Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Modern Cryptography Sharif University Spring 2015 Data and Network Security Lab Sharif University of Technology Department of Computer.

Published byAshley Jackson Modified over 8 years ago

Similar presentations

Presentation on theme: "Introduction to Modern Cryptography Sharif University Spring 2015 Data and Network Security Lab Sharif University of Technology Department of Computer."— Presentation transcript:

1 Introduction to Modern Cryptography Sharif University Spring 2015 Data and Network Security Lab Sharif University of Technology Department of Computer Engineering Sample Applications of Computational Number Theory in Cryptography Author & Instructor: Mohammad Sadeq Dousti 1 / 18

2 Introduction to Modern Cryptography Sharif University Spring 2015  These set of slides are licensed under Creative Commons Attribution-NonCommercial- ShareAlike (CC BY-NC-SA) 4.0.  Basically, this license allows others to use the slides verbatim, and even modify and incorporate them into their own work, as long as: 1. They credit the original author(s); 2. Their work is used non-commercially; 3. They license their work under CC BY-NC-SA 4.0.  For further information, please consult: o https://creativecommons.org/licenses/by-nc-sa/4.0 https://creativecommons.org/licenses/by-nc-sa/4.0 o https://creativecommons.org/licenses/by-nc- sa/4.0/legalcode https://creativecommons.org/licenses/by-nc- sa/4.0/legalcode Copyright Notice 2 / 18

3 Introduction to Modern Cryptography Sharif University Spring 2015  Applications to RSA  RSA is not a secure encryption  Goldwasser–Micali Cryptosystem  Commitment schemes  Coin flipping over the phone  Oblivious transfer  Applications to CFF/CFPs Outline 3 / 18

4 Introduction to Modern Cryptography Sharif University Spring 2015 Applications to RSA 4 / 18

5 Introduction to Modern Cryptography Sharif University Spring 2015 Applications to RSA (Cont’d) 5 / 18

6 Introduction to Modern Cryptography Sharif University Spring 2015 RSA leaks partial information about the message 6 / 18

7 Introduction to Modern Cryptography Sharif University Spring 2015  GM is an encryption scheme. o We will define encryption schemes later. o Informally, the do not leak even partial information.  GM uses a Blum integer n as public key.  The private keys are the factorization of n.  GM encrypts one bit at a time. Goldwasser–Micali Cryptosystem 7 / 18

8 Introduction to Modern Cryptography Sharif University Spring 2015 Goldwasser–Micali Cryptosystem (Cont’d) 8 / 18

9 Introduction to Modern Cryptography Sharif University Spring 2015  A commitment scheme is a security protocol between two parties S (sender) and R (receiver), which has two phases: o Commit o Decommit (or reveal)  Informally: o In the commit phase, S sends a secret value  to R, in such a way that R learns nothing about . o In the decommit phase, S reveals the secret value  to R. - In this phase, it is required that S cannot change the value he committed to. Commitment schemes 9 / 18

10 Introduction to Modern Cryptography Sharif University Spring 2015 1. S generates a random Blum integer N. 2. S encrypts his secret: c = GM(N,  ). 3. Commitment: S sends (N, c) to R. 4. Decommitment: S reveals the randomness used in GM(N,  ) to R.  The above approach works as long as S acts honestly.  What if S chooses N as a non-Blum integer? Using GM to construct a commitment S should prove to R that he picked N honestly. The proof must leak nothing about the factors of N to R. The idea behind zero-knowledge proofs: Proofs that leak nothing but the validity of the statement being proven. S should prove to R that he picked N honestly. The proof must leak nothing about the factors of N to R. The idea behind zero-knowledge proofs: Proofs that leak nothing but the validity of the statement being proven. 10 / 18

11 Introduction to Modern Cryptography Sharif University Spring 2015 Alternative to ZK proofs: Sending decomposition of N 1. S generates a random Blum integer N. 2. S encrypts his secret: c = GM(N,  ). 3. Commitment: S sends (N, c) to R. 4. Decommitment: S sends the factors of N to R. “R verifies that N is a Blum integer, and decrypts .” 1. S generates a random Blum integer N. 2. S encrypts his secret: c = GM(N,  ). 3. Commitment: S sends (N, c) to R. 4. Decommitment: S sends the factors of N to R. “R verifies that N is a Blum integer, and decrypts .” 11 / 18

12 Introduction to Modern Cryptography Sharif University Spring 2015  Assignment 1: Prove that it is a computational binding (assuming log g h modulo p is unknown) and perfect hiding commitment.  Assignment 2: Argue that simultaneous perfect binding & perfect hiding are impossible in commitments. A computational binding & perfect hiding commitment 12 / 18

13 Introduction to Modern Cryptography Sharif University Spring 2015 Coin flipping over the phone 13 / 18

14 Introduction to Modern Cryptography Sharif University Spring 2015  Application 1: Exchange of secrets o Two parties want to exchange their secrets. o Neither is willing to reveal his secret before the other one does so.  Application 2: Contract signing o Two parties want to sign a contract. o Neither is willing to sign before the other one does so.  These applications gave rise to two flavors of OT.  They were shown to be “equivalent.”  OT is sufficiently strong to enable any two-party protocol to be performed. Oblivious Transfer (OT) 14 / 18

15 Introduction to Modern Cryptography Sharif University Spring 2015 Flavor 1:  Sender S has a secret message m.  He wants to “obliviously” transfer it to receiver R. o R receives m with probability ½. o S cannot guess whether R received m or not. Flavor 1:  Sender S has a secret message m.  He wants to “obliviously” transfer it to receiver R. o R receives m with probability ½. o S cannot guess whether R received m or not. OT Flavors 15 / 18

16 Introduction to Modern Cryptography Sharif University Spring 2015  The above protocol requires ZK proofs to be secure against both cheating senders and receivers.  Assignment: Describe how S can cheat. Do the same for R.  We omit an example for OT Flavor 2 for conciseness. OT Flavor 1 16 / 18

17 Introduction to Modern Cryptography Sharif University Spring 2015 Constructing CFF/CFP based on factoring 17 / 18

18 Introduction to Modern Cryptography Sharif University Spring 2015  [Gol01] O. Goldreich. Foundations of Cryptography Volume 1: Basic Tools. Cambridge University Press, 2001.  [KL08] J. Katz and Y. Lindell. Introduction to Modern Cryptography: Principles and Protocols. CRC Press, 2007.  [GB08] S. Goldwasser and M. Bellare. Lecture Notes on Cryptography. 2008. References 18 / 18

Download ppt "Introduction to Modern Cryptography Sharif University Spring 2015 Data and Network Security Lab Sharif University of Technology Department of Computer."

Similar presentations

Wonders of the Digital Envelope

Wonders of the Digital Envelope
Foundations of Cryptography Lecture 11 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 11 Lecturer: Moni Naor.
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.

Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.

CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Computational Security. Overview Goal: Obtain computational security against an active adversary. Hope: under a reasonable cryptographic assumption, obtain.

Computational Security. Overview Goal: Obtain computational security against an active adversary. Hope: under a reasonable cryptographic assumption, obtain.
Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
Short course on quantum computing Andris Ambainis University of Latvia.

Short course on quantum computing Andris Ambainis University of Latvia.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
Slide 1 Vitaly Shmatikov CS 380S Introduction to Zero-Knowledge.

Slide 1 Vitaly Shmatikov CS 380S Introduction to Zero-Knowledge.
Zero-Knowledge Proofs J.W. Pope M.S. – Mathematics May 2004.

Zero-Knowledge Proofs J.W. Pope M.S. – Mathematics May 2004.
CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.

CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.
Zero Knowledge Proofs By Subha Rajagopalan Jaisheela Kandagal.

Zero Knowledge Proofs By Subha Rajagopalan Jaisheela Kandagal.
Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.

Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.
Oblivious Transfer based on the McEliece Assumptions

Oblivious Transfer based on the McEliece Assumptions
Lecturer: Moni Naor Foundations of Cryptography Lecture 12: Commitment and Zero-Knowledge.

Lecturer: Moni Naor Foundations of Cryptography Lecture 12: Commitment and Zero-Knowledge.

Similar presentations

Ads by Google