An Image Encryption using Chaotic Based Cryptosystemxlyle
NAME: MUHAMAD LUQMAN NULHAKIM BIN MANSOR
NO MATRIC: BTBL16043975
COURSE: ISM (SK) KESELAMATAN RANGKAIAN KOMPUTER
SUPERVISOR: PROF. MADYA DR AFENDEE BIN MOHAMED
UNIVERSITI SULTAN ZAINAL ABIDIN
An Image Encryption using Chaotic Based Cryptosystemxlyle
NAME: MUHAMAD LUQMAN NULHAKIM BIN MANSOR
NO MATRIC: BTBL16043975
COURSE: ISM (SK) KESELAMATAN RANGKAIAN KOMPUTER
SUPERVISOR: PROF. MADYA DR AFENDEE BIN MOHAMED
UNIVERSITI SULTAN ZAINAL ABIDIN
Cryptography is the practice and study of techniques for conveying information security.
The goal of Cryptography is to allow the intended recipients of the message to receive the message securely.
The most famous algorithm used today is RSA algorithm
Seminar of Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet security - ACNS 2016 by Rosario Gennaro, Steven Goldfeder, and Arvind Narayanan
traditional private/secret/single key cryptography uses one key
Key is shared by both sender and receiver
if the key is disclosed communications are compromised
also known as symmetric, both parties are equal
hence does not protect sender from receiver forging a message & claiming is sent by sender
Apresentação sobre Criptografia baseada em reticulados (lattices), realizada no contexto da disciplina de Post-Quantum Cryptography do PPGCC da UFSC.
Versão odp: http://coenc.td.utfpr.edu.br/~giron/presentations/aula_lattice.odp
An Image Encryption using Chaotic Based Cryptosystemxlyle
NAME: MUHAMAD LUQMAN NULHAKIM BIN MANSOR
NO MATRIC: BTBL16043975
COURSE: ISM (SK) KESELAMATAN RANGKAIAN KOMPUTER
SUPERVISOR: PROF. MADYA DR AFENDEE BIN MOHAMED
UNIVERSITI SULTAN ZAINAL ABIDIN
The Security Problem
Program Threats
System and Network Threats
Cryptography as a Security Tool
User Authentication
Implementing Security Defenses
Firewalling to Protect Systems and Networks
Computer-Security Classifications
An Example: Windows XP
This presentation introduces the Basics of Cryptography and Network Security concepts. Heavily derived from content from William Stalling's book with the same title.
Cryptography is the practice and study of techniques for conveying information security.
The goal of Cryptography is to allow the intended recipients of the message to receive the message securely.
The most famous algorithm used today is RSA algorithm
Seminar of Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet security - ACNS 2016 by Rosario Gennaro, Steven Goldfeder, and Arvind Narayanan
traditional private/secret/single key cryptography uses one key
Key is shared by both sender and receiver
if the key is disclosed communications are compromised
also known as symmetric, both parties are equal
hence does not protect sender from receiver forging a message & claiming is sent by sender
Apresentação sobre Criptografia baseada em reticulados (lattices), realizada no contexto da disciplina de Post-Quantum Cryptography do PPGCC da UFSC.
Versão odp: http://coenc.td.utfpr.edu.br/~giron/presentations/aula_lattice.odp
An Image Encryption using Chaotic Based Cryptosystemxlyle
NAME: MUHAMAD LUQMAN NULHAKIM BIN MANSOR
NO MATRIC: BTBL16043975
COURSE: ISM (SK) KESELAMATAN RANGKAIAN KOMPUTER
SUPERVISOR: PROF. MADYA DR AFENDEE BIN MOHAMED
UNIVERSITI SULTAN ZAINAL ABIDIN
The Security Problem
Program Threats
System and Network Threats
Cryptography as a Security Tool
User Authentication
Implementing Security Defenses
Firewalling to Protect Systems and Networks
Computer-Security Classifications
An Example: Windows XP
This presentation introduces the Basics of Cryptography and Network Security concepts. Heavily derived from content from William Stalling's book with the same title.
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...CSCJournals
Cryptography has several important aspects in supporting the security of the data, which
guarantees confidentiality, integrity and the guarantee of validity (authenticity) data. One of the
public-key cryptography is the RSA cryptography. The greater the size of the modulus n, it will be
increasingly difficult to factor the value of n. But the flaws in the RSA algorithm is the time
required in the decryption process is very long. Theorem used in this research is the Chinese
Remainder Theorem (CRT). The goal is to find out how much time it takes RSA-CRT on the size
of modulus n 1024 bits and 4096 bits to perform encryption and decryption process and its
implementation in Java programming. This implementation is intended as a means of proof of
tests performed and generate a cryptographic system with the name "RSA and RSA-CRT Text
Security". The results of the testing algorithm is RSA-CRT 1024 bits has a speed of
approximately 3 times faster in performing the decryption. In testing the algorithm RSA-CRT 4096
bits, the conclusion that the decryption process is also effective undertaken more rapidly.
However, the flaws in the key generation process and the RSA 4096 bits RSA-CRT is that the
time needed is longer to generate the keys.
An Advance Approach of Image Encryption using AES, Genetic Algorithm and RSA ...IJEACS
In current scenario the entire world is moving towards digital communication for fast and better communication. But in this a problem rises with security i.e. when we have to store information (either data or image) at any casual location or transmit information through internet. As internet is an open transmission medium, security of data becomes very important. To defend our information from piracy or from hacking we use a technique and i.e. known as Encryption Technique. In this paper, we use image as information and use an advance approach of well-known encryption techniques like AES, Genetic Algorithm, and RSA algorithm to encrypt it and keep our information safe from hackers or intruders making it highly difficult and time consuming to decipher the image without using the key.
Presently on a daily basis sharing the information over web is becoming a significant issue due to security problems. Thus lots of techniques are needed to protect the shared info in academic degree unsecured channel. The present work target cryptography to secure the data whereas causing inside the network. Encryption has come up as a solution, and plays an awfully necessary role in data security. This security mechanism uses some algorithms to scramble info into unclear text which can be exclusively being decrypted by party those possesses the associated key. This paper is expounded the varied forms of algorithmic rule for encryption & decryption: DES, AES, RSA, and Blowfish. It helps to hunt out the best algorithmic rule.
Stephan Gerling in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Stefan Zarinschi in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Drupalgeddon 2 – Yet Another Weapon for the AttackerDefCamp
Radu-Emanuel Chiscariu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Mircea Nenciu and Stefan Mitroi in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Threat Hunting: From Platitudes to Practical ApplicationDefCamp
Neil “Grifter” Wyler in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Building application security with 0 money downDefCamp
Muhammad Mudassar Yamin in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Implementation of information security techniques on modern android based Kio...DefCamp
Muhammad Mudassar Yamin in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
The challenge of building a secure and safe digital environment in healthcareDefCamp
Jelena Milosevic in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Tor .onions: The Good, The Rotten and The Misconfigured DefCamp
Ionut-Cristian Bucur in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...DefCamp
Ioan Constantin in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Cristian Pațachia-Sultănoiu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Catch Me If You Can - Finding APTs in your networkDefCamp
Adrian Tudor & Leo Neagu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
5. Problems:
The size of the key must be the
same as message (quite large)
Is secure if one key is used once to
decrypt only one message.
One-time pad
6. c1 = k m1
c2 = k m2
Attacker is able:
c1 c2 = (k m1) (k m2) = m1 m2
Leaks information about m1 and m2
Use key twice ?
7. G – defined polynomial time algorithm
G increases: |G(x)| = p(|x|) > |x|
PRGs
seed
G
output
10. “Plain” RSA encryption
m = [cd mod N]
(N, e, d) RSAGen(1n)
pk = (N, e)
sk = d
N, e
c = [me mod N]
c
11. GOOGLE Corporation, in conjunction with with the company D-Wave signed
contract about creating quantum computers. D-Wave 2X - is the newest quantum
processor, which contains 2,048 physical qubits. To perform calculations in the
processor are used 1152 qubits.
Each additional qubit doubles the data search area, thus is also significantly
increased the calculation speed. Quantum computers will destroy systems based on
the problem of factoring integers (e.g., RSA). RSA cryptosystem is used in different
products on different platforms and in different areas.
Quantum computers
RSA system is widely used in operating systems from Microsoft, Apple, Sun, and Novell. In hardware performance
RSA algorithm is used in secure phones, Ethernet, network cards, smart cards, and is also widely used in the
cryptographic hardware. Along with this, the algorithm is a part of the underlying protocols protected Internet
communications, including S / MIME, SSL and S / WAN, and is also used in many organizations, for example,
government, banks, most corporations, public laboratories and universities.
12. RSA BSAFE encryption technology is used approximately by 500
million users worldwide. Since in encryption technology is mostly
used the RSA algorithm, it can be considered one of the most
common public key cryptosystems being developed together with
the development of the Internet.
On this basis the RSA destruction will entail easy hacking of most
products that can grow into a complete chaos.
RSA BSAFE
13. Hash-based Digital Signature Schemes: One of RSA alternatives are Hash-based Digital
Signature Schemes. The safety of these systems depends on the security of cryptographic
hash functions.
A code-based public-key encryption system: McEliece example. In this system the public
key is (Gnew, t), and the private key is (S, G, P), where G is k x n generator matrix for the
code C. C is random binary (n, k)-linear code, that is capable to improve t errors. N is the
number of code words, k is dimension of C. S is a random k x k binary nonsingular
matrix. P is a random n x n binary permutation matrix. Gnew = S * G * P; k x n matrix. To
encrypt the message we must encrypt message m as a binary string with the length k; cyp
= m x Gnew; is generated random n-bit error vector v with the weight t. The cypher is
calculated as c= cyp+v. For decoding is calculated cyp = c*P-1; Using decryption algorithm
of C is calculated mnew= m*S => m= mnew*S-1
RSA ALTERNATIVES
14. Lattice-based Cryptography: proofs are based on worst-case hardness.
Multivariate public key cryptosystem – MPKCs: have a set of(usually) quadratic
polynomials over a finite field. Security assumption is backed by the NP-hardness of
the problem to solve nonlinear equations over a finite field.
RSA ALTERNATIVES
15. To date are already found successful attacks on this crypto system.
The Ph.D. candidate of Dublin City University (DCU) Neill
Costigan with the support of Irish Research Council for Science,
Engineering and Technology (IRCSET), together with professor
Michael Scott, Science Foundation Ireland (SFI) member
successfully were able to carry out an attack on the algorithm. To
do this they needed 8,000 hours of CPU time. In the attack
representatives of four other countries took part. Scientists have
discovered that the initial length of the key in this algorithm is
insufficient and should be increased.
This system cannot be also used to encrypt the same message
twice and to encrypt the message when is known it’s relation
with the other message.
Successful attacks
16. Should be noted the importance of efficiency spectrum. To date experts have reached quite good
results in the speed algorithm processing. According to the investigation results it becomes clear
that the proposed post-quantum cryptosystems are relatively little effective. Implementation of
the algorithms requires much more time for their processing and verification.
Inefficient cryptography may be acceptable for the general user, but it cannot be acceptable for
the internet servers that handle thousands of customers in the second. Today, Google has already
has problems with the current cryptography. It is easy to imagine what will happen when
implementing crypto algorithms will take more time.
The development and improvement of modern cryptosystems will take years. Moreover, all the
time are recorded successful attacks on them. When is determined the encryption function, and it
becomes standard, it needs the appropriate implementation of the corresponding software, and in
most cases, hardware.
17. During the implementation it is necessary to ensure not only correct work of the
function and the speed of its efficiency, but also to prevent any kind of leaks. Recently
have been recorded successful «cache-timing» attacks on RSA and AES system, as a
result of that Intel has added the AES instructions to its processors.
McEliece system is vulnerable to attacks, related to side channel attacks. Was shown
the successful timing attack on Patterson algorithm. This attack does not detect the key,
but detects an error vector that can successfully decrypt the message cipher.
As we can see, for the creation and implementation of safe and effective post-quantum
cryptosystems it is necessary to fulfill the rather big work. From the foregoing it is clear
that today we are not ready to transfer cryptosystems into post-quantum era. In the near
future we cannot be sure in the reliability of the systems.
18. Traditional digital signature systems that are used in practice are vulnerable to quantum
computers attacks. The security of these systems is based on the problem of factoring large
numbers and calculating discrete logarithms. Scientists are working on the development of
alternatives to RSA, which are protected from attacks by quantum computer. One of the
alternatives are hash based digital signature schemes. These systems use a cryptographic
hash function. The security of these digital signature systems is based on the collision
resistance of the hash functions that they use.
RSA ALTERNATIVES – HASH BASED
19. Keys generation in this system occurs as follows: the signature key X of this system
consists of 2n lines of length n, and is selected randomly.
X= (xn-1[0], xn-1[1], …, x0[0], x0[1]) ∈ {0,1} n,2n
Verification key Y of this system consists of 2n lines of length n, and is selected
randomly.
Y= (yn-1[0], yn-1[1], …, y0[0], y0[1]) ∈ {0,1} n,2n
This key is calculated as follows:
yi[j] = f(xi[j]), 0<=i<=n-1, j=0,1
f – is one-way function:
f: {0,1} n {0,1} n;
To generate the verification key, it is needed to use the function f 2n time.
LAMPORT–DIFFIE ONE-TIME SIGNATURE SCHEME (KEY
GENERATION)
20. To sign a message m of arbitrary size, we transform it into size n using the
hash function:
h(m)=hash = (hashn-1, … , hash0)
Function h- is a cryptographic hash function:
h: {0,1} *{0,1} n
The signature is done as follows:
sig= (xn-1[hashn-1], …, x0[hash0]) ∈ {0,1} n,n
i-th string in this signature is equals to xi[0], if i-th bit in sign is equal to 0.
The string is equal to xi[1], if i-th bit in sign is equal to 1.
Signature length is n2 and during signature we do not use f function.
DOCUMENT SIGNATURE
21. To verify the signature sig = (sign-1, …, sig0), is calculated hash of the message hash =
(hashn-1, … , hash0) and the following equality is checked:
(f(sign-1), …, f(sig0)) = (yn-1[hashn-1], …, y0[hash0])
If the equation is true, then the signature is correct.
For the verification f function must be used n times.
DOCUMENT VERIFICATION
22. Keys generation in this system occurs as follows: the signature key X of this
system consists of n lines of length p, the key is selected randomly. Winternitz
parameter is selected w> = 2, it is equal to the number of bits to be signed
simultaneously. Is calculated p1=n/w and p2=(log2p1 +1+w)/w, p= p1+ p2
The signature key X of this system consists of p lines of length n selected
randomly:
X= (xp-1[0], …, x0) ∈ {0,1} n,p
Verification key is following:
Y= (yp-1[0], …, y0) ∈ {0,1} n,p, where
yi=f2^w-1(xi), 0<=i<=p-1
The length of the signature and the verification key is equal to np bits, and to
generate the verification key, function f must be used p(2w-1) times.
WINTERNITZ ONE TIME SIGNATURE SCHEME.
KEY GENERATION
23. We hash the message hash=h(m) and prepend to hash the minimum number of zeros in
order to get the length of hash devisable by w. Afterwards we divide it into p1 parts of
length w.
hash=kp-1,…, kp-p1
the checksum is calculated:
с=∑i=p-p1
p-1(2w-ki)
as c<= p12w, the length of its binary representation is log2 p12w+1
We prepend to its binary representation the minimum number of zeros in order to get
the length of representation devisable by w, and divide it into p2 parts of length w.
с=kp2-1,…, k0
we calculate the signature of the message m:
sig=(f^kp-1(xp-1), …, f^k0(x0))
In the worst case, for the signature function f must be used ,p(2w-1) times. Signature size
is pn.
SIGNATURE GENERATION
24. For signature verification sig = (sign-1, …, sig0) bit strings are calculated kp-
1,…, k0.
We verify the following equality:
(f^(2w-1-kp-1))(sign-1), …, (f^(2w-1-k0))(sig0) = yn-1, … y0
If the signature is correct, then sigi =f^ki(xi), so
(f^(2w-1-ki))(sigi)= (f^(2w-1))(xi)=yi is equal for every i=p-1,…, 0
In the worst case, for the signature verification function f must be used
,p(2w-1) times
SIGNATURE VERIFICATION
25. One-time signature schemes are very inconvenient to use, because to sign each message, you
need to use a different key pair. Merkle crypto-system was proposed to solve this problem.
This system uses a binary tree to replace a large number of verification keys with one public
key, the root of a binary tree. This cryptosystem uses an one-time Lamport or Winternitz
signature scheme and a cryptographic hash function:
h:{0,1}*{0,1}n
Key generation: The length of the tree is chosen H>=2, with one public key it is possible to
sign 2H documents. 2H signature and verification key pairs are generated; Xi, Yi, 0<=i<=2H.
Xi- is signature key, Yi- is verification key. h(Yi) are calculated and are used as the leaves of
the tree. Each tree node is a hash value of concatenation of its children.
MERKLE
27. To sign a message m of arbitrary size we transform it into size n using the hash
function
h (m) = hash, and generate an one-time signature using any one-time key Xany , the
document's signature will be the concatenation of: one time signature, one-time
verification key Yany, index any and all fraternal nodes authi in relation to Yany.
Signature= (sig||pub||any|| Yany||auth0,…,authH-1)
Signature verification:
To verify the signature we check the one-time signature of sig using Yany, if it is true,
we calculate all the nodes a [i, j] using “authi”, index “any” and Yany. We compare the
last node, the root of the tree with public key, if they are equal, then the signature is
correct.
SIGNATURE GENERATION
28. To generate a public key you need to calculate and store 2H pairs of one-time keys. Storing
this amount of information is not effective in practice. In order to save space, it was
suggested to use the PRNG random number generator. When using PRNG, it is sufficient to
store only the seed of the generator and use it to generate one-time keys. It is necessary to
calculate one-time keys twice: once in the key generation stage and then in the signature
stage of the message. PRNG receives a seed of length n and outputs a new seed and a
random number of length n.
PRNG : {0, 1}n: {0, 1}n x {0, 1}n
Key generation using PRNG:
We choose randomly the seed s0 of length n, using si we work out soti, as following:
PRNG(si) = (soti , si+1) 0 ≤ i <2H
soti changes each time when PRNG launches. For Xi key calculation it is enough to know
only si.
PRNG INTEGRATION
30. Quantum computers are able to crack PRNG, which were considered safe against attacks of
classical computers. A polynomial quantum time attack on PRNG Blum-Micali is shown.
This PRNG is considered safe from threats of standard computers. This attack uses Grover
algorithm along with the quantum discrete logarithm, and is able to restore the values at the
generator output for this attack. The attacks like these represent a threat of cracking PRNG,
used in many real-world crypto systems. As we see, Merkle crypto system with built-in
PRNG can be vulnerable to attacks of quantum computers. We suggest using a true random
number generator based on qubits, TRNG.
Breaking PRNG
31. Let’s consider a system with one qubit. The quantum state of a qubit is denoted by: α|0>+β |1>,
where α and β are complex numbers; |α|2+ |β|2=1
|0> - is the ground state of qubit, |1>- is the excited state of qubit
This qubit is in the state |0> with probability α2 and likewise in a state |1> with probability β2.
When a qubit is measured, it is in one of two states with probability 1.
Let’s consider a system with two qubits. The quantum state of two qubits is denoted by:
α00|00>+ α01 |01>+ α10|10>+ α11 |11>
where αi are complex numbers; ∑| αi|2=1.
We connect these qubits using Bell state, in this case the quantum state of these qubits is
denoted by:
1/21/2|00>+1/21/2|11>, so when we measure a given qubit, it will be in a state |0> with probability
½ and likewise in a state |1> also with probability ½. When we measure the second qubit, it
will be in the opposite state of the first qubit when we measured it with probability 1.
When we measure n qubits we can get the true number of size n.
Quantum TRNG
32. Key generation using quantum TRNG:
We choose the tree height H>=2. We can sign 2H documents using one public
key. A connection is established between two qubits using Bell state. We take
2H pairs of such qubit sets qi and bi ; every qi and bi consists of n qubits.
0<=i<=2H; We measure 2H*n qubits qi and we get 2H signature keys Xi and
calculate the verification keys Yi. h(Yi) are calculated and are used as leaves of a
tree.
Signature and verification of the message:
To sign a message m of arbitrary size we transform it into size n using the hash
function h(m) = hash, we measure any set, that contains n qubits , bany
qany=Xany with probability equal to 1. We generate one time signature using one-
time signature key Xany, the document's signature will be the concatenation of:
one time signature, one-time verification key Yany, index “any” and all fraternal
nodes authi in relation to Yany.
Signature= (sig||pub||any|| Yany||auth0,…,authH-1)
Verification of the message occurs similarly to the standard Merkle system.
Security of the system with built-in quantum TRNG.
The system is secure, because we do not change the principle of the crypto
system, but only integrate TRNG, to reduce the size of the signature key. TRNG
is completely safe; it is based on the state of qubits, which are real random
numbers.
33. Lamport Winternitz Merkle
Use f to
generate keys
2n p(2w-1) 2H+1-1
Use f to
calculate the
signature
Is not used p(2w-1)
Use f to
generate verify
the signature
n p(2w-1)
34. We propose to use as the hash function, the lattice-based hash function, and to use lattice
based one-way function as an one-way function in hash-based digital signature schemes.
Hash functions are considered resistant to quantum computer attacks, but the Grover
algorithm allows us to achieve quadratic acceleration in the search algorithms. It means that
hash functions must be complicated to be secure against quantum computers attacks. Studies
are conducted to determine the cost of attacks on SHA2 and SHA3 families of hash functions,
using the Grover algorithm
ONE WAY and HASH
35. Collision resistant hash functions based on lattices were proposed. Ajtai
suggested the family of hash functions, the security of which is based on
the worst case, the SVP with approximation ratio of nc, where n is
constant. To construct a family of hash functions as parameters are used
integers: n, m, q and d.
Parameter n defines the safety of hash function. The key to a hash
function specified by the matrix M, chosen uniformly from Z q
n×m. Hash
function is
hM : {0, . . . , d−1}m → Zq
n. The function maps mlogd bits to nlogq bits
for input compression, m> log q / log d. This hash function is very easy
to implement, because we use only addition and multiplication modulo
q, which size is O (log n).
Systems based on lattices
36. We propose to use as the hash function, the lattice-based hash function, and to use lattice
based one-way function as an one-way function in hash-based digital signature schemes.
The family of one-way functions, suggested by Ajtai, can be used. In the case of hash
functions, as the key, we select the matrix K from Zn×m
a, which transforms mlog b into nlog
a number of bits and we calculate h(x) = Kx mod a.
In the case of a one-way function, we select the matrix K from Zm×m
b, as the key. It
transforms mlog b into mlog b number of bits and we compute f(x) = Kx mod a.
HASHED MERKLE
37. Should be noted the problem of the effectiveness of these functions, the size of their key
grows quadratically in n, so these functions are ineffective. Due to the attacks on these
functions by combinatorial method , for the security of 100-bit, you need to use a key of
500,000 bits size.
Efficiency problems
38.
39.
40.
41.
42. MAKSIM IAVICH
SCIENTIFIC CYBER SECURITY ASSOCIATION ; CAUCASUS UNIVERSITY
T. +(995 595) 511355; E-mail: m.iavich@scsa.ge
www.scsa.ge
Scientific&practical cyber security journal – www.journal.scsa.ge
THANK YOU! QUESTIONS?