Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography Lecture 14.

Published byΣκύλλα Σερπετζόγλου Modified over 6 years ago

Similar presentations

Presentation on theme: "Cryptography Lecture 14."— Presentation transcript:

1 Cryptography Lecture 14

2 Other applications of hash functions

3 Hash functions are ubiquitous
Collision-resistance  “fingerprinting” Used as a one-way function Key derivation

4 Fingerprinting E.g., file integrity
Assuming it is possible to get a reliable copy of H(x) for file x Note: different from integrity in the context of message-authentication codes

5 Outsourced storage How to outsource files to an untrusted server? x x
h=H(x) x H(x)=?h

6 Outsourced storage x1, …, xn x1, …, xn hi =H(xi) i xi H(xi)=?hi
O(n) client storage!

7 Outsourced storage x1, …, xn x1, …, xn h =H(x1, …, xn) i x1, …, xn
H(x1, …, xn)=?h O(n|x|) communication!

8 Outsourced storage x1, …, xn x1, …, xn h =H(H(x1), …, H(xn)) i
xi, h1, …, hn H(h1, …, H(xi), …, hn)=?h |xi| + O(n) communication!

9 Merkle tree Only store the root! Verify…
x1 x2 x2 x3 x4 Only store the root! Verify… O(log n) communication/computation!

10 Outsourced storage Using a Merkle tree, we can solve the outsourcing problem with O(1) client storage and |x| + O(log n) communication

11 Password hashing Server stores H(pw) instead of pw
Requires more than one-wayness of H… See later discussion on random oracles Salting…

12 Key derivation Consider deriving a (shared) key from (shared) high-entropy information E.g., biometric data E.g., generating randomness Cryptographic keys must be uniform, but shared data is only high-entropy

13 Min-entropy Let X be a distribution
The min-entropy of X (measured in bits) is H(X) = - log maxx { Pr[X=x] } I.e., if H(X) = n, then the probability of guessing x sampled from X is (at most) 2-n Min-entropy is more suitable for crypto than entropy

14 Key derivation Given shared information x (sampled from distribution X), derive shared key k=H(x) In what sense can we claim that k is a “good” (i.e., uniformly distributed) cryptographic key?

15 Exam review

16 Comments on the exam Q1-Q3 should have been immediate
Q1/Q3 were straight from the book Q2 was similar to problems done in class, and on the optional exercises Q4 required some thought (16 points) Q5 was based on HW4, but required some thought (14 points)

17 Requests for re-grades
Mistaken calculation Happy to fix Incorrectly graded/scored Scores followed a consistent rubric for all exams Make sure you understand the correct answer If you still want a re-grade: Submit your exam along with a written explanation for why you are requesting a re-grade Entire exam will be re-graded

Download ppt "Cryptography Lecture 14."

Similar presentations

CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
Fuzzy Stuff 6.857 Lecture 24, 2006. Outline Motivation: Biometric Architectures Motivation: Biometric Architectures New Tool (for us): Error Correcting.

Fuzzy Stuff Lecture 24, Outline Motivation: Biometric Architectures Motivation: Biometric Architectures New Tool (for us): Error Correcting.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 4.1: Hash Functions, and Message Authentication Codes CS 436/636/736 Spring 2015 Nitesh Saxena.

Lecture 4.1: Hash Functions, and Message Authentication Codes CS 436/636/736 Spring 2015 Nitesh Saxena.
Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme

Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme
Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.

Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.
Hash Functions Ramki Thurimella. 2 What is a hash function? Also known as message digest or fingerprint Compression: A function that maps arbitrarily.

Hash Functions Ramki Thurimella. 2 What is a hash function? Also known as message digest or fingerprint Compression: A function that maps arbitrarily.
Lecture 4.1: Hash Functions, and Message Authentication Codes CS 436/636/736 Spring 2014 Nitesh Saxena.

Lecture 4.1: Hash Functions, and Message Authentication Codes CS 436/636/736 Spring 2014 Nitesh Saxena.
CS426Fall 2010/Lecture 51 Computer Security CS 426 Lecture 5 Cryptography: Cryptographic Hash Function.

CS426Fall 2010/Lecture 51 Computer Security CS 426 Lecture 5 Cryptography: Cryptographic Hash Function.
Cryptography Hyunsung Kim, PhD University of Malawi, Chancellor College Kyungil University February, 2016.

Cryptography Hyunsung Kim, PhD University of Malawi, Chancellor College Kyungil University February, 2016.
CS555Spring 2012/Topic 141 Cryptography CS 555 Topic 14: CBC-MAC & Hash Functions.

CS555Spring 2012/Topic 141 Cryptography CS 555 Topic 14: CBC-MAC & Hash Functions.
Outline The basic authentication problem

Outline The basic authentication problem
Computational Fuzzy Extractors

Computational Fuzzy Extractors
Information Security message M one-way hash fingerprint f = H(M)

Information Security message M one-way hash fingerprint f = H(M)
Cryptographic hash functions

Cryptographic hash functions

Similar presentations

Ads by Google