Public-Key Encryption (Asymmetric Encryption)
Size: px
Start display at page:

Download "Public-Key Encryption (Asymmetric Encryption)"

Transcription

1 Public-Key Encryption (Asymmetric Encryption) Summer School, Romania 2014 Marc Fischlin 13. Oktober 2010 Dr.Marc Fischlin Kryptosicherheit 1

2 The story so far (Private-Key Crypto) Alice establish secure key k Bob 1st Phase 2nd Phase Eve eavesdrops on communication message m Alice C=Enc( k,m) ciphertext C Bob m=dec( k,c) Marc Fischlin Summer School Romania 2014 Public-Key Encryption 2

3 Public-Key Crypto Bob holds pair (sk,pk) of related keys: pk public key, known by everyone sk secret (or private) key, known only by Bob Eve eavesdrops on communication message m Alice C=Enc( pk k,m) public key pk ciphertext C key pair (sk,pk) Bob m=dec( sk k, C) Marc Fischlin Summer School Romania 2014 Public-Key Encryption 3

4 Example: (Textbook) RSA Rivest Shamir from Len Adleman s homepage Adleman Rivest, Shamir, Adleman "A Method for Obtaining Digital Signatures and Public- Key Cryptosystems". Communications of the ACM, 1978 Marc Fischlin Summer School Romania 2014 Public-Key Encryption 4

5 Background: Marc Fischlin Summer School Romania 2014 Public-Key Encryption 5

6 Structure: Marc Fischlin Summer School Romania 2014 Public-Key Encryption 6

7 Alternative characterization: gcd = greatest common divisor Euclid s algorithm: Note: Marc Fischlin Summer School Romania 2014 Public-Key Encryption 7

8 Euler s totient function: Euler s and Fermat s Theorem: Marc Fischlin Summer School Romania 2014 Public-Key Encryption 8

9 RSA Encryption scheme today: N 1024 bits, better at least 2048 bits choosing parameters is non-trivial Key Generation: Encryption: Decryption: Marc Fischlin Summer School Romania 2014 Public-Key Encryption 9

10 RSA assumption: hard to compute m from pk=(n,e) and C implies unknown Factoring asmptn: hard to compute p,q from N minimal security requirement Eve eavesdrops on communication message m Alice C=m e mod N pk=(n,e) ciphertext C Bob m=c d mod N key pair sk=(n,d),pk=(n,e) Marc Fischlin Summer School Romania 2014 Public-Key Encryption 10

11 Warning: When using RSA function for encryption one actually needs additional means to match modern security notions You will see in this lecture why Marc Fischlin Summer School Romania 2014 Public-Key Encryption 11

12 Semantic Security of (Public-Key) Encryption Marc Fischlin Summer School Romania 2014 Public-Key Encryption 12

13 Security of Encryption Schemes Eve eavesdrops on communication message m Alice C=Enc(pk,m) pk ciphertext C Bob m=dec(sk, C) key pair (sk,pk) What does it mean that encryption scheme is secure? Marc Fischlin Summer School Romania 2014 Public-Key Encryption 13

14 Shannon s Entropic Approach Eve eavesdrops on communication message m Alice C=Enc(pk,m) pk ciphertext C Bob m=dec(sk, C) key pair (sk,pk) Eve does not learn anything about message from ciphertext Shannon, Claude. "Communication Theory of Secrecy Systems". Bell System Technical Journal, Marc Fischlin Summer School Romania 2014 Public-Key Encryption 14

15 Excursion: Shannon Entropy = measure for information = measure for (reduction of) uncertainty average number of bits required to communicate outcome Marc Fischlin Summer School Romania 2014 Public-Key Encryption 15

16 Eve eavesdrops on communication message m Alice C=Enc( k,m) pk ciphertext C Bob m=dec( k, C) key pair (sk,pk) Eve s uncertainty about message m does not decrease seeing pk,c: entropy of m= uncertainty of Eve about m before transmission entropy of m, given pk,c= uncertainty of Eve about m after having seen pk,c Marc Fischlin Summer School Romania 2014 Public-Key Encryption 16

17 One-Time-Pad encryption achieves Shannon s bound in private-key setting: Impossible to achieve in public-key setting: sk and pk are information-theoretically related (as required for decryption) Marc Fischlin Summer School Romania 2014 Public-Key Encryption 17

18 small errors, efficient adversaries only, Solution: use appropriate complexity-based relaxation: Whatever information info(m) an efficient adversary E learns about message m from ciphertext C and pk, one could learn from pk alone. Marc Fischlin Summer School Romania 2014 Public-Key Encryption 18

19 Semantic Security Goldwasser, Micali. "Probabilistic encryption". Journal of Computer and System Sciences, A public-key encryption scheme is semantically secure if efficient adversary E efficient (length-invariant) message distribution M efficiently computable function Info efficient algorithm S ( the simulator ) s.t. Source: MIT EECS where Marc Fischlin Summer School Romania 2014 Public-Key Encryption 19

20 RSA: C=m e mod N Goldwasser, Micali. "Probabilistic encryption". Journal of Computer and System Sciences, "Probabilistic encryption" deterministic encryption probabilistic encryption Enc(pk, ) Enc(pk, ) 1-1 message space ciphertext space message space ciphertext space message always mapped to same ciphertext message mapped to random ciphertext Marc Fischlin Summer School Romania 2014 Public-Key Encryption 20

21 Deterministic Encryption Cannot be Semantically Secure (if message space contains at least two equal-length messages) E (length-invariant) M Info S : Define: Then: But: Marc Fischlin Summer School Romania 2014 Public-Key Encryption 21

22 Notes: (Textbook) RSA encryption not semantically secure encryption, but still good function (see later) 1st difference private-key vs. public-key encryption: deterministic encryption like One-Time-Pad can be secure in private-key setting (if used only once) vs. deterministic public-key encryption not secure, even if used only once Marc Fischlin Summer School Romania 2014 Public-Key Encryption 22

23 Things to remember from this part: Semantically secure public-key encryption scheme: cannot learn anything useful about message from ciphertext: E M, info S: Pr( E(pk,C)=info(m) ) Pr ( S(pk)=info(m) ) Fact: deterministic public-key encryption schemes like textbook RSA cannot be semantically secure suggested reading: Goldreich s book Foundations of Cryptography, Volume 2, Chapter 5 Marc Fischlin Summer School Romania 2014 Public-Key Encryption 23

24 Indistinguishability vs. Semantic Security Marc Fischlin Summer School Romania 2014 Public-Key Encryption 24

25 Reminder: Security of Encryption pk b {0,1} pk m 0, m 1 of equal length ciphertext C Challenger C Enc(pk,m b ) b* public-key encryption scheme is indistinguishable under chosen-plaintext attacks (IND-CPA) if for any efficient Eve we have Pr [ b=b* ] ½ Marc Fischlin Summer School Romania 2014 Public-Key Encryption 25

26 Exercise Break (1) Show, like we did for semantic security, that no deterministic public-key encryption scheme can be IND-CPA* *assuming that message space contains at least two equal-length messages (2) Discuss that any encryption scheme with which one can only encrypt one message is IND-CPA Marc Fischlin Summer School Romania 2014 Public-Key Encryption 26

27 Semantic Security Indistinguishability Which one to prefer? It doesn t really matter Marc Fischlin Summer School Romania 2014 Public-Key Encryption 27

28 Theorem: A public-key encryption scheme is semantically secure if and only if it is IND-CPA ( indistinguishable ). * *Need to use slightly stronger definition of semantic security First IND-CPA implies semantic security, then NOT IND-CPA implies NOT semantic security.* Marc Fischlin Summer School Romania 2014 Public-Key Encryption 28

29 IND-CPA Semantic Security E (length-invariant) M Info S : given E, construct S as follows: pk C=Enc(pk,m) pk,c compute C*=Enc(pk,0 0) pk,c* E S run as subroutine E e approximating Info(pk,m) e* Marc Fischlin Summer School Romania 2014 Public-Key Encryption 29

30 IND-CPA Semantic Security E (length-invariant) M Info S : given E, construct S as follows: pk C=Enc(pk,m) pk,c IND-CPA: C* looks like C compute C*=Enc(pk,0 0) pk,c* E S run as e* looks like e subroutine e*, too, approximates Info(pk,m) E e approximating Info(pk,m) e* Marc Fischlin Summer School Romania 2014 Public-Key Encryption 30

31 NOT (IND-CPA) NOT (Semantic Security) pk b {0,1} pk E* m 0, m 1 of equal length ciphertext C Challenger C Enc(pk,m b ) b* such that Pr ( b=b*) >> ½ Marc Fischlin Summer School Romania 2014 Public-Key Encryption 31

32 Things to remember from this part: IND-CPA security of encryption: ciphertexts of adversarially chosen messages are indistinguishable Fact: semantic security and indistinguishability are equivalent suggested reading: Goldreich s book Foundations of Cryptography, Volume 2, Chapter 5 Marc Fischlin Summer School Romania 2014 Public-Key Encryption 32

33 Marc Fischlin Summer School Romania 2014 Public-Key Encryption 33 ElGamal Encryption

34 Key Agreement Eve eavesdrops on communication Alice key K??? Communication key agreement Bob cryptographic key K cryptographic key K secured through K Marc Fischlin Summer School Romania 2014 Public-Key Encryption 34

35 Diffie-Hellman Key Agreement W.Diffie, M.Hellman: New Directions in Cryptography, IEEE Transactions on Information Theory, 1976 Alice Bob Marc Fischlin Summer School Romania 2014 Public-Key Encryption 35

36 From Diffie-Hellman to ElGamal T.ElGamal: A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms". Transactions on Information Theory, 1985 Alice Bob pk =, Z Z= mix K with message m m= unmix K and Z and thus not m Marc Fischlin Summer School Romania 2014 Public-Key Encryption 36

37 ElGamal Encryption Scheme Key Generation: Encryption for message : Decryption: Marc Fischlin Summer School Romania 2014 Public-Key Encryption 37

38 Security of ElGamal Encryption Decisional Diffie-Hellman (DDH) Assumption given X,Y, key K looks random in general unknown implies Computational Diffie-Hellman (DH) Assumption given X,Y, K hard to compute in general unknown implies Discrete Logarithm Assumption given X=g x, x hard to compute Marc Fischlin Summer School Romania 2014 Public-Key Encryption 38

39 Marc Fischlin Summer School Romania 2014 Public-Key Encryption 39

40 Marc Fischlin Summer School Romania 2014 Public-Key Encryption 40

41 ElGamal Encryption is Secure under DDH pk b {0,1} pk=g sk m 0, m 1 G (X,Z) Challenger pick x Z q Z = pk x m b b* Pr (b=b*) ½ DDH pk x looks random and acts like one-time pad in G Marc Fischlin Summer School Romania 2014 Public-Key Encryption 41

42 Note: encoding message into group is usually too inefficient approach in practice via hash function Hash:G {0,1}*: encryption by (X,Z) for Z= Hash(pk x ) m Marc Fischlin Summer School Romania 2014 Public-Key Encryption 42

43 Things to remember from this part: ElGamal encryption: based on Diffie-Hellman key exchange Enc(pk, m) = (X,Z) where x Z q, X=g x, Z= pk x m and pk=g sk Fact: ElGamal encryption is IND-CPA under DDH Assumption (given pk,x, value pk x looks random) suggested reading: Katz-Lindell book Introduction to Modern Cryptography Marc Fischlin Summer School Romania 2014 Public-Key Encryption 43

44 Chosen-Ciphertext Security Marc Fischlin Summer School Romania 2014 Public-Key Encryption 44

45 chosen-ciphertext attack (CCA): Eve modifies ciphertext C to C* (say, by flipping some bits) to deduce some information about m from m* Eve eavesdrops on communication message m m* key pair (sk,pk) Alice C=Enc( pk k,m) ciphertext C public key pk ciphertext C* Bob m * =Dec( sk k, C *) Marc Fischlin Summer School Romania 2014 Public-Key Encryption 45

46 CCA against ElGamal Encryption message m Eve m*=g m key pair (sk,pk) Alice public key pk Bob m * =Dec( sk k, C *) Marc Fischlin Summer School Romania 2014 Public-Key Encryption 46

47 Exercise break Discuss that for ElGamal encryption: (1) given (X,Z) one can compute new ciphertext (X*,Z*) for same unknown message (2) given (X 1,Z 1 ),(X 2,Z 2 ) of unknown messages m 1,m 2 one can compute ciphertext of m 1 m 2 Marc Fischlin Summer School Romania 2014 Public-Key Encryption 47

48 Marc Fischlin Summer School Romania 2014 Public-Key Encryption 48

49 IND-CCA Security of Encryption Schemes pk ciphertext C* message m* Dec(sk, ) b {0,1} pk b* m 0, m 1 of equal length ciphertext C ciphertext C* C message m* public-key encryption scheme is indistinguishable under (adaptive) chosen-ciphertext attacks (IND-CCA) if for any efficient Eve we have Pr [ b=b* ] ½ Challenger C Enc(pk,m b ) Dec(sk, ) Marc Fischlin Summer School Romania 2014 Public-Key Encryption 49

50 Marc Fischlin Summer School Romania 2014 Public-Key Encryption 50

51 Making ElGamal CCA-secure R.Cramer, V.Shoup. A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. Crypto 98. Key Generation: Cramer-Shoup encryption scheme Encryption: Decryption: Marc Fischlin Summer School Romania 2014 Public-Key Encryption 51

52 Marc Fischlin Summer School Romania 2014 Public-Key Encryption 52

53 RSA-OAEP Encryption M.Bellare, P.Rogaway. Optimal Asymmetric Encryption -- How to encrypt with RSA, Eurocrypt 1994 OAEP = optimal asymmetric encryption padding (message space almost entire group ) standardized in ANS X9.44, IEEE P1363, SET Marc Fischlin Summer School Romania 2014 Public-Key Encryption 53

54 Encryption G,H hash functions (random oracles) m 0 k r pad message to m 0 k G pick random string r s H RSA t s = G(r) m 0 k t = H(s) r RSA ( s t ) C = RSA ( s t ) Marc Fischlin Summer School Romania 2014 Public-Key Encryption 54

55 Decryption m 0 k r m z=0 k r? G G H H s= G(r) m 0 k t=h(s) r s t RSA RSA ( s t ) RSA 1 RSA ( s t ) Marc Fischlin Summer School Romania 2014 Public-Key Encryption 55

56 Theorem: RSA-OAEP is IND-CCA under RSA assumption in the random oracle model. first security proof in 1994, but: Shoup: gap in the proof (November 18 th, 2000) Fujisaki, Okamoto, Pointcheval, Stern: gap can be closed (November 27 th, 2000) Marc Fischlin Summer School Romania 2014 Public-Key Encryption 56

57 Security idea for CPA adversary does not learn anything about message from ciphertext m 0 k r G RSA assumption: s hard to compute from C H then r = H(s) t random looking s t also m 0 k = s G(r) quasi random RSA RSA ( s t ) (from adversary s perspective!) Marc Fischlin Summer School Romania 2014 Public-Key Encryption 57

58 Security idea for CCA adversary cannot meaningfully modify ciphertext m 0 k r random G H random Assume: adversary can modify ciphertext through RSA to flip bits in s t s t then r* = H([s+flips]) [t+flips] random, and thus also G(r*) RSA RSA ( s t ) with high probability also bit flips in 0 k, hence ciphertext invalid Marc Fischlin Summer School Romania 2014 Public-Key Encryption 58

59 RSA PKCS #1 v1.5 another encoding scheme for RSA: random string 00 message. still often used instead of OAEP Bleichenbacher s attack: PSA PKCS #1 v1.5 not IND-CCA. D.Bleichenbacher, Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1. Crypto 98 Marc Fischlin Summer School Romania 2014 Public-Key Encryption 59

60 Note on Certification of public keys certification= binding of public keys to person often implicitly assumed in crypto decrypt message m with the help of sk* Eve eavesdrops on communication message m key pair (sk,pk) Alice C=Enc( pk* k, m) public key pk* ciphertext C public key pk Bob Marc Fischlin Summer School Romania 2014 Public-Key Encryption 60

61 Things to remember from this part: Chosen-Ciphertext Security (IND-CCA): adversary cannot distinguish ciphertexts of messages, even if allowed to decrypt other ciphertexts strong security notion, not satisfied by ElGamal encryption Fact: Cramer-Shoup version of ElGamal is IND-CCA (for DDH assumption) RSA-OAEP is IND-CCA for RSA assumption in random oracle model suggested reading: Katz-Lindell book Introduction to Modern Cryptography Marc Fischlin Summer School Romania 2014 Public-Key Encryption 61

62 Marc Fischlin Summer School Romania 2014 Public-Key Encryption 62 Hybrid Encryption

63 So far: public-key encryption only for short messages Hybrid encryption: (best of both worlds) encrypt short symmetric key k under public scheme + encrypt data under key k with faster symmetric scheme message m key pair (sk,pk) Alice pick key k, C PubEnc(pk,k) D SymEnc(k,m) pk ciphertext (C,D) Bob k=pubdec(sk, C) m=symdec(k, D) Marc Fischlin Summer School Romania 2014 Public-Key Encryption 63

64 Theorem (CCA+CCA=CCA): If public-key scheme is IND-CCA and symmetric scheme is IND-CCA, then so is hybrid encryption scheme. But we actually need less: encrypt only random keys under public-key scheme KEM/DEM approach: KEM = key encapsulation mechanism DEM = data encryption mechanism Marc Fischlin Summer School Romania 2014 Public-Key Encryption 64

65 KEM: encryption generates random key k and ciphertext C pk b {0,1} pk (C, k b ) Challenger (C,k 0 ) Enc(pk) pick random k 1 b* Pr( b=b*) ½ Marc Fischlin Summer School Romania 2014 Public-Key Encryption 65

66 KEM/DEM approach can lead to more efficient solutions: Cramer-Shoup encryption: Kurosawa-Desmedt KEM/DEM version: Marc Fischlin Summer School Romania 2014 Public-Key Encryption 66

67 Things to remember from this part: Hybrid Encryption: encrypt symmetric key k with public-key scheme, encrypt message with k under symmetric scheme special case: KEM/DEM suggested reading: Katz-Lindell book Introduction to Modern Cryptography Marc Fischlin Summer School Romania 2014 Public-Key Encryption 67

68 Marc Fischlin Summer School Romania 2014 Public-Key Encryption 68 Wrap Up

69 Semantic Security: Indistinguishability (IND-CPA): Semantic Security.Indistinguishability (IND-CPA) Marc Fischlin Summer School Romania 2014 Public-Key Encryption 69

70 ElGamal encryption: ElGamal encryption is.. secure ElGamal encryption is not.. secure Marc Fischlin Summer School Romania 2014 Public-Key Encryption 70

71 IND-CCA security: Examples of IND-CCA secure schemes: Marc Fischlin Summer School Romania 2014 Public-Key Encryption 71

72 Hybrid encryption: Marc Fischlin Summer School Romania 2014 Public-Key Encryption 72

73 Ph.D. TU Darmstadt: Marc Fischlin Summer School Romania 2014 Public-Key Encryption 73

Similar documents

Overview of Public-Key Cryptography

Overview of Public-Key Cryptography CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows

More information

Lecture 6 - Cryptography

Lecture 6 - Cryptography Lecture 6 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07 Question 2 Setup: Assume you and I don t know anything about

More information

Universal Padding Schemes for RSA

Universal Padding Schemes for RSA Universal Padding Schemes for RSA Jean-Sébastien Coron, Marc Joye, David Naccache, and Pascal Paillier Gemplus Card International, France {jean-sebastien.coron, marc.joye, david.naccache, pascal.paillier}@gemplus.com

More information

Lecture 3: One-Way Encryption, RSA Example

Lecture 3: One-Way Encryption, RSA Example ICS 180: Introduction to Cryptography April 13, 2004 Lecturer: Stanislaw Jarecki Lecture 3: One-Way Encryption, RSA Example 1 LECTURE SUMMARY We look at a different security property one might require

More information

Public Key Cryptography: RSA and Lots of Number Theory

Public Key Cryptography: RSA and Lots of Number Theory Public Key Cryptography: RSA and Lots of Number Theory Public vs. Private-Key Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

CIS 5371 Cryptography. 8. Encryption --

CIS 5371 Cryptography. 8. Encryption -- CIS 5371 Cryptography p y 8. Encryption -- Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: All-or-nothing secrecy.

More information

Cryptography. Jonathan Katz, University of Maryland, College Park, MD 20742.

Cryptography. Jonathan Katz, University of Maryland, College Park, MD 20742. Cryptography Jonathan Katz, University of Maryland, College Park, MD 20742. 1 Introduction Cryptography is a vast subject, addressing problems as diverse as e-cash, remote authentication, fault-tolerant

More information

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and

More information

RSA OAEP is Secure under the RSA Assumption

RSA OAEP is Secure under the RSA Assumption This is a revised version of the extended abstract RSA OAEP is Secure under the RSA Assumption which appeared in Advances in Cryptology Proceedings of CRYPTO 2001 (19 23 august 2001, Santa Barbara, California,

More information

Identity-Based Encryption from the Weil Pairing

Identity-Based Encryption from the Weil Pairing Appears in SIAM J. of Computing, Vol. 32, No. 3, pp. 586-615, 2003. An extended abstract of this paper appears in the Proceedings of Crypto 2001, volume 2139 of Lecture Notes in Computer Science, pages

More information

Public Key Cryptography and RSA. Review: Number Theory Basics

Public Key Cryptography and RSA. Review: Number Theory Basics Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and

More information

Lecture 25: Pairing-Based Cryptography

Lecture 25: Pairing-Based Cryptography 6.897 Special Topics in Cryptography Instructors: Ran Canetti and Ron Rivest May 5, 2004 Lecture 25: Pairing-Based Cryptography Scribe: Ben Adida 1 Introduction The field of Pairing-Based Cryptography

More information

The application of prime numbers to RSA encryption

The application of prime numbers to RSA encryption The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered

More information

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

More information

Ch.9 Cryptography. The Graduate Center, CUNY.! CSc 75010 Theoretical Computer Science Konstantinos Vamvourellis

Ch.9 Cryptography. The Graduate Center, CUNY.! CSc 75010 Theoretical Computer Science Konstantinos Vamvourellis Ch.9 Cryptography The Graduate Center, CUNY! CSc 75010 Theoretical Computer Science Konstantinos Vamvourellis Why is Modern Cryptography part of a Complexity course? Short answer:! Because Modern Cryptography

More information

Lecture 15 - Digital Signatures

Lecture 15 - Digital Signatures Lecture 15 - Digital Signatures Boaz Barak March 29, 2010 Reading KL Book Chapter 12. Review Trapdoor permutations - easy to compute, hard to invert, easy to invert with trapdoor. RSA and Rabin signatures.

More information

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport

More information

159.334 Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

159.334 Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology Network Security 1 Professor Richard Harris School of Engineering and Advanced Technology Presentation Outline Overview of Identification and Authentication The importance of identification and Authentication

More information

Lecture 17: Re-encryption

Lecture 17: Re-encryption 600.641 Special Topics in Theoretical Cryptography April 2, 2007 Instructor: Susan Hohenberger Lecture 17: Re-encryption Scribe: Zachary Scott Today s lecture was given by Matt Green. 1 Motivation Proxy

More information

Network Security. Chapter 2 Basics 2.2 Public Key Cryptography. Public Key Cryptography. Public Key Cryptography

Network Security. Chapter 2 Basics 2.2 Public Key Cryptography. Public Key Cryptography. Public Key Cryptography Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Encryption/Decryption using Public Key Cryptography Network Security Chapter 2 Basics 2.2 Public Key Cryptography

More information

1 Message Authentication

1 Message Authentication Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions

More information

Digital Signatures. Prof. Zeph Grunschlag

Digital Signatures. Prof. Zeph Grunschlag Digital Signatures Prof. Zeph Grunschlag (Public Key) Digital Signatures PROBLEM: Alice would like to prove to Bob, Carla, David,... that has really sent them a claimed message. E GOAL: Alice signs each

More information

Chosen-Ciphertext Security from Identity-Based Encryption

Chosen-Ciphertext Security from Identity-Based Encryption Chosen-Ciphertext Security from Identity-Based Encryption Dan Boneh Ran Canetti Shai Halevi Jonathan Katz June 13, 2006 Abstract We propose simple and efficient CCA-secure public-key encryption schemes

More information

Introduction. Digital Signature

Introduction. Digital Signature Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology

More information

CryptoVerif Tutorial

CryptoVerif Tutorial CryptoVerif Tutorial Bruno Blanchet INRIA Paris-Rocquencourt bruno.blanchet@inria.fr November 2014 Bruno Blanchet (INRIA) CryptoVerif Tutorial November 2014 1 / 14 Exercise 1: preliminary definition SUF-CMA

More information

Privacy in Encrypted Content Distribution Using Private Broadcast Encryption

Privacy in Encrypted Content Distribution Using Private Broadcast Encryption Privacy in Encrypted Content Distribution Using Private Broadcast Encryption Adam Barth 1, Dan Boneh 1, and Brent Waters 2 1 Stanford University, Stanford, CA 94305 {abarth, dabo}@cs.stanford.edu 2 SRI

More information

The Order of Encryption and Authentication for Protecting Communications (Or: How Secure is SSL?)

The Order of Encryption and Authentication for Protecting Communications (Or: How Secure is SSL?) The Order of Encryption and Authentication for Protecting Communications (Or: How Secure is SSL?) Hugo Krawczyk Abstract. We study the question of how to generically compose symmetric encryption and authentication

More information

Elements of Applied Cryptography Public key encryption

Elements of Applied Cryptography Public key encryption Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let

More information

RSA Attacks. By Abdulaziz Alrasheed and Fatima

RSA Attacks. By Abdulaziz Alrasheed and Fatima RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography

More information

1 Domain Extension for MACs

1 Domain Extension for MACs CS 127/CSCI E-127: Introduction to Cryptography Prof. Salil Vadhan Fall 2013 Reading. Lecture Notes 17: MAC Domain Extension & Digital Signatures Katz-Lindell Ÿ4.34.4 (2nd ed) and Ÿ12.0-12.3 (1st ed).

More information

Software Tool for Implementing RSA Algorithm

Software Tool for Implementing RSA Algorithm Software Tool for Implementing RSA Algorithm Adriana Borodzhieva, Plamen Manoilov Rousse University Angel Kanchev, Rousse, Bulgaria Abstract: RSA is one of the most-common used algorithms for public-key

More information

Post-Quantum Cryptography #4

Post-Quantum Cryptography #4 Post-Quantum Cryptography #4 Prof. Claude Crépeau McGill University http://crypto.cs.mcgill.ca/~crepeau/waterloo 185 ( 186 Attack scenarios Ciphertext-only attack: This is the most basic type of attack

More information

1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.

1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6. 1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared

More information

QUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University

QUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University QUANTUM COMPUTERS AND CRYPTOGRAPHY Mark Zhandry Stanford University Classical Encryption pk m c = E(pk,m) sk m = D(sk,c) m??? Quantum Computing Attack pk m aka Post-quantum Crypto c = E(pk,m) sk m = D(sk,c)

More information

Kleptography: The unbearable lightness of being mistrustful

Kleptography: The unbearable lightness of being mistrustful Kleptography: The unbearable lightness of being mistrustful MOTI YUNG Google Inc. / Columbia University Joint work with Adam Young Background: -The time is the Mid 90 s: Cryptography is the big Equalizer

More information

1 Signatures vs. MACs

1 Signatures vs. MACs CS 120/ E-177: Introduction to Cryptography Salil Vadhan and Alon Rosen Nov. 22, 2006 Lecture Notes 17: Digital Signatures Recommended Reading. Katz-Lindell 10 1 Signatures vs. MACs Digital signatures

More information

Chosen-Ciphertext Security from Identity-Based Encryption

Chosen-Ciphertext Security from Identity-Based Encryption Chosen-Ciphertext Security from Identity-Based Encryption Dan Boneh Ran Canetti Shai Halevi Jonathan Katz Abstract We propose simple and efficient CCA-secure public-key encryption schemes (i.e., schemes

More information

Proofs in Cryptography

Proofs in Cryptography Proofs in Cryptography Ananth Raghunathan Abstract We give a brief overview of proofs in cryptography at a beginners level. We briefly cover a general way to look at proofs in cryptography and briefly

More information

Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre

Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre Some slides were also taken from Chanathip Namprempre's defense

More information

Discrete Mathematics, Chapter 4: Number Theory and Cryptography

Discrete Mathematics, Chapter 4: Number Theory and Cryptography Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility

More information

DIRECT ONLINE/OFFLINE DIGITAL SIGNATURE SCHEMES. Ping Yu, M.S. Dissertation Prepared for the Degree of DOCTOR OF PHILOSOPHY UNIVERSITY OF NORTH TEXAS

DIRECT ONLINE/OFFLINE DIGITAL SIGNATURE SCHEMES. Ping Yu, M.S. Dissertation Prepared for the Degree of DOCTOR OF PHILOSOPHY UNIVERSITY OF NORTH TEXAS DIRECT ONLINE/OFFLINE DIGITAL SIGNATURE SCHEMES Ping Yu, M.S. Dissertation Prepared for the Degree of DOCTOR OF PHILOSOPHY UNIVERSITY OF NORTH TEXAS December 2008 APPROVED: Stephen R. Tate, Major Professor

More information

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies 1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?

More information

Crittografia e sicurezza delle reti. Digital signatures- DSA

Crittografia e sicurezza delle reti. Digital signatures- DSA Crittografia e sicurezza delle reti Digital signatures- DSA Signatures vs. MACs Suppose parties A and B share the secret key K. Then M, MAC K (M) convinces A that indeed M originated with B. But in case

More information

Cryptography and Network Security Chapter 9

Cryptography and Network Security Chapter 9 Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,

More information

Chapter 11. Asymmetric Encryption. 11.1 Asymmetric encryption schemes

Chapter 11. Asymmetric Encryption. 11.1 Asymmetric encryption schemes Chapter 11 Asymmetric Encryption The setting of public-key cryptography is also called the asymmetric setting due to the asymmetry in key information held by the parties. Namely one party has a secret

More information

A Factoring and Discrete Logarithm based Cryptosystem

A Factoring and Discrete Logarithm based Cryptosystem Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511-517 HIKARI Ltd, www.m-hikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques

More information

Fully homomorphic encryption equating to cloud security: An approach

Fully homomorphic encryption equating to cloud security: An approach IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 9, Issue 2 (Jan. - Feb. 2013), PP 46-50 Fully homomorphic encryption equating to cloud security: An approach

More information

An Introduction to the RSA Encryption Method

An Introduction to the RSA Encryption Method April 17, 2012 Outline 1 History 2 3 4 5 History RSA stands for Rivest, Shamir, and Adelman, the last names of the designers It was first published in 1978 as one of the first public-key crytographic systems

More information

Improved Online/Offline Signature Schemes

Improved Online/Offline Signature Schemes Improved Online/Offline Signature Schemes Adi Shamir and Yael Tauman Applied Math. Dept. The Weizmann Institute of Science Rehovot 76100, Israel {shamir,tauman}@wisdom.weizmann.ac.il Abstract. The notion

More information

A Method for Making Password-Based Key Exchange Resilient to Server Compromise

A Method for Making Password-Based Key Exchange Resilient to Server Compromise A Method for Making Password-Based Key Exchange Resilient to Server Compromise Craig Gentry 1, Philip MacKenzie 2, and Zulfikar Ramzan 3 1 Stanford University, Palo Alto, CA, USA, cgentry@cs.stanford.edu

More information

On Factoring Integers and Evaluating Discrete Logarithms

On Factoring Integers and Evaluating Discrete Logarithms On Factoring Integers and Evaluating Discrete Logarithms A thesis presented by JOHN AARON GREGG to the departments of Mathematics and Computer Science in partial fulfillment of the honors requirements

More information

Provable-Security Analysis of Authenticated Encryption in Kerberos

Provable-Security Analysis of Authenticated Encryption in Kerberos Provable-Security Analysis of Authenticated Encryption in Kerberos Alexandra Boldyreva Virendra Kumar Georgia Institute of Technology, School of Computer Science 266 Ferst Drive, Atlanta, GA 30332-0765

More information

CS549: Cryptography and Network Security

CS549: Cryptography and Network Security CS549: Cryptography and Network Security by Xiang-Yang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared

More information

Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords

Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords Jonathan Katz 1 Rafail Ostrovsky 2 Moti Yung 3 1 Telcordia Technologies and Department of Computer Science, Columbia University.

More information

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,

More information

Secure File Transfer Using USB

Secure File Transfer Using USB International Journal of Scientific and Research Publications, Volume 2, Issue 4, April 2012 1 Secure File Transfer Using USB Prof. R. M. Goudar, Tushar Jagdale, Ketan Kakade, Amol Kargal, Darshan Marode

More information

MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS

MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND SCIENCE MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS Kanchupati Kondaiah 1, B.Sudhakar 2 1 M.Tech Student, Dept of CSE,

More information

Public Key (asymmetric) Cryptography

Public Key (asymmetric) Cryptography Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,

More information

Message Authentication Code

Message Authentication Code Message Authentication Code Ali El Kaafarani Mathematical Institute Oxford University 1 of 44 Outline 1 CBC-MAC 2 Authenticated Encryption 3 Padding Oracle Attacks 4 Information Theoretic MACs 2 of 44

More information

Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1

Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 Daniel Bleichenbacher Bell Laboratories 700 Mountain Ave., Murray Hill, NJ 07974 bleichen@research.bell-labs.com

More information

Public-Key Cryptanalysis

Public-Key Cryptanalysis To appear in Recent Trends in Cryptography, I. Luengo (Ed.), Contemporary Mathematics series, AMS-RSME, 2008. Public-Key Cryptanalysis Phong Q. Nguyen Abstract. In 1976, Diffie and Hellman introduced the

More information

Certificate Based Signature Schemes without Pairings or Random Oracles

Certificate Based Signature Schemes without Pairings or Random Oracles Certificate Based Signature Schemes without Pairings or Random Oracles p. 1/2 Certificate Based Signature Schemes without Pairings or Random Oracles Joseph K. Liu, Joonsang Baek, Willy Susilo and Jianying

More information

7! Cryptographic Techniques! A Brief Introduction

7! Cryptographic Techniques! A Brief Introduction 7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (Public-Key) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures

More information

How To Know If A Message Is From A Person Or A Machine

How To Know If A Message Is From A Person Or A Machine The RSA Algorithm Evgeny Milanov 3 June 2009 In 1978, Ron Rivest, Adi Shamir, and Leonard Adleman introduced a cryptographic algorithm, which was essentially to replace the less secure National Bureau

More information

Trading One-Wayness against Chosen-Ciphertext Security in Factoring-Based Encryption

Trading One-Wayness against Chosen-Ciphertext Security in Factoring-Based Encryption Trading One-Wayness against Chosen-Ciphertext Security in Factoring-Based Encryption Pascal Paillier 1 and Jorge L. Villar 2 1 Cryptography Group, Security Labs, Gemalto pascal.paillier@gemalto.com 2 Departament

More information

Capture Resilient ElGamal Signature Protocols

Capture Resilient ElGamal Signature Protocols Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department

More information

Lecture 2: Complexity Theory Review and Interactive Proofs

Lecture 2: Complexity Theory Review and Interactive Proofs 600.641 Special Topics in Theoretical Cryptography January 23, 2007 Lecture 2: Complexity Theory Review and Interactive Proofs Instructor: Susan Hohenberger Scribe: Karyn Benson 1 Introduction to Cryptography

More information

A Proposal for an ISO Standard for Public Key Encryption (version 2.1)

A Proposal for an ISO Standard for Public Key Encryption (version 2.1) A Proposal for an ISO Standard for Public Key Encryption (version 2.1) Victor Shoup IBM Zurich Research Lab, Säumerstr. 4, 8803 Rüschlikon, Switzerland sho@zurich.ibm.com December 20, 2001 Abstract This

More information

Group Blind Digital Signatures: Theory and Applications by Zulækar Amin Ramzan Submitted to the Department of Electrical Engineering and Computer Science in partial fulællment of the requirements for the

More information

Notes on Network Security Prof. Hemant K. Soni

Notes on Network Security Prof. Hemant K. Soni Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications

More information

Semantic Security for the McEliece Cryptosystem without Random Oracles

Semantic Security for the McEliece Cryptosystem without Random Oracles Semantic Security for the McEliece Cryptosystem without Random Oracles Ryo Nojima 1, Hideki Imai 23, Kazukuni Kobara 3, and Kirill Morozov 3 1 National Institute of Information and Communications Technology

More information

Victor Shoup Avi Rubin. fshoup,rubing@bellcore.com. Abstract

Victor Shoup Avi Rubin. fshoup,rubing@bellcore.com. Abstract Session Key Distribution Using Smart Cards Victor Shoup Avi Rubin Bellcore, 445 South St., Morristown, NJ 07960 fshoup,rubing@bellcore.com Abstract In this paper, we investigate a method by which smart

More information

On the Security of the Tor Authentication Protocol

On the Security of the Tor Authentication Protocol On the Security of the Tor Authentication Protocol Ian Goldberg David R. Cheriton School of Computer Science, University of Waterloo, 00 University Ave W, Waterloo, ON NL 3G1 iang@cs.uwaterloo.ca Abstract.

More information

Advanced Cryptography

Advanced Cryptography Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.

More information

Lecture 9: Application of Cryptography

Lecture 9: Application of Cryptography Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that

More information

Module: Applied Cryptography. Professor Patrick McDaniel Fall 2010. CSE543 - Introduction to Computer and Network Security

Module: Applied Cryptography. Professor Patrick McDaniel Fall 2010. CSE543 - Introduction to Computer and Network Security CSE543 - Introduction to Computer and Network Security Module: Applied Cryptography Professor Patrick McDaniel Fall 2010 Page 1 Key Distribution/Agreement Key Distribution is the process where we assign

More information

Secure Deduplication of Encrypted Data without Additional Independent Servers

Secure Deduplication of Encrypted Data without Additional Independent Servers Secure Deduplication of Encrypted Data without Additional Independent Servers Jian Liu Aalto University jian.liu@aalto.fi N. Asokan Aalto University and University of Helsinki asokan@acm.org Benny Pinkas

More information

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:

More information

Lukasz Pater CMMS Administrator and Developer

Lukasz Pater CMMS Administrator and Developer Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign

More information

Paillier Threshold Encryption Toolbox

Paillier Threshold Encryption Toolbox Paillier Threshold Encryption Toolbox October 23, 2010 1 Introduction Following a desire for secure (encrypted) multiparty computation, the University of Texas at Dallas Data Security and Privacy Lab created

More information

Identity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks

Identity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks Identity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks Tsz Hon Yuen - Huawei, Singapore Ye Zhang - Pennsylvania State University, USA Siu Ming

More information

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian

More information

How to Encrypt in the Mobile Cloud. Yuliang Zheng ( 鄭 玉 良 ) UNC Charlotte yzheng@uncc.edu

How to Encrypt in the Mobile Cloud. Yuliang Zheng ( 鄭 玉 良 ) UNC Charlotte yzheng@uncc.edu How to Encrypt in the Mobile Cloud Yuliang Zheng ( 鄭 玉 良 ) UNC Charlotte yzheng@uncc.edu Smartphones meet the cloud (Match made in the heaven) Smartphones Small storage Stolen/lost Models change yearly

More information

A SOFTWARE COMPARISON OF RSA AND ECC

A SOFTWARE COMPARISON OF RSA AND ECC International Journal Of Computer Science And Applications Vol. 2, No. 1, April / May 29 ISSN: 974-13 A SOFTWARE COMPARISON OF RSA AND ECC Vivek B. Kute Lecturer. CSE Department, SVPCET, Nagpur 9975549138

More information

Authentication and Encryption: How to order them? Motivation

Authentication and Encryption: How to order them? Motivation Authentication and Encryption: How to order them? Debdeep Muhopadhyay IIT Kharagpur Motivation Wide spread use of internet requires establishment of a secure channel. Typical implementations operate in

More information

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads CS 7880 Graduate Cryptography October 15, 2015 Lecture 10: CPA Encryption, MACs, Hash Functions Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Chosen plaintext attack model of security MACs

More information

Hybrid Encryption in the Multi-User Setting

Hybrid Encryption in the Multi-User Setting Hybrid Encryption in the Multi-User Setting G.M. Zaverucha Research In Motion 4701 Tahoe Boulevard Mississauga ON, L4W 0B5 March 20, 2012 Abstract This paper presents an attack in the multi-user setting

More information

Security of Blind Digital Signatures

Security of Blind Digital Signatures Security of Blind Digital Signatures (Revised Extended Abstract) Ari Juels 1 Michael Luby 2 Rafail Ostrovsky 3 1 RSA Laboratories. Email: ari@rsa.com. 2 Digital Fountain 3 UCLA, Email: rafail@cs.ucla.edu.

More information

Efficient Certificate-Based Encryption Scheme Secure Against Key Replacement Attacks in the Standard Model *

Efficient Certificate-Based Encryption Scheme Secure Against Key Replacement Attacks in the Standard Model * JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 0, 55-568 (04) Efficient Certificate-Based Encryption Scheme Secure Against Key Replacement Attacks in the Standard Model * College of Computer and Information

More information

Adaptively-Secure, Non-Interactive Public-Key Encryption

Adaptively-Secure, Non-Interactive Public-Key Encryption Adaptively-Secure, Non-Interactive Public-Key Encryption Ran Canetti 1, Shai Halevi 1, and Jonathan Katz 2 1 IBM T.J. Watson Research Center, NY, USA. 2 Department of Computer Science, University of Maryland.

More information

Cryptography and Network Security Chapter 10

Cryptography and Network Security Chapter 10 Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 10 Other Public Key Cryptosystems Amongst the tribes of Central

More information

Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption

Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption Ronald Cramer Victor Shoup December 12, 2001 Abstract We present several new and fairly practical public-key

More information

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Module No. # 01 Lecture No. # 05 Classic Cryptosystems (Refer Slide Time: 00:42)

More information

A New Efficient Digital Signature Scheme Algorithm based on Block cipher

A New Efficient Digital Signature Scheme Algorithm based on Block cipher IOSR Journal of Computer Engineering (IOSRJCE) ISSN: 2278-0661, ISBN: 2278-8727Volume 7, Issue 1 (Nov. - Dec. 2012), PP 47-52 A New Efficient Digital Signature Scheme Algorithm based on Block cipher 1

More information

Identity-based Encryption with Efficient Revocation

Identity-based Encryption with Efficient Revocation A preliminary version of this paper appears in Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2008, ACM Press, 2008. This is the full version. Identity-based Encryption

More information

CS 758: Cryptography / Network Security

CS 758: Cryptography / Network Security CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html

More information
2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information