Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dan Boneh Odds and ends Format preserving encryption Online Cryptography Course Dan Boneh.

Published byMiranda James Modified over 9 years ago

Similar presentations

Presentation on theme: "Dan Boneh Odds and ends Format preserving encryption Online Cryptography Course Dan Boneh."— Presentation transcript:

1 Dan Boneh Odds and ends Format preserving encryption Online Cryptography Course Dan Boneh

2 Dan Boneh Encrypting credit card numbers Goal: end-to-end encryption Intermediate processors expect to see a credit card number ⇒ encrypted credit card should look like a credit card Credit card format: bbbb bbnn nnnn nnnc ( ≈ 42 bits ) processor #1processor #2processor #3acquiring bank k k POS terminal

3 Dan Boneh Format preserving encryption (FPE) This segment:given 0 < s ≤ 2 n, build a PRP on {0,…,s-1} from a secure PRF F: K × {0,1} n {0,1} n (e.g. AES) Then to encrypt a credit card number: (s = total # credit cards) 1.map given CC# to {0,…,s-1} 2.apply PRP to get an output in {0,…,s-1} 3.map output back a to CC#

4 Dan Boneh Step 1: from {0,1} n to {0,1} t (t<n) Want PRP on {0,…,s-1}. Let t be such that 2 t-1 < s ≤ 2 t. Method: Luby-Rackoff with F’: K × {0,1} t/2 {0,1} t/2 (truncate F) R3R3 R3R3 L3L3 L3L3 R0R0 R0R0 L0L0 L0L0 input R1R1 R1R1 L1L1 L1L1 ⊕ F’(k 1, ⋅ ) R2R2 R2R2 L2L2 L2L2 ⊕ F’(k 2, ⋅ ) ⊕ F’(k 3, ⋅ ) output t/2 bits (better to use 7 rounds a la Patarin, Crypto’03)

5 Dan Boneh Step 2: from {0,1} t to {0,…,s-1} Given PRP(E,D): K × {0,1} t {0,1} t we build(E’,D’): K × {0,…,s-1} {0,…,s-1} E’(k, x): on input x ∈ {0,…,s-1} do: yx; do { y E(k, y) } until y ∈ {0,…,s-1}; output y {0,…,s-1} {0,1} t Expected # iterations: 2

6 Dan Boneh Security Step 2 is tight: ∀ A ∃ B: PRP adv [A,E] = PRP adv [B,E’] Intuition: ∀ sets Y ⊆ X, applying the transformation to a random perm. π: X X gives a random perm. π': Y Y Step 1: same security as Luby-Rackoff construction note: no integrity (actually using analysis of Patarin, Crypto’03)

7 Dan Boneh Further reading Cryptographic Extraction and Key Derivation: The HKDF Scheme. H. Krawczyk, Crypto 2010 Deterministic Authenticated-Encryption: A Provable-Security Treatment of the Keywrap Problem. P. Rogaway, T. Shrimption, Eurocrypt 2006 A Parallelizable Enciphering Mode. S. Halevi, P. Rogaway, CT-RSA 2004 Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC. P. Rogaway, Asiacrypt 2004 How to Encipher Messages on a Small Domain: Deterministic Encryption and the Thorp Shuffle. B. Morris, P. Rogaway, T. Stegers, Crypto 2009

8 Dan Boneh End of Segment

Download ppt "Dan Boneh Odds and ends Format preserving encryption Online Cryptography Course Dan Boneh."

Similar presentations

Dan Boneh Message integrity Message Auth. Codes Online Cryptography Course Dan Boneh.

Dan Boneh Message integrity Message Auth. Codes Online Cryptography Course Dan Boneh.
Dan Boneh Using block ciphers Modes of operation: one time key Online Cryptography Course Dan Boneh example: encrypted email, new key for every message.

Dan Boneh Using block ciphers Modes of operation: one time key Online Cryptography Course Dan Boneh example: encrypted , new key for every message.
Trusted 3rd parties Basic key exchange

Trusted 3rd parties Basic key exchange
Dan Boneh Public key encryption from Diffie-Hellman ElGamal Variants With Better Security Online Cryptography Course Dan Boneh.

Dan Boneh Public key encryption from Diffie-Hellman ElGamal Variants With Better Security Online Cryptography Course Dan Boneh.
1 PRPs and PRFs CS255: Winter 2008 1.Abstract ciphers: PRPs and PRFs, 2.Security models for encryption, 3.Analysis of CBC and counter mode Dan Boneh, Stanford.

1 PRPs and PRFs CS255: Winter Abstract ciphers: PRPs and PRFs, 2.Security models for encryption, 3.Analysis of CBC and counter mode Dan Boneh, Stanford.
Dan Boneh Authenticated Encryption Active attacks on CPA-secure encryption Online Cryptography Course Dan Boneh.

Dan Boneh Authenticated Encryption Active attacks on CPA-secure encryption Online Cryptography Course Dan Boneh.
Length-Doubling Ciphers and Tweakable Ciphers Haibin Zhang Computer Science Department University of California, Davis

Length-Doubling Ciphers and Tweakable Ciphers Haibin Zhang Computer Science Department University of California, Davis
Dan Boneh Message Integrity A Parallel MAC Online Cryptography Course Dan Boneh.

Dan Boneh Message Integrity A Parallel MAC Online Cryptography Course Dan Boneh.
Foundations of Cryptography Lecture 12 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 12 Lecturer: Moni Naor.
Submission doc.: IEEE 11-12/1253r1 November 2012 Dan Harkins, Aruba NetworksSlide 1 Why Use SIV for 11ai? Date: 2012-10-30 Authors:

Submission doc.: IEEE 11-12/1253r1 November 2012 Dan Harkins, Aruba NetworksSlide 1 Why Use SIV for 11ai? Date: Authors:
A Block-Cipher Mode of Operation for Parallelizable Message Authentication John Black University of Nevada, Reno, USA Phillip Rogaway University of California,

A Block-Cipher Mode of Operation for Parallelizable Message Authentication John Black University of Nevada, Reno, USA Phillip Rogaway University of California,
#1 EAX A two-pass authenticated encryption mode Mihir BellarePhillip RogawayDavid Wagner U.C. San Diego U.C. Davis and U.C. Berkeley Chiang Mai University.

#1 EAX A two-pass authenticated encryption mode Mihir BellarePhillip RogawayDavid Wagner U.C. San Diego U.C. Davis and U.C. Berkeley Chiang Mai University.
Foundations of Cryptography Lecture 10: Pseudo-Random Permutations and the Security of Encryption Schemes Lecturer: Moni Naor Announce home )deadline.

Foundations of Cryptography Lecture 10: Pseudo-Random Permutations and the Security of Encryption Schemes Lecturer: Moni Naor Announce home )deadline.
Dan Boneh Basic key exchange Public-key encryption Online Cryptography Course Dan Boneh.

Dan Boneh Basic key exchange Public-key encryption Online Cryptography Course Dan Boneh.
CS555Spring 2012/Topic 91 Cryptography CS 555 Topic 9: Block Cipher Construction & DES.

CS555Spring 2012/Topic 91 Cryptography CS 555 Topic 9: Block Cipher Construction & DES.
Dan Boneh Public Key Encryption from trapdoor permutations RSA in practice Online Cryptography Course Dan Boneh.

Dan Boneh Public Key Encryption from trapdoor permutations RSA in practice Online Cryptography Course Dan Boneh.
Dan Boneh Block ciphers The data encryption standard (DES) Online Cryptography Course Dan Boneh.

Dan Boneh Block ciphers The data encryption standard (DES) Online Cryptography Course Dan Boneh.
Dan Boneh Introduction What is cryptography? Online Cryptography Course Dan Boneh.

Dan Boneh Introduction What is cryptography? Online Cryptography Course Dan Boneh.
Dan Boneh Authenticated Encryption Definitions Online Cryptography Course Dan Boneh.

Dan Boneh Authenticated Encryption Definitions Online Cryptography Course Dan Boneh.
Dan Boneh Odds and ends Key Derivation Online Cryptography Course Dan Boneh.

Dan Boneh Odds and ends Key Derivation Online Cryptography Course Dan Boneh.

Similar presentations

Ads by Google