Dan Boneh Stream ciphers Stream ciphers are semantically secure Online Cryptography Course Dan Boneh Goal: secure PRG ⇒ semantically secure stream cipher.

Slides:



Advertisements
Similar presentations
Dan Boneh Message integrity Message Auth. Codes Online Cryptography Course Dan Boneh.
Advertisements

ElGamal Security Public key encryption from Diffie-Hellman
Dan Boneh Using block ciphers Modes of operation: one time key Online Cryptography Course Dan Boneh example: encrypted , new key for every message.
Trusted 3rd parties Basic key exchange
Dan Boneh Block ciphers Exhaustive Search Attacks Online Cryptography Course Dan Boneh.
Online Cryptography Course Dan Boneh
Dan Boneh Stream ciphers Real-world Stream Ciphers Online Cryptography Course Dan Boneh.
1 PRPs and PRFs CS255: Winter Abstract ciphers: PRPs and PRFs, 2.Security models for encryption, 3.Analysis of CBC and counter mode Dan Boneh, Stanford.
Cryptography: The Landscape, Fundamental Primitives, and Security David Brumley Carnegie Mellon University.
Dan Boneh Message Integrity A Parallel MAC Online Cryptography Course Dan Boneh.
1 Brief PRP-PRF Recap CS255 Winter ‘06. 2 PRPs and PRFs PRF: F: K  X  Y such that: exists “efficient” algorithm to eval. F(k,x) PRP: E: K  X  X such.
Notation Intro. Number Theory Online Cryptography Course Dan Boneh
Princeton University COS 433 Cryptography Fall 2005 Boaz Barak COS 433: Cryptography Princeton University Fall 2005 Boaz Barak Lecture 2: Perfect Secrecy.
Princeton University COS 433 Cryptography Fall 2005 Boaz Barak COS 433: Cryptography Princeton University Fall 2005 Boaz Barak Lecture 2: Perfect Secrecy.
Dan Boneh Intro. Number Theory Modular e’th roots Online Cryptography Course Dan Boneh.
Dan Boneh Collision resistance Generic birthday attack Online Cryptography Course Dan Boneh.
Dan Boneh Basic key exchange The Diffie-Hellman protocol Online Cryptography Course Dan Boneh.
Dan Boneh Basic key exchange Public-key encryption Online Cryptography Course Dan Boneh.
Dan Boneh Public Key Encryption from trapdoor permutations The RSA trapdoor permutation Online Cryptography Course Dan Boneh.
Dan Boneh Public Key Encryption from trapdoor permutations RSA in practice Online Cryptography Course Dan Boneh.
Dan Boneh Block ciphers The data encryption standard (DES) Online Cryptography Course Dan Boneh.
Dan Boneh Introduction What is cryptography? Online Cryptography Course Dan Boneh.
Dan Boneh Authenticated Encryption Definitions Online Cryptography Course Dan Boneh.
Dan Boneh Authenticated Encryption Chosen ciphertext attacks Online Cryptography Course Dan Boneh.
Dan Boneh Intro. Number Theory Intractable problems Online Cryptography Course Dan Boneh.
Dan Boneh Public Key Encryption from trapdoor permutations Public key encryption: definitions and security Online Cryptography Course Dan Boneh.
Dan Boneh Authenticated Encryption Case study: TLS Online Cryptography Course Dan Boneh.
Dan Boneh Introduction Course Overview Online Cryptography Course Dan Boneh.
Dan Boneh Stream ciphers The One Time Pad Online Cryptography Course Dan Boneh.
Dan Boneh Introduction History Online Cryptography Course Dan Boneh.
Dan Boneh Block ciphers The AES block cipher Online Cryptography Course Dan Boneh.
Dan Boneh Odds and ends Format preserving encryption Online Cryptography Course Dan Boneh.
Dan Boneh Block ciphers More attacks on block ciphers Online Cryptography Course Dan Boneh.
Dan Boneh Introduction Discrete Probability (crash course) Online Cryptography Course Dan Boneh See also:
Dan Boneh Introduction Discrete Probability (crash course) Online Cryptography Course Dan Boneh.
Dan Boneh Using block ciphers Modes of operation: many time key (CTR) Online Cryptography Course Dan Boneh Example applications: 1. File systems: Same.
Attacks on OTP and stream ciphers
Dan Boneh Using block ciphers Modes of operation: many time key (CBC) Online Cryptography Course Dan Boneh Example applications: 1. File systems: Same.
Dan Boneh Stream ciphers Pseudorandom Generators Online Cryptography Course Dan Boneh.
Cryptography Lecture 2 Arpita Patra. Summary of Last Class  Introduction  Secure Communication in Symmetric Key setting >> SKE is the required primitive.
Dan Boneh Collision resistance Introduction Online Cryptography Course Dan Boneh.
Dan Boneh Public key encryption from Diffie-Hellman The ElGamal Public-key System Online Cryptography Course Dan Boneh.
Dan Boneh Basic key exchange Merkle Puzzles Online Cryptography Course Dan Boneh.
Dan Boneh Message Integrity CBC-MAC and NMAC Online Cryptography Course Dan Boneh.
Cryptography: The Landscape, Fundamental Primitives, and Security David Brumley Carnegie Mellon University.
Odds and ends Tweakable encryption
Notation Intro. Number Theory Online Cryptography Course Dan Boneh
Dan Boneh Basic key exchange Trusted 3 rd parties Online Cryptography Course Dan Boneh.
Dan Boneh Introduction Course Overview Online Cryptography Course Dan Boneh.
Dan Boneh Collision resistance The Merkle-Damgard Paradigm Online Cryptography Course Dan Boneh.
Dan Boneh Stream ciphers PRG Security Defs Online Cryptography Course Dan Boneh.
Dan Boneh Intro. Number Theory Fermat and Euler Online Cryptography Course Dan Boneh.
Dan Boneh Intro. Number Theory Arithmetic algorithms Online Cryptography Course Dan Boneh.
Dan Boneh Odds and ends Deterministic Encryption Online Cryptography Course Dan Boneh.
Block ciphers What is a block cipher?
Dan Boneh Introduction Discrete Probability (crash course, cont.) Online Cryptography Course Dan Boneh See also:
Online Cryptography Course Dan Boneh
Dan Boneh Public Key Encryption from trapdoor permutations Constructions Online Cryptography Course Dan Boneh Goal: construct chosen-ciphertext secure.
Dan Boneh Authenticated Encryption CBC paddings attacks Online Cryptography Course Dan Boneh.
Dan Boneh Authenticated Encryption Constructions from ciphers and MACs Online Cryptography Course Dan Boneh.
Cryptography Lecture 5 Arpita Patra © Arpita Patra.
Using block ciphers Review: PRPs and PRFs
Secrecy of (fixed-length) stream ciphers
PRPs and PRFs CS255: Winter 2017
Topic 5: Constructing Secure Encryption Schemes
B504/I538: Introduction to Cryptography
B504/I538: Introduction to Cryptography
Cryptography Lecture 5 Arpita Patra © Arpita Patra.
Cryptography Lecture 5 Arpita Patra © Arpita Patra.
Presentation transcript:

Dan Boneh Stream ciphers Stream ciphers are semantically secure Online Cryptography Course Dan Boneh Goal: secure PRG ⇒ semantically secure stream cipher

Dan Boneh Stream ciphers are semantically secure Thm: G:K {0,1} n is a secure PRG ⇒ stream cipher E derived from G is sem. sec. ∀ sem. sec. adversary A, ∃ a PRG adversary B s.t. Adv SS [A,E] ≤ 2 ∙ Adv PRG [B,G]

Dan Boneh Proof: Let A be a sem. sec. adversary. For b=0,1: W b := [ event that b’=1 ]. Adv SS [A,E] = | Pr[ W 0 ] − Pr[ W 1 ] | Chal. b Adv. A kKkK m 0, m 1  M : |m 0 | = |m 1 | c  m b ⊕ G(k) b’  {0,1} r  {0,1} n

Dan Boneh Proof: Let A be a sem. sec. adversary. For b=0,1: W b := [ event that b’=1 ]. Adv SS [A,E] = | Pr[ W 0 ] − Pr[ W 1 ] | For b=0,1: R b := [ event that b’=1 ] Chal. b Adv. A kKkK m 0, m 1  M : |m 0 | = |m 1 | c  m b ⊕ r b’  {0,1} r  {0,1} n

Dan Boneh Proof: Let A be a sem. sec. adversary. Claim 1: | Pr[R 0 ] – Pr[R 1 ] | = Claim 2: ∃ B: | Pr[W b ] – Pr[R b ] | = ⇒ Adv SS [A,E] = | Pr[W 0 ] – Pr[W 1 ] | ≤ 2 ∙ Adv PRG [B,G] 01 Pr[W 0 ]Pr[W 1 ]Pr[R b ]

Dan Boneh Proof of claim 2: ∃ B: | Pr[W 0 ] – Pr[R 0 ] | = Adv PRG [B,G] Algorithm B: Adv PRG [B,G] = PRG adv. B (us) Adv. A (given) c  m 0 ⊕ y y ∈ {0,1} n m 0, m 1 b’ ∈ {0,1}

Dan Boneh End of Segment