DTTF/NB479: Dszquphsbqiz Day 26

Similar documents
DTTF/NB479: Dszquphsbqiz Day 27

Problem 1. k zero bits. n bits. Block Cipher. Block Cipher. Block Cipher. Block Cipher. removed

SIGNATURE SCHEMES & CRYPTOGRAPHIC HASH FUNCTIONS. CIS 400/628 Spring 2005 Introduction to Cryptography

CPSC 467: Cryptography and Computer Security

Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30

9 Knapsack Cryptography

Chapter 8 Public-key Cryptography and Digital Signatures

s = (Y Q Y P)/(X Q - X P)

Hashes and Message Digests Alex X. Liu & Haipeng Dai

Question: Total Points: Score:

b = 10 a, is the logarithm of b to the base 10. Changing the base to e we obtain natural logarithms, so a = ln b means that b = e a.

Lecture V : Public Key Cryptography

March 19: Zero-Knowledge (cont.) and Signatures

ECS 189A Final Cryptography Spring 2011

Lecture 1: Introduction to Public key cryptography

CIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography

Overview. Public Key Algorithms II

Public Key Cryptography

Asymmetric Encryption

Cryptography and Security Final Exam

8 Elliptic Curve Cryptography

CPSC 467: Cryptography and Computer Security

ENEE 457: Computer Systems Security 09/19/16. Lecture 6 Message Authentication Codes and Hash Functions

Practice Assignment 2 Discussion 24/02/ /02/2018

Goals of Cryptography. Definition of a Cryptosystem. Security Kerckhoff's Requirements

Introduction to Modern Cryptography. Benny Chor

Number theory (Chapter 4)

Secure Signatures and Chosen Ciphertext Security in a Quantum Computing World. Dan Boneh and Mark Zhandry Stanford University

Information Security

CHALMERS GÖTEBORGS UNIVERSITET. TDA352 (Chalmers) - DIT250 (GU) 11 April 2017, 8:30-12:30

Notes for Lecture 9. 1 Combining Encryption and Authentication

Exam Security January 19, :30 11:30

TECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Friday 25 January 2019

Hash Functions. A hash function h takes as input a message of arbitrary length and produces as output a message digest of fixed length.

U.C. Berkeley CS276: Cryptography Luca Trevisan February 5, Notes for Lecture 6

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Lecture Notes, Week 6

Foundations of Network and Computer Security

Leftovers from Lecture 3

Cryptography. Lecture 2: Perfect Secrecy and its Limitations. Gil Segev

Multiparty Computation

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

CHAPTER 6: OTHER CRYPTOSYSTEMS, PSEUDO-RANDOM NUMBER GENERATORS and HASH FUNCTIONS. Part VI

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

ENEE 457: Computer Systems Security 10/3/16. Lecture 9 RSA Encryption and Diffie-Helmann Key Exchange

TECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 30 October 2018

Public Key Cryptography

Lecture 28: Public-key Cryptography. Public-key Cryptography

Lecture 10 - MAC s continued, hash & MAC

Attacks on hash functions. Birthday attacks and Multicollisions

Solutions for week 1, Cryptography Course - TDA 352/DIT 250

Lecture 7: ElGamal and Discrete Logarithms

RSA RSA public key cryptosystem

Notes for Lecture 17

CPSC 467b: Cryptography and Computer Security

Digital Signatures. Saravanan Vijayakumaran Department of Electrical Engineering Indian Institute of Technology Bombay

MATH 158 FINAL EXAM 20 DECEMBER 2016

ID-based Encryption Scheme Secure against Chosen Ciphertext Attacks

Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.

CIS 551 / TCOM 401 Computer and Network Security

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.

RSA. Ramki Thurimella

ENEE 459-C Computer Security. Message authentication (continue from previous lecture)

Introduction to Elliptic Curve Cryptography

Public-Key Cryptography. Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange

Identity-Based Key Aggregate Cryptosystem from Multilinear Maps

CPSC 467: Cryptography and Computer Security

10 Modular Arithmetic and Cryptography

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

Introduction to Cryptography. Lecture 8

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Foundations of Network and Computer Security

Question 1. The Chinese University of Hong Kong, Spring 2018

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Cryptography IV: Asymmetric Ciphers

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Foundations of Network and Computer Security

dit-upm RSA Cybersecurity Cryptography

Public-Key Cryptosystems CHAPTER 4

Chapter 4 Asymmetric Cryptography

Asymmetric Cryptography

Crypto math II. Alin Tomescu May 27, Abstract A quick overview on group theory from Ron Rivest s course in Spring 2015.

How to Use Short Basis : Trapdoors for Hard Lattices and new Cryptographic Constructions

Introduction to Cryptography Lecture 4

Quantum public-key cryptosystems based on induced trapdoor one-way transformations

Digital Signatures. p1.

5199/IOC5063 Theory of Cryptology, 2014 Fall

Cryptographical Security in the Quantum Random Oracle Model

Digital Signatures. Adam O Neill based on

Foundations of Network and Computer Security

Cryptographic Hashes. Yan Huang. Credits: David Evans, CS588

Elliptic Curve Cryptography

Cryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg

Homework 4 for Modular Arithmetic: The RSA Cipher

2: Iterated Cryptographic Hash Functions

Introduction to Cryptography

Public Key Algorithms

CPSC 467b: Cryptography and Computer Security

A Key Recovery Attack on MDPC with CCA Security Using Decoding Errors

Transcription:

DTTF/NB479: Dszquphsbqiz Day 26 Announceents:. HW6 due now 2. HW7 posted 3. Will pick pres dates Friday Questions? This week: Discrete Logs, Diffie-Hellan, ElGaal Hash Functions, SHA, Birthday attacks

ElGaal Bob publishes (α, p, β), where < < p and β=α a Alice chooses secret k, coputes and sends to Bob the pair (r,t) where r=α k (od p) t = β k (od p) Bob finds: tr -a = (od p) Notes:. Show that Bob s decryption works Plug in values for t, r, and β. Nae: 2. Eve would like to know k. Show that knowing k allows decrpytion. Why? =β -k t 3. Why can t Eve copute k fro r or t? Need to calculate a discrete log to do so, which is hard when p is large 4. Challenge: Alice should randoize k each tie. If not, and Eve gets hold of a plaintext / ciphertext (, r, t ), she can decrypt other ciphertexts ( 2, r 2, t 2 ). Show how. Use, t to solve for β k. Then use β -k and t 2 to find 2 5. If Eve says she found fro (r,t), can we verify that she really found it, using only the public key (and not k or a)? Explain. Not easily (see next slide)

Known plaintext attack Bob publishes (α, p, β), where < < p and β=α a Alice chooses secret k, coputes and sends to Bob the pair (r,t) where r=α k (od p) t = β k (od p) Bob finds: tr -a = (od p) Why does this work? If Eve got hold of a plaintext/ciphertext (, r, t ), she can decrypt other ciphertexts ( 2, r 2, t 2 ): Answer: r=α k (od p), t = β k (od p), t 2 = β k 2 (od p) So t t2 β k (od p) You can solve for 2, since everything else in the proportion is known. 2 Alice should randoize k each tie.

Tying everything together Bob publishes (α, p, β), where < < p and β=α a Alice chooses secret k, coputes and sends to Bob the pair (r,t) where r=α k (od p) t = β k (od p) Bob finds: tr -a = (od p) Why does this work? If Eve says she found fro (r,t), can we verify that she really found it, using just,r,t and the public key? Not easily! Decision D-H Validity of (od p) ElGaal ciphertexts. Coputational D-H Decrypting (od p) ElGaal ciphertexts.

Cryptographic hash functions shrink essages into a digest Message (long) Cryptographic hash Function, h Message digest, y (Shorter fixed length) Shrinks data, so 2 essages can have the sae digest:!= 2, but h( ) = h( 2 ) Goal: to provide a unique fingerprint of the essage.

Cryptographic hash functions ust satisfy three properties to be useful and secure 2 Message (long) Cryptographic hash Function, h Message digest, y (Shorter fixed length) Shrinks data, so 2 essages can have the sae digest:!= 2, but h( ) = h( 2 ). Fast to copute y fro. 2. One-way: given y = h(), can t find any satisfying h( ) = y easily. 3. Strongly collision-free: Can t find any pair 2 such that h( )=h( 2 ) easily 4. (Soeties we can settle for weakly collision-free: given, can t find with h() = h( ).

Hash functions can be used for digital signatures and error detection 3 3 properties:. Fast to copute 2. One-way: given y = h(), can t find any satisfying h( ) = y easily. 3. Strongly collisionfree: Can t find 2 such that h( )=h( 2 ) Why do we care about these properties? Use #: Digital signatures If Alice signs h(), what if Bob could find, such that h() = h( )? He could clai Alice signed! Consider two contracts Use #2: Error detection siple exaple: Alice sends (, h()), Bob receives (M, H). Bob checks if H=h(M). If not, there s an error.

Hash function exaples 4a-b 3 properties:. Fast to copute 2. One-way: given y = h(), can t find any satisfying h( ) = y easily. 3. Strongly collision-free: Can t find 2 such that h( )=h( 2 ) Exaples:. h() = (od n) 2. h() = α (od p) for large prie p, which doesn t divide α 3. Discrete log hash Given large prie p, such that q=(p-)/2 is also prie, and EHA (next) priitive roots α and β for p: β h ) α ( where = 0 + q SHA- (toorrow) (od 0 p MD4, MD5 (weaker than SHA; won t discuss) ) For first 2 exaples, please check properties 2-3.

Easy Hash Algorith (EHA) isn t very secure! Break into n-bit blocks, append zeros to get a ultiple of n. There are L of the, where L = /n Fast! But not very secure. Does perforing a left shift on the rows first help? Define y as leftshifting by y bits Then = ( i ) i i 2 2 = =... l l 2 22 l 2 n 2n ln [ c c... ] 22 ll 2 23 2...... c n n 2 l, l+ l, l =h()

Easy Hash Algorith (EHA) isn t very secure! 4c 3 properties:. Fast to copute 2. One-way: given y = h(), can t find any satisfying h( ) = y easily. 3. Strongly collisionfree: Can t find 2 such that h( )=h( 2 ) 2 =... l = l 2 [ c c... ] 2 22 l 2 2 n 2n ln c n =h() Exercise:. Show that the basic (unrotated) version doesn t satisfy properties 2 and 3. 2. What about the version that uses rotations?

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback