Errors, Eavesdroppers, and Enormous Matrices
|
|
- Gabriel Harvey
- 6 years ago
- Views:
Transcription
1 Errors, Eavesdroppers, and Enormous Matrices Jessalyn Bolkema September 1, 2016 University of Nebraska - Lincoln
2 Keep it secret, keep it safe
3 Public Key Cryptography The idea: We want a one-way lock so, for example, Amazon.com doesn t need to create a new encryption key for each one of its customers. 1
4 Public Key Cryptography The idea: We want a one-way lock so, for example, Amazon.com doesn t need to create a new encryption key for each one of its customers. Think: lock a padlock on a box, mail it to someone who already has the key. 1
5 RSA The facts: Introduced publicly in
6 RSA The facts: Introduced publicly in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman 2
7 RSA The facts: Introduced publicly in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman widely used! 2
8 How it works Each organization using RSA gets assigned two large primes, call them p and q. The public key that is available to everyone is their product, n = p q. 3
9 How it works Each organization using RSA gets assigned two large primes, call them p and q. The public key that is available to everyone is their product, n = p q. Encryption algorithm only uses n 3
10 How it works Each organization using RSA gets assigned two large primes, call them p and q. The public key that is available to everyone is their product, n = p q. Encryption algorithm only uses n Decryption algorithm requires knowledge of the specific values of p and q, so nobody else can decrypt the data 3
11 Let s try it How would we factor 364? 4
12 Let s try it How would we factor 364? You can see that 2 divides 364 evenly to leave also divides 182, which leaves and 5 do not divide 91 evenly, but 7 does. This leaves 13, which is also a prime. So 364 =
13 Let s try it How would we factor 364? You can see that 2 divides 364 evenly to leave also divides 182, which leaves and 5 do not divide 91 evenly, but 7 does. This leaves 13, which is also a prime. So 364 = There is a fancy algorithm - The Generalized Number Field Sieve 4
14 But factoring is hard. The challenge (1977) Factor this number:
15 But factoring is hard. The challenge (1977) Factor this number: In 1994, the answer:
16 Can you hear me now?
17 Errors are everywhere 6
18 Coding Theory information 7
19 Coding Theory information Encoder 7
20 Coding Theory information Encoder code word 7
21 Coding Theory information Encoder Channel code word 7
22 Coding Theory information Encoder code word Channel received word 7
23 Coding Theory information Encoder code word Channel received word Decoder 7
24 Coding Theory information Encoder code word Channel received word Decoder estimated word 7
25 Coding Theory information Encoder code word Channel received word Decoder estimated word Unencoder 7
26 Coding Theory information Encoder code word Channel received word Decoder estimated word Unencoder message 7
27 For example... Repetition code Let C = {00000, 11111}. What are the possible messages? How would you decode? (You receive 00010, or 00??0, or 10101, or...) 8
28 For example... Repetition code Let C = {00000, 11111}. What are the possible messages? How would you decode? (You receive 00010, or 00??0, or 10101, or...) 0 and 1 8
29 For example... Repetition code Let C = {00000, 11111}. What are the possible messages? How would you decode? (You receive 00010, or 00??0, or 10101, or...) 0 and 1 Majority rules! 8
30 A Generator Matrix We need a way to encode information efficiently. 9
31 A Generator Matrix We need a way to encode information efficiently. A matrix G is called a generator matrix for a code C if the rows of G form a basis for C. 9
32 For Example Consider G = To encode the message [ ] , multiply! 10
33 For Example Consider G = [ ] To encode the message , multiply! [ ] (Hopefully we got ) 10
34 Recovering from Errors Definition For vectors x = (x 1,..., x n ) and y = (y 1,..., y n ), the Hamming distance from x to y is d(x, y) = #{i x i y i }. 11
35 Recovering from Errors Definition For vectors x = (x 1,..., x n ) and y = (y 1,..., y n ), the Hamming distance from x to y is d(x, y) = #{i x i y i }. Examples: d(hat, CAT)= 1 11
36 Recovering from Errors Definition For vectors x = (x 1,..., x n ) and y = (y 1,..., y n ), the Hamming distance from x to y is d(x, y) = #{i x i y i }. Examples: d(hat, CAT)= 1 d(pear, PLUM)=3 11
37 Recovering from Errors Definition For vectors x = (x 1,..., x n ) and y = (y 1,..., y n ), the Hamming distance from x to y is d(x, y) = #{i x i y i }. Examples: d(hat, CAT)= 1 d(pear, PLUM)=3 d(11100, 11001)=2 11
38 Recovering from Errors Definition For vectors x = (x 1,..., x n ) and y = (y 1,..., y n ), the Hamming distance from x to y is d(x, y) = #{i x i y i }. Examples: d(hat, CAT)= 1 d(pear, PLUM)=3 d(11100, 11001)=2 11
39 Recovering from Errors Definition The minimum distance of a binary linear code C is d min (C) = min{d(x, y) x y C} 12
40 Recovering from Errors Definition The minimum distance of a binary linear code C is d min (C) = min{d(x, y) x y C} How many bits do we have to flip to get from one codeword to another? 12
41 Recovering from Errors Definition The minimum distance of a binary linear code C is d min (C) = min{d(x, y) x y C} How many bits do we have to flip to get from one codeword to another? How many errors does it take to make a message unrecognizable? 12
42 Decoding Algorithms If a code has minimum distance d, we can correct up to d 1 2 errors. (Why?) 13
43 Decoding Algorithms If a code has minimum distance d, we can correct up to d 1 2 errors. (Why?) And... how? 13
44 Decoding Algorithms If a code has minimum distance d, we can correct up to d 1 2 errors. (Why?) And... how? Nearest neighbor decoding Syndrome decoding Belief propagation Berlekamp-Welch... each optimized for specific codes. 13
45 What can coding theory do? The tradeoff: To increase reliability, we sacrifice efficiency. 14
46 What can coding theory do? The tradeoff: To increase reliability, we sacrifice efficiency. Choices depend on specific application: Point-to-point communication Distributed storage Streaming Network communication 14
47 All Together Now (The McEliece Cryptosystem)
48 Choose-your-own-error-adventure Coding theory is designed to protect information from random errors. But what if I just added errors on purpose? Information becomes hidden by choice. 15
49 The McEliece Cryptosystem Design: A generator matrix G, an efficient decoder. 16
50 The McEliece Cryptosystem Design: A generator matrix G, an efficient decoder. Public key: G := SGP where S is a random invertible matrix and P a permutation matrix. 16
51 The McEliece Cryptosystem Design: A generator matrix G, an efficient decoder. Public key: G := SGP where S is a random invertible matrix and P a permutation matrix. A disguise! 16
52 The McEliece Cryptosystem Design: A generator matrix G, an efficient decoder. Public key: G := SGP where S is a random invertible matrix and P a permutation matrix. A disguise! Private key: The matrices S, G, P. 16
53 The McEliece Cryptosystem Design: A generator matrix G, an efficient decoder. Public key: G := SGP where S is a random invertible matrix and P a permutation matrix. A disguise! Private key: The matrices S, G, P. Encryption: m m G + e, where e is an error vector with weight half the minimum distance. 16
54 The McEliece Cryptosystem Design: A generator matrix G, an efficient decoder. Public key: G := SGP where S is a random invertible matrix and P a permutation matrix. A disguise! Private key: The matrices S, G, P. Encryption: m m G + e, where e is an error vector with weight half the minimum distance. Decryption: Decode msg + ep 1 with respect to G. 16
55 The McEliece Cryptosystem Design: A generator matrix G, an efficient decoder. Public key: G := SGP where S is a random invertible matrix and P a permutation matrix. A disguise! Private key: The matrices S, G, P. Encryption: m m G + e, where e is an error vector with weight half the minimum distance. Decryption: Decode msg + ep 1 with respect to G. Undo the process, using secret information! 16
56 Let s try it. Consider G =
57 Let s try it. Consider G = Pick S =
58 Let s try it. Consider G = Pick S = Pick P, some permutation of columns. Find SGP. 17
59 History Introduced by Robert McEliece in What s the catch? 18
60 History Introduced by Robert McEliece in What s the catch? Well, key size is larger than RSA... 18
61 History Introduced by Robert McEliece in What s the catch? Well, key size is larger than RSA... and too much structure is vulnerable to attack. 18
62 Why does it work? Decoding a random linear code is hard! (NP-hard, in fact.) 18
63 Quantum Stuff
64 Advancing technology Quantum Computing... studies theoretical computation systems (quantum computers) that make direct use of quantum-mechanical phenomena, such as superposition and entanglement, to perform operations on data. 19
65 Advancing technology Quantum Computing... studies theoretical computation systems (quantum computers) that make direct use of quantum-mechanical phenomena, such as superposition and entanglement, to perform operations on data. The big difference? Binary states replaced by quantum states. 19
66 It is unclear when scalable quantum computers will be available, however in the past year or so, researchers working on building a quantum computer have estimated that it is likely that a quantum computer capable of breaking RSA-2048 in a matter of hours could be built by 2030 for a budget of about a billion dollars. This is a serious long - term threat to the cryptosystems currently standardized by NIST. 19
67 The threat: Shor s algorithm: Formulated in
68 The threat: Shor s algorithm: Formulated in 1994 Polynomial time algorithm for factoring 20
69 The threat: Shor s algorithm: Formulated in 1994 Polynomial time algorithm for factoring Currently the largest number to have been successfully factored on a quantum computer is... 20
70 The threat: Shor s algorithm: Formulated in 1994 Polynomial time algorithm for factoring Currently the largest number to have been successfully factored on a quantum computer is
71 but McEliece still works! PQCRYPTO currently recommends the following parameters to achieve post-quantum security: McEliece with binary Goppa codes using length n = 6960, dimension k = 5413 and adding t = 119 errors. Examples of other choices under evaluation: Quasi-cyclic MDPC codes with parameters at least n = , k = , d = 274 and adding t = 264 errors. 21
72 Open Questions What s the best code? Reed-Solomon, algebraic geometry codes, etc too structured! 22
73 Open Questions What s the best code? Reed-Solomon, algebraic geometry codes, etc too structured! Low-density parity-check codes too random! 22
74 Open Questions What s the best code? Reed-Solomon, algebraic geometry codes, etc too structured! Low-density parity-check codes too random! Spatially-coupled or quasi-cyclic codes just right? 22
75 Open Questions What s the best code? Reed-Solomon, algebraic geometry codes, etc too structured! Low-density parity-check codes too random! Spatially-coupled or quasi-cyclic codes just right? What do we need to know to implement? 22
76 Open Questions What s the best code? Reed-Solomon, algebraic geometry codes, etc too structured! Low-density parity-check codes too random! Spatially-coupled or quasi-cyclic codes just right? What do we need to know to implement? algorithms protocols software speedups key sizes... 22
77 Thank you! 22
Code-based Cryptography
a Hands-On Introduction Daniel Loebenberger Ηράκλειο, September 27, 2018 Post-Quantum Cryptography Various flavours: Lattice-based cryptography Hash-based cryptography Code-based
More informationError-correcting codes and applications
Error-correcting codes and applications November 20, 2017 Summary and notation Consider F q : a finite field (if q = 2, then F q are the binary numbers), V = V(F q,n): a vector space over F q of dimension
More informationPost-Quantum Code-Based Cryptography
Big Data Photonics UCLA Post-Quantum Code-Based Cryptography 03-25-2016 Valérie Gauthier Umaña Assistant Professor valeriee.gauthier@urosario.edu.co Cryptography Alice 1 Cryptography Alice Bob 1 Cryptography
More informationNotes 10: Public-key cryptography
MTH6115 Cryptography Notes 10: Public-key cryptography In this section we look at two other schemes that have been proposed for publickey ciphers. The first is interesting because it was the earliest such
More informationSide-channel analysis in code-based cryptography
1 Side-channel analysis in code-based cryptography Tania RICHMOND IMATH Laboratory University of Toulon SoSySec Seminar Rennes, April 5, 2017 Outline McEliece cryptosystem Timing Attack Power consumption
More informationCode Based Cryptology at TU/e
Code Based Cryptology at TU/e Ruud Pellikaan g.r.pellikaan@tue.nl University Indonesia, Depok, Nov. 2 University Padjadjaran, Bandung, Nov. 6 Institute Technology Bandung, Bandung, Nov. 6 University Gadjah
More informationCryptographie basée sur les codes correcteurs d erreurs et arithmétique
with Cryptographie basée sur les correcteurs d erreurs et arithmétique with with Laboratoire Hubert Curien, UMR CNRS 5516, Bâtiment F 18 rue du professeur Benoît Lauras 42000 Saint-Etienne France pierre.louis.cayrel@univ-st-etienne.fr
More informationLogic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation
Quantum logic gates Logic gates Classical NOT gate Quantum NOT gate (X gate) A NOT A α 0 + β 1 X α 1 + β 0 A N O T A 0 1 1 0 Matrix form representation 0 1 X = 1 0 The only non-trivial single bit gate
More informationError-correcting codes and Cryptography
Error-correcting codes and Cryptography Henk van Tilborg Code-based Cryptography Workshop Eindhoven, May -2, 2 /45 CONTENTS I II III IV V Error-correcting codes; the basics Quasi-cyclic codes; codes generated
More informationCode-based cryptography
Code-based graphy Laboratoire Hubert Curien, UMR CNRS 5516, Bâtiment F 18 rue du professeur Benoît Lauras 42000 Saint-Etienne France pierre.louis.cayrel@univ-st-etienne.fr June 4th 2013 Pierre-Louis CAYREL
More informationAn Overview to Code based Cryptography
Joachim Rosenthal University of Zürich HKU, August 24, 2016 Outline Basics on Public Key Crypto Systems 1 Basics on Public Key Crypto Systems 2 3 4 5 Where are Public Key Systems used: Public Key Crypto
More informationCryptanalysis of the McEliece Public Key Cryptosystem Based on Polar Codes
Cryptanalysis of the McEliece Public Key Cryptosystem Based on Polar Codes Magali Bardet 1 Julia Chaulet 2 Vlad Dragoi 1 Ayoub Otmani 1 Jean-Pierre Tillich 2 Normandie Univ, France; UR, LITIS, F-76821
More informationA Key Recovery Attack on MDPC with CCA Security Using Decoding Errors
A Key Recovery Attack on MDPC with CCA Security Using Decoding Errors Qian Guo Thomas Johansson Paul Stankovski Dept. of Electrical and Information Technology, Lund University ASIACRYPT 2016 Dec 8th, 2016
More informationCosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks
1 Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks Michael Albert michael.albert@cs.otago.ac.nz 2 This week Arithmetic Knapsack cryptosystems Attacks on knapsacks Some
More informationMcEliece type Cryptosystem based on Gabidulin Codes
McEliece type Cryptosystem based on Gabidulin Codes Joachim Rosenthal University of Zürich ALCOMA, March 19, 2015 joint work with Kyle Marshall Outline Traditional McEliece Crypto System 1 Traditional
More informationList decoding of binary Goppa codes and key reduction for McEliece s cryptosystem
List decoding of binary Goppa codes and key reduction for McEliece s cryptosystem Morgan Barbier morgan.barbier@lix.polytechnique.fr École Polytechnique INRIA Saclay - Île de France 14 April 2011 University
More informationPost-quantum cryptography Why? Kristian Gjøsteen Department of Mathematical Sciences, NTNU Finse, May 2017
Post-quantum cryptography Why? Kristian Gjøsteen Department of Mathematical Sciences, NTNU Finse, May 2017 1 Background I will use: Linear algebra. Vectors x. Matrices A, matrix multiplication AB, xa,
More informationWild McEliece Incognito
Wild McEliece Incognito Christiane Peters Technische Universiteit Eindhoven joint work with Daniel J. Bernstein and Tanja Lange Seminaire de Cryptographie Rennes April 1, 2011 Bad news Quantum computers
More informationSide Channel Analysis and Protection for McEliece Implementations
Side Channel Analysis and Protection for McEliece Implementations Thomas Eisenbarth Joint work with Cong Chen, Ingo von Maurich and Rainer Steinwandt 9/27/2016 NATO Workshop- Tel Aviv University Overview
More informationAttacking and defending the McEliece cryptosystem
Attacking and defending the McEliece cryptosystem (Joint work with Daniel J. Bernstein and Tanja Lange) Christiane Peters Technische Universiteit Eindhoven PQCrypto 2nd Workshop on Postquantum Cryptography
More informationToward Secure Implementation of McEliece Decryption
Toward Secure Implementation of McEliece Decryption Mariya Georgieva & Frédéric de Portzamparc Gemalto & LIP6, 13/04/2015 1 MCELIECE PUBLIC-KEY ENCRYPTION 2 DECRYPTION ORACLE TIMING ATTACKS 3 EXTENDED
More informationConstructive aspects of code-based cryptography
DIMACS Workshop on The Mathematics of Post-Quantum Cryptography Rutgers University January 12-16, 2015 Constructive aspects of code-based cryptography Marco Baldi Università Politecnica delle Marche Ancona,
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationCodes used in Cryptography
Prasad Krishnan Signal Processing and Communications Research Center, International Institute of Information Technology, Hyderabad March 29, 2016 Outline Coding Theory and Cryptography Linear Codes Codes
More informationCode Based Cryptography
Code Based Cryptography Alain Couvreur INRIA & LIX, École Polytechnique École de Printemps Post Scryptum 2018 A. Couvreur Code Based Crypto Post scryptum 2018 1 / 66 Outline 1 Introduction 2 A bit coding
More information8 Elliptic Curve Cryptography
8 Elliptic Curve Cryptography 8.1 Elliptic Curves over a Finite Field For the purposes of cryptography, we want to consider an elliptic curve defined over a finite field F p = Z/pZ for p a prime. Given
More informationPublic-key Cryptography and elliptic curves
Public-key Cryptography and elliptic curves Dan Nichols nichols@math.umass.edu University of Massachusetts Oct. 14, 2015 Cryptography basics Cryptography is the study of secure communications. Here are
More informationSecurity Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography
Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Peter Schwabe October 21 and 28, 2011 So far we assumed that Alice and Bob both have some key, which nobody else has. How
More informationChannel Coding for Secure Transmissions
Channel Coding for Secure Transmissions March 27, 2017 1 / 51 McEliece Cryptosystem Coding Approach: Noiseless Main Channel Coding Approach: Noisy Main Channel 2 / 51 Outline We present an overiew of linear
More informationCryptography. P. Danziger. Transmit...Bob...
10.4 Cryptography P. Danziger 1 Cipher Schemes A cryptographic scheme is an example of a code. The special requirement is that the encoded message be difficult to retrieve without some special piece of
More informationAddition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?
Ch - Algorithms with numbers Addition Basic arithmetic Addition ultiplication Division odular arithmetic factoring is hard Primality testing 53+35=88 Cost? (n number of bits) O(n) ultiplication al-khwārizmī
More informationGreat Theoretical Ideas in Computer Science
15-251 Great Theoretical Ideas in Computer Science Lecture 22: Cryptography November 12th, 2015 What is cryptography about? Adversary Eavesdropper I will cut your throat I will cut your throat What is
More informationIng. Amilcare Francesco Santamaria, Ph.D. DIMES Dpt. University of Calabria
DES Algorithm works on bit or binary number, this mean that if we have to face with an HEX number such as 1 it needs to be converted in a binary number: 1 hex = 0001 (4 bits 1 nibble) 9 hex = 1001 A hex
More informationPost-Quantum Cryptography
Post-Quantum Cryptography Sebastian Schmittner Institute for Theoretical Physics University of Cologne 2015-10-26 Talk @ U23 @ CCC Cologne This work is licensed under a Creative Commons Attribution-ShareAlike
More informationMcEliece and Niederreiter Cryptosystems That Resist Quantum Fourier Sampling Attacks
McEliece and Niederreiter Cryptosystems That Resist Quantum Fourier Sampling Attacks Hang Dinh Indiana Uniersity South Bend joint work with Cristopher Moore Uniersity of New Mexico Alexander Russell Uniersity
More informationFPGA-based Niederreiter Cryptosystem using Binary Goppa Codes
FPGA-based Niederreiter Cryptosystem using Binary Goppa Codes Wen Wang 1, Jakub Szefer 1, and Ruben Niederhagen 2 1. Yale University, USA 2. Fraunhofer Institute SIT, Germany April 9, 2018 PQCrypto 2018
More information2 Description of McEliece s Public-Key Cryptosystem
1 A SOFTWARE IMPLEMENTATION OF THE McELIECE PUBLIC-KEY CRYPTOSYSTEM Bart Preneel 1,2, Antoon Bosselaers 1, René Govaerts 1 and Joos Vandewalle 1 A software implementation of the McEliece public-key cryptosystem
More informationNUMBER THEORY AND CODES. Álvaro Pelayo WUSTL
NUMBER THEORY AND CODES Álvaro Pelayo WUSTL Talk Goal To develop codes of the sort can tell the world how to put messages in code (public key cryptography) only you can decode them Structure of Talk Part
More informationTHE RSA ENCRYPTION SCHEME
THE RSA ENCRYPTION SCHEME Contents 1. The RSA Encryption Scheme 2 1.1. Advantages over traditional coding methods 3 1.2. Proof of the decoding procedure 4 1.3. Security of the RSA Scheme 4 1.4. Finding
More informationCryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups
Great Theoretical Ideas in CS V. Adamchik CS 15-251 Upcoming Interview? Lecture 24 Carnegie Mellon University Cryptography and RSA How the World's Smartest Company Selects the Most Creative Thinkers Groups
More informationAlternative Approaches: Bounded Storage Model
Alternative Approaches: Bounded Storage Model A. Würfl 17th April 2005 1 Motivation Description of the Randomized Cipher 2 Motivation Motivation Description of the Randomized Cipher Common practice in
More informationUniversity of Tokyo: Advanced Algorithms Summer Lecture 6 27 May. Let s keep in mind definitions from the previous lecture:
University of Tokyo: Advanced Algorithms Summer 2010 Lecture 6 27 May Lecturer: François Le Gall Scribe: Baljak Valentina As opposed to prime factorization, primality testing is determining whether a given
More informationTheme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS
1 C Theme : Cryptography Instructor : Prof. C Pandu Rangan Speaker : Arun Moorthy 93115 CS 2 RSA Cryptosystem Outline of the Talk! Introduction to RSA! Working of the RSA system and associated terminology!
More informationError-correcting Pairs for a Public-key Cryptosystem
Error-correcting Pairs for a Public-key Cryptosystem Ruud Pellikaan g.r.pellikaan@tue.nl joint work with Irene Márquez-Corbella Code-based Cryptography Workshop 2012 Lyngby, 9 May 2012 Introduction and
More informationQuantum-Safe Crypto Why & How? JP Aumasson, Kudelski Security
Quantum-Safe Crypto Why & How? JP Aumasson, Kudelski Security Flight plan What s a quantum computer? How broken are your public keys? AES vs. quantum search Hidden quantum powers Defeating quantum computing
More informationRSA. Ramki Thurimella
RSA Ramki Thurimella Public-Key Cryptography Symmetric cryptography: same key is used for encryption and decryption. Asymmetric cryptography: different keys used for encryption and decryption. Public-Key
More informationThe McEliece Cryptosystem Resists Quantum Fourier Sampling Attack
The McEliece Cryptosystem Resists Quantum Fourier Sampling Attack Cristopher Moore University of New Mexico and the Santa Fe Institute Joint work with Hang Dinh, University of Connecticut / Indiana, South
More informationAn Overview on Post-Quantum Cryptography with an Emphasis. an Emphasis on Code based Systems
An Overview on Post-Quantum Cryptography with an Emphasis on Code based Systems Joachim Rosenthal University of Zürich Finite Geometries Fifth Irsee Conference, September 10 16, 2017. Outline 1 Basics
More informationCode-Based Cryptography Error-Correcting Codes and Cryptography
Code-Based Cryptography Error-Correcting Codes and Cryptography I. Márquez-Corbella 0 1. Error-Correcting Codes and Cryptography 1. Introduction I - Cryptography 2. Introduction II - Coding Theory 3. Encoding
More informationDiscrete Mathematics GCD, LCM, RSA Algorithm
Discrete Mathematics GCD, LCM, RSA Algorithm Abdul Hameed http://informationtechnology.pk/pucit abdul.hameed@pucit.edu.pk Lecture 16 Greatest Common Divisor 2 Greatest common divisor The greatest common
More informationEnhanced public key security for the McEliece cryptosystem
Enhanced public key security for the McEliece cryptosystem Marco Baldi 1, Marco Bianchi 1, Franco Chiaraluce 1, Joachim Rosenthal 2, and Davide Schipani 2 1 Università Politecnica delle Marche, Ancona,
More informationDecoding One Out of Many
Decoding One Out of Many Nicolas Sendrier INRIA Paris-Rocquencourt, équipe-projet SECRET Code-based Cryptography Workshop 11-12 May 2011, Eindhoven, The Netherlands Computational Syndrome Decoding Problem:
More informationSingle and Entangled photons. Edward Pei
Single and Entangled photons Edward Pei War is most commonly thought of as men fighting with their fist, and power is determined by physical strength. Behind the lines, however, knowledge is power. For
More informationTi Secured communications
Ti5318800 Secured communications Pekka Jäppinen September 20, 2007 Pekka Jäppinen, Lappeenranta University of Technology: September 20, 2007 Relies on use of two keys: Public and private Sometimes called
More informationCryptographic Engineering
Cryptographic Engineering Clément PERNET M2 Cyber Security, UFR-IM 2 AG, Univ. Grenoble-Alpes ENSIMAG, Grenoble INP Outline Coding Theory Introduction Linear Codes Reed-Solomon codes Application: Mc Eliece
More informationIntroduction to Quantum Safe Cryptography. ENISA September 2018
Introduction to Quantum Safe Cryptography ENISA September 2018 Introduction This talk will introduce the mathematical background of the most popular PQC primitives Code-based Lattice-based Multivariate
More informationSimple Math: Cryptography
1 Introduction Simple Math: Cryptography This section develops some mathematics before getting to the application. The mathematics that I use involves simple facts from number theory. Number theory is
More informationTheory of Computation Chapter 12: Cryptography
Theory of Computation Chapter 12: Cryptography Guan-Shieng Huang Dec. 20, 2006 0-0 Introduction Alice wants to communicate with Bob secretely. x Alice Bob John Alice y=e(e,x) y Bob y??? John Assumption
More informationCode-based post-quantum cryptography. D. J. Bernstein University of Illinois at Chicago
Code-based post-quantum cryptography D. J. Bernstein University of Illinois at Chicago Once the enormous energy boost that quantum computers are expected to provide hits the street, most encryption security
More informationduring transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL
THE MATHEMATICAL BACKGROUND OF CRYPTOGRAPHY Cryptography: used to safeguard information during transmission (e.g., credit card number for internet shopping) as opposed to Coding Theory: used to transmit
More informationMEETING 6 - MODULAR ARITHMETIC AND INTRODUCTORY CRYPTOGRAPHY
MEETING 6 - MODULAR ARITHMETIC AND INTRODUCTORY CRYPTOGRAPHY In this meeting we go through the foundations of modular arithmetic. Before the meeting it is assumed that you have watched the videos and worked
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More informationEncryption: The RSA Public Key Cipher
Encryption: The RSA Public Key Cipher Michael Brockway March 5, 2018 Overview Transport-layer security employs an asymmetric public cryptosystem to allow two parties (usually a client application and a
More informationIntroduction. What is RSA. A Guide To RSA by Robert Yates. Topics
A Guide To RSA by Robert Yates. Topics Introduction...01/09 What is RSA...01/09 Mod-Exponentiation...02/09 Euler's Theorem...03/09 RSA Algorithm...08/09 RSA Security...09/09 Introduction Welcome to my
More informationTutorial on Quantum Computing. Vwani P. Roychowdhury. Lecture 1: Introduction
Tutorial on Quantum Computing Vwani P. Roychowdhury Lecture 1: Introduction 1 & ) &! # Fundamentals Qubits A single qubit is a two state system, such as a two level atom we denote two orthogonal states
More informationQuantum Cryptography and Security of Information Systems
Quantum Cryptography and Security of Information Systems Dalibor Hrg University of Zagreb, Faculty of Electrical Engineering and Computing, Zagreb dalix@fly.srk.fer.hr Leo Budin University of Zagreb, Faculty
More informationMath 412: Number Theory Lecture 13 Applications of
Math 412: Number Theory Lecture 13 Applications of Gexin Yu gyu@wm.edu College of William and Mary Partition of integers A partition λ of the positive integer n is a non increasing sequence of positive
More informationPublic Key Algorithms
Public Key Algorithms Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA Public Key Encryption Factoring Algorithms Lecture 7 Tel-Aviv University Revised March 1st, 2008 Reminder: The Prime Number Theorem Let π(x) denote the
More informationMy brief introduction to cryptography
My brief introduction to cryptography David Thomson dthomson@math.carleton.ca Carleton University September 7, 2013 introduction to cryptography September 7, 2013 1 / 28 Outline 1 The general framework
More informationPost-Quantum Cryptography
Post-Quantum Cryptography Code-Based Cryptography Tanja Lange with some slides by Tung Chou and Christiane Peters Technische Universiteit Eindhoven ASCrypto Summer School: 18 September 2017 Error correction
More informationLDPC codes in the McEliece cryptosystem: attacks and countermeasures
arxiv:0710.0142v2 [cs.it] 11 Jan 2009 LDPC codes in the McEliece cryptosystem: attacks and countermeasures Marco BALDI 1 Polytechnic University of Marche, Ancona, Italy Abstract. The McEliece cryptosystem
More informationNumber Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers
Number Theory: Applications Number Theory Applications Computer Science & Engineering 235: Discrete Mathematics Christopher M. Bourke cbourke@cse.unl.edu Results from Number Theory have many applications
More informationPart V. Public-key cryptosystems, I. Key exchange, knapsack, RSA
Part V Public-key cryptosystems, I. Key exchange, knapsack, RSA CHAPTER 5: PUBLIC-KEY CRYPTOGRAPHY I. RSA The main problem of secret key (or symmetric) cryptography is that in order to send securely a
More informationA brief survey on quantum computing
A brief survey on quantum computing Edward Poon University of Ottawa Edward Poon (Ottawa) A brief survey on quantum computing March 19, 2018 1 / 7 Outline Goal: Provide a high-level overview of what quantum
More informationCryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1
Cryptography CS 555 Topic 25: Quantum Crpytography CS555 Topic 25 1 Outline and Readings Outline: What is Identity Based Encryption Quantum cryptography Readings: CS555 Topic 25 2 Identity Based Encryption
More informationNoisy Diffie-Hellman protocols
Noisy Diffie-Hellman protocols Carlos Aguilar 1, Philippe Gaborit 1, Patrick Lacharme 1, Julien Schrek 1 and Gilles Zémor 2 1 University of Limoges, France, 2 University of Bordeaux, France. Classical
More informationHow SAGE helps to implement Goppa Codes and McEliece PKCSs
How SAGE helps to implement and s DSI GmbH Bremen Institute of Informatics & Automation, IIA Faculty EEE & CS, Hochschule Bremen University of Applied Sciences, risse@hs-bremen.de ICIT 11, May 11 th, 2011,
More informationA Reaction Attack on the QC-LDPC McEliece Cryptosystem
A Reaction Attack on the QC-LDPC McEliece Cryptosystem Tomáš Fabšič 1, Viliam Hromada 1, Paul Stankovski 2, Pavol Zajac 1, Qian Guo 2, Thomas Johansson 2 1 Slovak University of Technology in Bratislava
More informationYou separate binary numbers into columns in a similar fashion. 2 5 = 32
RSA Encryption 2 At the end of Part I of this article, we stated that RSA encryption works because it s impractical to factor n, which determines P 1 and P 2, which determines our private key, d, which
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More informationThe failure of McEliece PKC based on Reed-Muller codes.
The failure of McEliece PKC based on Reed-Muller codes. May 8, 2013 I. V. Chizhov 1, M. A. Borodin 2 1 Lomonosov Moscow State University. email: ivchizhov@gmail.com, ichizhov@cs.msu.ru 2 Lomonosov Moscow
More informationAn Introduction to Probabilistic Encryption
Osječki matematički list 6(2006), 37 44 37 An Introduction to Probabilistic Encryption Georg J. Fuchsbauer Abstract. An introduction to probabilistic encryption is given, presenting the first probabilistic
More informationMathematics of Cryptography
UNIT - III Mathematics of Cryptography Part III: Primes and Related Congruence Equations 1 Objectives To introduce prime numbers and their applications in cryptography. To discuss some primality test algorithms
More informationMcBits: fast constant-time code-based cryptography. (to appear at CHES 2013)
McBits: fast constant-time code-based cryptography (to appear at CHES 2013) D. J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Joint work with: Tung Chou Technische Universiteit
More informationExample: sending one bit of information across noisy channel. Effects of the noise: flip the bit with probability p.
Lecture 20 Page 1 Lecture 20 Quantum error correction Classical error correction Modern computers: failure rate is below one error in 10 17 operations Data transmission and storage (file transfers, cell
More informationImproving the efficiency of Generalized Birthday Attacks against certain structured cryptosystems
Improving the efficiency of Generalized Birthday Attacks against certain structured cryptosystems Robert Niebuhr 1, Pierre-Louis Cayrel 2, and Johannes Buchmann 1,2 1 Technische Universität Darmstadt Fachbereich
More informationA brief survey of post-quantum cryptography. D. J. Bernstein University of Illinois at Chicago
A brief survey of post-quantum cryptography D. J. Bernstein University of Illinois at Chicago Once the enormous energy boost that quantum computers are expected to provide hits the street, most encryption
More informationA Smart Card Implementation of the McEliece PKC
A Smart Card Implementation of the McEliece PKC Falko Strenzke 1 1 FlexSecure GmbH, Germany, strenzke@flexsecure.de 2 Cryptography and Computeralgebra, Department of Computer Science, Technische Universität
More informationCode-based cryptography
Code-based graphy Laboratoire Hubert Curien, UMR CNRS 5516, Bâtiment F 18 rue du professeur Benoît Lauras 42000 Saint-Etienne France pierre.louis.cayrel@univ-st-etienne.fr 16 Novembre 2011 Pierre-Louis
More informationPublic Key Cryptography
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Public Key Cryptography EECE 412 1 What is it? Two keys Sender uses recipient s public key to encrypt Receiver uses his private key to decrypt
More informationdit-upm RSA Cybersecurity Cryptography
-upm Cybersecurity Cryptography José A. Mañas < http://www.dit.upm.es/~pepe/> Information Technology Department Universidad Politécnica de Madrid 4 october 2018 public key (asymmetric) public key secret
More informationThe RSA public encryption scheme: How I learned to stop worrying and love buying stuff online
The RSA public encryption scheme: How I learned to stop worrying and love buying stuff online Anthony Várilly-Alvarado Rice University Mathematics Leadership Institute, June 2010 Our Goal Today I will
More information1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2
Contents 1 Recommended Reading 1 2 Public Key/Private Key Cryptography 1 2.1 Overview............................................. 1 2.2 RSA Algorithm.......................................... 2 3 A Number
More informationCan You Hear Me Now?
Can You Hear Me Now? An Introduction to Coding Theory William J. Turner Department of Mathematics & Computer Science Wabash College Crawfordsville, IN 47933 19 October 2004 W. J. Turner (Wabash College)
More informationRSA RSA public key cryptosystem
RSA 1 RSA As we have seen, the security of most cipher systems rests on the users keeping secret a special key, for anyone possessing the key can encrypt and/or decrypt the messages sent between them.
More informationIntroduction to Cryptography for the Mathematically Challenged
Introduction to Cryptography for the Mathematically Challenged Leo Liberti Centre for Process Systems Engineering Imperial College of Science, Technology and Medicine October 31, 2000 1 Introduction The
More informationCode-Based Cryptography McEliece Cryptosystem
Code-Based Cryptography McEliece Cryptosystem I. Márquez-Corbella 0 . McEliece Cryptosystem 1. Formal Definition. Security-Reduction Proof 3. McEliece Assumptions 4. Notions of Security 5. Critical Attacks
More informationAn Introduction. Dr Nick Papanikolaou. Seminar on The Future of Cryptography The British Computer Society 17 September 2009
An Dr Nick Papanikolaou Research Fellow, e-security Group International Digital Laboratory University of Warwick http://go.warwick.ac.uk/nikos Seminar on The Future of Cryptography The British Computer
More informationQC-MDPC: A Timing Attack and a CCA2 KEM
QC-MDPC: A Timing Attack and a CCA2 KEM Edward Eaton 1, Matthieu Lequesne 23, Alex Parent 1, and Nicolas Sendrier 3 1 ISARA Corporation, Waterloo, Canada {ted.eaton,alex.parent}@isara.com 2 Sorbonne Universités,
More information