This lecture introduces cryptocurrencies and the cryptographic concepts that enable them. It discusses hash functions and their properties like collision resistance. Digital signatures are explained as well as how public keys can represent identities. Simple cryptocurrency schemes are presented like GoofyCoin where a central party controls coin generation, and ScroogeCoin where a transaction history is published but one entity still controls validity. The goal of later lectures is to create a decentralized currency without a central trusted authority.
This document discusses how Bitcoin achieves decentralization through distributed consensus. It covers several key aspects:
1) Bitcoin uses a peer-to-peer network where anyone can participate as a node to maintain the shared transaction ledger. New bitcoins are created through a mining process where nodes validate transactions.
2) Bitcoin relies on distributed consensus protocols to validate transactions and prevent double spending without centralized authorities. Reaching consensus is challenging due to potential node failures and attacks.
3) Bitcoin's blockchain uses a proof-of-work system and random block selection to implicitly achieve consensus. This provides incentives for honest node behavior through block rewards and transaction fees.
Blockchain 101 presentation by fstream.ioBaiju Devani
This document provides an overview of blockchain technology and its applications. It begins with a motivating example of cross-border payments and the associated costs and inefficiencies. It then covers foundational concepts such as distributed networks, databases, cryptography and computing power that combine to form blockchain technology. Examples of public and private blockchains are discussed. The document also explores smart contracts and decentralized applications (DApps), and provides real world use cases such as digital assets, securities, and property titles recorded on blockchain networks.
This is a description of the Diffie-Hellman-Merkle Key Exchange process, with a presentation of the essential calculations and some discussion of vulnerabilities
This presentation contains the contents pertaining to the undergraduate course on Cryptography and Network Security (UITC203) at Sri Ramakrishna Institute of Technology. This covers the Data Encryption Standard and its variants.
The document discusses the history and applications of blockchain technology and cryptocurrencies like Bitcoin. It provides statistics on search interest in Bitcoin and the number of cryptocurrencies. Blockchain allows for decentralized, secure transaction records maintained on distributed ledgers without intermediaries. Potential applications include financial settlement, digital art ownership, and supply chain management. It also discusses industry consortiums working on blockchain standards and predictions that blockchain will disrupt banking by 2035.
The document discusses Bitcoin and cryptocurrency. It begins with an introduction to Bitcoin, explaining how it works as a decentralized digital currency using cryptography. It then covers topics like how Bitcoin is mined through solving complex math problems, the use of wallets and addresses, alternatives to Bitcoin like Litecoin, and possibilities for the future of cryptocurrency including widespread usage and higher valuation. The document aims to provide an overview of Bitcoin and cryptocurrency for educational purposes.
This document discusses how Bitcoin achieves decentralization through distributed consensus. It covers several key aspects:
1) Bitcoin uses a peer-to-peer network where anyone can participate as a node to maintain the shared transaction ledger. New bitcoins are created through a mining process where nodes validate transactions.
2) Bitcoin relies on distributed consensus protocols to validate transactions and prevent double spending without centralized authorities. Reaching consensus is challenging due to potential node failures and attacks.
3) Bitcoin's blockchain uses a proof-of-work system and random block selection to implicitly achieve consensus. This provides incentives for honest node behavior through block rewards and transaction fees.
Blockchain 101 presentation by fstream.ioBaiju Devani
This document provides an overview of blockchain technology and its applications. It begins with a motivating example of cross-border payments and the associated costs and inefficiencies. It then covers foundational concepts such as distributed networks, databases, cryptography and computing power that combine to form blockchain technology. Examples of public and private blockchains are discussed. The document also explores smart contracts and decentralized applications (DApps), and provides real world use cases such as digital assets, securities, and property titles recorded on blockchain networks.
This is a description of the Diffie-Hellman-Merkle Key Exchange process, with a presentation of the essential calculations and some discussion of vulnerabilities
This presentation contains the contents pertaining to the undergraduate course on Cryptography and Network Security (UITC203) at Sri Ramakrishna Institute of Technology. This covers the Data Encryption Standard and its variants.
The document discusses the history and applications of blockchain technology and cryptocurrencies like Bitcoin. It provides statistics on search interest in Bitcoin and the number of cryptocurrencies. Blockchain allows for decentralized, secure transaction records maintained on distributed ledgers without intermediaries. Potential applications include financial settlement, digital art ownership, and supply chain management. It also discusses industry consortiums working on blockchain standards and predictions that blockchain will disrupt banking by 2035.
The document discusses Bitcoin and cryptocurrency. It begins with an introduction to Bitcoin, explaining how it works as a decentralized digital currency using cryptography. It then covers topics like how Bitcoin is mined through solving complex math problems, the use of wallets and addresses, alternatives to Bitcoin like Litecoin, and possibilities for the future of cryptocurrency including widespread usage and higher valuation. The document aims to provide an overview of Bitcoin and cryptocurrency for educational purposes.
Celery is a really good framework for doing background task processing in Python (and other languages). While it is ridiculously easy to use celery, doing complex task flow has been a challenge in celery. (w.r.t task trees/graphs/dependecies etc.)
This talk introduces the audience to these challenges in celery and also explains how these can be fixed programmatically and by using latest features in Celery (3+)
We use it every day and we rely on it. But what are the roots of cryptography? How were, for example, the ancient Greeks able to protect information from their enemies? In this talk we will go through 5500 years of developing encryption technologies and look at how these work.
From the Un-Distinguished Lecture Series (http://ws.cs.ubc.ca/~udls/). The talk was given Mar. 23, 2007
The document discusses tips and tricks for using SSH more securely, including using SSH agent forwarding to avoid copying private keys, setting lifetime limits for identities added to the agent, and using SSH without direct connection by opening a socket through an untrusted server to a trusted one for authentication purposes only. It also covers potential abuses of SSH agent forwarding and connection multiplexing if the server is compromised.
This document provides an overview of Secure Sockets Layer (SSL) and Transport Layer Security (TLS). It discusses the evolution of SSL/TLS, the SSL/TLS handshake process, common attacks like man-in-the-middle attacks using tools like SSLStrip, recent attacks on SSL/TLS like BEAST and CRIME, and security guidelines for configuring SSL/TLS on servers.
This document analyzes the security of Bitcoin by summarizing its key components and attacks. It describes Bitcoin's peer-to-peer network, blockchain, proof-of-work system, incentives for mining, and known attacks like double-spending, 51% attacks, selfish mining, and transaction malleability. It also discusses anonymity, alternatives to proof-of-work, and open problems regarding Bitcoin's scalability, centralization, and ASIC resistance.
Eternal Blue was a cyberattack exploit developed by the NSA that was leaked in 2017 and used in several ransomware attacks. It allowed remote code execution via SMBv1 by exploiting three bugs related to incorrect data type casting, transaction parsing, and memory allocation. While patches were released, many systems remained unpatched, allowing the widespread use of Eternal Blue in attacks like WannaCry and NotPetya.
This document provides techniques for escalating privileges on Windows systems. It begins with an overview of tricks that can grant escalated privileges to users or administrators. Specific techniques discussed include exploiting misconfigurations, using keyloggers, searching for credentials on systems, exploiting Group Policy Preferences files, unattended installation files, Windows Deployment Services, binary path modifications, service configuration issues, and registry permissions problems. The document then covers methods for escalating from an administrative user to SYSTEM level privileges like using Metasploit exploits, Sysinternals tools, binary replacement, and WMIC. It concludes with sections on achieving persistence and bypassing authentication.
Slides from "Managing Secrets at scale" at Velocity EU 2015
Secrets come in many shapes and sizes: database API keys, database passwords, private keys. Distributing and managing these secrets is usually an afterthought. It's hard to get right, and can be very expensive if you get it wrong. In this session, we'll look at the core operations and properties that make up a good secret management system, and how these principals can be implemented
This document compares and contrasts three token-based authentication and authorization protocols: SAML, OAuth access tokens, and OpenID Connect ID tokens.
SAML uses XML assertions for identity and authorization. Access tokens in OAuth are opaque bearer strings, while ID tokens in OpenID Connect are JSON Web Tokens (JWTs) containing user information. SAML is for web services and uses WS-Security, while access tokens and ID tokens can be used by web and mobile apps via HTTP. Both SAML and ID tokens can be used to represent user identities, while access tokens and SAML assertions can authorize access to protected resources. Security considerations for each include confidentiality, integrity, and replay attacks.
Information and data security cryptographic hash functionsMazin Alwaaly
This document discusses hash functions and their cryptographic applications. It begins by defining hash functions and their properties like one-wayness and collision resistance. It then discusses various applications of cryptographic hash functions like message authentication codes, digital signatures, password files, and more. It provides details on how hash functions are used for message authentication and digital signatures. It also describes the Secure Hash Algorithm family of hash functions like SHA-1, SHA-2, and the NIST competition for the SHA-3 standard.
Symmetric encryption suffers from several key distribution and management problems in modern distributed communication environments. Asymmetric encryption solves these issues by using public/private key pairs, allowing anyone to encrypt messages using the public key but only the private key holder can decrypt. Digital signatures, key certification through public key infrastructure (PKI), and hash functions are important applications of asymmetric cryptography.
Cryptography for Smalltalkers 2 - ESUG 2006Martin Kobetic
The document discusses various topics in public key cryptography including public key algorithms like RSA and Diffie-Hellman key exchange. It also covers hashing algorithms like MD5 and SHA, digital signatures using RSA and DSA, and applications like encryption, key establishment, and signing. Code examples are provided in Smalltalk to demonstrate encrypting, decrypting, signing and verifying messages using these cryptographic techniques.
This document discusses hash functions, HMACs, and digital signatures. It begins by explaining how encryption provides confidentiality but not integrity or authentication. It then introduces hash functions and how they map data to fixed-length values. Cryptographic hash functions have properties like collision resistance that make them secure. The document discusses the Secure Hash Algorithm (SHA) standards and the process of selecting the new SHA-3. It also covers how HMACs use a key to provide authentication and how digital signatures with public key cryptography can provide authentication of message origin.
Hash functions, digital signatures and hmacssuserec53e73
This document discusses hash functions, HMACs, and digital signatures. It begins by explaining that while encryption provides confidentiality, it does not prevent message modification. Hash functions map messages to fixed-length values and can detect message tampering, but secure cryptographic hash functions with properties like collision resistance are required. HMACs use a key to authenticate messages hashed with a shared key. Digital signatures use public key cryptography for a sender to authenticate a message by encrypting its hash with their private key.
Cryptographic hash functions, message authentication codes (MACs), and digital signatures are discussed.
HMAC and CBC-MAC are introduced as methods to construct MACs from hash functions. HMAC incorporates a secret key into a hash function to provide message authentication. CBC-MAC uses a block cipher like DES in CBC mode.
Digital signatures are similar to MACs but use public-key cryptography like RSA. A digital signature provides both message authentication and non-repudiation. RSA can be used to generate signatures by signing a hash of the message with the private key.
This document provides an introduction to cryptography. It defines key terms like cryptography, cryptanalysis, and cryptology. It describes the goals of encryption and authentication. It explains symmetric key cryptography where a shared secret key is used for both encryption and decryption. It also covers public key cryptography using key pairs, digital signatures to authenticate identity, and how public key encryption and signatures can be combined. The document discusses cryptographic attacks and principles like Kerckhoff's principle and provable security. It provides examples of cryptographic algorithms like block ciphers, stream ciphers, hash functions, and key exchange protocols.
Bitcoin’s blockchain - from hashes to Escrow and beyondGrzegorz Gawron
This document summarizes the key building blocks of Bitcoin's blockchain, including cryptographic hash functions, hash pointers, the Merkle tree, digital signatures, and transaction scripts. It discusses how hash functions are used to link blocks together in the blockchain and ensure data integrity. Transaction scripts allow for advanced applications like multisignature escrow, green addresses for third-party exchanges, and efficient micropayments. The challenges of bootstrapping consensus, 51% attacks, and changing the blockchain protocol through hard or soft forks are also outlined.
How does cryptography work? by Jeroen OomsAjay Ohri
This document provides a conceptual introduction to cryptographic methods. It explains that cryptography works by using the XOR operator and one-time pads or stream ciphers to encrypt messages. With one-time pads, a message is XOR'd with random data and can only be decrypted by someone with the pad. Stream ciphers generate pseudo-random streams from a key and nonce to encrypt messages. Public-key encryption uses Diffie-Hellman key exchange to allow parties to establish a shared secret to encrypt messages.
The document provides an introduction to cryptography, including definitions of key terms, goals of cryptography like encryption and authentication, and descriptions of common cryptographic techniques. It summarizes symmetric key encryption where a shared secret key is used for both encryption and decryption, public key encryption using key pairs, digital signatures to authenticate messages, and how public key encryption and signatures can be combined. It also discusses cryptographic attacks, Kerckhoffs' principle of secrecy depending on the key not the algorithm, provable security, block ciphers like AES and DES, encryption modes, stream ciphers, hash functions, message authentication codes, key exchange methods like Diffie-Hellman, and public key cryptosystems like RSA and ElGamal
Celery is a really good framework for doing background task processing in Python (and other languages). While it is ridiculously easy to use celery, doing complex task flow has been a challenge in celery. (w.r.t task trees/graphs/dependecies etc.)
This talk introduces the audience to these challenges in celery and also explains how these can be fixed programmatically and by using latest features in Celery (3+)
We use it every day and we rely on it. But what are the roots of cryptography? How were, for example, the ancient Greeks able to protect information from their enemies? In this talk we will go through 5500 years of developing encryption technologies and look at how these work.
From the Un-Distinguished Lecture Series (http://ws.cs.ubc.ca/~udls/). The talk was given Mar. 23, 2007
The document discusses tips and tricks for using SSH more securely, including using SSH agent forwarding to avoid copying private keys, setting lifetime limits for identities added to the agent, and using SSH without direct connection by opening a socket through an untrusted server to a trusted one for authentication purposes only. It also covers potential abuses of SSH agent forwarding and connection multiplexing if the server is compromised.
This document provides an overview of Secure Sockets Layer (SSL) and Transport Layer Security (TLS). It discusses the evolution of SSL/TLS, the SSL/TLS handshake process, common attacks like man-in-the-middle attacks using tools like SSLStrip, recent attacks on SSL/TLS like BEAST and CRIME, and security guidelines for configuring SSL/TLS on servers.
This document analyzes the security of Bitcoin by summarizing its key components and attacks. It describes Bitcoin's peer-to-peer network, blockchain, proof-of-work system, incentives for mining, and known attacks like double-spending, 51% attacks, selfish mining, and transaction malleability. It also discusses anonymity, alternatives to proof-of-work, and open problems regarding Bitcoin's scalability, centralization, and ASIC resistance.
Eternal Blue was a cyberattack exploit developed by the NSA that was leaked in 2017 and used in several ransomware attacks. It allowed remote code execution via SMBv1 by exploiting three bugs related to incorrect data type casting, transaction parsing, and memory allocation. While patches were released, many systems remained unpatched, allowing the widespread use of Eternal Blue in attacks like WannaCry and NotPetya.
This document provides techniques for escalating privileges on Windows systems. It begins with an overview of tricks that can grant escalated privileges to users or administrators. Specific techniques discussed include exploiting misconfigurations, using keyloggers, searching for credentials on systems, exploiting Group Policy Preferences files, unattended installation files, Windows Deployment Services, binary path modifications, service configuration issues, and registry permissions problems. The document then covers methods for escalating from an administrative user to SYSTEM level privileges like using Metasploit exploits, Sysinternals tools, binary replacement, and WMIC. It concludes with sections on achieving persistence and bypassing authentication.
Slides from "Managing Secrets at scale" at Velocity EU 2015
Secrets come in many shapes and sizes: database API keys, database passwords, private keys. Distributing and managing these secrets is usually an afterthought. It's hard to get right, and can be very expensive if you get it wrong. In this session, we'll look at the core operations and properties that make up a good secret management system, and how these principals can be implemented
This document compares and contrasts three token-based authentication and authorization protocols: SAML, OAuth access tokens, and OpenID Connect ID tokens.
SAML uses XML assertions for identity and authorization. Access tokens in OAuth are opaque bearer strings, while ID tokens in OpenID Connect are JSON Web Tokens (JWTs) containing user information. SAML is for web services and uses WS-Security, while access tokens and ID tokens can be used by web and mobile apps via HTTP. Both SAML and ID tokens can be used to represent user identities, while access tokens and SAML assertions can authorize access to protected resources. Security considerations for each include confidentiality, integrity, and replay attacks.
Information and data security cryptographic hash functionsMazin Alwaaly
This document discusses hash functions and their cryptographic applications. It begins by defining hash functions and their properties like one-wayness and collision resistance. It then discusses various applications of cryptographic hash functions like message authentication codes, digital signatures, password files, and more. It provides details on how hash functions are used for message authentication and digital signatures. It also describes the Secure Hash Algorithm family of hash functions like SHA-1, SHA-2, and the NIST competition for the SHA-3 standard.
Symmetric encryption suffers from several key distribution and management problems in modern distributed communication environments. Asymmetric encryption solves these issues by using public/private key pairs, allowing anyone to encrypt messages using the public key but only the private key holder can decrypt. Digital signatures, key certification through public key infrastructure (PKI), and hash functions are important applications of asymmetric cryptography.
Cryptography for Smalltalkers 2 - ESUG 2006Martin Kobetic
The document discusses various topics in public key cryptography including public key algorithms like RSA and Diffie-Hellman key exchange. It also covers hashing algorithms like MD5 and SHA, digital signatures using RSA and DSA, and applications like encryption, key establishment, and signing. Code examples are provided in Smalltalk to demonstrate encrypting, decrypting, signing and verifying messages using these cryptographic techniques.
This document discusses hash functions, HMACs, and digital signatures. It begins by explaining how encryption provides confidentiality but not integrity or authentication. It then introduces hash functions and how they map data to fixed-length values. Cryptographic hash functions have properties like collision resistance that make them secure. The document discusses the Secure Hash Algorithm (SHA) standards and the process of selecting the new SHA-3. It also covers how HMACs use a key to provide authentication and how digital signatures with public key cryptography can provide authentication of message origin.
Hash functions, digital signatures and hmacssuserec53e73
This document discusses hash functions, HMACs, and digital signatures. It begins by explaining that while encryption provides confidentiality, it does not prevent message modification. Hash functions map messages to fixed-length values and can detect message tampering, but secure cryptographic hash functions with properties like collision resistance are required. HMACs use a key to authenticate messages hashed with a shared key. Digital signatures use public key cryptography for a sender to authenticate a message by encrypting its hash with their private key.
Cryptographic hash functions, message authentication codes (MACs), and digital signatures are discussed.
HMAC and CBC-MAC are introduced as methods to construct MACs from hash functions. HMAC incorporates a secret key into a hash function to provide message authentication. CBC-MAC uses a block cipher like DES in CBC mode.
Digital signatures are similar to MACs but use public-key cryptography like RSA. A digital signature provides both message authentication and non-repudiation. RSA can be used to generate signatures by signing a hash of the message with the private key.
This document provides an introduction to cryptography. It defines key terms like cryptography, cryptanalysis, and cryptology. It describes the goals of encryption and authentication. It explains symmetric key cryptography where a shared secret key is used for both encryption and decryption. It also covers public key cryptography using key pairs, digital signatures to authenticate identity, and how public key encryption and signatures can be combined. The document discusses cryptographic attacks and principles like Kerckhoff's principle and provable security. It provides examples of cryptographic algorithms like block ciphers, stream ciphers, hash functions, and key exchange protocols.
Bitcoin’s blockchain - from hashes to Escrow and beyondGrzegorz Gawron
This document summarizes the key building blocks of Bitcoin's blockchain, including cryptographic hash functions, hash pointers, the Merkle tree, digital signatures, and transaction scripts. It discusses how hash functions are used to link blocks together in the blockchain and ensure data integrity. Transaction scripts allow for advanced applications like multisignature escrow, green addresses for third-party exchanges, and efficient micropayments. The challenges of bootstrapping consensus, 51% attacks, and changing the blockchain protocol through hard or soft forks are also outlined.
How does cryptography work? by Jeroen OomsAjay Ohri
This document provides a conceptual introduction to cryptographic methods. It explains that cryptography works by using the XOR operator and one-time pads or stream ciphers to encrypt messages. With one-time pads, a message is XOR'd with random data and can only be decrypted by someone with the pad. Stream ciphers generate pseudo-random streams from a key and nonce to encrypt messages. Public-key encryption uses Diffie-Hellman key exchange to allow parties to establish a shared secret to encrypt messages.
The document provides an introduction to cryptography, including definitions of key terms, goals of cryptography like encryption and authentication, and descriptions of common cryptographic techniques. It summarizes symmetric key encryption where a shared secret key is used for both encryption and decryption, public key encryption using key pairs, digital signatures to authenticate messages, and how public key encryption and signatures can be combined. It also discusses cryptographic attacks, Kerckhoffs' principle of secrecy depending on the key not the algorithm, provable security, block ciphers like AES and DES, encryption modes, stream ciphers, hash functions, message authentication codes, key exchange methods like Diffie-Hellman, and public key cryptosystems like RSA and ElGamal
The document provides an introduction to cryptography, including definitions of key terms, goals of cryptography like encryption and authentication, and descriptions of common cryptographic techniques. It summarizes symmetric key encryption where a shared secret key is used for both encryption and decryption, public key encryption using key pairs, digital signatures to authenticate messages, and how public key encryption and signatures can be combined. It also discusses cryptographic attacks, Kerckhoffs' principle of secrecy depending on the key not the algorithm, provable security, block ciphers like AES and DES, encryption modes, stream ciphers, hash functions, message authentication codes, key exchange methods like Diffie-Hellman, and public key cryptosystems like RSA and ElGamal
This document provides an introduction to cryptography. It defines key terms like cryptography, cryptanalysis, and cryptology. It describes the goals of encryption and authentication. It explains symmetric key cryptography where a shared secret key is used for both encryption and decryption. It also covers public key cryptography using key pairs, digital signatures to provide authentication, and how public key encryption and signatures can be combined. It discusses cryptographic attacks and the importance of Kerckhoffs' principle. It provides an overview of common cryptographic algorithms like block ciphers, stream ciphers, hash functions, and key exchange methods. It also discusses concepts like encryption modes, password hashing, random number generation, and the security of algorithms like RSA and Diffie-
introduction to cryptography (basics of it)neonaveen
This document provides an introduction to cryptography. It defines key terms like cryptography, cryptanalysis, and cryptology. It describes the goals of encryption and authentication. It explains symmetric key cryptography where a shared secret key is used for both encryption and decryption. It also covers public key cryptography using key pairs, digital signatures to provide authentication, and how public key encryption and signatures can be combined. It discusses cryptographic attacks and the importance of Kerckhoffs' principle. It provides an overview of common cryptographic algorithms like block ciphers, stream ciphers, hash functions, and key exchange methods. It also discusses concepts like encryption modes, password hashing, random number generation, and the security of algorithms like RSA and Diffie-
The document discusses various topics related to network security including encryption, authentication, and protocols. It provides an overview of symmetric and public key cryptography, algorithms like DES and RSA, digital signatures, protocols like SSL and IPsec, and applications like PGP. Common security threats like packet sniffing, IP spoofing, and denial of service attacks are also summarized.
El Passo - Privacy-preserving single sign onFrank Denis
EL PASSO is an efficient and lightweight privacy-preserving single sign-on system. It uses non-interactive zero-knowledge proofs and Pointcheval-Sanders signatures to allow a user to anonymously prove credentials and selectively disclose attributes to different services without revealing their long-term secret or allowing the services to link their activities. The system employs threshold encryption to allow misbehaving users to be reported while preserving their anonymity from the identity provider.
Cryptography and SSL in Smalltalk - StS 2003Martin Kobetic
The document provides an overview of cryptography concepts and algorithms used in secure communication protocols like SSL. It discusses symmetric and asymmetric ciphers, cryptographic hashes, digital signatures, certificates and random number generation. Specifically, it covers common symmetric ciphers like AES and DES, asymmetric algorithms like RSA and Diffie-Hellman, hashes like MD5 and SHA, and digital signature standards like DSA. It also discusses how these concepts are combined and implemented in protocols to provide data confidentiality, integrity and authentication.
Message Authentication using Message Digests and the MD5 AlgorithmAjay Karri
Message authentication is important to prevent undetected manipulation of messages, which can have disastrous effects. Examples where message authentication is crucial include internet commerce and network management. Cryptographic hash functions are often used to authenticate messages by providing a digital fingerprint of the message contents.
Hash functions are used to compress variable length messages into fixed length digests. They provide compression, efficiency, and hide message content. Properties include one-way, weak collision, and strong collision resistance. Merkle-Damgard iteration is used to build cryptographic hash functions from compression functions. Applications include digital signatures, message authentication codes, and key derivation. Common hash functions are MD4, MD5, and SHA which use Boolean functions and updating rules in their algorithms. Hash functions provide security by making it difficult to find collisions or inputs that result in specific outputs.
The document discusses the history and concepts of cryptography. It covers:
1) Cryptography is the science of secret codes and involves both encrypting messages and trying to break codes.
2) Modern cryptography uses both symmetric encryption, which uses the same key to encrypt and decrypt, and asymmetric encryption, which uses different public and private keys.
3) Key challenges include securely distributing keys and making encryption algorithms that are easy to use but difficult to break without the key.
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...PECB
Denis is a dynamic and results-driven Chief Information Officer (CIO) with a distinguished career spanning information systems analysis and technical project management. With a proven track record of spearheading the design and delivery of cutting-edge Information Management solutions, he has consistently elevated business operations, streamlined reporting functions, and maximized process efficiency.
Certified as an ISO/IEC 27001: Information Security Management Systems (ISMS) Lead Implementer, Data Protection Officer, and Cyber Risks Analyst, Denis brings a heightened focus on data security, privacy, and cyber resilience to every endeavor.
His expertise extends across a diverse spectrum of reporting, database, and web development applications, underpinned by an exceptional grasp of data storage and virtualization technologies. His proficiency in application testing, database administration, and data cleansing ensures seamless execution of complex projects.
What sets Denis apart is his comprehensive understanding of Business and Systems Analysis technologies, honed through involvement in all phases of the Software Development Lifecycle (SDLC). From meticulous requirements gathering to precise analysis, innovative design, rigorous development, thorough testing, and successful implementation, he has consistently delivered exceptional results.
Throughout his career, he has taken on multifaceted roles, from leading technical project management teams to owning solutions that drive operational excellence. His conscientious and proactive approach is unwavering, whether he is working independently or collaboratively within a team. His ability to connect with colleagues on a personal level underscores his commitment to fostering a harmonious and productive workplace environment.
Date: May 29, 2024
Tags: Information Security, ISO/IEC 27001, ISO/IEC 42001, Artificial Intelligence, GDPR
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
General Data Protection Regulation (GDPR) - Training Courses - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Assessment and Planning in Educational technology.pptxKavitha Krishnan
In an education system, it is understood that assessment is only for the students, but on the other hand, the Assessment of teachers is also an important aspect of the education system that ensures teachers are providing high-quality instruction to students. The assessment process can be used to provide feedback and support for professional development, to inform decisions about teacher retention or promotion, or to evaluate teacher effectiveness for accountability purposes.
Thinking of getting a dog? Be aware that breeds like Pit Bulls, Rottweilers, and German Shepherds can be loyal and dangerous. Proper training and socialization are crucial to preventing aggressive behaviors. Ensure safety by understanding their needs and always supervising interactions. Stay safe, and enjoy your furry friends!
How to Build a Module in Odoo 17 Using the Scaffold MethodCeline George
Odoo provides an option for creating a module by using a single line command. By using this command the user can make a whole structure of a module. It is very easy for a beginner to make a module. There is no need to make each file manually. This slide will show how to create a module using the scaffold method.
Main Java[All of the Base Concepts}.docxadhitya5119
This is part 1 of my Java Learning Journey. This Contains Custom methods, classes, constructors, packages, multithreading , try- catch block, finally block and more.
This presentation includes basic of PCOS their pathology and treatment and also Ayurveda correlation of PCOS and Ayurvedic line of treatment mentioned in classics.
हिंदी वर्णमाला पीपीटी, hindi alphabet PPT presentation, hindi varnamala PPT, Hindi Varnamala pdf, हिंदी स्वर, हिंदी व्यंजन, sikhiye hindi varnmala, dr. mulla adam ali, hindi language and literature, hindi alphabet with drawing, hindi alphabet pdf, hindi varnamala for childrens, hindi language, hindi varnamala practice for kids, https://www.drmullaadamali.com
it describes the bony anatomy including the femoral head , acetabulum, labrum . also discusses the capsule , ligaments . muscle that act on the hip joint and the range of motion are outlined. factors affecting hip joint stability and weight transmission through the joint are summarized.
5. Hash function:
takes any string as input
fixed-size output (we’ll use 256 bits)
efficiently computable
Security properties:
collision-free
hiding
puzzle-friendly
6. Hash property 1: Collision-free
Nobody can find x and y such that
x != y and H(x)=H(y)
x
y
H(x) = H(y)
7. Collisions do exist ...
possible inputs
possible outputs
… but can anyone find them?
8. How to find a collision
try 2130 randomly chosen inputs
99.8% chance that two of them will collide
This works no matter what H is …
… but it takes too long to matter
9. Is there a faster way to find collisions?
For some possible H’s, yes.
For others, we don’t know of one.
No H has been proven collision-free.
10. Application: Hash as message digest
If we know H(x) = H(y),
it’s safe to assume that x = y.
To recognize a file that we saw before,
just remember its hash.
Useful because the hash is small.
11. Hash property 2: Hiding
We want something like this:
Given H(x), it is infeasible to find x.
H(“heads”)
H(“tails”)
easy to find x!
12. Hash property 2: Hiding
Hiding property:
If r is chosen from a probability distribution that has high
min-entropy, then given H(r | x), it is infeasible to find x.
High min-entropy means that the distribution is “very
spread out”, so that no particular value is chosen with
more than negligible probability.
13. Application: Commitment
Want to “seal a value in an envelope”, and
“open the envelope” later.
Commit to a value, reveal it later.
14. Commitment API
(com, key) := commit(msg)
match := verify(com, key, msg)
To seal msg in envelope:
(com, key) := commit(msg) -- then publish com
To open envelope:
publish key, msg
anyone can use verify() to check validity
15. Commitment API
(com, key) := commit(msg)
match := verify(com, key, msg)
Security properties:
Hiding: Given com, infeasible to find msg.
Binding: Infeasible to find msg != msg’ such that
verify(commit(msg), msg’) == true
16. Commitment API
commit(msg) := ( H(key | msg), H(key) )
where key is a random 256-bit value
verify(com, key, msg) := ( H(key | msg) == com )
Security properties:
Hiding: Given H(key | msg), infeasible to find msg.
Binding: Infeasible to find msg != msg’ such that
H(key | msg) == H(key | msg’)
17. Hash property 3: Puzzle-friendly
Puzzle-friendly:
For every possible output value y,
if k is chosen from a distribution with high min-entropy,
then it is infeasible to find x such that H(k | x) = y.
18. Application: Search puzzle
Given a “puzzle ID” id (from high min-entropy distrib.),
and a target set Y:
Try to find a “solution” x such that
H(id | x) ∈ Y.
Puzzle-friendly property implies that no solving strategy is
much better than trying random values of x.
19. SHA-256 hash function
256 bits 256 bits
512 bits
Theorem: If c is collision-free, then SHA-256 is collision-free.
Padding (10* | length)
IV
Message
(block 1)
Message
(block 2)
Message
(block n)
Hash
c c c
21. hash pointer is:
* pointer to where some info is stored,
and
* (cryptographic) hash of the info
if we have a hash pointer, we can
* ask to get the info back, and
* verify that it hasn’t changed
27. proving membership in a Merkle tree
H( ) H( )
H( ) H( )
H( ) H( )
(data)
show O(log n) items
28. Advantages of Merkle trees
Tree holds many items
but just need to remember the root hash
Can verify membership in O(log n) time/space
Variant: sorted Merkle tree
can verify non-membership in O(log n)
(show items before, after the missing one)
29. More generally ...
can use hash pointers in any pointer-based
data structure that has no cycles
31. What we want from signatures
Only you can sign, but anyone can verify
Signature is tied to a particular document
can’t be cut-and-pasted to another doc
32. API for digital signatures
(sk, pk) := generateKeys(keysize)
sk: secret signing key
pk: public verification key
sig := sign(sk, message)
isValid := verify(pk, message, sig)
can be
randomized
algorithms
33. Requirements for signatures
“valid signatures verify”
verify(pk, message, sign(sk, message)) == true
“can’t forge signatures”
adversary who:
knows pk
gets to see signatures on messages of his choice
can’t produce a verifiable signature on another message
35. Practical stuff...
algorithms are randomized
need good source of randomness
limit on message size
fix: use Hash(message) rather than
message
fun trick: sign a hash pointer
signature “covers” the whole structure
36. Bitcoin uses ECDSA standard
Elliptic Curve Digital Signature Algorithm
relies on hairy math
will skip the details here --- look it up if you care
good randomness is essential
foul this up in generateKeys() or sign() ?
probably leaked your private key
38. Useful trick: public key == an identity
if you see sig such that verify(pk, msg, sig)==true,
think of it as
pk says, “[msg]”.
to “speak for” pk, you must know matching secret key sk
39. How to make a new identity
create a new, random key-pair (sk, pk)
pk is the public “name” you can use
[usually better to use Hash(pk)]
sk lets you “speak for” the identity
you control the identity, because only you know sk
if pk “looks random”, nobody needs to know who you are
40. Decentralized identity management
anybody can make a new identity at any time
make as many as you want!
no central point of coordination
These identities are called “addresses” in Bitcoin.
41. Privacy
Addresses not directly connected to real-world identity.
But observer can link together an address’s activity over
time, make inferences.
Later: a whole lecture on privacy in Bitcoin ...
44. Goofy can create new coins
CreateCoin [uniqueCoinID]
signed by pkGoofy
New coins belong to me.
45. A coin’s owner can spend it.
CreateCoin [uniqueCoinID]
signed by pkGoofy
Pay to pkAlice : H( )
signed by pkGoofy
Alice owns it now.
46. The recipient can pass on the coin again.
CreateCoin [uniqueCoinID]
signed by pkGoofy
Pay to pkAlice : H( )
signed by pkGoofy
Pay to pkBob : H( )
signed by pkAlice
Bob owns it now.
47. CreateCoin [uniqueCoinID]
signed by pkGoofy
Pay to pkAlice : H( )
signed by pkGoofy
Pay to pkBob : H( )
signed by pkAlice
Pay to pkChuck : H( )
signed by pkAlice
double-spending attack
50. trans
prev: H( )
trans
prev: H( )
trans
prev: H( )
H( )
transID: 73
transID: 72
transID: 71
Scrooge publishes a history of all transactions
(a block chain, signed by Scrooge)
optimization: put multiple transactions in the same block
51. transID: 73 type:CreateCoins
CreateCoins transaction creates new coins
coins created
num value recipient
0 3.2 0x...
1 1.4 0x...
2 7.1 0x...
coinID 73(0)
coinID 73(1)
coinID 73(2)
Valid, because I said so.
52. transID: 73 type:PayCoins
PayCoins transaction consumes (and destroys) some coins,
and creates new coins of the same total value
coins created
num value recipient
0 3.2 0x...
1 1.4 0x...
2 7.1 0x...
consumed coinIDs:
68(1), 42(0), 72(3)
signatures
Valid if:
-- consumed coins valid,
-- not already consumed,
-- total value out = total value in, and
-- signed by owners of all consumed coins
53. Immutable coins
Coins can’t be transferred, subdivided, or combined.
But: you can get the same effect by using transactions
to subdivide: create new trans
consume your coin
pay out two new coins to yourself
54. Don’t worry, I’m honest.
Crucial question:
Can we descroogify the
currency, and operate without
any central, trusted party?
Editor's Notes
This is going to be kinda mathy. Sorry about that. I’ll do my best to tell you just what you need to know, and approach things intuitively. Those who want all of the formal mathy details will have to do some more reading.