Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Modern Cryptography, Lecture ?, 2005 Broadcast Encryption, Traitor Tracing, Watermarking.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Introduction to Modern Cryptography, Lecture ?, 2005 Broadcast Encryption, Traitor Tracing, Watermarking."— Presentation transcript:

1 Introduction to Modern Cryptography, Lecture ?, 2005 Broadcast Encryption, Traitor Tracing, Watermarking

2 Broadcast Encryption Transmit a message securely to a subset of a (large) user group. Introduce a resiliency measure, t, how many users can jointly break the system? Solution 1: Every user is missing a symmetric key, XOR the keys of the omitted users. This is 1-resilient. Alternately, use a tree like hash structure to reduce memory requirements per user Alternately, use a Diffie-Hellman like 1- resilient Scheme

3 Increasing the resiliency Assign the users to vertices of a hypercube. Transmit a message to the chosen group by transmitting 2 log n messages, 2 messages per coordinate. Every set of two users will be split by one of the partitions. This increases the resiliency to 2. Use a recursive construction to get resiliency t.

4 Randomized Constructions Allow randomization in the construction of the scheme For example, toss the users into t 2 bins. With constant probability a given set of size t will be split entirely. Many other solutions.

5 Traitor Tracing Imagine that the TV decoder is set to decrypt some data. A pirated version of the decoder should allow us to recognize the decoder copied. Simple solution: 2 log n keys in total, every decoder gets log n keys.

6 The idea behind TT schemes: Make it infeasible to construct an “ unrecognizable ” decoder from a set of legal decoders.

7 Weak One-Way Functions A function f:{0,1} *  {0,1} * is called weakly one way if the following hold: –Easy to compute f in polynomial time –Slightly hard to invert: there exists a positive polynomial p(), such that for every probabilistic polynomial time algorithm A ’, and all sufficiently large n ’ s:

8 Weak One-way functions imply strong one-way functions f is a weak one way function, and p() is the polynomial such that for every probabilistic polynomial time algorithm A ’, and all sufficiently large n ’ s:

9 Weak One-way functions imply strong one-way functions f is a weak one way function, let p() be the polynomial for which we define t(n)=n p(n) and define g as follows: Inverting g on g(y 1,y 2, …, y t(n) ) involves finding f --1 (y j )

10 Weak One-way functions imply strong one-way functions f is a weak one way function, we want to argue that g is a strong one way function. Alternately, we will show that if g is not a strong one way function, then f is not a weak one way function.

11 Weak One-way functions imply strong one-way functions if g is not a strong one way function: there exists a probabilistic polynomial time algorithm B ’ and a polynomial q() such that for infinitely many m ’ s:

12 Weak One-way functions imply strong one-way functions Using B ’, we now show that f is not weakly one way, one input y, n=|y|: Repeat a(n)=2n 2 q(n 2 p(n)) times: for i=1 to t(n) do select x 1, …, x t(n) from U n replace the i ’ th x with y feed the conactenated x i ’ s to B ’ check if f -1 (y) was computed

13 Hard core predicates f is one-way does not say that we cannot learn some partial information about f -1 (y) A polynomial time computable predicate b:{0,1} *  {0,1} * is called a hard core of a function f if for every probabilistic polynomial time algorithm A ’, every positive polynomial p(), and all sufficiently large n ’ s:

14 Hard core predicates for any one way function Let f be an arbitrary one-way function, and let g be defined by g(x,r) = f(x) || r. Let b(x,r) denote the inner product of the binary vectors x and r, then b is a hard core for the function g. Generalization: hard core functions (indistinguishable)

15 Psuedorandom generators Let f be a length preserving 1-1 strongly one way function, and let b a hard core predicate for f. Then The seqeunce (b(s), b(f(s)), b(f(f(s)), … is psuedorandom

16 What does this mean? You assume that AES is weakly one way: –You want a provably psuedorandom sequence for stream encryption. –You start by producing a strongly one way function which involves polynomially many applications of AES –You take the total output and xor it with a random string r, this gives you one bit of your stream –You then apply the strong one way function again, and repeat. –This is very expensive (obviously), but then, it suffices that AES be only weakly one way for you to be safe.

Download ppt "Introduction to Modern Cryptography, Lecture ?, 2005 Broadcast Encryption, Traitor Tracing, Watermarking."

Similar presentations

ONE WAY FUNCTIONS SECURITY PROTOCOLS CLASS PRESENTATION.

ONE WAY FUNCTIONS SECURITY PROTOCOLS CLASS PRESENTATION.
1 Complexity ©D.Moshkovitz Cryptography Where Complexity Finally Comes In Handy…

1 Complexity ©D.Moshkovitz Cryptography Where Complexity Finally Comes In Handy…
Many-to-one Trapdoor Functions and their Relations to Public-key Cryptosystems M. Bellare S. Halevi A. Saha S. Vadhan.

Many-to-one Trapdoor Functions and their Relations to Public-key Cryptosystems M. Bellare S. Halevi A. Saha S. Vadhan.
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
Foundations of Cryptography Lecture 11 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 11 Lecturer: Moni Naor.
CIS 5371 Cryptography 3b. Pseudorandomness.

CIS 5371 Cryptography 3b. Pseudorandomness.
Foundations of Cryptography Lecture 5 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 5 Lecturer: Moni Naor.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Foundations of Cryptography Lecture 4 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 4 Lecturer: Moni Naor.
Traitor Tracing Vijay Ramachandran CS 655: E-commerce Foundations October 10, 2000.

Traitor Tracing Vijay Ramachandran CS 655: E-commerce Foundations October 10, 2000.
Traitor Tracing Papers Benny Chor, Amos Fiat and Moni Naor, Tracing Traitors (1994) Moni Naor and Benny Pinkas, Threshold Traitor Tracing (1998) Presented.

Traitor Tracing Papers Benny Chor, Amos Fiat and Moni Naor, Tracing Traitors (1994) Moni Naor and Benny Pinkas, Threshold Traitor Tracing (1998) Presented.
Foundations of Cryptography Lecture 5: Signatures and pseudo-random generators Lecturer: Moni Naor.

Foundations of Cryptography Lecture 5: Signatures and pseudo-random generators Lecturer: Moni Naor.
ACT1 Slides by Vera Asodi & Tomer Naveh. Updated by : Avi Ben-Aroya & Alon Brook Adapted from Oded Goldreich’s course lecture notes by Sergey Benditkis,

ACT1 Slides by Vera Asodi & Tomer Naveh. Updated by : Avi Ben-Aroya & Alon Brook Adapted from Oded Goldreich’s course lecture notes by Sergey Benditkis,
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
Introduction to Modern Cryptography Homework assignments.

Introduction to Modern Cryptography Homework assignments.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Oded Regev Tel-Aviv University On Lattices, Learning with Errors, Learning with Errors, Random Linear Codes, Random Linear Codes, and Cryptography and.

Oded Regev Tel-Aviv University On Lattices, Learning with Errors, Learning with Errors, Random Linear Codes, Random Linear Codes, and Cryptography and.
Lecturer: Moni Naor Weizmann Institute of Science

Lecturer: Moni Naor Weizmann Institute of Science
On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.

On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Similar presentations

Ads by Google