Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Crash Course in Modern Crypto Tools Dan Boneh Stanford University.

Published byJesus Potter Modified over 11 years ago

Similar presentations

Presentation on theme: "A Crash Course in Modern Crypto Tools Dan Boneh Stanford University."— Presentation transcript:

1 A Crash Course in Modern Crypto Tools Dan Boneh Stanford University

2 1. Aggregate sigs Anyone can aggregate n signatures into one. Aggregate S convinces verifier that M 1, …, M n were properly signed by users 1, …, n. User 1: PK 1, M 1 S 1 User 2: PK 2, M 2 S 2 User n: PK n, M n S n S [BGLS02]

3 Sample applications Secure routing protocols (SBGP) # sigs in path attestation grows linearly in length of path. Aggregating sigs reduces traffic and memory. Certificate chains (chains of trust) Aggregate all sigs in chain into one. 1 2 8 7 4 3 5 6 1 1 1 2,1 4,1 3,1 4,1 9 8,2,1

4 2. Group Signatures Simple solution: give all users same private key … but, also need to: revoke signers when needed, and trace: trapdoor for undoing sig privacy. Key Issuer User 1 User 2 Is sig from user 1 or 2? msg sig

5 Example: Vehicle Safety Comm. (VSC) Car 1Car 2Car 3Car 4 brake 1. 2. Car Ambulance out of my way !! Require authenticated (signed) messages from cars. Prevent impersonation and DoS on traffic system. Privacy problem: cars broadcasting signed (x,y, v ). Clean solution: group sigs. Group = set of all cars.

6 3. Broadcast Encryption [FN93] Encrypt to arbitrary subsets S. Collusion resistance: secure even if all users in S c collude. K1K1 K2K2 K3K3 S {1,…,n} CT = E[M,S]

7 Example: Encrypted File Systems Broadcast to small sets: |S| << n Best construction: trivial. |CT|=O(|S|), |priv|=O(1) Examples: EFS, Email. File F E K F [F] E PK A [K F ] E PK C [K F ] Header < 256K E PK B [K F ]

8 Broadcast Encryption Public-key BE system: Setup(n):outputs private keys d 1, …, d n and public-key PK. Encrypt(S, PK, M): Encrypt M for users S {1, …, n} Output ciphertext CT. Decrypt(CT, S, j, d j, PK): If j S, output M. Broadcast contains ( [S], CT )

9 Broadcast size CT SizePriv-key size Small sets:trivialO(|S|)O(1) Large sets: NNL,HS,GST O(n-|S|)O(log n) Any set: BGW 05 O(1)

10 Broadcast size CT SizePriv-key size Small sets:trivialO(|S|)O(1) Large sets: NNL,HS,GST O(n-|S|)O(log n) Any set: BGW 05 O(1) with O(n) size public key

11 Summary Surveyed: Aggragate sigs, groups sigs, broadcast enc. All implemented in PBC Library: http://crypto.stanford.edu/pbc Open source under GPL

Download ppt "A Crash Course in Modern Crypto Tools Dan Boneh Stanford University."

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
By Md Emran Mazumder Ottawa University Student no: 6282845.

By Md Emran Mazumder Ottawa University Student no:
The Attestation Mechanism in Trusted Computing. A Simple Remote Attestation Protocol Platform TPM Verifier Application A generates PK A & SK A 2) computes.

The Attestation Mechanism in Trusted Computing. A Simple Remote Attestation Protocol Platform TPM Verifier Application A generates PK A & SK A 2) computes.
Access control for IP multicast T-110.557 Petri Jokela

Access control for IP multicast T Petri Jokela
Anonymous Credentials: How to show credentials without compromising privacy Melissa Chase Microsoft Research.

Anonymous Credentials: How to show credentials without compromising privacy Melissa Chase Microsoft Research.
Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.

Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Digital Signatures. Anononymity and the Internet.

Digital Signatures. Anononymity and the Internet.
IAW 2006 Cascaded Authorization with Anonymous- Signer Aggregate Signatures Danfeng Yao Department of Computer Science Brown University Joint work with.

IAW 2006 Cascaded Authorization with Anonymous- Signer Aggregate Signatures Danfeng Yao Department of Computer Science Brown University Joint work with.
1 A Fully Collusion Resistant Broadcast, Trace and Revoke System Brent Waters SRI International Dan Boneh Stanford.

1 A Fully Collusion Resistant Broadcast, Trace and Revoke System Brent Waters SRI International Dan Boneh Stanford.
Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan.

Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan.
Securing the Border Gateway Protocol Using S-BGP Dr. Stephen Kent Chief Scientist - Information Security APNIC Open Policy Meeting Routing.

Securing the Border Gateway Protocol Using S-BGP Dr. Stephen Kent Chief Scientist - Information Security APNIC Open Policy Meeting Routing.
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.

Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.
Implementation of LSI for Privacy Enhancing Computation Kazue Sako, Sumio Morioka 2011.2.10

Implementation of LSI for Privacy Enhancing Computation Kazue Sako, Sumio Morioka
LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006.

LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
Cryptography for Backup Navigation

Cryptography for Backup Navigation

Similar presentations

Ads by Google