Presentation is loading. Please wait.

Presentation is loading. Please wait.

Signatures, etc. Network Security Gene Itkis Signature scheme: Formal definition GenKey Generation: Gen(1 k )   PK, SK  SignSigning: Sign(SK, M) 

Published byMercy Baldwin Modified over 8 years ago

Similar presentations

Presentation on theme: "Signatures, etc. Network Security Gene Itkis Signature scheme: Formal definition GenKey Generation: Gen(1 k )   PK, SK  SignSigning: Sign(SK, M) "— Presentation transcript:

1

2 Signatures, etc. Network Security Gene Itkis

3 Signature scheme: Formal definition GenKey Generation: Gen(1 k )   PK, SK  SignSigning: Sign(SK, M)  sig VerVerifying: Ver(PK, M,sig)  “valid” or “invalid”

4 Example: RSA Key Generation: –Gen –Gen(1 k )   PK=(N, e), SK=(N, d)  d = e -1 mod φ(N)  (z d mod N) e mod N = z Signing: –Sign –Sign (SK, M)  s = hash(M) d mod N Verifying: Ver – Ver (PK, M, s): test “ s e mod N = hash(M) ”

5 Example: Fiat-Shamir (modified) First: Zero-Knowledge Identification Protocol –Players: Prover P & Verifier V NI –Public (both V & P know): N, I s 2 mod N = I –Secret (only P knows): s, such that s 2 mod N = I –Production Center Secret: p & q, such that N = pq Allows Production Center to support many Provers with the same N I –Generate s for any I

6 Fiat-Shamir (cont.) P P (user) V V (e.g., system) s r  R Z * N ; x  r 2 mod N x q = 0 1 z=r z=rs mod N check: z 2  x ( mod N) I z 2  xI ( mod N) I q [z 2  xI q ( mod N)] IN, IIN, I Repeat k times z  rs q mod N

7 Fiat-Shamir (cont.) PProof (of P knowing s) P –after k rounds the probability of mistake (i.e. P cheating without being caught) is (1/2) k Zero-Knowledge –if query is known in advance: for query=0, select r, and x=r 2 mod N Ifor query=1, select z, and x=z 2 I mod N (z “pretends” to be rs mod N)

8 Security of Fiat-Shamir Relies on hardness of factoring: an algorithm “cracking” Fiat-Shamir yields an algorithm for factoring N randomness: of r for Zero-Knowledge Pof query - to prevent P from cheating

9 ZKP Identification  Signature Idea: P P (user) V V (e.g., system) {si}{si} r  R Z * N ; x  r 2 mod N x {qi}{qi} check: I i z 2  x Π i I i q i ( mod N) Ii}N, {Ii}Ii}N, {Ii} z  rΠ i s i q i mod N I Hash (M,I,x,…)

10 Exercise Write down the formal definition of the Fiat-Shamir signature scheme (as sketched above)

11 Signature scheme: Formal definition GenKey Generation: Gen(1 k )   PK, SK  SignSigning: Sign(SK, M)  sig VerVerifying: Ver(PK, M,sig)  “valid” or “invalid”

12 Signature scheme: Security definition (intuitive) Correct: Gen Gen(1 k )  { PK, SK } Sign Sign( SK, M )  sig Secure: Infeasible to compute valid  M, sig  without SK  Even given signatures on messages of her choice, adversary cannot forge signatures on new messages  Goal: Non-Repudiation If Sam signed M he cannot later deny this fact  Ver  Ver( PK, M,sig )  “ valid ”

13 Repudiation 1 Attack –Fake PK Defense –Certification, PKI Not 100%, but hopefully “good enough” –100% impossible

14 Repudiation 2 Stolen SK –Repudiation: fake stolen SK Problem: keys do get lost or stolen –People lose laptops/PDAs/cell phones –Hackers break into computers –…–…

15 Defenses Post-mortem: –PKI Certificate Revocation Expensive, Slow, … Prevention? –Group Signatures (key sharing) Threshold signatures –Forward security, Intrusion-Resilience

Download ppt "Signatures, etc. Network Security Gene Itkis Signature scheme: Formal definition GenKey Generation: Gen(1 k )   PK, SK  SignSigning: Sign(SK, M) "

Similar presentations

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Analysis of Direct Anonymous Attestation (DAA) Sudip Regmi Ilya Pirkin.

Analysis of Direct Anonymous Attestation (DAA) Sudip Regmi Ilya Pirkin.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA Secret sharing Secret sharing DTTF/NB479: DszquphsbqizDay 29.

Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA Secret sharing Secret sharing DTTF/NB479: DszquphsbqizDay 29.
Gene Itkis: BU CAS Network Security

Gene Itkis: BU CAS Network Security
CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.

CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.

Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
Proactive Secure Mobile Digital Signatures Work in progress. Ivan Damgård and Gert Læssøe Mikkelsen University of Aarhus.

Proactive Secure Mobile Digital Signatures Work in progress. Ivan Damgård and Gert Læssøe Mikkelsen University of Aarhus.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Chapter 7-1 Signature Schemes.

Chapter 7-1 Signature Schemes.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
Cryptography in Subgroups of Z n * Jens Groth UCLA.

Cryptography in Subgroups of Z n * Jens Groth UCLA.
Introduction to Modern Cryptography, Lecture 7/6/07 Zero Knowledge and Applications.

Introduction to Modern Cryptography, Lecture 7/6/07 Zero Knowledge and Applications.
Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: 361-396 Authors: D. Pointcheval and J. Stern Presented.

Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Similar presentations

Ads by Google