Cryptography and Security Protocols. Previously on CSP. Today. El Gamal (and DSS) signature scheme. Paulo Mateus MMA MEIC
|
|
- Phebe Shaw
- 5 years ago
- Views:
Transcription
1 Cryptography and Security Protocols Paulo Mateus MMA MEIC Previously on CSP Symmetric Cryptosystems. Asymmetric Cryptosystem. Basics on Complexity theory : Diffie-Hellman key agreement. Algorithmic complexity. One-way function. NP problem. P NP. Asymmetric Cryptosystem: RSA, Soundness, Setup, Efficiency of encryption. Attacks to RSA: knowing decryption exponent, knowing the parity, Shor s algorithm, Wiener s attack. ElGamal, Discrete Logarithm Problem, PH Theorem. Attacks to ElGamal. Partial knowledge attacks. Signature schemes: Asymmetric crypto to Signature, DSA, ElGamal signature scheme. Today Signatures schemes: Attacks to ElGamal. General ElGamal: Galois Fields and Elliptic curve. El Gamal (and DSS) signature scheme Let p be a prime number such that the discrete log is hard and α a primitive element X = Z p S= Z p Z p-1 K = {(a, β) : β = α a mod p) u(a,β)=β // public key is β, and private is the discrete log of β sig a (x)=(γ,δ) where -γ = α k mod p -δ = (x - aγ) k -1 mod (p - 1) for some random k Z p-1 (so gcd(k,p-1)=1)
2 2 Lecture16cps.nb ver β (x, γ, δ) = 1 iff β γ γ δ = α x mod p Consider the following example: p = Prime[103] 563 PrimeQ[(p - 1) / 2] True α = 5; Length[Union[Table[PowerMod[α, i, p], {i, 0, p - 2}]]] p - 1 False sig = Function[{x, a}, Module[{k, γ, δ, ik}, k = Random[Integer, {0, (p - 1) / 2-1}]; (* Sony forgot this step *) k = 2 k + 1; (* only odd k's are coprime with p-1 *) While[GCD[k, p - 1] 1, k = Random[Integer, {0, (p - 1) / 2-1}]; k = 2 k + 1;]; γ = PowerMod[α, k, p]; ik = PowerMod[k, -1, p - 1]; δ = Mod[(x - a γ) ik, p - 1]; {γ, δ} ]]; ver = Function[{x, s, β}, Module[{γ, δ}, γ = s[[1]]; δ = s[[2]]; PowerMod[α, x, p] Mod[PowerMod[β, γ, p] * PowerMod[γ, δ, p], p] ]]; a = 100; β = PowerMod[α, a, p]; x = 89; ver[x, sig[x, a], β] True Exercise: Show that if k is revealed then one can get a in PT (knowing k can be reduced to finding the seed of the PRG). δ = (x - aγ) k -1, so if one know k, kδ=(x-aγ) and so -kδ+x=aγ mod p-1 and then (-kδ + x) γ -1 =a mod p-1 if γ is invertible, otherwise d=gcd(γ, p-1) and so p-1=e d γ=λ d (and so e and λ are co-prime) (notice d=1,2,q) p-1=2q and so -kδ+x=aλ mod e and now λ is invertible mod e since d=gcd(γ, p-1) which means that a = (-kδ + x) λ -1 mod e and therefore a=i e + (-kδ + x) λ -1 mod p-1 with 0 i<d (assuming d =1,2)
3 Lecture16cps.nb 3 i<d (assuming d =1,2) Theorem[PS3 hack] If k is used twice, then k is revealed with high probability (and so by the previous exercise one gets a). Proof Assume two message x 1 and x 2 are signed with the same k, then sig(x 1 ) = (γ, δ 1 ) and sig(x 2 ) = (γ, δ 2 ) (se how easy it is to check this...) (1) β γ γ δ 1 = α x 1 mod p β γ γ δ 2 = α x 2 mod p (2) β -γ γ -δ 2 = α -x 2 mod p and so we have α k (δ 1-δ 2 ) =γ δ 1-δ 2 = α x 1-x 2 mod p iff k(δ 1 - δ 2 ) = x 1 - x 2 mod p-1 (note that p-1=2q) so either gcd(δ 1 - δ 2, p - 1) = 1 and so we are done k = (x 1 - x 2 ) (δ 1 - δ 2 ) -1 mod p-1 gcd(δ 1 - δ 2, p - 1) = d > 1 (which can be d = 2 or d = q if (p - 1) = 2 q, note that if p - 1 is non - smooth then d has high probability of being low) let λ=(δ 1 - δ 2 ) d, note that gcd(λ,(p-1)/d)=1 k λ = x 1 - x 2 mod (p-1)/d and so k = (x 1 - x 2 ) λ -1 mod (p-1)/d and so k = i(p - 1)/d + (x 1 - x 2 ) λ -1 mod p-1 for 0 i<d (since d is small, we can get k and then a and so, the private key) Other discrete log cases One can generalize ElGamal as follows. Let (G, ) be a commutative group such that H is a cyclic subgroup with order n ( H =n)and generator α. X=G (plaintext space) Y=H G (ciphertext space) K={ (a,β) : α a = β } Z n H (key space) u:k H where u(a,β)=β (publication map) e β (x) = (y 1, y 2 ) with (encryption random map) -y 1 =α k, -y 2 = xβ k - and k randomly chosen in Z n d (a,β) (y 1, y 2 ) = y 2 (y 1 a ) -1 (decryption map)
4 4 Lecture16cps.nb Definition[Ring of polynomials mod p]: Let p be prime, then Z p [x], +, x denotes the ring of all polynomials with coefficients in Z p. Note that multiplication and summation are defined as usual but mod p. Clear[x] (x^2 + 3) (x^3 + 3 x + 5) Expand 3 + x x + x x + 5 x x 3 + x 5 PolynomialMod[(x^2) (x^3 + 2), 3] 2 x 2 + x 5 Note that if p is a prime, it is always possible to divide a polynomial D(x) by another polynomial d(x) such that D(x)=d(x)q(x)+r(x) (for integer D=d q+r) and the degree of r(x) < degree of d(x). x 2 +1 =2x*2x+1 this means that x x=2x=q(x) with remainder r(x)= 1 mod 3 x x we cannot define this division mod 4 (Why do we need p to be prime?) x 2 2x mod 4 PolynomialQuotient[x^2, 2 x, x, Modulus 5] 3 x PolynomialRemainder[x^3 + x^2, 2 x^2 + 2, x, Modulus 5] Now we can also reduce a polynomial modulo another polynomial Definition[Ring of polynomials mod q(x) and p]: Let p be prime and q(x) a polynomial in Z p [x], then Z p [x] q[x], +, x denotes the ring of all polynomials with coefficients in Z p modulo q(x). Note that multiplication and summation are defined as usual but mod q(x). PolynomialRemainder[(x^3 + x^2) * (2 x^3 + 1), 2 x^4 + 2, x, Modulus 5] 3 x + 4 x 2 + x 3 Expand[(x^3 + x^2) * (2 x^3 + 1)] x 2 + x x x 6 PolynomialRemainder[x^3 + x^2, 2 x^3 + 2, x, Modulus 5] x so, d(x) q(x) iff q(x)=0 mod d(x) and so we can also define GCD between polynomials q(x) and t(x)! q(x)=r(x) mod d(x) iff q(x)-r(x)=0 mod d(x)
5 Lecture16cps.nb 5 PolynomialGCD[x^3 + 3 x^2, 2 x^2 + 2, Modulus 5] 3 + x Factor[x^3 + 3 x^2, Modulus 5] x 2 (3 + x) Factor[2 x^2 + 2, Modulus 5] 2 (2 + x) (3 + x) Note that we can represent the elements of Z p [x] q[x] as a list of coefficients in Z p with length degree of q(x). PolynomialGCD x 2 + x + 1, 1 + x 2 + x 3 + x 4 + x 5 + x 8 + x 10 + x 11 + x 12, Modulus = p (x) x 2 + x q (x) 1 + x 2 + x 3 + x 4 + x 5 + x 8 + x 10 + x 11 + x 12 Factor 1 + x 2 + x 3 + x 4 + x 5 + x 8 + x 10 + x 11 + x 12, Modulus x 2 + x 3 + x 4 + x 5 + x 8 + x 10 + x 11 + x 12 This representation is particularly relevant when p=2, as in this case this list can be represented as a bit string! If a polynomial cannot be factored, then it is said to be irreducible Definition: An element q(x) with degree d in Z p [x] is said to be irreducible if there is no polynomial d(x) with degree between [1,d-1] such that d(x) t(x) mod p. In other words, t(x) cannot be factored properly in polynomials with smaller degree. Which elements in Z p [x] q(x) are invertible? Similarly to the case of Z n, we have Theorem: An element t(x) in Z p [x] q(x) is invertible iff gcd(q(x),t(x))=1 mod p. Moreover, if q(x) is irreducible all elements in Z p [x] q(x) are invertible with exception of 0 (and therefore form a field). For each prime p and k, there is always an irreducible polynomial of degree k. Impressively, Galois [22 years old] showed the following result: Theorem[Galois]: If (F,+, ) is a finite field, then F =p k for some prime p and positive integer k and moreover F is isomorphic to Z p [x] q(x) for an irreducible polynomial q(x) of degree k. As corollary one can use (F, ) as the group for the ElGamal elements; GF p k in computer science and crypto GF 2 k Exercise: Implement the ElGamal for the multiplicative group of a Galois Field. Let (G, ) be a commutative group such that H is a cyclic subgroup with order n ( H =n)and genera-
6 6 Lecture16cps.nb Let (G, ) be a commutative group such that H is a cyclic subgroup with order n ( H =n)and generator α. X=G (plaintext space) Y=H G (ciphertext space) K={ (a,β) : α a = β } Z n H (key space) u:k H where u(a,β)=β (publication map) e β (x) = (y 1, y 2 ) with (encryption random map) -y 1 =α k, -y 2 = xβ k - and k randomly chosen in Z n d (a,β) (y 1, y 2 ) = y 2 (y 1 a ) -1 (decryption map) << FiniteFields` GF[2, 8] GF[2, {1, 0, 1, 1, 0, 0, 1, 0, 1}] GF[2, {1, 0, 1, 1, 0, 0, 1, 0, 1}][{1, 1, 0, 0, 1, 1}] * GF[2, {1, 0, 1, 1, 0, 0, 1, 0, 1}][{1, 1, 0, 0, 1, 1}] {1, 0, 0, 0, 1, 1, 0, 0} 2 Length[ Union[Table[GF[2, {1, 0, 1, 1, 0, 0, 1, 0, 1}][{1, 1, 0, 0, 1, 1}]^i, {i, 0, 255}]]] H = Table[GF[2, {1, 0, 1, 1, 0, 0, 1, 0, 1}][{1, 1, 0, 0, 1, 1}]^i, {i, 0, 51}]; α = GF[2, {1, 0, 1, 1, 0, 0, 1, 0, 1}][{1, 1, 0, 0, 1, 1}] a = 13; {1, 1, 0, 0, 1, 1, 0, 0} 2 β = GF[2, {1, 0, 1, 1, 0, 0, 1, 0, 1}][{1, 1, 0, 0, 1, 1}]^13 GF[2, {1, 0, 1, 1, 0, 0, 1, 0, 1}][{1, 1, 0, 0, 1, 1}]^ - 1 (* EuclideExtended Algorithm *) El Gamal generalized encryption scheme enc[x_, k_] := α k, x * β k dec[y_, a_] := y[[2]] * (y[[1]]^a) -1 dec[enc[gf[2, {1, 0, 1, 1, 0, 0, 1, 0, 1}][{1, 0, 0, 1, 0, 1, 0, 1}], 8], a] {1, 0, 0, 1, 0, 1, 0, 1} 2 GF[2, {1, 0, 1, 1, 0, 0, 1, 0, 1}][{1, 1, 0, 1, 1, 0, 0, 1}] {1, 1, 0, 1, 1, 0, 0, 1} 2 NIST standards for discrete log G = Z p G = GF 2 k and some α
7 Lecture16cps.nb 7 G = EC Z p (where bitcoin and most of the cryptocurrencies are signed) 5
Chapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More informationMathematics of Cryptography
UNIT - III Mathematics of Cryptography Part III: Primes and Related Congruence Equations 1 Objectives To introduce prime numbers and their applications in cryptography. To discuss some primality test algorithms
More informationIntroduction to Elliptic Curve Cryptography
Indian Statistical Institute Kolkata May 19, 2017 ElGamal Public Key Cryptosystem, 1984 Key Generation: 1 Choose a suitable large prime p 2 Choose a generator g of the cyclic group IZ p 3 Choose a cyclic
More informationLecture Notes, Week 6
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More informationMATH 158 FINAL EXAM 20 DECEMBER 2016
MATH 158 FINAL EXAM 20 DECEMBER 2016 Name : The exam is double-sided. Make sure to read both sides of each page. The time limit is three hours. No calculators are permitted. You are permitted one page
More informationDiscrete Logarithm Problem
Discrete Logarithm Problem Finite Fields The finite field GF(q) exists iff q = p e for some prime p. Example: GF(9) GF(9) = {a + bi a, b Z 3, i 2 = i + 1} = {0, 1, 2, i, 1+i, 2+i, 2i, 1+2i, 2+2i} Addition:
More informationCPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems
CPE 776:DATA SECURITY & CRYPTOGRAPHY Some Number Theory and Classical Crypto Systems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Some Number Theory
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationCryptography IV: Asymmetric Ciphers
Cryptography IV: Asymmetric Ciphers Computer Security Lecture 7 David Aspinall School of Informatics University of Edinburgh 31st January 2011 Outline Background RSA Diffie-Hellman ElGamal Summary Outline
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 7, 2015 CPSC 467, Lecture 11 1/37 Digital Signature Algorithms Signatures from commutative cryptosystems Signatures from
More informationDefinition of a finite group
Elliptic curves Definition of a finite group (G, * ) is a finite group if: 1. G is a finite set. 2. For each a and b in G, also a * b is in G. 3. There is an e in G such that for all a in G, a * e= e *
More informationPublic Key Cryptography
Public Key Cryptography Introduction Public Key Cryptography Unlike symmetric key, there is no need for Alice and Bob to share a common secret Alice can convey her public key to Bob in a public communication:
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 11 February 21, 2013 CPSC 467b, Lecture 11 1/27 Discrete Logarithm Diffie-Hellman Key Exchange ElGamal Key Agreement Primitive Roots
More informationIntroduction to Cryptography. Lecture 8
Introduction to Cryptography Lecture 8 Benny Pinkas page 1 1 Groups we will use Multiplication modulo a prime number p (G, ) = ({1,2,,p-1}, ) E.g., Z 7* = ( {1,2,3,4,5,6}, ) Z p * Z N * Multiplication
More information2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms
CRYPTOGRAPHY 19 Cryptography 5 ElGamal cryptosystems and Discrete logarithms Definition Let G be a cyclic group of order n and let α be a generator of G For each A G there exists an uniue 0 a n 1 such
More informationCryptography and Security Final Exam
Cryptography and Security Final Exam Serge Vaudenay 17.1.2017 duration: 3h no documents allowed, except one 2-sided sheet of handwritten notes a pocket calculator is allowed communication devices are not
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationPublic Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy
Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 13 March 3, 2013 CPSC 467b, Lecture 13 1/52 Elliptic Curves Basics Elliptic Curve Cryptography CPSC
More informationRSA. Ramki Thurimella
RSA Ramki Thurimella Public-Key Cryptography Symmetric cryptography: same key is used for encryption and decryption. Asymmetric cryptography: different keys used for encryption and decryption. Public-Key
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 33 The Diffie-Hellman Problem
More informationMath/Mthe 418/818. Review Questions
Math/Mthe 418/818 Review Questions 1. Show that the number N of bit operations required to compute the product mn of two integers m, n > 1 satisfies N = O(log(m) log(n)). 2. Can φ(n) be computed in polynomial
More informationNumber Theory & Modern Cryptography
Number Theory & Modern Cryptography Week 12 Stallings: Ch 4, 8, 9, 10 CNT-4403: 2.April.2015 1 Introduction Increasing importance in cryptography Public Key Crypto and Signatures Concern operations on
More informationduring transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL
THE MATHEMATICAL BACKGROUND OF CRYPTOGRAPHY Cryptography: used to safeguard information during transmission (e.g., credit card number for internet shopping) as opposed to Coding Theory: used to transmit
More informationIntroduction to Cybersecurity Cryptography (Part 5)
Introduction to Cybersecurity Cryptography (Part 5) Prof. Dr. Michael Backes 13.01.2017 February 17 th Special Lecture! 45 Minutes Your Choice 1. Automotive Security 2. Smartphone Security 3. Side Channel
More informationMathematics of Public Key Cryptography
Mathematics of Public Key Cryptography Eric Baxter April 12, 2014 Overview Brief review of public-key cryptography Mathematics behind public-key cryptography algorithms What is Public-Key Cryptography?
More informationCandidates must show on each answer book the type of calculator used. Only calculators permitted under UEA Regulations may be used.
UNIVERSITY OF EAST ANGLIA School of Mathematics May/June UG Examination 2010 2011 CRYPTOGRAPHY Time allowed: 2 hours Attempt THREE questions. Candidates must show on each answer book the type of calculator
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationTopics in Cryptography. Lecture 5: Basic Number Theory
Topics in Cryptography Lecture 5: Basic Number Theory Benny Pinkas page 1 1 Classical symmetric ciphers Alice and Bob share a private key k. System is secure as long as k is secret. Major problem: generating
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationL7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015
L7. Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang, 5 March 2015 1 Outline The basic foundation: multiplicative group modulo prime The basic Diffie-Hellman (DH) protocol The discrete logarithm
More informationMathematical Foundations of Public-Key Cryptography
Mathematical Foundations of Public-Key Cryptography Adam C. Champion and Dong Xuan CSE 4471: Information Security Material based on (Stallings, 2006) and (Paar and Pelzl, 2010) Outline Review: Basic Mathematical
More information5199/IOC5063 Theory of Cryptology, 2014 Fall
5199/IOC5063 Theory of Cryptology, 2014 Fall Homework 2 Reference Solution 1. This is about the RSA common modulus problem. Consider that two users A and B use the same modulus n = 146171 for the RSA encryption.
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Fun with Public-Key Tonight we ll Introduce some basic tools of public-key crypto Combine the tools to create more powerful tools Lay the ground work for substantial
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationLecture 17 - Diffie-Hellman key exchange, pairing, Identity-Based Encryption and Forward Security
Lecture 17 - Diffie-Hellman key exchange, pairing, Identity-Based Encryption and Forward Security Boaz Barak November 21, 2007 Cyclic groups and discrete log A group G is cyclic if there exists a generator
More informationENEE 457: Computer Systems Security 10/3/16. Lecture 9 RSA Encryption and Diffie-Helmann Key Exchange
ENEE 457: Computer Systems Security 10/3/16 Lecture 9 RSA Encryption and Diffie-Helmann Key Exchange Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland,
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer 1 Lecture 13 October 16, 2017 (notes revised 10/23/17) 1 Derived from lecture notes by Ewa Syta. CPSC 467, Lecture 13 1/57 Elliptic Curves
More informationOverview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017
CSC 580 Cryptography and Computer Security Math for Public Key Crypto, RSA, and Diffie-Hellman (Sections 2.4-2.6, 2.8, 9.2, 10.1-10.2) March 21, 2017 Overview Today: Math needed for basic public-key crypto
More informationDiscrete logarithm and related schemes
Discrete logarithm and related schemes Martin Stanek Department of Computer Science Comenius University stanek@dcs.fmph.uniba.sk Cryptology 1 (2017/18) Content Discrete logarithm problem examples, equivalent
More informationIntroduction to Elliptic Curve Cryptography. Anupam Datta
Introduction to Elliptic Curve Cryptography Anupam Datta 18-733 Elliptic Curve Cryptography Public Key Cryptosystem Duality between Elliptic Curve Cryptography and Discrete Log Based Cryptography Groups
More informationLecture 4 Chiu Yuen Koo Nikolai Yakovenko. 1 Summary. 2 Hybrid Encryption. CMSC 858K Advanced Topics in Cryptography February 5, 2004
CMSC 858K Advanced Topics in Cryptography February 5, 2004 Lecturer: Jonathan Katz Lecture 4 Scribe(s): Chiu Yuen Koo Nikolai Yakovenko Jeffrey Blank 1 Summary The focus of this lecture is efficient public-key
More informationThe Elliptic Curve in https
The Elliptic Curve in https Marco Streng Universiteit Leiden 25 November 2014 Marco Streng (Universiteit Leiden) The Elliptic Curve in https 25-11-2014 1 The s in https:// HyperText Transfer Protocol
More informationNotes for Lecture 17
U.C. Berkeley CS276: Cryptography Handout N17 Luca Trevisan March 17, 2009 Notes for Lecture 17 Scribed by Matt Finifter, posted April 8, 2009 Summary Today we begin to talk about public-key cryptography,
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationLecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography
Lecture 19: (Diffie-Hellman Key Exchange & ElGamal Encryption) Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies
More information10 Public Key Cryptography : RSA
10 Public Key Cryptography : RSA 10.1 Introduction The idea behind a public-key system is that it might be possible to find a cryptosystem where it is computationally infeasible to determine d K even if
More informationCIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication
More informationPublic-key Cryptography and elliptic curves
Public-key Cryptography and elliptic curves Dan Nichols nichols@math.umass.edu University of Massachusetts Oct. 14, 2015 Cryptography basics Cryptography is the study of secure communications. Here are
More informationNotes for Lecture Decision Diffie Hellman and Quadratic Residues
U.C. Berkeley CS276: Cryptography Handout N19 Luca Trevisan March 31, 2009 Notes for Lecture 19 Scribed by Cynthia Sturton, posted May 1, 2009 Summary Today we continue to discuss number-theoretic constructions
More information5.4 ElGamal - definition
5.4 ElGamal - definition In this section we define the ElGamal encryption scheme. Next to RSA it is the most important asymmetric encryption scheme. Recall that for a cyclic group G, an element g G is
More informationSlides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013
RSA Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013 Recap Recap Number theory o What is a prime number? o What is prime factorization? o What is a GCD? o What does relatively prime
More informationNew Variant of ElGamal Signature Scheme
Int. J. Contemp. Math. Sciences, Vol. 5, 2010, no. 34, 1653-1662 New Variant of ElGamal Signature Scheme Omar Khadir Department of Mathematics Faculty of Science and Technology University of Hassan II-Mohammedia,
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 10-1 Overview 1. How to exchange
More informationSecurity Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography
Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Peter Schwabe October 21 and 28, 2011 So far we assumed that Alice and Bob both have some key, which nobody else has. How
More informationQuestion: Total Points: Score:
University of California, Irvine COMPSCI 134: Elements of Cryptography and Computer and Network Security Midterm Exam (Fall 2016) Duration: 90 minutes November 2, 2016, 7pm-8:30pm Name (First, Last): Please
More informationCryptography and Security Midterm Exam
Cryptography and Security Midterm Exam Serge Vaudenay 23.11.2017 duration: 1h45 no documents allowed, except one 2-sided sheet of handwritten notes a pocket calculator is allowed communication devices
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA: Review and Properties Factoring Algorithms Trapdoor One Way Functions PKC Based on Discrete Logs (Elgamal) Signature Schemes Lecture 8 Tel-Aviv University
More informationLecture 7: ElGamal and Discrete Logarithms
Lecture 7: ElGamal and Discrete Logarithms Johan Håstad, transcribed by Johan Linde 2006-02-07 1 The discrete logarithm problem Recall that a generator g of a group G is an element of order n such that
More information1 What are Physical Attacks. 2 Physical Attacks on RSA. Today:
Today: Introduction to the class. Examples of concrete physical attacks on RSA A computational approach to cryptography Pseudorandomness 1 What are Physical Attacks Tampering/Leakage attacks Issue of how
More informationHOMOMORPHIC ENCRYPTION AND LATTICE BASED CRYPTOGRAPHY 1 / 51
HOMOMORPHIC ENCRYPTION AND LATTICE BASED CRYPTOGRAPHY Abderrahmane Nitaj Laboratoire de Mathe matiques Nicolas Oresme Universite de Caen Normandie, France Nouakchott, February 15-26, 2016 Abderrahmane
More informationA field F is a set of numbers that includes the two numbers 0 and 1 and satisfies the properties:
Byte multiplication 1 Field arithmetic A field F is a set of numbers that includes the two numbers 0 and 1 and satisfies the properties: F is an abelian group under addition, meaning - F is closed under
More informationCOMP4109 : Applied Cryptography
COMP409 : Applied Cryptography Fall 203 M. Jason Hinek Carleton University Applied Cryptography Day 3 public-key encryption schemes some attacks on RSA factoring small private exponent 2 RSA cryptosystem
More informationPublic-Key Encryption: ElGamal, RSA, Rabin
Public-Key Encryption: ElGamal, RSA, Rabin Introduction to Modern Cryptography Benny Applebaum Tel-Aviv University Fall Semester, 2011 12 Public-Key Encryption Syntax Encryption algorithm: E. Decryption
More informationChapter 4 Asymmetric Cryptography
Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman [NetSec/SysSec], WS 2008/2009 4.1 Asymmetric Cryptography General idea: Use two different keys -K and +K for
More informationPublic Key Cryptography
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Public Key Cryptography EECE 412 1 What is it? Two keys Sender uses recipient s public key to encrypt Receiver uses his private key to decrypt
More informationAsymmetric Cryptography
Asymmetric Cryptography Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman General idea: Use two different keys -K and +K for encryption and decryption Given a
More informationPublic-key Cryptography and elliptic curves
Public-key Cryptography and elliptic curves Dan Nichols University of Massachusetts Amherst nichols@math.umass.edu WINRS Research Symposium Brown University March 4, 2017 Cryptography basics Cryptography
More informationCS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrovsky. Lecture 7
CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrovsky Lecture 7 Lecture date: Monday, 28 February, 2005 Scribe: M.Chov, K.Leung, J.Salomone 1 Oneway Trapdoor Permutations Recall that a
More informationPublic Key Algorithms
Public Key Algorithms Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationDiscrete Logarithm Problem
Discrete Logarithm Problem Çetin Kaya Koç koc@cs.ucsb.edu (http://cs.ucsb.edu/~koc/ecc) Elliptic Curve Cryptography lect08 discrete log 1 / 46 Exponentiation and Logarithms in a General Group In a multiplicative
More informationGurgen Khachatrian Martun Karapetyan
34 International Journal Information Theories and Applications, Vol. 23, Number 1, (c) 2016 On a public key encryption algorithm based on Permutation Polynomials and performance analyses Gurgen Khachatrian
More informationNET 311D INFORMATION SECURITY
1 NET 311D INFORMATION SECURITY Networks and Communication Department TUTORIAL 3 : Asymmetric Ciphers (RSA) A Symmetric-Key Cryptography (Public-Key Cryptography) Asymmetric-key (public key cryptography)
More informationElliptic Curve Cryptography
Areas for Discussion Elliptic Curve Cryptography Joseph Spring Department of Computer Science 7COM1027 - Distributed Systems Security Lecture - Elliptic Curves 1 1 Motivation Elliptic Curves Security of
More informationCourse 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography
Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2006 Contents 9 Introduction to Number Theory and Cryptography 1 9.1 Subgroups
More informationCODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES. The questions with a * are extension questions, and will not be included in the assignment.
CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES A selection of the following questions will be chosen by the lecturer to form the Cryptology Assignment. The Cryptology Assignment is due by 5pm Sunday 1
More informationCSC 774 Advanced Network Security
CSC 774 Advanced Network Security Topic 2.6 ID Based Cryptography #2 Slides by An Liu Outline Applications Elliptic Curve Group over real number and F p Weil Pairing BasicIdent FullIdent Extensions Escrow
More informationCSC 774 Advanced Network Security
CSC 774 Advanced Network Security Topic 2.6 ID Based Cryptography #2 Slides by An Liu Outline Applications Elliptic Curve Group over real number and F p Weil Pairing BasicIdent FullIdent Extensions Escrow
More informationDigital Signatures. Saravanan Vijayakumaran Department of Electrical Engineering Indian Institute of Technology Bombay
Digital Signatures Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay July 24, 2018 1 / 29 Group Theory Recap Groups Definition A set
More informationChapter 4 Finite Fields
Chapter 4 Finite Fields Introduction will now introduce finite fields of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public Key concern operations on numbers what constitutes a number
More informationChapter 7: Signature Schemes. COMP Lih-Yuan Deng
Chapter 7: Signature Schemes COMP 7120-8120 Lih-Yuan Deng lihdeng@memphis.edu Overview Introduction Security requirements for signature schemes ElGamal signature scheme Variants of ElGamal signature scheme
More informationBiomedical Security. Overview 9/15/2017. Erwin M. Bakker
Biomedical Security Erwin M. Bakker Overview Cryptography: Algorithms Cryptography: Protocols Pretty Good Privacy (PGP) / B. Schneier Workshop Biomedical Security Biomedical Application Security (guest
More information8 Elliptic Curve Cryptography
8 Elliptic Curve Cryptography 8.1 Elliptic Curves over a Finite Field For the purposes of cryptography, we want to consider an elliptic curve defined over a finite field F p = Z/pZ for p a prime. Given
More informationHomomorphic Encryption. Liam Morris
Homomorphic Encryption Liam Morris Topics What Is Homomorphic Encryption? Partially Homomorphic Cryptosystems Fully Homomorphic Cryptosystems Benefits of Homomorphism Drawbacks of Homomorphism What Is
More informationIntro to Public Key Cryptography Diffie & Hellman Key Exchange
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary - Math Part
More informationCryptanalysis of a Fast Public Key Cryptosystem Presented at SAC 97
Cryptanalysis of a Fast Public Key Cryptosystem Presented at SAC 97 Phong Nguyen and Jacques Stern École Normale Supérieure, Laboratoire d Informatique 45, rue d Ulm, F 75230 Paris Cedex 05 {Phong.Nguyen,Jacques.Stern}@ens.fr
More informationCourse MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography
Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2000 2013 Contents 9 Introduction to Number Theory 63 9.1 Subgroups
More informationTopic 6. Digital Signatures and Identity Based Encryption
Topic 6. Digital Signature and Identity Baed Encryption. Security of Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital Signature
More information} has dimension = k rank A > 0 over F. For any vector b!
FINAL EXAM Math 115B, UCSB, Winter 2009 - SOLUTIONS Due in SH6518 or as an email attachment at 12:00pm, March 16, 2009. You are to work on your own, and may only consult your notes, text and the class
More informationPublic-Key Cryptography. Lecture 10 DDH Assumption El Gamal Encryption Public-Key Encryption from Trapdoor OWP
Public-Key Cryptography Lecture 10 DDH Assumption El Gamal Encryption Public-Key Encryption from Trapdoor OWP Diffie-Hellman Key-exchange Secure under DDH: (g x,g x,g xy ) (g x,g x,g r ) Random x {0,..,
More informationCryptanalysis on An ElGamal-Like Cryptosystem for Encrypting Large Messages
Cryptanalysis on An ElGamal-Like Cryptosystem for Encrypting Large Messages MEI-NA WANG Institute for Information Industry Networks and Multimedia Institute TAIWAN, R.O.C. myrawang@iii.org.tw SUNG-MING
More informationFinal Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.
Final Exam Math 10: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 0 April 2002 :0 11:00 a.m. Instructions: Please be as neat as possible (use a pencil), and show
More information1 Number Theory Basics
ECS 289M (Franklin), Winter 2010, Crypto Review 1 Number Theory Basics This section has some basic facts about number theory, mostly taken (or adapted) from Dan Boneh s number theory fact sheets for his
More informationOne can use elliptic curves to factor integers, although probably not RSA moduli.
Elliptic Curves Elliptic curves are groups created by defining a binary operation (addition) on the points of the graph of certain polynomial equations in two variables. These groups have several properties
More informationEvidence that the Diffie-Hellman Problem is as Hard as Computing Discrete Logs
Evidence that the Diffie-Hellman Problem is as Hard as Computing Discrete Logs Jonah Brown-Cohen 1 Introduction The Diffie-Hellman protocol was one of the first methods discovered for two people, say Alice
More informationCPSC 467b: Cryptography and Computer Security
Outline Quadratic residues Useful tests Digital Signatures CPSC 467b: Cryptography and Computer Security Lecture 14 Michael J. Fischer Department of Computer Science Yale University March 1, 2010 Michael
More informationInformation Security
SE 4472 / ECE 9064 Information Security Week 12: Random Number Generators and Picking Appropriate Key Lengths Fall 2015 Prof. Aleksander Essex Random Number Generation Where do keys come from? So far we
More information