Professional Documents
Culture Documents
Lecturel5 2021 Key: Assumption
Lecturel5 2021 Key: Assumption
Lecturel5 2021
Assumption ow F exists
Existance of Sharedkey
E it
each user need to
Pz
jIij
REEF.TT
long term key p HE k
Secure channel
Needham Schroeder Protocol
Kerberos
How to distribute long term key
1971 Revolution
Whitefled Diffe
Martin Helman
ed It is
easy
to
Multiply two
large primes
But difficult to factor
It
Bob
Alice
K
A IB
Tasha
É Correctness
KA KB
19701 GCHQ
Ellis Cocks Williamson
declassified in 1991
m.net
E
KEII
G
A
III B
trans K
b E 0 1
MAI if b b
If b o I K
b l I on
Pr KEEF n
17 negeens
D1 K x a
j.gg y
Alice Bol
Gen Ci
G 19 g
N E
Za IFT Ye zig
ha g
I ha gy
Ka Che KB ha
II
G Cyclic group of order q
Alice Bt
yjga.gg
5 94
k gag k guy
in
4
It should not be able
to extract se from
g
DL assumption
DW is not sufficient
there might be some other
way
to compute this must
got be hard
as well
CDH problem
The Adversary has to distinguish
between
got Real key and
g Random Elemt
from G
DD H problem
Diosaga
Gently IG.g.gg
pp
h EG
A wins if GE h
of
bE on
It b
or Ég
b I
Pr ACG E g g g
P JIG a g ga g
I nege n
Order 0
of Group n n
In security
Parameter
a
2
t p is a prime
9 6 1 DL is believed to be
hard
O Ta 0 2nd
1.03
lecture a1
IL LEH DII
I E
I
9th d
DD It is hard in G CDH is HARD
DL is HARD
h h
BCDH
JIDDA
function in Gt
It is either hard almost
everywhere in G or
ii
itiseasyevery where in G
Ii
k g gas k g g
E
A B
I KEII
IT
t
TRANS K
I
be 91
If 6 0 I K
f
b l
I Random
ear
R KE h
A IT
I Pr KEEF n i b o
t
Pr KEEF b i
t n i
9
I Pr A G g g g g g
Pr A G g g ga g
I g of
If 1 Pr AC guys
IAC gt
I P 10
I BE A C gt 1
Pr AC gm 17
Pot KEEF n
I neglen
11
In Practice we use KDF to
t
f
Ka gag t k g Y
91 god
Possible solution
Introduce some form of
Integrity
O
d B
G e Public key G a 9
p
PKA PIB Pks
g
A B C
L
ABC f C PkB Ake
solved usindlbinineartating
je u
for A Oct GI
ME.IM BI
si K MX
Ei ti EU
I puzzles C G G
Enck C Ence lo
PI Enck si
is Pu
Brute force FIEF
in
IKII G
1KD
E Si I
Fine Grained Cryptography
guadratic
This Quadratic Gap is
optimal
PublickeyEneryptionschem
A public key
E
CSKA PKA S KB PK
a secret Enemy
key M Dec SKB C
skits Gen in
C m
Enepk
Dees CC
m
or 1
I
provide Certificates
Att
f encrypted files
cc
ÉÉÉÉ
É
I me
E
If B wants to access f
CB
K
Desk
I to access
H C want
use
Cy
OP
users in the network
111 they need to store
Pig Securely
P cecrtkey
2N
Keys
skitly Genci f
Imol imy
Mitty
be Oil
C
ENCAMP
It wins if b b IF
A PKE IT is IND EAV secure if
HIPTA I negl f
Po Pub
KEE a a Ittnegen
A PRE cannot be deterministic
iii it
Enepicemi
PKE
Pesettysecure is impossible
A can
ear't
A
Any msg
of its claim
b
It a P KE is IND EAV secure then