Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dan Boneh Public key encryption from Diffie-Hellman The ElGamal Public-key System Online Cryptography Course Dan Boneh.

Published byMaria Parrish Modified over 9 years ago

Similar presentations

Presentation on theme: "Dan Boneh Public key encryption from Diffie-Hellman The ElGamal Public-key System Online Cryptography Course Dan Boneh."— Presentation transcript:

1 Dan Boneh Public key encryption from Diffie-Hellman The ElGamal Public-key System Online Cryptography Course Dan Boneh

2 Dan Boneh Recap: public key encryption: (Gen, E, D) E E D D pk mccm sk Gen

3 Dan Boneh Recap: public-key encryption applications Key exchange (e.g. in HTTPS) Encryption in non-interactive settings: Secure Email: Bob has Alice’s pub-key and sends her an email Encrypted File Systems Bob write E(k F, File) E(pk A, K F ) E(pk B, K F ) Alice read File sk A

4 Dan Boneh Recap: public-key encryption applications Key exchange (e.g. in HTTPS) Encryption in non-interactive settings: Secure Email: Bob has Alice’s pub-key and sends her an email Encrypted File Systems Key escrow: data recovery without Bob’s key Bob write E(k F, File) E(pk escrow, K F ) E(pk B, K F ) Escrow Service Escrow Service sk escrow

5 Dan Boneh Constructions This week: two families of public-key encryption schemes Previous lecture: based on trapdoor functions (such as RSA) – Schemes: ISO standard, OAEP+, … This lecture: based on the Diffie-Hellman protocol – Schemes: ElGamal encryption and variants (e.g. used in GPG) Security goals: chosen ciphertext security

6 Dan Boneh Review: the Diffie-Hellman protocol (1977) Fix a finite cyclic group G ( e.g G = (Z p ) * ) of order n Fix a generator g in G ( i.e. G = {1, g, g 2, g 3, …, g n-1 } ) AliceBob choose random a in {1,…,n}choose random b in {1,…,n} k AB = g ab = ( g a ) b = A b B a = ( g b ) a = A = g a B = g b

7 Dan Boneh ElGamal: converting to pub-key enc. (1984) Fix a finite cyclic group G ( e.g G = (Z p ) * ) of order n Fix a generator g in G ( i.e. G = {1, g, g 2, g 3, …, g n-1 } ) AliceBob choose random a in {1,…,n}choose random b in {1,…,n} A = g a B = g b Treat as a public key ct = [, ] compute g ab = A b, derive symmetric key k, encrypt message m with k

8 Dan Boneh ElGamal: converting to pub-key enc. (1984) Fix a finite cyclic group G ( e.g G = (Z p ) * ) of order n Fix a generator g in G ( i.e. G = {1, g, g 2, g 3, …, g n-1 } ) AliceBob choose random a in {1,…,n}choose random b in {1,…,n} A = g a B = g b Treat as a public key ct = [, ] compute g ab = A b, derive symmetric key k, encrypt message m with k To decrypt: compute g ab = B a, derive k, and decrypt

9 Dan Boneh The ElGamal system (a modern view) G: finite cyclic group of order n (E s, D s ) : symmetric auth. encryption defined over (K,M,C) H: G 2 K a hash function We construct a pub-key enc. system (Gen, E, D): Key generation Gen: – choose random generator g in G and random a in Z n – output sk = a, pk = (g, h=g a )

10 Dan Boneh The ElGamal system (a modern view) E ( pk=(g,h), m ) : b Z n, u g b, v h b k H(u,v), c E s (k, m) output (u, c) D ( sk=a, (u,c) ) : v u a k H(u,v), m D s (k, c) output m G: finite cyclic group of order n (E s, D s ) : symmetric auth. encryption defined over (K,M,C) H: G 2 K a hash function R

11 Dan Boneh ElGamal performance Encryption: 2 exp. (fixed basis) – Can pre-compute [ g (2^i), h (2^i) for i=1,…,log 2 n ] – 3x speed-up (or more) Decryption: 1 exp. (variable basis) E( pk=(g,h), m) : b Z n, u g b, v h b D( sk=a, (u,c) ) : v u a

12 Dan Boneh End of Segment Next step: why is this system chosen ciphertext secure? under what assumptions?

Download ppt "Dan Boneh Public key encryption from Diffie-Hellman The ElGamal Public-key System Online Cryptography Course Dan Boneh."

Similar presentations

ElGamal Security Public key encryption from Diffie-Hellman

ElGamal Security Public key encryption from Diffie-Hellman
Trusted 3rd parties Basic key exchange

Trusted 3rd parties Basic key exchange
Dan Boneh Public key encryption from Diffie-Hellman ElGamal Variants With Better Security Online Cryptography Course Dan Boneh.

Dan Boneh Public key encryption from Diffie-Hellman ElGamal Variants With Better Security Online Cryptography Course Dan Boneh.
CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.

CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.
Asymmetric-Key Cryptography

Asymmetric-Key Cryptography
7. Asymmetric encryption-

7. Asymmetric encryption-
Secret Handshakes from CA-Oblivious Encryption Asiacrypt 2004, Jeju-do, Korea Claude Castelluccia, Stanisław Jarecki, Gene Tsudik UC Irvine.

Secret Handshakes from CA-Oblivious Encryption Asiacrypt 2004, Jeju-do, Korea Claude Castelluccia, Stanisław Jarecki, Gene Tsudik UC Irvine.
Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.

HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.
Identity Based Encryption

Identity Based Encryption
A Designer’s Guide to KEMs Alex Dent

A Designer’s Guide to KEMs Alex Dent
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.

Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
1 CIS 5371 Cryptography 9. Data Integrity Techniques.

1 CIS 5371 Cryptography 9. Data Integrity Techniques.
Dan Boneh Basic key exchange The Diffie-Hellman protocol Online Cryptography Course Dan Boneh.

Dan Boneh Basic key exchange The Diffie-Hellman protocol Online Cryptography Course Dan Boneh.
Dan Boneh Basic key exchange Public-key encryption Online Cryptography Course Dan Boneh.

Dan Boneh Basic key exchange Public-key encryption Online Cryptography Course Dan Boneh.
Dan Boneh Public Key Encryption from trapdoor permutations The RSA trapdoor permutation Online Cryptography Course Dan Boneh.

Dan Boneh Public Key Encryption from trapdoor permutations The RSA trapdoor permutation Online Cryptography Course Dan Boneh.

Similar presentations

Ads by Google