Presentation is loading. Please wait.

Presentation is loading. Please wait.

Coded Modulation and the Arrival of Signcryption Yuliang Zheng University of North Carolina at Charlotte Enhancing Crypto-Primitives with.

Published byJonathan Cunningham Modified over 8 years ago

Similar presentations

Presentation on theme: "Coded Modulation and the Arrival of Signcryption Yuliang Zheng University of North Carolina at Charlotte Enhancing Crypto-Primitives with."— Presentation transcript:

1 Coded Modulation and the Arrival of Signcryption Yuliang Zheng University of North Carolina at Charlotte yzheng@uncc.edu Enhancing Crypto-Primitives with Techniques from Coding Theory NATO Advanced Research Workshop 6-9 Oct. 2008, Veliko Tarnovo, Bulgaria

2 1 Outline Exposure to coded modulation Motivations Signcryption Look into the future

3 Error Corr (Encoder) Error Corr (Encoder) Modulation Error Corr (Decoder) Error Corr (Decoder) Security (Authen) Security (Authen) Security (Decryptor) Security (Decryptor) Security (Authen) Security (Authen) Security (Encryptor) Security (Encryptor) Source Decoder Source Decoder Source Encoder Source Encoder Communications system 2 Demodulation Channel

4 Prof. Hideki Imai’s Lab, in the late 80’s 3 Error Corr (Encoder) Error Corr (Encoder) Modulation Error Corr (Decoder) Error Corr (Decoder) Security (Authen) Security (Authen) Security (Decryptor) Security (Decryptor) Security (Authen) Security (Authen) Security (Encryptor) Security (Encryptor) Source Decoder Source Decoder Source Encoder Source Encoder Demodulation Channel

5 Error Correcting (encoder) + Modulation Error Correcting (encoder) + Modulation Error Correcting (decoder) + Demodulation Error Correcting (decoder) + Demodulation Coded modulation --- one of the hottest in 80’s 4 Security (Authen) Security (Authen) Security (Decryptor) Security (Decryptor) Security (Authen) Security (Authen) Security (Encryptor) Security (Encryptor) Source Decoder Source Decoder Source Encoder Source Encoder Channel

6 Coded modulation Combination/Co-design of error-correcting codes Multi-level modulation 2 types Trellis-coded modulation (TCM) Gottfried Ungerboeck,  Proposed in1975; Published in IEEE Trans on IT in 1982 Block-coded modulation (BCM) Hideki Imai and Shuji Hirakawa  Published in IEEE Trans on IT in 1976 5

7 Goals of coded modulation To transmit data as fast as possible, and as reliable (little errors) as possible To achieve Shannon’s capacity limit: C = B log 2 (1+S/N) C: channel capacity (bps) (= max. data transmission rate without error) B: channel bandwidth (Hz) S: power of signal (W) N: power of noise (W) 6

8 Challenges Modulation Transmission rate can be increased by Increase the number of waveforms (constellation points) for modulation However, an enlarged waveform set will also decrease “spacing” between waveforms, resulting in larger chances of errors at receiver Error-correcting codes Increasing error-correcting capabilities requires appending more parity bits/symbols, whereby reducing effective transmission rate 7

9 Address the challenges Co-design/integrate multi-level modulation and convolutional error-correcting code Assign waveforms to code words in such a way that maximizes Euclidean distance between the waveforms that are the most likely to be confused

10 Ungerboeck’s set partitioning (16QAM constellation mapper) 9

11 Error Corr (encoder) Error Corr (encoder) Modulation Trellis coded modulation The end result Increase transmission rate while at the same time, reduce errors at receiver KILL 2 BIRDS IN 1 STONE 10

12 Importance of coded modulation 11

13 Musing on coded modulation ½ dozen of my fellow PhD students working on coded modulation Doing Imai Lab’s ritual for 5 years weekly, long group seminars with students working on a vast array of different projects Applicable to cryptography ? Continue to muse after moving to Down Under 12

14 Major goals of cryptography Authenticity Trusted parties --- symmetric/private key authentication Untrusted parties --- asymmetric/public key authentication (digital signature, unforgeability) Confidentiality Symmetric/private key encryption Asymmetric/public key encryption Reduce cost/overhead Computation (over large integers) Expansion in length (=communication overhead) 13

15 In the paper & ink world: Signature-then-Seal 14 To achieve: authenticity (unforgeability & non-repudiation) To achieve: confidentiality

16 In the digital world: Signature-then-Encryption 1515/65 1. Add Signature Alice signs a message m using her secret key, i.e. creating sig on m. 2. Do Encryption Alice encrypts (m,sig) using AES with k. Alice creates another data so that Bob can recover k. (Typically, Alice encrypts k using Bob’s public key). msig m k m mod exp

17 Signature-then-Encryption (based on Discrete Logarithm) 16 encrypted using a private key cipher with k used by the receiver to reconstruct k m sig gxgx communication overhead EXP=3+2.17

18 Cost of Signature-then-Encryption 17

19 Questions on Efficiency Can we do better than “signature followed by encryption” ? For resource-constrained applications Wireless mobile devices Smart card applications Can we learn from other disciplines such as Communication engineering Imai-Hirakawa block coded modulation Ungerboeck trellis coded modulation 18

20 Co-design of digital signature and public key encryption ? 19 ? ? Security (Authen) Security (Authen) Security (Decryptor) Security (Decryptor) Security (Authen) Security (Authen) Security (Encryptor) Security (Encryptor) Source Decoder Source Decoder Source Encoder Source Encoder Error Correcting (encoder) + Modulation Error Correcting (encoder) + Modulation Error Correcting (decoder) + Demodulation Error Correcting (decoder) + Demodulation Channel

21 Goal: Signcryption (1996) To achieve both confidentiality, authenticity unforgeability & non-repudiation With a significantly smaller comp. & comm. Cost Cost (signcryption) << Cost (signature) + Cost (encryption) 20

22 How to co-design Focus on discrete logarithm (DL) based schemes: ElGamal type public key encryption DSS/Schnorr type digital signature Notice both use an “ephemeral public key”: g x Let them share the same ephemeral public key ! Hide it, as long as it can be recovered by the recipient ! 21

23 Signcryption -- public & secret parameters 22 Public to all p : a large prime q : a large prime factor of p-1 g : 0<g<p & with order q mod p Two 1-way hash functions: G: {0,1}*→ {0,1} L H: {0,1}* → Z q (E,D) : private-key encryption & decryption algorithms Alice’s keys : secret key : public key Bob’s keys : secret key : public key

24 Signcryption and Unsigncryption 23 Signcryption by Alice x ← {1,…,q-1} at random T = y b x mod p r = H(m, y a, y b, T) s = x/(r+x a ) mod q k=G(T) c=E k (m) Output (c, r, s) Signcryption by Alice x ← {1,…,q-1} at random T = y b x mod p r = H(m, y a, y b, T) s = x/(r+x a ) mod q k=G(T) c=E k (m) Output (c, r, s) Unsigncryption by Bob Compute k=G(T) m=D k (c) Check if r = H(m, y a, y b, T) Output m if yes, and Reject otherwise Unsigncryption by Bob Compute k=G(T) m=D k (c) Check if r = H(m, y a, y b, T) Output m if yes, and Reject otherwise m  (c, r, s) (c, r, s)  m

25 Cost of Signcryption (based on Discrete Logarithm) 24 m encrypted using a private key cipher with k communication overhead sig EXP=1+1.17

26 Why 1.17 exponentiations? 25 This can be done in a smart way, costing only 1.17 exponentiations on average ! D. Knuth, Seminumerical Algorithms, Vol. 2 of The Art of Computer Programming, 2 nd edition, Addison-Wesley, Exercise 27, Pages 465 & 637.

27 DL Signcryption v.s. sign- then-encrypt 26 |p|=|n| # of multiplications (the smaller the better)

28 DL Signcryption v.s. sign- then-encrypt 27 comm. Overhead ((# of bits, the smaller the better)

29 The end result 28 С един куршум - два заека (With one bullet - two rabbits)

30 Other developments Extensions: pairing, factorization, …… Add “bells and whistles” Multi-recipients, proxy, blind, threshold, ring, ID based, …… Authenticated encryption (Authencryption) Co-design of shared key authentication and encryption 29 Public or Private key AuthenticityNon- repudiation International standards SigncryptionPublic keyYes On the way AuthencryptionPrivate keyYesNoOn the way

31 Beyond coded modulation and signcryption ? There is no crypto equivalent of “Shannon’s capacity limit” Good ? Or Bad ? 30 Unsigncryption Source Decoder Source Decoder Source Encoder Source Encoder Signcryption Error Correcting (encoder) + Modulation Error Correcting (encoder) + Modulation Error Correcting (decoder) + Demodulation Error Correcting (decoder) + Demodulation Channel

32 31

33 32 Много благодаря ! Thank you !

Download ppt "Coded Modulation and the Arrival of Signcryption Yuliang Zheng University of North Carolina at Charlotte Enhancing Crypto-Primitives with."

Similar presentations

Updates on Signcryption Yuliang Zheng UNC Charlotte IEEE P1363 Meeting, UCSB 8/22/2002.

Updates on Signcryption Yuliang Zheng UNC Charlotte IEEE P1363 Meeting, UCSB 8/22/2002.
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
1 S.72-227 Digital Communication Systems Advanced Modulation and Random Access Techniques.

1 S Digital Communication Systems Advanced Modulation and Random Access Techniques.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
95-712 OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.

OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared.

Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared.
Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.

Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Introduction to Signcryption November 22, 2004. 22/11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.

Introduction to Signcryption November 22, /11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)

Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.

Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

Similar presentations

Ads by Google