An Overview of Homomorphic Encryption
|
|
- Barbra Norton
- 5 years ago
- Views:
Transcription
1 An Overview of Homomorphic Encryption Alexander Lange Department of Computer Science Rochester Institute of Technology Rochester, NY May 9, 2011 Alexander Lange (RIT) Homomorphic Encryption May 9, / 22
2 Outline 1 Algebraic Homomorphisms Group & Ring Homomorphism 2 Application to Cryptography Example: RSA 3 History Data Banks Blind Signatures 4 Additive Homomorphisms ElGamal Paillier 5 Applications E-Voting Private Information Retrieval 6 Fully Homorphic Encryption Overview Craig Gentry Alexander Lange (RIT) Homomorphic Encryption May 9, / 22
3 Algebraic Homomorphisms Group & Ring Homomorphism Algebraic Homomorphisms Definition (Group Homomorphism) Let (G, ) and (H, ) be groups. The map ϕ : G H is a homomorphism if ϕ(x y) = ϕ(x) ϕ(y) x, y G Definition (Ring Homomorphism) Let R and S be rings with addition and multiplication. The map ϕ : R S is a homomorphism if 1 ϕ is a group homomorphism on the additive groups (R, +) and (S, +) 2 ϕ(xy) = ϕ(x)ϕ(y) x, y R Alexander Lange (RIT) Homomorphic Encryption May 9, / 22
4 Application to Cryptography Application to Cryptography A homomorphic encryption function allows for the manipulation of encrypted data with out the seemingly inherent loss of the encryption. Applications E-Cash E-Voting Private information retrieval Cloud computing A fully homomorphic encryption function (two operations) has been an open problem in cryptography for 30+ years. The first ever system was proposed by Craig Gentry in However, encryption systems that respect one operation have been utilized for decades. Alexander Lange (RIT) Homomorphic Encryption May 9, / 22
5 Application to Cryptography Example: RSA Example: The RSA Cryptosystem Definition (RSA) Let n = pq where p and q are primes. Pick a and b such that ab 1 (mod φ(n)). n and b are public while p, q and a are private. e K (x) = x b mod n d K (y) = y a mod n The Homomorphism: Suppose x 1 and x 2 are plaintexts. Then, e K (x 1 )e K (x 2 ) = x b 1 x b 2 mod n = (x 1x 2 ) b mod n = e K (x 1 x 2 ) Alexander Lange (RIT) Homomorphic Encryption May 9, / 22
6 History Data Banks History On Data Banks and Privacy Homomorphisms Rivest, Adleman and Dertouzos, 1978 Introduced idea of Privacy Homomorphisms...it appears likely that there exist encryption functions which permit encrypted data to be operated on without preliminary decryption. Encrypted data of loan company What is the size of the average loan? How many loans over $5,000? Introduced four possible encryption functions (RSA was one of them) Alexander Lange (RIT) Homomorphic Encryption May 9, / 22
7 History Blind Signatures History Blind signatures for untraceable payments David Chaum, 1982 Calls for payment system with: Anonymity of payment Proof of payment Analogy to secure voting Place vote in a carbon envelope The signer can then sign the envelope, consequently signing the vote with out ever knowing what the vote is Although no mention of a private homomorphism, the paper helps introduce the need for secure voting as well as the relationship between e-cash and e-voting Alexander Lange (RIT) Homomorphic Encryption May 9, / 22
8 Additive Homomorphisms ElGamal ElGamal Cryptosystem Definition (ElGamal) Let p be a prime and pick α Z p such that α is a generator of Z p. Pick a and β such that β α a (mod p). p, α and β are public; a is private. Let r Z p 1 be a secret random number. Then, e K (x, r) = (α r mod p, xβ r mod p) The Homomorphism: Let x 1 and x 2 be plaintexts. Then, e K (x 1, r 1 )e K (x 2, r 2 ) = ( α r 1 mod p, x 1 β r 1 mod p )( α r 2 mod p, x 2 β r 2 mod p ) = ( α r 1 α r 2 mod p, x 1 β r 1 x 2 β r 2 mod p ) = ( α r 1+r 2 mod p, (x 1 x 2 )β r 1+r 2 mod p ) = e K (x 1 x 2, r 1 + r 2 ) Alexander Lange (RIT) Homomorphic Encryption May 9, / 22
9 Additive Homomorphisms ElGamal ElGamal The Problem: This homomorphism is multiplicative E-cash and e-voting would benefit from an additive homomorphism One solution: Modify ElGamal Put the plaintext in the exponent If we modify ElGamal so that e K (x, r) = (α r mod p, α x β r mod p) Then the homomorphism is e K (x 1, r 1 )e K (x 2, r 2 ) = ( α r 1 mod p, α x 1 β r 1 mod p )( α r 2 mod p, α x 2 β r 2 mod p ) = ( α r 1+r 2 mod p, α x 1+x 2 β r 1+r 2 mod p ) = e K (x 1 + x 2, r 1 + r 2 ) Alexander Lange (RIT) Homomorphic Encryption May 9, / 22
10 Additive Homomorphisms ElGamal The problem with this modification is that d K = α x, introducing the discrete logarithm problem into the decryption. For large enough texts, this becomes impractical. We would like another cryptosystem which takes advantage of this additive property of exponentiation, but does so with out extra decryption time. Solution: the Paillier Cryptosystem Alexander Lange (RIT) Homomorphic Encryption May 9, / 22
11 Additive Homomorphisms Paillier Paillier Cryptosystem Introduced by Pascal Paillier in Public-Key Cryptosystems Based on Composite Degree Residuosity Classes, 1999 Probabilistic, asymmetric algorithm Decisional composite residuosity assumption Given composite n and integer z, it is hard to determine if y exists such that z y n (mod n 2 ) Homomorphic and self-blinding Extended by Damgård and Jurik in 2001 modulo n 2 = modulo n s+1 Alexander Lange (RIT) Homomorphic Encryption May 9, / 22
12 Additive Homomorphisms Paillier Paillier Cryptosystem Definition Pick two large primes p and q and let n = pq. Let λ denote the Carmichael function, that is, λ(n) = lcm(p 1, q 1). Pick random g Z n such that L(g λ 2 mod n 2 ) is invertible modulo n (where L(u) = u 1 n ). n and g are public; p and q (or λ) are private. For plaintext x and resulting ciphertext y, select a random r Z n. Then, e K (x, r) = g m r n mod n 2 d K (y) = L(y λ mod n 2 ) L(g λ mod n 2 ) mod n Alexander Lange (RIT) Homomorphic Encryption May 9, / 22
13 Applications E-Voting Paillier Example: E-Voting Suppose Alice, Bob and Oscar are running in an election. Only 6 people voted in the election, and the results are tabulated below. Vote Oscar Bob Alice 1! = 1 2! = 4 3! = 4 4! = 1 5! = 16 6! = 1 Alexander Lange (RIT) Homomorphic Encryption May 9, / 22
14 Applications E-Voting Paillier Example: E-Voting Let p = 5 and q = 7. Then n = 35, n 2 = 1225 and λ = 12. g is chosen to be 141. For the first vote x 1 = 1, r is randomly chosen as 4. Then, e K (x 1, r 1 ) = e K (1, 4) = = = 359 mod 1225 All votes, r values and resulting encryptions are shown below x r e K (x, r) Alexander Lange (RIT) Homomorphic Encryption May 9, / 22
15 Applications E-Voting Paillier Example: E-Voting In order to sum the votes, we multiply the encrypted data modulo n 2 : mod 1225 = 983 We then decrypt: L(y λ mod n 2 ) = L( mod 1225) = 36 1 = 1 35 L(g λ mod n 2 ) = L( mod 1225) = = d K (y) = ( L(y λ mod n 2 ) )( L(g λ mod n 2 ) ) 1 mod n = mod 35 = 27 We convert 27 to ( ) for the final results. Alexander Lange (RIT) Homomorphic Encryption May 9, / 22
16 Applications Private Information Retrieval Another Application: Private Information Retrieval Idea first introduced by Chor, Goldreich, Kushilevitz and Sudan in 1997 The problem: How can the user access an item from a database with out the database knowing which item it is? (Private Information Retrieval) How can the user do this with out knowing about any other item of the database? (Symmetric Private Information Retrieval) The additive homomorphic properties of Paillier allow for the indexing and filtering of an encrypted database Alexander Lange (RIT) Homomorphic Encryption May 9, / 22
17 Applications Private Information Retrieval Some PIR Protocols Stern Protocol - Uses a simple homomorphic scheme and a linear indexing technique Chang Protocol - Expands on Stern by allowing the indexing to take place on a hyper cube. Uses the Paillier Cryptosystem Lipmaa Protocol - Expands on Chang by using Damgård-Jurik system - removes the limit set on the plaintext due to Paillier Alexander Lange (RIT) Homomorphic Encryption May 9, / 22
18 Fully Homorphic Encryption Overview Fully Homomorphic Encryption Up until now, the homomorphic systems described have been partially homomorphic They preserve the structures of multiplication or division, but cannot do both If a fully homomorphic encryption was implemented, then any arbitrary computation could be performed on a ciphertext, preserving the encryption as if the computation was performed on the plaintext The additive and multiplicative preservation of a Ring Homomorphism modulo 2 directly correspond to the XOR and AND operations of a circuit Applications: Private queries on search engines - The search engine would be able to return encrypted data with out every decrypting the query Cloud Computing - Storing encrypted data on the cloud is seemingly useless; no manipulation of the data can be obtained with out allowing the cloud access and/or decrypting the data off the cloud Alexander Lange (RIT) Homomorphic Encryption May 9, / 22
19 Fully Homorphic Encryption Craig Gentry Craig Gentry In 2009, Craig Gentry proposed the first fully homomorphic encryption scheme in his PhD thesis A Fully Homomorphic Encryption Scheme Centers around a function which introduces a certain level of noise into the encryption Each operation on the ciphertext results in compounding noise Resolved with the bootstrapability of the encryption Each re-encryption cuts down the noise Analogy to Alice s jewelry shop Involves operations on Ideal Lattices Allows for less complex circuit implementation Correspond to the structure of Rings Alexander Lange (RIT) Homomorphic Encryption May 9, / 22
20 Fully Homorphic Encryption Craig Gentry A Simple Example Over the Integers A Somewhat Homomorphic Scheme KEYGEN ɛ : Output a random odd integer p For bit m {0, 1}, let a random m = m mod 2 (ie. m is even if m = 0, odd if m = 1). Pick a random q. Then ENCRYPT ɛ (m, p) = c = m + pq. m is the noise associated with the plaintext. Let c = c mod p where c ( p/2, p/2). Then DECRYPT ɛ (p, c) = c mod 2. c is considered to be the noise associated with the ciphertext (ie. the shortest distance to a multiple of p) The Homomorphism: (Multiplication) Let m 1, m 2 {0, 1}. Then e(m 1, p)e(m 2, p) = (m 1 + pq 1 )(m 2 + pq 2 ) = d(c) = (m 1 + pq 1 )(m 2 + pq 2 ) mod p mod 2 = m 1 m 2 mod 2 = m 1 m 2 Alexander Lange (RIT) Homomorphic Encryption May 9, / 22
21 Fully Homorphic Encryption Craig Gentry The Problem The compounding noise (m 1 m 2 in the example) results in loss of homomorphic property after a certain number of operations The bootstrapping of the algorithm allows for this noise to be reduced, allowing for no limit in operations However, the combination of the noise production followed by the noise reduction makes the scheme completely impractical Complexity grows as more and more operations are performed (inherent limitation of the algorithm) Gentry has stated that in order to perform one search on Google using this encryption, the amount of computations needed would increase by a trillion More schemes have been introduced to try and decrease this complexity, but all rely on the same Despite this impracticality, Gentry s discovery is an amazing breakthrough in cryptography and proves that (at least theoretical) fully homomorphic encryption schemes exist Alexander Lange (RIT) Homomorphic Encryption May 9, / 22
22 Fully Homorphic Encryption Craig Gentry Questions? Sources R. L. Rivest, L. Adleman, and M. L. Dertouzos. On data banks and privacy homomorphisms. Foundations of Secure Computation, Craig Gentry. Computing Arbitrary Functions of Encrypted Data. Association for Computing Machinery, Pascal Paillier. Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. EUROCRYPT Laura Lincoln. Symmetric Private Information Retrieval via Additive Homomorphic Probabilistic Encryption. RIT, Department of Computer Science, David Chaum. Blind signatures for untraceable payments. Advances in Cryptology - Crypto 82, Springer-Verlag 1983 Paillier Cryptosystem Interactive Simulator. Andreas Steffen. HSR Hochschule fur Technik Rapperswil Steve Weis. Verifying Elections with Cryptography. Google Tech Talks: Theory and Practive of Cyptography. December Youtube. Alexander Lange (RIT) Homomorphic Encryption May 9, / 22
Homomorphic Encryption. Liam Morris
Homomorphic Encryption Liam Morris Topics What Is Homomorphic Encryption? Partially Homomorphic Cryptosystems Fully Homomorphic Cryptosystems Benefits of Homomorphism Drawbacks of Homomorphism What Is
More informationLecture Notes 15 : Voting, Homomorphic Encryption
6.857 Computer and Network Security October 29, 2002 Lecture Notes 15 : Voting, Homomorphic Encryption Lecturer: Ron Rivest Scribe: Ledlie/Ortiz/Paskalev/Zhao 1 Introduction The big picture and where we
More informationFully Homomorphic Encryption
Fully Homomorphic Encryption Thomas PLANTARD Universiy of Wollongong - thomaspl@uow.edu.au Plantard (UoW) FHE 1 / 24 Outline 1 Introduction Privacy Homomorphism Applications Timeline 2 Gentry Framework
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationSecurity Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography
Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Peter Schwabe October 21 and 28, 2011 So far we assumed that Alice and Bob both have some key, which nobody else has. How
More informationCryptoComputing with rationals
CryptoComputing with rationals Pierre-Alain Fouque 1,2, Jacques Stern 2, and Geert-Jan Wackers 3 1 D.C.S.S.I. Crypto Lab 51, bd Latour-Maubourg, F-75007 Paris, France 2 École Normale Supérieure, Département
More informationTheme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS
1 C Theme : Cryptography Instructor : Prof. C Pandu Rangan Speaker : Arun Moorthy 93115 CS 2 RSA Cryptosystem Outline of the Talk! Introduction to RSA! Working of the RSA system and associated terminology!
More informationFully Homomorphic Encryption over the Integers
Fully Homomorphic Encryption over the Integers Many slides borrowed from Craig Marten van Dijk 1, Craig Gentry 2, Shai Halevi 2, Vinod Vaikuntanathan 2 1 MIT, 2 IBM Research Computing on Encrypted Data
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 11 February 21, 2013 CPSC 467b, Lecture 11 1/27 Discrete Logarithm Diffie-Hellman Key Exchange ElGamal Key Agreement Primitive Roots
More informationMathematics of Cryptography
UNIT - III Mathematics of Cryptography Part III: Primes and Related Congruence Equations 1 Objectives To introduce prime numbers and their applications in cryptography. To discuss some primality test algorithms
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationHOMOMORPHIC ENCRYPTION AND LATTICE BASED CRYPTOGRAPHY 1 / 51
HOMOMORPHIC ENCRYPTION AND LATTICE BASED CRYPTOGRAPHY Abderrahmane Nitaj Laboratoire de Mathe matiques Nicolas Oresme Universite de Caen Normandie, France Nouakchott, February 15-26, 2016 Abderrahmane
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationPartially homomorphic encryption schemes over finite fields
Partially homomorphic encryption schemes over finite fields Jian Liu Lusheng Chen Sihem Mesnager Abstract Homomorphic encryption scheme enables computation in the encrypted domain, which is of great importance
More informationPublic Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy
Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More informationBlind Signature Protocol Based on Difficulty of. Simultaneous Solving Two Difficult Problems
Applied Mathematical Sciences, Vol. 6, 202, no. 39, 6903-690 Blind Signature Protocol Based on Difficulty of Simultaneous Solving Two Difficult Problems N. H. Minh, D. V. Binh 2, N. T. Giang 3 and N. A.
More information1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2
Contents 1 Recommended Reading 1 2 Public Key/Private Key Cryptography 1 2.1 Overview............................................. 1 2.2 RSA Algorithm.......................................... 2 3 A Number
More information10 Public Key Cryptography : RSA
10 Public Key Cryptography : RSA 10.1 Introduction The idea behind a public-key system is that it might be possible to find a cryptosystem where it is computationally infeasible to determine d K even if
More informationThe Theory and Applications of Homomorphic Cryptography
The Theory and Applications of Homomorphic Cryptography by Kevin Henry A thesis presented to the University of Waterloo in fulfillment of the thesis requirement for the degree of Master of Mathematics
More informationLecture Notes, Week 6
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 33 The Diffie-Hellman Problem
More informationFully Homomorphic Encryption over the Integers
Fully Homomorphic Encryption over the Integers Many slides borrowed from Craig Marten van Dijk 1, Craig Gentry 2, Shai Halevi 2, Vinod Vaikuntanathan 2 1 MIT, 2 IBM Research The Goal I want to delegate
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA Public Key Encryption Factoring Algorithms Lecture 7 Tel-Aviv University Revised March 1st, 2008 Reminder: The Prime Number Theorem Let π(x) denote the
More informationThreshold Cryptography
Threshold Cryptography Cloud Security Mechanisms Björn Groneberg - Summer Term 2013 09.07.2013 Threshold Cryptography 1 ? 09.07.2013 Threshold Cryptography 2 Threshold Cryptography Sharing Secrets Treasure
More informationPublic Key Cryptography
Public Key Cryptography Ali El Kaafarani 1 Mathematical Institute 2 PQShield Ltd. 1 of 44 Outline 1 Public Key Encryption: security notions 2 RSA Encryption Scheme 2 of 44 Course main reference 3 of 44
More informationCRYPTOGRAPHY AND NUMBER THEORY
CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We
More informationPartial Key Exposure: Generalized Framework to Attack RSA
Partial Key Exposure: Generalized Framework to Attack RSA Cryptology Research Group Indian Statistical Institute, Kolkata 12 December 2011 Outline of the Talk 1 RSA - A brief overview 2 Partial Key Exposure
More informationLecture V : Public Key Cryptography
Lecture V : Public Key Cryptography Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Amir Rezapoor Computer Science Department, National Chiao Tung University 2 Outline Functional
More informationMathematical Foundations of Public-Key Cryptography
Mathematical Foundations of Public-Key Cryptography Adam C. Champion and Dong Xuan CSE 4471: Information Security Material based on (Stallings, 2006) and (Paar and Pelzl, 2010) Outline Review: Basic Mathematical
More informationSingle-Database Private Information Retrieval
MTAT.07.006 Research Seminar in Cryptography 07.11.2005 Tartu University a g@ut.ee 1 Overview of the Lecture CMS - first single database private information retrieval scheme Gentry-Ramzan PBR Lipmaa Oblivious
More informationCryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups
Great Theoretical Ideas in CS V. Adamchik CS 15-251 Upcoming Interview? Lecture 24 Carnegie Mellon University Cryptography and RSA How the World's Smartest Company Selects the Most Creative Thinkers Groups
More informationRSA. Ramki Thurimella
RSA Ramki Thurimella Public-Key Cryptography Symmetric cryptography: same key is used for encryption and decryption. Asymmetric cryptography: different keys used for encryption and decryption. Public-Key
More informationSolving Systems of Modular Equations in One Variable: How Many RSA-Encrypted Messages Does Eve Need to Know?
Solving Systems of Modular Equations in One Variable: How Many RSA-Encrypted Messages Does Eve Need to Know? Alexander May, Maike Ritzenhofen Faculty of Mathematics Ruhr-Universität Bochum, 44780 Bochum,
More informationCPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems
CPE 776:DATA SECURITY & CRYPTOGRAPHY Some Number Theory and Classical Crypto Systems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Some Number Theory
More informationPublic Key Algorithms
Public Key Algorithms Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationProgress on probabilistic encryption schemes
Rochester Institute of Technology RIT Scholar Works Theses Thesis/Dissertation Collections 2006 Progress on probabilistic encryption schemes Kert Richardson Follow this and additional works at: http://scholarworks.rit.edu/theses
More information2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms
CRYPTOGRAPHY 19 Cryptography 5 ElGamal cryptosystems and Discrete logarithms Definition Let G be a cyclic group of order n and let α be a generator of G For each A G there exists an uniue 0 a n 1 such
More informationand Other Fun Stuff James L. Massey
Lectures in Cryptology 10-14 October 2005 School of Engineering and Science International University Bremen Lecture 3: Public-Key Cryptography and Other Fun Stuff James L. Massey [Prof.-em. ETH Zürich,
More informationMATH 158 FINAL EXAM 20 DECEMBER 2016
MATH 158 FINAL EXAM 20 DECEMBER 2016 Name : The exam is double-sided. Make sure to read both sides of each page. The time limit is three hours. No calculators are permitted. You are permitted one page
More informationOn the security of Jhanwar-Barua Identity-Based Encryption Scheme
On the security of Jhanwar-Barua Identity-Based Encryption Scheme Adrian G. Schipor aschipor@info.uaic.ro 1 Department of Computer Science Al. I. Cuza University of Iași Iași 700506, Romania Abstract In
More informationduring transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL
THE MATHEMATICAL BACKGROUND OF CRYPTOGRAPHY Cryptography: used to safeguard information during transmission (e.g., credit card number for internet shopping) as opposed to Coding Theory: used to transmit
More informationMathematics of Public Key Cryptography
Mathematics of Public Key Cryptography Eric Baxter April 12, 2014 Overview Brief review of public-key cryptography Mathematics behind public-key cryptography algorithms What is Public-Key Cryptography?
More information10 Modular Arithmetic and Cryptography
10 Modular Arithmetic and Cryptography 10.1 Encryption and Decryption Encryption is used to send messages secretly. The sender has a message or plaintext. Encryption by the sender takes the plaintext and
More informationPublic-Key Encryption: ElGamal, RSA, Rabin
Public-Key Encryption: ElGamal, RSA, Rabin Introduction to Modern Cryptography Benny Applebaum Tel-Aviv University Fall Semester, 2011 12 Public-Key Encryption Syntax Encryption algorithm: E. Decryption
More information5199/IOC5063 Theory of Cryptology, 2014 Fall
5199/IOC5063 Theory of Cryptology, 2014 Fall Homework 2 Reference Solution 1. This is about the RSA common modulus problem. Consider that two users A and B use the same modulus n = 146171 for the RSA encryption.
More informationNew Approach for Selectively Convertible Undeniable Signature Schemes
New Approach for Selectively Convertible Undeniable Signature Schemes Kaoru Kurosawa 1 and Tsuyoshi Takagi 2 1 Ibaraki University, Japan, kurosawa@mx.ibaraki.ac.jp 2 Future University-Hakodate, Japan,
More informationFrom Fixed-Length to Arbitrary-Length RSA Encoding Schemes Revisited
From Fixed-Length to Arbitrary-Length RSA Encoding Schemes Revisited Julien Cathalo 1, Jean-Sébastien Coron 2, and David Naccache 2,3 1 UCL Crypto Group Place du Levant 3, Louvain-la-Neuve, B-1348, Belgium
More informationDiscrete Mathematics GCD, LCM, RSA Algorithm
Discrete Mathematics GCD, LCM, RSA Algorithm Abdul Hameed http://informationtechnology.pk/pucit abdul.hameed@pucit.edu.pk Lecture 16 Greatest Common Divisor 2 Greatest common divisor The greatest common
More informationCryptography. pieces from work by Gordon Royle
Cryptography pieces from work by Gordon Royle The set-up Cryptography is the mathematics of devising secure communication systems, whereas cryptanalysis is the mathematics of breaking such systems. We
More informationGurgen Khachatrian Martun Karapetyan
34 International Journal Information Theories and Applications, Vol. 23, Number 1, (c) 2016 On a public key encryption algorithm based on Permutation Polynomials and performance analyses Gurgen Khachatrian
More informationCryptanalysis of a Fast Public Key Cryptosystem Presented at SAC 97
Cryptanalysis of a Fast Public Key Cryptosystem Presented at SAC 97 Phong Nguyen and Jacques Stern École Normale Supérieure, Laboratoire d Informatique 45, rue d Ulm, F 75230 Paris Cedex 05 {Phong.Nguyen,Jacques.Stern}@ens.fr
More informationEncoding-Free ElGamal Encryption Without Random Oracles
Encoding-Free ElGamal Encryption Without Random Oracles Benoît Chevallier-Mames 1,2, Pascal Paillier 3, and David Pointcheval 2 1 Gemplus, Security Technology Department, La Vigie, Avenue du Jujubier,
More informationBreaking Plain ElGamal and Plain RSA Encryption
Breaking Plain ElGamal and Plain RSA Encryption (Extended Abstract) Dan Boneh Antoine Joux Phong Nguyen dabo@cs.stanford.edu joux@ens.fr pnguyen@ens.fr Abstract We present a simple attack on both plain
More informationLossy Trapdoor Functions and Their Applications
1 / 15 Lossy Trapdoor Functions and Their Applications Chris Peikert Brent Waters SRI International On Losing Information 2 / 15 On Losing Information 2 / 15 On Losing Information 2 / 15 On Losing Information
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 7, 2015 CPSC 467, Lecture 11 1/37 Digital Signature Algorithms Signatures from commutative cryptosystems Signatures from
More informationSide Channel Attack to Actual Cryptanalysis: Breaking CRT-RSA with Low Weight Decryption Exponents
Side Channel Attack to Actual Cryptanalysis: Breaking CRT-RSA with Low Weight Decryption Exponents Santanu Sarkar and Subhamoy Maitra Leuven, Belgium 12 September, 2012 Outline of the Talk RSA Cryptosystem
More informationCryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg
Course 1: Remainder: RSA Université du Luxembourg September 21, 2010 Public-key encryption Public-key encryption: two keys. One key is made public and used to encrypt. The other key is kept private and
More informationCryptography IV: Asymmetric Ciphers
Cryptography IV: Asymmetric Ciphers Computer Security Lecture 7 David Aspinall School of Informatics University of Edinburgh 31st January 2011 Outline Background RSA Diffie-Hellman ElGamal Summary Outline
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 9 February 6, 2012 CPSC 467b, Lecture 9 1/53 Euler s Theorem Generating RSA Modulus Finding primes by guess and check Density of
More informationPublic Key Cryptography
Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood
More informationTi Secured communications
Ti5318800 Secured communications Pekka Jäppinen September 20, 2007 Pekka Jäppinen, Lappeenranta University of Technology: September 20, 2007 Relies on use of two keys: Public and private Sometimes called
More information8.1 Principles of Public-Key Cryptosystems
Public-key cryptography is a radical departure from all that has gone before. Right up to modern times all cryptographic systems have been based on the elementary tools of substitution and permutation.
More informationCosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks
1 Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks Michael Albert michael.albert@cs.otago.ac.nz 2 This week Arithmetic Knapsack cryptosystems Attacks on knapsacks Some
More informationCryptographic e-cash. Jan Camenisch. IBM Research ibm.biz/jancamenisch. IACR Summerschool Blockchain Technologies
IACR Summerschool Blockchain Technologies Cryptographic e-cash Jan Camenisch IBM Research Zurich @JanCamenisch ibm.biz/jancamenisch ecash scenario & requirements Bank Withdrawal User Spend Deposit Merchant
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More informationTargeted Fully Homomorphic Encryption Based on a Double Decryption Algorithm for Polynomials
TSINGHUA SCIENCE AND TECHNOLOGY ISSNll1007-0214ll07/13llpp478-485 Volume 19, Number 5, October 2014 Targeted Fully Homomorphic Encryption Based on a Double Decryption Algorithm for Polynomials Yatao Yang,
More informationPublic-Key Cryptosystems Based on Composite Degree Residuosity Classes
Public-Key Cryptosystems Based on Composite Degree Residuosity Classes Pascal Paillier 1,2 1 GEMPLUS Cryptography Department 34 Rue Guynemer, 92447 Issy-Les-Moulineaux paillier@gemplus.com 2 ENST Computer
More informationCryptography: Joining the RSA Cryptosystem
Cryptography: Joining the RSA Cryptosystem Greg Plaxton Theory in Programming Practice, Fall 2005 Department of Computer Science University of Texas at Austin Joining the RSA Cryptosystem: Overview First,
More informationTHE CUBIC PUBLIC-KEY TRANSFORMATION*
CIRCUITS SYSTEMS SIGNAL PROCESSING c Birkhäuser Boston (2007) VOL. 26, NO. 3, 2007, PP. 353 359 DOI: 10.1007/s00034-006-0309-x THE CUBIC PUBLIC-KEY TRANSFORMATION* Subhash Kak 1 Abstract. This note proposes
More informationMaTRU: A New NTRU-Based Cryptosystem
MaTRU: A New NTRU-Based Cryptosystem Michael Coglianese 1 and Bok Min Goi 2 1 Macgregor, 321 Summer Street Boston, MA 02210, USA mcoglian@comcast.net 2 Centre for Cryptography and Information Security
More informationCryptography. P. Danziger. Transmit...Bob...
10.4 Cryptography P. Danziger 1 Cipher Schemes A cryptographic scheme is an example of a code. The special requirement is that the encoded message be difficult to retrieve without some special piece of
More informationComputing the RSA Secret Key is Deterministic Polynomial Time Equivalent to Factoring
Computing the RSA Secret Key is Deterministic Polynomial Time Equivalent to Factoring Alexander May Faculty of Computer Science, Electrical Engineering and Mathematics University of Paderborn 33102 Paderborn,
More informationSome security bounds for the DGHV scheme
Some security bounds for the DGHV scheme Franca Marinelli f.marinelli@studenti.unitn.it) Department of Mathematics, University of Trento, Italy Riccardo Aragona riccardo.aragona@unitn.it) Department of
More informationThe RSA cryptosystem and primality tests
Mathematics, KTH Bengt Ek November 2015 Supplementary material for SF2736, Discrete mathematics: The RSA cryptosystem and primality tests Secret codes (i.e. codes used to make messages unreadable to outsiders
More informationFully Homomorphic Encryption from LWE
Fully Homomorphic Encryption from LWE Based on joint works with: Zvika Brakerski (Stanford) Vinod Vaikuntanathan (University of Toronto) Craig Gentry (IBM) Post-Quantum Webinar, November 2011 Outsourcing
More informationNotes for Lecture 17
U.C. Berkeley CS276: Cryptography Handout N17 Luca Trevisan March 17, 2009 Notes for Lecture 17 Scribed by Matt Finifter, posted April 8, 2009 Summary Today we begin to talk about public-key cryptography,
More informationAlgorithmic Number Theory and Public-key Cryptography
Algorithmic Number Theory and Public-key Cryptography Course 3 University of Luxembourg March 22, 2018 The RSA algorithm The RSA algorithm is the most widely-used public-key encryption algorithm Invented
More informationPublic Key Cryptography
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Public Key Cryptography EECE 412 1 What is it? Two keys Sender uses recipient s public key to encrypt Receiver uses his private key to decrypt
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationSingle Database Private Information Retrieval with Logarithmic Communication
Single Database Private Information Retrieval with Logarithmic Communication Yan-Cheng Chang Harvard University ycchang@eecs.harvard.edu February 10, 2004 Abstract In this paper, we study the problem of
More informationMethods of Public-Key Cryptography. Émilie Wheeler
Methods of Public-Key Cryptography Émilie Wheeler December 10, 2012 Contents 1 Introduction 2 2 Cryptosystems based on Elementary Number Theory 3 2.1 Elementary Number Theory Background............ 3 2.1.1
More informationElliptic Curve Cryptography
Elliptic Curve Cryptography Elliptic Curves An elliptic curve is a cubic equation of the form: y + axy + by = x 3 + cx + dx + e where a, b, c, d and e are real numbers. A special addition operation is
More informationOn the Big Gap Between p and q in DSA
On the Big Gap Between p and in DSA Zhengjun Cao Department of Mathematics, Shanghai University, Shanghai, China, 200444. caozhj@shu.edu.cn Abstract We introduce a message attack against DSA and show that
More informationComputing with Encrypted Data Lecture 26
Computing with Encrypted Data 6.857 Lecture 26 Encryption for Secure Communication M Message M All-or-nothing Have Private Key, Can Decrypt No Private Key, No Go cf. Non-malleable Encryption Encryption
More informationExam Security January 19, :30 11:30
Exam Security January 19, 2016. 8:30 11:30 You can score a maximum of 100. Each question indicates how many it is worth. You are NOT allowed to use books or notes, or a (smart) phone. You may answer in
More informationCODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES. The questions with a * are extension questions, and will not be included in the assignment.
CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES A selection of the following questions will be chosen by the lecturer to form the Cryptology Assignment. The Cryptology Assignment is due by 5pm Sunday 1
More informationA Generalization of Paillier s Public-Key System with Applications to Electronic Voting
A Generalization of Paillier s Public-Key System with Applications to Electronic Voting Ivan Damgård, Mads Jurik and Jesper Buus Nielsen Aarhus University, Dept. of Computer Science, BRICS Abstract. We
More informationNew Cryptosystem Using The CRT And The Jordan Normal Form
New Cryptosystem Using The CRT And The Jordan Normal Form Hemlata Nagesh 1 and Birendra Kumar Sharma 2 School of Studies in Mathematics,Pt.Ravishankar Shukla University Raipur(C.G.). E-mail:5Hemlata5@gmail.com
More informationAttacks on RSA & Using Asymmetric Crypto
Attacks on RSA & Using Asymmetric Crypto Luke Anderson luke@lukeanderson.com.au 7 th April 2017 University Of Sydney Overview 1. Crypto-Bulletin 2. Breaking RSA 2.1 Chinese Remainder Theorem 2.2 Common
More informationThe RSA public encryption scheme: How I learned to stop worrying and love buying stuff online
The RSA public encryption scheme: How I learned to stop worrying and love buying stuff online Anthony Várilly-Alvarado Rice University Mathematics Leadership Institute, June 2010 Our Goal Today I will
More informationA Lattice-Based Computationally-Efficient Private Information Retrieval Protocol
A Lattice-Based Computationally-Efficient Private Information Retrieval Protocol (Extended version of WEWORC paper, presented in July 2007, in Bochum, Germany) Carlos Aguilar-Melchor and Philippe Gaborit
More informationInternational Electronic Journal of Pure and Applied Mathematics IEJPAM, Volume 9, No. 1 (2015)
International Electronic Journal of Pure and Applied Mathematics Volume 9 No. 1 2015, 37-43 ISSN: 1314-0744 url: http://www.e.ijpam.eu doi: http://dx.doi.org/10.12732/iejpam.v9i1.5 ON CONSTRUCTION OF CRYPTOGRAPHIC
More information1 What are Physical Attacks. 2 Physical Attacks on RSA. Today:
Today: Introduction to the class. Examples of concrete physical attacks on RSA A computational approach to cryptography Pseudorandomness 1 What are Physical Attacks Tampering/Leakage attacks Issue of how
More informationSealed-bid Auctions with Efficient Bids
Sealed-bid Auctions with Efficient Bids Toru Nakanishi, Daisuke Yamamoto, and Yuji Sugiyama Department of Communication Network Engineering, Faculty of Engineering, Okayama University 3-1-1 Tsushima-naka,
More informationAn RNS variant of fully homomorphic encryption over integers
An RNS variant of fully homomorphic encryption over integers by Ahmed Zawia A thesis presented to the University of Waterloo in fulfillment of the thesis requirement for the degree of Master of Applied
More informationManipulating Data while It Is Encrypted
Manipulating Data while It Is Encrypted Craig Gentry IBM Watson ACISP 2010 The Goal A way to delegate processing of my data, without giving away access to it. Application: Private Google Search I want
More informationProvable Security for Public-Key Schemes. Outline. I Basics. Secrecy of Communications. Outline. David Pointcheval
Provable Security for Public-Key Schemes I Basics David Pointcheval Ecole normale supérieure, CNRS & INRIA IACR-SEAMS School Cryptographie: Foundations and New Directions November 2016 Hanoi Vietnam Introduction
More informationdit-upm RSA Cybersecurity Cryptography
-upm Cybersecurity Cryptography José A. Mañas < http://www.dit.upm.es/~pepe/> Information Technology Department Universidad Politécnica de Madrid 4 october 2018 public key (asymmetric) public key secret
More information