REU 2015: Complexity Across Disciplines. Introduction to Cryptography

Similar documents
REU 2015: Complexity Across Disciplines. Introduction to Cryptography

Known and Chosen Key Differential Distinguishers for Block Ciphers

Cryptography: Key Issues in Security

An introduction to Hash functions

Problem 1. k zero bits. n bits. Block Cipher. Block Cipher. Block Cipher. Block Cipher. removed

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 11 Hash Functions ver.

Avoiding collisions Cryptographic hash functions. Table of contents

Public-key Cryptography: Theory and Practice

ECS 189A Final Cryptography Spring 2011

1 Cryptographic hash functions

Limits on the Efficiency of One-Way Permutation-Based Hash Functions

Solution of Exercise Sheet 7

ENEE 457: Computer Systems Security 09/19/16. Lecture 6 Message Authentication Codes and Hash Functions

Linearization and Message Modification Techniques for Hash Function Cryptanalysis

Hash Functions. Ali El Kaafarani. Mathematical Institute Oxford University. 1 of 34

Introduction to Cryptography k. Lecture 5. Benny Pinkas k. Requirements. Data Integrity, Message Authentication

Division Property: a New Attack Against Block Ciphers

Cryptographic Hash Functions

Provable Chosen-Target-Forced-Midx Preimage Resistance

Domain Extender for Collision Resistant Hash Functions: Improving Upon Merkle-Damgård Iteration

Functional Graph Revisited: Updates on (Second) Preimage Attacks on Hash Combiners

Hash Functions. A hash function h takes as input a message of arbitrary length and produces as output a message digest of fixed length.

Lecture 14: Cryptographic Hash Functions

A Weak Cipher that Generates the Symmetric Group

A Composition Theorem for Universal One-Way Hash Functions

On High-Rate Cryptographic Compression Functions

b = 10 a, is the logarithm of b to the base 10. Changing the base to e we obtain natural logarithms, so a = ln b means that b = e a.

CPSC 467: Cryptography and Computer Security

Lecture 1: Introduction to Public key cryptography

Leftovers from Lecture 3

Extended Criterion for Absence of Fixed Points

CPSC 467: Cryptography and Computer Security

Codes and Cryptography. Jorge L. Villar. MAMME, Fall 2015 PART XII

1 Cryptographic hash functions

Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Provable Security in Symmetric Key Cryptography

On the provable security of BEAR/LION schemes

CPSC 467: Cryptography and Computer Security

SPCS Cryptography Homework 13

Avoiding collisions Cryptographic hash functions. Table of contents

How (not) to efficiently dither blockcipher-based hash functions?

Building Quantum-One-Way Functions from Block Ciphers: Davies-Meyer and Merkle-Damgård Constructions

Notes for Lecture 9. 1 Combining Encryption and Authentication

5199/IOC5063 Theory of Cryptology, 2014 Fall

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

Introduction to Cybersecurity Cryptography (Part 4)

Collapsing sponges: Post-quantum security of the sponge construction

The Security of Abreast-DM in the Ideal Cipher Model

Introduction to Cybersecurity Cryptography (Part 4)

Practice Final Exam Winter 2017, CS 485/585 Crypto March 14, 2017

Higher Order Universal One-Way Hash Functions from the Subset Sum Assumption

Week 12: Hash Functions and MAC

Introduction to Cryptography

Lecture 1. Crypto Background

Symmetric key cryptography over non-binary algebraic structures

Indifferentiable Security Analysis of Popular Hash Functions with Prefix-free Padding

Adaptive Preimage Resistance Analysis Revisited: Requirements, Subtleties and Implications

Lecture 11: Hash Functions, Merkle-Damgaard, Random Oracle

Deterministic Constructions of 21-Step Collisions for the SHA-2 Hash Family

Technische Universität München (I7) Winter 2013/14 Dr. M. Luttenberger / M. Schlund SOLUTION. Cryptography Endterm

Block Ciphers and Feistel cipher

SOME OBSERVATIONS ON THE CRYPTOGRAPHIC HASH FUNCTIONS

New Preimage Attack on MDC-4

Foundations of Network and Computer Security

Foundations of Network and Computer Security

Hash Functions: From Merkle-Damgård to Shoup. Ilya Mironov

Improved indifferentiability security analysis of chopmd Hash Function

Indifferentiable Security Analysis of Popular Hash Functions with Prefix-free Padding

Algebraic properties of SHA-3 and notable cryptanalysis results

Linear Cryptanalysis of Long-Key Iterated Cipher with Applications to Permutation-Based Ciphers

Domain Extension of Public Random Functions: Beyond the Birthday Barrier

A Domain Extender for the Ideal Cipher

MATH3302 Cryptography Problem Set 2

Biomedical Security. Overview 9/15/2017. Erwin M. Bakker

CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrosky. Lecture 4

RSA RSA public key cryptosystem

A new message authentication code based on the non-associativity of quasigroups. Kristen Ann Meyer. A dissertation submitted to the graduate faculty

Parallel Implementation of Proposed One Way Hash Function

BISON Instantiating the Whitened Swap-Or-Not Construction November 14th, 2018

Introduction to Cryptography Lecture 4

Cryptanalysis of Tweaked Versions of SMASH and Reparation

Modern Cryptography Lecture 4

Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption

Impossible Differential-Linear Cryptanalysis of Reduced-Round CLEFIA-128

Security of Permutation-based Compression Function lp231

Permutation Generators Based on Unbalanced Feistel Network: Analysis of the Conditions of Pseudorandomness 1

Improved characteristics for differential cryptanalysis of hash functions based on block ciphers

CSC 5930/9010 Modern Cryptography: Number Theory

Complementing Feistel Ciphers

The Hash Function Fugue

12 Hash Functions Defining Security

U.C. Berkeley CS276: Cryptography Luca Trevisan February 5, Notes for Lecture 6

Structural Cryptanalysis of SASAS

Benes and Butterfly schemes revisited

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Robust Hashing Algorithm for Data Verification

Elliptic Curves I. The first three sections introduce and explain the properties of elliptic curves.

Structural Evaluation of AES and Chosen-Key Distinguisher of 9-round AES-128

Cryptography - Session 2

Transcription:

REU 2015: Complexity Across Disciplines Introduction to Cryptography

Symmetric Key Cryptosystems

Iterated Block Ciphers Definition Let KS : K K s be a function that produces a set of subkeys k i K, 1 i s from any key k K. A block cipher Π for which the encryption functions ɛ k are of the form T [k s ] T [k s 1 ] T [k s 2 ] T [k 1 ] is called an iterated block cipher and T [k i ] is called ith-round function.

Hash Functions Definition A hash function is a function H : X Y where X is a set of strings of arbitrary length, Y is a finite set of strings of a fixed length and X > Y. 1 Computationally Infeasible means solving the underlying problem is not possible within polynomial time

Hash Functions Definition A hash function is a function H : X Y where X is a set of strings of arbitrary length, Y is a finite set of strings of a fixed length and X > Y. A hash function H is one-way hash function for any y Y it is computationally infeasible 1 to find x X such that H(x) = y. 1 Computationally Infeasible means solving the underlying problem is not possible within polynomial time

Hash Functions Definition A hash function is a function H : X Y where X is a set of strings of arbitrary length, Y is a finite set of strings of a fixed length and X > Y. A hash function H is one-way hash function for any y Y it is computationally infeasible 1 to find x X such that H(x) = y. A hash function H is second-preimage resistant or weakly-collision free if for a given x X it is computationally infeasible to find x x such that H(x) = H(x ). 1 Computationally Infeasible means solving the underlying problem is not possible within polynomial time

Hash Functions Definition A hash function is a function H : X Y where X is a set of strings of arbitrary length, Y is a finite set of strings of a fixed length and X > Y. A hash function H is one-way hash function for any y Y it is computationally infeasible 1 to find x X such that H(x) = y. A hash function H is second-preimage resistant or weakly-collision free if for a given x X it is computationally infeasible to find x x such that H(x) = H(x ). A hash function H is first-preimage resistant or strongly-collision free if it is computationally infeasible to find x, x X such that x x and H(x) = H(x ). 1 Computationally Infeasible means solving the underlying problem is not possible within polynomial time

Groups Generated by Encryption Functions Let T Π = {ɛ k : k K} be the set of all possible encryption transformations. In a cryptosystem the mapping ɛ is a permutation of M. T Π S M

Groups Generated by Encryption Functions Let T Π = {ɛ k : k K} be the set of all possible encryption transformations. In a cryptosystem the mapping ɛ is a permutation of M. T Π S M Definition The group G = T Π is called the group generated by the cipher.

Groups Generated by Encryption Functions Let T Π = {ɛ k : k K} be the set of all possible encryption transformations. In a cryptosystem the mapping ɛ is a permutation of M. T Π S M Definition The group G = T Π is called the group generated by the cipher. If T Π = G then the set of permutations T Π forms a group (the cipher is a group).

Groups Generated by Encryption Functions Let T Π = {ɛ k : k K} be the set of all possible encryption transformations. In a cryptosystem the mapping ɛ is a permutation of M. T Π S M Definition The group G = T Π is called the group generated by the cipher. If T Π = G then the set of permutations T Π forms a group (the cipher is a group). For such a cipher, multiple encryption doesn t offer better security than single encryption.

Groups Generated by Encryption functions Group generated by T [k]: G τ = T [k] k K

Groups Generated by Encryption functions Group generated by T [k]: G τ = T [k] k K Group generated by an arbitrary composition of s-round functions with independent keys k 1, k 2,, k s K:

Groups Generated by Encryption functions Group generated by T [k]: G τ = T [k] k K Group generated by an arbitrary composition of s-round functions with independent keys k 1, k 2,, k s K: G s τ = T [k s ]T [k s 1 ] T [k 1 ] k i K Group generated by any composition of s-round functions permitted by the key schedule KS : K K s (group generated by the cipher):

Groups Generated by Encryption functions Group generated by T [k]: G τ = T [k] k K Group generated by an arbitrary composition of s-round functions with independent keys k 1, k 2,, k s K: G s τ = T [k s ]T [k s 1 ] T [k 1 ] k i K Group generated by any composition of s-round functions permitted by the key schedule KS : K K s (group generated by the cipher): G = T [k s ]T [k s 1 ] T [k 1 ] KS(k) = (k 1, k 2,, k s )

Groups Generated by Encryption functions Group generated by T [k]: G τ = T [k] k K Group generated by an arbitrary composition of s-round functions with independent keys k 1, k 2,, k s K: G s τ = T [k s ]T [k s 1 ] T [k 1 ] k i K Group generated by any composition of s-round functions permitted by the key schedule KS : K K s (group generated by the cipher): G = T [k s ]T [k s 1 ] T [k 1 ] KS(k) = (k 1, k 2,, k s ) Lemma For every s N, G s τ is a normal subgroup of G τ.

Example: Merkle-Damgård Hash Function Let W (k, m) denote a block cipher that encrypts given plaintext m using a key k.

Example: Merkle-Damgård Hash Function Let W (k, m) denote a block cipher that encrypts given plaintext m using a key k. The hash functions based on the Merkle-Damgård scheme use a block cipher as a compression function.

Example: Merkle-Damgård Hash Function Let W (k, m) denote a block cipher that encrypts given plaintext m using a key k. The hash functions based on the Merkle-Damgård scheme use a block cipher as a compression function. Given a message m consisting of blocks m 1, m 2, m 3,, m t, the hash function is defined as H i = W (H i 1, m i ) m i H i 1, 0 i t (1) where H 0 is some initial value.

Algebraic Properties of a Cipher Small cardinality. If the cardinality of the group G is smaller than the cardinality of the key space, then the time for the key search can reduced to O(K). Intransitivity. Let l, n denote natural numbers such that 0 < l n. A group G S n is called l-transitive if, for any pair (a 1, a 2,..., a l ) and (b 1, b 2,..., b l ) with a i a j, b i b j for i j, there is a permutation g G with g(a i ) = b i for all i {1, 2,..., l}. A 1-transitive permutation group is called transitive. The group that is not transitive is called intransitive.

Algebraic Properties of a Cipher Imprimitivity. A subset B X is called a block of G if for each g G either g(b) = B or g(b) B =. A block B is said to be trivial if B {, X } or B = {x} where x X. The group G S n is called imprimitive if there is a non-trivial block B X of G; otherwise G is called primitive.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback