Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software Security Seminar - 1 Chapter 4. Intermediate Protocols 2002. 7. 25. 발표자 : 이장원 Applied Cryptography.

Published byBaldric Earl Joseph Modified over 8 years ago

Similar presentations

Presentation on theme: "Software Security Seminar - 1 Chapter 4. Intermediate Protocols 2002. 7. 25. 발표자 : 이장원 Applied Cryptography."— Presentation transcript:

1 Software Security Seminar - 1 Chapter 4. Intermediate Protocols 2002. 7. 25. 발표자 : 이장원 Applied Cryptography

2 Software Security Seminar - 2 Contents 4.9 Bit Commitment 4.10 Fair Coin Flips 4.11 Mental Poker 4.12 One-Way Accumulators 4.13 All-or-Nothing Disclosure Of Secrets 4.14 Key Escrow

3 Software Security Seminar - 3 Bit Commitment (1)Bob generates a random-bit string, and send it to Alice (2)Alice creates a message consisting of the bit she wishes to commit to, and. She encrypts it with some random key and sends the result back to Bob. (3)Alice sends the key. (4)Bob decrypts the message to reveal the bit. He checks his random string to verify the bit’s validity. Bit Commitment Using Symmetric Cryptography

4 Software Security Seminar - 4 Bit Commitment (conti.) (1)Alice generates two random-bit strings. (2)Alice creates a message. (3)Alice computes the one-way function on the message and sends the result, as well as one of the random strings, to Bob. (4)Alice sends Bob the original message. (5)Bob computes the one-way function on the message and compares it and, with the value and random string he received in (3). If they match, the bit is valid. Bit Commitment Using One-Way Function

5 Software Security Seminar - 5 Bit Commitment (conti.) (1)Bob generates a random-bit strings, and sends it to Alice. (2)Alice generates a random seed for a pseudo-random-bit generator. Then, for every bit in Bob’s random-bit string, she sends Bob either : a. the output of the generator if Bob’s bit is 0, or b. the XOR of output of the generator and her bit, if Bob’s bit is 1. (3)Alice sends Bob her random seed. (4)Bob completes step (2) to confirm that Alice was acting fairly. Bit Commitment Using Pseudo-Random-Sequence Generator

6 Software Security Seminar - 6 Bit Commitment (conti.) Properties -Alice can commit to blobs. By committing to a blob, she is committing to a bit. -Alice can open any blob she has committed to. When she opens a blob, she can convince Bob of the value of the bit she committed to when she committed to the blob. Thus, she cannot choose to open any blob as either 0 or 1. -Bob cannot learn how Alice is able to open any unopened blob she has committed to. This is true even after Alice has opened other blobs. -Blobs do not carry any information other than the bit Alice committed to. The blobs themselves, as well as the process by which Alice commits to and opens them, are uncorrelated to anything else that Alice might wish to keep secret from Bob. Blobs ; strings that Alice sends to Bob to commit to a bit.

7 Software Security Seminar - 7 Fair Coin Flips (1)Alice chooses a random number,. She computes, where is the one-way function. (2)Alice sends to Bob. (3)Bob guess whether is even or odd and sends his guess to Alice. (4)If Bob’s guess is correct, the result of the coin flip is heads. If Bob’s guess is incorrect, the result of the coin flip is tails. Alice announces the result of the coin flip and sends to Bob. (5)Bob confirms that. Coin Flipping Using One-Way Function

8 Software Security Seminar - 8 Fair Coin Flips (conti.) Requirement : -Alice and Bob each generate a public-key/private-key key pair. -Alice generates two messages, one indicating heads and the other indicating tails. Alice encrypts both messages with her public key and sends them to Bob in a random order. -Bob, who cannot read either message, chooses one at random. He encrypts it with his public key and sends it back to Alice. -Alice, who cannot read the message sent back to her, decrypts it with her private key and then sends it back to Bob. Coin Flipping Using Public-Key Cryptography

9 Software Security Seminar - 9 Fair Coin Flips (conti.) (5)Bob decrypts the message with his private key to reveal the result of the coin flip. He sends the decrypted message to Alice. (6)Alice reads the result of the coin flip and verifies that the random string is correct. (7)Both Alice and Bob reveal their key pairs so that both can verify that the other did not cheat. Coin Flipping Using Public-Key Cryptography

10 Software Security Seminar - 10 Mental Poker Requirement : the cryptographic algorithm must be commutative. -Alice, Bob, and Carol each generate a public/private-key key pair. -Alice generates 52 messages, one for each card in the deck. Alice encrypts all the messages with her public key and sends them to Bob. -Bob, who cannot read any of the message, chooses five at random. He encrypts them with his public key and sends them back to Alice. -Bob sends the other 47 messages to Carol. -Carol chooses five at random. She encrypts them with her public key and sends them to Alice. Mental Poker with Three Players

11 Software Security Seminar - 11 Mental Poker (conti.) (6)Alice decrypts them with her private key and then sends them back to Bob or Carol. (7)Bob and Carol decrypt the message with their keys to reveal their hands. (8)Carol chooses five more messages at random from the remaining 42. She sends them to Alice. (9)Alice decrypts the messages with her private key to reveal her hand. (10) At the end of the game they reveal their hands and keys so that everyone can make sure that no one has cheated. Mental Poker with Three Players

12 Software Security Seminar - 12 Mental Poker (conti.) (1)Alice generate a public/private-key key pair and keeps both keys secret. (2)The KDC generates a continuous stream of keys. (3)The KDC encrypts the keys, one by one, with its own public key. (4)The KDC transmits the encrypted keys, one by one, onto the network. (5)Alice chooses a key at random. (6)Alice encrypts the chosen key with her public key. (7)Alice waits a while and sends the double-encrypted key back to the KDC. (8)The KDC decrypts the double-encrypted key with its private key, leaving a key encrypted with Alice’s public key. (9)The sever sends the encrypted key back to Alice. (10) Alice decrypts the key with her private key. Anonymous Key Distribution

13 Software Security Seminar - 13 One-Way Accumulators (1)Alice calculates the accumulation of every member’s name other than herself and saves that single value along with her own name. Bob does the same. (2)They trade accumulations and names with each other. (3)Alice confirms that Bob’s name added to his accumulation is equal to Alice’s name added to her accumulation. Bob does the same. Requirement : Commutative

14 Software Security Seminar - 14 Key Escrow (1)Alice creates her private/public-key key pair. She splits the private key into several public pieces and private pieces. (2)Alice sends a public piece and corresponding private piece to each of the trustees. These messages must be encrypted. She also sends the public key to the KDC. (3)Each trustee, independently, performs a calculation on its public piece and its private piece confirm that they are correct. Each trustee stores the private piece somewhere secure and sends the public piece to the KDC. (4)The KDC performs another calculation on the public pieces and the public key. Assuming that everything is correct, it signs the public key and either sends it back to Alice or posts it in a database somewhere. Fair cryptosystems [Micali]

Download ppt "Software Security Seminar - 1 Chapter 4. Intermediate Protocols 2002. 7. 25. 발표자 : 이장원 Applied Cryptography."

Similar presentations

RSA.

RSA.
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
Intro to Quantum Cryptography Algorithms Andrew Hamel EECS 598 Quantum Computing FALL 2001.

Intro to Quantum Cryptography Algorithms Andrew Hamel EECS 598 Quantum Computing FALL 2001.
Computer Security Set of slides 5 Dr Alexei Vernitski.

Computer Security Set of slides 5 Dr Alexei Vernitski.
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.

Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Security Definitions in Computational Cryptography

Security Definitions in Computational Cryptography
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.

Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.

1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

Similar presentations

Ads by Google