IEEE Draft P Identity Based Public Key Cryptography Based On Pairings. Daniel Schliebner. 14. Dezember 2009
|
|
- Roger Warner
- 7 years ago
- Views:
Transcription
1 Identity Based Public Key Cryptography Based On Pairings 14. Dezember 2009
2 Gliederung Introduction Identity Based Encryption The Protocol Security Of The Protocol Discussion
3 About The Headline Identity Based Public Key Cryptography Is a type of public-key cryptography. Difference: the public-key is some unique information ID about the identity of a user. Proposed by Adi Shamir for the first time in 1984 (see [ASha84] page 47 53). Paring: mapping between groups (correct definition later). Used for: encryption (IBE), key encapsulation, signatures (and combinations).
4 About The Headline Identity Based Public Key Cryptography Is a type of public-key cryptography. Difference: the public-key is some unique information ID about the identity of a user. Proposed by Adi Shamir for the first time in 1984 (see [ASha84] page 47 53). Paring: mapping between groups (correct definition later). Used for: encryption (IBE), key encapsulation, signatures (and combinations).
5 About The Headline Identity Based Public Key Cryptography Is a type of public-key cryptography. Difference: the public-key is some unique information ID about the identity of a user. Proposed by Adi Shamir for the first time in 1984 (see [ASha84] page 47 53). Paring: mapping between groups (correct definition later). Used for: encryption (IBE), key encapsulation, signatures (and combinations).
6 About The Headline Identity Based Public Key Cryptography Is a type of public-key cryptography. Difference: the public-key is some unique information ID about the identity of a user. Proposed by Adi Shamir for the first time in 1984 (see [ASha84] page 47 53). Paring: mapping between groups (correct definition later). Used for: encryption (IBE), key encapsulation, signatures (and combinations).
7 About The Headline Identity Based Public Key Cryptography Is a type of public-key cryptography. Difference: the public-key is some unique information ID about the identity of a user. Proposed by Adi Shamir for the first time in 1984 (see [ASha84] page 47 53). Paring: mapping between groups (correct definition later). Used for: encryption (IBE), key encapsulation, signatures (and combinations).
8 About The Paper IEEE: Institute of Electrical and Electronics Engineers. P1363: Standardization project for public-key cryptography..3: Specifications for identity-based public-key cryptography using pairings. Chair of working group (as of Oct. 08): William Whyte (NTRU Cryptosystems Inc).
9 About The Paper IEEE: Institute of Electrical and Electronics Engineers. P1363: Standardization project for public-key cryptography..3: Specifications for identity-based public-key cryptography using pairings. Chair of working group (as of Oct. 08): William Whyte (NTRU Cryptosystems Inc).
10 About The Paper IEEE: Institute of Electrical and Electronics Engineers. P1363: Standardization project for public-key cryptography..3: Specifications for identity-based public-key cryptography using pairings. Chair of working group (as of Oct. 08): William Whyte (NTRU Cryptosystems Inc).
11 About The Paper IEEE: Institute of Electrical and Electronics Engineers. P1363: Standardization project for public-key cryptography..3: Specifications for identity-based public-key cryptography using pairings. Chair of working group (as of Oct. 08): William Whyte (NTRU Cryptosystems Inc).
12 Pairing: a mathematical formalism Definition Let (G 1, +), (G 2, +), (G 3, ) be groups of prime order p N. A pairing is a Z p bilinear map e : G 1 G 2 G 3 between Z p modules for which the following holds: 1. e is non-degenerated (i. e. P 0 G1 G 1, Q 0 G2 G 2 : e(p, Q) 1 G3 ). 2. e is computable in an efficient manner.
13 Now: ID-based cryptography using the example of ID-based encryption.
14 Identity Based Encryption (IBE) The Participants Participants are: Sender A (want s to send message m). Receiver B (has an identification ID, e. g. bob@domain.com). A Trusted Third Party the Private Key Generator (PKG).
15 Identity Based Encryption (IBE) The Participants Participants are: Sender A (want s to send message m). Receiver B (has an identification ID, e. g. bob@domain.com). A Trusted Third Party the Private Key Generator (PKG).
16 Identity Based Encryption (IBE) The Participants Participants are: Sender A (want s to send message m). Receiver B (has an identification ID, e. g. bob@domain.com). A Trusted Third Party the Private Key Generator (PKG).
17 Identity Based Encryption (IBE) The Algorithms Of An IBE-Protocol Algorithms of an IBE-Protocol are: Setup: run by the PKG. Returns: P a set of public parameters. s the master key (or secret server key). Extract(P, s, ID): run by the PKG (when B requests his private key). Returns: KID the private key corresponding to ID. Encrypt(P, ID, m): run by A. Returns: c the encrypted plaintext m. Decrypt(P, ID, c): run by B. Returns: m the decrypted ciphertext c.
18 Identity Based Encryption (IBE) The Algorithms Of An IBE-Protocol Algorithms of an IBE-Protocol are: Setup: run by the PKG. Returns: P a set of public parameters. s the master key (or secret server key). Extract(P, s, ID): run by the PKG (when B requests his private key). Returns: KID the private key corresponding to ID. Encrypt(P, ID, m): run by A. Returns: c the encrypted plaintext m. Decrypt(P, ID, c): run by B. Returns: m the decrypted ciphertext c.
19 Identity Based Encryption (IBE) The Algorithms Of An IBE-Protocol Algorithms of an IBE-Protocol are: Setup: run by the PKG. Returns: P a set of public parameters. s the master key (or secret server key). Extract(P, s, ID): run by the PKG (when B requests his private key). Returns: KID the private key corresponding to ID. Encrypt(P, ID, m): run by A. Returns: c the encrypted plaintext m. Decrypt(P, ID, c): run by B. Returns: m the decrypted ciphertext c.
20 Identity Based Encryption (IBE) The Algorithms Of An IBE-Protocol Algorithms of an IBE-Protocol are: Setup: run by the PKG. Returns: P a set of public parameters. s the master key (or secret server key). Extract(P, s, ID): run by the PKG (when B requests his private key). Returns: KID the private key corresponding to ID. Encrypt(P, ID, m): run by A. Returns: c the encrypted plaintext m. Decrypt(P, ID, c): run by B. Returns: m the decrypted ciphertext c.
21 Identity Based Encryption (IBE) The Algorithms Of An IBE-Protocol (cont.) Summarization: PKG runs Setup() (P, s). PKG runs Extract(P, s, ID) K ID. A runs Encrypt(P, ID, m) c. B runs Decrypt(P, ID, c) m.
22 Identity Based Encryption (IBE) Primitives Primitives: contain basic mathematical operations (building blocks for an IBE-protocol). Generation: used to extract a private key at a PKG. Verification: verification of K ID by receiver B. Encrypt and Decrypt: used inside corresponding algorithms.
23 Identity Based Encryption (IBE) Primitives Primitives: contain basic mathematical operations (building blocks for an IBE-protocol). Generation: used to extract a private key at a PKG. Verification: verification of K ID by receiver B. Encrypt and Decrypt: used inside corresponding algorithms.
24 Identity Based Encryption (IBE) Primitives Primitives: contain basic mathematical operations (building blocks for an IBE-protocol). Generation: used to extract a private key at a PKG. Verification: verification of K ID by receiver B. Encrypt and Decrypt: used inside corresponding algorithms.
25 Identity Based Encryption (IBE) Primitives Primitives: contain basic mathematical operations (building blocks for an IBE-protocol). Generation: used to extract a private key at a PKG. Verification: verification of K ID by receiver B. Encrypt and Decrypt: used inside corresponding algorithms.
26 The Protocol Gliederung Introduction Identity Based Encryption The Protocol Security Of The Protocol Discussion
27 The Protocol By Dan Boneh and Xavier Boyen. Security bases on Bilinear-Diffie-Hellman (BDH) Problem. As formulated in the previous section, the protocol consists of four algorithms: Setup, Extract, Encrypt and Decrypt. To this end, let G 1, G 2, G 3 be groups of prime order p N and e : G 1 G 2 G 3 a pairing. Let ID {0, 1} and plaintext m {0, 1} n.
28 The Protocol By Dan Boneh and Xavier Boyen. Security bases on Bilinear-Diffie-Hellman (BDH) Problem. As formulated in the previous section, the protocol consists of four algorithms: Setup, Extract, Encrypt and Decrypt. To this end, let G 1, G 2, G 3 be groups of prime order p N and e : G 1 G 2 G 3 a pairing. Let ID {0, 1} and plaintext m {0, 1} n.
29 The Protocol By Dan Boneh and Xavier Boyen. Security bases on Bilinear-Diffie-Hellman (BDH) Problem. As formulated in the previous section, the protocol consists of four algorithms: Setup, Extract, Encrypt and Decrypt. To this end, let G 1, G 2, G 3 be groups of prime order p N and e : G 1 G 2 G 3 a pairing. Let ID {0, 1} and plaintext m {0, 1} n.
30 The Protocol By Dan Boneh and Xavier Boyen. Security bases on Bilinear-Diffie-Hellman (BDH) Problem. As formulated in the previous section, the protocol consists of four algorithms: Setup, Extract, Encrypt and Decrypt. To this end, let G 1, G 2, G 3 be groups of prime order p N and e : G 1 G 2 G 3 a pairing. Let ID {0, 1} and plaintext m {0, 1} n.
31 The Protocol By Dan Boneh and Xavier Boyen. Security bases on Bilinear-Diffie-Hellman (BDH) Problem. As formulated in the previous section, the protocol consists of four algorithms: Setup, Extract, Encrypt and Decrypt. To this end, let G 1, G 2, G 3 be groups of prime order p N and e : G 1 G 2 G 3 a pairing. Let ID {0, 1} and plaintext m {0, 1} n.
32 The Protocol Setup PKG chooses a master key s := (s 1, s 2, s 3 ) R Z p Z p Z p. PKG generates public parameter P := (Q 1, Q 2, R, T, V, G 1, G 2, e), where Qi is a generator of G i, i = 1, 2, i. e. Q i = G i, R := s1 Q 1, T := s 3 Q 1, V := e(r, s 2 Q 2 ).
33 The Protocol Setup PKG chooses a master key s := (s 1, s 2, s 3 ) R Z p Z p Z p. PKG generates public parameter P := (Q 1, Q 2, R, T, V, G 1, G 2, e), where Qi is a generator of G i, i = 1, 2, i. e. Q i = G i, R := s1 Q 1, T := s 3 Q 1, V := e(r, s 2 Q 2 ).
34 The Protocol The primitives (knowing P and s) Generation: P-BB1-G(M) r 0 R Z p. i := s 1 s 2 + r 0 (s 1 M + s 3 ). return (iq 2, r 0 Q 2 ). Encryption: P-BB1-E(r) E 0 := rq 1. E 1 := (rm)r + rt. B := V r. return (E 0, E 1, B). Decryption: P-BB1-D(E 0, E 1, (K 0,M, K 1,M )) return e(e 0, K 0,M ) e(e 1, K 1,M ) 1.
35 The Protocol The primitives (knowing P and s) Generation: P-BB1-G(M) r 0 R Z p. i := s 1 s 2 + r 0 (s 1 M + s 3 ). return (iq 2, r 0 Q 2 ). Encryption: P-BB1-E(r) E 0 := rq 1. E 1 := (rm)r + rt. B := V r. return (E 0, E 1, B). Decryption: P-BB1-D(E 0, E 1, (K 0,M, K 1,M )) return e(e 0, K 0,M ) e(e 1, K 1,M ) 1.
36 The Protocol The primitives (knowing P and s) Generation: P-BB1-G(M) r 0 R Z p. i := s 1 s 2 + r 0 (s 1 M + s 3 ). return (iq 2, r 0 Q 2 ). Encryption: P-BB1-E(r) E 0 := rq 1. E 1 := (rm)r + rt. B := V r. return (E 0, E 1, B). Decryption: P-BB1-D(E 0, E 1, (K 0,M, K 1,M )) return e(e 0, K 0,M ) e(e 1, K 1,M ) 1.
37 The Protocol There are three algorithms left. Using the three primitives P-BB1-G, P-BB1-E, P-BB1-D we can now formulate them. Therefore: consider three Hashfunctions H 1 : {0, 1} Z p H 2 : G 3 {0, 1} n H 3 : G 3 {0, 1} n G 1 G 1 Z p
38 The Protocol There are three algorithms left. Using the three primitives P-BB1-G, P-BB1-E, P-BB1-D we can now formulate them. Therefore: consider three Hashfunctions H 1 : {0, 1} Z p H 2 : G 3 {0, 1} n H 3 : G 3 {0, 1} n G 1 G 1 Z p
39 The Protocol There are three algorithms left. Using the three primitives P-BB1-G, P-BB1-E, P-BB1-D we can now formulate them. Therefore: consider three Hashfunctions H 1 : {0, 1} Z p H 2 : G 3 {0, 1} n H 3 : G 3 {0, 1} n G 1 G 1 Z p
40 The Protocol Extract M := H 1 (ID). K ID := (K 0,M, K 1,M ) P-BB1-G(M). K ID is the private key for the receiver.
41 The Protocol Extract M := H 1 (ID). K ID := (K 0,M, K 1,M ) P-BB1-G(M). K ID is the private key for the receiver.
42 The Protocol Encrypt r R Z p. (B, E 0, E 1 ) P-BB1-E(r). Y := H 2 (B) m. t := r + H 3 (B, Y, E 0, E 1 ). c := (Y, E 0, E 1, t). c is the ciphertext. B is called blinding factor.
43 The Protocol Encrypt r R Z p. (B, E 0, E 1 ) P-BB1-E(r). Y := H 2 (B) m. t := r + H 3 (B, Y, E 0, E 1 ). c := (Y, E 0, E 1, t). c is the ciphertext. B is called blinding factor.
44 The Protocol Encrypt r R Z p. (B, E 0, E 1 ) P-BB1-E(r). Y := H 2 (B) m. t := r + H 3 (B, Y, E 0, E 1 ). c := (Y, E 0, E 1, t). c is the ciphertext. B is called blinding factor.
45 The Protocol Encrypt r R Z p. (B, E 0, E 1 ) P-BB1-E(r). Y := H 2 (B) m. t := r + H 3 (B, Y, E 0, E 1 ). c := (Y, E 0, E 1, t). c is the ciphertext. B is called blinding factor.
46 The Protocol Encrypt r R Z p. (B, E 0, E 1 ) P-BB1-E(r). Y := H 2 (B) m. t := r + H 3 (B, Y, E 0, E 1 ). c := (Y, E 0, E 1, t). c is the ciphertext. B is called blinding factor.
47 The Protocol Decrypt B P-BB1-D(E 0, E 1, K ID ). r := t H 3 (B, Y, E 0, E 1 ). if (B == V r and E 0 == rq 1 ) then exit with error. m := Y H 2 (B). m is the plaintext.
48 The Protocol Decrypt B P-BB1-D(E 0, E 1, K ID ). r := t H 3 (B, Y, E 0, E 1 ). if (B == V r and E 0 == rq 1 ) then exit with error. m := Y H 2 (B). m is the plaintext.
49 The Protocol Decrypt B P-BB1-D(E 0, E 1, K ID ). r := t H 3 (B, Y, E 0, E 1 ). if (B == V r and E 0 == rq 1 ) then exit with error. m := Y H 2 (B). m is the plaintext.
50 The Protocol Decrypt B P-BB1-D(E 0, E 1, K ID ). r := t H 3 (B, Y, E 0, E 1 ). if (B == V r and E 0 == rq 1 ) then exit with error. m := Y H 2 (B). m is the plaintext.
51 Security Of The Protocol Gliederung Introduction Identity Based Encryption The Protocol Security Of The Protocol Discussion
52 Security Of The Protocol Security Definition Let e : G 1 G 2 G 3 be a pairing and P G 1, Q G 2. The Bilinear-Diffie-Hellman (BDH) Assumption says, that if P, Q, ap, bp, aq, cq for a, b, c Z p are given, then it is hard to compute e(p, Q) abc.
53 Security Of The Protocol Security (cont.) The security depends on Hashfunctions H 1, H 2, H 3. The secure channel between the receiver and the PKG. The BDH Assumption (at which point?).
54 Security Of The Protocol Security (cont.) The security depends on Hashfunctions H 1, H 2, H 3. The secure channel between the receiver and the PKG. The BDH Assumption (at which point?).
55 Security Of The Protocol Security (cont.) The security depends on Hashfunctions H 1, H 2, H 3. The secure channel between the receiver and the PKG. The BDH Assumption (at which point?).
56 Security Of The Protocol Security (cont.) Definition Let q Z p. Then the q Bilinear-Diffie-Hellman-Inverse (q-bdhi) Assumption says, that if (P, ap, a 2 P,..., a q P, Q, aq,..., a q Q) are given, it is hard to compute (e(p, Q) a ) 1. Definition We say, that the (t, q, ε) BDHI Assumption holds, if no t time algorithm A has advantage ε (i. e. P (A(P,..., a q P, Q,..., a q Q)) ε) in solving the q-bdhi problem.
57 Security Of The Protocol Security (cont.) Definition Let q Z p. Then the q Bilinear-Diffie-Hellman-Inverse (q-bdhi) Assumption says, that if (P, ap, a 2 P,..., a q P, Q, aq,..., a q Q) are given, it is hard to compute (e(p, Q) a ) 1. Definition We say, that the (t, q, ε) BDHI Assumption holds, if no t time algorithm A has advantage ε (i. e. P (A(P,..., a q P, Q,..., a q Q)) ε) in solving the q-bdhi problem.
58 Security Of The Protocol Security (cont.) Definition We say, that an IBE system is (t, q ID, ε)-selective identity, chosen plaintext secure (short: (t, q ID, ε) IND-sID-CPA secure) iff for every IND-sID-CPA adversary A, that makes at most q ID chosen private key queries, there is ADV A < ε, where ADV A is the advantage of A, attacking the IBE system.
59 Security Of The Protocol Security (cont.) Theorem Suppose the (t, q, ε)-bdhi Assumption holds for G 1 and G 2. Then is (t, q S, ε) IND-sID-CPA secure for any q S < q and any t < t Θ(τq 2 ), where τ is the maximum time for an exponentiation in G 1, G 2. Proof: see [BB04].
60 Advantages
61 Advantages IBE eliminates the need for a public key distribution infrastructure. No key agreement. Interesting features (e. g. encode additional information into the ID: for instance expirations dates).
62 Disadvantages
63 Disadvantages PKG may decrypt and/or sign any message without authorisation. A secure channel is required between the PKG and the receiver.
64 That s it. Thank you for your attention.
65 Anhang Literaturverzeichnis Literaturverzeichnis [P ] IEEE P1636.3/D1 Draft Standard for Identity-based Public-key Cryptography Using Pairings. Working Group of the Microprocessor Standards Committee [ASha84] Identity-Based Cryptosystems and Signature Schemes. Advances in Cryptology: Proceedings of CRYPTO 84. Adi Shamir Lecture Notes in Computer Science 7, 1984
66 Anhang Literaturverzeichnis [BB04] Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles. D. Boneh, X. Boyen Advances in Cryptology Eurocrypt, 2004, Springer-Verlag (2004), pp [Wiki09] Wikipedia (DE, EN) As of: 14. Dezember 2009.
Lecture 25: Pairing-Based Cryptography
6.897 Special Topics in Cryptography Instructors: Ran Canetti and Ron Rivest May 5, 2004 Lecture 25: Pairing-Based Cryptography Scribe: Ben Adida 1 Introduction The field of Pairing-Based Cryptography
More informationNew Efficient Searchable Encryption Schemes from Bilinear Pairings
International Journal of Network Security, Vol.10, No.1, PP.25 31, Jan. 2010 25 New Efficient Searchable Encryption Schemes from Bilinear Pairings Chunxiang Gu and Yuefei Zhu (Corresponding author: Chunxiang
More informationMESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC
MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC by Brittanney Jaclyn Amento A Thesis Submitted to the Faculty of The Charles E. Schmidt College of Science in Partial
More informationIdentity-Based Cryptography and Comparison with traditional Public key Encryption: A Survey
Identity-Based Cryptography and Comparison with traditional Public key Encryption: A Survey Girish Department of PGS-CEA The National Institute of Engineering, Manadavady Road,Mysore-570008, INDIA Phaneendra
More informationAn Introduction to Identity-based Cryptography CSEP 590TU March 2005 Carl Youngblood
An Introduction to Identity-based Cryptography CSEP 590TU March 2005 Carl Youngblood One significant impediment to the widespread adoption of public-key cryptography is its dependence on a public-key infrastructure
More informationLecture 17: Re-encryption
600.641 Special Topics in Theoretical Cryptography April 2, 2007 Instructor: Susan Hohenberger Lecture 17: Re-encryption Scribe: Zachary Scott Today s lecture was given by Matt Green. 1 Motivation Proxy
More informationIdentity-Based Encryption from the Weil Pairing
Appears in SIAM J. of Computing, Vol. 32, No. 3, pp. 586-615, 2003. An extended abstract of this paper appears in the Proceedings of Crypto 2001, volume 2139 of Lecture Notes in Computer Science, pages
More informationChosen-Ciphertext Security from Identity-Based Encryption
Chosen-Ciphertext Security from Identity-Based Encryption Dan Boneh Ran Canetti Shai Halevi Jonathan Katz June 13, 2006 Abstract We propose simple and efficient CCA-secure public-key encryption schemes
More informationEfficient Unlinkable Secret Handshakes for Anonymous Communications
보안공학연구논문지 (Journal of Security Engineering), 제 7권 제 6호 2010년 12월 Efficient Unlinkable Secret Handshakes for Anonymous Communications Eun-Kyung Ryu 1), Kee-Young Yoo 2), Keum-Sook Ha 3) Abstract The technique
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and
More informationSecure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment
Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment Chih Hung Wang Computer Science and Information Engineering National Chiayi University Chiayi City 60004,
More informationSome Identity Based Strong Bi-Designated Verifier Signature Schemes
Some Identity Based Strong Bi-Designated Verifier Signature Schemes Sunder Lal and Vandani Verma Department of Mathematics, Dr. B.R.A. (Agra), University, Agra-282002 (UP), India. E-mail- sunder_lal2@rediffmail.com,
More informationAdvanced Cryptography
Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.
More informationAn Efficient and Light weight Secure Framework for Applications of Cloud Environment using Identity Encryption Method
An Efficient and Light weight Secure Framework for Applications of Cloud Environment using Identity Encryption Method E.Sathiyamoorthy 1, S.S.Manivannan 2 1&2 School of Information Technology and Engineering
More informationThe Journal of Systems and Software
The Journal of Systems and Software 82 (2009) 789 793 Contents lists available at ScienceDirect The Journal of Systems and Software journal homepage: www.elsevier.com/locate/jss Design of DL-based certificateless
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationMulti-Channel Broadcast Encryption
Multi-Channel Broadcast Encryption Duong Hieu Phan 1,2, David Pointcheval 2, and Viet Cuong Trinh 1 1 LAGA, University of Paris 8 2 ENS / CNRS / INRIA Abstract. Broadcast encryption aims at sending a content
More informationThe Feasibility of SET-IBS and SET-IBOOS Protocols in Cluster-Based Wireless Sensor Network
The Feasibility of SET-IBS and SET-IBOOS Protocols in Cluster-Based Wireless Sensor Network R.Anbarasi 1, S.Gunasekaran 2 P.G. Student, Department of Computer Engineering, V.S.B Engineering College, Karur,
More informationCCLAS: A Practical and Compact Certificateless Aggregate Signature with Share Extraction
International Journal of Network Security, Vol.16, No.3, PP.174-181, May 2014 174 CCLAS: A Practical and Compact Certificateless Aggregate Signature with Share Extraction Min Zhou 1, Mingwu Zhang 2, Chunzhi
More informationVoteID 2011 Internet Voting System with Cast as Intended Verification
VoteID 2011 Internet Voting System with Cast as Intended Verification September 2011 VP R&D Jordi Puiggali@scytl.com Index Introduction Proposal Security Conclusions 2. Introduction Client computers could
More informationRSA Attacks. By Abdulaziz Alrasheed and Fatima
RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationChosen-Ciphertext Security from Identity-Based Encryption
Chosen-Ciphertext Security from Identity-Based Encryption Dan Boneh Ran Canetti Shai Halevi Jonathan Katz Abstract We propose simple and efficient CCA-secure public-key encryption schemes (i.e., schemes
More informationPublic Key Cryptography: RSA and Lots of Number Theory
Public Key Cryptography: RSA and Lots of Number Theory Public vs. Private-Key Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver
More informationA Certificateless Signature Scheme for Mobile Wireless Cyber-Physical Systems
The 28th International Conference on Distributed Computing Systems Workshops A Certificateless Signature Scheme for Mobile Wireless Cyber-Physical Systems Zhong Xu Xue Liu School of Computer Science McGill
More informationE-Visas Verification Schemes Based on Public-Key Infrastructure and Identity Based Encryption
Journal of Computer Science 6 (7): 723-727, 2010 ISSN 1549-3636 2010 Science Publications E-Visas Verification Schemes Based on Public-Key Infrastructure and Identity Based Encryption Najlaa A. Abuadhmah,
More informationPublic Key Cryptography and RSA. Review: Number Theory Basics
Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and
More informationChosen-Ciphertext Security from Identity-Based Encryption
Chosen-Ciphertext Security from Identity-Based Encryption Ran Canetti 1, Shai Halevi 1, and Jonathan Katz 2 1 IBM T. J. Watson Research Center, Hawthorne, NY. {canetti,shaih}@watson.ibm.com 2 Dept. of
More informationStrengthen Cloud Computing Security with Federal Identity Management Using Hierarchical Identity-Based Cryptography
Strengthen Cloud Computing Security with Federal Identity Management Using Hierarchical Identity-Based Cryptography Liang Yan, Chunming Rong, and Gansen Zhao University of Stavanger, Norway {liang.yan,chunming.rong}@uis.no
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography
More informationEfficient Certificate-Based Encryption Scheme Secure Against Key Replacement Attacks in the Standard Model *
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 0, 55-568 (04) Efficient Certificate-Based Encryption Scheme Secure Against Key Replacement Attacks in the Standard Model * College of Computer and Information
More informationCertificate Based Signature Schemes without Pairings or Random Oracles
Certificate Based Signature Schemes without Pairings or Random Oracles p. 1/2 Certificate Based Signature Schemes without Pairings or Random Oracles Joseph K. Liu, Joonsang Baek, Willy Susilo and Jianying
More informationIdentity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks
Identity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks Tsz Hon Yuen - Huawei, Singapore Ye Zhang - Pennsylvania State University, USA Siu Ming
More informationLecture 6 - Cryptography
Lecture 6 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07 Question 2 Setup: Assume you and I don t know anything about
More informationOverview of Public-Key Cryptography
CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows
More informationSECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES
www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,
More informationStrengthen RFID Tags Security Using New Data Structure
International Journal of Control and Automation 51 Strengthen RFID Tags Security Using New Data Structure Yan Liang and Chunming Rong Department of Electrical Engineering and Computer Science, University
More informationThe application of prime numbers to RSA encryption
The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered
More informationIndex Calculation Attacks on RSA Signature and Encryption
Index Calculation Attacks on RSA Signature and Encryption Jean-Sébastien Coron 1, Yvo Desmedt 2, David Naccache 1, Andrew Odlyzko 3, and Julien P. Stern 4 1 Gemplus Card International {jean-sebastien.coron,david.naccache}@gemplus.com
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationCIS 5371 Cryptography. 8. Encryption --
CIS 5371 Cryptography p y 8. Encryption -- Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: All-or-nothing secrecy.
More informationA New and Efficient Signature on Commitment Values
International Journal of Network Security, Vol.7, No., PP.0 06, July 2008 0 A New and Efficient Signature on Commitment Values Fangguo Zhang,3, Xiaofeng Chen 2,3, Yi Mu 4, and Willy Susilo 4 (Corresponding
More informationA Factoring and Discrete Logarithm based Cryptosystem
Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511-517 HIKARI Ltd, www.m-hikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques
More informationIdentity-Based Key Agreement and Encryption For Wireless Sensor Networks
182 IJCSNS International Journal of Computer Science and Network Security, VOL.6 No.5B, May 2006 Identity-Based Key Agreement and Encryption For Wireless Sensor Networks Geng Yang 1, Chunming Rong 2, Christian
More informationPaillier Threshold Encryption Toolbox
Paillier Threshold Encryption Toolbox October 23, 2010 1 Introduction Following a desire for secure (encrypted) multiparty computation, the University of Texas at Dallas Data Security and Privacy Lab created
More informationLecture 9 - Message Authentication Codes
Lecture 9 - Message Authentication Codes Boaz Barak March 1, 2010 Reading: Boneh-Shoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,
More informationSecure and Efficient Identity-based Proxy Multi-signature Using Cubic Residues
International Journal of Network Security, Vol.18, No.1, PP.90-98, Jan. 2016 90 Secure and Efficient Identity-based Proxy Multi-signature Using Cubic Residues Feng Wang 1,2, Chin-Chen Chang 2,3, Changlu
More informationOn the Difficulty of Software Key Escrow
On the Difficulty of Software Key Escrow Lars R. Knudsen and Torben P. Pedersen Katholieke Universiteit Leuven, Belgium, email: knudsen@esat.kuleuven.ac.be Cryptomathic, Denmark, email: tpp@cryptomathic.aau.dk
More informationEnhanced Privacy ID (EPID) Ernie Brickell and Jiangtao Li Intel Corporation
Enhanced Privacy ID (EPID) Ernie Brickell and Jiangtao Li Intel Corporation 1 Agenda EPID overview EPID usages Device Authentication Government Issued ID EPID performance and standardization efforts 2
More informationCategorical Heuristic for Attribute Based Encryption in the Cloud Server
Categorical Heuristic for Attribute Based Encryption in the Cloud Server R. Brindha 1, R. Rajagopal 2 1( M.E, Dept of CSE, Vivekanandha Institutes of Engineering and Technology for Women, Tiruchengode,
More informationElliptic Curve Cryptography Methods Debbie Roser Math\CS 4890
Elliptic Curve Cryptography Methods Debbie Roser Math\CS 4890 Why are Elliptic Curves used in Cryptography? The answer to this question is the following: 1) Elliptic Curves provide security equivalent
More informationAn Efficient and Provably-secure Digital signature Scheme based on Elliptic Curve Bilinear Pairings
Theoretical and Applied Informatics ISSN 896 5334 Vol.24 (202), no. 2 pp. 09 8 DOI: 0.2478/v079-02-0009-0 An Efficient and Provably-secure Digital signature Scheme based on Elliptic Curve Bilinear Pairings
More informationPublic Key Encryption with Keyword Search Revisited
Public Key Encryption with Keyword Search Revisited Joonsang Baek, Reihaneh Safiavi-Naini,Willy Susilo University of Wollongong Northfields Avenue Wollongong NSW 2522, Australia Abstract The public key
More informationIntroduction to Cryptography
Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication
More informationAn Introduction to the RSA Encryption Method
April 17, 2012 Outline 1 History 2 3 4 5 History RSA stands for Rivest, Shamir, and Adelman, the last names of the designers It was first published in 1978 as one of the first public-key crytographic systems
More informationSecure Network Communication Part II II Public Key Cryptography. Public Key Cryptography
Kommunikationssysteme (KSy) - Block 8 Secure Network Communication Part II II Public Key Cryptography Dr. Andreas Steffen 2000-2001 A. Steffen, 28.03.2001, KSy_RSA.ppt 1 Secure Key Distribution Problem
More informationLightweight Encryption for Email
Lightweight Encryption for Email Ben Adida MIT ben@mit.edu Susan Hohenberger MIT srhohen@mit.edu Ronald L. Rivest MIT rivest@mit.edu Abstract Email encryption techniques have been available for more than
More informationCSC474/574 - Information Systems Security: Homework1 Solutions Sketch
CSC474/574 - Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a one-round Feistel cipher
More informationMetered Signatures - How to restrict the Signing Capability -
JOURNAL OF COMMUNICATIONS AND NETWORKS, VOL.?, NO.?, 1 Metered Signatures - How to restrict the Signing Capability - Woo-Hwan Kim, HyoJin Yoon, and Jung Hee Cheon Abstract: We propose a new notion of metered
More informationThe Mathematics of the RSA Public-Key Cryptosystem
The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through
More informationIdentity Based Undeniable Signatures
Identity Based Undeniable Signatures Benoît Libert Jean-Jacques Quisquater UCL Crypto Group Place du Levant, 3. B-1348 Louvain-La-Neuve. Belgium {libert,jjq}@dice.ucl.ac.be http://www.uclcrypto.org/ Abstract.
More informationCryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur
Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Module No. # 01 Lecture No. # 05 Classic Cryptosystems (Refer Slide Time: 00:42)
More informationSecure and Efficient Data Transmission for Cluster-based Wireless Sensor Networks
JOURNAL PAPER, ACCEPTED 1 Secure and Efficient Data Transmission for Cluster-based Wireless Sensor Networks Huang Lu, Student Member, IEEE, Jie Li, Senior Member, IEEE, Mohsen Guizani, Fellow, IEEE Abstract
More informationNumber Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may
Number Theory Divisibility and Primes Definition. If a and b are integers and there is some integer c such that a = b c, then we say that b divides a or is a factor or divisor of a and write b a. Definition
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationOutsourcing the Decryption of ABE Ciphertexts
Outsourcing the Decryption of ABE Ciphertexts Matthew Green and Susan Hohenberger Johns Hopkins University Brent Waters UT Austin Background A problem Securing records in a data-sharing environment E.g.,
More informationAdvanced Topics in Cryptography and Network Security
Advanced Topics in Cryptography and Network Security Breno de Medeiros Department of Computer Science Florida State University Advanced Topics in Cryptography and Network Security p.1 Class Reference Sheet
More informationIdentity Based Encryption. Terence Spies VP Engineering terence@voltage.com
Identity Based Encryption Terence Spies VP Engineering terence@voltage.com Voltage Security Overview Breakthrough technology for encryption and access control Based on work of Dr. Boneh at Stanford and
More informationNetwork Security. HIT Shimrit Tzur-David
Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key
More informationMathematics of Internet Security. Keeping Eve The Eavesdropper Away From Your Credit Card Information
The : Keeping Eve The Eavesdropper Away From Your Credit Card Information Department of Mathematics North Dakota State University 16 September 2010 Science Cafe Introduction Disclaimer: is not an internet
More informationMathematical Model Based Total Security System with Qualitative and Quantitative Data of Human
Int Jr of Mathematics Sciences & Applications Vol3, No1, January-June 2013 Copyright Mind Reader Publications ISSN No: 2230-9888 wwwjournalshubcom Mathematical Model Based Total Security System with Qualitative
More informationUniversal Padding Schemes for RSA
Universal Padding Schemes for RSA Jean-Sébastien Coron, Marc Joye, David Naccache, and Pascal Paillier Gemplus Card International, France {jean-sebastien.coron, marc.joye, david.naccache, pascal.paillier}@gemplus.com
More informationTitle Security Related Issues for Cloud Computing
Title Security Related Issues for Cloud Computing Ashwini Singh Abstract: The term CLOUD implies Common Location Independent Online Utility on Demand. It's a rising innovation in IT commercial ventures.
More informationEnforcing Role-Based Access Control for Secure Data Storage in the Cloud
The Author 211. Published by Oxford University Press on behalf of The British Computer Society. All rights reserved. For Permissions please email: journals.permissions@oup.com Advance Access publication
More informationInternational Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013
FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,
More information3-6 Toward Realizing Privacy-Preserving IP-Traceback
3-6 Toward Realizing Privacy-Preserving IP-Traceback The IP-traceback technology enables us to trace widely spread illegal users on Internet. However, to deploy this attractive technology, some problems
More informationIntroduction. Digital Signature
Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationCryptography and Network Security Chapter 9
Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,
More informationEfficient ID-based authentication and key agreement protocols for the session initiation protocol
Turkish Journal of Electrical Engineering & Computer Sciences http:// journals. tubitak. gov. tr/ elektrik/ Research Article Turk J Elec Eng & Comp Sci (2015) 23: 560 579 c TÜBİTAK doi:10.3906/elk-1207-102
More informationPrinciples of Network Security
he Network Security Model Bob and lice want to communicate securely. rudy (the adversary) has access to the channel. lice channel data, control s Bob Kai Shen data secure sender secure receiver data rudy
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationAuthentication and Encryption: How to order them? Motivation
Authentication and Encryption: How to order them? Debdeep Muhopadhyay IIT Kharagpur Motivation Wide spread use of internet requires establishment of a secure channel. Typical implementations operate in
More informationSoftware Tool for Implementing RSA Algorithm
Software Tool for Implementing RSA Algorithm Adriana Borodzhieva, Plamen Manoilov Rousse University Angel Kanchev, Rousse, Bulgaria Abstract: RSA is one of the most-common used algorithms for public-key
More informationFinal Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket
IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles
More informationTHE ADVANTAGES OF ELLIPTIC CURVE CRYPTOGRAPHY FOR WIRELESS SECURITY KRISTIN LAUTER, MICROSOFT CORPORATION
T OPICS IN WIRELESS SECURITY THE ADVANTAGES OF ELLIPTIC CURVE CRYPTOGRAPHY FOR WIRELESS SECURITY KRISTIN LAUTER, MICROSOFT CORPORATION Q 2 = R 1 Q 2 R 1 R 1 As the wireless industry explodes, it faces
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 1 January 9, 2012 CPSC 467b, Lecture 1 1/22 Course Overview Symmetric Cryptography CPSC 467b, Lecture 1 2/22 Course Overview CPSC
More informationA SOFTWARE COMPARISON OF RSA AND ECC
International Journal Of Computer Science And Applications Vol. 2, No. 1, April / May 29 ISSN: 974-13 A SOFTWARE COMPARISON OF RSA AND ECC Vivek B. Kute Lecturer. CSE Department, SVPCET, Nagpur 9975549138
More informationNon-Interactive CCA-Secure Threshold Cryptosystems with Adaptive Security: New Framework and Constructions
Non-Interactive CCA-Secure Threshold Cryptosystems with Adaptive Security: New Framework and Constructions Benoît Libert 1 and Moti Yung 2 1 Université catholique de Louvain, ICTEAM Institute (Belgium)
More informationIdentity-Based Encryption from Lattices in the Standard Model
Identity-Based Encryption from Lattices in the Standard Model Shweta Agrawal and Xavier Boyen Preliminary version July 20, 2009 Abstract. We construct an Identity-Based Encryption (IBE) system without
More informationRole Based Encryption with Efficient Access Control in Cloud Storage
Role Based Encryption with Efficient Access Control in Cloud Storage G. V. Bandewar 1, R. H. Borhade 2 1 Department of Information Technology, Sinhgad Technical Education Society s SKNCOE, Pune, India
More informationSimplified Security Notions of Direct Anonymous Attestation and a Concrete Scheme from Pairings
Simplified Security Notions of Direct Anonymous Attestation and a Concrete Scheme from Pairings Ernie Brickell Intel Corporation ernie.brickell@intel.com Liqun Chen HP Laboratories liqun.chen@hp.com March
More informationMANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS
INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND SCIENCE MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS Kanchupati Kondaiah 1, B.Sudhakar 2 1 M.Tech Student, Dept of CSE,
More informationExperiments in Encrypted and Searchable Network Audit Logs
Experiments in Encrypted and Searchable Network Audit Logs Bhanu Prakash Gopularam Cisco Systems India Pvt. Ltd Nitte Meenakshi Institute of Technology Email: bhanprak@cisco.com Sashank Dara Cisco Systems
More informationPart I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code
More informationSecurity Aspects of. Database Outsourcing. Vahid Khodabakhshi Hadi Halvachi. Dec, 2012
Security Aspects of Database Outsourcing Dec, 2012 Vahid Khodabakhshi Hadi Halvachi Security Aspects of Database Outsourcing Security Aspects of Database Outsourcing 2 Outline Introduction to Database
More informationLecture 5 - CPA security, Pseudorandom functions
Lecture 5 - CPA security, Pseudorandom functions Boaz Barak October 2, 2007 Reading Pages 82 93 and 221 225 of KL (sections 3.5, 3.6.1, 3.6.2 and 6.5). See also Goldreich (Vol I) for proof of PRF construction.
More informationBootstrapping Security in Mobile Ad Hoc Networks Using Identity-Based Schemes with Key Revocation
Bootstrapping Security in Mobile Ad Hoc Networks Using Identity-Based Schemes with Key Revocation Katrin Hoeper and Guang Gong khoeper@engmail.uwaterloo.ca, ggong@calliope.uwaterloo.ca Department of Electrical
More informationA secure email login system using virtual password
A secure email login system using virtual password Bhavin Tanti 1,Nishant Doshi 2 1 9seriesSoftwares, Ahmedabad,Gujarat,India 1 {bhavintanti@gmail.com} 2 SVNIT, Surat,Gujarat,India 2 {doshinikki2004@gmail.com}
More informationPublic Key Cryptography. c Eli Biham - March 30, 2011 258 Public Key Cryptography
Public Key Cryptography c Eli Biham - March 30, 2011 258 Public Key Cryptography Key Exchange All the ciphers mentioned previously require keys known a-priori to all the users, before they can encrypt
More information