Foundations of Cryptography Rahul Jain CS6209, Jan – April 2011

Slides:



Advertisements
Similar presentations
Many-to-one Trapdoor Functions and their Relations to Public-key Cryptosystems M. Bellare S. Halevi A. Saha S. Vadhan.
Advertisements

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
Foundations of Cryptography Lecture 11 Lecturer: Moni Naor.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
11 Provable Security. 22 Given a ciphertext, find the corresponding plaintext.
CIS 5371 Cryptography 3b. Pseudorandomness.
Digital Signatures and Hash Functions. Digital Signatures.
Foundations of Cryptography Lecture 5 Lecturer: Moni Naor.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.
Foundations of Cryptography Lecture 12 Lecturer: Moni Naor.
Session 4 Asymmetric ciphers.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
The Bright Side of Hardness Relating Computational Complexity and Cryptography Oded Goldreich Weizmann Institute of Science.
CMSC 456 Introduction to Cryptography
Foundations of Cryptography Lecture 5: Signatures and pseudo-random generators Lecturer: Moni Naor.
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
Lecturer: Moni Naor Foundations of Cryptography Lecture 11: Security of Encryption Schemes.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Lecturer: Moni Naor Foundations of Cryptography Lecture 12: Commitment and Zero-Knowledge.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
1 Constructing Pseudo-Random Permutations with a Prescribed Structure Moni Naor Weizmann Institute Omer Reingold AT&T Research.
Lecturer: Moni Naor Foundations of Cryptography Lecture 9: Pseudo-Random Functions and Permutations.
Foundations of Cryptography Lecture 10: Pseudo-Random Permutations and the Security of Encryption Schemes Lecturer: Moni Naor Announce home )deadline.
Chapter 9 – Public Key Cryptography and RSA Private-Key Cryptography  traditional private/secret/single key cryptography uses one key  shared by both.
Computer Security CS 426 Lecture 3
Foundations of Cryptography Lecture 9 Lecturer: Moni Naor.
Foundations of Cryptography Lecture 8 Lecturer: Moni Naor.
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
Encryption Schemes Second Pass Brice Toth 21 November 2001.
CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.
XMSS - A Practical Forward Secure Signature Scheme based on Minimal Security Assumptions J. Buchmann, E. Dahmen, A. Hülsing | TU Darmstadt |
8. Data Integrity Techniques
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
ElGamal Public Key Cryptography CS 303 Alg. Number Theory & Cryptography Jeremy Johnson Taher ElGamal, "A Public-Key Cryptosystem and a Signature Scheme.
The RSA Algorithm Rocky K. C. Chang, March
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
CS555Topic 211 Cryptography CS 555 Topic 21: Digital Schemes (1)
Oblivious Signature-Based Envelope Ninghui Li, Stanford University Wenliang (Kevin) Du, Syracuse University Dan Boneh, Stanford University.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
1 CIS 5371 Cryptography 3. Private-Key Encryption and Pseudorandomness B ased on: Jonathan Katz and Yehuda Lindel Introduction to Modern Cryptography.
CS 4/585: Cryptography Tom Shrimpton FAB
CS555Spring 2012/Topic 51 Cryptography CS 555 Topic 5: Pseudorandomness and Stream Ciphers.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
1 Public-Key Cryptography and Message Authentication.
Cryptography and Network Security Chapter 9 - Public-Key Cryptography
Signcryption Parshuram Budhathoki Department of Mathematical Sciences Florida Atlantic University April 18, 2013
Cryptography Lecture 2 Arpita Patra. Summary of Last Class  Introduction  Secure Communication in Symmetric Key setting >> SKE is the required primitive.
1 Reasoning about Concrete Security in Protocol Proofs A. Datta, J.Y. Halpern, J.C. Mitchell, R. Pucella, A. Roy.
A Quick Tour of Cryptographic Primitives Anupam Datta CMU Fall A: Foundations of Security and Privacy.
15-499Page :Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.
Chapter 9 Public Key Cryptography and RSA. Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender.
PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description.
CS555Spring 2012/Topic 71 Cryptography CS 555 Topic 7: Stream Ciphers and CPA Security.
多媒體網路安全實驗室 Anonymous Authentication Systems Based on Private Information Retrieval Date: Reporter: Chien-Wen Huang 出處: Networked Digital Technologies,
Ryan Henry I 538 /B 609 : Introduction to Cryptography.
CS555Spring 2012/Topic 81 Cryptography CS 555 Topic 8: Pseudorandom Functions and CPA Security.
1 The RSA Algorithm Rocky K. C. Chang February 23, 2007.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Cryptography Lecture 12.
Cryptography Lecture 11.
Cryptography Lecture 10.
Cryptography Lecture 10.
Presentation transcript:

Foundations of Cryptography Rahul Jain CS6209, Jan – April

Foundations of Cryptography : Basic Applications Encryption Schemes. Digital Signatures. General Cryptographic Protocols.

Encryption Schemes

Private key v/s Public key encryption schemes, Fig. 5.1, 5.2. Definition of encryption schemes (Def ). Definition of security : Semantic security – private key (Def 5.2.1), Semantic security – public key (Def 5.2.2). Indistinguishability of Encryptions : Private Key (Def ), Public-key (Def 5.2.4). Thm : (Equivalence of definitions – private key) A private-key encryption scheme is semantically secure if and only if it has indistinguishable encryptions. Proof done in class.

Encryption Schemes : Multiple Messages Semantic Security – Multiple messages (Def ) Indistinguishability of encryptions - Multiple messages (Def ) Thm (equivalence of definitions – multiple messages) : A private-key (resp. public- key) encryption scheme is semantically secure for multiple messages if and only if it has indistinguishable encryptions for multiple messages. Proof on similar lines as that of Thm Thm (single-message security implies multiple-message security) : A public-key encryption scheme has indistinguishable encryptions for multiple messages if and only if it has indistinguishable encryptions for a single message. Proof done in class. Propositions (Effect on the private-key model) : Suppose there exists pseudorandom generators (robust against polynomial size circuits). Then there exists a private-key encryption scheme that satisfies Def but does not satisfy Def Proof done in class.

Constructions of Encryption Schemes Block-Ciphers (Def ), Semantic-security – private-key block-ciphers (Def ), Public-key equivalent definition can be given similarly. Construction (from block-ciphers to general encryption schemes) Proposition : Suppose (G,E,D) and (G’,E’,D’) be as in Construction Suppose that the former is a secure private-key (resp. public-key) block cipher. Then the latter is a secure private-key (resp. public-key) encryption scheme. Proof done in class. Construction (a private-key block-cipher based on pseudorandom functions)

Constructions of Encryption Schemes Proposition : Let F and (G,E,D) be as in Construction and suppose that F is pseudorandom with respect to polynomial size circuits. Then (G,E,D) is secure. Proof done in class. Theorem : If there exists (non-uniformly strong) one-way functions, then there exists secure private-key encryption schemes. Proof done in class. Public key encryptions schemes : Trapdoor permutations, definition. Construction (public-key block-cipher with block length 1 using trapdoor permutations with a hard-core predicate). Proposition : Suppose that b is a (non-uniformly strong) hard core of the collection {p α }. Then Construction constitutes a secure public-key block-cipher with block length l = 1. Proof done in class.

Constructions of Encryption Schemes Theorem : If there exists collections of (non-uniformly hard) trapdoor permutations, then there exists secure public-key encryption schemes. Proof done in class. Large Hard-Core Conjecture for RSA. Construction (Randomized-RSA, a public-key block-cipher scheme) Proposition : Suppose that the large hard-core conjecture for RSA does hold. Then Construction constitutes a secure public-key block-cipher (with block- length l(n) = n ). Proof done in class.

Constructions of Encryption Schemes Construction (an alternate public-key encryption scheme based on one-way permutations) Proposition : Suppose that b is a (non-uniformly strong) hard core of the collection {p α }. Furthermore, suppose that this trapdoor collection utilizes a domain sampling algorithm S so that the statistical difference between S(α) and the uniform distribution over the domain of p α is negligible in terms of |α|. Then Construction constitutes a secure public-key encryption scheme. Proof done in class. Construction (the Blum-Goldwasser Public-Key Encryption Scheme) Corollary : Suppose factoring is infeasible, then Construction constitutes a secure public-key encryption scheme.

Digital Signatures and Message Authentication

A scheme for unforgeable signatures must satisfy: 1)Each user can efficiently produce his/her own signature on documents of his/her choice; 2)Every user can efficiently verify whether a given string is a signature of another (specific) user on a specific document; but 3)It is infeasible to produce signatures of other users to documents that they did not sign. A scheme for message authentication should satisfy: 1)Each of the communicating parties can efficiently produce an authentication tag to any message of his/her choice; 2)Each of the communication parties can efficiently verify whether a given string is an authentication tag of a given message; but 3)It is infeasible for an external adversary (i.e. a party other than the communicating parties) to produce authentication tags to messages not sent by the communicating parties.

Digital Signatures and Message Authentication Definition (signature scheme) A chosen message attack is a process that can obtain signatures to strings of its choice, relative to some fixed signing-key that is generated by G. We distinguish two case: The private-key case: Here the attacker is given 1 n

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.