1 / 141

RANDOM GRAPHS IN CRYPTOGRAPHY

RANDOM GRAPHS IN CRYPTOGRAPHY. Adi Shamir The Weizmann Institute Israel. May 15, 2007 7th Haifa Workshop on Interdisciplinary Applications of Graph Theory, Combinatorics and Algorithms. Random Graphs in Cryptography:.

nayef
Download Presentation

RANDOM GRAPHS IN CRYPTOGRAPHY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RANDOM GRAPHS IN CRYPTOGRAPHY Adi Shamir The Weizmann Institute Israel May 15, 2007 7th Haifa Workshop on Interdisciplinary Applications of Graph Theory, Combinatorics and Algorithms

  2. Random Graphs in Cryptography: In this talk I will concentrate on some particular algorithmic issues related to random graphs which are motivated by cryptanalytic applications Many of the results I will describe are either unpublished or little known in our community Note that in cryptanalysis, constants are important!

  3. Cryptography and Randomness: Cryptography deals with many types of randomness: - random strings random variables random functions random permutations random walks …

  4. Cryptography and Randomness: • The notion of random functions (oracles): • -truly random when applied to fresh inputs • consistent when applied to previously used inputs • f(0)=37 • f(1)=92 • f(2)=78 • f(3)=51 • …

  5. Cryptography and Randomness: This tabular description gives us a local view, which is not very informative To see the big picture, we define the random graph G associated with the random function f: x f(x)

  6. Cryptography and Randomness: When the function f is a permutation, its associated graph G is very simple:

  7. Cryptography and Randomness: However, when the function f is a random function rather than a random permutation, we get a very rich and interesting structure:

  8. Random Graph #1:

  9. Random Graph #2:

  10. Cryptography and Randomness: There is a huge literature on the structure and combinatorial properties of such random graphs: The distribution of component sizes, tree sizes, cycle sizes, vertex in-degrees, number of predecessors, etc.

  11. Cryptography and Randomness: In many applications we are interesting in the behavior of the random function f under iteration. • Examples: • pseudo random generators • stream ciphers • iterated block ciphers and hash functions • time/memory tradeoff attacks • randomized iterates • … In this case, we are interested in a single path starting at a random vertex within the random graph.

  12. A random path in a random graph:

  13. A random path in a random graph:

  14. A random path in a random graph:

  15. Cryptography and Randomness: Such a path always starts with a tail, and ends with a cycle. The expected length of both the tail and the cycle is about the square root of the number of vertices.

  16. Interesting algorithmic problems on paths: Assuming that we can only move forwards along edges:

  17. Interesting algorithmic problems on paths: Assuming that we can only move forwards along edges:- Find some point on the cycle

  18. Interesting algorithmic problems on paths: Assuming that we can only move forwards along edges:- Find some point on the cycle- Find the same point a second time

  19. Interesting algorithmic problems on paths: Assuming that we can only move forwards along edges:- Find some point on the cycle- Find the same point a second time- Find the length of the cycle l

  20. Interesting algorithmic problems on paths: Assuming that we can only move forwards along edges:- Find some point on the cycle- Find the same point a second time- Find the length of the cycle- Find the cycle entry point

  21. Interesting algorithmic problems on paths: Why are we interested in these algorithms? Pollard’s rho algorithm: The cycle length l can be used to find small factors of large numbers, requires only negligible memory. Finding collisions in hash functions: The cycle entry point can represent a hash function collision.

  22. How to find a collision in a given hash function H? Exhaustive search: Requires 2n time, no space Birthday paradox: Construct a large table of 2n/2 random hash values, sort it, and look for consecutive equal values. Requires both time and space of 2n/2 Random path algorithm:Iterate the hash function until you find the entry point into a cycle. Requires 2n/2 time and very little space

  23. Cycle detection is a very well studied problem: Floyd Pollard Brent Yao Quisquater … And yet there are new surprising ideas!

  24. The best known technique:Floyd’s two finger algorithm:- Keep two pointers- Run one of them at normal speed, and the other at double speed, until they collide

  25. Floyd’s two finger algorithm:- Keep two pointers- Run one of them at normal speed, and the other at double speed, until they collide

  26. Floyd’s two finger algorithm:- Keep two pointers- Run one of them at normal speed, and the other at double speed, until they collide

  27. Floyd’s two finger algorithm:- Keep two pointers- Run one of them at normal speed, and the other at double speed, until they collide

  28. Floyd’s two finger algorithm:- Keep two pointers- Run one of them at normal speed, and the other at double speed, until they collide

  29. Floyd’s two finger algorithm:- Keep two pointers- Run one of them at normal speed, and the other at double speed, until they collide

  30. Floyd’s two finger algorithm:- Keep two pointers- Run one of them at normal speed, and the other at double speed, until they collide

  31. Floyd’s two finger algorithm:- Keep two pointers- Run one of them at normal speed, and the other at double speed, until they collide

  32. Floyd’s two finger algorithm:- Keep two pointers- Run one of them at normal speed, and the other at double speed, until they collide

  33. Floyd’s two finger algorithm:- Keep two pointers- Run one of them at normal speed, and the other at double speed, until they collide

  34. Can we use Floyd’s algorithm to find the entry point into the cycle?

  35. Can we use Floyd’s algorithm to find the entry point into the cycle?-First find the meeting point

  36. Can we use Floyd’s algorithm to find the entry point into the cycle?- first find the meeting point- move one of the fingers back to the beginning

  37. Can we use Floyd’s algorithm to find the entry point into the cycle?- first find the meeting point- move one of the fingers back to the beginning- move the two fingers at equal speed

  38. Can we use Floyd’s algorithm to find the entry point into the cycle?- first find the meeting point- move one of the fingers back to the beginning- move the two fingers at equal speed

  39. Can we use Floyd’s algorithm to find the entry point into the cycle?- first find the meeting point- move one of the fingers back to the beginning- move the two fingers at equal speed

  40. Why does it work?

  41. Why does it work?- denote by d the distance from the beginningto the meeting point d

  42. Why does it work?- denote by d the distance from the beginningto the meeting point- the fast finger ran another d, reaching the same point, so d is some (unknown) multiple of the cycle length d

  43. Why does it work?- running the two marked fingers another d steps reaches the same point again d

  44. Why does it work?- running the two marked fingers another d steps reaches the same point again- so the two fingers meet for the first time at the entrance to the cycle, and then travel together d

  45. Why does it work?- running the two marked fingers another d steps reaches the same point again- so the two fingers meet for the first time at the entrance to the cycle, and then travel together d

  46. Is this the most efficient cycle detection algorithm?

  47. Is this the most efficient cycle detection algorithm? - When the path has n vertices and the tail is short, Floyd’s algorithm requires about 3n steps, and its extension requires up to 5n steps

  48. Is this the most efficient cycle detection algorithm? - When the cycle is short, the fast finger can traverse it many times without noticing

  49. A better idea:- Place checkpoints at fixed intervals- Update the checkpoints periodically

  50. Problem: - Too few checkpoints can miss small cycles

More Related