SlideShare a Scribd company logo

Lattice based Merkle for post-quantum epoch

DefCamp
DefCamp

Maksim Iavich in Bucharest, Romania on November 8-9th 2018 at DefCamp #9. The videos and other presentations can be found on https://def.camp/archive

1 of 42
Download to read offline
Lattice based Merkle for post-quantum epoch
Maksim Iavich
Private Key Encryption
C
cypher
K Kkeykey
mmessage
c := Enck(m)
Encryption Decryption
m := Deck(c)
Deck(Enck(m)) = m
 M = {0,1}n
 Gen: k  {0,1}n
 Enck(m) = k  m
 Deck(c) = k  c
 Truth:
Deck( Enck(m) ) = k  (k  m)
= (k  k)  m = m
One-time pad
0  1 = 1
0  0 = 0
1  0 = 1
1  1 = 1
A  A = 0
One-time pad
key
n bits
message
n bits
Cipher text
n bits

Problems:
 The size of the key must be the
same as message (quite large)
 Is secure if one key is used once to
decrypt only one message.
One-time pad
 c1 = k  m1
c2 = k  m2
 Attacker is able:
c1  c2 = (k  m1)  (k  m2) = m1  m2
 Leaks information about m1 and m2
Use key twice ?

Recommended

Implementation of bpsc stegnography ( synopsis)
Implementation of bpsc stegnography ( synopsis)Implementation of bpsc stegnography ( synopsis)
Implementation of bpsc stegnography ( synopsis)Mumbai Academisc
 
RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHY
RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHYRSA - ENCRYPTION ALGORITHM CRYPTOGRAPHY
RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHYQualcomm
 
The rsa algorithm
The rsa algorithmThe rsa algorithm
The rsa algorithmKomal Singh
 
An Image Encryption using Chaotic Based Cryptosystem
An Image Encryption using Chaotic Based CryptosystemAn Image Encryption using Chaotic Based Cryptosystem
An Image Encryption using Chaotic Based Cryptosystemxlyle
 

More Related Content

What's hot

RSA - ALGORITHM by Muthugomathy and Meenakshi Shetti of GIT COLLEGE
RSA - ALGORITHM by Muthugomathy and Meenakshi Shetti of GIT COLLEGE RSA - ALGORITHM by Muthugomathy and Meenakshi Shetti of GIT COLLEGE
RSA - ALGORITHM by Muthugomathy and Meenakshi Shetti of GIT COLLEGE Qualcomm
 
Cupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829aCupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829ajsk1950
 
Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet se...
Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet se...Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet se...
Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet se...National Chengchi University
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsaMazin Alwaaly
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyMd. Shafiul Alam Sagor
 
Public key cryptography
Public key cryptography Public key cryptography
Public key cryptography rinnocente
 
Performance evluvation of chaotic encryption technique
Performance evluvation of chaotic encryption techniquePerformance evluvation of chaotic encryption technique
Performance evluvation of chaotic encryption techniqueAncy Mariam Babu
 
Introduction - Lattice-based Cryptography
Introduction - Lattice-based CryptographyIntroduction - Lattice-based Cryptography
Introduction - Lattice-based CryptographyAlexandre Augusto Giron
 
Lattice Based Cryptography - GGH Cryptosystem
Lattice Based Cryptography - GGH CryptosystemLattice Based Cryptography - GGH Cryptosystem
Lattice Based Cryptography - GGH CryptosystemVarun Janga
 
An Image Encryption using Chaotic Based Cryptosystem
An Image Encryption using Chaotic Based CryptosystemAn Image Encryption using Chaotic Based Cryptosystem
An Image Encryption using Chaotic Based Cryptosystemxlyle
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key CryptographyGopal Sakarkar
 
Cryptography & Network Security By, Er. Swapnil Kaware
Cryptography & Network Security By, Er. Swapnil KawareCryptography & Network Security By, Er. Swapnil Kaware
Cryptography & Network Security By, Er. Swapnil KawareProf. Swapnil V. Kaware
 

What's hot (20)

RSA - ALGORITHM by Muthugomathy and Meenakshi Shetti of GIT COLLEGE
RSA - ALGORITHM by Muthugomathy and Meenakshi Shetti of GIT COLLEGE RSA - ALGORITHM by Muthugomathy and Meenakshi Shetti of GIT COLLEGE
RSA - ALGORITHM by Muthugomathy and Meenakshi Shetti of GIT COLLEGE
 
3 pkc+rsa
3 pkc+rsa3 pkc+rsa
3 pkc+rsa
 
Cupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829aCupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829a
 
104 Icdcit05
104 Icdcit05104 Icdcit05
104 Icdcit05
 
Rsa cryptosystem
Rsa cryptosystemRsa cryptosystem
Rsa cryptosystem
 
Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet se...
Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet se...Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet se...
Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet se...
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsa
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key Cryptography
 
Public key cryptography
Public key cryptography Public key cryptography
Public key cryptography
 
Performance evluvation of chaotic encryption technique
Performance evluvation of chaotic encryption techniquePerformance evluvation of chaotic encryption technique
Performance evluvation of chaotic encryption technique
 
Rsa
RsaRsa
Rsa
 
Introduction - Lattice-based Cryptography
Introduction - Lattice-based CryptographyIntroduction - Lattice-based Cryptography
Introduction - Lattice-based Cryptography
 
Lattice Based Cryptography - GGH Cryptosystem
Lattice Based Cryptography - GGH CryptosystemLattice Based Cryptography - GGH Cryptosystem
Lattice Based Cryptography - GGH Cryptosystem
 
An Image Encryption using Chaotic Based Cryptosystem
An Image Encryption using Chaotic Based CryptosystemAn Image Encryption using Chaotic Based Cryptosystem
An Image Encryption using Chaotic Based Cryptosystem
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
 
public-key cryptography Shamir
public-key cryptography Shamirpublic-key cryptography Shamir
public-key cryptography Shamir
 
Cryptography & Network Security By, Er. Swapnil Kaware
Cryptography & Network Security By, Er. Swapnil KawareCryptography & Network Security By, Er. Swapnil Kaware
Cryptography & Network Security By, Er. Swapnil Kaware
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA Algorithm
 
Ch09
Ch09Ch09
Ch09
 
Key reinstallation attacks forcing nonce reuse in wpa2
Key reinstallation attacks forcing nonce reuse in wpa2Key reinstallation attacks forcing nonce reuse in wpa2
Key reinstallation attacks forcing nonce reuse in wpa2
 

Similar to Lattice based Merkle for post-quantum epoch

Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityNagendra Um
 
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...CSCJournals
 
Encryption technology
Encryption technologyEncryption technology
Encryption technologyNeha Bhambu
 
An Advance Approach of Image Encryption using AES, Genetic Algorithm and RSA ...
An Advance Approach of Image Encryption using AES, Genetic Algorithm and RSA ...An Advance Approach of Image Encryption using AES, Genetic Algorithm and RSA ...
An Advance Approach of Image Encryption using AES, Genetic Algorithm and RSA ...IJEACS
 
Analysis of Cryptographic Algorithms
Analysis of Cryptographic AlgorithmsAnalysis of Cryptographic Algorithms
Analysis of Cryptographic Algorithmsijsrd.com
 
Post quantum cryptography - thesis
Post quantum cryptography - thesisPost quantum cryptography - thesis
Post quantum cryptography - thesisSamy Shehata
 
Cryptography and applications
Cryptography and applicationsCryptography and applications
Cryptography and applicationsthai
 
CSEC 630 Lab Assignment 1 Introduction To Cryptography Essay
CSEC 630 Lab Assignment 1 Introduction To Cryptography EssayCSEC 630 Lab Assignment 1 Introduction To Cryptography Essay
CSEC 630 Lab Assignment 1 Introduction To Cryptography EssayPaula Smith
 
Enhancing security in cloud storage
Enhancing security in cloud storageEnhancing security in cloud storage
Enhancing security in cloud storageShivam Singh
 
CRYPTOGRAPHY (2).pdf
CRYPTOGRAPHY (2).pdfCRYPTOGRAPHY (2).pdf
CRYPTOGRAPHY (2).pdfBhuvanaR13
 
Implementation of bpcs steganography (synopsis)
Implementation of bpcs steganography (synopsis)Implementation of bpcs steganography (synopsis)
Implementation of bpcs steganography (synopsis)Mumbai Academisc
 
Application of bpcs steganography to wavelet compressed video (synopsis)
Application of bpcs steganography to wavelet compressed video (synopsis)Application of bpcs steganography to wavelet compressed video (synopsis)
Application of bpcs steganography to wavelet compressed video (synopsis)Mumbai Academisc
 
RSA & MD5 algorithm
RSA & MD5 algorithmRSA & MD5 algorithm
RSA & MD5 algorithmSiva Rushi
 
ch09_rsa_nemo.ppt
ch09_rsa_nemo.pptch09_rsa_nemo.ppt
ch09_rsa_nemo.pptChandraB15
 
Presentation on Cryptography_Based on IEEE_Paper
Presentation on Cryptography_Based on IEEE_PaperPresentation on Cryptography_Based on IEEE_Paper
Presentation on Cryptography_Based on IEEE_PaperNithin Cv
 

Similar to Lattice based Merkle for post-quantum epoch (20)

Chapter 15 - Security
Chapter 15 - SecurityChapter 15 - Security
Chapter 15 - Security
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Iss lecture 2
Iss lecture 2Iss lecture 2
Iss lecture 2
 
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
 
Encryption technology
Encryption technologyEncryption technology
Encryption technology
 
An Advance Approach of Image Encryption using AES, Genetic Algorithm and RSA ...
An Advance Approach of Image Encryption using AES, Genetic Algorithm and RSA ...An Advance Approach of Image Encryption using AES, Genetic Algorithm and RSA ...
An Advance Approach of Image Encryption using AES, Genetic Algorithm and RSA ...
 
Analysis of Cryptographic Algorithms
Analysis of Cryptographic AlgorithmsAnalysis of Cryptographic Algorithms
Analysis of Cryptographic Algorithms
 
Post quantum cryptography - thesis
Post quantum cryptography - thesisPost quantum cryptography - thesis
Post quantum cryptography - thesis
 
Cryptography and applications
Cryptography and applicationsCryptography and applications
Cryptography and applications
 
CSEC 630 Lab Assignment 1 Introduction To Cryptography Essay
CSEC 630 Lab Assignment 1 Introduction To Cryptography EssayCSEC 630 Lab Assignment 1 Introduction To Cryptography Essay
CSEC 630 Lab Assignment 1 Introduction To Cryptography Essay
 
Enhancing security in cloud storage
Enhancing security in cloud storageEnhancing security in cloud storage
Enhancing security in cloud storage
 
CRYPTOGRAPHY (2).pdf
CRYPTOGRAPHY (2).pdfCRYPTOGRAPHY (2).pdf
CRYPTOGRAPHY (2).pdf
 
Implementation of bpcs steganography (synopsis)
Implementation of bpcs steganography (synopsis)Implementation of bpcs steganography (synopsis)
Implementation of bpcs steganography (synopsis)
 
Application of bpcs steganography to wavelet compressed video (synopsis)
Application of bpcs steganography to wavelet compressed video (synopsis)Application of bpcs steganography to wavelet compressed video (synopsis)
Application of bpcs steganography to wavelet compressed video (synopsis)
 
Kleptography
KleptographyKleptography
Kleptography
 
RSA & MD5 algorithm
RSA & MD5 algorithmRSA & MD5 algorithm
RSA & MD5 algorithm
 
Nwc rsa
Nwc rsaNwc rsa
Nwc rsa
 
ch09_rsa_nemo.ppt
ch09_rsa_nemo.pptch09_rsa_nemo.ppt
ch09_rsa_nemo.ppt
 
Presentation on Cryptography_Based on IEEE_Paper
Presentation on Cryptography_Based on IEEE_PaperPresentation on Cryptography_Based on IEEE_Paper
Presentation on Cryptography_Based on IEEE_Paper
 

More from DefCamp

Remote Yacht Hacking
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht HackingDefCamp
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!DefCamp
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of TrustDefCamp
 
Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?DefCamp
 
Bridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXDefCamp
 
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...DefCamp
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDefCamp
 
Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)DefCamp
 
Trust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFATrust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFADefCamp
 
Threat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationThreat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationDefCamp
 
Building application security with 0 money down
Building application security with 0 money downBuilding application security with 0 money down
Building application security with 0 money downDefCamp
 
Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...DefCamp
 
The challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareThe challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareDefCamp
 
Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?DefCamp
 
Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured DefCamp
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...DefCamp
 
We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.DefCamp
 
Connect & Inspire Cyber Security
Connect & Inspire Cyber SecurityConnect & Inspire Cyber Security
Connect & Inspire Cyber SecurityDefCamp
 
The lions and the watering hole
The lions and the watering holeThe lions and the watering hole
The lions and the watering holeDefCamp
 
Catch Me If You Can - Finding APTs in your network
Catch Me If You Can - Finding APTs in your networkCatch Me If You Can - Finding APTs in your network
Catch Me If You Can - Finding APTs in your networkDefCamp
 

More from DefCamp (20)

Remote Yacht Hacking
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht Hacking
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of Trust
 
Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?
 
Bridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UX
 
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the Attacker
 
Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)
 
Trust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFATrust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFA
 
Threat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationThreat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical Application
 
Building application security with 0 money down
Building application security with 0 money downBuilding application security with 0 money down
Building application security with 0 money down
 
Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...
 
The challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareThe challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcare
 
Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?
 
Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
 
We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.
 
Connect & Inspire Cyber Security
Connect & Inspire Cyber SecurityConnect & Inspire Cyber Security
Connect & Inspire Cyber Security
 
The lions and the watering hole
The lions and the watering holeThe lions and the watering hole
The lions and the watering hole
 
Catch Me If You Can - Finding APTs in your network
Catch Me If You Can - Finding APTs in your networkCatch Me If You Can - Finding APTs in your network
Catch Me If You Can - Finding APTs in your network
 

Recently uploaded

"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google
"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google
"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, GoogleISPMAIndia
 
IT Nation Evolve event 2024 - Quarter 1
IT Nation Evolve event 2024  - Quarter 1IT Nation Evolve event 2024  - Quarter 1
IT Nation Evolve event 2024 - Quarter 1Inbay UK
 
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...Product School
 
Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?MENGSAYLOEM1
 
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...Neo4j
 
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes", Volodymyr TsapFwdays
 
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfIntroducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfSafe Software
 
The Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolThe Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolProduct School
 
"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor FesenkoFwdays
 
Introduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVAIntroduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVARobert McDermott
 
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...UiPathCommunity
 
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Product School
 
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxThe Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxNeo4j
 
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)Jay Zhao
 
Confoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceConfoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceSusan Ibach
 
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions..."How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...Fwdays
 
LF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIELF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIEDanBrown980551
 
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxLeveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxVotarikari Shravan
 
Act Like an Owner, Challenge Like a VC by former CPO, Tripadvisor
Act Like an Owner,  Challenge Like a VC by former CPO, TripadvisorAct Like an Owner,  Challenge Like a VC by former CPO, Tripadvisor
Act Like an Owner, Challenge Like a VC by former CPO, TripadvisorProduct School
 
"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura Rochniak"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura RochniakFwdays
 

Recently uploaded (20)

"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google
"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google
"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google
 
IT Nation Evolve event 2024 - Quarter 1
IT Nation Evolve event 2024  - Quarter 1IT Nation Evolve event 2024  - Quarter 1
IT Nation Evolve event 2024 - Quarter 1
 
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...
 
Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?
 
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
 
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
 
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfIntroducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
 
The Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolThe Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product School
 
"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko
 
Introduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVAIntroduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVA
 
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...
 
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
 
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxThe Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
 
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
 
Confoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceConfoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data science
 
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions..."How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
 
LF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIELF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIE
 
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxLeveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
 
Act Like an Owner, Challenge Like a VC by former CPO, Tripadvisor
Act Like an Owner,  Challenge Like a VC by former CPO, TripadvisorAct Like an Owner,  Challenge Like a VC by former CPO, Tripadvisor
Act Like an Owner, Challenge Like a VC by former CPO, Tripadvisor
 
"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura Rochniak"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura Rochniak
 

Lattice based Merkle for post-quantum epoch

  • 1. Lattice based Merkle for post-quantum epoch Maksim Iavich
  • 2. Private Key Encryption C cypher K Kkeykey mmessage c := Enck(m) Encryption Decryption m := Deck(c) Deck(Enck(m)) = m
  • 3.  M = {0,1}n  Gen: k  {0,1}n  Enck(m) = k  m  Deck(c) = k  c  Truth: Deck( Enck(m) ) = k  (k  m) = (k  k)  m = m One-time pad 0  1 = 1 0  0 = 0 1  0 = 1 1  1 = 1 A  A = 0
  • 4. One-time pad key n bits message n bits Cipher text n bits 
  • 5. Problems:  The size of the key must be the same as message (quite large)  Is secure if one key is used once to decrypt only one message. One-time pad
  • 6.  c1 = k  m1 c2 = k  m2  Attacker is able: c1  c2 = (k  m1)  (k  m2) = m1  m2  Leaks information about m1 and m2 Use key twice ?
  • 7.  G – defined polynomial time algorithm  G increases: |G(x)| = p(|x|) > |x| PRGs seed G output
  • 8. “Pseudo” one-time pad “pseudo” key p bits  G key n bits cipher text p bits message p bits By means of this key size is increased
  • 9. Public-key encryption pk, skpk c  Encpk(m) m = Decsk(c) c pk pk
  • 10. “Plain” RSA encryption m = [cd mod N] (N, e, d)  RSAGen(1n) pk = (N, e) sk = d N, e c = [me mod N] c
  • 11.  GOOGLE Corporation, in conjunction with with the company D-Wave signed contract about creating quantum computers. D-Wave 2X - is the newest quantum processor, which contains 2,048 physical qubits. To perform calculations in the processor are used 1152 qubits.  Each additional qubit doubles the data search area, thus is also significantly increased the calculation speed. Quantum computers will destroy systems based on the problem of factoring integers (e.g., RSA). RSA cryptosystem is used in different products on different platforms and in different areas. Quantum computers RSA system is widely used in operating systems from Microsoft, Apple, Sun, and Novell. In hardware performance RSA algorithm is used in secure phones, Ethernet, network cards, smart cards, and is also widely used in the cryptographic hardware. Along with this, the algorithm is a part of the underlying protocols protected Internet communications, including S / MIME, SSL and S / WAN, and is also used in many organizations, for example, government, banks, most corporations, public laboratories and universities.
  • 12.  RSA BSAFE encryption technology is used approximately by 500 million users worldwide. Since in encryption technology is mostly used the RSA algorithm, it can be considered one of the most common public key cryptosystems being developed together with the development of the Internet.  On this basis the RSA destruction will entail easy hacking of most products that can grow into a complete chaos. RSA BSAFE
  • 13. Hash-based Digital Signature Schemes: One of RSA alternatives are Hash-based Digital Signature Schemes. The safety of these systems depends on the security of cryptographic hash functions. A code-based public-key encryption system: McEliece example. In this system the public key is (Gnew, t), and the private key is (S, G, P), where G is k x n generator matrix for the code C. C is random binary (n, k)-linear code, that is capable to improve t errors. N is the number of code words, k is dimension of C. S is a random k x k binary nonsingular matrix. P is a random n x n binary permutation matrix. Gnew = S * G * P; k x n matrix. To encrypt the message we must encrypt message m as a binary string with the length k; cyp = m x Gnew; is generated random n-bit error vector v with the weight t. The cypher is calculated as c= cyp+v. For decoding is calculated cyp = c*P-1; Using decryption algorithm of C is calculated mnew= m*S => m= mnew*S-1 RSA ALTERNATIVES
  • 14.  Lattice-based Cryptography: proofs are based on worst-case hardness.  Multivariate public key cryptosystem – MPKCs: have a set of(usually) quadratic polynomials over a finite field. Security assumption is backed by the NP-hardness of the problem to solve nonlinear equations over a finite field. RSA ALTERNATIVES
  • 15.  To date are already found successful attacks on this crypto system.  The Ph.D. candidate of Dublin City University (DCU) Neill Costigan with the support of Irish Research Council for Science, Engineering and Technology (IRCSET), together with professor Michael Scott, Science Foundation Ireland (SFI) member successfully were able to carry out an attack on the algorithm. To do this they needed 8,000 hours of CPU time. In the attack representatives of four other countries took part. Scientists have discovered that the initial length of the key in this algorithm is insufficient and should be increased.  This system cannot be also used to encrypt the same message twice and to encrypt the message when is known it’s relation with the other message. Successful attacks
  • 16.  Should be noted the importance of efficiency spectrum. To date experts have reached quite good results in the speed algorithm processing. According to the investigation results it becomes clear that the proposed post-quantum cryptosystems are relatively little effective. Implementation of the algorithms requires much more time for their processing and verification.  Inefficient cryptography may be acceptable for the general user, but it cannot be acceptable for the internet servers that handle thousands of customers in the second. Today, Google has already has problems with the current cryptography. It is easy to imagine what will happen when implementing crypto algorithms will take more time.  The development and improvement of modern cryptosystems will take years. Moreover, all the time are recorded successful attacks on them. When is determined the encryption function, and it becomes standard, it needs the appropriate implementation of the corresponding software, and in most cases, hardware.
  • 17.  During the implementation it is necessary to ensure not only correct work of the function and the speed of its efficiency, but also to prevent any kind of leaks. Recently have been recorded successful «cache-timing» attacks on RSA and AES system, as a result of that Intel has added the AES instructions to its processors.  McEliece system is vulnerable to attacks, related to side channel attacks. Was shown the successful timing attack on Patterson algorithm. This attack does not detect the key, but detects an error vector that can successfully decrypt the message cipher.  As we can see, for the creation and implementation of safe and effective post-quantum cryptosystems it is necessary to fulfill the rather big work. From the foregoing it is clear that today we are not ready to transfer cryptosystems into post-quantum era. In the near future we cannot be sure in the reliability of the systems.
  • 18.  Traditional digital signature systems that are used in practice are vulnerable to quantum computers attacks. The security of these systems is based on the problem of factoring large numbers and calculating discrete logarithms. Scientists are working on the development of alternatives to RSA, which are protected from attacks by quantum computer. One of the alternatives are hash based digital signature schemes. These systems use a cryptographic hash function. The security of these digital signature systems is based on the collision resistance of the hash functions that they use. RSA ALTERNATIVES – HASH BASED
  • 19.  Keys generation in this system occurs as follows: the signature key X of this system consists of 2n lines of length n, and is selected randomly.  X= (xn-1[0], xn-1[1], …, x0[0], x0[1]) ∈ {0,1} n,2n  Verification key Y of this system consists of 2n lines of length n, and is selected randomly.  Y= (yn-1[0], yn-1[1], …, y0[0], y0[1]) ∈ {0,1} n,2n  This key is calculated as follows:  yi[j] = f(xi[j]), 0<=i<=n-1, j=0,1  f – is one-way function:  f: {0,1} n {0,1} n;  To generate the verification key, it is needed to use the function f 2n time. LAMPORT–DIFFIE ONE-TIME SIGNATURE SCHEME (KEY GENERATION)
  • 20.  To sign a message m of arbitrary size, we transform it into size n using the hash function:  h(m)=hash = (hashn-1, … , hash0)  Function h- is a cryptographic hash function:  h: {0,1} *{0,1} n  The signature is done as follows:  sig= (xn-1[hashn-1], …, x0[hash0]) ∈ {0,1} n,n  i-th string in this signature is equals to xi[0], if i-th bit in sign is equal to 0. The string is equal to xi[1], if i-th bit in sign is equal to 1.  Signature length is n2 and during signature we do not use f function. DOCUMENT SIGNATURE
  • 21.  To verify the signature sig = (sign-1, …, sig0), is calculated hash of the message hash = (hashn-1, … , hash0) and the following equality is checked:  (f(sign-1), …, f(sig0)) = (yn-1[hashn-1], …, y0[hash0])  If the equation is true, then the signature is correct.  For the verification f function must be used n times. DOCUMENT VERIFICATION
  • 22.  Keys generation in this system occurs as follows: the signature key X of this system consists of n lines of length p, the key is selected randomly. Winternitz parameter is selected w> = 2, it is equal to the number of bits to be signed simultaneously. Is calculated p1=n/w and p2=(log2p1 +1+w)/w, p= p1+ p2  The signature key X of this system consists of p lines of length n selected randomly:  X= (xp-1[0], …, x0) ∈ {0,1} n,p  Verification key is following:  Y= (yp-1[0], …, y0) ∈ {0,1} n,p, where  yi=f2^w-1(xi), 0<=i<=p-1  The length of the signature and the verification key is equal to np bits, and to generate the verification key, function f must be used p(2w-1) times. WINTERNITZ ONE TIME SIGNATURE SCHEME. KEY GENERATION
  • 23.  We hash the message hash=h(m) and prepend to hash the minimum number of zeros in order to get the length of hash devisable by w. Afterwards we divide it into p1 parts of length w.  hash=kp-1,…, kp-p1  the checksum is calculated:  с=∑i=p-p1 p-1(2w-ki)  as c<= p12w, the length of its binary representation is log2 p12w+1  We prepend to its binary representation the minimum number of zeros in order to get the length of representation devisable by w, and divide it into p2 parts of length w.  с=kp2-1,…, k0  we calculate the signature of the message m:  sig=(f^kp-1(xp-1), …, f^k0(x0))  In the worst case, for the signature function f must be used ,p(2w-1) times. Signature size is pn. SIGNATURE GENERATION
  • 24.  For signature verification sig = (sign-1, …, sig0) bit strings are calculated kp- 1,…, k0.  We verify the following equality:  (f^(2w-1-kp-1))(sign-1), …, (f^(2w-1-k0))(sig0) = yn-1, … y0  If the signature is correct, then sigi =f^ki(xi), so  (f^(2w-1-ki))(sigi)= (f^(2w-1))(xi)=yi is equal for every i=p-1,…, 0  In the worst case, for the signature verification function f must be used ,p(2w-1) times SIGNATURE VERIFICATION
  • 25.  One-time signature schemes are very inconvenient to use, because to sign each message, you need to use a different key pair. Merkle crypto-system was proposed to solve this problem. This system uses a binary tree to replace a large number of verification keys with one public key, the root of a binary tree. This cryptosystem uses an one-time Lamport or Winternitz signature scheme and a cryptographic hash function:  h:{0,1}*{0,1}n  Key generation: The length of the tree is chosen H>=2, with one public key it is possible to sign 2H documents. 2H signature and verification key pairs are generated; Xi, Yi, 0<=i<=2H. Xi- is signature key, Yi- is verification key. h(Yi) are calculated and are used as the leaves of the tree. Each tree node is a hash value of concatenation of its children. MERKLE
  • 27.  To sign a message m of arbitrary size we transform it into size n using the hash function  h (m) = hash, and generate an one-time signature using any one-time key Xany , the document's signature will be the concatenation of: one time signature, one-time verification key Yany, index any and all fraternal nodes authi in relation to Yany.  Signature= (sig||pub||any|| Yany||auth0,…,authH-1)  Signature verification:  To verify the signature we check the one-time signature of sig using Yany, if it is true, we calculate all the nodes a [i, j] using “authi”, index “any” and Yany. We compare the last node, the root of the tree with public key, if they are equal, then the signature is correct. SIGNATURE GENERATION
  • 28.  To generate a public key you need to calculate and store 2H pairs of one-time keys. Storing this amount of information is not effective in practice. In order to save space, it was suggested to use the PRNG random number generator. When using PRNG, it is sufficient to store only the seed of the generator and use it to generate one-time keys. It is necessary to calculate one-time keys twice: once in the key generation stage and then in the signature stage of the message. PRNG receives a seed of length n and outputs a new seed and a random number of length n.  PRNG : {0, 1}n: {0, 1}n x {0, 1}n  Key generation using PRNG:  We choose randomly the seed s0 of length n, using si we work out soti, as following:  PRNG(si) = (soti , si+1) 0 ≤ i <2H  soti changes each time when PRNG launches. For Xi key calculation it is enough to know only si. PRNG INTEGRATION
  • 30.  Quantum computers are able to crack PRNG, which were considered safe against attacks of classical computers. A polynomial quantum time attack on PRNG Blum-Micali is shown. This PRNG is considered safe from threats of standard computers. This attack uses Grover algorithm along with the quantum discrete logarithm, and is able to restore the values at the generator output for this attack. The attacks like these represent a threat of cracking PRNG, used in many real-world crypto systems. As we see, Merkle crypto system with built-in PRNG can be vulnerable to attacks of quantum computers. We suggest using a true random number generator based on qubits, TRNG. Breaking PRNG
  • 31.  Let’s consider a system with one qubit. The quantum state of a qubit is denoted by: α|0>+β |1>, where α and β are complex numbers; |α|2+ |β|2=1  |0> - is the ground state of qubit, |1>- is the excited state of qubit  This qubit is in the state |0> with probability α2 and likewise in a state |1> with probability β2.  When a qubit is measured, it is in one of two states with probability 1.  Let’s consider a system with two qubits. The quantum state of two qubits is denoted by: α00|00>+ α01 |01>+ α10|10>+ α11 |11>  where αi are complex numbers; ∑| αi|2=1.  We connect these qubits using Bell state, in this case the quantum state of these qubits is denoted by:  1/21/2|00>+1/21/2|11>, so when we measure a given qubit, it will be in a state |0> with probability ½ and likewise in a state |1> also with probability ½. When we measure the second qubit, it will be in the opposite state of the first qubit when we measured it with probability 1.  When we measure n qubits we can get the true number of size n. Quantum TRNG
  • 32.  Key generation using quantum TRNG:  We choose the tree height H>=2. We can sign 2H documents using one public key. A connection is established between two qubits using Bell state. We take 2H pairs of such qubit sets qi and bi ; every qi and bi consists of n qubits. 0<=i<=2H; We measure 2H*n qubits qi and we get 2H signature keys Xi and calculate the verification keys Yi. h(Yi) are calculated and are used as leaves of a tree.  Signature and verification of the message:  To sign a message m of arbitrary size we transform it into size n using the hash function h(m) = hash, we measure any set, that contains n qubits , bany  qany=Xany with probability equal to 1. We generate one time signature using one- time signature key Xany, the document's signature will be the concatenation of: one time signature, one-time verification key Yany, index “any” and all fraternal nodes authi in relation to Yany.  Signature= (sig||pub||any|| Yany||auth0,…,authH-1)  Verification of the message occurs similarly to the standard Merkle system.  Security of the system with built-in quantum TRNG.  The system is secure, because we do not change the principle of the crypto system, but only integrate TRNG, to reduce the size of the signature key. TRNG is completely safe; it is based on the state of qubits, which are real random numbers.
  • 33. Lamport Winternitz Merkle Use f to generate keys 2n p(2w-1) 2H+1-1 Use f to calculate the signature Is not used p(2w-1) Use f to generate verify the signature n p(2w-1)
  • 34.  We propose to use as the hash function, the lattice-based hash function, and to use lattice based one-way function as an one-way function in hash-based digital signature schemes.  Hash functions are considered resistant to quantum computer attacks, but the Grover algorithm allows us to achieve quadratic acceleration in the search algorithms. It means that hash functions must be complicated to be secure against quantum computers attacks. Studies are conducted to determine the cost of attacks on SHA2 and SHA3 families of hash functions, using the Grover algorithm ONE WAY and HASH
  • 35.  Collision resistant hash functions based on lattices were proposed. Ajtai suggested the family of hash functions, the security of which is based on the worst case, the SVP with approximation ratio of nc, where n is constant. To construct a family of hash functions as parameters are used integers: n, m, q and d.  Parameter n defines the safety of hash function. The key to a hash function specified by the matrix M, chosen uniformly from Z q n×m. Hash function is  hM : {0, . . . , d−1}m → Zq n. The function maps mlogd bits to nlogq bits for input compression, m> log q / log d. This hash function is very easy to implement, because we use only addition and multiplication modulo q, which size is O (log n). Systems based on lattices
  • 36.  We propose to use as the hash function, the lattice-based hash function, and to use lattice based one-way function as an one-way function in hash-based digital signature schemes.  The family of one-way functions, suggested by Ajtai, can be used. In the case of hash functions, as the key, we select the matrix K from Zn×m a, which transforms mlog b into nlog a number of bits and we calculate h(x) = Kx mod a.  In the case of a one-way function, we select the matrix K from Zm×m b, as the key. It transforms mlog b into mlog b number of bits and we compute f(x) = Kx mod a. HASHED MERKLE
  • 37.  Should be noted the problem of the effectiveness of these functions, the size of their key grows quadratically in n, so these functions are ineffective. Due to the attacks on these functions by combinatorial method , for the security of 100-bit, you need to use a key of 500,000 bits size. Efficiency problems
  • 42. MAKSIM IAVICH SCIENTIFIC CYBER SECURITY ASSOCIATION ; CAUCASUS UNIVERSITY T. +(995 595) 511355; E-mail: m.iavich@scsa.ge www.scsa.ge Scientific&practical cyber security journal – www.journal.scsa.ge THANK YOU! QUESTIONS?