A Simple Provably Secure AKE from the LWE Problem

Slides:

Advertisements

Similar presentations

Signatures for Network Coding Denis Charles Kamal Jain Kristin Lauter Microsoft Research.

Advertisements

Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.

Key Management Nick Feamster CS 6262 Spring 2009.

11 Efficient and Secure Certificateless Authentication and Key Agreement Protocol for Hybrid P2P Network Authors: Z. B. Xu and Z. W. Li Source: The 2nd.

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Quantum Cryptography ( EECS 598 Presentation) by Amit Marathe.

Lattice-Based Cryptography. Cryptographic Hardness Assumptions Factoring is hard Discrete Log Problem is hard  Diffie-Hellman problem is hard  Decisional.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

ASYMMETRIC CIPHERS.

ElGamal Public Key Cryptography CS 303 Alg. Number Theory & Cryptography Jeremy Johnson Taher ElGamal, "A Public-Key Cryptosystem and a Signature Scheme.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.

Chapter 21 Public-Key Cryptography and Message Authentication.

Key Management Celia Li Computer Science and Engineering York University.

Cryptography and Network Security (CS435) Part Eight (Key Management)

Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

Cryptography and Network Security Key Management and Other Public Key Cryptosystems.

ECE509 Cyber Security : Concept, Theory, and Practice Key Management Spring 2014.

1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,

Identity based signature schemes by using pairings Parshuram Budhathoki Department of Mathematical Science FAU 02/21/2013 Cyber Security Seminar, FAU.

Elliptic Curve Cryptography Celia Li Computer Science and Engineering November 10, 2005.

Interleaving and Collusion Attacks on a Dynamic Group Key Agreement Scheme for Low-Power Mobile Devices * Junghyun Nam 1, Juryon Paik 2, Jeeyeon Kim 2,

Key Management Network Systems Security Mort Anvari.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:

Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption.

Key Management public-key encryption helps address key distribution problems have two aspects of this: – distribution of public keys – use of public-key.

Information Security Lab. Dept. of Computer Engineering 251/ 278 PART II Asymmetric Ciphers Key Management; Other CHAPTER 10 Key Management; Other Public.

Lightweight Mutual Authentication for IoT and Its Applications

Outline Primitive Element Theorem Diffie Hellman Key Distribution

A Dynamic ID-Based Generic Framework for Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks Source: Wireless Personal Communications,

CSCE 715: Network Systems Security

Cybersecurity: Aspects of Cryptography from a Classical and Quantum Perspective (An Ongoing Review) Joseph Spring University of Hertfordshire British Council.

Encryption and Integrity

Cryptanalyses and improvements of two cryptographic key assignment schemes for dynamic access control in a user hierarchy Source: Computer & Security,

Key Exchange References: Applied Cryptography, Bruce Schneier

A lightweight authentication scheme based on self-updating strategy for space information network Source: International Journal Of Satellite Communications.

Quantum Cryptography Christian Schaffner ICT OPEN 2017

Identity Based Encryption

Source: IEEE Communications Letters, Vol. 8, No. 3, March 2004

Public Key Encryption and Digital Signatures

SAKAWP: Simple Authenticated Key Agreement Protocol Based on Weil Pairing Authors: Eun-Jun Yoon and Kee-Young Yoo Src: International Conference on Convergence.

A Secure Anonymity Preserving Authentication Scheme for Roaming Service in Global Mobility Networks Source: Wireless Personal Communications, ahead of.

Efficient Time-Bound Hierarchical Key Assignment Scheme

Practical Aspects of Modern Cryptography

Background: Lattices and the Learning-with-Errors problem

Diffie-Hellman Key-Exchange Algorithm

Celia Li Computer Science and Engineering York University

Improved Visual Secret Sharing Scheme for QR Code Applications

Source： Ad Hoc Networks, Vol. 71, pp , 2018

Key Management Network Systems Security

Lattices. Svp & cvp. lll algorithm. application in cryptography

An efficient biometric based remote user authentication scheme for secure internet of things environment Source: Journal of Intelligent & Fuzzy Systems.

Authors：Debiao He, Sherali Zeadally, Neeraj Kumar and Wei Wu

CSCE 715: Network Systems Security

Practical Aspects of Modern Cryptography

CSCE 715: Network Systems Security

Asymmetric Cryptographic Algorithms

CSCE 715: Network Systems Security

Diffie-Hellman Key Exchange

Secure Diffie-Hellman Algorithm

Presentation transcript:

A Simple Provably Secure AKE from the LWE Problem Source: Mathematical Problems in Engineering, Volume 2017, April 2017 Author: Limin Zhou, and Fengju Lv Speaker: Nguyen Ngoc Tu Date: 2017/10/5 Green: environmentally friendly

Introduction Key Exchange Protocol Alice Bob Intercept: Delete, modify, fabricate ; corrupt: clients

Introduction Key Exchange Protocol Diffie–Hellman key exchange Alice Bob D-H on finite field (or finite cyclic groups) Computational hardness assumption (discrete logarithm): Intercept: Delete, modify, fabricate ; corrupt: clients

Introduction Key Exchange Protocol Diffie–Hellman key exchange Alice Bob D-H on ECC Computational hardness assumption: Intercept: Delete, modify, fabricate ; corrupt: clients

Introduction Key Exchange Protocol Peter W. Shor (1997) Quantum computer can break the factorization problem the discrete logarithm problem in quantum polynomial time algorithms October 2015: Researchers at University of New South Wales built a Quantum logic gate in silicon for the first time May 2017: IBM announced that it has successfully built and tested its most powerful universal quantum computing processors with 16 qubit processor. Diffie–Hellman key exchange based on factorization discrete logarithm problems become insecure in next some years! Intercept: Delete, modify, fabricate ; corrupt: clients P.W. Shor, “Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer,” SIAM Journal on Computing, vol. 26, no. 5, pp. 1484–1509, 1997. “World's First Silicon Quantum Logic Gate Brings Quantum Computing One Step Closer,” 2015 "IBM Builds Its Most Powerful Universal Quantum Computing Processors,“ 2017 https://www-03.ibm.com/press/us/en/pressrelease/52403.wss

Introduction (1) Lattice-based cryptography Key Exchange Protocol New candidates of mathematical problems (1) Lattice-based cryptography (2) Multivariate-based cryptography (3) Hash-based signatures (4) Code-based cryptography (5) Supersingular elliptic curves-based cryptography Intercept: Delete, modify, fabricate ; corrupt: clients

Outline Introduction Preliminaries Proposed scheme Conclusions

Preliminaries Lattice Let be a set of linearly independent vectors. The lattice generated by is the set of linear combinations of with coefficients in Fundamental domain Contribution

Preliminaries Example Contribution

Preliminaries Discrete Gaussian Distribution (center at 0, variance t) Sample the noise value Contribution

Preliminaries Learning with errors problem Input a secret vector Sample output Select a vector uniformly at random Select a random a noise Compute Problem: Contribution Given at most polynomial samples Find the secret vector It believes that the problem belong to NP-Hard class

Preliminaries Notations • • • • • Contribution

Proposed scheme Setup the prime number the dimension of the private vectors the Gaussian parameter the key derivation function 𝑠 𝐵 Contribution

Proposed scheme Setup Secrete key: Secrete key: Public key: Bob Alice Secrete key: Secrete key: Public key: Public key: Contribution

Proposed scheme Alice Bob Select Compute Contribution

Proposed scheme Alice Bob Select Compute Contribution

Proposed scheme Alice Bob Contribution with overwhelming probability

Performance comparison Security comparisons BR=Bellare and Rogaway model [5] H. Krawczyk, “HMQV: a high-performance secure Diffie-Hellman protocol (extended abstract),” in Advances in cryptology— CRYPTO 2005, vol. 3621 of Lecture Notes in Computer Science, pp. 546–566, Springer, Berlin, Germany, 2005. [7] B. LaMacchia, K. Lauter, and A. Mityagin, “Stronger security of authenticated key exchange,” in Provable Security, vol. 4784 of Lecture Notes in Computer Science, pp. 1–16, Springer, Berlin, Germany, 2007. [18] J. W. Bos, C. Costello, M. Naehrig, and D. Stebila, “Postquantum key exchange for the TLS protocol from the ring learning with errors problem,” in Proceedings of the 36th IEEE Symposium on Security and Privacy (SP ’15), pp. 553–570, San Jose, Calif, USA, May 2015. [26] A. Fujioka, K. Suzuki, K. Xagawa, and K. Yoneyama, “Practical and post-quantum authenticated key exchange from one-way secure key encapsulation mechanism,” in Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security (ASIA CCS ’13), pp. 83–94,ACM,May 2013. [27] A. Fujioka, K. Suzuki, K. Xagawa, and K. Yoneyama, “Strongly secure authenticated key exchange from factoring, codes, and lattices,” Designs, Codes and Cryptography, vol. 76, no. 3, pp. 469–504, 2015. [34] B. Ustaoglu, “Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS,” Designs, Codes, and Cryptography, vol. 46, no. 3, pp. 329–342, 2008. AAKE:

Conclusions The security of the proposed AKE scheme solely bases on the LWE problem Provable security under the BR model Automated Validation of Internet Security Protocols and Applications.