SlideShare a Scribd company logo

Cryptography

W
warid_abde

Cryptography Proofs of security

Technology
1 of 16
Download to read offline
Cryptography   Proofs  of  security  
Defini0ons,  proofs,  and  assump0ons   •  We’ve  defined  computa0onal  secrecy   •  Our  goal  is  to  prove  that  the  pseudo  OTP   meets  that  defini0on   •  We  are  unable  to  prove  this  uncondi0onally   – Beyond  our  current  techniques…   – Anyway,  security  depends  on  G   •  Can  hope  to  prove  security  assuming     that  G  is  a  pseudorandom  generator  
PRGs,  revisited   •  Let  G  be  an  efficient,  determinis0c  func0on   with  |G(k)|  =  2·∙|k|   D y   b   y  ←  U2n   k  ←  Un   G   (For  any  efficient  D…)  the  probability  that  D     outputs  1  in  both  cases  must  be  close  
Proof  by  reduc0on   1.  Assume  G  is  a  pseudorandom  generator   2.  Say  there  is  an  efficient  aUacker  A  who   ‘breaks’  the  pseudo-­‐OTP  scheme   3.  Use  A  as  a  subrou0ne  to  build  an  efficient  D   that  ‘breaks’  pseudorandomness  of  G   – But  we  know  that  no  such  D  exists!   ⇒  No  such  A  can  exist  
Alternately…   1.  Assume  G  is  a  pseudorandom  generator   2.  Fix  some  arbitrary,  efficient  A  aUacking  the   pseudo-­‐OTP  scheme   3.  Use  A  as  a  subrou0ne  to  build  an  efficient  D   aUacking  G   –  Relate  the  dis0nguishing  probability  of  D  to  the   success  probability  of  A   4.  By  assump0on,  the  dis0nguishing   probability  of  D  must  be  negligible   ⇒  Bound  the  success  probability  of  A  
“Pseudo”  one-­‐0me  pad   “pseudo”  key   2n  bits   ⊕   G   k   n  bits   ciphertext   2n  bits   message   2n  bits  
Security  theorem   •  If  G  is  a  pseudorandom  generator,  then  the   pseudo  one-­‐0me  pad  is  (computa0onally)   indis0nguishable.  
The  reduc0on   m0, m1 b←{0,1} mb c b’ if (b=b’) output 1 D y   A
Analysis   •  If  A  runs  in  polynomial  0me,  then  so  does  D    
Analysis   •  Let  µ(n)  =  Pr[PrivKA,Π(n)  =  1]     •  If  input  y  is  pseudorandom,  the  view  of  A  is   exactly  as  in  PrivKA,Π(n)   ⇒  Prx  ←  Un [D(G(x))=1]  =  µ(n)  
The  reduc0on   m0, m1 b←{0,1} mb c b’ if (b=b’) output 1 D y   A k  ←  Un   G   Π-­‐Enc  
Analysis   •  Let  µ(n)  =  Pr[PrivKA,Π(n)  =  1]     •  If  input  y  is  pseudorandom,  the  view  of  A  is   exactly  as  in  PrivKA,Π(n)   ⇒  Prx  ←  Un [D(G(x))=1]  =  µ(n)   •  If  input  y  is  uniform,  A  succeeds  with   probability  exactly  ½     ⇒  Pry  ←  U2n [D(y)=1]  =  ½    
The  reduc0on   m0, m1 b←{0,1} mb c b’ if (b=b’) output 1 D y   A y  ←  U2n   OTP-­‐Enc  
Analysis   •  Let  µ(n)  =  Pr[PrivKA,Π(n)  =  1]     •  If  input  y  is  pseudorandom,  the  view  of  A  is   exactly  as  in  PrivKA,Π(n)   ⇒  Prx  ←  Un [D(G(x))=1]  =  µ(n)   •  If  input  y  is  uniform,  A  succeeds  with   probability  exactly  ½     ⇒  Pry  ←  U2n [D(y)=1]  =  ½     •  Since  G  is  pseudorandom…   ⇒ |  µ(n)  –  ½  |  ≤  ε(n)   ⇒   Pr[PrivKA,Π(n)  =  1]  ≤  ½  +  ε(n)  
What  does  it  all  mean?   •  Proof  that  the  pseudo  OTP  is  secure…   – We  have  a  provably  secure  scheme,  rather  than  a   heuris0c  construc0on!    
What  does  it  all  mean?   •  Proof  that  the  pseudo  OTP  is  secure…   •  …with  some  caveats   – Assuming  G  is  a  pseudorandom  generator   – Rela0ve  to  our  defini0on     •  The  only  way  the  scheme  can  be  broken  is:   – If  a  weakness  is  found  in  G   – If  the  defini0on  isn’t  sufficiently  strong…  

Recommended

Cloud computing and security 03
Cloud computing and security 03Cloud computing and security 03
Cloud computing and security 03Akash Kamble
 
Elgamal digital signature
Elgamal digital signatureElgamal digital signature
Elgamal digital signatureMDKAWSARAHMEDSAGAR
 
Cloud computing and security final
Cloud computing and security finalCloud computing and security final
Cloud computing and security finalAkash Kamble
 
Homomorphic encryption in_cloud
Homomorphic encryption in_cloudHomomorphic encryption in_cloud
Homomorphic encryption in_cloudShivam Singh
 
Digital Signatures: Reassessing security of randomizable signatures
Digital Signatures: Reassessing security of randomizable signaturesDigital Signatures: Reassessing security of randomizable signatures
Digital Signatures: Reassessing security of randomizable signaturesPriyanka Aash
 
Al-Gamal-W6(al gamal)-d1-d2
Al-Gamal-W6(al gamal)-d1-d2Al-Gamal-W6(al gamal)-d1-d2
Al-Gamal-W6(al gamal)-d1-d2Fahad Layth
 
Partial Homomorphic Encryption
Partial Homomorphic EncryptionPartial Homomorphic Encryption
Partial Homomorphic Encryptionsecurityxploded
 
RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2Fahad Layth
 

Recommended

Cloud computing and security 03
Cloud computing and security 03Cloud computing and security 03
Cloud computing and security 03Akash Kamble
 
Elgamal digital signature
Elgamal digital signatureElgamal digital signature
Elgamal digital signatureMDKAWSARAHMEDSAGAR
 
Cloud computing and security final
Cloud computing and security finalCloud computing and security final
Cloud computing and security finalAkash Kamble
 
Homomorphic encryption in_cloud
Homomorphic encryption in_cloudHomomorphic encryption in_cloud
Homomorphic encryption in_cloudShivam Singh
 
Digital Signatures: Reassessing security of randomizable signatures
Digital Signatures: Reassessing security of randomizable signaturesDigital Signatures: Reassessing security of randomizable signatures
Digital Signatures: Reassessing security of randomizable signaturesPriyanka Aash
 
Al-Gamal-W6(al gamal)-d1-d2
Al-Gamal-W6(al gamal)-d1-d2Al-Gamal-W6(al gamal)-d1-d2
Al-Gamal-W6(al gamal)-d1-d2Fahad Layth
 
Partial Homomorphic Encryption
Partial Homomorphic EncryptionPartial Homomorphic Encryption
Partial Homomorphic Encryptionsecurityxploded
 
RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2Fahad Layth
 
Asssignment2
Asssignment2 Asssignment2
Asssignment2 AnnamalikAnnamalik
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionGöktuğ Serez
 
A survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic EncryptionA survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic Encryptioniosrjce
 
Computing on Encrypted Data
Computing on Encrypted DataComputing on Encrypted Data
Computing on Encrypted DataNew York Technology Council
 
Lattice Cryptography
Lattice CryptographyLattice Cryptography
Lattice CryptographyPriyanka Aash
 
The rsa algorithm
The rsa algorithmThe rsa algorithm
The rsa algorithmKomal Singh
 
Rsa
RsaRsa
Rsananiix21_3
 
Lattice Based Cryptography - GGH Cryptosystem
Lattice Based Cryptography - GGH CryptosystemLattice Based Cryptography - GGH Cryptosystem
Lattice Based Cryptography - GGH CryptosystemVarun Janga
 
同態加密
同態加密同態加密
同態加密峻豪 呂
 
Introduction - Lattice-based Cryptography
Introduction - Lattice-based CryptographyIntroduction - Lattice-based Cryptography
Introduction - Lattice-based CryptographyAlexandre Augusto Giron
 
Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet se...
Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet se...Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet se...
Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet se...National Chengchi University
 
Computer graphics File for Engineers
Computer graphics File for EngineersComputer graphics File for Engineers
Computer graphics File for Engineersvarun arora
 
Broadcasting and low exponent rsa attack
Broadcasting and low exponent rsa attackBroadcasting and low exponent rsa attack
Broadcasting and low exponent rsa attackAnkita Kapratwar
 
Rsa
RsaRsa
Rsananiix21_3
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionVictor Pereira
 
RSA
RSARSA
RSAbansidhar11
 
ZeroKnowledge Nominative Signatures
ZeroKnowledge Nominative SignaturesZeroKnowledge Nominative Signatures
ZeroKnowledge Nominative SignaturesSeungjoo Kim
 
Introduction to Homomorphic Encryption
Introduction to Homomorphic EncryptionIntroduction to Homomorphic Encryption
Introduction to Homomorphic EncryptionChristoph Matthies
 
seminar_presentation_krypto
seminar_presentation_kryptoseminar_presentation_krypto
seminar_presentation_kryptoSergii Cherkavskyi
 
Timing Attack paper--pres--v.01
Timing Attack paper--pres--v.01Timing Attack paper--pres--v.01
Timing Attack paper--pres--v.01anasz3z3
 
implementing the encryption in the JAVA.ppt
implementing the encryption in the JAVA.pptimplementing the encryption in the JAVA.ppt
implementing the encryption in the JAVA.pptMuhammadAbdullah311866
 
Chapter 4 dis 2011
Chapter 4 dis 2011Chapter 4 dis 2011
Chapter 4 dis 2011noraidawati
 

More Related Content

What's hot

Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionGöktuğ Serez
 
A survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic EncryptionA survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic Encryptioniosrjce
 
Lattice Cryptography
Lattice CryptographyLattice Cryptography
Lattice CryptographyPriyanka Aash
 
The rsa algorithm
The rsa algorithmThe rsa algorithm
The rsa algorithmKomal Singh
 
Lattice Based Cryptography - GGH Cryptosystem
Lattice Based Cryptography - GGH CryptosystemLattice Based Cryptography - GGH Cryptosystem
Lattice Based Cryptography - GGH CryptosystemVarun Janga
 
Introduction - Lattice-based Cryptography
Introduction - Lattice-based CryptographyIntroduction - Lattice-based Cryptography
Introduction - Lattice-based CryptographyAlexandre Augusto Giron
 
Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet se...
Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet se...Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet se...
Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet se...National Chengchi University
 
Computer graphics File for Engineers
Computer graphics File for EngineersComputer graphics File for Engineers
Computer graphics File for Engineersvarun arora
 
Broadcasting and low exponent rsa attack
Broadcasting and low exponent rsa attackBroadcasting and low exponent rsa attack
Broadcasting and low exponent rsa attackAnkita Kapratwar
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionVictor Pereira
 
ZeroKnowledge Nominative Signatures
ZeroKnowledge Nominative SignaturesZeroKnowledge Nominative Signatures
ZeroKnowledge Nominative SignaturesSeungjoo Kim
 
Introduction to Homomorphic Encryption
Introduction to Homomorphic EncryptionIntroduction to Homomorphic Encryption
Introduction to Homomorphic EncryptionChristoph Matthies
 

What's hot (18)

Asssignment2
Asssignment2 Asssignment2
Asssignment2
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic Encryption
 
A survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic EncryptionA survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic Encryption
 
Computing on Encrypted Data
Computing on Encrypted DataComputing on Encrypted Data
Computing on Encrypted Data
 
Lattice Cryptography
Lattice CryptographyLattice Cryptography
Lattice Cryptography
 
The rsa algorithm
The rsa algorithmThe rsa algorithm
The rsa algorithm
 
Rsa
RsaRsa
Rsa
 
Lattice Based Cryptography - GGH Cryptosystem
Lattice Based Cryptography - GGH CryptosystemLattice Based Cryptography - GGH Cryptosystem
Lattice Based Cryptography - GGH Cryptosystem
 
同態加密
同態加密同態加密
同態加密
 
Introduction - Lattice-based Cryptography
Introduction - Lattice-based CryptographyIntroduction - Lattice-based Cryptography
Introduction - Lattice-based Cryptography
 
Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet se...
Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet se...Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet se...
Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet se...
 
Computer graphics File for Engineers
Computer graphics File for EngineersComputer graphics File for Engineers
Computer graphics File for Engineers
 
Broadcasting and low exponent rsa attack
Broadcasting and low exponent rsa attackBroadcasting and low exponent rsa attack
Broadcasting and low exponent rsa attack
 
Rsa
RsaRsa
Rsa
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic Encryption
 
RSA
RSARSA
RSA
 
ZeroKnowledge Nominative Signatures
ZeroKnowledge Nominative SignaturesZeroKnowledge Nominative Signatures
ZeroKnowledge Nominative Signatures
 
Introduction to Homomorphic Encryption
Introduction to Homomorphic EncryptionIntroduction to Homomorphic Encryption
Introduction to Homomorphic Encryption
 

Similar to Cryptography

Timing Attack paper--pres--v.01
Timing Attack paper--pres--v.01Timing Attack paper--pres--v.01
Timing Attack paper--pres--v.01anasz3z3
 
implementing the encryption in the JAVA.ppt
implementing the encryption in the JAVA.pptimplementing the encryption in the JAVA.ppt
implementing the encryption in the JAVA.pptMuhammadAbdullah311866
 
Chapter 4 dis 2011
Chapter 4 dis 2011Chapter 4 dis 2011
Chapter 4 dis 2011noraidawati
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraOWASP Delhi
 
Sigma Protocols and Zero Knowledge
Sigma Protocols and Zero KnowledgeSigma Protocols and Zero Knowledge
Sigma Protocols and Zero KnowledgeAlex Chepurnoy
 

Similar to Cryptography (6)

seminar_presentation_krypto
seminar_presentation_kryptoseminar_presentation_krypto
seminar_presentation_krypto
 
Timing Attack paper--pres--v.01
Timing Attack paper--pres--v.01Timing Attack paper--pres--v.01
Timing Attack paper--pres--v.01
 
implementing the encryption in the JAVA.ppt
implementing the encryption in the JAVA.pptimplementing the encryption in the JAVA.ppt
implementing the encryption in the JAVA.ppt
 
Chapter 4 dis 2011
Chapter 4 dis 2011Chapter 4 dis 2011
Chapter 4 dis 2011
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
 
Sigma Protocols and Zero Knowledge
Sigma Protocols and Zero KnowledgeSigma Protocols and Zero Knowledge
Sigma Protocols and Zero Knowledge
 

Recently uploaded

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Recently uploaded (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Cryptography

  • 2. Defini0ons,  proofs,  and  assump0ons   •  We’ve  defined  computa0onal  secrecy   •  Our  goal  is  to  prove  that  the  pseudo  OTP   meets  that  defini0on   •  We  are  unable  to  prove  this  uncondi0onally   – Beyond  our  current  techniques…   – Anyway,  security  depends  on  G   •  Can  hope  to  prove  security  assuming     that  G  is  a  pseudorandom  generator  
  • 3. PRGs,  revisited   •  Let  G  be  an  efficient,  determinis0c  func0on   with  |G(k)|  =  2·∙|k|   D y   b   y  ←  U2n   k  ←  Un   G   (For  any  efficient  D…)  the  probability  that  D     outputs  1  in  both  cases  must  be  close  
  • 4. Proof  by  reduc0on   1.  Assume  G  is  a  pseudorandom  generator   2.  Say  there  is  an  efficient  aUacker  A  who   ‘breaks’  the  pseudo-­‐OTP  scheme   3.  Use  A  as  a  subrou0ne  to  build  an  efficient  D   that  ‘breaks’  pseudorandomness  of  G   – But  we  know  that  no  such  D  exists!   ⇒  No  such  A  can  exist  
  • 5. Alternately…   1.  Assume  G  is  a  pseudorandom  generator   2.  Fix  some  arbitrary,  efficient  A  aUacking  the   pseudo-­‐OTP  scheme   3.  Use  A  as  a  subrou0ne  to  build  an  efficient  D   aUacking  G   –  Relate  the  dis0nguishing  probability  of  D  to  the   success  probability  of  A   4.  By  assump0on,  the  dis0nguishing   probability  of  D  must  be  negligible   ⇒  Bound  the  success  probability  of  A  
  • 6. “Pseudo”  one-­‐0me  pad   “pseudo”  key   2n  bits   ⊕   G   k   n  bits   ciphertext   2n  bits   message   2n  bits  
  • 7. Security  theorem   •  If  G  is  a  pseudorandom  generator,  then  the   pseudo  one-­‐0me  pad  is  (computa0onally)   indis0nguishable.  
  • 8. The  reduc0on   m0, m1 b←{0,1} mb c b’ if (b=b’) output 1 D y   A
  • 9. Analysis   •  If  A  runs  in  polynomial  0me,  then  so  does  D    
  • 10. Analysis   •  Let  µ(n)  =  Pr[PrivKA,Π(n)  =  1]     •  If  input  y  is  pseudorandom,  the  view  of  A  is   exactly  as  in  PrivKA,Π(n)   ⇒  Prx  ←  Un [D(G(x))=1]  =  µ(n)  
  • 11. The  reduc0on   m0, m1 b←{0,1} mb c b’ if (b=b’) output 1 D y   A k  ←  Un   G   Π-­‐Enc  
  • 12. Analysis   •  Let  µ(n)  =  Pr[PrivKA,Π(n)  =  1]     •  If  input  y  is  pseudorandom,  the  view  of  A  is   exactly  as  in  PrivKA,Π(n)   ⇒  Prx  ←  Un [D(G(x))=1]  =  µ(n)   •  If  input  y  is  uniform,  A  succeeds  with   probability  exactly  ½     ⇒  Pry  ←  U2n [D(y)=1]  =  ½    
  • 13. The  reduc0on   m0, m1 b←{0,1} mb c b’ if (b=b’) output 1 D y   A y  ←  U2n   OTP-­‐Enc  
  • 14. Analysis   •  Let  µ(n)  =  Pr[PrivKA,Π(n)  =  1]     •  If  input  y  is  pseudorandom,  the  view  of  A  is   exactly  as  in  PrivKA,Π(n)   ⇒  Prx  ←  Un [D(G(x))=1]  =  µ(n)   •  If  input  y  is  uniform,  A  succeeds  with   probability  exactly  ½     ⇒  Pry  ←  U2n [D(y)=1]  =  ½     •  Since  G  is  pseudorandom…   ⇒ |  µ(n)  –  ½  |  ≤  ε(n)   ⇒   Pr[PrivKA,Π(n)  =  1]  ≤  ½  +  ε(n)  
  • 15. What  does  it  all  mean?   •  Proof  that  the  pseudo  OTP  is  secure…   – We  have  a  provably  secure  scheme,  rather  than  a   heuris0c  construc0on!    
  • 16. What  does  it  all  mean?   •  Proof  that  the  pseudo  OTP  is  secure…   •  …with  some  caveats   – Assuming  G  is  a  pseudorandom  generator   – Rela0ve  to  our  defini0on     •  The  only  way  the  scheme  can  be  broken  is:   – If  a  weakness  is  found  in  G   – If  the  defini0on  isn’t  sufficiently  strong…