Introduction to Cryptography
|
|
- Barrie Davidson
- 6 years ago
- Views:
Transcription
1 B504 / I538: Introduction to Cryptography Spring 2017 Lecture 11
2 * modulo the 1-week extension on problems 3 & 4 Assignment 2 * is due! Assignment 3 is out and is due in two weeks! 1
3
4 Secrecy vs. integrity and authenticity So far we have only worried about secrecy of messages However, secrecy integrity, authenticity Q: What happens if attacker flips a ciphertext bit in OTP / stream cipher / OBF mode / CTR mode? A: The corresponding plaintext bit also flips! Q: What happens if an attacker duplicates, removes, or permutes ciphertext blocks in ECB mode? A: The corresponding plaintext blocks are duplicated, removed, or permuted! 4 Q: Are authenticity attacks possible in CBC mode? A: Yes!
5 Malleability of CBC mode m m 1 m 2 m l k k k m 1 m 2 m l Π k Π k Π k IV c 1 c 2 c l 5 - truncate blocks - flip IV bit - flip c i bit truncate correspond plaintext blocks flip corresponding bit of m 1 randomize m i and flip corresponding m i+1 bit c IV c 1 c 2 c l
6 Non-cryptographic integrity checks Cyclic redundancy check (CRC) Detects random errors due to noisy channel Not intended to detect attacker-induced (intentional) errors A straw-man proposal: Alice computes c Enc k (m) using CTR mode Alice computes t CRC(c) Ciphertext is the pair (c,t) 6 Q: What could possibly go wrong? A: Attacker changes c to c, then changes t to t = CRC(c )!
7 Non-cryptographic integrity checks An improved proposal (?): Compute t CRC(m) Ciphertext is c Enc k (m t) Q: What could possibly go wrong now? A: CRC is a linear code: x,y, CRC(x y) = CRC(x) CRC(y) 7 Integrity in presence of attackers requires a secret key!
8 Message authentication codes (MACs) Intuitively, a message authentication code (MAC) is a short piece of information used to verify the integrity and authenticity of a message input a secret key and an arbitrary-length message and outputs a short value called a tag no efficient algorithm should be able to forge a valid MAC tag (under an unknown key) on any message, except with negligible probability 8
9 Message authentication codes (MACs) Defⁿ: A message authentication code (MAC) is a triple of efficient algorithms (Gen,MAC,Ver) such that Gen:1 N {0,1} * is a randomized key generation algorithm MAC:K M T is a tagging algorithm Ver:K M T {0,1} is a tag verification algorithm Usually write MAC k (m) and Ver k (m, t) instead of MAC(k, m) and Ver(k, m, t) K is the key space (the set of possible keys) M is the message space (the set of possible messages) 9 T is the tag space (the set of possible tags )
10 Correctness Intuitively: Correctness is the property of being able to verify a tag (given knowledge of the correct key) Defⁿ: A MAC scheme (Gen,MAC,Ver) with key space K and message space M is correct if k K and m M, Pr[Ver k (m,mac k (m))=1]=1 Note: it is possible (but uncommon) to allow correctness with probability p < 1 10
11 MAC forgery games We have seen a number of indistinguishability games 1. Attacker gets oracle access to (or receives a signal from) the challenger, and must guess which of two versions of the game is being played 2. Attacker outputs either 0 or 1 3. Attacker advantage is Pr[ correct guess ] 1/2 11 MAC scheme security uses a forgery game 1. Attacker gets oracle access to MAC algorithms 2. Attacker outputs a message-tag pair not provided by the oracle 3. Attacker advantage is Pr[ tag is valid ]
12 MAC selective forgery game Challenger (C) Forger (A) 1 n k Gen(1 n 1 ) n t 1 MAC k (m 1 ) t 2 MAC k (m 2 ) m 1 t 1 m 2 t 2 m 1 M {m} m 2 M {m} m M t n MAC k (m n ) m n t n m n M {m} t T 12 Let E be the event that Ver k (m, t)=1 Define A s advantage to be Adv MAC-selective-forge (A) Pr[E]
13 Selective unforgeability Defⁿ: A MAC scheme (Gen,MAC,Ver) is selectively unforgeable under adaptive chosen message attacks if, for every PPT attacker A, there exists a negligible function ε:n R+ such that for all m M, Adv MAC-selective-forge (A) ε(s). The message m is chosen by the attacker prior to the attack; it may have interesting mathematical properties with respect to the MAC algorithms 13
14 MAC existential forgery game (weak version) Challenger (C) Forger (A) 1 n k Gen(1 n 1 ) n t 1 MAC k (m 1 ) t 2 MAC k (m 2 ) m 1 t 1 m 2 t 2 m 1 M {m} m 2 M {m} m M t n MAC k (m n ) m n t n m n M {m} (m,t) 14 Let E be the event that m {m 1,,m n } yet Ver k (m,t)=1 Define A s advantage to be Adv MAC-weak-ex-forge (A) Pr[E]
15 MAC existential forgery game (strong version) Challenger (C) Forger (A) 1 n k Gen(1 n 1 ) n t 1 MAC k (m 1 ) t 2 MAC k (m 2 ) m 1 t 1 m 2 t 2 m 1 M {m} m 2 M {m} m M t n MAC k (m n ) m n t n m n M {m} (m,t) 15 Let E be the event that (m,t) {(m 1,t 1 ),,(m n,t n )} yet Ver k (m,t)=1 Define A s advantage to be Adv MAC-strong-ex-forge (A) Pr[E]
16 Existential unforgeability Defⁿ: A MAC scheme (Gen,MAC,Ver) is existentially unforgeable under adaptive chosen message attacks if, for every PPT attacker A, there exists a negligible function ε:n R+ such that Adv MAC-strong-ex-forge (A) ε(s). The message m is chosen arbitrarily by the attacker at the end of the attack Existential unforgeability is the default unforgeability property 16
17 MAC universal forgery game Challenger (C) Forger (A) 1 n k Gen(1 n 1 ) n t 1 MAC k (m 1 ) m 1 t 1 m 1 M {m} m M m n m n M {m} m M {m 1,,m n } m (m,t) 17 Let E be the event that Ver k (m,t)=1 Define A s advantage to be Adv MAC-universal-forge (A) Pr[E]
18 Universal unforgeability Defⁿ: A MAC scheme (Gen,MAC,Ver) is existentially unforgeable under adaptive chosen message attacks if, for every PPT attacker A, there exists a negligible function ε:n R+ such that Adv MAC-universal-forge (A) ε(s). An attacker capable of universal forgery can sign messages it chose itself (selective forgery), messages chosen at random, or even specific messages chosen by an opponent 18
19 Notions of unforgeability Existential unforgeability default level of unforgeability Selective unforgeability Universal unforgeability 19
20 Fixed-length MAC scheme from any PRF Messages, tags, and keys are all n-bit longs Gen(1 n ) outputs a uniform random key k {0,1} n MAC k (m) outputs t F k (m) Ver k (m,t) outputs 1 if t=f k (m) and 0 otherwise Is this selectively unforgeable? Is this existentially unforgeable? IS this universally unforgeable? Yes! Yes! Yes! how do we prove it? 20
21 Fixed-length MAC to PRF reduction 1. Assume MAC is not existentially unforgeable 2. Construct distinguisher D for F that uses forger A as a subroutine 3. Prove that D is efficient and has non-negligible advantage 4. Conclude that F is not a PRF, a contradiction Distinguisher (D) 1 n, O F 1 n t 1 OF(m1) t n O F (m n ) 1 if t=of (m) 0 otherwise Attacker (A) m 1 m n (m, t) 21
22 Replay attacks MACs guarantee authenticity and integrity of messages in most cases Notable exception: MACs do not prevent replay attacks In a replay attack, the attacker simply re-sends a legitimate message that it observed in the past 22
23 Naïve CBC-MAC Let {f k } k {0,1} * be a PRF family Gen(1 n ) outputs a uniform random key k {0,1} n MAC k (m) does the following: 1. Split m into n-bit blocks m 1,,m n 2. Initialize t 0 ={0} n 3. Compute t i =F k (t i-1 m i ) 4. Output the tag t t n Ver k (m,t) outputs 1 if t=mac k (m) and 0 otherwise 23
24 m m 1 m 2 m l k k k m 1 m 2 m l Π k Π k Π k IV t 1 t 2 t l 24 Q: Is naïve CBC-MAC existentially unforgeable? A: No! (But why?) t l
25 Attacking naïve CBC-MAC Challenger (C) Forger (A) 1 n 1 n k Gen(1 n ) m m {0,1} n t MAC k (m) t m m (m t) (m,t) 25 A s output is a valid forgery because F k (m )=F k ((m t) t)=f k (m)=t
26 That s all for today, folks!
Introduction to Cryptography
B504 / I538: Introduction to Cryptography Spring 2017 Lecture 10 Assignment 2 is due on Tuesday! 1 Recall: Pseudorandom generator (PRG) Defⁿ: A (fixed-length) pseudorandom generator (PRG) with expansion
More informationBlock Ciphers Security of block ciphers. Symmetric Ciphers
Lecturers: Mark D. Ryan and David Galindo. Cryptography 2016. Slide: 26 Assume encryption and decryption use the same key. Will discuss how to distribute key to all parties later Symmetric ciphers unusable
More informationCryptography. Module in Autumn Term 2016 University of Birmingham. Lecturers: Mark D. Ryan and David Galindo
Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 1 Cryptography Module in Autumn Term 2016 University of Birmingham Lecturers: Mark D. Ryan and David Galindo Slides originally written
More informationAutomated Analysis and Synthesis of Block-Cipher Modes of Operation
Automated Analysis and Synthesis of Block-Cipher Modes of Operation Alex J. Malozemoff 1 Jonathan Katz 1 Matthew D. Green 2 1 University of Maryland 2 Johns Hopkins University Presented at the Fall Protocol
More informationCOS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017
COS433/Math 473: Cryptography Mar Zhandry Princeton University Spring 2017 Announcements Homewor 3 due tomorrow Homewor 4 up Tae- home midterm tentative dates: Posted 3pm am Monday 3/13 Due 1pm Wednesday
More informationTMA4155 Cryptography, Intro
Trondheim, December 12, 2006. TMA4155 Cryptography, Intro 2006-12-02 Problem 1 a. We need to find an inverse of 403 modulo (19 1)(31 1) = 540: 540 = 1 403 + 137 = 17 403 50 540 + 50 403 = 67 403 50 540
More informationA Blueprint for Civil GPS Navigation Message Authentication
A Blueprint for Civil GPS Navigation Message Authentication Andrew Kerns, Kyle Wesson, and Todd Humphreys Radionavigation Laboratory University of Texas at Austin Applied Research Laboratories University
More informationConditional Cube Attack on Reduced-Round Keccak Sponge Function
Conditional Cube Attack on Reduced-Round Keccak Sponge Function Senyang Huang 1, Xiaoyun Wang 1,2,3, Guangwu Xu 4, Meiqin Wang 2,3, Jingyuan Zhao 5 1 Institute for Advanced Study, Tsinghua University,
More informationV.Sorge/E.Ritter, Handout 2
06-20008 Cryptography The University of Birmingham Autumn Semester 2015 School of Computer Science V.Sorge/E.Ritter, 2015 Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel
More informationEliminating Random Permutation Oracles in the Even-Mansour Cipher. Zulfikar Ramzan. Joint work w/ Craig Gentry. DoCoMo Labs USA
Eliminating Random Permutation Oracles in the Even-Mansour Cipher Zulfikar Ramzan Joint work w/ Craig Gentry DoCoMo Labs USA ASIACRYPT 2004 Outline Even-Mansour work and open problems. Main contributions
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 5: Cryptographic Algorithms Common Encryption Algorithms RSA
More informationPublic Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014
7 Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014 Cryptography studies techniques for secure communication in the presence of third parties. A typical
More informationStream Ciphers And Pseudorandomness Revisited. Table of contents
Stream Ciphers And Pseudorandomness Revisited Foundations of Cryptography Computer Science Department Wellesley College Fall 2016 Table of contents Introduction Stream Ciphers Stream ciphers & pseudorandom
More informationMulti-Instance Security and its Application to Password- Based Cryptography
Multi-Instance Security and its Application to Password- Based Cryptography Stefano Tessaro MIT Joint work with Mihir Bellare (UC San Diego) Thomas Ristenpart (Univ. of Wisconsin) Scenario: File encryption
More informationA SECURITY MODEL FOR ANONYMOUS CREDENTIAL SYSTEMS
A SECURITY MODEL FOR ANONYMOUS CREDENTIAL SYSTEMS Andreas Pashalidis* and Chris J. Mitchell Information Security Group, Royal Holloway, University of London { A.Pashalidis,C.Mitchell }@rhul.ac.uk Abstract
More informationClassical Cryptography
Classical Cryptography CS 6750 Lecture 1 September 10, 2009 Riccardo Pucella Goals of Classical Cryptography Alice wants to send message X to Bob Oscar is on the wire, listening to all communications Alice
More informationMerkle s Puzzles. c Eli Biham - May 3, Merkle s Puzzles (8)
Merkle s Puzzles See: Merkle, Secrecy, Authentication, and Public Key Systems, UMI Research press, 1982 Merkle, Secure Communications Over Insecure Channels, CACM, Vol. 21, No. 4, pp. 294-299, April 1978
More informationChapter 4 The Data Encryption Standard
Chapter 4 The Data Encryption Standard History of DES Most widely used encryption scheme is based on DES adopted by National Bureau of Standards (now National Institute of Standards and Technology) in
More informationNetwork Security: Secret Key Cryptography
1 Network Security: Secret Key Cryptography Henning Schulzrinne Columbia University, New York schulzrinne@cs.columbia.edu Columbia University, Fall 2000 cfl1999-2000, Henning Schulzrinne Last modified
More informationB. Substitution Ciphers, continued. 3. Polyalphabetic: Use multiple maps from the plaintext alphabet to the ciphertext alphabet.
B. Substitution Ciphers, continued 3. Polyalphabetic: Use multiple maps from the plaintext alphabet to the ciphertext alphabet. Non-periodic case: Running key substitution ciphers use a known text (in
More informationSequential Aggregate Signatures from Trapdoor Permutations
Sequential Aggregate Signatures from Trapdoor Permutations Anna Lysyanskaya Silvio Micali Leonid Reyzin Hovav Shacham Abstract An aggregate signature scheme (recently proposed by Boneh, Gentry, Lynn, and
More informationCryptography CS 555. Topic 20: Other Public Key Encryption Schemes. CS555 Topic 20 1
Cryptography CS 555 Topic 20: Other Public Key Encryption Schemes Topic 20 1 Outline and Readings Outline Quadratic Residue Rabin encryption Goldwasser-Micali Commutative encryption Homomorphic encryption
More informationCOS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017
COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Previously Pseudorandom Functions and Permutaitons Modes of Operation Pseudorandom Functions Functions that look like random
More informationRSA hybrid encryption schemes
RSA hybrid encryption schemes Louis Granboulan École Normale Supérieure Louis.Granboulan@ens.fr Abstract. This document compares the two published RSA-based hybrid encryption schemes having linear reduction
More informationTowards a Cryptanalysis of Scrambled Spectral-Phase Encoded OCDMA
Towards a Cryptanalysis of Scrambled Spectral-Phase Encoded OCDMA Sharon Goldberg* Ron Menendez **, Paul R. Prucnal* *, **Telcordia Technologies OFC 27, Anaheim, CA, March 29, 27 Secret key Security for
More informationDUBLIN CITY UNIVERSITY
DUBLIN CITY UNIVERSITY SEMESTER ONE EXAMINATIONS 2013/2014 MODULE: CA642/A Cryptography and Number Theory PROGRAMME(S): MSSF MCM ECSA ECSAO MSc in Security & Forensic Computing M.Sc. in Computing Study
More informationOnline Cryptography Course. Odds and ends. Key Deriva1on. Dan Boneh
Online Cryptography Course Odds and ends Key Deriva1on Deriving many keys from one Typical scenario. a single source key (SK) is sampled from: Hardware random number generator A key exchange protocol (discussed
More informationRSA hybrid encryption schemes
RSA hybrid encryption schemes Louis Granboulan École Normale Supérieure Louis.Granboulan@ens.fr Abstract. This document compares the two published RSA-based hybrid encryption schemes having linear reduction
More informationSymmetric-key encryption scheme based on the strong generating sets of permutation groups
Symmetric-key encryption scheme based on the strong generating sets of permutation groups Ara Alexanyan Faculty of Informatics and Applied Mathematics Yerevan State University Yerevan, Armenia Hakob Aslanyan
More informationThe number theory behind cryptography
The University of Vermont May 16, 2017 What is cryptography? Cryptography is the practice and study of techniques for secure communication in the presence of adverse third parties. What is cryptography?
More informationIdentity-based multisignature with message recovery
University of Wollongong Research Online Faculty of Engineering and Information Sciences - Papers: Part A Faculty of Engineering and Information Sciences 2013 Identity-based multisignature with message
More informationo Broken by using frequency analysis o XOR is a polyalphabetic cipher in binary
We spoke about defense challenges Crypto introduction o Secret, public algorithms o Symmetric, asymmetric crypto, one-way hashes Attacks on cryptography o Cyphertext-only, known, chosen, MITM, brute-force
More informationExample Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext
Cryptography Codes Lecture 3: The Times Cipher, Factors, Zero Divisors, and Multiplicative Inverses Spring 2015 Morgan Schreffler Office: POT 902 http://www.ms.uky.edu/~mschreffler New Cipher Times Enemy
More informationSHA-3 and permutation-based cryptography
SHA-3 and permutation-based cryptography Joan Daemen 1 Joint work with Guido Bertoni 1, Michaël Peeters 2 and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Crypto summer school Šibenik,
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 5b September 11, 2013 CPSC 467, Lecture 5b 1/11 Stream ciphers CPSC 467, Lecture 5b 2/11 Manual stream ciphers Classical stream ciphers
More informationIND-CCA Secure Hybrid Encryption from QC-MDPC Niederreiter
IND-CCA Secure Hybrid Encryption from QC-MDPC Niederreiter 7 th International Conference on Post-Quantum Cryptography 2016 Ingo von Maurich 1, Lukas Heberle 1, Tim Güneysu 2 1 Horst Görtz Institute for
More informationCRYPTANALYSIS OF THE PERMUTATION CIPHER OVER COMPOSITION MAPPINGS OF BLOCK CIPHER
CRYPTANALYSIS OF THE PERMUTATION CIPHER OVER COMPOSITION MAPPINGS OF BLOCK CIPHER P.Sundarayya 1, M.M.Sandeep Kumar 2, M.G.Vara Prasad 3 1,2 Department of Mathematics, GITAM, University, (India) 3 Department
More information4. Design Principles of Block Ciphers and Differential Attacks
4. Design Principles of Block Ciphers and Differential Attacks Nonli near 28-bits Trans forma tion 28-bits Model of Block Ciphers @G. Gong A. Introduction to Block Ciphers A Block Cipher Algorithm: E and
More informationEncryption at the Speed of Light? Towards a cryptanalysis of an optical CDMA encryption scheme
Encryption at the Speed of Light? Towards a cryptanalysis of an optical CDMA encryption scheme Sharon Goldberg * Ron Menendez **, Paul R. Prucnal * *, ** Telcordia Technologies IPAM Workshop on Special
More informationLecture 32. Handout or Document Camera or Class Exercise. Which of the following is equal to [53] [5] 1 in Z 7? (Do not use a calculator.
Lecture 32 Instructor s Comments: This is a make up lecture. You can choose to cover many extra problems if you wish or head towards cryptography. I will probably include the square and multiply algorithm
More informationEE 418: Network Security and Cryptography
EE 418: Network Security and Cryptography Homework 3 Solutions Assigned: Wednesday, November 2, 2016, Due: Thursday, November 10, 2016 Instructor: Tamara Bonaci Department of Electrical Engineering University
More informationData security (Cryptography) exercise book
University of Debrecen Faculty of Informatics Data security (Cryptography) exercise book 1 Contents 1 RSA 4 1.1 RSA in general.................................. 4 1.2 RSA background.................................
More informationEE 418 Network Security and Cryptography Lecture #3
EE 418 Network Security and Cryptography Lecture #3 October 6, 2016 Classical cryptosystems. Lecture notes prepared by Professor Radha Poovendran. Tamara Bonaci Department of Electrical Engineering University
More informationGeneric Attacks on Feistel Schemes
Generic Attacks on Feistel Schemes -Extended Version- Jacques Patarin PRiSM, University of Versailles, 45 av. des États-Unis, 78035 Versailles Cedex, France This paper is the extended version of the paper
More informationLecture 1: Introduction
Lecture 1: Introduction Instructor: Omkant Pandey Spring 2018 (CSE390) Instructor: Omkant Pandey Lecture 1: Introduction Spring 2018 (CSE390) 1 / 13 Cryptography Most of us rely on cryptography everyday
More informationGeneric Attacks on Feistel Schemes
Generic Attacks on Feistel Schemes Jacques Patarin 1, 1 CP8 Crypto Lab, SchlumbergerSema, 36-38 rue de la Princesse, BP 45, 78430 Louveciennes Cedex, France PRiSM, University of Versailles, 45 av. des
More informationLecture 4: Wireless Physical Layer: Channel Coding. Mythili Vutukuru CS 653 Spring 2014 Jan 16, Thursday
Lecture 4: Wireless Physical Layer: Channel Coding Mythili Vutukuru CS 653 Spring 2014 Jan 16, Thursday Channel Coding Modulated waveforms disrupted by signal propagation through wireless channel leads
More informationA Cryptosystem Based on the Composition of Reversible Cellular Automata
A Cryptosystem Based on the Composition of Reversible Cellular Automata Adam Clarridge and Kai Salomaa Technical Report No. 2008-549 Queen s University, Kingston, Canada {adam, ksalomaa}@cs.queensu.ca
More informationMathematics Explorers Club Fall 2012 Number Theory and Cryptography
Mathematics Explorers Club Fall 2012 Number Theory and Cryptography Chapter 0: Introduction Number Theory enjoys a very long history in short, number theory is a study of integers. Mathematicians over
More informationSome Cryptanalysis of the Block Cipher BCMPQ
Some Cryptanalysis of the Block Cipher BCMPQ V. Dimitrova, M. Kostadinoski, Z. Trajcheska, M. Petkovska and D. Buhov Faculty of Computer Science and Engineering Ss. Cyril and Methodius University, Skopje,
More informationClassification of Ciphers
Classification of Ciphers A Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of Master of Technology by Pooja Maheshwari to the Department of Computer Science & Engineering Indian
More informationRandom Bit Generation and Stream Ciphers
Random Bit Generation and Stream Ciphers Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 8-1 Overview 1.
More informationContinuous Non-Malleable Key Derivation and Its Application to Related-Key Security
Continuous Non-Malleable Key Derivation and Its Application to Related-Key Security Baodong Qin 1,2, Shengli Liu 1, Tsz Hon Yuen 3, Robert H. Deng 4, Kefei Chen 5 1. Shanghai Jiao Tong University, China
More informationCodes and Nomenclators
Spring 2011 Chris Christensen Codes and Nomenclators In common usage, there is often no distinction made between codes and ciphers, but in cryptology there is an important distinction. Recall that a cipher
More informationWhy (Special Agent) Johnny (Still) Can t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System
Why (Special Agent) Johnny (Still) Can t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System Sandy Clark Travis Goodspeed Perry Metzger Zachary Wasserman Kevin Xu Matt Blaze Usenix
More informationSecure Location Verification with Hidden and Mobile Base Stations
Secure Location Verification with Hidden and Mobile Base Stations S. Capkun, K.B. Rasmussen - Department of Computer Science, ETH Zurich M. Cagalj FESB, University of Split M. Srivastava EE Department,
More informationChapter 4 MASK Encryption: Results with Image Analysis
95 Chapter 4 MASK Encryption: Results with Image Analysis This chapter discusses the tests conducted and analysis made on MASK encryption, with gray scale and colour images. Statistical analysis including
More informationSimple And Efficient Shuffling With Provable Correctness and ZK Privacy
Simple And Efficient Shuffling With Provable Correctness and ZK Privacy Kun Peng, Colin Boyd and Ed Dawson Information Security Institute Queensland University of Technology {k.peng, c.boyd, e.dawson}@qut.edu.au
More informationSolution: Alice tosses a coin and conveys the result to Bob. Problem: Alice can choose any result.
Example - Coin Toss Coin Toss: Alice and Bob want to toss a coin. Easy to do when they are in the same room. How can they toss a coin over the phone? Mutual Commitments Solution: Alice tosses a coin and
More informationSecurity in Sensor Networks. Written by: Prof. Srdjan Capkun & Others Presented By : Siddharth Malhotra Mentor: Roland Flury
Security in Sensor Networks Written by: Prof. Srdjan Capkun & Others Presented By : Siddharth Malhotra Mentor: Roland Flury Mobile Ad-hoc Networks (MANET) Mobile Random and perhaps constantly changing
More informationImage permutation scheme based on modified Logistic mapping
0 International Conference on Information Management and Engineering (ICIME 0) IPCSIT vol. 5 (0) (0) IACSIT Press, Singapore DOI: 0.7763/IPCSIT.0.V5.54 Image permutation scheme based on modified Logistic
More informationCard-Based Protocols for Securely Computing the Conjunction of Multiple Variables
Card-Based Protocols for Securely Computing the Conjunction of Multiple Variables Takaaki Mizuki Tohoku University tm-paper+cardconjweb[atmark]g-mailtohoku-universityjp Abstract Consider a deck of real
More informationDiscrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography
Discrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography Colin Stirling Informatics Some slides based on ones by Myrto Arapinis Colin Stirling (Informatics) Discrete
More informationThe Chinese Remainder Theorem
The Chinese Remainder Theorem Theorem. Let m and n be two relatively prime positive integers. Let a and b be any two integers. Then the two congruences x a (mod m) x b (mod n) have common solutions. Any
More informationIntroduction to Cryptography CS 355
Introduction to Cryptography CS 355 Lecture 25 Mental Poker And Semantic Security CS 355 Fall 2005 / Lecture 25 1 Lecture Outline Review of number theory The Mental Poker Protocol Semantic security Semantic
More informationFermat s little theorem. RSA.
.. Computing large numbers modulo n (a) In modulo arithmetic, you can always reduce a large number to its remainder a a rem n (mod n). (b) Addition, subtraction, and multiplication preserve congruence:
More informationShannon Information theory, coding and biometrics. Han Vinck June 2013
Shannon Information theory, coding and biometrics Han Vinck June 2013 We consider The password problem using biometrics Shannon s view on security Connection to Biometrics han Vinck April 2013 2 Goal:
More informationDiscrete Mathematics: Logic. Discrete Mathematics: Lecture 15: Counting
Discrete Mathematics: Logic Discrete Mathematics: Lecture 15: Counting counting combinatorics: the study of the number of ways to put things together into various combinations basic counting principles
More informationThe Chinese Remainder Theorem
The Chinese Remainder Theorem Theorem. Let n 1,..., n r be r positive integers relatively prime in pairs. (That is, gcd(n i, n j ) = 1 whenever 1 i < j r.) Let a 1,..., a r be any r integers. Then the
More informationLow power implementation of Trivium stream cipher
Low power implementation of Trivium stream cipher Mora Gutiérrez, J.M 1. Jiménez Fernández, C.J. 2, Valencia Barrero, M. 2 1 Instituto de Microelectrónica de Sevilla, Centro Nacional de Microelectrónica(CSIC).
More informationS Coding Methods (5 cr) P. Prerequisites. Literature (1) Contents
S-72.3410 Introduction 1 S-72.3410 Introduction 3 S-72.3410 Coding Methods (5 cr) P Lectures: Mondays 9 12, room E110, and Wednesdays 9 12, hall S4 (on January 30th this lecture will be held in E111!)
More informationPseudorandom Number Generation and Stream Ciphers
Pseudorandom Number Generation and Stream Ciphers Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationNEW FINDINGS ON RFID AUTHENTICATION SCHEMES AGAINST DE-SYNCHRONIZATION ATTACK. Received March 2011; revised July 2011
International Journal of Innovative Computing, Information and Control ICIC International c 2012 ISSN 1349-4198 Volume 8, Number 7(A), July 2012 pp. 4431 4449 NEW FINDINGS ON RF AUTHENTICATION SCHEMES
More informationDUBLIN CITY UNIVERSITY
DUBLIN CITY UNIVERSITY SEMESTER ONE EXAMINATIONS 2013 MODULE: (Title & Code) CA642 Cryptography and Number Theory COURSE: M.Sc. in Security and Forensic Computing YEAR: 1 EXAMINERS: (Including Telephone
More informationSequential Aggregate Signatures from Trapdoor Permutations
Sequential Aggregate Signatures from Trapdoor Permutations Anna Lysyanskaya anna@cs.brown.edu Silvio Micali Hovav Shacham hovav@cs.stanford.edu Leonid Reyzin reyzin@cs.bu.edu Abstract An aggregate signature
More informationSuccessful Implementation of the Hill and Magic Square Ciphers: A New Direction
Successful Implementation of the Hill and Magic Square Ciphers: A New Direction ISSN:319-7900 Tomba I. : Dept. of Mathematics, Manipur University, Imphal, Manipur (INDIA) Shibiraj N, : Research Scholar
More informationYale University Department of Computer Science
LUX ETVERITAS Yale University Department of Computer Science Secret Bit Transmission Using a Random Deal of Cards Michael J. Fischer Michael S. Paterson Charles Rackoff YALEU/DCS/TR-792 May 1990 This work
More informationMAT 302: ALGEBRAIC CRYPTOGRAPHY. Department of Mathematical and Computational Sciences University of Toronto, Mississauga.
MAT 302: ALGEBRAIC CRYPTOGRAPHY Department of Mathematical and Computational Sciences University of Toronto, Mississauga February 27, 2013 Mid-term Exam INSTRUCTIONS: The duration of the exam is 100 minutes.
More informationPrevention of Selective Jamming Attack Using Cryptographic Packet Hiding Methods
Prevention of Selective Jamming Attack Using Cryptographic Packet Hiding Methods S.B.Gavali 1, A. K. Bongale 2 and A.B.Gavali 3 1 Department of Computer Engineering, Dr.D.Y.Patil College of Engineering,
More informationCryptanalysis on short messages encrypted with M-138 cipher machine
Cryptanalysis on short messages encrypted with M-138 cipher machine Tsonka Baicheva Miroslav Dimitrov Institute of Mathematics and Informatics Bulgarian Academy of Sciences 10-14 July, 2017 Sofia Introduction
More informationMA 111, Topic 2: Cryptography
MA 111, Topic 2: Cryptography Our next topic is something called Cryptography, the mathematics of making and breaking Codes! In the most general sense, Cryptography is the mathematical ideas behind changing
More informationAvoiding Selective Attacks with using Packet Hiding Approaches in Wireless Network
Avoiding Selective Attacks with using Packet Hiding Approaches in Wireless Network Patel Dhaval Dhirubhai 1, Singh Kashkumar Nirmalsingh 2 1 Computer Network and Engineering, EastWest Institute of Technology,
More informationThe next several lectures will be concerned with probability theory. We will aim to make sense of statements such as the following:
CS 70 Discrete Mathematics for CS Fall 2004 Rao Lecture 14 Introduction to Probability The next several lectures will be concerned with probability theory. We will aim to make sense of statements such
More informationSecurity Note. BBM Enterprise
Security Note BBM Enterprise Published: 2017-10-31 SWD-20171031151244990 Contents Document revision history... 4 About this guide... 5 System requirements...6 Using BBM Enterprise... 8 How BBM Enterprise
More informationCryptanalysis of Ladder-DES
Cryptanalysis of Ladder-DES Computer Science Department Technion - srael nstitute of Technology Haifa 32000, srael Email: biham@cs.technion, ac.il WWW: http://www.cs.technion.ac.il/-biham/ Abstract. Feistel
More informationState Separation for Code-Based Game-Playing Proofs
State Separation for Code-Based Game-Playing Proofs Chris Brzuska, Antoine Délignat-Lavaud, Cédric Fournet, Konrad Kohbrok, Markulf Kohlweiss December 6, 2018 Aalto University Microsoft esearch Cambridge
More informationCryptography, Number Theory, and RSA
Cryptography, Number Theory, and RSA Joan Boyar, IMADA, University of Southern Denmark November 2015 Outline Symmetric key cryptography Public key cryptography Introduction to number theory RSA Modular
More informationJournal of Discrete Mathematical Sciences & Cryptography Vol. ( ), No., pp. 1 10
Dynamic extended DES Yi-Shiung Yeh 1, I-Te Chen 2, Ting-Yu Huang 1, Chan-Chi Wang 1, 1 Department of Computer Science and Information Engineering National Chiao-Tung University 1001 Ta-Hsueh Road, HsinChu
More informationImplementation and Performance Testing of the SQUASH RFID Authentication Protocol
Implementation and Performance Testing of the SQUASH RFID Authentication Protocol Philip Koshy, Justin Valentin and Xiaowen Zhang * Department of Computer Science College of n Island n Island, New York,
More informationLecture 7: The Principle of Deferred Decisions
Randomized Algorithms Lecture 7: The Principle of Deferred Decisions Sotiris Nikoletseas Professor CEID - ETY Course 2017-2018 Sotiris Nikoletseas, Professor Randomized Algorithms - Lecture 7 1 / 20 Overview
More informationSMT 2014 Advanced Topics Test Solutions February 15, 2014
1. David flips a fair coin five times. Compute the probability that the fourth coin flip is the first coin flip that lands heads. 1 Answer: 16 ( ) 1 4 Solution: David must flip three tails, then heads.
More informationII. RC4 Cryptography is the art of communication protection. This art is scrambling a message so it cannot be clear; it
Enhancement of RC4 Algorithm using PUF * Ziyad Tariq Mustafa Al-Ta i, * Dhahir Abdulhade Abdullah, Saja Talib Ahmed *Department of Computer Science - College of Science - University of Diyala - Iraq Abstract:
More informationA Fast Image Encryption Scheme based on Chaotic Standard Map
A Fast Image Encryption Scheme based on Chaotic Standard Map Kwok-Wo Wong, Bernie Sin-Hung Kwok, and Wing-Shing Law Department of Electronic Engineering, City University of Hong Kong, 83 Tat Chee Avenue,
More informationDES Data Encryption standard
DES Data Encryption standard DES was developed by IBM as a modification of an earlier system Lucifer DES was adopted as a standard in 1977 Was replaced only in 2001 with AES (Advanced Encryption Standard)
More informationNote Computations with a deck of cards
Theoretical Computer Science 259 (2001) 671 678 www.elsevier.com/locate/tcs Note Computations with a deck of cards Anton Stiglic Zero-Knowledge Systems Inc, 888 de Maisonneuve East, 6th Floor, Montreal,
More informationElGamal Public-Key Encryption and Signature
ElGamal Public-Key Encryption and Signature Çetin Kaya Koç koc@cs.ucsb.edu Çetin Kaya Koç http://koclab.org Winter 2017 1 / 10 ElGamal Cryptosystem and Signature Scheme Taher ElGamal, originally from Egypt,
More informationmethods for subliminal channels Kazukuni Kobara and Hideki Imai Institute of Industrial Science, The University of Tokyo
In Proc. of International Conference on Information and Communications Security (ICICS'97) : LNCS 1334, pp.325{334,(1997) Self-synchronized message randomization methods for subliminal channels Kazukuni
More informationNumber Theory and Security in the Digital Age
Number Theory and Security in the Digital Age Lola Thompson Ross Program July 21, 2010 Lola Thompson (Ross Program) Number Theory and Security in the Digital Age July 21, 2010 1 / 37 Introduction I have
More informationDiffie-Hellman key-exchange protocol
Diffie-Hellman key-exchange protocol This protocol allows two users to choose a common secret key, for DES or AES, say, while communicating over an insecure channel (with eavesdroppers). The two users
More informationLECTURE VI: LOSSLESS COMPRESSION ALGORITHMS DR. OUIEM BCHIR
1 LECTURE VI: LOSSLESS COMPRESSION ALGORITHMS DR. OUIEM BCHIR 2 STORAGE SPACE Uncompressed graphics, audio, and video data require substantial storage capacity. Storing uncompressed video is not possible
More information