Scribd Logo
Upload

Welcome to Scribd!

  • Lecturel5 2021 Key: Assumption

    Uploaded by

    lokesh chikkula
    19 views27 pages
    1. The document discusses symmetric key primitives like secret keys, MACs, and key exchange. 2. It describes how two parties can share a secret key via a courier or trusted third party and challenges with distributing keys over open systems like the Internet. 3. The development of public key cryptography in the 1970s using ideas like Diffie-Hellman key exchange and the RSA algorithm are discussed as solutions to key distribution problems.

    Original Description:

    Foundations of cryptography

    Original Title

    FOC_Lecture_15_16

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    1. The document discusses symmetric key primitives like secret keys, MACs, and key exchange. 2. It describes how two parties can share a secret key via a courier or trusted third party and challenges with distributing keys over open systems like the Internet. 3. The development of public key cryptography in the 1970s using ideas like Diffie-Hellman key exchange and the RSA algorithm are discussed as solutions to key distribution problems.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    19 views27 pages

    Lecturel5 2021 Key: Assumption

    Uploaded by

    lokesh chikkula
    1. The document discusses symmetric key primitives like secret keys, MACs, and key exchange. 2. It describes how two parties can share a secret key via a courier or trusted third party and challenges with distributing keys over open systems like the Internet. 3. The development of public key cryptography in the 1970s using ideas like Diffie-Hellman key exchange and the RSA algorithm are discussed as solutions to key distribution problems.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 27

    28 02

    Lecturel5 2021

    Symmetric key primitives


    TS KE MAC

    Assumption ow F exists

    Existance of Sharedkey

    How to share a secret

    Two parties share via


    keys
    some Courier
    frat service

    How to implement this for


    a
    open system e.g Internet
    tIssue
    keymange.mg

    E it
    each user need to

    Pz

    jIij

    REEF.TT
    long term key p HE k

    Secure channel
    Needham Schroeder Protocol
    Kerberos
    How to distribute long term key

    1971 Revolution

    Whitefled Diffe
    Martin Helman

    New directions in Cryptography

    Some actions to perform


    are
    easy
    but diff toe verse

    one way ness

    ed It is
    easy
    to
    Multiply two
    large primes
    But difficult to factor
    It

    Bob
    Alice
    K
    A IB
    Tasha
    É Correctness

    KA KB
    19701 GCHQ
    Ellis Cocks Williamson

    declassified in 1991
    m.net
    E
    KEII
    G
    A
    III B

    trans K

    b E 0 1
    MAI if b b
    If b o I K
    b l I on

    A KE Fis secure in the Presence


    of
    a lav if A PPT A F neg l 7

    Pr KEEF n
    17 negeens
    D1 K x a

    j.gg y
    Alice Bol
    Gen Ci
    G 19 g
    N E
    Za IFT Ye zig
    ha g
    I ha gy

    Ka Che KB ha

    II
    G Cyclic group of order q
    Alice Bt
    yjga.gg
    5 94
    k gag k guy
    in
    4
    It should not be able
    to extract se from
    g
    DL assumption

    DW is not sufficient
    there might be some other
    way
    to compute this must
    got be hard
    as well
    CDH problem
    The Adversary has to distinguish
    between
    got Real key and

    g Random Elemt
    from G
    DD H problem

    Diosaga
    Gently IG.g.gg
    pp
    h EG

    A wins if GE h

    Pr ID loggy aan 1 negi ca


    CDI
    I
    Gen 1
    Gigg
    L B I
    zq
    g.ge
    A wins if go.ae
    DDH
    g I
    Gen in pp

    of
    bE on

    It b
    or Ég
    b I
    Pr ACG E g g g

    P JIG a g ga g

    I nege n

    DD It is hard wart Gen in

    Order 0
    of Group n n

    In security
    Parameter
    a
    2
    t p is a prime

    9 6 1 DL is believed to be
    hard

    O Ta 0 2nd
    1.03
    lecture a1

    IL LEH DII

    I E
    I
    9th d
    DD It is hard in G CDH is HARD

    DL is HARD

    h h
    BCDH

    JIDDA
    function in Gt
    It is either hard almost
    everywhere in G or

    ii
    itiseasyevery where in G
    Ii

    k g gas k g g
    E
    A B
    I KEII
    IT
    t
    TRANS K
    I
    be 91

    If 6 0 I K
    f
    b l
    I Random
    ear
    R KE h
    A IT

    I Pr KEEF n i b o
    t

    Pr KEEF b i
    t n i

    9
    I Pr A G g g g g g

    Pr A G g g ga g
    I g of

    If 1 Pr AC guys
    IAC gt
    I P 10

    I BE A C gt 1
    Pr AC gm 17
    Pot KEEF n
    I neglen

    11
    In Practice we use KDF to

    extract the shared Fom the


    key
    strecretfd
    DH KE is secure against Passive
    adversary

    Man in the middle Attack


    FEI

    t
    f
    Ka gag t k g Y

    91 god

    Possible solution
    Introduce some form of
    Integrity

    O
    d B

    G e Public key G a 9

    g guy Non interactive


    Protocol

    p
    PKA PIB Pks
    g
    A B C
    L
    ABC f C PkB Ake

    solved usindlbinineartating

    How to construct m party


    MIKE from Standardassution
    Ii Is it possible to build a secure KE

    using symmetric key primitives


    Yes Protocol will be inefficient
    to achieve usual Security
    Guarantee
    IN Sn
    I I
    Puzzle Puzzle

    je u

    SID Solve Putzly


    I
    K SID ID SID
    KISII
    Solve each
    Izhtakes time t
    A can solve all the Puzzles and
    extract
    E.t
    Ln Oct
    then Alice Bob 0 Ct Quadratic

    for A Oct GI

    ME.IM BI
    si K MX
    Ei ti EU
    I puzzles C G G
    Enck C Ence lo
    PI Enck si

    is Pu
    Brute force FIEF
    in
    IKII G
    1KD
    E Si I
    Fine Grained Cryptography

    Separation between A and users

    guadratic
    This Quadratic Gap is

    optimal
    PublickeyEneryptionschem

    A public key
    E
    CSKA PKA S KB PK

    a secret Enemy
    key M Dec SKB C

    It should be hard to compute


    Sk
    from Pk
    secret Info
    Pk g
    DL is hard G
    If on
    PIE IT Gen Enc Dec

    skits Gen in

    C m
    Enepk
    Dees CC
    m

    or 1

    Correctness Deese Enepk


    m m

    Public key distribution


    Tubhekeyffrastructure PKI

    I
    provide Certificates
    Att
    f encrypted files

    cc

    ÉÉÉÉ
    É

    I me

    E
    If B wants to access f
    CB
    K
    Desk

    I to access
    H C want

    use
    Cy
    OP
    users in the network
    111 they need to store
    Pig Securely
    P cecrtkey
    2N
    Keys

    Efficiency PKE order of Magnitude


    slower than SKE
    h
    ÉI

    skitly Genci f

    Imol imy

    Mitty
    be Oil
    C
    ENCAMP

    It wins if b b IF
    A PKE IT is IND EAV secure if
    HIPTA I negl f

    Po Pub
    KEE a a Ittnegen
    A PRE cannot be deterministic

    iii it
    Enepicemi

    So PKE must be Randomized

    PKE
    Pesettysecure is impossible

    it Brute force and


    IND CPAsear.tt fPKE

    A can
    ear't
    A
    Any msg
    of its claim

    b
    It a P KE is IND EAV secure then

    it is IND CPA secure

    Also true for Multiple Enc


    is
    IT is IND CPA secure then it
    also ind multiple ene

    You might also like