Download presentation

Presentation is loading. Please wait.

Published byJesus Potter Modified over 3 years ago

1
A Crash Course in Modern Crypto Tools Dan Boneh Stanford University

2
1. Aggregate sigs Anyone can aggregate n signatures into one. Aggregate S convinces verifier that M 1, …, M n were properly signed by users 1, …, n. User 1: PK 1, M 1 S 1 User 2: PK 2, M 2 S 2 User n: PK n, M n S n S [BGLS02]

3
Sample applications Secure routing protocols (SBGP) # sigs in path attestation grows linearly in length of path. Aggregating sigs reduces traffic and memory. Certificate chains (chains of trust) Aggregate all sigs in chain into one. 1 2 8 7 4 3 5 6 1 1 1 2,1 4,1 3,1 4,1 9 8,2,1

4
2. Group Signatures Simple solution: give all users same private key … but, also need to: revoke signers when needed, and trace: trapdoor for undoing sig privacy. Key Issuer User 1 User 2 Is sig from user 1 or 2? msg sig

5
Example: Vehicle Safety Comm. (VSC) Car 1Car 2Car 3Car 4 brake 1. 2. Car Ambulance out of my way !! Require authenticated (signed) messages from cars. Prevent impersonation and DoS on traffic system. Privacy problem: cars broadcasting signed (x,y, v ). Clean solution: group sigs. Group = set of all cars.

6
3. Broadcast Encryption [FN93] Encrypt to arbitrary subsets S. Collusion resistance: secure even if all users in S c collude. K1K1 K2K2 K3K3 S {1,…,n} CT = E[M,S]

7
Example: Encrypted File Systems Broadcast to small sets: |S| << n Best construction: trivial. |CT|=O(|S|), |priv|=O(1) Examples: EFS, Email. File F E K F [F] E PK A [K F ] E PK C [K F ] Header < 256K E PK B [K F ]

8
Broadcast Encryption Public-key BE system: Setup(n):outputs private keys d 1, …, d n and public-key PK. Encrypt(S, PK, M): Encrypt M for users S {1, …, n} Output ciphertext CT. Decrypt(CT, S, j, d j, PK): If j S, output M. Broadcast contains ( [S], CT )

9
Broadcast size CT SizePriv-key size Small sets:trivialO(|S|)O(1) Large sets: NNL,HS,GST O(n-|S|)O(log n) Any set: BGW 05 O(1)

10
Broadcast size CT SizePriv-key size Small sets:trivialO(|S|)O(1) Large sets: NNL,HS,GST O(n-|S|)O(log n) Any set: BGW 05 O(1) with O(n) size public key

11
Summary Surveyed: Aggragate sigs, groups sigs, broadcast enc. All implemented in PBC Library: http://crypto.stanford.edu/pbc Open source under GPL

Similar presentations

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google