REU 2015: Complexity Across Disciplines. Introduction to Cryptography
|
|
- Charles Ford
- 5 years ago
- Views:
Transcription
1 REU 2015: Complexity Across Disciplines Introduction to Cryptography
2
3 Iterated Block Ciphers Definition Let KS : K K s be a function that produces a set of subkeys k i K, 1 i s from any key k K. A block cipher Π for which the encryption functions ɛ k are of the form T [k s ] T [k s 1 ] T [k s 2 ] T [k 1 ] is called an iterated block cipher and T [k i ] is called ith-round function.
4 Hash Functions Definition A hash function is a function H : X Y where X is a set of strings of arbitrary length, Y is a finite set of strings of a fixed length and X > Y. 1 Computationally Infeasible means solving the underlying problem is not possible within polynomial time
5 Hash Functions Definition A hash function is a function H : X Y where X is a set of strings of arbitrary length, Y is a finite set of strings of a fixed length and X > Y. A hash function H is one-way hash function for any x X it is computationally infeasible 1 to find y Y such that H(x) = y. 1 Computationally Infeasible means solving the underlying problem is not possible within polynomial time
6 Hash Functions Definition A hash function is a function H : X Y where X is a set of strings of arbitrary length, Y is a finite set of strings of a fixed length and X > Y. A hash function H is one-way hash function for any x X it is computationally infeasible 1 to find y Y such that H(x) = y. A hash function H is second-preimage resistant or weakly-collision free if for a given x X it is computationally infeasible to find x x such that H(x) = H(x ). 1 Computationally Infeasible means solving the underlying problem is not possible within polynomial time
7 Hash Functions Definition A hash function is a function H : X Y where X is a set of strings of arbitrary length, Y is a finite set of strings of a fixed length and X > Y. A hash function H is one-way hash function for any x X it is computationally infeasible 1 to find y Y such that H(x) = y. A hash function H is second-preimage resistant or weakly-collision free if for a given x X it is computationally infeasible to find x x such that H(x) = H(x ). A hash function H is first-preimage resistant or strongly-collision free if it is computationally infeasible to find x, x X such that x x and H(x) = H(x ). 1 Computationally Infeasible means solving the underlying problem is not possible within polynomial time
8 Why Do We Need Hash Functions? Figure: Hashing passwords 2 2 Steve Friedl s Unixwiz.net
9 Verifying file integrity Figure: Verification of Passwords 3 3 Steve Friedl s Unixwiz.net
10 Example: Merkle-Damgård Hash Function Merkle-Damgåard construction 4 5 is a method of building collision-resistant hash function H from collision-resistant one-way compression function, F, which takes a fixed length input and returns a shorter, fixed-length output. 6 4 I. Damgård, A Design Principle for Hash Functions, Lecture Notes in Computer Science Vol. 435, (1989) 5 R.C. Merkle, A Certified Digital Signature, Lecture Notes in Computer Science Vol. 435, (1989) 6
11 Example: Merkle-Damgård Hash Function Let W (k, m) denote a block cipher that encrypts given plaintext m using a key k.
12 Example: Merkle-Damgård Hash Function Let W (k, m) denote a block cipher that encrypts given plaintext m using a key k. The hash functions based on the Merkle-Damgård scheme use a block cipher as a compression function.
13 Example: Merkle-Damgård Hash Function Let W (k, m) denote a block cipher that encrypts given plaintext m using a key k. The hash functions based on the Merkle-Damgård scheme use a block cipher as a compression function. Given a message m consisting of blocks m 1, m 2, m 3,, m t, the hash function is defined as H i = W (H i 1, m i ) m i H i 1, 0 i t (1) where H 0 is some initial value.
14 Groups Generated by Encryption Functions Let T Π = {ɛ k : k K} be the set of all possible encryption transformations. In a cryptosystem the mapping ɛ is a permutation of M. T Π S M
15 Groups Generated by Encryption Functions Let T Π = {ɛ k : k K} be the set of all possible encryption transformations. In a cryptosystem the mapping ɛ is a permutation of M. T Π S M Definition The group G = T Π is called the group generated by the cipher.
16 Groups Generated by Encryption Functions Let T Π = {ɛ k : k K} be the set of all possible encryption transformations. In a cryptosystem the mapping ɛ is a permutation of M. T Π S M Definition The group G = T Π is called the group generated by the cipher. If T Π = G then the set of permutations T Π forms a group (the cipher is a group).
17 Groups Generated by Encryption Functions Let T Π = {ɛ k : k K} be the set of all possible encryption transformations. In a cryptosystem the mapping ɛ is a permutation of M. T Π S M Definition The group G = T Π is called the group generated by the cipher. If T Π = G then the set of permutations T Π forms a group (the cipher is a group). For such a cipher, multiple encryption doesn t offer better security than single encryption.
18 Groups Generated by Encryption functions Group generated by T [k]: G τ = T [k] k K
19 Groups Generated by Encryption functions Group generated by T [k]: G τ = T [k] k K Group generated by an arbitrary composition of s-round functions with independent keys k 1, k 2,, k s K:
20 Groups Generated by Encryption functions Group generated by T [k]: G τ = T [k] k K Group generated by an arbitrary composition of s-round functions with independent keys k 1, k 2,, k s K: G s τ = T [k s ]T [k s 1 ] T [k 1 ] k i K Group generated by any composition of s-round functions permitted by the key schedule KS : K K s (group generated by the cipher):
21 Groups Generated by Encryption functions Group generated by T [k]: G τ = T [k] k K Group generated by an arbitrary composition of s-round functions with independent keys k 1, k 2,, k s K: G s τ = T [k s ]T [k s 1 ] T [k 1 ] k i K Group generated by any composition of s-round functions permitted by the key schedule KS : K K s (group generated by the cipher): G = T [k s ]T [k s 1 ] T [k 1 ] KS(k) = (k 1, k 2,, k s )
22 Groups Generated by Encryption functions Group generated by T [k]: G τ = T [k] k K Group generated by an arbitrary composition of s-round functions with independent keys k 1, k 2,, k s K: G s τ = T [k s ]T [k s 1 ] T [k 1 ] k i K Group generated by any composition of s-round functions permitted by the key schedule KS : K K s (group generated by the cipher): G = T [k s ]T [k s 1 ] T [k 1 ] KS(k) = (k 1, k 2,, k s ) Lemma For every s N, G s τ is a normal subgroup of G τ.
23 Figure: Advanced Encryption Standard
24 Generalized AES cipher Definition A structure (F, +, ) is a field if and only if both (F, +) and (F, ) are Abelian groups and the law of distributivity applies. If the number of elements in F is finite, F is called a finite field; otherwise it is called an infinite field.
25 Generalized AES cipher Definition A structure (F, +, ) is a field if and only if both (F, +) and (F, ) are Abelian groups and the law of distributivity applies. If the number of elements in F is finite, F is called a finite field; otherwise it is called an infinite field. Classical AES is a set of permutations of the finite field M = GF(2 128 ) = GF(2 8 ) 4 4. Generalized AES is a set of permutations of the finite field M = GF(p r ) mn.
26 Generalized AES cipher Definition For any k K the function T s [k] : GF (p r ) mn GF (p r ) mn defined by T s [k] := σ[k s+1 ] π λ (σ[k i ] ρ π λ) s 1 σ[k 1 ] for 2 i s is called s-round AES encryption function.
27 Groups Generated by the AES Encryption Functions Theorem Let p > 2 and m, n, r > 1 be natural numbers. Then the set of s-round AES encryption functions is not a group if
28 Groups Generated by the AES Encryption Functions Theorem Let p > 2 and m, n, r > 1 be natural numbers. Then the set of s-round AES encryption functions is not a group if s is even, and n and (p rm 1)/ c are odd, where c GF(p r ) is the polynomial used in the ρ function, or
29 Groups Generated by the AES Encryption Functions Theorem Let p > 2 and m, n, r > 1 be natural numbers. Then the set of s-round AES encryption functions is not a group if s is even, and n and (p rm 1)/ c are odd, where c GF(p r ) is the polynomial used in the ρ function, or s, m, and n are odd, and either p 4 3, r is odd, and (p r 1)/ a is odd, or
30 Groups Generated by the AES Encryption Functions Theorem Let p > 2 and m, n, r > 1 be natural numbers. Then the set of s-round AES encryption functions is not a group if s is even, and n and (p rm 1)/ c are odd, where c GF(p r ) is the polynomial used in the ρ function, or s, m, and n are odd, and either p 4 3, r is odd, and (p r 1)/ a is odd, or p 4 1 or r is even, and (p r 1)/ a is even,
31 Groups Generated by the AES Encryption Functions Theorem Let p > 2 and m, n, r > 1 be natural numbers. Then the set of s-round AES encryption functions is not a group if s is even, and n and (p rm 1)/ c are odd, where c GF(p r ) is the polynomial used in the ρ function, or s, m, and n are odd, and either p 4 3, r is odd, and (p r 1)/ a is odd, or p 4 1 or r is even, and (p r 1)/ a is even, where a GF(p r ) is the polynomial used in the λ function.
32 Group generated by the AES round functions 7 R. Sparr and R. Wernsdorf, Group theoretic properties of Rijndael-like ciphers, Discrete Applied Mathematics 156 (2008) L. Babinkostova, K. Bombardier, M. Cole, T. Morrell, and C. Scott, Algebraic Structure of generalized Rijndael-like SP networks, (2014) Groups Complexity Cryptology Volume 6, Issue 1 pp
33 Group generated by the AES round functions Theorem 7 Let T [k] : GF (2 8 ) 4n GF (2 8 ) 4n be a 1-round AES function. Then 7 R. Sparr and R. Wernsdorf, Group theoretic properties of Rijndael-like ciphers, Discrete Applied Mathematics 156 (2008) L. Babinkostova, K. Bombardier, M. Cole, T. Morrell, and C. Scott, Algebraic Structure of generalized Rijndael-like SP networks, (2014) Groups Complexity Cryptology Volume 6, Issue 1 pp
34 Group generated by the AES round functions Theorem 7 Let T [k] : GF (2 8 ) 4n GF (2 8 ) 4n be a 1-round AES function. Then for every n {4, 5, 6, 7, 8} the group G τ = T [k] k K is equal to the alternating group on GF (2 8 ) 4n. 7 R. Sparr and R. Wernsdorf, Group theoretic properties of Rijndael-like ciphers, Discrete Applied Mathematics 156 (2008) L. Babinkostova, K. Bombardier, M. Cole, T. Morrell, and C. Scott, Algebraic Structure of generalized Rijndael-like SP networks, (2014) Groups Complexity Cryptology Volume 6, Issue 1 pp
35 Group generated by the AES round functions Theorem 7 Let T [k] : GF (2 8 ) 4n GF (2 8 ) 4n be a 1-round AES function. Then for every n {4, 5, 6, 7, 8} the group G τ = T [k] k K is equal to the alternating group on GF (2 8 ) 4n. Theorem 8 Let T s [k] : GF (p r ) mn GF (p r ) mn be s-round AES function. Then 7 R. Sparr and R. Wernsdorf, Group theoretic properties of Rijndael-like ciphers, Discrete Applied Mathematics 156 (2008) L. Babinkostova, K. Bombardier, M. Cole, T. Morrell, and C. Scott, Algebraic Structure of generalized Rijndael-like SP networks, (2014) Groups Complexity Cryptology Volume 6, Issue 1 pp
36 Group generated by the AES round functions Theorem 7 Let T [k] : GF (2 8 ) 4n GF (2 8 ) 4n be a 1-round AES function. Then for every n {4, 5, 6, 7, 8} the group G τ = T [k] k K is equal to the alternating group on GF (2 8 ) 4n. Theorem 8 Let T s [k] : GF (p r ) mn GF (p r ) mn be s-round AES function. Then 1. If G τ = A p rmn, then G s τ = A p rmn. 7 R. Sparr and R. Wernsdorf, Group theoretic properties of Rijndael-like ciphers, Discrete Applied Mathematics 156 (2008) L. Babinkostova, K. Bombardier, M. Cole, T. Morrell, and C. Scott, Algebraic Structure of generalized Rijndael-like SP networks, (2014) Groups Complexity Cryptology Volume 6, Issue 1 pp
37 Group generated by the AES round functions Theorem 7 Let T [k] : GF (2 8 ) 4n GF (2 8 ) 4n be a 1-round AES function. Then for every n {4, 5, 6, 7, 8} the group G τ = T [k] k K is equal to the alternating group on GF (2 8 ) 4n. Theorem 8 Let T s [k] : GF (p r ) mn GF (p r ) mn be s-round AES function. Then 1. If G τ = A p rmn, then G s τ = A p rmn. 2. If G τ = S p rmn, then 7 R. Sparr and R. Wernsdorf, Group theoretic properties of Rijndael-like ciphers, Discrete Applied Mathematics 156 (2008) L. Babinkostova, K. Bombardier, M. Cole, T. Morrell, and C. Scott, Algebraic Structure of generalized Rijndael-like SP networks, (2014) Groups Complexity Cryptology Volume 6, Issue 1 pp
38 Group generated by the AES round functions Theorem 7 Let T [k] : GF (2 8 ) 4n GF (2 8 ) 4n be a 1-round AES function. Then for every n {4, 5, 6, 7, 8} the group G τ = T [k] k K is equal to the alternating group on GF (2 8 ) 4n. Theorem 8 Let T s [k] : GF (p r ) mn GF (p r ) mn be s-round AES function. Then 1. If G τ = A p rmn, then G s τ = A p rmn. 2. If G τ = S p rmn, then If s is even then G s τ = A p rmn 7 R. Sparr and R. Wernsdorf, Group theoretic properties of Rijndael-like ciphers, Discrete Applied Mathematics 156 (2008) L. Babinkostova, K. Bombardier, M. Cole, T. Morrell, and C. Scott, Algebraic Structure of generalized Rijndael-like SP networks, (2014) Groups Complexity Cryptology Volume 6, Issue 1 pp
39 Group generated by the AES round functions Theorem 7 Let T [k] : GF (2 8 ) 4n GF (2 8 ) 4n be a 1-round AES function. Then for every n {4, 5, 6, 7, 8} the group G τ = T [k] k K is equal to the alternating group on GF (2 8 ) 4n. Theorem 8 Let T s [k] : GF (p r ) mn GF (p r ) mn be s-round AES function. Then 1. If G τ = A p rmn, then G s τ = A p rmn. 2. If G τ = S p rmn, then If s is even then G s τ = A p rmn If s is odd then G s τ = S p rmn 7 R. Sparr and R. Wernsdorf, Group theoretic properties of Rijndael-like ciphers, Discrete Applied Mathematics 156 (2008) L. Babinkostova, K. Bombardier, M. Cole, T. Morrell, and C. Scott, Algebraic Structure of generalized Rijndael-like SP networks, (2014) Groups Complexity Cryptology Volume 6, Issue 1 pp
REU 2015: Complexity Across Disciplines. Introduction to Cryptography
REU 2015: Complexity Across Disciplines Introduction to Cryptography Symmetric Key Cryptosystems Iterated Block Ciphers Definition Let KS : K K s be a function that produces a set of subkeys k i K, 1 i
More informationCryptography: Key Issues in Security
L. Babinkostova J. Keller B. Schreiner J. Schreiner-McGraw K. Stubbs August 1, 2014 Introduction Motivation Group Generated Questions and Notation Translation Based Ciphers Previous Results Definitions
More informationKnown and Chosen Key Differential Distinguishers for Block Ciphers
1/19 Known and Chosen Key Differential Distinguishers for Block Ciphers Josef Pieprzyk joint work with Ivica Nikolić, Przemys law Soko lowski, and Ron Steinfeld ASK 2011, August 29-31, 2011 2/19 Outline
More informationAn introduction to Hash functions
An introduction to Hash functions Anna Rimoldi eriscs - Universitée de la Méditerranée, Marseille Secondo Workshop di Crittografia BunnyTN 2011 A. Rimoldi (eriscs) Hash function 12 September 2011 1 / 27
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 11 Hash Functions ver.
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 11 Hash Functions ver. October 29, 2009 These slides were prepared by
More informationb = 10 a, is the logarithm of b to the base 10. Changing the base to e we obtain natural logarithms, so a = ln b means that b = e a.
INTRODUCTION TO CRYPTOGRAPHY 5. Discrete Logarithms Recall the classical logarithm for real numbers: If we write b = 10 a, then a = log 10 b is the logarithm of b to the base 10. Changing the base to e
More informationECS 189A Final Cryptography Spring 2011
ECS 127: Cryptography Handout F UC Davis Phillip Rogaway June 9, 2011 ECS 189A Final Cryptography Spring 2011 Hints for success: Good luck on the exam. I don t think it s all that hard (I do believe I
More informationAvoiding collisions Cryptographic hash functions. Table of contents
Avoiding collisions Cryptographic hash functions Foundations of Cryptography Computer Science Department Wellesley College Fall 2016 Table of contents Introduction Davies-Meyer Hashes in Practice Hash
More informationSymmetric key cryptography over non-binary algebraic structures
Symmetric key cryptography over non-binary algebraic structures Kameryn J Williams Boise State University 26 June 2012 AAAS Pacific Conference 24-27 June 2012 Acknowledgments These results are due to collaboration
More informationA Composition Theorem for Universal One-Way Hash Functions
A Composition Theorem for Universal One-Way Hash Functions Victor Shoup IBM Zurich Research Lab, Säumerstr. 4, 8803 Rüschlikon, Switzerland sho@zurich.ibm.com Abstract. In this paper we present a new scheme
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Appendix A: Symmetric Techniques Block Ciphers A block cipher f of block-size
More informationProblem 1. k zero bits. n bits. Block Cipher. Block Cipher. Block Cipher. Block Cipher. removed
Problem 1 n bits k zero bits IV Block Block Block Block removed January 27, 2011 Practical Aspects of Modern Cryptography 2 Problem 1 IV Inverse Inverse Inverse Inverse Missing bits January 27, 2011 Practical
More informationA Weak Cipher that Generates the Symmetric Group
A Weak Cipher that Generates the Symmetric Group Sean Murphy Kenneth Paterson Peter Wild Information Security Group, Royal Holloway and Bedford New College, University of London, Egham, Surrey TW20 0EX,
More informationExtended Criterion for Absence of Fixed Points
Extended Criterion for Absence of Fixed Points Oleksandr Kazymyrov, Valentyna Kazymyrova Abstract One of the criteria for substitutions used in block ciphers is the absence of fixed points. In this paper
More informationIntroduction to Cryptography k. Lecture 5. Benny Pinkas k. Requirements. Data Integrity, Message Authentication
Common Usage of MACs for message authentication Introduction to Cryptography k Alice α m, MAC k (m) Isα= MAC k (m)? Bob k Lecture 5 Benny Pinkas k Alice m, MAC k (m) m,α Got you! α MAC k (m )! Bob k Eve
More informationDeterministic Constructions of 21-Step Collisions for the SHA-2 Hash Family
Deterministic Constructions of 21-Step Collisions for the SHA-2 Hash Family Somitra Kr. Sanadhya and Palash Sarkar Cryptology Research Group Applied Statistics Unit Indian Statistical Institute, Kolkata
More informationLecture 1. Crypto Background
Lecture 1 Crypto Background This lecture Crypto background hash functions random oracle model digital signatures and applications Cryptographic Hash Functions Hash function takes a string of arbitrary
More informationWinter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2
0368.3049.01 Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod Assignment #2 Published Sunday, February 17, 2008 and very slightly revised Feb. 18. Due Tues., March 4, in Rani Hod
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationHash Functions. Ali El Kaafarani. Mathematical Institute Oxford University. 1 of 34
Hash Functions Ali El Kaafarani Mathematical Institute Oxford University 1 of 34 Outline 1 Definition and Notions of Security 2 The Merkle-damgård Transform 3 MAC using Hash Functions 4 Cryptanalysis:
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationImproved Impossible Differential Cryptanalysis of Rijndael and Crypton
Improved Impossible Differential Cryptanalysis of Rijndael and Crypton Jung Hee Cheon 1, MunJu Kim 2, Kwangjo Kim 1, Jung-Yeun Lee 1, and SungWoo Kang 3 1 IRIS, Information and Communications University,
More informationLeftovers from Lecture 3
Leftovers from Lecture 3 Implementing GF(2^k) Multiplication: Polynomial multiplication, and then remainder modulo the defining polynomial f(x): (1,1,0,1,1) *(0,1,0,1,1) = (1,1,0,0,1) For small size finite
More informationCryptographic Hash Functions
Cryptographic Hash Functions Çetin Kaya Koç koc@ece.orst.edu Electrical & Computer Engineering Oregon State University Corvallis, Oregon 97331 Technical Report December 9, 2002 Version 1.5 1 1 Introduction
More information5199/IOC5063 Theory of Cryptology, 2014 Fall
5199/IOC5063 Theory of Cryptology, 2014 Fall Homework 2 Reference Solution 1. This is about the RSA common modulus problem. Consider that two users A and B use the same modulus n = 146171 for the RSA encryption.
More informationLinearization and Message Modification Techniques for Hash Function Cryptanalysis
Linearization and Message Modification Techniques for Hash Function Cryptanalysis Jian Guo Institute for Infocomm Research, Singapore. ASK 2011, 30 August 2011 Jian Guo Linearization and Message Modification
More informationCodes and Cryptography. Jorge L. Villar. MAMME, Fall 2015 PART XII
Codes and Cryptography MAMME, Fall 2015 PART XII Outline 1 Symmetric Encryption (II) 2 Construction Strategies Construction Strategies Stream ciphers: For arbitrarily long messages (e.g., data streams).
More informationENEE 457: Computer Systems Security 09/19/16. Lecture 6 Message Authentication Codes and Hash Functions
ENEE 457: Computer Systems Security 09/19/16 Lecture 6 Message Authentication Codes and Hash Functions Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland,
More informationParallel Implementation of Proposed One Way Hash Function
UDC:004.421.032.24:003.26 Parallel Implementation of Proposed One Way Hash Function Berisha A 1 1 University of Prishtina, Faculty of Mathematics and Natural Sciences, Kosovo artan.berisha@uni-pr.edu Abstract:
More informationLecture 14: Cryptographic Hash Functions
CSE 599b: Cryptography (Winter 2006) Lecture 14: Cryptographic Hash Functions 17 February 2006 Lecturer: Paul Beame Scribe: Paul Beame 1 Hash Function Properties A hash function family H = {H K } K K is
More informationLimits on the Efficiency of One-Way Permutation-Based Hash Functions
Limits on the Efficiency of One-Way Permutation-Based Hash Functions Jeong Han Kim Daniel R. Simon Prasad Tetali Abstract Naor and Yung show that a one-bit-compressing universal one-way hash function (UOWHF)
More informationOn High-Rate Cryptographic Compression Functions
On High-Rate Cryptographic Compression Functions Richard Ostertág and Martin Stanek Department o Computer Science Faculty o Mathematics, Physics and Inormatics Comenius University Mlynská dolina, 842 48
More informationWeek 12: Hash Functions and MAC
Week 12: Hash Functions and MAC 1. Introduction Hash Functions vs. MAC 2 Hash Functions Any Message M Hash Function Generate a fixed length Fingerprint for an arbitrary length message. No Key involved.
More informationAES side channel attacks protection using random isomorphisms
Rostovtsev A.G., Shemyakina O.V., St. Petersburg State Polytechnic University AES side channel attacks protection using random isomorphisms General method of side-channel attacks protection, based on random
More informationIntroduction to Modern Cryptography. (1) Finite Groups, Rings and Fields. (2) AES - Advanced Encryption Standard
Introduction to Modern Cryptography Lecture 3 (1) Finite Groups, Rings and Fields (2) AES - Advanced Encryption Standard +,0, and -a are only notations! Review - Groups Def (group): A set G with a binary
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More informationSPCS Cryptography Homework 13
1 1.1 PRP For this homework, use the ollowing PRP: E(k, m) : {0, 1} 3 {0, 1} 3 {0, 1} 3 000 001 010 011 100 101 110 111 m 000 011 001 111 010 000 101 110 100 001 101 110 010 000 111 100 001 011 010 001
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationDomain Extender for Collision Resistant Hash Functions: Improving Upon Merkle-Damgård Iteration
Domain Extender for Collision Resistant Hash Functions: Improving Upon Merkle-Damgård Iteration Palash Sarkar Cryptology Research Group Applied Statistics Unit Indian Statistical Institute 203, B.T. Road,
More informationIntroduction to Information Security
Introduction to Information Security Lecture 4: Hash Functions and MAC 2007. 6. Prof. Byoungcheon Lee sultan (at) joongbu. ac. kr Information and Communications University Contents 1. Introduction - Hash
More information1 Cryptographic hash functions
CSCI 5440: Cryptography Lecture 6 The Chinese University of Hong Kong 24 October 2012 1 Cryptographic hash functions Last time we saw a construction of message authentication codes (MACs) for fixed-length
More informationAvoiding collisions Cryptographic hash functions. Table of contents
Avoiding collisions Cryptographic hash functions Foundations of Cryptography Computer Science Department Wellesley College Fall 2016 Table of contents Introduction Collision resistance Birthday attacks
More informationBiomedical Security. Overview 9/15/2017. Erwin M. Bakker
Biomedical Security Erwin M. Bakker Overview Cryptography: Algorithms Cryptography: Protocols Pretty Good Privacy (PGP) / B. Schneier Workshop Biomedical Security Biomedical Application Security (guest
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More information12 Hash Functions Defining Security
12 Hash Functions A hash function is any function that takes arbitrary-length input and has fixed-length output, so H : {0, 1} {0, 1} n. Think of H (m) as a fingerprint of m. Calling H (m) a fingerprint
More informationSymmetric Crypto Systems
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Symmetric Crypto Systems EECE 412 Copyright 2004-2008 Konstantin Beznosov 09/16/08 Module Outline Stream ciphers under the hood Block ciphers
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #5 Sep 7 th 2004 CSCI 6268/TLEN 5831, Fall 2004 Announcements Please sign up for class mailing list by end of today Quiz #1 will be on Thursday,
More informationNotes for Lecture 9. 1 Combining Encryption and Authentication
U.C. Berkeley CS276: Cryptography Handout N9 Luca Trevisan February 17, 2009 Notes for Lecture 9 Notes scribed by Joel Weinberger, posted March 1, 2009 Summary Last time, we showed that combining a CPA-secure
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 7, 2015 CPSC 467, Lecture 11 1/37 Digital Signature Algorithms Signatures from commutative cryptosystems Signatures from
More informationDomain Extension of Public Random Functions: Beyond the Birthday Barrier
Domain Extension of Public Random Functions: Beyond the Birthday Barrier Ueli Maurer Stefano Tessaro Department of Computer Science ETH Zurich 8092 Zurich, Switzerland {maurer,tessaros}@inf.ethz.ch Abstract
More informationHashes and Message Digests Alex X. Liu & Haipeng Dai
Hashes and Message Digests Alex X. Liu & Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University Integrity vs. Secrecy Integrity: attacker cannot
More informationMATH3302 Cryptography Problem Set 2
MATH3302 Cryptography Problem Set 2 These questions are based on the material in Section 4: Shannon s Theory, Section 5: Modern Cryptography, Section 6: The Data Encryption Standard, Section 7: International
More informationIntroduction to Elliptic Curve Cryptography
Indian Statistical Institute Kolkata May 19, 2017 ElGamal Public Key Cryptosystem, 1984 Key Generation: 1 Choose a suitable large prime p 2 Choose a generator g of the cyclic group IZ p 3 Choose a cyclic
More information1 Cryptographic hash functions
CSCI 5440: Cryptography Lecture 6 The Chinese University of Hong Kong 23 February 2011 1 Cryptographic hash functions Last time we saw a construction of message authentication codes (MACs) for fixed-length
More informationImproved Collision and Preimage Resistance Bounds on PGV Schemes
Improved Collision and Preimage Resistance Bounds on PGV Schemes Lei Duo 1 and Chao Li 1 Department of Science, National University of Defense Technology, Changsha, China Duoduolei@gmail.com Department
More informationQuantum-resistant cryptography
Quantum-resistant cryptography Background: In quantum computers, states are represented as vectors in a Hilbert space. Quantum gates act on the space and allow us to manipulate quantum states with combination
More informationSolution of Exercise Sheet 7
saarland Foundations of Cybersecurity (Winter 16/17) Prof. Dr. Michael Backes CISPA / Saarland University university computer science Solution of Exercise Sheet 7 1 Variants of Modes of Operation Let (K,
More informationDiscrete logarithm and related schemes
Discrete logarithm and related schemes Martin Stanek Department of Computer Science Comenius University stanek@dcs.fmph.uniba.sk Cryptology 1 (2017/18) Content Discrete logarithm problem examples, equivalent
More informationRoyal Holloway University of London
Projective Aspects of the AES Inversion Wen-Ai Jackson and Sean Murphy Technical Report RHUL MA 2006 4 25 November 2005 Royal Holloway University of London Department of Mathematics Royal Holloway, University
More informationSecurity II: Cryptography exercises
Security II: Cryptography exercises Markus Kuhn Lent 2015 Part II Some of the exercises require the implementation of short programs. The model answers use Perl (see Part IB Unix Tools course), but you
More informationStructural Cryptanalysis of SASAS
tructural Cryptanalysis of AA Alex Biryukov and Adi hamir Computer cience department The Weizmann Institute Rehovot 76100, Israel. Abstract. In this paper we consider the security of block ciphers which
More informationImpossible Differential-Linear Cryptanalysis of Reduced-Round CLEFIA-128
Impossible Differential-Linear Cryptanalysis of Reduced-Round CLEFIA-8 Zheng Yuan,,, ian Li, Beijing Electronic Science & Technology Institute, Beijing 7, P.R. China zyuan@tsinghua.edu.cn, sharonlee95@6.com
More informationSlides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013
RSA Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013 Recap Recap Number theory o What is a prime number? o What is prime factorization? o What is a GCD? o What does relatively prime
More informationENEE 459-C Computer Security. Message authentication (continue from previous lecture)
ENEE 459-C Computer Security Message authentication (continue from previous lecture) Last lecture Hash function Cryptographic hash function Message authentication with hash function (attack?) with cryptographic
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #6 Sep 8 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Quiz #1 later today Still some have not signed up for class mailing list Perhaps
More informationIntroduction to Cryptography Lecture 4
Data Integrity, Message Authentication Introduction to Cryptography Lecture 4 Message authentication Hash functions Benny Pinas Ris: an active adversary might change messages exchanged between and M M
More informationPermutation Generators Based on Unbalanced Feistel Network: Analysis of the Conditions of Pseudorandomness 1
Permutation Generators Based on Unbalanced Feistel Network: Analysis of the Conditions of Pseudorandomness 1 Kwangsu Lee A Thesis for the Degree of Master of Science Division of Computer Science, Department
More informationProvable Security in Symmetric Key Cryptography
Provable Security in Symmetric Key Cryptography Jooyoung Lee Faculty of Mathematics and Statistics, Sejong University July 5, 2012 Outline 1. Security Proof of Blockcipher-based Hash Functions K i E X
More informationMulticollision Attacks on a Class of Hash Functions
Multicollision Attacks on a Class of Hash Functions M. Nandi Applied Statistics Unit Indian Statistical Institute Calcutta, India mridul r@isical.ac.in D. R. Stinson School of Computer Science University
More informationBeyond the MD5 Collisions
Beyond the MD5 Collisions Daniel Joščák Daniel.Joscak@i.cz S.ICZ a.s. Hvězdova 1689/2a, 140 00 Prague 4; Faculty of Mathematics and Physics, Charles University, Prague Abstract We summarize results and
More informationLecture V : Public Key Cryptography
Lecture V : Public Key Cryptography Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Amir Rezapoor Computer Science Department, National Chiao Tung University 2 Outline Functional
More informationSymmetric Crypto Systems
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Symmetric Crypto Systems EECE 412 Copyright 2004-2012 Konstantin Beznosov 1 Module Outline! Stream ciphers under the hood Block ciphers under
More informationOutline. 1 Arithmetic on Bytes and 4-Byte Vectors. 2 The Rijndael Algorithm. 3 AES Key Schedule and Decryption. 4 Strengths and Weaknesses of Rijndael
Outline CPSC 418/MATH 318 Introduction to Cryptography Advanced Encryption Standard Renate Scheidler Department of Mathematics & Statistics Department of Computer Science University of Calgary Based in
More informationAffine equivalence in the AES round function
Discrete Applied Mathematics 148 (2005) 161 170 www.elsevier.com/locate/dam Affine equivalence in the AES round function A.M. Youssef a, S.E. Tavares b a Concordia Institute for Information Systems Engineering,
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 16 October 30, 2017 CPSC 467, Lecture 16 1/52 Properties of Hash Functions Hash functions do not always look random Relations among
More informationLecture 18: Message Authentication Codes & Digital Signa
Lecture 18: Message Authentication Codes & Digital Signatures MACs and Signatures Both are used to assert that a message has indeed been generated by a party MAC is the private-key version and Signatures
More informationChapter 4 Mathematics of Cryptography
Chapter 4 Mathematics of Cryptography Part II: Algebraic Structures Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 4.1 Chapter 4 Objectives To review the concept
More informationProvable Chosen-Target-Forced-Midx Preimage Resistance
Provable Chosen-Target-Forced-Midx Preimage Resistance Elena Andreeva and Bart Mennink (K.U.Leuven) Selected Areas in Cryptography Toronto, Canada August 11, 2011 1 / 15 Introduction Hash Functions 2 /
More informationPractical Complexity Cube Attacks on Round-Reduced Keccak Sponge Function
Practical Complexity Cube Attacks on Round-Reduced Keccak Sponge Function Itai Dinur 1, Pawe l Morawiecki 2,3, Josef Pieprzyk 4 Marian Srebrny 2,3, and Micha l Straus 3 1 Computer Science Department, École
More informationLecture 11: Hash Functions, Merkle-Damgaard, Random Oracle
CS 7880 Graduate Cryptography October 20, 2015 Lecture 11: Hash Functions, Merkle-Damgaard, Random Oracle Lecturer: Daniel Wichs Scribe: Tanay Mehta 1 Topics Covered Review Collision-Resistant Hash Functions
More informationA New Algorithm to Construct. Secure Keys for AES
Int. J. Contemp. Math. Sciences, Vol. 5, 2010, no. 26, 1263-1270 A New Algorithm to Construct Secure Keys for AES Iqtadar Hussain Department of Mathematics Quaid-i-Azam University, Islamabad, Pakistan
More informationThe Security of Abreast-DM in the Ideal Cipher Model
The Security of breast-dm in the Ideal Cipher Model Jooyoung Lee, Daesung Kwon The ttached Institute of Electronics and Telecommunications Research Institute Yuseong-gu, Daejeon, Korea 305-390 jlee05@ensec.re.kr,ds
More informationTechnische Universität München (I7) Winter 2013/14 Dr. M. Luttenberger / M. Schlund SOLUTION. Cryptography Endterm
Technische Universität München (I7) Winter 2013/14 Dr. M. Luttenberger / M. Schlund SOLUTION Cryptography Endterm Exercise 1 One Liners 1.5P each = 12P For each of the following statements, state if it
More informationModels and analysis of security protocols 1st Semester Symmetric Encryption Lecture 5
Models and analysis of security protocols 1st Semester 2009-2010 Symmetric Encryption Lecture 5 Pascal Lafourcade Université Joseph Fourier, Verimag Master: September 29th 2009 1 / 60 Last Time (I) Security
More informationCPSC 467b: Cryptography and Computer Security
Outline Authentication CPSC 467b: Cryptography and Computer Security Lecture 18 Michael J. Fischer Department of Computer Science Yale University March 29, 2010 Michael J. Fischer CPSC 467b, Lecture 18
More informationIntroduction on Block cipher Yoyo Game Application on AES Conclusion. Yoyo Game with AES. Navid Ghaedi Bardeh. University of Bergen.
Yoyo Game with AES Navid Ghaedi Bardeh University of Bergen May 8, 2018 1 / 33 Outline 1 Introduction on Block cipher 2 Yoyo Game 3 Application on AES 4 Conclusion 2 / 33 Classical Model of Symmetric Cryptography
More informationUNDERSTANDING THE COST OF GROVER'S ALGORITHM FOR FINDING A SECRET KEY
UNDERSTANDING THE COST OF GROVER'S ALGORITHM FOR FINDING A SECRET KEY Rainer Steinwandt 1,2 Florida Atlantic University, USA (joint work w/ B. Amento, M. Grassl, B. Langenberg 2, M. Roetteler) 1 supported
More informationHash Functions: From Merkle-Damgård to Shoup. Ilya Mironov
Hash Functions: From Merkle-Damgård to Shoup Ilya Mironov mironov@cs.stanford.edu Computer Science Department, Stanford University, Stanford, CA 94305 Abstract. In this paper we study two possible approaches
More informationAURORA: A Cryptographic Hash Algorithm Family
AURORA: A Cryptographic Hash Algorithm Family Submitters: Sony Corporation 1 and Nagoya University 2 Algorithm Designers: Tetsu Iwata 2, Kyoji Shibutani 1, Taizo Shirai 1, Shiho Moriai 1, Toru Akishita
More informationStream ciphers. Pawel Wocjan. Department of Electrical Engineering & Computer Science University of Central Florida
Stream ciphers Pawel Wocjan Department of Electrical Engineering & Computer Science University of Central Florida wocjan@eecs.ucf.edu Definition of block ciphers Block ciphers: crypto work horse n bits
More informationHow to Use Linear Homomorphic Signature in Network Coding
How to Use Linear Homomorphic Signature in Network Coding Li Chen lichen.xd at gmail.com Xidian University September 28, 2013 How to Use Linear Homomorphic Signature in Network Coding Outline 1 Linear
More informationIntro to Public Key Cryptography Diffie & Hellman Key Exchange
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary - Math Part
More informationWALNUT DIGITAL SIGNATURE ALGORITHM
WALNUT DIGITAL SIGNATURE ALGORITHM Dorian Goldfeld SecureRF Corporation NATO Post Quantum Cryptography Workshop, September 27, 2016 1 INTRODUCING WALNUTDSA 2 INTRODUCING WALNUTDSA (joint work with Iris
More informationLecture 12: Block ciphers
Lecture 12: Block ciphers Thomas Johansson T. Johansson (Lund University) 1 / 19 Block ciphers A block cipher encrypts a block of plaintext bits x to a block of ciphertext bits y. The transformation is
More informationMasking Based Domain Extenders for UOWHFs: Bounds and Constructions
Masking Based Domain Extenders for UOWHFs: Bounds and Constructions Palash Sarkar Cryptology Research Group, Applied Statistics Unit, Indian Statistical Institute, 203, B.T. Road, Kolkata 700108, India
More informationFrom Fixed-Length Messages to Arbitrary-Length Messages Practical RSA Signature Padding Schemes
From Fixed-Length Messages to Arbitrary-Length Messages Practical RSA Signature Padding Schemes [Published in D. Naccache, Ed., Topics in Cryptology CT-RSA 2001, vol. 2020 of Lecture Notes in Computer
More informationGentry s SWHE Scheme
Homomorphic Encryption and Lattices, Spring 011 Instructor: Shai Halevi May 19, 011 Gentry s SWHE Scheme Scribe: Ran Cohen In this lecture we review Gentry s somewhat homomorphic encryption (SWHE) scheme.
More informationHash Functions. A hash function h takes as input a message of arbitrary length and produces as output a message digest of fixed length.
Hash Functions 1 Hash Functions A hash function h takes as input a message of arbitrary length and produces as output a message digest of fixed length. 0 1 1 0 1 0 0 1 Long Message Hash Function 1 1 1
More informationSMASH - A Cryptographic Hash Function
SMASH - A Cryptographic Hash Function Lars R. Knudsen Department of Mathematics, Technical University of Denmark Abstract. 1 This paper presents a new hash function design, which is different from the
More informationType 1.x Generalized Feistel Structures
Noname manuscript No. (will be inserted by the editor) Type 1.x Generalized eistel Structures Shingo Yanagihara Tetsu Iwata Received: date / Accepted: date Abstract We formalize the Type 1.x Generalized
More information