Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software Security Seminar - 1 Chapter 5. Advanced Protocols 2002. 7. 24. 조미성 Applied Cryptography.

Published byAlexia Goodman Modified over 9 years ago

Similar presentations

Presentation on theme: "Software Security Seminar - 1 Chapter 5. Advanced Protocols 2002. 7. 24. 조미성 Applied Cryptography."— Presentation transcript:

1 Software Security Seminar - 1 Chapter 5. Advanced Protocols 2002. 7. 24. 조미성 Applied Cryptography

2 Software Security Seminar - 2 Contents 5.3 Blind Signatures 5.4 Identity-Based Public-Key Cryptography 5.5 Oblivious Transfer 5.6 Oblivious Signatures 5.7 Simultaneous Contract Signing 5.8 Digital Certified Mail 5.9 Simultaneous Exchange of Secrets

3 Software Security Seminar - 3 Completely Blind Signatures Alice Bob(notary) m, b (random factor) f(m)=m x b Sign(m)=g(Sign(f(m))) Sign(f(m)) - Properties 1. Bob’s signature on the document is valid 2. Bob cannot correlate the signed document with the act of signing the document

4 Software Security Seminar - 4 Blind Signatures - Bob can know what he is signing, while still maintaining the useful properties of a blind signature  Cut-and-choose technique Alice Bob m 1, b 1, … m n, b n f(m i )=m i x b i choose n-1 f(m i ) at random (n-1) b 1, b 2, …, b n Sign(m j )=g(Sign(f(m j ))) Sign(f(m j ))  secure against Alice cheating

5 Software Security Seminar - 5 5.4 Identity-Based Public-Key Cryptography Identity-based Cryptosystems = Non-interactive Key sharing system Alice wants to send a secure message to Bob without getting his public key from a key server - Bob’s public key is based on his name and network address  public key = identity ex) mail system - Trent issues private keys to users based on their identity - Design a system in such a way that a collusion of dishonest users cannot forge a key

6 Software Security Seminar - 6 5.5 Oblivious Transfer Alice will send Bob one of two messages. Bob will receive one, and Alice will not know which. Alice Bob (m 1, m 2 ) (pk 1, sk 1 ), (pk 2, sk 2 ) pk 1, pk 2 K:symmetric key E pk i (K) D sk 1 ( E pk i (K)), D sk 2 (E pk i (K)) E K (m 1 ), E G (m 2 ) D K (E K (m 1 ))= m 1, D K (E G (m 2 )) sk 1, sk 2

7 Software Security Seminar - 7 Alice has n different messages. Bob can choose one of the n messages for Alice to sign, and Alice will have no way of knowing which one she signed. Alice has one message. Bob can choose one of n keys for Alice to use in signing the message, and Alice will have no way of knowing which key she used. 5.6 Oblivious Signatures

8 Software Security Seminar - 8 Contract Signing with an Arbitrator Alice Trend Bob Sign A (C) Sign B (C) Sign A (C), Sign A (C) Sign B (Sign A (C)), Sign B (Sign A (C)) Sign B (Sign A (C)) Simultaneous Contract Signing without an Arbitrator (Face-to- Face) - Alice signs the first letter of her name and passes the contract to Bob - Bob signs the first letter of her name and passes the contract to Alice … 5.7 Simultaneous Contract Signing

9 Software Security Seminar - 9 Simultaneous Contract Signing without an Arbitrator(Not Face-to-Face) - Alice and Bob agree on a date by which the signing protocol should be completed. - Alice and Bob decide on a probability difference (a, b) that they are willing to live with. - Alice sends Bob a signed message with p=a - Bob sends Alice a signed message with p=a+b … - continue this steps until both have received message with p=1 or until the date agreed has passed 5.7 Simultaneous Contract Signing(Conti.)

10 Software Security Seminar - 10 Simultaneous Contract Signing without an Arbitrator(Using Cryptography) 1) select 2n DES keys randomly, grouped in pairs. 2) generate n pairs of messages, Li and Ri (i=1, …, n) (contain a digital signature and a timestamp) 3) encrypt their message pairs in each of the DES key pairs 4) send each other their pile of 2n encrypted messages 5) send each other every key pair using the oblivious transfer protocol for each pair 6) decrypt the message haves that they can, using the keys they received 7) send each other the first bits of all 2n DES keys … 8) decrypt the remaining halves of the message pairs and the contract is signed 9) exchange the private keys used during the oblivious transfer protocol 5.7 Simultaneous Contract Signing(Conti.)

11 Software Security Seminar - 11 Alice’s attack - send Bob nonsense bit strings in step 4) - disrupt half  1/ - send Bob random bit in step 8) - just go along with step 8) until she has enough bits of the keys to mount a brute-force attack and then stop transmitting bits  it’s problem if one of the parties has significantly more computing power than the other - send Bob identical messages in step 5) 5.7 Simultaneous Contract Signing(Conti.)

12 Software Security Seminar - 12 Suppose Alice wants to send a message to Bob, but does not want him to read it without signing a receipt 1) Alice encrypts her message using a random DES key K and send it to Bob. 2) Alice generates n pairs (Ki, Ki  K) of DES keys 3) Alice encrypts a dummy message with each of 2n keys 4) Alice sends the whole pile of encrypted messages to Bob 5) Bob generates n pairs of random DRS keys 6) Bob generates n pairs of messages that indicates a valid receipt 7) Bob encrypts each of his message pairs with DES key pairs 8) Bob sends the whole pile of message pairs to Alice 9) Alice and Bob send each other every key pairs using the oblivious transfer 5.8 Digital Certified Mail

13 Software Security Seminar - 13 10) Both Alice and Bob decrypt the halves and make sure that the decrypted messages are valid 11) Alice and Bob each the first bits of all 2n DES keys 12) repeat step 11) until all the bits of all the DES keys have been transferred 13) Alice and Bob decrypt the remaining halves of the message pairs 14) Alice and Bob exchange the private keys used during the oblivious transfer 5.8 Digital Certified Mail(Conti.)

14 Software Security Seminar - 14 Alice and Bob exchange secrets (A, B) simultaneously Modify the certified mail protocol Alice’s message  A Bob’s message  B  This protocol allows Alice and Bob to exchange secrets simultaneously, but says nothing about the quality of the secrets excahnged 5.9 Simultaneous Exchange of Secrets

Download ppt "Software Security Seminar - 1 Chapter 5. Advanced Protocols 2002. 7. 24. 조미성 Applied Cryptography."

Similar presentations

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA Secret sharing Secret sharing DTTF/NB479: DszquphsbqizDay 29.

Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA Secret sharing Secret sharing DTTF/NB479: DszquphsbqizDay 29.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Introduction to Signcryption November 22, 2004. 22/11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.

Introduction to Signcryption November 22, /11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Optimistic Synchronous Multi-Party Contract Signing N. Asokan, Baum-Waidner, M. Schunter, M. Waidner Presented By Uday Nayak Advisor: Chris Lynch.

Optimistic Synchronous Multi-Party Contract Signing N. Asokan, Baum-Waidner, M. Schunter, M. Waidner Presented By Uday Nayak Advisor: Chris Lynch.
1 CPSC156: The Internet Co-Evolution of Technology and Society Lectures 19,20, and 21: April 5, 10, and 12, 2007 Cryptographic Primitives.

1 CPSC156: The Internet Co-Evolution of Technology and Society Lectures 19,20, and 21: April 5, 10, and 12, 2007 Cryptographic Primitives.
Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.

Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 6 Epayment Security II.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 29.

Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 29.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Public-Key Cryptography and RSA CSE 651: Introduction to Network Security.

Public-Key Cryptography and RSA CSE 651: Introduction to Network Security.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
Introduction to Public Key Cryptography

Introduction to Public Key Cryptography
Public Key Model 8. Cryptography part 2.

Public Key Model 8. Cryptography part 2.

Similar presentations

Ads by Google