# Lecture 17: Re-encryption

Save this PDF as:

Size: px
Start display at page:

## Transcription

1 Special Topics in Theoretical Cryptography April 2, 2007 Instructor: Susan Hohenberger Lecture 17: Re-encryption Scribe: Zachary Scott Today s lecture was given by Matt Green. 1 Motivation Proxy re-encryption is a relatively newly-devised cryptographic primitive. The goal of proxy re-encryption is to securely enable the reencryption of ciphertexts from one secret key to another, without relying on trusted parties. Example Alice receives s from many clients encrypted under her public key. When she leaves for summer vacation, she wants to delegate her to Bob, but does not want to share a secret key with him. 2 Approaches 2.1 Naïve Way Alice simply stores her secret key on the mail server. When mail arrives for her, the mail server decrypts using her stored secret key and reencrypts using Bob s public key. C a = Encrypt P Ka (M) C b = Encrypt P Kb (Decrypt SKa (C a )) The obvious problem with this strategy is that the mail server must be completely trusted - an unlikely real-world expectation. Up til 1997, this was unfortunately the best solution available. That year, Mambo and Okamoto suggested that there may be more efficient approaches involving partial decryptions, but offered no additional security benefits for Alice s secret key. [MO97] 2.2 Atomic Re-encryption: Blaze, Bleumer & Strauss, 1998 The BBS approach is based on the ElGamal cryptosystem and introduces the notion of a re-encryption key RK A B. [BBS98] Using RK A B allows the proxy to re-encrypt from one secret key to another without ever learning the plaintext. Let s recall the BBS re-encryption scheme. 17-1

2 Key Generation: < g >= G of prime order q. SK a = a Z q, randomly selected. P K a = g a RK A B = b/a = b a 1 (mod q) SK b = b Z q, randomly selected. P K b = g b Encryption: m G, random r Z q C a = (g r m, g ar ) Decryption: m = gr m (g ar ) 1/a Re-encryption: C a = (g r m, g ar ) C b = (g r m, (g ar ) RK A B) = (g r m, (g ar ) b/a ) = (g r m, g br ) Since the BBS proxy re-encryption algorithm is based on ElGamal, the ciphertext is semantically secure. Furthermore, without knowing a or b the proxy (mail server) cannot distinguish between RK A B = b/a and any random element of Z q. This scheme is very elegant. However, there are several issues that one might want to improve on: Bidirectionality: The proxy can compute (RK A B ) 1 = a/b, which would enable it to re-encrypt Bob s messages under Alice s key - Bob may not like this. Collusion: If the proxy colludes with Alice, it is trivial for them both to learn SK B. Likewise, the proxy and Bob may collude to learn Alice s secret key. Re-encryption key generation: In order to compute RK A B, one party must share his or her secret key with the other or they must rely on a trusted third party or compute some secure multiparty computation with the proxy. Can we do better? 2.3 Unidirectional Proxy Re-encryption We wish to improve on BBS in the following ways: No pre-sharing: Only require the use of SK a and P K b to create a re-encryption key from Alice to Bob. That is, Bob s secret key is not required. Unidirectionality: A re-encryption key from Alice to Bob should not allow re-encryptions from Bob to Alice. 17-2

3 Collusion-resistance: Even if working together, Alice and the proxy should not be able to learn anything about Bob s secret key. (Note that no pre-sharing seems to imply this nice collusion resistance property.) Related Attempt: Dodis & Ivan, 2003 In 2003, Dodis and Ivan proposed a general scheme for proxy encryption (not re-encryption) using only standard public key cryptosystems. [DI03] However, their system required Alice and Bob to pre-share a secret. Although it is clear that such a pre-sharing phase is possible to accomplish securely (e.g., via Diffie-Hellman), it is undesireable. It may be that Alice and Bob have no prior relationship whatsoever and bidirectional communication is impossible Ateniese, Fu, Green & Hohenberger, 2005 In 2005, Ateniese et al. constructed the first unidirectional, collusion resistant re-encryption without any required pre-sharing between parties, based on bilinear maps[afgh06]. We will first review this algebraic setting and then describe their scheme. Bilinear Maps Bilinear maps gained great popularity in cryptography in 2001 when Boneh and Franklin used them to construct a special type of encryption scheme. Let s review the basics here. Let G 1, G 2, G 3 be cyclic groups of prime order q. Function e : G 1 G 2 G 3 is a bilinear map iff for all g 1 G 1, g 2 G 2, a, b Z q, that e(g a 1, gb 2 ) = e(g 1, g 2 ) ab. This proxy re-encryption algorithm uses bilinear maps of the form e : G 1 G 1 G 2, where G 1 =< g >. e must be efficiently computable. Also, e must be non-degenerate; that is, < e(g, g) >= G 2. Note that with bilinear maps, the traditional Diffie-Hellman problem is not computationally difficult: DDH: Given (g, g a, g b, g c ), is g ab = g c? This is equivalent to asking if e(g, g c ) = e(g a, g b ) Z c = Z ab (where Z = e(g, g)). If e is efficiently computable (as is required by the re-encryption algorithm), then so is the DDH problem. Therefore, cryptosystems using bilinear maps occasionally rely on the Decisional Bilinear Diffie-Hellman (DBDH) assumption and its related Inversion (DBDHI): DBDH: Given (g, g a, g b, g c (all G 1 ), T G 2 ), is T = e(g, g) abc? k-dbdhi: Given (g, g y, g y2...g yk (all in G 1 ), T G 2 ), is T = e(g, g) 1/y? See [Bet] for more information on Bilinear Maps and complexity assumptions. 17-3

4 The AFGH Algorithm Key Generation: < g >= G 1 of prime order q. SK a = a Z q, randomly selected. P K a = g a random r Z q Z = e(g, g) RK A B = (g b ) 1/a = g b/a SK b = b Z q, randomly selected. P K b = g b Encryption: m G 2. C a = (Z r m, g ra ) Decryption (Alice): m = Zr m e(g ra,g 1/a ) = Zr m Z r Re-encryption: C a = (Z r m, g ra ) C b = (Z r m, e(g ra, RK A B )) = (Z r m, e(g ra, g b/a )) = (Z r m, Z rb ) Decryption (Bob): m = Analysis Zr m (Z rb ) 1/b This algorithm offers several nice features (but it is still not perfect!). Let s take a closer look at its properties. No pre-sharing of secret keys. That is, Alice is able to compute RK A B using only SK a and P K b ; Bob does not need to share SK b with Alice or any other party in order for the proxy re-encryption to function. It is non-interactive: only Bob s public key and Alice s secret key are used to create the re-encryption key, so no prior arrangement or secret sharing is necessary. Taken together with the lack of pre-sharing, this means that Alice may use this scheme without any prior knowledge on the part of Bob. Proxy security is maintained. There is no way for the proxy to read the messages it is re-encrypting or extract either party s secret keys (on its own). It is unidirectional under the Inverse Exponent Assumption (equivalent to the Diffie- Hellman Assumption): the proxy cannot calculate g a/b from g b/a, and so Bob s ciphertexts cannot be re-encrypted for Alice. 17-4

6 Alice may also act as a Group Manager. She would then be responsible for encrypting all of the stored AES keys under her SK a, and computing re-encryption keys as necessary for subordinates/coworkers to access the files they need. AFGH [AFGH06] implemented this filesystem on top of the Chefs networked file system using 128-bit AES. Running on a 2.8Ghz Pentium IV using an elliptic-curve crypto library, the system took 7.7ms for encryption, 21.7ms for re-encryption and 3.4ms for the final decryption. This performance was impractical when each filesystem block was encrypted separately, but was within range of practicality when encryption was performed on a more conventional per-file basis. Additional Applications Proxy re-encryption has also been used as the basis for program obfuscation. It is also being studied in relation to Identity-Based Encryption (IBE) and re-signature schemes. References [AFGH06] G. Ateniese, K. Fu, M. Green, and S. Hohenberger. Improved Proxy Reencryption Schemes with Applications to Secure Distributed Storage. In NDSS, [BBS98] M. Blaze, G. Bleumer, and M. Strauss. Divertable protocols and atomic proxy cryptography. In EUROCRYPT, [Bet] John Bethancourt. Intro to Bilinear Maps. ~bethenco/bilinear_maps.pdf. [Online; accessed 8-April-2007]. [DI03] Y. Dodis and A. Ivan. Proxy Cryptography Revisited. In NDSS, [MO97] M. Mambo and E. Okamoto. Proxy Cryptosystems: Delegation of the Power to Decrypt Ciphertexts. In TFECCS,

### Improved Proxy Re-encryption Schemes with Applications to Secure Distributed Storage

Improved Proxy Re-encryption Schemes with Applications to Secure Distributed Storage GIUSEPPE ATENIESE The Johns Hopkins University KEVIN FU University of Massachusetts, Amherst MATTHEW GREEN The Johns

### Improved Proxy Re-Encryption Schemes with Applications to Secure Distributed Storage

Improved Proxy Re-Encryption Schemes with Applications to Secure Distributed Storage Giuseppe Ateniese Kevin Fu Matthew Green Susan Hohenberger Abstract In 1998, Blaze, Bleumer, and Strauss (BBS) proposed

### International Electronic Journal of Pure and Applied Mathematics IEJPAM, Volume 8, No. 2 (2014)

International Electronic Journal of Pure and Applied Mathematics Volume 8 No. 2 2014, 41-52 ISSN: 1314-0744 url: http://www.e.ijpam.eu doi: http://dx.doi.org/10.12732/iejpam.v8i2.1 A FRAMEWORK FOR SECURE

### Improved Proxy Re-Encryption Schemes with Applications to Secure Distributed Storage

Improved Proxy Re-Encryption Schemes with Applications to Secure Distributed Storage Giuseppe Ateniese Kevin Fu Matthew Green Susan Hohenberger Abstract In 1998, Blaze, Bleumer, and Strauss (BBS) proposed

### Categorical Heuristic for Attribute Based Encryption in the Cloud Server

Categorical Heuristic for Attribute Based Encryption in the Cloud Server R. Brindha 1, R. Rajagopal 2 1( M.E, Dept of CSE, Vivekanandha Institutes of Engineering and Technology for Women, Tiruchengode,

### Lecture 25: Pairing-Based Cryptography

6.897 Special Topics in Cryptography Instructors: Ran Canetti and Ron Rivest May 5, 2004 Lecture 25: Pairing-Based Cryptography Scribe: Ben Adida 1 Introduction The field of Pairing-Based Cryptography

### ID-based Cryptography and Smart-Cards

ID-based Cryptography and Smart-Cards Survol des techniques cryptographiques basées sur l identité et implémentation sur carte à puce The Need for Cryptography Encryption! Transform a message so that only

### Overview of Public-Key Cryptography

CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows

### Public Key Cryptography. Basic Public Key Cryptography

Public Key Cryptography EJ Jung Basic Public Key Cryptography public key public key? private key Alice Bob Given: Everybody knows Bob s public key - How is this achieved in practice? Only Bob knows the

### Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

Kommunikationssysteme (KSy) - Block 8 Secure Network Communication Part II II Public Key Cryptography Dr. Andreas Steffen 2000-2001 A. Steffen, 28.03.2001, KSy_RSA.ppt 1 Secure Key Distribution Problem

### Cryptography. Identity-based Encryption. Jean-Sébastien Coron and David Galindo. May 15, 2014. Université du Luxembourg

Identity-based Encryption Université du Luxembourg May 15, 2014 Summary Identity-Based Encryption (IBE) What is Identity-Based Encryption? Difference with conventional PK cryptography. Applications of

### Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

### Improved Proxy Re-Encryption Schemes with Applications to Secure Distributed Storage

Improved Proxy Re-Encryption Schemes with Applications to Secure Distributed Storage Giuseppe Ateniese Kevin Fu Matthew Green Susan Hohenberger Abstract In 1998, Blaze, Bleumer, and Strauss proposed an

### Key Privacy for Identity Based Encryption

Key Privacy for Identity Based Encryption Internet Security Research Lab Technical Report 2006-2 Jason E. Holt Internet Security Research Lab Brigham Young University c 2006 Brigham Young University March

### Sharing Of Multi Owner Data in Dynamic Groups Securely In Cloud Environment

Sharing Of Multi Owner Data in Dynamic Groups Securely In Cloud Environment Deepa Noorandevarmath 1, Rameshkumar H.K 2, C M Parameshwarappa 3 1 PG Student, Dept of CS&E, STJIT, Ranebennur. Karnataka, India

### RSA Cryptosystem. Yufei Tao. Department of Computer Science and Engineering Chinese University of Hong Kong. RSA Cryptosystem

Yufei Tao Department of Computer Science and Engineering Chinese University of Hong Kong In this lecture, we will discuss the RSA cryptosystem, which is widely adopted as a way to encrypt a message, or

### SELS: A Secure E-mail List Service *

SELS: A Secure E-mail List Service * Himanshu Khurana NCSA Work done with Adam Slagell and Rafael Bonilla * To appear in the Security Track of the ACM Symposium of Applied Computing (SAC), March 2005.

### CS 758: Cryptography / Network Security

CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html

### F3ildCrypt: End-to-End Protection of Sensitive Information in Web Services

F3ildCrypt: End-to-End Protection of Sensitive Information in Web Services Matthew Burnside and Angelos D. Keromytis Department of Computer Science Columbia University {mb, angelos}@cs.columbia.edu ISC

### IEEE Draft P1363.3. Identity Based Public Key Cryptography Based On Pairings. Daniel Schliebner. 14. Dezember 2009

Identity Based Public Key Cryptography Based On Pairings 14. Dezember 2009 Gliederung Introduction Identity Based Encryption The Protocol Security Of The Protocol Discussion About The Headline Identity

### Digital Signatures. Good properties of hand-written signatures:

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it is a part of the document) 4. Signed document is

### CIS 5371 Cryptography. 8. Encryption --

CIS 5371 Cryptography p y 8. Encryption -- Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: All-or-nothing secrecy.

### PUBLIC KEY ENCRYPTION

PUBLIC KEY ENCRYPTION http://www.tutorialspoint.com/cryptography/public_key_encryption.htm Copyright tutorialspoint.com Public Key Cryptography Unlike symmetric key cryptography, we do not find historical

### Combined Proxy Re-Encryption

Combined Proxy Re-Encryption Orange Labs, Applied Crypto Group, Université de Caen Basse-Normandie, GREYC, Sébastien Canard et Julien Devigne Journées C2 2012, Dinard Proxy Re-Encryption ( PRE ) Second

### Identity-Based Encryption from the Weil Pairing

Appears in SIAM J. of Computing, Vol. 32, No. 3, pp. 586-615, 2003. An extended abstract of this paper appears in the Proceedings of Crypto 2001, volume 2139 of Lecture Notes in Computer Science, pages

### Fuzzy Identity-Based Encryption

Fuzzy Identity-Based Encryption Janek Jochheim June 20th 2013 Overview Overview Motivation (Fuzzy) Identity-Based Encryption Formal definition Security Idea Ingredients Construction Security Extensions

### SFWR ENG 4C03 - Computer Networks & Computer Security

KEY MANAGEMENT SFWR ENG 4C03 - Computer Networks & Computer Security Researcher: Jayesh Patel Student No. 9909040 Revised: April 4, 2005 Introduction Key management deals with the secure generation, distribution,

### Efficient Unlinkable Secret Handshakes for Anonymous Communications

보안공학연구논문지 (Journal of Security Engineering), 제 7권 제 6호 2010년 12월 Efficient Unlinkable Secret Handshakes for Anonymous Communications Eun-Kyung Ryu 1), Kee-Young Yoo 2), Keum-Sook Ha 3) Abstract The technique

### UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Introduction to Cryptography ECE 597XX/697XX

UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 6 Introduction to Public-Key Cryptography Israel Koren ECE597/697 Koren Part.6.1

### Chapter 10 Asymmetric-Key Cryptography

Chapter 10 Asymmetric-Key Cryptography Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 10.1 Chapter 10 Objectives To distinguish between two cryptosystems: symmetric-key

### 3-6 Toward Realizing Privacy-Preserving IP-Traceback

3-6 Toward Realizing Privacy-Preserving IP-Traceback The IP-traceback technology enables us to trace widely spread illegal users on Internet. However, to deploy this attractive technology, some problems

### CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and

### 1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?

### Lecture 3: One-Way Encryption, RSA Example

ICS 180: Introduction to Cryptography April 13, 2004 Lecturer: Stanislaw Jarecki Lecture 3: One-Way Encryption, RSA Example 1 LECTURE SUMMARY We look at a different security property one might require

### Midterm Exam Solutions CS161 Computer Security, Spring 2008

Midterm Exam Solutions CS161 Computer Security, Spring 2008 1. To encrypt a series of plaintext blocks p 1, p 2,... p n using a block cipher E operating in electronic code book (ECB) mode, each ciphertext

### SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,

### CS Asymmetric-key Encryption. Prof. Clarkson Spring 2016

CS 5430 Asymmetric-key Encryption Prof. Clarkson Spring 2016 Review: block ciphers Encryption schemes: Enc(m; k): encrypt message m under key k Dec(c; k): decrypt ciphertext c with key k Gen(len): generate

### Chapter 10 Asymmetric-Key Cryptography

Chapter 10 Asymmetric-Key Cryptography Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 10.1 Chapter 10 Objectives Present asymmetric-key cryptography. Distinguish

### Secure Attribute Based Mechanism through Access cipher policy in Outsourced Cloud Data

Secure Attribute Based Mechanism through Access cipher policy in Outsourced Cloud Data V.Abinaya PG Scholar Kalasalingam Institute of Technology Krishnankoil. V.Ramesh Assistant professor Kalasalingam

### New Efficient Searchable Encryption Schemes from Bilinear Pairings

International Journal of Network Security, Vol.10, No.1, PP.25 31, Jan. 2010 25 New Efficient Searchable Encryption Schemes from Bilinear Pairings Chunxiang Gu and Yuefei Zhu (Corresponding author: Chunxiang

### SECURITY IN NETWORKS

SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,

### CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

### Homework 7. Using the monoalphabetic cipher in Figure 8.3, encode the message This is an easy problem. Decode the message rmij u uamu xyj.

Problems: 1 to 11. Homework 7 Question: 1 Using the monoalphabetic cipher in Figure 8.3, encode the message This is an easy problem. Decode the message rmij u uamu xyj. This is an easy problem. > uasi

### An Introduction to Identity-based Cryptography CSEP 590TU March 2005 Carl Youngblood

An Introduction to Identity-based Cryptography CSEP 590TU March 2005 Carl Youngblood One significant impediment to the widespread adoption of public-key cryptography is its dependence on a public-key infrastructure

### Public Key Cryptography: RSA and Lots of Number Theory

Public Key Cryptography: RSA and Lots of Number Theory Public vs. Private-Key Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver

### Attribute-Based Cryptography. Lecture 21 And Pairing-Based Cryptography

Attribute-Based Cryptography Lecture 21 And Pairing-Based Cryptography 1 Identity-Based Encryption 2 Identity-Based Encryption In PKE, KeyGen produces a random (PK,SK) pair 2 Identity-Based Encryption

### Identity-based encryption and Generic group model (work in progress) Peeter Laud Arvutiteaduse teooriaseminar Tallinn, 05.01.2012

Identity-based encryption and Generic group model (work in progress) Peeter Laud Arvutiteaduse teooriaseminar Tallinn, 05.01.2012 Identity-based encryption Public-key encryption, where public key = name

### 1 Message Authentication

Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions

### Concrete Attribute-Based Encryption Scheme with Verifiable Outsourced Decryption

Concrete Attribute-Based Encryption Scheme with Verifiable Outsourced Decryption Abstract: Charan 1, K Dinesh Kumar 2, D Arun Kumar Reddy 3 1 P.G Scholar, 2 Assistant Professor, 3 Associate Professor 1,2,3

### Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret

### 1 Pseudorandom Permutations

Theoretical Foundations of Cryptography Lecture 9 Georgia Tech, Spring 2010 PRPs, Symmetric Encryption 1 Pseudorandom Permutations Instructor: Chris Peikert Scribe: Pushkar Tripathi In the first part of

### Public-Key Cryptography. Oregon State University

Public-Key Cryptography Çetin Kaya Koç Oregon State University 1 Sender M Receiver Adversary Objective: Secure communication over an insecure channel 2 Solution: Secret-key cryptography Exchange the key

### The application of prime numbers to RSA encryption

The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered

### Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem

Digital Signatures Murat Kantarcioglu Based on Prof. Li s Slides Digital Signatures: The Problem Consider the real-life example where a person pays by credit card and signs a bill; the seller verifies

### CS3235 - Computer Security Third topic: Crypto Support Sys

Systems used with cryptography CS3235 - Computer Security Third topic: Crypto Support Systems National University of Singapore School of Computing (Some slides drawn from Lawrie Brown s, with permission)

### Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian

### CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 1 January 9, 2012 CPSC 467b, Lecture 1 1/22 Course Overview Symmetric Cryptography CPSC 467b, Lecture 1 2/22 Course Overview CPSC

### A New Credit Card Payment Scheme Using Mobile Phones Based on Visual Cryptography

A New Credit Card Payment Scheme Using Mobile Phones Based on Visual Cryptography Chao-Wen Chan and Chih-Hao Lin Graduate School of Computer Science and Information Technology, National Taichung Institute

### Public-Key Encryption (Asymmetric Encryption)

Public-Key Encryption (Asymmetric Encryption) Summer School, Romania 2014 Marc Fischlin 13. Oktober 2010 Dr.Marc Fischlin Kryptosicherheit 1 The story so far (Private-Key Crypto) Alice establish secure

### A short primer on cryptography

A short primer on cryptography A. V. Atanasov April 14 2007 1 Preliminaries (This section is an introduction to the referred mathematical concepts. Feel free to skip it if you are familiar with the first

### Public Key Cryptography. c Eli Biham - March 30, 2011 258 Public Key Cryptography

Public Key Cryptography c Eli Biham - March 30, 2011 258 Public Key Cryptography Key Exchange All the ciphers mentioned previously require keys known a-priori to all the users, before they can encrypt

### Security and Cryptography 1. Stefan Köpsell, Thorsten Strufe. Module 4: Basic Crypto, Stream Ciphers

Security and Cryptography 1 Stefan Köpsell, Thorsten Strufe Module 4: Basic Crypto, Stream Ciphers Disclaimer: Günter Schäfer, Mark Manulis, large parts from Dan Boneh Dresden, WS 16/17 Reprise from the

### Dealing Cards in Poker Games

1 Dealing Cards in Poker Games Philippe Golle Palo Alto Research Center pgolle@parc.com Abstract This paper proposes a new protocol for shuffling and dealing cards, that is designed specifically for games

### Outsourcing the Decryption of ABE Ciphertexts

Outsourcing the Decryption of ABE Ciphertexts Matthew Green and Susan Hohenberger Johns Hopkins University Brent Waters UT Austin Background A problem Securing records in a data-sharing environment E.g.,

### cryptography s642 computer security adam everspaugh

cryptography s642 adam everspaugh ace@cs.wisc.edu computer security today Cryptography intro Crypto primitives / Symmetric and asymmetric crypto / MACs / Digital signatures / Key exchange Provable security

### Lecture 9: Application of Cryptography

Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that

### YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 1 (rev. 1) Professor M. J. Fischer September 3, 2008 1 Course Overview Lecture Notes 1 This course is

### Security usually depends on the secrecy of the key, not the secrecy of the algorithm (i.e., the open design model!)

1 A cryptosystem has (at least) five ingredients: 1. 2. 3. 4. 5. Plaintext Secret Key Ciphertext Encryption algorithm Decryption algorithm Security usually depends on the secrecy of the key, not the secrecy

### Yevgeniy Dodis, Ilya Mironov, Noah Stephens-Davidowitz. Cryptographic Reverse Firewalls

Cryptographic Reverse Firewalls Yevgeniy Dodis (NYU) Ilya Mironov (Google) Noah Stephens-Davidowitz (NYU) Act I: Cryptography in Crisis Classical Crypto Classical Crypto Classical Crypto Classical Crypto

### An Efficient and Secure Data Sharing Framework using Homomorphic Encryption in the Cloud

An Efficient and Secure Data Sharing Framework using Homomorphic Encryption in the Cloud Sanjay Madria Professor and Site Director for NSF I/UCRC Center on Net-Centric Software and Systems Missouri University

### Introduction to Symmetric and Asymmetric Cryptography

Introduction to Symmetric and Asymmetric Cryptography Ali E. Abdallah Birmingham CityUniversity Email: Ali.Abdallah@bcu.ac.uk Lectures are part of the project: ConSoLiDatE Multi-disciplinary Cooperation

### Introduction to Cryptography

Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication

### Identity based cryptography

Identity based cryptography The case of encryption schemes David Galindo d.galindo@cs.ru.nl Security of Systems Department of Computer Science Radboud Universiteit Nijmegen Identity based cryptography

### The Mathematics of the RSA Public-Key Cryptosystem

The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through

### Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the

### Introduction to Cryptography CS 355

Introduction to Cryptography CS 355 Lecture 30 Digital Signatures CS 355 Fall 2005 / Lecture 30 1 Announcements Wednesday s lecture cancelled Friday will be guest lecture by Prof. Cristina Nita- Rotaru

Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.

### VoteID 2011 Internet Voting System with Cast as Intended Verification

VoteID 2011 Internet Voting System with Cast as Intended Verification September 2011 VP R&D Jordi Puiggali@scytl.com Index Introduction Proposal Security Conclusions 2. Introduction Client computers could

### Today ENCRYPTION. Cryptography example. Basic principles of cryptography

Today ENCRYPTION The last class described a number of problems in ensuring your security and privacy when using a computer on-line. This lecture discusses one of the main technological solutions. The use

### Public Key Infrastructure

Public Key Infrastructure Yan Huang Credit: David Evans (UVA) Using RSA to Encrypt Use 2048-bit modulus (recommended) Encrypt 1MB file 4096 2048-bit messages Each M e requires log 2 (e) 1024-bit number

### A Study on Asymmetric Key Cryptography Algorithms

A Study on Asymmetric Key Cryptography Algorithms ASAITHAMBI.N School of Computer Science and Engineering, Bharathidasan University, Trichy, asaicarrier@gmail.com Abstract Asymmetric key algorithms use

### Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Module No. # 01 Lecture No. # 05 Classic Cryptosystems (Refer Slide Time: 00:42)

### Chapter 7: Network security

Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport

Advanced Maths Lecture 3 Next generation cryptography and the discrete logarithm problem for elliptic curves Richard A. Hayden rh@doc.ic.ac.uk EC crypto p. 1 Public key cryptography Asymmetric cryptography

### Cryptography and Network Security Chapter 10

Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 10 Other Public Key Cryptosystems Amongst the tribes of Central

### Efficient Hierarchical Identity Based Encryption Scheme in the Standard Model

Informatica 3 (008) 07 11 07 Efficient Hierarchical Identity Based Encryption Scheme in the Standard Model Yanli Ren and Dawu Gu Dept. of Computer Science and Engineering Shanghai Jiao Tong University

### 100 Mathematics Teacher Vol. 104, No. 2 September 2010

Chocolate 100 Mathematics Teacher Vol. 104, No. 2 September 2010 Copyright 2010 The National Council of Teachers of Mathematics, Inc. www.nctm.org. All rights reserved. This material may not be copied

### Advanced Analogue and Digital Encryption Methods. Presented by: Dr. S. Sarpal

Advanced Analogue and Digital Encryption Methods Presented by: Dr. S. Sarpal Background Term given to a mathematical algorithm OR a set of known sequences. Mixed with message to hide the meaning of content.

### Title Goes Here An Introduction to Modern Cryptography. Mike Reiter

Title Goes Here An Introduction to Modern Cryptography Mike Reiter 1 Cryptography Study of techniques to communicate securely in the presence of an adversary Traditional scenario Goal: A dedicated, private

### Computer Science A Cryptography and Data Security. Claude Crépeau

Computer Science 308-547A Cryptography and Data Security Claude Crépeau These notes are, largely, transcriptions by Anton Stiglic of class notes from the former course Cryptography and Data Security (308-647A)

### A New Approach for Algebraically Homomorphic Encryption

A New Approach for Algebraically Homomorphic Encryption Joint work with Ahmad Reza Sadeghi, supported by the EU project SPEED Frederik Armknecht Group for Cryptographic Mechanisms and Security Models Horst

### Public Key (asymmetric) Cryptography

Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,

### CS Computer and Network Security: Applied Cryptography

CS 5410 - Computer and Network Security: Applied Cryptography Professor Patrick Traynor Spring 2016 Reminders Project Ideas are due on Tuesday. Where are we with these? Assignment #2 is posted. Let s get

### Reusable Anonymous Return Channels

Reusable Anonymous Return Channels Philippe Golle Stanford University Stanford, CA 94305, USA pgolle@cs.stanford.edu Markus Jakobsson RSA Laboratories Bedford, MA 01730, USA mjakobsson@rsasecurity.com

### Public Key Cryptography and RSA. Review: Number Theory Basics

Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and

### MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC

MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC by Brittanney Jaclyn Amento A Thesis Submitted to the Faculty of The Charles E. Schmidt College of Science in Partial

### Cryptanalysis of a Verifiably Committed Signature Scheme based on GPS and RSA

Cryptanalysis of a Verifiably Committed Signature Scheme based on GPS and RSA Julien Cathalo, Benoît Libert and Jean-Jacques Quisquater Université catholique de Louvain Place du Levant 3 1348 Louvain-la-Neuve,

### Chapter 2 Homomorphic Encryption

Chapter 2 Homomorphic Encryption Abstract Homomorphic encryption is a form of encryption which allows specific types of computations to be carried out on ciphertexts and generate an encrypted result which,