Putting it all together using multiple primitives together
This presentation is the property of its rightful owner.
Sponsored Links
1 / 12

Putting it all together: using multiple primitives together PowerPoint PPT Presentation


  • 32 Views
  • Uploaded on
  • Presentation posted in: General

Putting it all together: using multiple primitives together. Exercise 1. Say you have a signature scheme. SScheme = ( KGen , Sign, Vf ). Say this scheme is unforgeable against CMA. Modify the signature algorithm:. iff . & = 1. Is this still unforgeable against CMA?. Exercise 2.

Download Presentation

Putting it all together: using multiple primitives together

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Putting it all together using multiple primitives together

Putting it all together: using multiple primitives together


Exercise 1

Exercise 1

  • Say you have a signature scheme

SScheme = (KGen, Sign, Vf)

  • Say this scheme is unforgeable against CMA

  • Modify the signature algorithm:

iff. &

= 1

  • Is this still unforgeable against CMA?


Exercise 2

Exercise 2

  • We have an arbitrary unforgeable signature scheme:

SScheme = (KGen, Sign, Vf)

  • And we also have any IND-CCA encryption scheme

EScheme = (KGen, Enc, Dec)

  • Say we want to ensure that a confidentialmessage comes from a given party. Can we send:

  • ?

  • ?

  • ?


Interlude

Interlude

  • What would we use in order to:

  • Send a confidential message

  • Encrypt a large document

  • Send a confidential AND authenticated message

  • Authenticate a message with non-repudiation

  • Authenticate a message without non-repudiation

  • Find correspondences

  • Confidentiality

  • Hash function

  • Collision-resistance

  • MAC code

  • Authenticity

  • Symmetric encryption

  • Non-repudiation

  • PK Encryption

  • Integrity

  • Digital Signatures


Exercise 3

Exercise 3

  • The Hash paradigm for signatures :

  • Improves the security of signature schemes

  • Improves efficiency for signatures, making their size the same, irrespective of the message length

  • Can we do the same for encryption schemes, i.e. use instead of

  • Can we send just instead of


Exercise 4

Exercise 4

  • Symmetric encryption is faster than PK encryption

  • Suppose Amélie generates a symmetric encryption key (e.g. for AES 128) and encrypts a message for Baptiste withthis key.

  • Baptiste does not know the secret key.

  • By using one (or more) of the following mechanisms, show how Amélie can ensure that Baptiste can decrypt.

  • A public key encryption scheme

  • A symmetric encryption scheme

  • A signature scheme

  • A MAC scheme

  • A hash scheme


Exercise 5

Exercise 5

  • Amélie and Baptiste share a secret key for a MAC scheme

………

Amélie

Baptiste

  • They exchange some messages, without signing each one, but at the end, each party will send a MAC of the message: {<Name> || || || || … || }

  • How does CBC-mode symmetric encryption work? Why would this method be indicated for long conversations?


Exercise 6

Exercise 6

  • Consider the DSA signature scheme

  • Say Amélie signs two different messages with the sameephemeral value (and obviously the sameprivate key )

  • How would an attacker know from the signatures that the same ephemeral value was used for both signatures?

  • Show how to retrieve given the two signatures for and


Exercise 7

Exercise 7

  • Amélie wants to do online shopping, say on Ebay

  • She needs to establish a secure channel with an Ebay server, i.e. be able to exchange message confidentially and integrally/authentically with its server

  • This is actually done by sharing one MAC key and one symmetric encryption key between them

  • The server has a certified RSA public encryption key, but Amélie does not

  • How can Amélie make sure they share the two secret keys?

  • How can they check that they are sharing the same keys?


Exercise 8

Exercise 8

  • List the properties of a hash function. Think of: input size, output size, who can compute it etc.

  • Imagine we have a public key encryption scheme. We generate and , but throw away and publish

  • We implement a hash scheme by using the PKE scheme, by using

  • Should the PKE scheme be deterministic or probabilistic?

  • Analyse the case of Textbook RSA as the encryption scheme. Which properties of the hash function are guaranteed?

  • Assume the generic PKE scheme ensures that a plaintext cannot be recovered from the ciphertext. Which properties of the hash scheme does the PKE scheme guarantee?


Exercise 9

Exercise 9

  • A pseudo-random generator is a deterministic function thattakes as input a fixed-length string (a seed) and which outputs a much longer string , suchthat looks random to anyadversary

  • Assume Amélie and Baptiste share a seed

  • Consider symmetric encryption with key , whereencryptionisdone as , for messages of lengthequal to that of (and paddedotherwise)

  • Is this scheme deterministic or probabilistic?

  • Show that this scheme is insecure if the adversary can request the decryption of even a single ciphertext.

  • How can we make it secure even if the adversary can decrypt arbitrary ciphertexts?


Thanks

Thanks!


  • Login