Introduction to Cryptography
|
|
- Sharyl Norton
- 6 years ago
- Views:
Transcription
1 B504 / I538: Introduction to Cryptography Spring 2017 Lecture 10
2 Assignment 2 is due on Tuesday! 1
3
4 Recall: Pseudorandom generator (PRG) Defⁿ: A (fixed-length) pseudorandom generator (PRG) with expansion l is a function G:{0,1} * {0,1} * with two properties: 1. Expansion (output is always longer than input): n N, l(n)>n and x {0,1} *, G(x) =l( x ) 2. Pseudorandom (uniform inputs yield uniform-looking outputs): For every PPT distinguisher A, there exists a negligible function ε:n R+ such that, n N, Pr[A(y)=1 y {0,1} l( ⁿ ) ] Pr[A(G(x))=1 x {0,1}ⁿ] ε(n) 1
5 Recall: Pseudorandom function (PRF) Defⁿ: A (length-preserving) pseudorandom fuction (PRF) is a keyed function F:{0,1} * {0,1} * {0,1} * with three properties: 1. Length-preservation (output is same size as inputs): k {0,1} * and x {0,1} k, F(k,x) = x 2. Uniform PPT (can be evaluated by an efficient algorithm): There exists a (uniform) PPT algorithm A such that, k {0,1} * and x {0,1} k, A(k,x)=F(k,x) 2 3. Pseudorandom (behaves like a random function ): For every PPT distinguisher A, there exists a negligible function ε:n R+ such that, n N, Pr[A F K( ) (1ⁿ)=1 k {0,1}ⁿ] Pr[A f( ) (1ⁿ)=1 f Func(n)] ε(n)
6 Permutations Q: What is a permutation on {0,1}ⁿ? A: A function that rearranges the elements of {0,1}ⁿ More formally, it is a bi jection from {0,1}ⁿ to itself; that is, a function π:{0,1}ⁿ {0,1}ⁿ that is 1. Injective ( one-to-one ): π(x)=π(y) x=y 2. Surjective ( onto ): y {0,1}ⁿ, x {0,1}ⁿ such that π(x)=y 3! permuations of 3 colored circles: 3
7 Pseudorandom permutations (PRPs) Intuitively: A pseudorandom permutation (PRP) is a pseudorandom function that is also a permutation (whenever the key is fixed) No efficient algorithm can distinguish between a PRP and a random permutation, except with negligible advantage What in is a random permutation? 4
8 Random permutations Defⁿ: Let Perm(n) denote the set of all permutations on {0,1}ⁿ. A random permutation is the uniform random variable on Perm(n). Q: How big is the sample space of Perm(n)? A: (2ⁿ)! (compare this with 2ⁿ 2ⁿ functions in Func(n)) 5
9 Why permutations? Q: What special property of permutations makes PRPs more useful than PRFs? A: Permutations have unique inverses; that is, given any y {0,1}ⁿ it is possible to find x {0,1}ⁿ such that π(x)=y Permutation Permutation 6
10 Efficient keyed permutation Defⁿ: A permutation family is an infinite sequence {Π k } k {0,1} * where k {0,1} *, Π k :{0,1} k {0,1} k is a permutation on {0,1} k. The family is uniform PPT if there is a PPT algorithm that, given any k {0,1} * and x {0,1} k, outputs f k (x). We typically think of a uniform PPT permutation family as a keyed permutation; that is, as a function Π:{0,1} * {0,1} * {0,1} * such that 7 Π(k,x)=Π k (x) for all k {0,1} * and x {0,1} k
11 Keyed permutation Defⁿ: A keyed permutation Π:{0,1} * {0,1} * {0,1} k is efficient if there exists a PPT algorithm Inv and negligible function ε:n R+ such that, Pr[Π(k,Inv(k,y))=y k,y {0,1}ⁿ] 1 ε(n). Intuitively: a keyed permutation is efficient if both it and its inverse can be evaluated by efficient algorithms 8
12 Formal definition: PRP Defⁿ: An efficient keyed permutation is a pseudorandom permutation (PRP) if, for every PPT algorithm A, there exists a negligible function ε:n R+ such that Pr[A Π k( ) (1ⁿ) k {0,1}ⁿ] Pr[A π( ) (1ⁿ) π Perm(n)] ε(n) 2ⁿ outcomes (2ⁿ)! outcomes 9
13 PRP indistinguishability game Game 0 (A has oracle access to a PRP oracle): 1ⁿ Challenger (C) k {0,1}ⁿ x 1 Π k (x 1 ) x q Π k (x q ) X 1 {0,1}ⁿ X q {0,1}ⁿ Attacker (A) 1ⁿ b' Game 1 (A has oracle access to a random permutation oracle): 1ⁿ Challenger (C) π Perms(n) x 1 π(x 1 ) x q π(x q ) X 1 {0,1}ⁿ X q {0,1}ⁿ Attacker (A) 1ⁿ b' 10 Defⁿ: Adv PRP (A) Pr[b b ] ½
14 Strong PRPs Intuitively, a PRP is a strong PRP if it remains difficult to distinguish from a random permutation even when given access to the inverse permutation Defⁿ: An efficient keyed permutation is a strong PRP (SPRP) if, for every PPT algorithm A, there exists a negligible function ε:n R+ such that Pr[A Π k( ),Π k -1 ( ) (1ⁿ) k {0,1}ⁿ] Pr[A π( ),π-1 ( ) (1ⁿ) π Perm(n)] ε(n) 11
15 Strong PRP indistinguishability game 1ⁿ Game 0 (A has oracle access to a PRP oracle and corresponding inverse oracle): Challenger (C) k {0,1}ⁿ x 1 Π k (x 1 ),Π k -1(x 1 ) x q Π k (x q ),Π k -1(x q ) Attacker (A) X 1 {0,1}ⁿ X q {0,1}ⁿ 1ⁿ b' 1ⁿ Game 1 (A has oracle access to a random permutation oracle and corresponding inverse oracle): Challenger (C) π Perms(n) x 1 π(x 1 ),π -1 (x 1 ) x q π(x q ),π -1 (x q ) Attacker (A) X 1 {0,1}ⁿ X q {0,1}ⁿ 1ⁿ b' 12 Defⁿ: Adv SPRP (A) Pr[b b ] ½
16 PRPs versus SPRPs Q: Is every PRP a Strong PRP? A: Nope! I m going to ask you prove this on a3 13
17 PRP versus PRF Q: Is every PRP a PRF? A: Yup! Thm (PRF Switching Lemma): Let Π:{0,1} * {0,1) * {0,1} * be a PRP. Then for any PPT distinguisher A that makes q(n) oracle queries, Pr[A Πk ( ) (1ⁿ) k {0,1}ⁿ] Pr[A f ( ) (1ⁿ) f Func(n)] q(n)²/2ⁿ+¹ 14
18 Fixed-length encryption from SPRPs Let Π be a strong PRP Plaintexts, ciphertexts and keys are all n-bit strings (i.e., M=C=K): Gen(1ⁿ) outputs a uniform random key k {0,1}ⁿ Enc k (m) outputs c Π k (m) Dec k (c) outputs m Π k -1 (c) Q: Is this construction IND-CPA secure? 15 A: Nope! (But it does have indistinguishable encryptions in the presence of an eavesdropper)
19 Modes of operation Goals: 1. Extend block cipher to encrypt arbitrarylength plaintexts 2. Get IND-CPA security (or better!) in the process There are many modes of operation in the literature; for now, we ll focus on a few oldiesbut-goodies: ECB, CBC, OFB, and CTR 16
20 Modes of operation: ECB 17 Electronic codebook (ECB) mode: Split message into n-bit blocks, apply PRP to each one in turn Most common default mode for encryption software Almost always a very bad idea If I find out you use ECB in the future, I will retroactively give you an F and revoke your degree! Seriously. Don t use ECB!
21 Modes of operation: ECB Electronic codebook (ECB) mode encryption: m m 1 m 2 m l m 1 m k k 2 k m l Π k Π k Π k c 1 c 2 c l 17 c c 1 c 2 c l
22 Modes of operation: ECB Electronic codebook (ECB) mode decryption: c c 1 c 2 c l c 1 c k k 2 k c n Π k -1 Π k -1 m 1 m 2 Π k -1 m l 17 m m 1 m 2 m l
23 Modes of operation: ECB Q 1 : Does ECB mode provide IND-CPA security? A 1 : Nope! Q 2 : Does ECB mode provide indistinguishable encryptions in the presence of an eavesdropper? A 2 : Nope! Choose m 0 m m, m 1 m m for any distinct m,m {0,1}ⁿ Retrieve c c 1 c 2 ; output 0 if c 1 c 2 and 1 otherwise 17
24 Modes of operation: ECB plaintext (bitmap) ECB mode ciphertext CBC mode ciphertext 17 Tux image created in 1996 by Larry Ewing with The GIMP. All uses permitted provided that you mention Larry Ewing, the owner of the original image, his address and The GIMP,
25 Modes of operation: ECB Take away: Don t use ECB! 17
26 Modes of operation: CBC Cipher block chaining (CBC) mode: Choose uniform random initialization vector IV {0,1}ⁿ XOR first plaintext block with IV before applying PRP For each subsequent plaintext block, XOR with preceding ciphertext block before appliying PRP Output IV as part with ciphertext (l-block plaintext (l+1)-block ciphertext) 18
27 Modes of operation: CBC Cipher block chaining (CBC) mode encryption: m m 1 m 2 m l k k k m 1 m 2 m l Π k Π k Π k IV c 1 c 2 c l 18 c IV c 1 c 2 c l
28 Modes of operation: CBC Cipher block chaining (CBC) mode decryption: c IV c 1 c 2 c l k k k c 1 c 2 c n Π k -1 Π k -1 Π k -1 IV m 1 m 2 m l 18 m m 1 m 2 m l
29 Modes of operation: OFB Output feedback (OFB) mode: Choose uniform random initialization vector IV {0,1}ⁿ Apply PRP to IV to get a pad to XOR with first block For each subsequent plaintext block, apply PRP to preceding pad and XOR result with the plaintext block Output IV as part with ciphertext (l-block plaintext (l+1)-block ciphertext) 19
30 Modes of operation: OFB Output feedback (OFB) mode encryption: m m 1 m 2 m l k IV k k Π k Π k Π k m 1 m 2 m l c 1 c 2 c l c IV c 1 c 2 c l 19
31 Modes of operation: OFB Output feedback (OFB) mode decryption: c IV c 1 c 2 c l k IV k k Π k Π k Π k c 1 c 2 c l m 1 m 2 m l 19 m m 1 m 2 m l
32 Modes of operation: CTR Counter (CTR) mode: Choose uniform random initialization vector IV {0,1}ⁿ Apply PRP to IV to get a pad to XOR with first block For each subsequent increment IV by one (treat as binary string modulo 2ⁿ) and XOR result with the plaintext block Output IV as part with ciphertext (l-block plaintext (l+1)-block ciphertext) 20
33 Modes of operation: CTR Counter (CTR) mode encryption: m m 1 m 2 m l k IV k IV+1 k IV+l 1 Π k Π k Π k m 1 m 2 m l c 1 c 2 c l 20 c IV c 1 c 2 c l
34 Modes of operation: CTR Counter (CTR) mode decryption: c IV c 1 c 2 c l k IV k IV+1 k IV+l 1 Π k Π k Π k c 1 c 2 c l m 1 m 2 m l 20 m m 1 m 2 m l
35 Modes of operation: Comparison 21 Electronic Code Book (ECB) mode Pros: simple, parallelizable Cons: no reasonable security guarantees Cipher Block Chaining (CBC) mode Pros: IND-CPA secure, decryption is parallelizable Cons: encryption is inherently sequential; malleable Output Feedback (OFB) mode Pros: IND-CPA secure Cons: encryption and decryption both inherently sequential; malleable Counter (CTR) mode Pros: IND-CPA secure, encryption and decryption are both fully parallelizable Cons: malleable
36 That s all for today, folks!
Introduction to Cryptography
B504 / I538: Introduction to Cryptography Spring 2017 Lecture 11 * modulo the 1-week extension on problems 3 & 4 Assignment 2 * is due! Assignment 3 is out and is due in two weeks! 1 Secrecy vs. integrity
More informationCOS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017
COS433/Math 473: Cryptography Mar Zhandry Princeton University Spring 2017 Announcements Homewor 3 due tomorrow Homewor 4 up Tae- home midterm tentative dates: Posted 3pm am Monday 3/13 Due 1pm Wednesday
More informationBlock Ciphers Security of block ciphers. Symmetric Ciphers
Lecturers: Mark D. Ryan and David Galindo. Cryptography 2016. Slide: 26 Assume encryption and decryption use the same key. Will discuss how to distribute key to all parties later Symmetric ciphers unusable
More informationAutomated Analysis and Synthesis of Block-Cipher Modes of Operation
Automated Analysis and Synthesis of Block-Cipher Modes of Operation Alex J. Malozemoff 1 Jonathan Katz 1 Matthew D. Green 2 1 University of Maryland 2 Johns Hopkins University Presented at the Fall Protocol
More informationStream Ciphers And Pseudorandomness Revisited. Table of contents
Stream Ciphers And Pseudorandomness Revisited Foundations of Cryptography Computer Science Department Wellesley College Fall 2016 Table of contents Introduction Stream Ciphers Stream ciphers & pseudorandom
More informationCOS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017
COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Previously Pseudorandom Functions and Permutaitons Modes of Operation Pseudorandom Functions Functions that look like random
More informationNetwork Security: Secret Key Cryptography
1 Network Security: Secret Key Cryptography Henning Schulzrinne Columbia University, New York schulzrinne@cs.columbia.edu Columbia University, Fall 2000 cfl1999-2000, Henning Schulzrinne Last modified
More informationo Broken by using frequency analysis o XOR is a polyalphabetic cipher in binary
We spoke about defense challenges Crypto introduction o Secret, public algorithms o Symmetric, asymmetric crypto, one-way hashes Attacks on cryptography o Cyphertext-only, known, chosen, MITM, brute-force
More informationTMA4155 Cryptography, Intro
Trondheim, December 12, 2006. TMA4155 Cryptography, Intro 2006-12-02 Problem 1 a. We need to find an inverse of 403 modulo (19 1)(31 1) = 540: 540 = 1 403 + 137 = 17 403 50 540 + 50 403 = 67 403 50 540
More informationOnline Cryptography Course. Odds and ends. Key Deriva1on. Dan Boneh
Online Cryptography Course Odds and ends Key Deriva1on Deriving many keys from one Typical scenario. a single source key (SK) is sampled from: Hardware random number generator A key exchange protocol (discussed
More informationEE 418 Network Security and Cryptography Lecture #3
EE 418 Network Security and Cryptography Lecture #3 October 6, 2016 Classical cryptosystems. Lecture notes prepared by Professor Radha Poovendran. Tamara Bonaci Department of Electrical Engineering University
More informationFermat s little theorem. RSA.
.. Computing large numbers modulo n (a) In modulo arithmetic, you can always reduce a large number to its remainder a a rem n (mod n). (b) Addition, subtraction, and multiplication preserve congruence:
More informationCryptography. Module in Autumn Term 2016 University of Birmingham. Lecturers: Mark D. Ryan and David Galindo
Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 1 Cryptography Module in Autumn Term 2016 University of Birmingham Lecturers: Mark D. Ryan and David Galindo Slides originally written
More informationV.Sorge/E.Ritter, Handout 2
06-20008 Cryptography The University of Birmingham Autumn Semester 2015 School of Computer Science V.Sorge/E.Ritter, 2015 Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel
More informationEliminating Random Permutation Oracles in the Even-Mansour Cipher. Zulfikar Ramzan. Joint work w/ Craig Gentry. DoCoMo Labs USA
Eliminating Random Permutation Oracles in the Even-Mansour Cipher Zulfikar Ramzan Joint work w/ Craig Gentry DoCoMo Labs USA ASIACRYPT 2004 Outline Even-Mansour work and open problems. Main contributions
More informationChapter 4 The Data Encryption Standard
Chapter 4 The Data Encryption Standard History of DES Most widely used encryption scheme is based on DES adopted by National Bureau of Standards (now National Institute of Standards and Technology) in
More informationDUBLIN CITY UNIVERSITY
DUBLIN CITY UNIVERSITY SEMESTER ONE EXAMINATIONS 2013/2014 MODULE: CA642/A Cryptography and Number Theory PROGRAMME(S): MSSF MCM ECSA ECSAO MSc in Security & Forensic Computing M.Sc. in Computing Study
More informationPublic Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014
7 Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014 Cryptography studies techniques for secure communication in the presence of third parties. A typical
More informationB. Substitution Ciphers, continued. 3. Polyalphabetic: Use multiple maps from the plaintext alphabet to the ciphertext alphabet.
B. Substitution Ciphers, continued 3. Polyalphabetic: Use multiple maps from the plaintext alphabet to the ciphertext alphabet. Non-periodic case: Running key substitution ciphers use a known text (in
More informationIND-CCA Secure Hybrid Encryption from QC-MDPC Niederreiter
IND-CCA Secure Hybrid Encryption from QC-MDPC Niederreiter 7 th International Conference on Post-Quantum Cryptography 2016 Ingo von Maurich 1, Lukas Heberle 1, Tim Güneysu 2 1 Horst Görtz Institute for
More informationSome Cryptanalysis of the Block Cipher BCMPQ
Some Cryptanalysis of the Block Cipher BCMPQ V. Dimitrova, M. Kostadinoski, Z. Trajcheska, M. Petkovska and D. Buhov Faculty of Computer Science and Engineering Ss. Cyril and Methodius University, Skopje,
More information4. Design Principles of Block Ciphers and Differential Attacks
4. Design Principles of Block Ciphers and Differential Attacks Nonli near 28-bits Trans forma tion 28-bits Model of Block Ciphers @G. Gong A. Introduction to Block Ciphers A Block Cipher Algorithm: E and
More informationRandom Bit Generation and Stream Ciphers
Random Bit Generation and Stream Ciphers Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 8-1 Overview 1.
More informationAn enciphering scheme based on a card shuffle
An enciphering scheme based on a card shuffle Ben Morris Mathematics, UC Davis Joint work with Viet Tung Hoang (Computer Science, UC Davis) and Phil Rogaway (Computer Science, UC Davis). Setting Blockcipher
More informationClassical Cryptography
Classical Cryptography CS 6750 Lecture 1 September 10, 2009 Riccardo Pucella Goals of Classical Cryptography Alice wants to send message X to Bob Oscar is on the wire, listening to all communications Alice
More informationLinear Congruences. The solutions to a linear congruence ax b (mod m) are all integers x that satisfy the congruence.
Section 4.4 Linear Congruences Definition: A congruence of the form ax b (mod m), where m is a positive integer, a and b are integers, and x is a variable, is called a linear congruence. The solutions
More informationGeneric Attacks on Feistel Schemes
Generic Attacks on Feistel Schemes -Extended Version- Jacques Patarin PRiSM, University of Versailles, 45 av. des États-Unis, 78035 Versailles Cedex, France This paper is the extended version of the paper
More informationLecture 32. Handout or Document Camera or Class Exercise. Which of the following is equal to [53] [5] 1 in Z 7? (Do not use a calculator.
Lecture 32 Instructor s Comments: This is a make up lecture. You can choose to cover many extra problems if you wish or head towards cryptography. I will probably include the square and multiply algorithm
More informationIntroduction to Cryptography CS 355
Introduction to Cryptography CS 355 Lecture 25 Mental Poker And Semantic Security CS 355 Fall 2005 / Lecture 25 1 Lecture Outline Review of number theory The Mental Poker Protocol Semantic security Semantic
More informationDUBLIN CITY UNIVERSITY
DUBLIN CITY UNIVERSITY SEMESTER ONE EXAMINATIONS 2013 MODULE: (Title & Code) CA642 Cryptography and Number Theory COURSE: M.Sc. in Security and Forensic Computing YEAR: 1 EXAMINERS: (Including Telephone
More informationQuality of Encryption Measurement of Bitmap Images with RC6, MRC6, and Rijndael Block Cipher Algorithms
International Journal of Network Security, Vol.5, No.3, PP.241 251, Nov. 2007 241 Quality of Encryption Measurement of Bitmap Images with RC6, MRC6, and Rijndael Block Cipher Algorithms Nawal El-Fishawy
More informationCRYPTANALYSIS OF THE PERMUTATION CIPHER OVER COMPOSITION MAPPINGS OF BLOCK CIPHER
CRYPTANALYSIS OF THE PERMUTATION CIPHER OVER COMPOSITION MAPPINGS OF BLOCK CIPHER P.Sundarayya 1, M.M.Sandeep Kumar 2, M.G.Vara Prasad 3 1,2 Department of Mathematics, GITAM, University, (India) 3 Department
More informationNew Linear Cryptanalytic Results of Reduced-Round of CAST-128 and CAST-256
New Linear Cryptanalytic Results of Reduced-Round of CAST-28 and CAST-256 Meiqin Wang, Xiaoyun Wang, and Changhui Hu Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education,
More informationSymmetric-key encryption scheme based on the strong generating sets of permutation groups
Symmetric-key encryption scheme based on the strong generating sets of permutation groups Ara Alexanyan Faculty of Informatics and Applied Mathematics Yerevan State University Yerevan, Armenia Hakob Aslanyan
More informationExample Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext
Cryptography Codes Lecture 3: The Times Cipher, Factors, Zero Divisors, and Multiplicative Inverses Spring 2015 Morgan Schreffler Office: POT 902 http://www.ms.uky.edu/~mschreffler New Cipher Times Enemy
More informationDES Data Encryption standard
DES Data Encryption standard DES was developed by IBM as a modification of an earlier system Lucifer DES was adopted as a standard in 1977 Was replaced only in 2001 with AES (Advanced Encryption Standard)
More informationPseudorandom Number Generation and Stream Ciphers
Pseudorandom Number Generation and Stream Ciphers Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationThe number theory behind cryptography
The University of Vermont May 16, 2017 What is cryptography? Cryptography is the practice and study of techniques for secure communication in the presence of adverse third parties. What is cryptography?
More informationExample Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext
Cryptography Codes Lecture 4: The Times Cipher, Factors, Zero Divisors, and Multiplicative Inverses Spring 2014 Morgan Schreffler Office: POT 902 http://www.ms.uky.edu/~mschreffler New Cipher Times Enemy
More informationA Cryptosystem Based on the Composition of Reversible Cellular Automata
A Cryptosystem Based on the Composition of Reversible Cellular Automata Adam Clarridge and Kai Salomaa Technical Report No. 2008-549 Queen s University, Kingston, Canada {adam, ksalomaa}@cs.queensu.ca
More informationLecture 1: Introduction
Lecture 1: Introduction Instructor: Omkant Pandey Spring 2018 (CSE390) Instructor: Omkant Pandey Lecture 1: Introduction Spring 2018 (CSE390) 1 / 13 Cryptography Most of us rely on cryptography everyday
More informationData security (Cryptography) exercise book
University of Debrecen Faculty of Informatics Data security (Cryptography) exercise book 1 Contents 1 RSA 4 1.1 RSA in general.................................. 4 1.2 RSA background.................................
More informationSHA-3 and permutation-based cryptography
SHA-3 and permutation-based cryptography Joan Daemen 1 Joint work with Guido Bertoni 1, Michaël Peeters 2 and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Crypto summer school Šibenik,
More informationClassification of Ciphers
Classification of Ciphers A Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of Master of Technology by Pooja Maheshwari to the Department of Computer Science & Engineering Indian
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 5b September 11, 2013 CPSC 467, Lecture 5b 1/11 Stream ciphers CPSC 467, Lecture 5b 2/11 Manual stream ciphers Classical stream ciphers
More informationFinal exam. Question Points Score. Total: 150
MATH 11200/20 Final exam DECEMBER 9, 2016 ALAN CHANG Please present your solutions clearly and in an organized way Answer the questions in the space provided on the question sheets If you run out of room
More informationConditional Cube Attack on Reduced-Round Keccak Sponge Function
Conditional Cube Attack on Reduced-Round Keccak Sponge Function Senyang Huang 1, Xiaoyun Wang 1,2,3, Guangwu Xu 4, Meiqin Wang 2,3, Jingyuan Zhao 5 1 Institute for Advanced Study, Tsinghua University,
More informationDr. V.U.K.Sastry Professor (CSE Dept), Dean (R&D) SreeNidhi Institute of Science & Technology, SNIST Hyderabad, India. P = [ p
Vol., No., A Block Cipher Involving a Key Bunch Matrix and an Additional Key Matrix, Supplemented with XOR Operation and Supported by Key-Based Permutation and Substitution Dr. V.U.K.Sastry Professor (CSE
More informationThe next several lectures will be concerned with probability theory. We will aim to make sense of statements such as the following:
CS 70 Discrete Mathematics for CS Fall 2004 Rao Lecture 14 Introduction to Probability The next several lectures will be concerned with probability theory. We will aim to make sense of statements such
More informationII. RC4 Cryptography is the art of communication protection. This art is scrambling a message so it cannot be clear; it
Enhancement of RC4 Algorithm using PUF * Ziyad Tariq Mustafa Al-Ta i, * Dhahir Abdulhade Abdullah, Saja Talib Ahmed *Department of Computer Science - College of Science - University of Diyala - Iraq Abstract:
More informationVoice and image encryption, and performance analysis of counter mode advanced encryption standard for WiMAX
The University of Toledo The University of Toledo Digital Repository Theses and Dissertations 2013 Voice and image encryption, and performance analysis of counter mode advanced encryption standard for
More informationPublic-Key Cryptosystem Based on Composite Degree Residuosity Classes. Paillier Cryptosystem. Harmeet Singh
Public-Key Cryptosystem Based on Composite Degree Residuosity Classes aka Paillier Cryptosystem Harmeet Singh Harmeet Singh Winter 2018 1 / 26 Background s Background Foundation of public-key encryption
More informationCS100: DISCRETE STRUCTURES. Lecture 8 Counting - CH6
CS100: DISCRETE STRUCTURES Lecture 8 Counting - CH6 Lecture Overview 2 6.1 The Basics of Counting: THE PRODUCT RULE THE SUM RULE THE SUBTRACTION RULE THE DIVISION RULE 6.2 The Pigeonhole Principle. 6.3
More informationNEEDLE IN THE HAYSTACK SECURE COMMUNICATION
AFRL-RI-RS-TM-2008-28 Final Technical Memorandum October 2008 NEEDLE IN THE HAYSTACK SECURE COMMUNICATION University of Central Florida APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED. STINFO COPY
More informationCDMA Physical Layer Built-in Security Enhancement
CDMA Physical Layer Built-in Security Enhancement Jian Ren Tongtong Li 220 Engineering Building Department of Electrical & Computer Engineering Michigan State University East Landing, MI 48864-226 Email:
More informationMulti-Instance Security and its Application to Password- Based Cryptography
Multi-Instance Security and its Application to Password- Based Cryptography Stefano Tessaro MIT Joint work with Mihir Bellare (UC San Diego) Thomas Ristenpart (Univ. of Wisconsin) Scenario: File encryption
More informationTheory of Probability - Brett Bernstein
Theory of Probability - Brett Bernstein Lecture 3 Finishing Basic Probability Review Exercises 1. Model flipping two fair coins using a sample space and a probability measure. Compute the probability of
More informationCryptography CS 555. Topic 20: Other Public Key Encryption Schemes. CS555 Topic 20 1
Cryptography CS 555 Topic 20: Other Public Key Encryption Schemes Topic 20 1 Outline and Readings Outline Quadratic Residue Rabin encryption Goldwasser-Micali Commutative encryption Homomorphic encryption
More informationJournal of Discrete Mathematical Sciences & Cryptography Vol. ( ), No., pp. 1 10
Dynamic extended DES Yi-Shiung Yeh 1, I-Te Chen 2, Ting-Yu Huang 1, Chan-Chi Wang 1, 1 Department of Computer Science and Information Engineering National Chiao-Tung University 1001 Ta-Hsueh Road, HsinChu
More informationFPGA Implementation of Secured Image STEGNOGRAPHY based on VIGENERE CIPHER and X BOX Mapping Techniques
FPGA Implementation of Secured Image STEGNOGRAPHY based on VIGENERE CIPHER and X BOX Mapping Techniques Aniketkulkarni Sheela.c DhirajDeshpande M.Tech, TOCE Asst.Prof, TOCE Asst.prof,BKIT aniketoxc@gmail.com
More informationTowards a Cryptanalysis of Scrambled Spectral-Phase Encoded OCDMA
Towards a Cryptanalysis of Scrambled Spectral-Phase Encoded OCDMA Sharon Goldberg* Ron Menendez **, Paul R. Prucnal* *, **Telcordia Technologies OFC 27, Anaheim, CA, March 29, 27 Secret key Security for
More informationSolutions to the problems from Written assignment 2 Math 222 Winter 2015
Solutions to the problems from Written assignment 2 Math 222 Winter 2015 1. Determine if the following limits exist, and if a limit exists, find its value. x2 y (a) The limit of f(x, y) = x 4 as (x, y)
More informationMath 1111 Math Exam Study Guide
Math 1111 Math Exam Study Guide The math exam will cover the mathematical concepts and techniques we ve explored this semester. The exam will not involve any codebreaking, although some questions on the
More informationA Novel Encryption System using Layered Cellular Automata
A Novel Encryption System using Layered Cellular Automata M Phani Krishna Kishore 1 S Kanthi Kiran 2 B Bangaru Bhavya 3 S Harsha Chaitanya S 4 Abstract As the technology is rapidly advancing day by day
More informationA basic guitar is a musical string instrument with six strings. In standard tuning they have the notes E, A, D, G, B and E
A.Manimaran* et al. International Journal Of Pharmacy & Technology ISSN: 0975-766X CODEN: IJPTFI Available Online through Research Article www.ijptonline.com DATA ENCRYPTION AND DECRYPTION USING GUITAR
More informationGeneric Attacks on Feistel Schemes
Generic Attacks on Feistel Schemes Jacques Patarin 1, 1 CP8 Crypto Lab, SchlumbergerSema, 36-38 rue de la Princesse, BP 45, 78430 Louveciennes Cedex, France PRiSM, University of Versailles, 45 av. des
More informationHigh Diffusion Cipher: Encryption and Error Correction in a Single Cryptographic Primitive
High Diffusion Cipher: Encryption and Error Correction in a Single Cryptographic Primitive Chetan Nanjunda Mathur, Karthik Narayan and K.P. Subbalakshmi Department of Electrical and Computer Engineering
More informationDiscrete Mathematics and Probability Theory Spring 2018 Ayazifar and Rao Midterm 2 Solutions
CS 70 Discrete Mathematics and Probability Theory Spring 2018 Ayazifar and Rao Midterm 2 Solutions PRINT Your Name: Oski Bear SIGN Your Name: OS K I PRINT Your Student ID: CIRCLE your exam room: Pimentel
More informationCourse Business. Harry. Hagrid. Homework 2 Due Now. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Location: Right here
Course Business Homework 2 Due Now Midterm is on March 1 Final Exam is Monday, May 1 (7 PM) Location: Right here Harry Hagrid 1 Cryptography CS 555 Topic 17: DES, 3DES 2 Recap Goals for This Week: Practical
More informationWeek 3: Block ciphers
Week 3: Block ciphers Jay Daigle Occidental College September 13, 2018 Jay Daigle (Occidental College) Week 3: September 13, 2018 1 / 12 Jay Daigle (Occidental College) Week 3: September 13, 2018 2 / 12
More informationColored Image Ciphering with Key Image
EUROPEAN ACADEMIC RESEARCH Vol. IV, Issue 5/ August 2016 ISSN 2286-4822 www.euacademic.org Impact Factor: 3.4546 (UIF) DRJI Value: 5.9 (B+) Colored Image Ciphering with Key Image ZAINALABIDEEN ABDULLASAMD
More informationMAT 302: ALGEBRAIC CRYPTOGRAPHY. Department of Mathematical and Computational Sciences University of Toronto, Mississauga.
MAT 302: ALGEBRAIC CRYPTOGRAPHY Department of Mathematical and Computational Sciences University of Toronto, Mississauga February 27, 2013 Mid-term Exam INSTRUCTIONS: The duration of the exam is 100 minutes.
More informationWhy (Special Agent) Johnny (Still) Can t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System
Why (Special Agent) Johnny (Still) Can t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System Sandy Clark Travis Goodspeed Perry Metzger Zachary Wasserman Kevin Xu Matt Blaze Usenix
More informationUnlinkability and Redundancy in Anonymous Publication Systems
Unlinkability and Redundancy in Anonymous Publication Systems Christian Boesgaard pink@diku.dk Department of Computer Science University of Copenhagen Denmark January 22, 2004 1 Introduction An anonymous
More informationMathematics Explorers Club Fall 2012 Number Theory and Cryptography
Mathematics Explorers Club Fall 2012 Number Theory and Cryptography Chapter 0: Introduction Number Theory enjoys a very long history in short, number theory is a study of integers. Mathematicians over
More informationCryptanalysis on short messages encrypted with M-138 cipher machine
Cryptanalysis on short messages encrypted with M-138 cipher machine Tsonka Baicheva Miroslav Dimitrov Institute of Mathematics and Informatics Bulgarian Academy of Sciences 10-14 July, 2017 Sofia Introduction
More informationImplementation and Performance Testing of the SQUASH RFID Authentication Protocol
Implementation and Performance Testing of the SQUASH RFID Authentication Protocol Philip Koshy, Justin Valentin and Xiaowen Zhang * Department of Computer Science College of n Island n Island, New York,
More informationThe topic for the third and final major portion of the course is Probability. We will aim to make sense of statements such as the following:
CS 70 Discrete Mathematics for CS Spring 2006 Vazirani Lecture 17 Introduction to Probability The topic for the third and final major portion of the course is Probability. We will aim to make sense of
More informationCryptanalysis of Ladder-DES
Cryptanalysis of Ladder-DES Computer Science Department Technion - srael nstitute of Technology Haifa 32000, srael Email: biham@cs.technion, ac.il WWW: http://www.cs.technion.ac.il/-biham/ Abstract. Feistel
More informationCMath 55 PROFESSOR KENNETH A. RIBET. Final Examination May 11, :30AM 2:30PM, 100 Lewis Hall
CMath 55 PROFESSOR KENNETH A. RIBET Final Examination May 11, 015 11:30AM :30PM, 100 Lewis Hall Please put away all books, calculators, cell phones and other devices. You may consult a single two-sided
More informationOrthomorphisms of Boolean Groups. Nichole Louise Schimanski. A dissertation submitted in partial fulfillment of the requirements for the degree of
Orthomorphisms of Boolean Groups by Nichole Louise Schimanski A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Mathematical Sciences Dissertation
More informationCS 261 Notes: Zerocash
CS 261 Notes: Zerocash Scribe: Lynn Chua September 19, 2018 1 Introduction Zerocash is a cryptocurrency which allows users to pay each other directly, without revealing any information about the parties
More informationWatermarking System Using LSB
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661,p-ISSN: 2278-8727, Volume 19, Issue 3, Ver. II (May.-June. 2017), PP 75-79 www.iosrjournals.org Watermarking System Using LSB Hewa Majeed
More informationWhat is a Sorting Function?
Department of Computer Science University of Copenhagen Email: henglein@diku.dk WG 2.8 2008, Park City, June 15-22, 2008 Outline 1 Sorting algorithms Literature definitions What is a sorting criterion?
More informationRunning head: SIMPLE SECRECY. Simple Secrecy: Analog Stream Cipher for Secure Voice Communication. John Campbell
Running head: SIMPLE SECRECY Simple Secrecy: Analog Stream Cipher for Secure Voice Communication John Campbell A Senior Thesis submitted in partial fulfillment of the requirements for graduation in the
More informationEncryption at the Speed of Light? Towards a cryptanalysis of an optical CDMA encryption scheme
Encryption at the Speed of Light? Towards a cryptanalysis of an optical CDMA encryption scheme Sharon Goldberg * Ron Menendez **, Paul R. Prucnal * *, ** Telcordia Technologies IPAM Workshop on Special
More informationGrade 7 and 8 Math Circles March 19th/20th/21st. Cryptography
Faculty of Mathematics Waterloo, Ontario N2L 3G1 Centre for Education in Mathematics and Computing Grade 7 and 8 Math Circles March 19th/20th/21st Cryptography Introduction Before we begin, it s important
More informationOn the Capacity Region of the Vector Fading Broadcast Channel with no CSIT
On the Capacity Region of the Vector Fading Broadcast Channel with no CSIT Syed Ali Jafar University of California Irvine Irvine, CA 92697-2625 Email: syed@uciedu Andrea Goldsmith Stanford University Stanford,
More informationDiffie-Hellman key-exchange protocol
Diffie-Hellman key-exchange protocol This protocol allows two users to choose a common secret key, for DES or AES, say, while communicating over an insecure channel (with eavesdroppers). The two users
More informationDiscrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography
Discrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography Colin Stirling Informatics Some slides based on ones by Myrto Arapinis Colin Stirling (Informatics) Discrete
More informationSequential Aggregate Signatures from Trapdoor Permutations
Sequential Aggregate Signatures from Trapdoor Permutations Anna Lysyanskaya Silvio Micali Leonid Reyzin Hovav Shacham Abstract An aggregate signature scheme (recently proposed by Boneh, Gentry, Lynn, and
More information5. (1-25 M) How many ways can 4 women and 4 men be seated around a circular table so that no two women are seated next to each other.
A.Miller M475 Fall 2010 Homewor problems are due in class one wee from the day assigned (which is in parentheses. Please do not hand in the problems early. 1. (1-20 W A boo shelf holds 5 different English
More informationA Secure Image Encryption Algorithm Based on Hill Cipher System
Buletin Teknik Elektro dan Informatika (Bulletin of Electrical Engineering and Informatics) Vol.1, No.1, March 212, pp. 51~6 ISSN: 289-3191 51 A Secure Image Encryption Algorithm Based on Hill Cipher System
More informationOverview. The Big Picture... CSC 580 Cryptography and Computer Security. January 25, Math Basics for Cryptography
CSC 580 Cryptography and Computer Security Math Basics for Cryptography January 25, 2018 Overview Today: Math basics (Sections 2.1-2.3) To do before Tuesday: Complete HW1 problems Read Sections 3.1, 3.2
More informationImage permutation scheme based on modified Logistic mapping
0 International Conference on Information Management and Engineering (ICIME 0) IPCSIT vol. 5 (0) (0) IACSIT Press, Singapore DOI: 0.7763/IPCSIT.0.V5.54 Image permutation scheme based on modified Logistic
More informationSecret Key Systems (block encoding) Encrypting a small block of text (say 128 bits) General considerations for cipher design:
Secret Key Systems (block encoding) Encrypting a small block of text (say 128 bits) General considerations for cipher design: Secret Key Systems (block encoding) Encrypting a small block of text (say 128
More informationPermutation Groups. Every permutation can be written as a product of disjoint cycles. This factorization is unique up to the order of the factors.
Permutation Groups 5-9-2013 A permutation of a set X is a bijective function σ : X X The set of permutations S X of a set X forms a group under function composition The group of permutations of {1,2,,n}
More informationMA/CSSE 473 Day 9. The algorithm (modified) N 1
MA/CSSE 473 Day 9 Primality Testing Encryption Intro The algorithm (modified) To test N for primality Pick positive integers a 1, a 2,, a k < N at random For each a i, check for a N 1 i 1 (mod N) Use the
More informationBIKE - Bit-Flipping Key Encapsulation Presented to the NIST Post-Quantum Cryptography Standardization Conference April, 13 th 2018, Fort Lauderdale, Florida, USA Authors: Nicolas Aragon Paulo S. L. M.
More informationContinuous Non-Malleable Key Derivation and Its Application to Related-Key Security
Continuous Non-Malleable Key Derivation and Its Application to Related-Key Security Baodong Qin 1,2, Shengli Liu 1, Tsz Hon Yuen 3, Robert H. Deng 4, Kefei Chen 5 1. Shanghai Jiao Tong University, China
More information