Threshold Cryptography
|
|
- Prudence Daniel
- 5 years ago
- Views:
Transcription
1 Threshold Cryptography Cloud Security Mechanisms Björn Groneberg - Summer Term Threshold Cryptography 1
2 ? Threshold Cryptography 2
3 Threshold Cryptography Sharing Secrets Treasure Map Sharing keys on multiple server Threshold Encryption Protect top secret document, only group of people can decrypt it Threshold Signature Signing checks E-Voting Do not trust only one voting authority Threshold Cryptography 3
4 Threshold Cryptography 1. Basic Maths 2. Lagrange Polynomial Interpolation 3. Shamir s Secret Sharing 4. Elgamal Encryption 5. Threshold Elgamal 6. Threshold RSA 7. E-Voting Threshold Cryptography 4
5 Basic Maths p is a prime modulo operator mod: find remainder of division of two numbers modulo congruent = 20 6 = 18 R: 2 20 mod 6 = 2 two numbers are congruent modulo m if they have the same remainder by the division of m 20 mod 6 =2 and 14 mod 6 = 2 20 = 14 mod Threshold Cryptography 5
6 Basic Maths Residue class Collect all integers which are congruent given a modulo m Example: mod 6 [0] 6 = {, 6, 0, 6, 12, 18, } [1] 6 = {, 5, 1, 7, 13, 19, } [2] 6 = {, 4, 2, 8, 14, 20, } [3] 6 = {, 3, 3, 9, 15, 21, } [4] 6 = {, 2, 4, 10, 16, 22, } [5] 6 = {, 1, 5, 11, 17, 23 } Residue class system (ring) Z n Collect all residue classes and have two operations Example: Z 6 = 0 6, 1 6, 2 6, 3 6, 4 6, 5 6 = {0, 1, 2, 3, 4, 5} = = = 5 mod = = = 0 mod Threshold Cryptography 6
7 Threshold Cryptography 1. Basic Maths 2. Lagrange Polynomial Interpolation 3. Shamir s Secret Sharing 4. Elgamal Encryption 5. Threshold Elgamal 6. Threshold RSA 7. E-Voting Threshold Cryptography 7
8 Lagrange Polynomial Interpolation Find polynomial to given set of points f(x) , 2, 2, 2, 2, 1 f x =? Threshold Cryptography 8
9 Lagrange Polynomial Interpolation Interpolate polynomial function out of given points Given: k + 1 data points: x 0, y 0,, x j, y j,, x k, y k where no two x j are the same Lagrange polynomial interpolation is: k Joseph-Louis Lagrange L x y j l j j=0 where l j is Lagrange basis polynomials: x x m l j x j x m 0 m k m j = y 0 l y j l j + + y k l k = x x 0 x j x 0 x x j 1 x j x j 1 x x j+1 x j x j+1 x x k x j x k [La13] Threshold Cryptography 9
10 Lagrange Example Given Points: 1, 2, 2, 2, 2, 1 k = 2 Calculate Lagrange basis polynomials l 0 l 1 x x 1 (x 0 x 1 ) x x 0 (x 1 x 0 ) x x 2 = x + 2 x 0 x x x 2 = x 1 x 0 x x = 1 3 (x2 4) x = 1 12 (x2 3x + 2) L x y j l j l j 0 m k m j k j=0 x x m x j x m l 2 x x 0 (x 2 x 0 ) x x 1 = x 1 x 2 x x = 1 4 (x2 + x 2) Calculate Lagrange polynomial: L x = y 0 l 0 + y 1 l 1 + y 2 l 2 L x = x x2 3x x2 + x 2 = 1 4 x2 1 4 x [La13] Threshold Cryptography 10
11 Lagrange Polynomial Interpolation Find polynom to given set of points f(x) , 2, 2, 2, 2, 1 f x = 1 4 x2 1 4 x Threshold Cryptography 11
12 Threshold Cryptography 1. Basic Maths 2. Lagrange Polynomial Interpolation 3. Shamir s Secret Sharing 4. Elgamal Encryption 5. Threshold Elgamal 6. Threshold RSA 7. E-Voting Threshold Cryptography 12
13 Secret Sharing How to distribute secret s to n parties in that way, that Only all n parties together or k out of n parties can recompute the secret? secret s 0 secret s Bob secret s 1 Chris Trusted dealer Dave secret s Threshold Cryptography 13
14 Secret Sharing Recomputation of the secret all n out of n parties: (n, n) threshold secret s 0 Bob secret s Trusted dealer Chris secret s 2 secret s 1 n 1, n 2, parties should not be able to recompute the secret Every party (or group of parties) should not be able to retreive any information about the global secret from their own secret(s) Threshold Cryptography 14
15 Secret Sharing Recomputation of the secret k out of n parties: (k, n) threshold secret s 0 Bob secret s Trusted dealer Chris secret s 2 secret s 1 k 1, k 2, parties should not be able to recompute the secret Every party (or group of parties) should not be able to retreive any information about the global secret from their own secret(s) Threshold Cryptography 15
16 Secret Sharing Real world s solution: Multiple locks with keys heavy key ring Naive solution (bad): Split secret in parts: Disadvantage: needs (n, n) threshold n 1 out of n parties dramatically reduce possible keys Threshold Cryptography 16
17 Shamir s Secret Sharing Published 1979 by Adi Shamir (k, n) threshold sharing Based on Lagrange polynomials Dealing Algorithm: Given: (k, n) threshold and secret s Z q Randomly choose k 1 coefficients a 1,, a k 1 Set a 0 = s Build polynomial f x = a 0 + a 1 x + a 2 x 2 + a k 1 x k 1 Set i = 1,, n and calculate Points s i = i, f i mod q Every party gets (at least) one point s i Adi Shamir The S in RSA [Sha79] Threshold Cryptography 17
18 Shamir s Secret Sharing - Example Dealing Algorithm Given: (k, n) and secret s Z q (3, 5) threshold s = 6 Z 22 Randomly k 1: a 1,, a k 1 a 1 = 2 a 2 = 1 Set a 0 = s a 0 = 6 f x = a 0 + a 1 x + a 2 x 2 + a k 1 x k 1 f x = x 2 + 2x + 6 i = 1,, n calculate s i = i, f i mod q s 4 = (4, 8) s 5 = (5, 19) Felix George s = 6 Trusted dealer 1, 9 2, 14, 3, 21, 4, 8, (5, 19) Bob Dave s 1 = (1, 9) Chris s 3 = (3, 21) s 2 = (2, 14) Threshold Cryptography 18
19 Shamir s Secret Sharing Recomputation Given: k Points s i = (x i, y i ) Goal: find f x = a 0 + a 1 x + a 2 x 2 + a k 1 x k 1 with f 0 = a 0 as the secret Using f x = L x, S 1,, n, S = k and calculate Lagrange: L x y j l j l j 0 m k m j k j=0 x x m x j x m f 0 = L 0 = y j l j,0,s mod q j S with l j,0 as Lagrange basis polynomials with x = 0 and S: x m l j,0,s mod q x j x m m S m j [Sha79] Threshold Cryptography 19
20 Shamir s Secret Sharing - Example Recomputation of basis polynomials: l 2,0,{2,4,5} = x 4 x 2 x 4 x 5 x 2 x 5 = = = = 18 mod 22 l 4,0,{2,4,5} = x 2 (x 4 x 2 ) x 5 = 2 x 4 x = 5 = 17 mod 22 l 5,0,{2,4,5} = x 2 (x 5 x 2 ) x 4 = 2 x 5 x = = 8 15 = 10 mod 22 Shamir s Lagrange : s 4 = (4, 8) s 5 = (5, 19) Felix George Trusted dealer Bob Dave Chris s 2 = (2, 14) L 0 = y j l j,0,s l j,0,s j S m S m j x m x j x m Threshold Cryptography 20
21 Shamir s Secret Sharing - Example Recomputation: l 2,0,{2,4,5} = 18, l 4,0,{2,4,5} = 17, l 5,0,{2,4,5} = 10 s = L 0 = y 2 l 2,0, 2,4,5 + y 4 l 4,0, 2,4,5 + y 5 l 5,0, 2,4,5 s = L 0 = mod 22 s = 6 Shamir s Lagrange : s 4 = (4, 8) s 5 = (5, 19) Felix George s = 6 Trusted dealer Bob Dave Chris s 2 = (2, 14) L 0 = y j l j,0,s l j,0,s j S m S m j x m x j x m Threshold Cryptography 21
22 Shamir s Secret Sharing - Remarks Graphical Interpretation Flexibility Increase n and compute new shares without affecting other shares Removing existing shares (shares have to be destroyed) Replace shares without changing the secret: new polynomial f (x) One party can have more than one share [Li04] Threshold Cryptography 22
23 Threshold Cryptography 1. Basic Maths 2. Lagrange Polynomial Interpolation 3. Shamir s Secret Sharing 4. Elgamal Encryption 5. Threshold Elgamal 6. Threshold RSA 7. E-Voting Threshold Cryptography 23
24 Elgamal Encryption Published 1985 by Taher Elgamal Based on Diffie-Hellman key exchange Public / private key encryption: Generation: pub, priv Encryption: cipher = enc pub (m) Decryption: m = dec priv cipher Taher Elgamal priv From: Bob To: Alice m = Alice Alice pub From: Bob To: Alice cipher Bob Alice pub From: Bob To: Alice m = Threshold Cryptography 24
25 Elgamal Encryption - Example Public / private key generation 1. large prime p with generator g p = 23 g = 5 2. randomly a {1,, p 1} a = 6 3. Calculate A = g a mod p A = 5 6 = 8 mod pub = (p, g, A) priv = a pub = (23, 5, 8) priv = 6 priv = 6 Alice pub = (23,5,8) Alice pub = (23,5,8) Alice Bob [El85] Threshold Cryptography 25
26 Elgamal Encryption - Example Encryption Given: message m 0,, p 1 m = 12 Randomly b {1,, 1 p} b = 3 Calculate B = g b mod p c = A b m mod p B = 5 3 = 10 mod 23 c = = 3 mod 23 Cipher text is cipher = (B, c) cipher = (10, 3) From: Bob To: Alice cipher = (10, 3) Alice pub = (23,5,8) Alice Bob From: Bob To: Alice m = Threshold Cryptography 26
27 Elgamal Encryption - Example Decryption Given: cypher = (B, c) and priv = a cypher = (10,3) priv = 6 Calculate x = p 1 a x = = 16 Calculate m = B x c mod p m = = 12 mod 23 Encrypted message m m = 12 General Idea: m = B a 1 c = B (p 1 a) mod p a = 6 Alice pub = (23,5,8) From: Bob To: Alice m = 12 Alice From: Bob To: Alice cipher = (10, 3) Bob [El85] Threshold Cryptography 27
28 Threshold Cryptography 1. Basic Maths 2. Lagrange Polynomial Interpolation 3. Shamir s Secret Sharing 4. Elgamal Encryption 5. Threshold Elgamal 6. Threshold RSA 7. E-Voting Threshold Cryptography 28
29 Threshold Elgamal Using Elgamal encryption scheme in a treshold environment Generation: Generate pub = (p, g, A) priv = a like normal Elgamal encryption Share priv = a among n parties, using Shamir s secret sharing with q = φ p = p 1 Every party j gets (at least) one point s j = (x j, y j ) Example: pub = (23, 5, 8) priv = 6 (3,5)-threshold s 4 = (4, 8) s 5 = (5, 19) Felix George s = 6 Trusted dealer Bob Dave s 1 = (1, 9) Chris s 3 = (3, 21) s 2 = (2, 14) if p is prime BCDFG pub = (23,5,8) [Ca06] Threshold Cryptography 29
30 Threshold Elgamal Encryption Normal Elgamal encryption with message m and pub = p, g, A s 1 From: Alice To: BCDFG cipher = (10, 3) BCDFG pub = (23,5,8) Bob s 4 s 2 Felix Chris s 5 George Trusted dealer Dave s 3 Alice [Ca06] Threshold Cryptography 30
31 Threshold Elgamal Decryption Trusted dealer and every party can receive cipher = (B, c) at least k parties have to compute decryption share d j = B y j mod p Trusted dealer can compute m with set S of j {1,, n} which returned their d j Party: d j = B y j mod p Trusted Dealer: m = d j l j,0,s j S 1 c mod p s 4 d 4 s 5 d 5 Felix George Bob Trusted dealer Chris Dave s 2 d 2 [Ca06] Threshold Cryptography 31
32 Threshold Elgamal - Example Decryption Every party computes decryption share: d 2 = B y 2 = = 12 mod 23 d 4 = B y 5 = 10 8 = 2 mod 23 d 5 = B y 5 = = 21 mod 23 Trusted dealer computes l j,0,s : l 2,0,{2,4,5} = 18 l 4,0,{2,4,5} = 17 l 5,0,{2,4,5} = 10 Shamir s secret sharing, slide 20 Shamir s Lagrange : (4, 8) 2 Felix Threshold Elgamal cipher = (B, c) d j = B y j mod p m = d j l j,0,s Bob j S Chris 1 c mod p From: Alice To: BCDFG cipher = (10, 3) (2, 14) 2 12 l j,0,s x m x j x m (5, 19) 21 George Trusted dealer m S m j Dave Threshold Cryptography 32
33 Threshold Elgamal - Example Decryption d 2 = 12, d 4 = 2, d 5 = 21 l 2,0,{2,4,5} = 18, l 4,0,{2,4,5} = 17, l 5,0,{2,4,5} = 10 Trusted dealer computes m: m = d 2 l 2,0,{2,4,5} d 4 l 4,0,{2,4,5} d 5 l 5,0,{2,4,5} 1 c mod p m = mod 23 m = mod 23 m = 4 3 mod 23 m = 12 Note: (6) 1 = 4 mod 23 (Extended Euclidean algorithm) (4, 8) Felix (5, 19) George Threshold Elgamal cipher = (B, c) d j = B y j mod p m = d j l j,0,s Bob Trusted dealer j S From: Alice To: BCDGF m = 12 Chris Dave 1 c mod p From: c To: BCDFG cipher = (10, 3) Threshold Cryptography 33 (2, 14)
34 Threshold Cryptography 1. Basic Maths 2. Lagrange Polynomial Interpolation 3. Shamir s Secret Sharing 4. Elgamal Encryption 5. Threshold Elgamal 6. Threshold RSA 7. E-Voting Threshold Cryptography 34
35 RSA Threshold Signatures Signatures priv = From: Bob To: Alice m = sign from: Bob Bob pub = Bob Alice Requires: Public / private key and hash function H(x) Sign a message: Hash message m and encrypt with private key: sign = enc priv H m Verify signature? Decrypt signature with public key and check hash: dec pub sign = H(m) [Ca06] Threshold Cryptography 35
36 RSA Threshold Signatures priv 4 sign 4 Felix Bob priv 1 sign 1 Chris priv 2 sign 2 Every party signs with own private key Trusted dealer can compute global signature priv 5 sign 5 George BCDFG pub = Trusted dealer From: BCDFG To: Alice m = Dave priv 3 sign 3 sign from: BCDFG Party i: sign i = enc privi Trusted dealer: H(m) sign = collect sign 1,, sign n V. Shoup: Practical threshold signatures shows threshold signature scheme with RSA [Sh] Threshold Cryptography 36
37 Threshold Cryptography 1. Basic Maths 2. Lagrange Polynomial Interpolation 3. Shamir s Secret Sharing 4. Elgamal Encryption 5. Threshold Elgamal 6. Threshld RSA 7. E-Voting Threshold Cryptography 37
38 E-Voting Secret voting using Elgamal threshold encryption Voter encrypts vote with public key Private key is shared among voting authorities vote = 1 Bob Bulletin Board From: Bob v Bob = (B, c) priv 1 vote = 1 Alice Voting pub From: Alice v Alice = (B, c) Authority 1 vote = 1 From: Chris v Chris = (B, c) Authority 2 priv 2 Chris [Cr97] Threshold Cryptography 38
39 E-Voting Voting authorities counting encrypted votes Decrypt result of counting with shared secrets vote = 1 Bob Bulletin Board From: Bob v Bob = (B, c) v Result = count(v Bob, v Alice, v Chris ) v Result = (B, c) priv 1 priv 2 vote = 1 vote = 1 Alice Chris From: Alice v Alice = (B, c) From: Chris v Chris = (B, c) Authority 1 Authority 2 Result = dec priv v Result Result = 1 Cramer, et. al.: "A secure and optimally efficient multi authority election scheme." [Cr97] Threshold Cryptography 39
40 Summary Threshold Cryptography Sharing Secrets Threshold Encryption Threshold Signatures E-Voting General Problem: Trusted Dealer Secret sharing schemes without trusted dealer Threshold Cryptography 40
41 ? Threshold Cryptography 41
42 ! Threshold Cryptography 42
43 References [La13] [El85] [Sho00] Lagrange polynomial. (2013, May 22). In Wikipedia, The Free Encyclopedia. Retrieved 06:22, June 24, 2013, from ElGamal, T. (1985, January). A public key cryptosystem and a signature scheme based on discrete logarithms. In Advances in Cryptology (pp ). Springer Berlin Heidelberg. V. Shoup, Practical threshold signatures, Advances in Cryptology: EUROCRYPT 2000 (B. Preneel, ed.), Lecture Notes in Computer Science, vol. 1087, Springer, 2000, pp [Sha79] Shamir, Adi. "How to share a secret." Communications of the ACM (1979): [Cr97] [Li04] [Ca06] Cramer, Ronald, Rosario Gennaro, and Berry Schoenmakers. "A secure and optimally efficient multi authority election scheme." European transactions on Telecommunications 8.5 (1997): T Cryptography and Data Security, Lecture 9: Secret Sharing, Threshold Cryptography, MPC, Helger Lipmaa Security and Fault-tolerance in Distributed Systems, Winter 2006/07, 7 Distributed Cryptography, Christian Cachin, IBM Zurich Research Lab Threshold Cryptography 43
Chapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Fun with Public-Key Tonight we ll Introduce some basic tools of public-key crypto Combine the tools to create more powerful tools Lay the ground work for substantial
More informationLecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography
Lecture 19: (Diffie-Hellman Key Exchange & ElGamal Encryption) Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationPractical Verifiable Encryption and Decryption of Discrete Logarithms
Practical Verifiable Encryption and Decryption of Discrete Logarithms Jan Camenisch IBM Zurich Research Lab Victor Shoup New York University p.1/27 Verifiable encryption of discrete logs Three players:
More informationPublic Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy
Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The
More informationL7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015
L7. Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang, 5 March 2015 1 Outline The basic foundation: multiplicative group modulo prime The basic Diffie-Hellman (DH) protocol The discrete logarithm
More information2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms
CRYPTOGRAPHY 19 Cryptography 5 ElGamal cryptosystems and Discrete logarithms Definition Let G be a cyclic group of order n and let α be a generator of G For each A G there exists an uniue 0 a n 1 such
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 33 The Diffie-Hellman Problem
More informationLecture 28: Public-key Cryptography. Public-key Cryptography
Lecture 28: Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies on the fact that the adversary does not have access
More informationCIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication
More informationIntroduction to Modern Cryptography Lecture 11
Introduction to Modern Cryptography Lecture 11 January 10, 2017 Instructor: Benny Chor Teaching Assistant: Orit Moskovich School of Computer Science Tel-Aviv University Fall Semester, 2016 17 Tuesday 12:00
More informationPublic Key Algorithms
Public Key Algorithms Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationGurgen Khachatrian Martun Karapetyan
34 International Journal Information Theories and Applications, Vol. 23, Number 1, (c) 2016 On a public key encryption algorithm based on Permutation Polynomials and performance analyses Gurgen Khachatrian
More informationUniversity Alexandru Ioan Cuza of Iaşi Faculty of Computer Science. Threshold RSA Based on the General Chinese Remainder Theorem
University Alexandru Ioan Cuza of Iaşi Faculty of Computer Science T E C H N I C A L R E P O R T Threshold RSA Based on the General Chinese Remainder Theorem Sorin Iftene TR 05-05, August 2005 ISSN 1224-9327
More informationSlides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013
RSA Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013 Recap Recap Number theory o What is a prime number? o What is prime factorization? o What is a GCD? o What does relatively prime
More informationBasics in Cryptology. Outline. II Distributed Cryptography. Key Management. Outline. David Pointcheval. ENS Paris 2018
Basics in Cryptology II Distributed Cryptography David Pointcheval Ecole normale supérieure, CNRS & INRIA ENS Paris 2018 NS/CNRS/INRIA Cascade David Pointcheval 1/26ENS/CNRS/INRIA Cascade David Pointcheval
More informationCryptographic Voting Systems (Ben Adida)
Cryptographic Voting Systems (Ben Adida) Click to edit Master subtitle style Jimin Park Carleton University COMP 4109 Seminar 15 February 2011 If you think cryptography is the solution to your problem.
More informationIntroduction to Elliptic Curve Cryptography. Anupam Datta
Introduction to Elliptic Curve Cryptography Anupam Datta 18-733 Elliptic Curve Cryptography Public Key Cryptosystem Duality between Elliptic Curve Cryptography and Discrete Log Based Cryptography Groups
More informationIntro to Public Key Cryptography Diffie & Hellman Key Exchange
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary - Math Part
More informationPublic Key Cryptography
Public Key Cryptography Introduction Public Key Cryptography Unlike symmetric key, there is no need for Alice and Bob to share a common secret Alice can convey her public key to Bob in a public communication:
More informationduring transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL
THE MATHEMATICAL BACKGROUND OF CRYPTOGRAPHY Cryptography: used to safeguard information during transmission (e.g., credit card number for internet shopping) as opposed to Coding Theory: used to transmit
More informationPublic Key Cryptography
Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood
More informationCRYPTOGRAPHY AND NUMBER THEORY
CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We
More informationEncryption: The RSA Public Key Cipher
Encryption: The RSA Public Key Cipher Michael Brockway March 5, 2018 Overview Transport-layer security employs an asymmetric public cryptosystem to allow two parties (usually a client application and a
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 11 February 21, 2013 CPSC 467b, Lecture 11 1/27 Discrete Logarithm Diffie-Hellman Key Exchange ElGamal Key Agreement Primitive Roots
More informationPublic Key Cryptography
Public Key Cryptography Ali El Kaafarani 1 Mathematical Institute 2 PQShield Ltd. 1 of 44 Outline 1 Public Key Encryption: security notions 2 RSA Encryption Scheme 2 of 44 Course main reference 3 of 44
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationQuestion: Total Points: Score:
University of California, Irvine COMPSCI 134: Elements of Cryptography and Computer and Network Security Midterm Exam (Fall 2016) Duration: 90 minutes November 2, 2016, 7pm-8:30pm Name (First, Last): Please
More informationMathematics of Cryptography
UNIT - III Mathematics of Cryptography Part III: Primes and Related Congruence Equations 1 Objectives To introduce prime numbers and their applications in cryptography. To discuss some primality test algorithms
More informationMa/CS 6a Class 3: The RSA Algorithm
Ma/CS 6a Class 3: The RSA Algorithm By Adam Sheffer Reminder: Putnam Competition Signup ends Wednesday 10/08. Signup sheets available in all Sloan classrooms, Math office, or contact Kathy Carreon, kcarreon@caltech.edu.
More information1 Number Theory Basics
ECS 289M (Franklin), Winter 2010, Crypto Review 1 Number Theory Basics This section has some basic facts about number theory, mostly taken (or adapted) from Dan Boneh s number theory fact sheets for his
More informationPublic-Key Encryption: ElGamal, RSA, Rabin
Public-Key Encryption: ElGamal, RSA, Rabin Introduction to Modern Cryptography Benny Applebaum Tel-Aviv University Fall Semester, 2011 12 Public-Key Encryption Syntax Encryption algorithm: E. Decryption
More informationMATH 158 FINAL EXAM 20 DECEMBER 2016
MATH 158 FINAL EXAM 20 DECEMBER 2016 Name : The exam is double-sided. Make sure to read both sides of each page. The time limit is three hours. No calculators are permitted. You are permitted one page
More informationIntroduction to Elliptic Curve Cryptography
Indian Statistical Institute Kolkata May 19, 2017 ElGamal Public Key Cryptosystem, 1984 Key Generation: 1 Choose a suitable large prime p 2 Choose a generator g of the cyclic group IZ p 3 Choose a cyclic
More informationSecurity Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography
Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Peter Schwabe October 21 and 28, 2011 So far we assumed that Alice and Bob both have some key, which nobody else has. How
More informationAn Overview of Homomorphic Encryption
An Overview of Homomorphic Encryption Alexander Lange Department of Computer Science Rochester Institute of Technology Rochester, NY 14623 May 9, 2011 Alexander Lange (RIT) Homomorphic Encryption May 9,
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More informationLecture 7: ElGamal and Discrete Logarithms
Lecture 7: ElGamal and Discrete Logarithms Johan Håstad, transcribed by Johan Linde 2006-02-07 1 The discrete logarithm problem Recall that a generator g of a group G is an element of order n such that
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationLecture 17 - Diffie-Hellman key exchange, pairing, Identity-Based Encryption and Forward Security
Lecture 17 - Diffie-Hellman key exchange, pairing, Identity-Based Encryption and Forward Security Boaz Barak November 21, 2007 Cyclic groups and discrete log A group G is cyclic if there exists a generator
More informationNetwork Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30
Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) LIU Zhen Due Date: March 30 Questions: 1. RSA (20 Points) Assume that we use RSA with the prime numbers p = 17 and q = 23. (a) Calculate
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA Public Key Encryption Factoring Algorithms Lecture 7 Tel-Aviv University Revised March 1st, 2008 Reminder: The Prime Number Theorem Let π(x) denote the
More informationPublic Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.
Public Key Cryptography All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other. The thing that is common among all of them is that each
More informationCompartmented Secret Sharing Based on the Chinese Remainder Theorem
Compartmented Secret Sharing Based on the Chinese Remainder Theorem Sorin Iftene Faculty of Computer Science Al. I. Cuza University Iaşi, Romania siftene@infoiasi.ro Abstract A secret sharing scheme starts
More informationCryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups
Great Theoretical Ideas in CS V. Adamchik CS 15-251 Upcoming Interview? Lecture 24 Carnegie Mellon University Cryptography and RSA How the World's Smartest Company Selects the Most Creative Thinkers Groups
More informationChapter 4 Asymmetric Cryptography
Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman [NetSec/SysSec], WS 2008/2009 4.1 Asymmetric Cryptography General idea: Use two different keys -K and +K for
More informationAsymmetric Cryptography
Asymmetric Cryptography Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman General idea: Use two different keys -K and +K for encryption and decryption Given a
More informationCS-E4320 Cryptography and Data Security Lecture 11: Key Management, Secret Sharing
Lecture 11: Key Management, Secret Sharing Céline Blondeau Email: celine.blondeau@aalto.fi Department of Computer Science Aalto University, School of Science Key Management Secret Sharing Shamir s Threshold
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA: Review and Properties Factoring Algorithms Trapdoor One Way Functions PKC Based on Discrete Logs (Elgamal) Signature Schemes Lecture 8 Tel-Aviv University
More informationIntroduction to Cryptography. Lecture 8
Introduction to Cryptography Lecture 8 Benny Pinkas page 1 1 Groups we will use Multiplication modulo a prime number p (G, ) = ({1,2,,p-1}, ) E.g., Z 7* = ( {1,2,3,4,5,6}, ) Z p * Z N * Multiplication
More informationCODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES. The questions with a * are extension questions, and will not be included in the assignment.
CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES A selection of the following questions will be chosen by the lecturer to form the Cryptology Assignment. The Cryptology Assignment is due by 5pm Sunday 1
More informationNew Variant of ElGamal Signature Scheme
Int. J. Contemp. Math. Sciences, Vol. 5, 2010, no. 34, 1653-1662 New Variant of ElGamal Signature Scheme Omar Khadir Department of Mathematics Faculty of Science and Technology University of Hassan II-Mohammedia,
More informationHOMOMORPHIC ENCRYPTION AND LATTICE BASED CRYPTOGRAPHY 1 / 51
HOMOMORPHIC ENCRYPTION AND LATTICE BASED CRYPTOGRAPHY Abderrahmane Nitaj Laboratoire de Mathe matiques Nicolas Oresme Universite de Caen Normandie, France Nouakchott, February 15-26, 2016 Abderrahmane
More informationThe Cramer-Shoup Cryptosystem
The Cramer-Shoup Cryptosystem Eileen Wagner October 22, 2014 1 / 28 The Cramer-Shoup system is an asymmetric key encryption algorithm, and was the first efficient scheme proven to be secure against adaptive
More informationMy brief introduction to cryptography
My brief introduction to cryptography David Thomson dthomson@math.carleton.ca Carleton University September 7, 2013 introduction to cryptography September 7, 2013 1 / 28 Outline 1 The general framework
More informationLecture 30: Hybrid Encryption and Prime Number Generation. Hybrid Encryption & Primes
Lecture 30: Hybrid Encryption and Prime Number Generation Recall: ElGamal Encryption I We begin by recalling the ElGamal Public-key Encryption Recall that to describe a private-key encryption scheme we
More information5199/IOC5063 Theory of Cryptology, 2014 Fall
5199/IOC5063 Theory of Cryptology, 2014 Fall Homework 2 Reference Solution 1. This is about the RSA common modulus problem. Consider that two users A and B use the same modulus n = 146171 for the RSA encryption.
More informationThe Elliptic Curve in https
The Elliptic Curve in https Marco Streng Universiteit Leiden 25 November 2014 Marco Streng (Universiteit Leiden) The Elliptic Curve in https 25-11-2014 1 The s in https:// HyperText Transfer Protocol
More informationNumber theory (Chapter 4)
EECS 203 Spring 2016 Lecture 12 Page 1 of 8 Number theory (Chapter 4) Review Compute 6 11 mod 13 in an efficient way What is the prime factorization of 100? 138? What is gcd(100, 138)? What is lcm(100,138)?
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationNumber Theory & Modern Cryptography
Number Theory & Modern Cryptography Week 12 Stallings: Ch 4, 8, 9, 10 CNT-4403: 2.April.2015 1 Introduction Increasing importance in cryptography Public Key Crypto and Signatures Concern operations on
More informationLecture V : Public Key Cryptography
Lecture V : Public Key Cryptography Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Amir Rezapoor Computer Science Department, National Chiao Tung University 2 Outline Functional
More informationLecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya
BBM 205 Discrete Mathematics Hacettepe University http://web.cs.hacettepe.edu.tr/ bbm205 Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya Resources: Kenneth Rosen,
More informationMathematical Foundations of Public-Key Cryptography
Mathematical Foundations of Public-Key Cryptography Adam C. Champion and Dong Xuan CSE 4471: Information Security Material based on (Stallings, 2006) and (Paar and Pelzl, 2010) Outline Review: Basic Mathematical
More informationGreat Theoretical Ideas in Computer Science
15-251 Great Theoretical Ideas in Computer Science Lecture 22: Cryptography November 12th, 2015 What is cryptography about? Adversary Eavesdropper I will cut your throat I will cut your throat What is
More informationECE596C: Handout #11
ECE596C: Handout #11 Public Key Cryptosystems Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract In this lecture we introduce necessary mathematical background for studying
More informationRSA. Ramki Thurimella
RSA Ramki Thurimella Public-Key Cryptography Symmetric cryptography: same key is used for encryption and decryption. Asymmetric cryptography: different keys used for encryption and decryption. Public-Key
More informationLecture Notes, Week 6
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several
More informationAddition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?
Ch - Algorithms with numbers Addition Basic arithmetic Addition ultiplication Division odular arithmetic factoring is hard Primality testing 53+35=88 Cost? (n number of bits) O(n) ultiplication al-khwārizmī
More informationThe RSA public encryption scheme: How I learned to stop worrying and love buying stuff online
The RSA public encryption scheme: How I learned to stop worrying and love buying stuff online Anthony Várilly-Alvarado Rice University Mathematics Leadership Institute, June 2010 Our Goal Today I will
More informationCPSC 467b: Cryptography and Computer Security
Outline Quadratic residues Useful tests Digital Signatures CPSC 467b: Cryptography and Computer Security Lecture 14 Michael J. Fischer Department of Computer Science Yale University March 1, 2010 Michael
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 7, 2015 CPSC 467, Lecture 11 1/37 Digital Signature Algorithms Signatures from commutative cryptosystems Signatures from
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 10-1 Overview 1. How to exchange
More informationMATH3302 Cryptography Problem Set 2
MATH3302 Cryptography Problem Set 2 These questions are based on the material in Section 4: Shannon s Theory, Section 5: Modern Cryptography, Section 6: The Data Encryption Standard, Section 7: International
More informationThreshold Undeniable RSA Signature Scheme
Threshold Undeniable RSA Signature Scheme Guilin Wang 1, Sihan Qing 1, Mingsheng Wang 1, and Zhanfei Zhou 2 1 Engineering Research Center for Information Security Technology; State Key Laboratory of Information
More informationb = 10 a, is the logarithm of b to the base 10. Changing the base to e we obtain natural logarithms, so a = ln b means that b = e a.
INTRODUCTION TO CRYPTOGRAPHY 5. Discrete Logarithms Recall the classical logarithm for real numbers: If we write b = 10 a, then a = log 10 b is the logarithm of b to the base 10. Changing the base to e
More informationCryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg
Course 1: Remainder: RSA Université du Luxembourg September 21, 2010 Public-key encryption Public-key encryption: two keys. One key is made public and used to encrypt. The other key is kept private and
More informationOverview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017
CSC 580 Cryptography and Computer Security Math for Public Key Crypto, RSA, and Diffie-Hellman (Sections 2.4-2.6, 2.8, 9.2, 10.1-10.2) March 21, 2017 Overview Today: Math needed for basic public-key crypto
More informationNET 311D INFORMATION SECURITY
1 NET 311D INFORMATION SECURITY Networks and Communication Department TUTORIAL 3 : Asymmetric Ciphers (RSA) A Symmetric-Key Cryptography (Public-Key Cryptography) Asymmetric-key (public key cryptography)
More informationA Knapsack Cryptosystem Based on The Discrete Logarithm Problem
A Knapsack Cryptosystem Based on The Discrete Logarithm Problem By K.H. Rahouma Electrical Technology Department Technical College in Riyadh Riyadh, Kingdom of Saudi Arabia E-mail: kamel_rahouma@yahoo.com
More informationLECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS
LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS Modular arithmetics that we have discussed in the previous lectures is very useful in Cryptography and Computer Science. Here we discuss several
More informationTECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 30 October 2018
Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 30 October 2018 Name : TU/e student number : Exercise 1 2 3 4 5 total points Notes: Please hand in all sheets at the end of the exam.
More informationLecture 19: Verifiable Mix-Net Voting. The Challenges of Verifiable Mix-Net Voting
6.879 Special Topics in Cryptography Instructors: Ran Canetti April 15, 2004 Lecture 19: Verifiable Mix-Net Voting Scribe: Susan Hohenberger In the last lecture, we described two types of mix-net voting
More informationEindhoven University of Technology MASTER. Kleptography cryptography with backdoors. Antheunisse, M. Award date: 2015
Eindhoven University of Technology MASTER Kleptography cryptography with backdoors Antheunisse, M. Award date: 2015 Disclaimer This document contains a student thesis (bachelor's or master's), as authored
More informationEfficient Identity-Based Encryption Without Random Oracles
Efficient Identity-Based Encryption Without Random Oracles Brent Waters Abstract We present the first efficient Identity-Based Encryption (IBE) scheme that is fully secure without random oracles. We first
More informationTowards a DL-based Additively Homomorphic Encryption Scheme
Towards a DL-based Additively Homomorphic Encryption Scheme Guilhem Castagnos 1 and Benoît Chevallier-Mames 2 1 DMI-XLIM, Université de Limoges, 123, Avenue Albert-Thomas 87060 Limoges Cedex, France guilhem.castagnos@unilim.fr
More informationSharing DSS by the Chinese Remainder Theorem
Sharing DSS by the Chinese Remainder Theorem Kamer Kaya,a, Ali Aydın Selçuk b a Ohio State University, Columbus, 43210, OH, USA b Bilkent University, Ankara, 06800, Turkey Abstract In this paper, we propose
More informationTi Secured communications
Ti5318800 Secured communications Pekka Jäppinen September 20, 2007 Pekka Jäppinen, Lappeenranta University of Technology: September 20, 2007 Relies on use of two keys: Public and private Sometimes called
More informationFinal Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.
Final Exam Math 10: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 0 April 2002 :0 11:00 a.m. Instructions: Please be as neat as possible (use a pencil), and show
More informationIntroduction to Cybersecurity Cryptography (Part 5)
Introduction to Cybersecurity Cryptography (Part 5) Prof. Dr. Michael Backes 13.01.2017 February 17 th Special Lecture! 45 Minutes Your Choice 1. Automotive Security 2. Smartphone Security 3. Side Channel
More informationWeighted Threshold Secret Sharing Based on the Chinese Remainder Theorem
Weighted Threshold Secret Sharing Based on the Chinese Remainder Theorem Sorin Iftene and Ioana Boureanu Faculty of Computer Science Al. I. Cuza University Iaşi, Romania {siftene,iboureanu}@infoiasi.ro
More informationPowers in Modular Arithmetic, and RSA Public Key Cryptography
1 Powers in Modular Arithmetic, and RSA Public Key Cryptography Lecture notes for Access 2006, by Nick Korevaar. It was a long time from Mary Queen of Scotts and substitution ciphers until the end of the
More informationDigital Signatures. Saravanan Vijayakumaran Department of Electrical Engineering Indian Institute of Technology Bombay
Digital Signatures Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay July 24, 2018 1 / 29 Group Theory Recap Groups Definition A set
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 13 March 3, 2013 CPSC 467b, Lecture 13 1/52 Elliptic Curves Basics Elliptic Curve Cryptography CPSC
More informationElliptic curves: Theory and Applications. Day 4: The discrete logarithm problem.
Elliptic curves: Theory and Applications. Day 4: The discrete logarithm problem. Elisa Lorenzo García Université de Rennes 1 14-09-2017 Elisa Lorenzo García (Rennes 1) Elliptic Curves 4 14-09-2017 1 /
More information