Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Crash Course in Modern Crypto Tools Dan Boneh Stanford University.

Similar presentations


Presentation on theme: "A Crash Course in Modern Crypto Tools Dan Boneh Stanford University."— Presentation transcript:

1 A Crash Course in Modern Crypto Tools Dan Boneh Stanford University

2 1. Aggregate sigs Anyone can aggregate n signatures into one. Aggregate S convinces verifier that M 1, …, M n were properly signed by users 1, …, n. User 1: PK 1, M 1 S 1 User 2: PK 2, M 2 S 2 User n: PK n, M n S n S [BGLS02]

3 Sample applications Secure routing protocols (SBGP) # sigs in path attestation grows linearly in length of path. Aggregating sigs reduces traffic and memory. Certificate chains (chains of trust) Aggregate all sigs in chain into one ,1 4,1 3,1 4,1 9 8,2,1

4 2. Group Signatures Simple solution: give all users same private key … but, also need to: revoke signers when needed, and trace: trapdoor for undoing sig privacy. Key Issuer User 1 User 2 Is sig from user 1 or 2? msg sig

5 Example: Vehicle Safety Comm. (VSC) Car 1Car 2Car 3Car 4 brake Car Ambulance out of my way !! Require authenticated (signed) messages from cars. Prevent impersonation and DoS on traffic system. Privacy problem: cars broadcasting signed (x,y, v ). Clean solution: group sigs. Group = set of all cars.

6 3. Broadcast Encryption [FN93] Encrypt to arbitrary subsets S. Collusion resistance: secure even if all users in S c collude. K1K1 K2K2 K3K3 S {1,…,n} CT = E[M,S]

7 Example: Encrypted File Systems Broadcast to small sets: |S| << n Best construction: trivial. |CT|=O(|S|), |priv|=O(1) Examples: EFS, . File F E K F [F] E PK A [K F ] E PK C [K F ] Header < 256K E PK B [K F ]

8 Broadcast Encryption Public-key BE system: Setup(n):outputs private keys d 1, …, d n and public-key PK. Encrypt(S, PK, M): Encrypt M for users S {1, …, n} Output ciphertext CT. Decrypt(CT, S, j, d j, PK): If j S, output M. Broadcast contains ( [S], CT )

9 Broadcast size CT SizePriv-key size Small sets:trivialO(|S|)O(1) Large sets: NNL,HS,GST O(n-|S|)O(log n) Any set: BGW 05 O(1)

10 Broadcast size CT SizePriv-key size Small sets:trivialO(|S|)O(1) Large sets: NNL,HS,GST O(n-|S|)O(log n) Any set: BGW 05 O(1) with O(n) size public key

11 Summary Surveyed: Aggragate sigs, groups sigs, broadcast enc. All implemented in PBC Library: Open source under GPL


Download ppt "A Crash Course in Modern Crypto Tools Dan Boneh Stanford University."

Similar presentations


Ads by Google