

Factorization Algorithms for Polynomials over Finite Fields Degree Project Factorization Algorithms for Polynomials over Finite Fields Sajid Hanif, Muhammad Imran 2011-05-03 Subject: Mathematics Level: Master Course code: 4MA11E Abstract Integer factorization is

More information

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Modern/Public-key cryptography started in 1976 with the publication of the following paper. W. Diffie

More information

Lecture 3: One-Way Encryption, RSA Example

Lecture 3: One-Way Encryption, RSA Example ICS 180: Introduction to Cryptography April 13, 2004 Lecturer: Stanislaw Jarecki Lecture 3: One-Way Encryption, RSA Example 1 LECTURE SUMMARY We look at a different security property one might require

More information

Lightweight code-based identification and signature

Lightweight code-based identification and signature Lightweight code-based identification and signature Philippe Gaborit XLIM-DMI, Université de Limoges, 123 av Albert Thomas, 87000, Limoges, France Email: gaborit@unilimfr Marc Girault France Télécom Division

More information

Elements of Applied Cryptography Public key encryption

Elements of Applied Cryptography Public key encryption Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let

More information

CRYPTOGRAPHIC LONG-TERM SECURITY PERSPECTIVES FOR

CRYPTOGRAPHIC LONG-TERM SECURITY PERSPECTIVES FOR By JOHANNES BUCHMANN, ALEXANDER MAY, and ULRICH VOLLMER PERSPECTIVES FOR CRYPTOGRAPHIC LONG-TERM SECURITY Cryptographic long-term security is needed, but difficult to achieve. Use flexible cryptographic

More information

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport

More information

Privacy Preserving Similarity Evaluation of Time Series Data

Privacy Preserving Similarity Evaluation of Time Series Data Privacy Preserving Similarity Evaluation of Time Series Data Haohan Zhu Department of Computer Science Boston University zhu@cs.bu.edu Xianrui Meng Department of Computer Science Boston University xmeng@cs.bu.edu

More information

Associate Prof. Dr. Victor Onomza Waziri

Associate Prof. Dr. Victor Onomza Waziri BIG DATA ANALYTICS AND DATA SECURITY IN THE CLOUD VIA FULLY HOMOMORPHIC ENCRYPTION Associate Prof. Dr. Victor Onomza Waziri Department of Cyber Security Science, School of ICT, Federal University of Technology,

More information

Implementing Network Security Protocols

Implementing Network Security Protocols Implementing Network Security Protocols based on Elliptic Curve Cryptography M. Aydos, E. Savaş, and Ç. K. Koç Electrical & Computer Engineering Oregon State University Corvallis, Oregon 97331, USA {aydos,savas,koc}@ece.orst.edu

More information

Introduction to Hill cipher

Introduction to Hill cipher Introduction to Hill cipher We have explored three simple substitution ciphers that generated ciphertext C from plaintext p by means of an arithmetic operation modulo 26. Caesar cipher: The Caesar cipher

More information

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch CSC474/574 - Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a one-round Feistel cipher

More information

LUC: A New Public Key System

LUC: A New Public Key System LUC: A New Public Key System Peter J. Smith a and Michael J. J. Lennon b a LUC Partners, Auckland UniServices Ltd, The University of Auckland, Private Bag 92019, Auckland, New Zealand. b Department of

More information

SECRET sharing schemes were introduced by Blakley [5]

SECRET sharing schemes were introduced by Blakley [5] 206 IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 52, NO. 1, JANUARY 2006 Secret Sharing Schemes From Three Classes of Linear Codes Jin Yuan Cunsheng Ding, Senior Member, IEEE Abstract Secret sharing has

More information

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Network Security 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination

More information

Introduction to post-quantum cryptography

Introduction to post-quantum cryptography Introduction to post-quantum cryptography Daniel J. Bernstein Department of Computer Science, University of Illinois at Chicago. 1 Is cryptography dead? Imagine that it s fifteen years from now and someone

More information

Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human

Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human Int Jr of Mathematics Sciences & Applications Vol3, No1, January-June 2013 Copyright Mind Reader Publications ISSN No: 2230-9888 wwwjournalshubcom Mathematical Model Based Total Security System with Qualitative

More information

Short Programs for functions on Curves

Short Programs for functions on Curves Short Programs for functions on Curves Victor S. Miller Exploratory Computer Science IBM, Thomas J. Watson Research Center Yorktown Heights, NY 10598 May 6, 1986 Abstract The problem of deducing a function

More information

Public Key Cryptography: RSA and Lots of Number Theory

Public Key Cryptography: RSA and Lots of Number Theory Public Key Cryptography: RSA and Lots of Number Theory Public vs. Private-Key Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver

More information

3. Applications of Number Theory

3. Applications of Number Theory 3. APPLICATIONS OF NUMBER THEORY 163 3. Applications of Number Theory 3.1. Representation of Integers. Theorem 3.1.1. Given an integer b > 1, every positive integer n can be expresses uniquely as n = a

More information

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,

More information

Semantic Security for the McEliece Cryptosystem without Random Oracles

Semantic Security for the McEliece Cryptosystem without Random Oracles Semantic Security for the McEliece Cryptosystem without Random Oracles Ryo Nojima 1, Hideki Imai 23, Kazukuni Kobara 3, and Kirill Morozov 3 1 National Institute of Information and Communications Technology

More information

Embedding more security in digital signature system by using combination of public key cryptography and secret sharing scheme

Embedding more security in digital signature system by using combination of public key cryptography and secret sharing scheme International Journal of Computer Sciences and Engineering Open Access Research Paper Volume-4, Issue-3 E-ISSN: 2347-2693 Embedding more security in digital signature system by using combination of public

More information

3-6 Toward Realizing Privacy-Preserving IP-Traceback

3-6 Toward Realizing Privacy-Preserving IP-Traceback 3-6 Toward Realizing Privacy-Preserving IP-Traceback The IP-traceback technology enables us to trace widely spread illegal users on Internet. However, to deploy this attractive technology, some problems

More information

A New Generic Digital Signature Algorithm

A New Generic Digital Signature Algorithm Groups Complex. Cryptol.? (????), 1 16 DOI 10.1515/GCC.????.??? de Gruyter???? A New Generic Digital Signature Algorithm Jennifer Seberry, Vinhbuu To and Dongvu Tonien Abstract. In this paper, we study

More information

CIS 5371 Cryptography. 8. Encryption --

CIS 5371 Cryptography. 8. Encryption -- CIS 5371 Cryptography p y 8. Encryption -- Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: All-or-nothing secrecy.

More information

Public Key Cryptography. Performance Comparison and Benchmarking

Public Key Cryptography. Performance Comparison and Benchmarking Public Key Cryptography Performance Comparison and Benchmarking Tanja Lange Department of Mathematics Technical University of Denmark tanja@hyperelliptic.org 28.08.2006 Tanja Lange Benchmarking p. 1 What

More information

EXAM questions for the course TTM4135 - Information Security June 2010. Part 1

EXAM questions for the course TTM4135 - Information Security June 2010. Part 1 EXAM questions for the course TTM4135 - Information Security June 2010 Part 1 This part consists of 6 questions all from one common topic. The number of maximal points for every correctly answered question

More information

Solutions to Problem Set 1

Solutions to Problem Set 1 YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Handout #8 Zheng Ma February 21, 2005 Solutions to Problem Set 1 Problem 1: Cracking the Hill cipher Suppose

More information

MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins

MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins The RSA encryption scheme works as follows. In order to establish the necessary public

More information

Basic Algorithms In Computer Algebra

Basic Algorithms In Computer Algebra Basic Algorithms In Computer Algebra Kaiserslautern SS 2011 Prof. Dr. Wolfram Decker 2. Mai 2011 References Cohen, H.: A Course in Computational Algebraic Number Theory. Springer, 1993. Cox, D.; Little,

More information

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

More information

Mathematics Course 111: Algebra I Part IV: Vector Spaces

Mathematics Course 111: Algebra I Part IV: Vector Spaces Mathematics Course 111: Algebra I Part IV: Vector Spaces D. R. Wilkins Academic Year 1996-7 9 Vector Spaces A vector space over some field K is an algebraic structure consisting of a set V on which are

More information

Polynomials and Cryptography

Polynomials and Cryptography .... Polynomials and Cryptography Michele Elia Dipartimento di Elettronica Politecnico di Torino Bunny 1 Trento, 10 marzo 2011 Preamble Polynomials have always occupied a prominent position in mathematics.

More information

Cryptography. Helmer Aslaksen Department of Mathematics National University of Singapore

Cryptography. Helmer Aslaksen Department of Mathematics National University of Singapore Cryptography Helmer Aslaksen Department of Mathematics National University of Singapore aslaksen@math.nus.edu.sg www.math.nus.edu.sg/aslaksen/sfm/ 1 Basic Concepts There are many situations in life where

More information

Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis

Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis by Susana Sin A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master

More information

Network Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5)

Network Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5) Network Security Security Crytographic algorithms Security Services Secret key (DES) Public key (RSA) Message digest (MD5) privacy authenticity Message integrity Secret Key Encryption Plain text Plain

More information

An efficient and provably secure public key encryption scheme based on coding theory

An efficient and provably secure public key encryption scheme based on coding theory SECUITY AND COMMUNICATION NETWOKS Security Comm. Networks (2010) Published online in Wiley Online Library (wileyonlinelibrary.com)..274 ESEACH ATICLE An efficient and provably secure public key encryption

More information

Cryptography and Network Security Chapter 10

Cryptography and Network Security Chapter 10 Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 10 Other Public Key Cryptosystems Amongst the tribes of Central

More information

Symmetric Key cryptosystem

Symmetric Key cryptosystem SFWR C03: Computer Networks and Computer Security Mar 8-11 200 Lecturer: Kartik Krishnan Lectures 22-2 Symmetric Key cryptosystem Symmetric encryption, also referred to as conventional encryption or single

More information

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Introduction to Cryptography What is cryptography?

More information

Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may

Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may Number Theory Divisibility and Primes Definition. If a and b are integers and there is some integer c such that a = b c, then we say that b divides a or is a factor or divisor of a and write b a. Definition

More information

Application of cube attack to block and stream ciphers

Application of cube attack to block and stream ciphers Application of cube attack to block and stream ciphers Janusz Szmidt joint work with Piotr Mroczkowski Military University of Technology Military Telecommunication Institute Poland 23 czerwca 2009 1. Papers

More information

International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013

International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013 FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,

More information

Applied Cryptography Public Key Algorithms

Applied Cryptography Public Key Algorithms Applied Cryptography Public Key Algorithms Sape J. Mullender Huygens Systems Research Laboratory Universiteit Twente Enschede 1 Public Key Cryptography Independently invented by Whitfield Diffie & Martin

More information

An Efficient Data Security in Cloud Computing Using the RSA Encryption Process Algorithm

An Efficient Data Security in Cloud Computing Using the RSA Encryption Process Algorithm An Efficient Data Security in Cloud Computing Using the RSA Encryption Process Algorithm V.Masthanamma 1,G.Lakshmi Preya 2 UG Scholar, Department of Information Technology, Saveetha School of Engineering

More information

ECE 842 Report Implementation of Elliptic Curve Cryptography

ECE 842 Report Implementation of Elliptic Curve Cryptography ECE 842 Report Implementation of Elliptic Curve Cryptography Wei-Yang Lin December 15, 2004 Abstract The aim of this report is to illustrate the issues in implementing a practical elliptic curve cryptographic

More information

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a

More information

2010 JOURNAL OF SOFTWARE, VOL. 9, NO. 8, AUGUST 2014

2010 JOURNAL OF SOFTWARE, VOL. 9, NO. 8, AUGUST 2014 2010 JOURNAL OF SOFTWARE VOL. 9 NO. 8 AUGUST 2014 Analysis of a Multivariate Public Key Cryptosystem and Its Application in Software Copy Protection Ning Huang Center of Modern Educational Technology Gannan

More information

Review of methods for secret sharing in cloud computing

Review of methods for secret sharing in cloud computing Review of methods for secret sharing in cloud computing Dnyaneshwar Supe Amit Srivastav Dr. Rajesh S. Prasad Abstract:- Cloud computing provides various IT services. Many companies especially those who

More information

Lukasz Pater CMMS Administrator and Developer

Lukasz Pater CMMS Administrator and Developer Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign

More information

ALGEBRAIC CRYPTANALYSIS OF AES: AN OVERVIEW

ALGEBRAIC CRYPTANALYSIS OF AES: AN OVERVIEW ALGEBRAIC CRYPTANALYSIS OF AES: AN OVERVIEW HARRIS NOVER Abstract. In this paper, we examine algebraic attacks on the Advanced Encryption Standard (AES, also known as Rijndael). We begin with a brief review

More information

Digital Signature. Raj Jain. Washington University in St. Louis

Digital Signature. Raj Jain. Washington University in St. Louis Digital Signature Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 3: Block ciphers and DES Ion Petre Department of IT, Åbo Akademi University January 17, 2012 1 Data Encryption Standard

More information

Table of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch

Table of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch 1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...

More information

Computer Science 308-547A Cryptography and Data Security. Claude Crépeau

Computer Science 308-547A Cryptography and Data Security. Claude Crépeau Computer Science 308-547A Cryptography and Data Security Claude Crépeau These notes are, largely, transcriptions by Anton Stiglic of class notes from the former course Cryptography and Data Security (308-647A)

More information

Discrete Mathematics, Chapter 4: Number Theory and Cryptography

Discrete Mathematics, Chapter 4: Number Theory and Cryptography Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility

More information

Fuzzy Identity-Based Encryption

Fuzzy Identity-Based Encryption Fuzzy Identity-Based Encryption Janek Jochheim June 20th 2013 Overview Overview Motivation (Fuzzy) Identity-Based Encryption Formal definition Security Idea Ingredients Construction Security Extensions

More information

Implementation of Elliptic Curve Digital Signature Algorithm

Implementation of Elliptic Curve Digital Signature Algorithm Implementation of Elliptic Curve Digital Signature Algorithm Aqeel Khalique Kuldip Singh Sandeep Sood Department of Electronics & Computer Engineering, Indian Institute of Technology Roorkee Roorkee, India

More information

Software Tool for Implementing RSA Algorithm

Software Tool for Implementing RSA Algorithm Software Tool for Implementing RSA Algorithm Adriana Borodzhieva, Plamen Manoilov Rousse University Angel Kanchev, Rousse, Bulgaria Abstract: RSA is one of the most-common used algorithms for public-key

More information

CRYPTOGRAPHY IN NETWORK SECURITY

CRYPTOGRAPHY IN NETWORK SECURITY ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

More information

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian

More information

Capture Resilient ElGamal Signature Protocols

Capture Resilient ElGamal Signature Protocols Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department

More information

Mathematics of Cryptography Modular Arithmetic, Congruence, and Matrices. A Biswas, IT, BESU SHIBPUR

Mathematics of Cryptography Modular Arithmetic, Congruence, and Matrices. A Biswas, IT, BESU SHIBPUR Mathematics of Cryptography Modular Arithmetic, Congruence, and Matrices A Biswas, IT, BESU SHIBPUR McGraw-Hill The McGraw-Hill Companies, Inc., 2000 Set of Integers The set of integers, denoted by Z,

More information

EFFICIENT ROOT FINDING OF POLYNOMIALS OVER FIELDS OF CHARACTERISTIC 2

EFFICIENT ROOT FINDING OF POLYNOMIALS OVER FIELDS OF CHARACTERISTIC 2 EFFICIENT ROOT FINDING OF POLYNOMIALS OVER FIELDS OF CHARACTERISTIC 2 Vincent Herbert (Joint work with Bhaskar Biswas) WEWoRC 2009 INRIA Paris Rocquencourt V. Herbert (WEWoRC 2009) SECRET Project Team

More information

1 Message Authentication

1 Message Authentication Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions

More information

Overview of Public-Key Cryptography

Overview of Public-Key Cryptography CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows

More information

Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography Kommunikationssysteme (KSy) - Block 8 Secure Network Communication Part II II Public Key Cryptography Dr. Andreas Steffen 2000-2001 A. Steffen, 28.03.2001, KSy_RSA.ppt 1 Secure Key Distribution Problem

More information

The Dirichlet Unit Theorem

The Dirichlet Unit Theorem Chapter 6 The Dirichlet Unit Theorem As usual, we will be working in the ring B of algebraic integers of a number field L. Two factorizations of an element of B are regarded as essentially the same if

More information

Lecture 6 - Cryptography

Lecture 6 - Cryptography Lecture 6 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07 Question 2 Setup: Assume you and I don t know anything about

More information

On an algorithm for classification of binary self-dual codes with minimum distance four

On an algorithm for classification of binary self-dual codes with minimum distance four Thirteenth International Workshop on Algebraic and Combinatorial Coding Theory June 15-21, 2012, Pomorie, Bulgaria pp. 105 110 On an algorithm for classification of binary self-dual codes with minimum

More information

Cryptography & Digital Signatures

Cryptography & Digital Signatures Cryptography & Digital Signatures CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration Prof. Sloan s Slides, 2007, 2008 Robert H.

More information

Network Security: Cryptography CS/SS G513 S.K. Sahay

Network Security: Cryptography CS/SS G513 S.K. Sahay Network Security: Cryptography CS/SS G513 S.K. Sahay BITS-Pilani, K.K. Birla Goa Campus, Goa S.K. Sahay Network Security: Cryptography 1 Introduction Network security: measure to protect data/information

More information

Outline. Cryptography. Bret Benesh. Math 331

Outline. Cryptography. Bret Benesh. Math 331 Outline 1 College of St. Benedict/St. John s University Department of Mathematics Math 331 2 3 The internet is a lawless place, and people have access to all sorts of information. What is keeping people

More information

Study of algorithms for factoring integers and computing discrete logarithms

Study of algorithms for factoring integers and computing discrete logarithms Study of algorithms for factoring integers and computing discrete logarithms First Indo-French Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department

More information

Security in communication networks

Security in communication networks Security in communication networks by MARTIN E. HELLMAN Stanford University Stanford, California INTRODUCTION It may seem anomolous that electronic mail and other computer communication systems require

More information

arxiv:1010.3163v1 [cs.cr] 15 Oct 2010

arxiv:1010.3163v1 [cs.cr] 15 Oct 2010 The Digital Signature Scheme MQQ-SIG Intellectual Property Statement and Technical Description 10 October 2010 Danilo Gligoroski 1 and Svein Johan Knapskog 2 and Smile Markovski 3 and Rune Steinsmo Ødegård

More information

Lecture Note 8 ATTACKS ON CRYPTOSYSTEMS I. Sourav Mukhopadhyay

Lecture Note 8 ATTACKS ON CRYPTOSYSTEMS I. Sourav Mukhopadhyay Lecture Note 8 ATTACKS ON CRYPTOSYSTEMS I Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Attacks on Cryptosystems Up to this point, we have mainly seen how ciphers are implemented. We

More information