putting it all together using multiple primitives together
Download
Skip this Video
Download Presentation
Putting it all together: using multiple primitives together

Loading in 2 Seconds...

play fullscreen
1 / 12

Putting it all together: using multiple primitives together - PowerPoint PPT Presentation


  • 56 Views
  • Uploaded on

Putting it all together: using multiple primitives together. Exercise 1. Say you have a signature scheme. SScheme = ( KGen , Sign, Vf ). Say this scheme is unforgeable against CMA. Modify the signature algorithm:. iff . & = 1. Is this still unforgeable against CMA?. Exercise 2.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Putting it all together: using multiple primitives together' - hamish-bryan


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
exercise 1
Exercise 1
  • Say you have a signature scheme

SScheme = (KGen, Sign, Vf)

  • Say this scheme is unforgeable against CMA
  • Modify the signature algorithm:

iff. &

= 1

  • Is this still unforgeable against CMA?
exercise 2
Exercise 2
  • We have an arbitrary unforgeable signature scheme:

SScheme = (KGen, Sign, Vf)

  • And we also have any IND-CCA encryption scheme

EScheme = (KGen, Enc, Dec)

  • Say we want to ensure that a confidentialmessage comes from a given party. Can we send:
  • ?
  • ?
  • ?
interlude
Interlude
  • What would we use in order to:
  • Send a confidential message
  • Encrypt a large document
  • Send a confidential AND authenticated message
  • Authenticate a message with non-repudiation
  • Authenticate a message without non-repudiation
  • Find correspondences
  • Confidentiality
  • Hash function
  • Collision-resistance
  • MAC code
  • Authenticity
  • Symmetric encryption
  • Non-repudiation
  • PK Encryption
  • Integrity
  • Digital Signatures
exercise 3
Exercise 3
  • The Hash paradigm for signatures :
  • Improves the security of signature schemes
  • Improves efficiency for signatures, making their size the same, irrespective of the message length
  • Can we do the same for encryption schemes, i.e. use instead of
  • Can we send just instead of
exercise 4
Exercise 4
  • Symmetric encryption is faster than PK encryption
  • Suppose Amélie generates a symmetric encryption key (e.g. for AES 128) and encrypts a message for Baptiste withthis key.
  • Baptiste does not know the secret key.
  • By using one (or more) of the following mechanisms, show how Amélie can ensure that Baptiste can decrypt.
  • A public key encryption scheme
  • A symmetric encryption scheme
  • A signature scheme
  • A MAC scheme
  • A hash scheme
exercise 5
Exercise 5
  • Amélie and Baptiste share a secret key for a MAC scheme

………

Amélie

Baptiste

  • They exchange some messages, without signing each one, but at the end, each party will send a MAC of the message: {<Name> || || || || … || }
  • How does CBC-mode symmetric encryption work? Why would this method be indicated for long conversations?
exercise 6
Exercise 6
  • Consider the DSA signature scheme
  • Say Amélie signs two different messages with the sameephemeral value (and obviously the sameprivate key )
  • How would an attacker know from the signatures that the same ephemeral value was used for both signatures?
  • Show how to retrieve given the two signatures for and
exercise 7
Exercise 7
  • Amélie wants to do online shopping, say on Ebay
  • She needs to establish a secure channel with an Ebay server, i.e. be able to exchange message confidentially and integrally/authentically with its server
  • This is actually done by sharing one MAC key and one symmetric encryption key between them
  • The server has a certified RSA public encryption key, but Amélie does not
  • How can Amélie make sure they share the two secret keys?
  • How can they check that they are sharing the same keys?
exercise 8
Exercise 8
  • List the properties of a hash function. Think of: input size, output size, who can compute it etc.
  • Imagine we have a public key encryption scheme. We generate and , but throw away and publish
  • We implement a hash scheme by using the PKE scheme, by using
  • Should the PKE scheme be deterministic or probabilistic?
  • Analyse the case of Textbook RSA as the encryption scheme. Which properties of the hash function are guaranteed?
  • Assume the generic PKE scheme ensures that a plaintext cannot be recovered from the ciphertext. Which properties of the hash scheme does the PKE scheme guarantee?
exercise 9
Exercise 9
  • A pseudo-random generator is a deterministic function thattakes as input a fixed-length string (a seed) and which outputs a much longer string , suchthat looks random to anyadversary
  • Assume Amélie and Baptiste share a seed
  • Consider symmetric encryption with key , whereencryptionisdone as , for messages of lengthequal to that of (and paddedotherwise)
  • Is this scheme deterministic or probabilistic?
  • Show that this scheme is insecure if the adversary can request the decryption of even a single ciphertext.
  • How can we make it secure even if the adversary can decrypt arbitrary ciphertexts?
ad