Scribd Logo
Upload

Welcome to Scribd!

  • FOC Lecture 18 19

    Uploaded by

    lokesh chikkula
    12 views21 pages
    Foundations of cryptography

    Original Title

    FOC_Lecture_18_19

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Foundations of cryptography

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views21 pages

    FOC Lecture 18 19

    Uploaded by

    lokesh chikkula
    Foundations of cryptography

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 21

    Lecture

    PK E Decryption can fit with


    fty
    RSI
    P Q N P Q
    I primality test
    s

    A Ks Prime in P

    with Error
    CLEE LPN EW R
    Learning

    Its B solve it for s


    z

    As B t
    fief noise
    h gn
    Cheat
    Gey Reza
    tsk h Sk N

    EncCtkimyyezqhY_gn l
    EHCgt.gnsy.F
    sq.EE
    ct
    Dec

    ca G sk
    K H Ci Ci
    Cz
    M
    Deesym Ck

    It is RO and CDH is hard in G


    If
    and is IND EAV secure then
    Encgym
    IT is IND CPA secure
    Application
    Provides
    Alice News
    Boy Reader

    M
    Read it News
    Pay forthat

    in 1

    Alice can track what Bob Reads


    1
    Profile of Bob
    Political inclination
    Age Gramps

    use this information


    Third Party
    manipulate Bob in
    to
    certain ways
    Facebook Cambridge Analytics Brexit
    Alice Bob
    s
    MI
    Ideally
    Bob
    Alice

    in
    Replace this an interactivetrotoed
    TTI using

    Oblivious Transfer OT

    I out ofnot
    Alice Bol
    i Protocol
    em mm
    that
    instantiate
    m
    For

    t.FI
    mI
    Ideal
    world
    ene to instantiate
    we can use
    Samal wantsto learn
    For y MI

    m tt me3 it e

    KE
    Ze YE 29

    e
    Hj e i
    i
    ni
    Uj Dai g

    ie Ui

    Enesym
    Kjin
    Ej
    T.ci ce
    In the it index I g
    i
    Bob
    t
    cam ni g ni got
    correctly
    Deaf
    Ki Hga ga
    to learn I Eisenesymchitmi
    deity a But
    94.0 y eZq

    U is uniformly distributed over G from

    Alice's point of view

    V Bob
    Alice
    s me
    man

    then we can
    mi mi
    If Bob learns in G
    CDH assumption
    use Bob to break

    a s
    Bob learns tooo Mi mi

    Cu v
    xfu.mil
    i i se
    re

    ED got
    E y
    variant at
    IIA
    CD H

    mp

    TÉF IÉIÉtam
    BEI gamal Enc is homomorphic

    EI.LI m.e h tk
    g Y
    EZ MzE
    qtr MIM
    CTz b e Ze

    91 22 Y 192
    GT Cta g h

    I
    gath gong's
    h g Ig g

    mi Mu
    IIe
    vqfa gamaisadiveytomomoru.ie
    Homo the
    gt k gm Additively
    h g
    r

    e g atgm ga h gm

    2
    12 gmitm

    Dec gmt hat gm


    tm
    n

    gm tm's solve DW
    Ep d
    DL is hand inn G

    Use Additively Homorphic El game

    small messages
    for
    IIIIIIIIti PRE is inefficient

    mane
    it is better to
    USE PRE ASKE
    CT Ce
    is to use
    A more direct Approach
    keyencapsulation
    keyprimitive
    public
    KEM
    mechanism
    Gen En caps Decafs
    KEM
    KE 013
    Pk.sk Gen in

    K Encaps cpk
    Sk
    ing
    C
    be Decafs
    Atami

    C Encsym Dee sym


    IT

    Gent Clk Sk Gen C1

    GK m
    G Enesym
    e e

    DechI k c Decaps
    SK c

    K G
    m E Decsgm
    tf gÉ Encapsulating abitkey
    ter bit of
    B Cost of sym
    ene
    plaintext
    lml n

    Cost per bit of plaintext for encrypting


    using this
    is
    a message m

    atfiimf.EE I
    large enough
    Cost approach to B
    PKE th
    Cost per bit for
    for SKE
    Cost per bit
    kensth.I.gg e
    ocpEncat
    G

    EnesD Ct size
    SKE of Me say
    is tM

    I Examt
    off

    let L t nt lml
    b
    PRE Assume the Ct size to be
    Use

    let L
    Ting

    É is cpa secure KEM and IT

    Thy
    not
    is

    IND EAV IFSKE.tn is

    T.sk eT
    t

    Csk.tk Gencin
    cc is e Enable's
    imy

    KE 0,13
    be 0,1

    b
    b
    o

    l
    I
    I e
    K
    91
    F
    b b
    KEMI n l if

    secure if F PPT A
    A KEM is CPA
    I neglen 7

    Pr KEM a a sttnegeens
    G 0,131
    KE
    Ze h ga H

    Pk L G q g h H

    Sk L G q g
    x

    Encaps Pk
    y e
    Zar
    g't H Ch
    I T H ga

    Decatscsk.gg
    K H C gay

    KEM is CPA secure


    DD It is Hard in G H is a

    Secure
    II
    KEM is CPA Secure W r t weaker
    CDH Model H as a
    assumption
    Random Oracle
    YE.IE or
    be on

    I
    df.AIEIID.cat7
    t
    EncatspaCM
    I I o
    n

    I
    G
    God a g
    0,18
    KE Za h g H G

    h H
    t Bk G q g
    Sk G a NY
    g

    Engap.lt be 2g
    2 go Cho
    T T so

    Decapsest k H C
    KEM is CPA Secure CDH is Hard in G

    H is modeled as a R

    DEH EEH DL

    than Ddt
    Italy is harder

    IT is CPA secure
    If CD It is hand in G
    negeens
    Pr KEMI n I z It

    C gY É

    G K

    got
    Élh
    Has a Randomac
    Hen is uniform

    A B
    To
    it
    jiffy
    ga
    20,1327
    K

    y
    Et
    94 H KY

    h g
    K H h

    QI
    At 9ms

    A
    Ight
    is going to use this
    CDH
    Query to solve
    Yi Ye
    4 outpt I
    W gig
    I
    Pr A'C oh s gas Piqued
    P Ques I E Practise
    Poly n

    Po Query I neg n
    Pr KEM
    4 n I

    A Quins
    Pr I
    Pr A guy

    a n guns
    Potage en

    1
    Pr I I Quit Pr I aim

    s e I
    iigm FEE

    iktt.ee

    cpx.si

    GucMft
    F
    boo
    Enc Iy
    Mb

    IND CCA secure H PPT A F neg e n

    Pr I Pubka n i
    It negeen

    thy ITEM IT'sym

    T
    T
    CA
    PKE
    Secure IE
    CEA Secure EA secure

    You might also like