L24. Collision Resistant Hashing. apr 20 abhi shelat
|
|
- Oscar Gray
- 7 years ago
- Views:
Transcription
1 L Collision Resistant Hashing apr 20 abhi shelat
2 1-time existential unforgability even when given a signing oracle for 1 msg, an adversary cannot forge a signature for any message of its choosing Eve Alice
3 1-time existential unforgability even when given a signing oracle for 1 msg, an adversary cannot forge a signature for any message of its choosing Eve Alice m
4 let { f }n be a collection of owfs. Gen(1 n ):
5 let { f }n be a collection of owfs. Gen(1 n ): x 0 0 x 0 1 x 0 2 x 0 3 x 1 0 x 1 1 x 1 2 x 1 3
6 let { f }n be a collection of owfs. Gen(1 n ): x 0 0 x 0 1 x 0 2 x 0 3 f f f f x 1 0 x 1 1 x 1 2 x 1 3 f f f f
7 let { f }n be a collection of owfs. Gen(1 n ): x 0 0 x 0 1 x 0 2 x 0 3 f f f f x 1 0 x 1 1 x 1 2 x 1 3 secret key f f f f public key
8 let { f }n be a collection of owfs. Gen(1 n ): x 0 0 x 0 1 x 0 2 x 0 3 f f f f x 1 0 x 1 1 x 1 2 x 1 3 secret key f f f f public key Signsk(m):
9 let { f }n be a collection of owfs. Gen(1 n ): x 0 0 x 0 1 x 0 2 x 0 3 f f f f x 1 0 x 1 1 x 1 2 x 1 3 secret key f f f f public key Signsk(m): 0110
10 let { f }n be a collection of owfs. Gen(1 n ): x 0 0 x 0 1 x 0 2 x 0 3 f f f f x 1 0 x 1 1 x 1 2 x 1 3 secret key f f f f public key Signsk(m): x 0 0 x x 1 1 x 1 2
11 security proof let { f }n be a collection of owfs. Gen(1 n ): x 0 0 x 0 1 x 0 2 x 0 3 f f f f x 1 0 x 1 1 x 1 2 x 1 3 secret key f f f f public key Signsk(m): x 0 0 x x 1 1 x 1 2
12 anatomy of a 1-forger query response pk Forging Adversary forgery
13 anatomy of an inverter f(x) x one-way function inverter
14 how to use a 1-forger to make an inverter
15 f(x) x one-way function inverter x 0 0 x 0 1 x 0 3 x 1 0 x 1 1 x 1 2 x 1 3 x 0 0 x 0 3 x 1 1 x 1 2 query resp f f f(x) f f f f f Forging Adversary x 0 2 x 1 0 x 1 1 x 1 3
16 goal: sign long msgs
17 goal of a hash function many bits hash function h fewer bits
18 a hash function is a function such that h is easy to evaluate and r < d
19 useful in data structures public class test { public static void main(string[] args) { System.out.println(args[0].hashCode()); } } abhi$ java test HHHHHHHHHHHHHHHHHHHHGGGDD
20 collisions should be rare public class test { public static void main(string[] args) { System.out.println(args[0].hashCode()); } } abhi$ java test HHHHHHHHHHHHHHHHHHHHGGGDD abhi$ java test hello world
21 java hash function
22 java hash function it is thus easy to find a pair s1,s2 such that h(s1)= h(s2)
23 public class test { public static void main(string[] args) { System.out.println(args[0].hashCode()); } } abhi$ java test HHHHHHHHHHHHHHHHHHHHGGGDD
24 public class test { public static void main(string[] args) { System.out.println(args[0].hashCode()); } } abhi$ java test HHHHHHHHHHHHHHHHHHHHGGGDD abhi$ java test HHHHHHHHHHHHHHHHHHHHGGGCc
25 public class test { public static void main(string[] args) { System.out.println(args[0].hashCode()); } } abhi$ java test HHHHHHHHHHHHHHHHHHHHGGGDD abhi$ java test HHHHHHHHHHHHHHHHHHHHGGGCc D - c + 31( D - C ) = 0
26 hashing is also important for cryptographic applications finding a collision should be intractable
27 definition in addition to being easy to compute, it should be hard for a p.p.t. adversary to find a hash collision.
28 a collision resistant hash function is such that h is easy to evaluate and n < d and for all non-uniform p.p.t. A
29 a collision resistant hash function is such that h is easy to evaluate and n < d and for all non-uniform p.p.t. A
30 a collision resistant hash function is such that h is easy to evaluate and n < d and for all non-uniform p.p.t. A first problem: what if s1=s2
31 non-uniform advice a collision resistant hash function is such that h is easy to evaluate and n < d and for all non-uniform p.p.t. A
32 non-uniform advice a collision resistant hash function is such that h is easy to evaluate and n < d and for all non-uniform p.p.t. A there must exist a collision. the collision can be non-uniform advice.
33 new definition a family of collision resistant hash funcs is such that easy to sample a function i hi is easy to evaluate and n < d and for all non-uniform p.p.t. A and
34 general attacks
35 general attacks pick a pair x,y from domain if h(x)=h(y) and x = y output (x,y) else repeat
36 domain of size d range of size r
37 domain of size d range of size r
38 domain of size d range of size r
39 domain of size d s1 range of size r
40 domain of size d s1 s2... sr range of size r
41 domain of size d s1 s2... sr range of size r
42 domain of size d s1 s2... sr range of size r...
43 domain of size d s1 s2... sr range of size r
44 domain of size d s1 s2... sr range of size r
45 domain of size d s1 s2... sr range of size r
46 domain of size d s1 s2... sr range of size r
47 domain of size d s1 s2... sr range of size r
48 domain of size d s1 s2... sr range of size r
49 domain of size d s1 s2... sr range of size r
50 domain of size d s1 s2... sr range of size r
51 domain of size d s1 s2... sr range of size r
52 domain of size d s1 s2... sr range of size r
53 domain of size d s1 s2... sr range of size r
54 birthday attacks
55 birthday attacks pick q (distinct) x1,x2,...,xq from domain make list h(x1),...,h(xq) look for collision in list
56 q=2 birthday attacks
57 birthday attacks pick q (distinct) x1,x2,...,xq from domain make list h(x1),...,h(xq) look for collision in list q=2
58 birthday attacks pick q (distinct) x1,x2,...,xq from domain make list h(x1),...,h(xq) look for collision in list q=1 q=2
59 birthday attacks pick q (distinct) x1,x2,...,xq from domain make list h(x1),...,h(xq) look for collision in list q=1 q=2 q=3
60 birthday attacks
61 birthday attacks pick q (distinct) x1,x2,...,xq from domain make list h(x1),...,h(xq) look for collision in list
62 birthday attacks pick q (distinct) x1,x2,...,xq from domain make list h(x1),...,h(xq) look for collision in list pick and prob of collision is good
63 constructions crhf under the discrete log assumption
64 constructions crhf under the discrete log assumption
65 constructions crhf under the discrete log assumption
66 constructions crhf under the discrete log assumption
67 why is this cr? crhf under the discrete log assumption
68 why is this cr? crhf under the discrete log assumption suppose
69 why is this cr? crhf under the discrete log assumption suppose
70 why is this cr? crhf under the discrete log assumption suppose if b=b if then x=x
71 why is this cr? crhf under the discrete log assumption suppose if b=b if then x=x if collision, then b=b
72 why is this cr? crhf under the discrete log assumption suppose
73 why is this cr? crhf under the discrete log assumption suppose
74 why is this cr? crhf under the discrete log assumption suppose is the dlog of y w.r.t x
75 only compresses by 1 bit
76 merkle-damgard trick x0 x1 x2... xn
77 merkle-damgard trick x0 x1 x2... xn h: N+1 to N bits
78 merkle-damgard trick x0 x1 x2... xn h: iv N+1 to N bits
79 merkle-damgard trick x0 x1 x2... xn h: iv N+1 to N bits
80 merkle-damgard trick x0 x1 x2... xn iv h: N+1 to N bits h: N+1 to N bits
81 merkle-damgard trick x0 x1 x2... xn h: h: h: iv N+1 N+1... N+1 to to to N bits N bits N bits
82 merkle-damgard trick x0 x1 x2... xn h: h: h: iv N+1 N+1... N+1 to to to N bits N bits N bits
83 md4 md sha sha
84 md4 md bit 128 bit sha bit sha bit
85 md bit 1995 md bit 1998 sha bit 2005* sha bit
86 how to sign 1 long msg
87 how to sign many msgs
88
89 many msgs with less state
Digital Signatures. Prof. Zeph Grunschlag
Digital Signatures Prof. Zeph Grunschlag (Public Key) Digital Signatures PROBLEM: Alice would like to prove to Bob, Carla, David,... that has really sent them a claimed message. E GOAL: Alice signs each
More informationDigital Signatures. What are Signature Schemes?
Digital Signatures Debdeep Mukhopadhyay IIT Kharagpur What are Signature Schemes? Provides message integrity in the public key setting Counter-parts of the message authentication schemes in the public
More information1 Signatures vs. MACs
CS 120/ E-177: Introduction to Cryptography Salil Vadhan and Alon Rosen Nov. 22, 2006 Lecture Notes 17: Digital Signatures Recommended Reading. Katz-Lindell 10 1 Signatures vs. MACs Digital signatures
More information1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.
1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks
More informationDIGITAL SIGNATURES 1/1
DIGITAL SIGNATURES 1/1 Signing by hand COSMO ALICE ALICE Pay Bob $100 Cosmo Alice Alice Bank =? no Don t yes pay Bob 2/1 Signing electronically Bank Internet SIGFILE } {{ } 101 1 ALICE Pay Bob $100 scan
More information1 Domain Extension for MACs
CS 127/CSCI E-127: Introduction to Cryptography Prof. Salil Vadhan Fall 2013 Reading. Lecture Notes 17: MAC Domain Extension & Digital Signatures Katz-Lindell Ÿ4.34.4 (2nd ed) and Ÿ12.0-12.3 (1st ed).
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationHow to Design a Successful One-Time Signature Scheme
CSCI-GA.3210-001 MATH-GA.2170-001 Introduction to Cryptography April 18, 2012 Lecture 13 Lecturer: Yevgeniy Dodis Spring 2012 This lecture is dedicated to constructions of digital signature schemes. Assuming
More informationDigital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem
Digital Signatures Murat Kantarcioglu Based on Prof. Li s Slides Digital Signatures: The Problem Consider the real-life example where a person pays by credit card and signs a bill; the seller verifies
More informationOne-Way Encryption and Message Authentication
One-Way Encryption and Message Authentication Cryptographic Hash Functions Johannes Mittmann mittmann@in.tum.de Zentrum Mathematik Technische Universität München (TUM) 3 rd Joint Advanced Student School
More informationIntroduction. Digital Signature
Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology
More informationCrittografia e sicurezza delle reti. Digital signatures- DSA
Crittografia e sicurezza delle reti Digital signatures- DSA Signatures vs. MACs Suppose parties A and B share the secret key K. Then M, MAC K (M) convinces A that indeed M originated with B. But in case
More informationSignature Schemes. CSG 252 Fall 2006. Riccardo Pucella
Signature Schemes CSG 252 Fall 2006 Riccardo Pucella Signatures Signatures in real life have a number of properties They specify the person responsible for a document E.g. that it has been produced by
More informationOutline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg
Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian
More informationCryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs
Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a
More informationIntroduction to Cryptography CS 355
Introduction to Cryptography CS 355 Lecture 30 Digital Signatures CS 355 Fall 2005 / Lecture 30 1 Announcements Wednesday s lecture cancelled Friday will be guest lecture by Prof. Cristina Nita- Rotaru
More information9 Digital Signatures: Definition and First Constructions. Hashing.
Leo Reyzin. Notes for BU CAS CS 538. 1 9 Digital Signatures: Definition and First Constructions. Hashing. 9.1 Definition First note that encryption provides no guarantee that a message is authentic. For
More information1 Message Authentication
Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions
More informationMTAT.07.003 Cryptology II. Digital Signatures. Sven Laur University of Tartu
MTAT.07.003 Cryptology II Digital Signatures Sven Laur University of Tartu Formal Syntax Digital signature scheme pk (sk, pk) Gen (m, s) (m,s) m M 0 s Sign sk (m) Ver pk (m, s)? = 1 To establish electronic
More informationMessage Authentication Codes. Lecture Outline
Message Authentication Codes Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Message Authentication Code Lecture Outline 1 Limitation of Using Hash Functions for Authentication Require an authentic
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography
More informationOn-Line/Off-Line Digital Signatures
J. Cryptology (996) 9: 35 67 996 International Association for Cryptologic Research On-Line/Off-Line Digital Signatures Shimon Even Computer Science Department, Technion Israel Institute of Technology,
More informationCryptographic Hash Functions Message Authentication Digital Signatures
Cryptographic Hash Functions Message Authentication Digital Signatures Abstract We will discuss Cryptographic hash functions Message authentication codes HMAC and CBC-MAC Digital signatures 2 Encryption/Decryption
More informationCS155. Cryptography Overview
CS155 Cryptography Overview Cryptography Is n A tremendous tool n The basis for many security mechanisms Is not n The solution to all security problems n Reliable unless implemented properly n Reliable
More informationLecture 15 - Digital Signatures
Lecture 15 - Digital Signatures Boaz Barak March 29, 2010 Reading KL Book Chapter 12. Review Trapdoor permutations - easy to compute, hard to invert, easy to invert with trapdoor. RSA and Rabin signatures.
More informationDigital signatures. Informal properties
Digital signatures Informal properties Definition. A digital signature is a number dependent on some secret known only to the signer and, additionally, on the content of the message being signed Property.
More informationTextbook: Introduction to Cryptography 2nd ed. By J.A. Buchmann Chap 12 Digital Signatures
Textbook: Introduction to Cryptography 2nd ed. By J.A. Buchmann Chap 12 Digital Signatures Department of Computer Science and Information Engineering, Chaoyang University of Technology 朝 陽 科 技 大 學 資 工
More informationDigital Signatures out of Second-Preimage Resistant Hash Functions
Digital Signatures out of Second-Preimage Resistant Hash Functions Erik Dahmen 1, Katsuyuki Okeya 2, Tsuyoshi Takagi 3, and Camille Vuillaume 2 1 Technische Universität Darmstadt dahmen@cdc.informatik.tu-darmstadt.de
More informationImproved Online/Offline Signature Schemes
Improved Online/Offline Signature Schemes Adi Shamir and Yael Tauman Applied Math. Dept. The Weizmann Institute of Science Rehovot 76100, Israel {shamir,tauman}@wisdom.weizmann.ac.il Abstract. The notion
More informationChapter 12. Digital signatures. 12.1 Digital signature schemes
Chapter 12 Digital signatures In the public key setting, the primitive used to provide data integrity is a digital signature scheme. In this chapter we look at security notions and constructions for this
More informationLecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads
CS 7880 Graduate Cryptography October 15, 2015 Lecture 10: CPA Encryption, MACs, Hash Functions Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Chosen plaintext attack model of security MACs
More informationLukasz Pater CMMS Administrator and Developer
Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign
More informationCryptography Overview
Cryptography Overview Cryptography Is n A tremendous tool n The basis for many security mechanisms Is not n The solution to all security problems n Reliable unless implemented properly n Reliable unless
More informationNetwork Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering
Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:
More informationlundi 1 octobre 2012 In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal
Symmetric Crypto Pierre-Alain Fouque Birthday Paradox In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal N=365, about 23 people are
More informationDigital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?
Cryptography Digital Signatures Professor: Marius Zimand Digital signatures are meant to realize authentication of the sender nonrepudiation (Note that authentication of sender is also achieved by MACs.)
More informationIntroduction to Computer Security
Introduction to Computer Security Hash Functions and Digital Signatures Pavel Laskov Wilhelm Schickard Institute for Computer Science Integrity objective in a wide sense Reliability Transmission errors
More informationHash Functions. Integrity checks
Hash Functions EJ Jung slide 1 Integrity checks Integrity vs. Confidentiality! Integrity: attacker cannot tamper with message! Encryption may not guarantee integrity! Intuition: attacker may able to modify
More informationData integrity and data origin authentication
Network Security Elements of Applied Cryptography Hash functions and data integrity Manipulation Detection Code (MDC) Message Authentication Code (MAC) Data integrity and origin authentication Data integrity
More informationPublic Key Cryptography Overview
Ch.20 Public-Key Cryptography and Message Authentication I will talk about it later in this class Final: Wen (5/13) 1630-1830 HOLM 248» give you a sample exam» Mostly similar to homeworks» no electronic
More informationMACs Message authentication and integrity. Table of contents
MACs Message authentication and integrity Foundations of Cryptography Computer Science Department Wellesley College Table of contents Introduction MACs Constructing Secure MACs Secure communication and
More informationProactive Two-Party Signatures for User Authentication
Proactive Two-Party Signatures for User Authentication Antonio Nicolosi, Maxwell Krohn, Yevgeniy Dodis, and David Mazières NYU Department of Computer Science {nicolosi,max,dodis,dm}@cs.nyu.edu Abstract
More informationCRC Press has granted the following specific permissions for the electronic version of this book:
This is a Chapter from the Handbook of Applied Cryptography, by A. Menezes, P. van Oorschot, and S. Vanstone, CRC Press, 1996. For further information, see www.cacr.math.uwaterloo.ca/hac CRC Press has
More informationPaillier Threshold Encryption Toolbox
Paillier Threshold Encryption Toolbox October 23, 2010 1 Introduction Following a desire for secure (encrypted) multiparty computation, the University of Texas at Dallas Data Security and Privacy Lab created
More informationAuthentication requirement Authentication function MAC Hash function Security of
UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy
More informationFast Batch Verification for Modular Exponentiation and Digital Signatures
An extended abstract of this paper appears in Advances in Cryptology Eurocrypt 98 Proceedings, Lecture Notes in Computer Science Vol. 1403, K. Nyberg ed., Springer-Verlag, 1998. This is the full version.
More informationQUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University
QUANTUM COMPUTERS AND CRYPTOGRAPHY Mark Zhandry Stanford University Classical Encryption pk m c = E(pk,m) sk m = D(sk,c) m??? Quantum Computing Attack pk m aka Post-quantum Crypto c = E(pk,m) sk m = D(sk,c)
More informationNetwork Security (2) CPSC 441 Department of Computer Science University of Calgary
Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate
More informationCertificate Based Signature Schemes without Pairings or Random Oracles
Certificate Based Signature Schemes without Pairings or Random Oracles p. 1/2 Certificate Based Signature Schemes without Pairings or Random Oracles Joseph K. Liu, Joonsang Baek, Willy Susilo and Jianying
More informationHow encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and
How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and non-repudiation. How to obtain a digital certificate. Installing
More informationCryptography Lecture 8. Digital signatures, hash functions
Cryptography Lecture 8 Digital signatures, hash functions A Message Authentication Code is what you get from symmetric cryptography A MAC is used to prevent Eve from creating a new message and inserting
More informationMESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC
MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC by Brittanney Jaclyn Amento A Thesis Submitted to the Faculty of The Charles E. Schmidt College of Science in Partial
More informationSchnorr Blind Signatures and Insights From a Computer Network Marketing Model
On the Security of One-Witness Blind Signature Schemes Foteini Baldimtsi and Anna Lysyanskaya foteini,anna@cs.brown.edu Computer Science Department, Brown University Abstract. Blind signatures have proved
More informationThe Exact Security of Digital Signatures How to Sign with RSA and Rabin
Appears in Advances in Cryptology Eurocrypt 96 Proceedings, Lecture Notes in Computer Science Vol. 1070, U. Maurer ed., Springer-Verlag, 1996. The Exact Security of Digital Signatures How to Sign with
More informationAuthentication, digital signatures, PRNG
Multimedia Security Authentication, digital signatures, PRNG Mauro Barni University of Siena Beyond confidentiality Up to now, we have been concerned with protecting message content (i.e. confidentiality)
More informationNETWORK SECURITY: How do servers store passwords?
NETWORK SECURITY: How do servers store passwords? Servers avoid storing the passwords in plaintext on their servers to avoid possible intruders to gain all their users passwords. A hash of each password
More informationCommunications security
University of Roma Sapienza DIET Communications security Lecturer: Andrea Baiocchi DIET - University of Roma La Sapienza E-mail: andrea.baiocchi@uniroma1.it URL: http://net.infocom.uniroma1.it/corsi/index.htm
More informationProvable-Security Analysis of Authenticated Encryption in Kerberos
Provable-Security Analysis of Authenticated Encryption in Kerberos Alexandra Boldyreva Virendra Kumar Georgia Institute of Technology, School of Computer Science 266 Ferst Drive, Atlanta, GA 30332-0765
More informationCh.9 Cryptography. The Graduate Center, CUNY.! CSc 75010 Theoretical Computer Science Konstantinos Vamvourellis
Ch.9 Cryptography The Graduate Center, CUNY! CSc 75010 Theoretical Computer Science Konstantinos Vamvourellis Why is Modern Cryptography part of a Complexity course? Short answer:! Because Modern Cryptography
More informationProof of Freshness: How to efficiently use an online single secure clock to secure shared untrusted memory.
Proof of Freshness: How to efficiently use an online single secure clock to secure shared untrusted memory. Marten van Dijk, Luis F. G. Sarmenta, Charles W. O Donnell, and Srinivas Devadas MIT Computer
More informationA New and Efficient Signature on Commitment Values
International Journal of Network Security, Vol.7, No., PP.0 06, July 2008 0 A New and Efficient Signature on Commitment Values Fangguo Zhang,3, Xiaofeng Chen 2,3, Yi Mu 4, and Willy Susilo 4 (Corresponding
More informationStrengthening Digital Signatures via Randomized Hashing
Strengthening Digital Signatures via Randomized Hashing Shai Halevi Hugo Krawczyk January 30, 2007 Abstract We propose randomized hashing as a mode of operation for cryptographic hash functions intended
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationComputational Soundness of Symbolic Security and Implicit Complexity
Computational Soundness of Symbolic Security and Implicit Complexity Bruce Kapron Computer Science Department University of Victoria Victoria, British Columbia NII Shonan Meeting, November 3-7, 2013 Overview
More informationCryptographic Algorithms and Key Size Issues. Çetin Kaya Koç Oregon State University, Professor http://islab.oregonstate.edu/koc koc@ece.orst.
Cryptographic Algorithms and Key Size Issues Çetin Kaya Koç Oregon State University, Professor http://islab.oregonstate.edu/koc koc@ece.orst.edu Overview Cryptanalysis Challenge Encryption: DES AES Message
More informationINFORMATION SECURITY A MULTIDISCIPLINARY. Stig F. Mjolsnes INTRODUCTION TO. Norwegian University ofscience & Technology. CRC Press
DISCRETE MATHEMATICS AND ITS APPLICATIONS Series Editor KENNETH H. ROSEN A MULTIDISCIPLINARY INTRODUCTION TO INFORMATION SECURITY Stig F. Mjolsnes Norwegian University ofscience & Technology Trondheim
More informationDigital Signature. Raj Jain. Washington University in St. Louis
Digital Signature Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationVictor Shoup Avi Rubin. fshoup,rubing@bellcore.com. Abstract
Session Key Distribution Using Smart Cards Victor Shoup Avi Rubin Bellcore, 445 South St., Morristown, NJ 07960 fshoup,rubing@bellcore.com Abstract In this paper, we investigate a method by which smart
More informationElliptic Curve Hash (and Sign)
Elliptic Curve Hash (and Sign) (and the 1-up problem for ECDSA) Daniel R. L. Brown Certicom Research ECC 2008, Utrecht, Sep 22-24 2008 Dan Brown (Certicom) Elliptic Curve Hash (and Sign) ECC 2008 1 / 43
More informationNew Efficient Searchable Encryption Schemes from Bilinear Pairings
International Journal of Network Security, Vol.10, No.1, PP.25 31, Jan. 2010 25 New Efficient Searchable Encryption Schemes from Bilinear Pairings Chunxiang Gu and Yuefei Zhu (Corresponding author: Chunxiang
More information1 Construction of CCA-secure encryption
CSCI 5440: Cryptography Lecture 5 The Chinese University of Hong Kong 10 October 2012 1 Construction of -secure encryption We now show how the MAC can be applied to obtain a -secure encryption scheme.
More informationPublic Key Cryptography. c Eli Biham - March 30, 2011 258 Public Key Cryptography
Public Key Cryptography c Eli Biham - March 30, 2011 258 Public Key Cryptography Key Exchange All the ciphers mentioned previously require keys known a-priori to all the users, before they can encrypt
More informationMessage authentication and. digital signatures
Message authentication and " Message authentication digital signatures verify that the message is from the right sender, and not modified (incl message sequence) " Digital signatures in addition, non!repudiation
More informationGroup Blind Digital Signatures: Theory and Applications by Zulækar Amin Ramzan Submitted to the Department of Electrical Engineering and Computer Science in partial fulællment of the requirements for the
More informationKey Agreement from Close Secrets over Unsecured Channels Winter 2010
Key Agreement from Close Secrets over Unsecured Channels Winter 2010 Andreas Keller Contens 1. Motivation 2. Introduction 3. Building Blocks 4. Protocol Extractor Secure Sketches (MAC) message authentication
More informationPublic Key Cryptography and RSA. Review: Number Theory Basics
Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and
More informationMessage Authentication Codes
2 MAC Message Authentication Codes : and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l08, Steve/Courses/2013/s2/css322/lectures/mac.tex,
More informationChapter 2 TSAS: Third-Party Storage Auditing Service
Chapter 2 TSAS: Third-Party Storage Auditing Service Abstract In cloud storage systems, data owners host their data on cloud servers and users (data consumers) can access the data from cloud servers Due
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 9: Authentication protocols, digital signatures Ion Petre Department of IT, Åbo Akademi University 1 Overview of
More informationCryptography and Network Security Chapter 11
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 11 Cryptographic Hash Functions Each of the messages, like each
More informationLecture 11: The Goldreich-Levin Theorem
COM S 687 Introduction to Cryptography September 28, 2006 Lecture 11: The Goldreich-Levin Theorem Instructor: Rafael Pass Scribe: Krishnaprasad Vikram Hard-Core Bits Definition: A predicate b : {0, 1}
More informationLength extension attack on narrow-pipe SHA-3 candidates
Length extension attack on narrow-pipe SHA-3 candidates Danilo Gligoroski Department of Telematics, Norwegian University of Science and Technology, O.S.Bragstads plass 2B, N-7491 Trondheim, NORWAY danilo.gligoroski@item.ntnu.no
More informationFundamentals of Computer Security
Fundamentals of Computer Security Spring 2015 Radu Sion Intro Encryption Hash Functions A Message From Our Sponsors Fundamentals System/Network Security, crypto How do things work Why How to design secure
More informationCryptography and Network Security Digital Signature
Cryptography and Network Security Digital Signature Xiang-Yang Li Message Authentication Digital Signature Authentication Authentication requirements Authentication functions Mechanisms MAC: message authentication
More informationLeakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives
Leakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives Olivier Pereira Université catholique de Louvain ICTEAM Crypto Group B-1348, Belgium olivier.pereira@uclouvain.be
More informationSymmetric Crypto MAC. Pierre-Alain Fouque
Symmetric Crypto MAC Pierre-Alain Fouque Birthday Paradox In a set of D elements, by picking at random D elements, we have with high probability a collision two elements are equal D=365, about 23 people
More informationCIS 5371 Cryptography. 8. Encryption --
CIS 5371 Cryptography p y 8. Encryption -- Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: All-or-nothing secrecy.
More informationRSA and Primality Testing
and Primality Testing Joan Boyar, IMADA, University of Southern Denmark Studieretningsprojekter 2010 1 / 81 Correctness of cryptography cryptography Introduction to number theory Correctness of with 2
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationPractice Questions. CS161 Computer Security, Fall 2008
Practice Questions CS161 Computer Security, Fall 2008 Name Email address Score % / 100 % Please do not forget to fill up your name, email in the box in the midterm exam you can skip this here. These practice
More informationCSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity
CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics
More informationChapter 6. Hash Functions. 6.1 The hash function SHA1
Chapter 6 Hash Functions A hash function usually means a function that compresses, meaning the output is shorter than the input. Often, such a function takes an input of arbitrary or almost arbitrary length
More informationHash Function Firewalls in Signature Schemes
Outline Hash function flexibility and firewalls Breaking firewalls in signature schemes Hash Function Firewalls in Signature Schemes Conclusions Burt Kaliski, RSA Laboratories IEEE P1363 Working Group
More informationOverview Most of the documentation out there on the transition from SHA-1 certificates to SHA-2 certificates will tell you three things:
SHA-1 Versus SHA-2 Overview Most of the documentation out there on the transition from SHA-1 certificates to SHA-2 certificates will tell you three things: - Breaking SHA-1 is not yet practical but will
More informationHash Function JH and the NIST SHA3 Hash Competition
Hash Function JH and the NIST SHA3 Hash Competition Hongjun Wu Nanyang Technological University Presented at ACNS 2012 1 Introduction to Hash Function Hash Function Design Basics Hash function JH Design
More informationIdentity-Based Encryption from the Weil Pairing
Appears in SIAM J. of Computing, Vol. 32, No. 3, pp. 586-615, 2003. An extended abstract of this paper appears in the Proceedings of Crypto 2001, volume 2139 of Lecture Notes in Computer Science, pages
More informationSecurity of Blind Digital Signatures
Security of Blind Digital Signatures (Revised Extended Abstract) Ari Juels 1 Michael Luby 2 Rafail Ostrovsky 3 1 RSA Laboratories. Email: ari@rsa.com. 2 Digital Fountain 3 UCLA, Email: rafail@cs.ucla.edu.
More information