Rennes, 23/10/2014 Cristina Onete Commitment Schemes and Identification/Authentication.

Slides:



Advertisements
Similar presentations
TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
Advertisements

1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.
1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global.
Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
Copyright © 2007 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Slide
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
0 - 0.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
MULTIPLYING MONOMIALS TIMES POLYNOMIALS (DISTRIBUTIVE PROPERTY)
ADDING INTEGERS 1. POS. + POS. = POS. 2. NEG. + NEG. = NEG. 3. POS. + NEG. OR NEG. + POS. SUBTRACT TAKE SIGN OF BIGGER ABSOLUTE VALUE.
SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION
MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts
Cryptography encryption authentication digital signatures
RSA.
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
ZMQS ZMQS
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Chapter 10 Real world security protocols
© S Haughton more than 3?
1 An Asymmetric Fingerprinting Scheme based on Tardos Codes Ana Charpentier INRIA Rennes Caroline Fontaine CNRS Télécom Bretagne Teddy Furon INRIA Rennes.
Linking Verb? Action Verb or. Question 1 Define the term: action verb.
This, that, these, those Number your paper from 1-10.
Video Audio Shot 1 Shot: Long Shot Girl starts floating in the air as she is yelling at her teacher. The teacher is heard whimpering at the sight and sound.
GG Consulting, LLC I-SUITE. Source: TEA SHARS Frequently asked questions 2.
1 First EMRAS II Technical Meeting IAEA Headquarters, Vienna, 19–23 January 2009.
Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,
Addition 1’s to 20.
25 seconds left…...
Test B, 100 Subtraction Facts
Week 1.
Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Privacy in signatures. Hiding in rings, hiding in groups.
NSCHS College Visit Sign Up Procedure 1.Determine which college(s) you want to sign up to visit with List of college visits are found on the CCC bulletin.
We will resume in: 25 Minutes.
(1) *I kicked yourself (2) *He kicked yourself (3) You kicked yourself.
Off-the-Record Communication, or, Why Not To Use PGP
Strategy Practice (page 49)
Lecture 5: Cryptographic Hashes
CSC 474 Information Systems Security
Gerunds A gerund is a noun made from a verb by adding "-ing."
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Rennes, 23/10/2014 Cristina Onete Commitment Schemes and Identification/Authentication.
Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Sigma Protocols and (Non-Interactive) Zero Knowledge.
Rennes, 23/10/2014 Cristina Onete Key-Exchange Protocols. Diffie-Hellman, Active Attacks, and TLS/SSL.
Rennes, 23/10/2014 Cristina Onete Putting it all together: using multiple primitives together.
CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.
Class on Security Raghu. Current state of Security Cracks appear all the time Band Aid solutions Applications are not designed properly OS designs are.
Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Introduction to Modern Cryptography, Lecture 7/6/07 Zero Knowledge and Applications.
Introduction to Modern Cryptography, Lecture 9 More about Digital Signatures and Identification.
Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.
Rennes, 15/10/2014 Cristina Onete Message authenticity: Digital Signatures.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Rennes, 23/10/2014 Cristina Onete Graded Exercises & Authentication.
Basic Cryptography 1. What is cryptography? Cryptography is a mathematical method of protecting information –Cryptography is part of, but not equal to,
Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.
Digital Signatures, Message Digest and Authentication Week-9.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Software Security Seminar - 1 Chapter 4. Intermediate Protocols 발표자 : 이장원 Applied Cryptography.
Bit Commitment, Fair Coin Flips, and One-Way Accumulators Matt Ashoff 11/9/2004 Cryptographic Protocols.
Zero Knowledge r Two parties:  All powerful prover P  Polynomially bounded verifier V r P wants to prove a statement to V with the following properties:
Topic 36: Zero-Knowledge Proofs
Presentation transcript:

Rennes, 23/10/2014 Cristina Onete Commitment Schemes and Identification/Authentication

 Commitment Schemes AliceBob  Example : Alice and Bob must agree who will clean tonight They are at their offices. Each tosses a coin & they call:  If tosses are the same, then Alice cleans  If tosses are different, then Bob cleans Who talks first? Bob Alice Cristina Onete || 06/11/2014 || 2

 Commitment Schemes Alice Bob  Alice and Bob toss Alice talks first Bob talks first Bob Alice  How can we avoid this? Bob says he tossed the same value Alice says she tossed the opposite value Cristina Onete || 06/11/2014 || 3

 Commitment Schemes AliceBob  Commitment: an envelope with a strange seal Alice talks first Commit phase: she hides toss in envelope, gives it to Bob Reveal phase: Alice tells Bob how to unseal envelope Bob reveals toss Bob cleans Cristina Onete || 06/11/2014 || 4

 Commitment Schemes AliceBob  Properties: Hiding: The content of the envelope is not visible Bob doesn’t know anything about Alice’s toss Binding: Alice can’t change the content in the envelope Alice can’t cheat after getting Bob’s toss Cristina Onete || 06/11/2014 || 5

 Commitment Schemes Alice Bob  Formally:  Commitment hiding: ……………………  Commitment binding: Cristina Onete || 06/11/2014 || 6

 Pedersen Commitments AliceBob …………………… Impossible Cristina Onete || 06/11/2014 || 7

 Pedersen Commitments AliceBob ……………………  Hiding: Cristina Onete || 06/11/2014 || 8

 DLog-based Commitments AliceBob ……………………  Computationally hiding: DLog  Perfectly binding by construction Cristina Onete || 06/11/2014 || 9

 Exercise 1  Consider a hash function H  Use the commitment scheme  Is this commitment binding if H is one-way?  If H is one-way, is this commitment hiding? Cristina Onete || 06/11/2014 || 10

 Exercise 2  Use the commitment scheme  Is this commitment binding?  Is this commitment hiding?  What happens if the value s is known? Cristina Onete || 06/11/2014 || 11

 Exercise 3  Use the commitment scheme  Is this commitment hiding?  Is this commitment binding? Cristina Onete || 06/11/2014 || 12

 Identification & Authentication ProverVerifier  Goal (identification) : The prover wants to convince the verifier she is who she pre- tends to be Example: interview/application/exam  Goal (authentication) : Prover wants to prove she’s legitimate Example: owner of a house, student at University, etc ID Cristina Onete || 06/11/2014 || 13

 Challenge-Response  Two-move protocol Verifier starts, sending a challenge Prover sends a response Based on the challenge-response, the verifier must make his decision ProverVerifier challenge response Cristina Onete || 06/11/2014 || 14

 Challenge-Response Prover Verifier challenge response  Symmetric authentication: Verifier stores a keyring of many keys (each corresponding to one prover) Goal of challenge-response: verifier can decide whether the prover is legitimate or not Shared Property 1: a legitimate prover can always authenticate Property 2: an illegitimate prover can never authenticate Cristina Onete || 06/11/2014 || 15

 Challenge-Response Prover Verifier challenge response Shared  Exercise 4: Can the set of possible challenges be small? Cristina Onete || 06/11/2014 || 16

 Challenge-Response Prover Verifier challenge response  Exercise 5: Design a challenge-response protocol using a symmetric encryption function Now use a PK encryption scheme Use a pseudo-random hash function Now use a signature scheme Use a commitment scheme and a 1-way hash function Cristina Onete || 06/11/2014 || 17

 Exercises  Exercise 6: Prover Verifier Use the protocol above, assuming the hash function produ- ces pseudo-random outputs What is a simple denial-of-service attack that an attacker can run against a verifier who stores very many keys? Cristina Onete || 06/11/2014 || 18

 Exercises Prover Verifier  Exercise 7: A mutual authentication protocol is one in which both parties can verify the legitimacy of their partner Start from a basic 2-move challenge-response protocol. Can you think of a 3-move protocol that ensures MUTUAL authentication? Design a mutual authentication protocol using only a (keyed) hash function. What are the required properties? Cristina Onete || 06/11/2014 || 19

 Exercise 8: the age game  One of your friends, a girl, asks you to guess her age  You know the penalty for guessing she is too old: she’ll kick you and punch you, and probably then kill you  So you say: I bet you I know your age. But you have to give me your ID card to check it. If it’s right, I will prove to you that I knew your age. If I am wrong, I’m buying you flowers, chocolates, and an expensive dinner Use a commitment scheme. The idea is that you want to be able to prove that your guess was right (if the number you guessed is at most her age – as you will see from her ID) or withold any information about your guess (if you guessed wrongly). That way, she will at least not know how old you thought she was Cristina Onete || 06/11/2014 || 20

CIDRE Thanks!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.