21
Cryptography Lecture 23
![Page 1: Introduction to Cryptologydanadach/Cryptography_20/lec... · 2020-04-23 · –El Gamal Encryption (11.4) –RSA Encryption (11.5) ... ( v o Ç U ( } v Ç Á Z À o ' u o v Ç ] }](https://reader034.documents.pub/reader034/viewer/2022042606/5fab70f55417397c4c4b0668/html5/thumbnails/1.jpg)
Cryptography
Lecture 23
![Page 2: Introduction to Cryptologydanadach/Cryptography_20/lec... · 2020-04-23 · –El Gamal Encryption (11.4) –RSA Encryption (11.5) ... ( v o Ç U ( } v Ç Á Z À o ' u o v Ç ] }](https://reader034.documents.pub/reader034/viewer/2022042606/5fab70f55417397c4c4b0668/html5/thumbnails/2.jpg)
Announcements
• HW8 due 5/4• HW9 due 5/11
![Page 3: Introduction to Cryptologydanadach/Cryptography_20/lec... · 2020-04-23 · –El Gamal Encryption (11.4) –RSA Encryption (11.5) ... ( v o Ç U ( } v Ç Á Z À o ' u o v Ç ] }](https://reader034.documents.pub/reader034/viewer/2022042606/5fab70f55417397c4c4b0668/html5/thumbnails/3.jpg)
Agenda
• Last time:– Elliptic Curve Groups
– Key Exchange Definitions (10.3)
• This time:– More on Key Exchange Definitions– Diffie-Hellman Key Exchange (10.3)– El Gamal Encryption (11.4)
– RSA Encryption (11.5)
![Page 4: Introduction to Cryptologydanadach/Cryptography_20/lec... · 2020-04-23 · –El Gamal Encryption (11.4) –RSA Encryption (11.5) ... ( v o Ç U ( } v Ç Á Z À o ' u o v Ç ] }](https://reader034.documents.pub/reader034/viewer/2022042606/5fab70f55417397c4c4b0668/html5/thumbnails/4.jpg)
Key AgreementThe key-exchange experiment
,
1. Two parties holding execute protocol . This results in a transcriptcontaining all the messages sent by the parties, and a key
output by each of the parties.2. A uniform bit is chosen. If set , and if then
choose uniformly at random.is given and , and outputs a bit .
4. The output of the experiment is defined to be 1 if and otherwise.
Definition: A key-exchange protocol is secure in the presence of an eavesdropper if for all ppt adversaries there is a negligible function such that
,
![Page 5: Introduction to Cryptologydanadach/Cryptography_20/lec... · 2020-04-23 · –El Gamal Encryption (11.4) –RSA Encryption (11.5) ... ( v o Ç U ( } v Ç Á Z À o ' u o v Ç ] }](https://reader034.documents.pub/reader034/viewer/2022042606/5fab70f55417397c4c4b0668/html5/thumbnails/5.jpg)
Discussion of Definition
• Why is this the “right” definition?• Why does the adversary get to see ?
![Page 6: Introduction to Cryptologydanadach/Cryptography_20/lec... · 2020-04-23 · –El Gamal Encryption (11.4) –RSA Encryption (11.5) ... ( v o Ç U ( } v Ç Á Z À o ' u o v Ç ] }](https://reader034.documents.pub/reader034/viewer/2022042606/5fab70f55417397c4c4b0668/html5/thumbnails/6.jpg)
![Page 7: Introduction to Cryptologydanadach/Cryptography_20/lec... · 2020-04-23 · –El Gamal Encryption (11.4) –RSA Encryption (11.5) ... ( v o Ç U ( } v Ç Á Z À o ' u o v Ç ] }](https://reader034.documents.pub/reader034/viewer/2022042606/5fab70f55417397c4c4b0668/html5/thumbnails/7.jpg)
Diffie-Hellman Key Exchange
![Page 8: Introduction to Cryptologydanadach/Cryptography_20/lec... · 2020-04-23 · –El Gamal Encryption (11.4) –RSA Encryption (11.5) ... ( v o Ç U ( } v Ç Á Z À o ' u o v Ç ] }](https://reader034.documents.pub/reader034/viewer/2022042606/5fab70f55417397c4c4b0668/html5/thumbnails/8.jpg)
Recall DDH problem
We say that the DDH problem is hard relative to if for all ppt algorithms , there exists a
negligible function such that
![Page 9: Introduction to Cryptologydanadach/Cryptography_20/lec... · 2020-04-23 · –El Gamal Encryption (11.4) –RSA Encryption (11.5) ... ( v o Ç U ( } v Ç Á Z À o ' u o v Ç ] }](https://reader034.documents.pub/reader034/viewer/2022042606/5fab70f55417397c4c4b0668/html5/thumbnails/9.jpg)
Security Analysis
Theorem: If the DDH problem is hard relative to , then the Diffie-Hellman key-exchange
protocol is secure in the presence of an eavesdropper.
![Page 10: Introduction to Cryptologydanadach/Cryptography_20/lec... · 2020-04-23 · –El Gamal Encryption (11.4) –RSA Encryption (11.5) ... ( v o Ç U ( } v Ç Á Z À o ' u o v Ç ] }](https://reader034.documents.pub/reader034/viewer/2022042606/5fab70f55417397c4c4b0668/html5/thumbnails/10.jpg)
![Page 11: Introduction to Cryptologydanadach/Cryptography_20/lec... · 2020-04-23 · –El Gamal Encryption (11.4) –RSA Encryption (11.5) ... ( v o Ç U ( } v Ç Á Z À o ' u o v Ç ] }](https://reader034.documents.pub/reader034/viewer/2022042606/5fab70f55417397c4c4b0668/html5/thumbnails/11.jpg)
Public Key EncryptionDefinition: A public key encryption scheme is a triple of ppt algorithms
such that:1. The key generation algorithm takes as input the security parameter
and outputs a pair of keys . We refer to the first of these as the public key and the second as the private key. We assume for convenience that and each has length at least , and that can be determined from .
2. The encryption algorithm takes as input a public key and amessage from some message space. It outputs a ciphertext , and wewrite this as .
3. The deterministic decryption algorithm takes as input a private key and a ciphertext , and outputs a message or a special symbol
denoting failure. We write this as .
Correctness: It is required that, except possibly with negligible probability over output by , we have for any legal message .
![Page 12: Introduction to Cryptologydanadach/Cryptography_20/lec... · 2020-04-23 · –El Gamal Encryption (11.4) –RSA Encryption (11.5) ... ( v o Ç U ( } v Ç Á Z À o ' u o v Ç ] }](https://reader034.documents.pub/reader034/viewer/2022042606/5fab70f55417397c4c4b0668/html5/thumbnails/12.jpg)
CPA-SecurityThe CPA experiment
,:
is run to obtain keys .2. Adversary is given , and outputs a pair of equal-length
messages in the message space.3. A uniform bit is chosen, and then a challenge ciphertext
is computed and given to .outputs a bit . The output of the experiment is 1 if , and
0 otherwise.
Definition: A public-key encryption scheme is CPA-secure if for all ppt adversaries there is a negligible function such that
,
![Page 13: Introduction to Cryptologydanadach/Cryptography_20/lec... · 2020-04-23 · –El Gamal Encryption (11.4) –RSA Encryption (11.5) ... ( v o Ç U ( } v Ç Á Z À o ' u o v Ç ] }](https://reader034.documents.pub/reader034/viewer/2022042606/5fab70f55417397c4c4b0668/html5/thumbnails/13.jpg)
Discussion
• Discuss how in the public key setting securityin the presence of an eavesdropper and CPAsecurity are equivalent (since anyone canencrypt using the public key).
• Discuss how CPA-secure encryption cannot bedeterministic!!– Why not?
![Page 14: Introduction to Cryptologydanadach/Cryptography_20/lec... · 2020-04-23 · –El Gamal Encryption (11.4) –RSA Encryption (11.5) ... ( v o Ç U ( } v Ç Á Z À o ' u o v Ç ] }](https://reader034.documents.pub/reader034/viewer/2022042606/5fab70f55417397c4c4b0668/html5/thumbnails/14.jpg)
El Gamal Encryption
--Show how we can derive El Gamal PKE from Diffie-Hellman Key Exchange
![Page 15: Introduction to Cryptologydanadach/Cryptography_20/lec... · 2020-04-23 · –El Gamal Encryption (11.4) –RSA Encryption (11.5) ... ( v o Ç U ( } v Ç Á Z À o ' u o v Ç ] }](https://reader034.documents.pub/reader034/viewer/2022042606/5fab70f55417397c4c4b0668/html5/thumbnails/15.jpg)
![Page 16: Introduction to Cryptologydanadach/Cryptography_20/lec... · 2020-04-23 · –El Gamal Encryption (11.4) –RSA Encryption (11.5) ... ( v o Ç U ( } v Ç Á Z À o ' u o v Ç ] }](https://reader034.documents.pub/reader034/viewer/2022042606/5fab70f55417397c4c4b0668/html5/thumbnails/16.jpg)
Important Property
Lemma: Let be a finite group, and let be arbirary. Then choosing uniform and setting gives the same distribution for as choosing uniform Put differently, for any we have
![Page 17: Introduction to Cryptologydanadach/Cryptography_20/lec... · 2020-04-23 · –El Gamal Encryption (11.4) –RSA Encryption (11.5) ... ( v o Ç U ( } v Ç Á Z À o ' u o v Ç ] }](https://reader034.documents.pub/reader034/viewer/2022042606/5fab70f55417397c4c4b0668/html5/thumbnails/17.jpg)
El Gamal Encryption Scheme
![Page 18: Introduction to Cryptologydanadach/Cryptography_20/lec... · 2020-04-23 · –El Gamal Encryption (11.4) –RSA Encryption (11.5) ... ( v o Ç U ( } v Ç Á Z À o ' u o v Ç ] }](https://reader034.documents.pub/reader034/viewer/2022042606/5fab70f55417397c4c4b0668/html5/thumbnails/18.jpg)
Security Analysis
Theorem: If the DDH problem is hard relative to 𝐺, then the El Gamal encryption scheme is CPA-secure.
![Page 19: Introduction to Cryptologydanadach/Cryptography_20/lec... · 2020-04-23 · –El Gamal Encryption (11.4) –RSA Encryption (11.5) ... ( v o Ç U ( } v Ç Á Z À o ' u o v Ç ] }](https://reader034.documents.pub/reader034/viewer/2022042606/5fab70f55417397c4c4b0668/html5/thumbnails/19.jpg)
Textbook RSA Encryption
![Page 20: Introduction to Cryptologydanadach/Cryptography_20/lec... · 2020-04-23 · –El Gamal Encryption (11.4) –RSA Encryption (11.5) ... ( v o Ç U ( } v Ç Á Z À o ' u o v Ç ] }](https://reader034.documents.pub/reader034/viewer/2022042606/5fab70f55417397c4c4b0668/html5/thumbnails/20.jpg)
Is Plain-RSA Secure?
• It is deterministic so cannot be secure!
![Page 21: Introduction to Cryptologydanadach/Cryptography_20/lec... · 2020-04-23 · –El Gamal Encryption (11.4) –RSA Encryption (11.5) ... ( v o Ç U ( } v Ç Á Z À o ' u o v Ç ] }](https://reader034.documents.pub/reader034/viewer/2022042606/5fab70f55417397c4c4b0668/html5/thumbnails/21.jpg)
Additional Attacks
We will look at additional attacks in one of the upcoming discussion sessions.
![W> ^ WZ/Ed W ] v , ] } Ç Y µ ] } v v ] W Z } } z z z z z z ... · ,/W W ] À Ç W } o ] Ç / l v } Á o P Z u Ç u ] o Z ] } Ç u Ç } } v o ] v Z } µ P Z D o o Ç [ } u µ Ç](https://static.documents.pub/doc/80x56/5f6bba30ba82fe634d732382/w-wzed-w-v-y-v-v-w-z-z-z-z-z-z-z-w-w-.jpg)
![, À Ç } µ ~ } Z Ç ] Ç } µ ~ } Æ ] v , Z Z v P } Z , Z v ......, o Z } Ç } µ ( ] o o ] v P Z ] µ À Ç ] v } µ , o Z } Ç } µ ( ] o o ] v P Z ] µ À Ç ] v } µ](https://static.documents.pub/doc/80x56/61255b33a02cef1723398de4/-z-v-z-z-v-p-z-z-v-o-z-.jpg)
![Ç µ ] Ç } v ] ] } v ( } < r í î^ Z } } o v ^ Z } } o ] ]](https://static.documents.pub/doc/80x56/620373869b05f93c475b3373/-v-v-lt-r-z-o-v-.jpg)
![h v ] À ] Ç } ( E Á , u Z ] & v ] Ç v ^ } } ] Ç > ] ( W ...€¦ · & v ] Ç v ^ } } ] Ç > ] ( ~&^> W ( } u v v Æ o o v W } P u î ì î ì í X ì ï](https://static.documents.pub/doc/80x56/5f29c6608e2932551e389053/h-v-e-u-z-v-v-w-v.jpg)
![Stroud District Playing Pitch Strategy Final Strategy June ... · ^ } µ ] ] W o Ç ] v P W ] Z ^ P Ç W & ] v o ^ P Ç ^ } µ ] ] W o Ç ] v P W ] Z ^ P Ç W & ] v o ^ P Ç](https://static.documents.pub/doc/80x56/5f4d47452b8d3e336c3a6031/stroud-district-playing-pitch-strategy-final-strategy-june-w-o-.jpg)
![^ Ç v Z ] v ] } Ç v Z ] ^ µ ] } v Ç } u ] ] v - Thieme^ µ } Ç ^ Ç v Z ] v ] } Ç v Z ] ^ µ ] } v Ç } u ] ] v ^ µ ] ] Á X D Z U E ] Z } o Z X > U D Z Á : X Ç v U > ] r](https://static.documents.pub/doc/80x56/5fa2e64833b1b02ce7147fc7/-v-z-v-v-z-v-u-v-thieme-v-z-.jpg)
![u P ] v P d v ] v / v µ ] o D } } ] ] À v ^ Ç u ( } ] u } À ] v P v P Ç ( ( ] ] v Ç · 2019-04-18 · v P Ç ( ( ] ] v Ç ] v u } } Ç u ^/ D E^ í í í ñ Z t í í ï ì](https://static.documents.pub/doc/80x56/5f478237b8243515803786b8/u-p-v-p-d-v-v-v-o-d-v-u-u-v-p-v-p-.jpg)
![zE u ^ ] } µ v Ç ^ ] d Ç d v } v } µ v Ç , ^€¦ · o l & } Æ o u v Ç o Ç } µ v Ç rZ ] l ( Z } } o v & ] À ] Á } Ç v ' ] o o µ ^ } } µ v Ç rZ ] l ( Z } } o v](https://static.documents.pub/doc/80x56/5f073bff7e708231d41bfa4b/ze-u-v-d-d-v-v-v-o-l-o-u-v-o-.jpg)
![W ]u Ç]uuµv} (] ] v Ç ] ~W/ Á] Zv ] } Ç (] ] v Ç }v ] ]}v (} …...P r o v} uoÀoµ E dZ ] v Z u}v v]v µ ] ]o] Ç }]v( ]}v KZ dZ ] v Z µ }]uuµv uv]( ]}v UP vµo}u }µ ] U](https://static.documents.pub/doc/80x56/5fce62f1d1486f066f3692e0/w-u-uuv-v-w-zv-v-v-v-p-r-o-v.jpg)
![] v P ] Ç U ] P v ] Ç X ^ Z } Á Ç } µ o ( ] v o o } u } o ... · & µ Ç } u u µ v ] } v W } v vd Ç } v v d } v Ç ^ Á ] P o } ( Z t l W } v v d v v ~ Z } u ô ñ õ r ï](https://static.documents.pub/doc/80x56/5ecbd29a6561874566511c26/-v-p-u-p-v-x-z-o-v-o-o-u-o-.jpg)
![d } o Ç W ] u Ç ^ Z } } o t l ó z ï t v Ç v Á · , } Á u µ Z u } v Ç } Z Ç Z À o } P Z M v v o o µ Ç ( } ¬ ò v ñ ì X ^ Z o } µ Ç l Ç ] v P X](https://static.documents.pub/doc/80x56/5f04f8217e708231d4109b4a/d-o-w-u-z-o-t-l-z-t-v-v-u-z-u-v-z-.jpg)
![Whats New in 2019 Env Excellence Awards…9 µ v Ç Á ~ } o ] U Ç o ] v P U ZDt U Z Ì } µ 9 µ v Ç v P Ç ~ o ] ] Ç 9 µ v Ç Á µ](https://static.documents.pub/doc/80x56/601827b5f152ba09d870a950/whats-new-in-2019-env-excellence-awards-9-v-o-u-o-v-p-u-zdt.jpg)
![µ ] v E u } ] v P µ ] v } µ v Ç ] Ç ] } Á u } µ v](https://static.documents.pub/doc/80x56/6230589766756e7b0b6c8ba9/-v-e-u-v-p-v-v-.jpg)
![W Ç u } v ] } v W sKd z · 2013. 3. 25. · sKd z ^ ( } } v } ( v Ç } µ Ç v } v ] } v J / ( Ç } µ Z À ] P v Z v Á } v sKd z ^ ( } } v } ] u } À Ç } µ Ç v } v ] } v J hZ'](https://static.documents.pub/doc/80x56/5fc1fcac7ec7624bbe4db39f/w-u-v-v-w-skd-z-2013-3-25-skd-z-v-v-v-v-.jpg)
![&DPSXV /RFDWLRQ %XLOGLQJmams.rmit.edu.au/cryxlju486l2.pdf · E } } ( Z ] µ o ] ] } v u Ç } µ ] v v Ç ( } u } Ç v Ç u v U o ...](https://static.documents.pub/doc/80x56/5b5b39847f8b9ab8578d98de/dpsxv-rfdwlrq-e-z-o-v-u-c-v-v-c-u-c-v-c.jpg)
![Z ] v P K ] } v ( Ks/ r í õ > } l r } Á v d Z d } Ç } t Ç ... · ^ ] v P & } u , } u d } t } l, o Z ^ ( Ç } u v Ç, o Z ^ ( Ç & ] o ] ] , o Z v ^ ( Ç ( Z Z ] v P , } u í](https://static.documents.pub/doc/80x56/6024fc28dd056f62ac65bbd6/z-v-p-k-v-ks-r-l-r-v-d-z-d-t-v-p-.jpg)