Foundations of Cryptography

sunflowerplateΤεχνίτη Νοημοσύνη και Ρομποτική

21 Νοε 2013 (πριν από 3 χρόνια και 10 μήνες)

101 εμφανίσεις

Foundations of Cryptography

Rahul Jain


CS6209, Jan


April 2011

http://www.comp.nus.edu.sg/~rahul/CS6209
-
11.html

Foundations of Cryptography : Basic
Applications


Encryption Schemes .



Digital Signatures .



General Cryptographic Protocols .

Encryption Schemes

Encryption Schemes


Private key v/s Public key encryption schemes, Fig. 5.1, 5.2 .


Definition of encryption schemes (Def. 5.1.1) .


Definition of security : Semantic security


private key (Def 5.2.1) ,
Semantic security


public key (Def 5.2.2) .


Indistinguishability

of Encryptions : Private Key (Def. 5.2.3) ,



Public
-
key (Def 5.2.4) .


Thm

5.2.5 : (Equivalence of definitions


private key) A private
-
key encryption
scheme is semantically secure if and only if it has indistinguishable
encryptions.

Proof done in class.

Encryption Schemes : Multiple
Messages


Semantic Security


Multiple messages (Def. 5.2.8)


Indistinguishability

of encryptions
-

Multiple messages (Def. 5.2.9)


Thm

5.2.10 (equivalence of definitions


multiple messages) : A private
-
key (resp. public
-
key) encryption scheme is semantically secure for multiple messages if and only if it has
indistinguishable encryptions for multiple messages.

Proof on similar lines as that of
Thm

5.2.5 .


Thm

5.2.11 . (single
-
message security implies multiple
-
message security) : A public
-
key
encryption scheme has indistinguishable encryptions for multiple messages if and only
if it has indistinguishable encryptions for a single message .

Proof done in class.


Propositions 5.2.12 (Effect on the private
-
key model) : Suppose there exists pseudorandom
generators (robust against polynomial size circuits). Then there exists a private
-
key
encryption scheme that satisfies Def. 5.2.3. but does not satisfy Def. 5.2.9 .

Proof done in class.


Constructions of Encryption Schemes


Block
-
Ciphers (Def. 5.3.5 ) , Semantic
-
security


private
-
key block
-
ciphers
(Def. 5.3.6) , Public
-
key equivalent definition can be given similarly.


Construction 5.3.7 (from block
-
ciphers to general encryption schemes)


Proposition 5.3.8 : Suppose (G,E,D) and (G’,E’,D’) be as in Construction 5.3.7 .
Suppose that the former is a secure private
-
key (resp. public
-
key) block
cipher. Then the latter is a secure private
-
key (resp. public
-
key) encryption
scheme.

Proof done in class .



Construction 5.3.9 (a private
-
key block
-
cipher based on pseudorandom
functions)

Constructions of Encryption Schemes

Proposition 5.3.10 : Let F and (G,E,D) be as in Construction 5.3.9 and suppose that F is pseudorandom
with respect to polynomial size circuits. Then (G,E,D) is secure.

Proof done in class.


Theorem 5.3.11 : If there exists (non
-
uniformly strong) one
-
way functions, then there exists secure
private
-
key encryption schemes.

Proof done in class.


Public key encryptions schemes
: Trapdoor permutations, definition.


Construction 5.3.13 (public
-
key block
-
cipher with block length 1 using trapdoor permutations with a
hard
-
core predicate).


Proposition 5.3.14 : Suppose that b is a (non
-
uniformly strong) hard core of the collection {p
α
}. Then
Construction 5.3.13 constitutes a secure public
-
key block
-
cipher with block length l = 1.


Proof done in class.

Constructions of Encryption Schemes

Theorem 5.3.15: If there exists collections of (non
-
uniformly hard) trapdoor
permutations, then there exists secure public
-
key encryption schemes.

Proof done in class.


Large Hard
-
Core Conjecture for RSA.


Construction 5.3.16 (
Randomized
-
RSA, a public
-
key block
-
cipher scheme
)


Proposition 5.3.17 : Suppose that the large hard
-
core conjecture for RSA does hold.
Then Construction 5.3.16 constitutes a secure public
-
key block
-
cipher (with block
-
length l(n) = n ) .

Proof done in class.


Constructions of Encryption Schemes

Construction 5.3.18 (an alternate public
-
key encryption scheme based on one
-
way
permutations)


Proposition 5.3.19 : Suppose that b is a (non
-
uniformly strong) hard core of the
collection {p
α
}. Furthermore, suppose that this trapdoor collection utilizes a
domain sampling algorithm S so that the statistical difference between S(
α
) and
the uniform distribution over the domain of p
α

is negligible in terms of |
α
|. Then
Construction 5.3.18 constitutes a secure public
-
key encryption scheme.

Proof done in class.


Construction 5.3.20 (the Blum
-
Goldwasser

Public
-
Key Encryption Scheme)


Corollary 5.3.21: Suppose factoring is infeasible, then Construction 5.3.20 constitutes a
secure public
-
key encryption scheme.


Digital Signatures and Message
Authentication

Digital Signatures and Message
Authentication

A scheme for
unforgeable

signatures must satisfy:


1)
Each user can efficiently produce his/her own signature on documents of his/her
choice;

2)
Every user can efficiently verify whether a given string is a signature of another
(specific) user on a specific document; but

3)
It is infeasible to produce signatures of other users to documents that they did not sign.


A scheme for message authentication should satisfy:


1)
Each of the communicating parties can efficiently produce an authentication tag to any
message of his/her choice;

2)
Each of the communication parties can efficiently verify whether a given string is an
authentication tag of a given message; but

3)
It is infeasible for an external adversary (i.e. a party other than the communicating
parties) to produce authentication tags to messages not sent by the communicating
parties.

Digital Signatures and Message
Authentication

Definition 6.1.1 (signature scheme)


A chosen message attack is a process that can obtain signatures to strings of its choice,
relative to some fixed signing
-
key that is generated by G. We distinguish two case:


The private
-
key case: Here the attacker is
given 1
n