Foundations of Cryptography

AI and Robotics

Nov 21, 2013 (4 years and 7 months ago)

166 views

Foundations of Cryptography

Rahul Jain

CS6209, Jan

April 2011

http://www.comp.nus.edu.sg/~rahul/CS6209
-
11.html

Foundations of Cryptography : Basic
Applications

Encryption Schemes .

Digital Signatures .

General Cryptographic Protocols .

Encryption Schemes

Encryption Schemes

Private key v/s Public key encryption schemes, Fig. 5.1, 5.2 .

Definition of encryption schemes (Def. 5.1.1) .

Definition of security : Semantic security

private key (Def 5.2.1) ,
Semantic security

public key (Def 5.2.2) .

Indistinguishability

of Encryptions : Private Key (Def. 5.2.3) ,

Public
-
key (Def 5.2.4) .

Thm

5.2.5 : (Equivalence of definitions

private key) A private
-
key encryption
scheme is semantically secure if and only if it has indistinguishable
encryptions.

Proof done in class.

Encryption Schemes : Multiple
Messages

Semantic Security

Multiple messages (Def. 5.2.8)

Indistinguishability

of encryptions
-

Multiple messages (Def. 5.2.9)

Thm

5.2.10 (equivalence of definitions

multiple messages) : A private
-
key (resp. public
-
key) encryption scheme is semantically secure for multiple messages if and only if it has
indistinguishable encryptions for multiple messages.

Proof on similar lines as that of
Thm

5.2.5 .

Thm

5.2.11 . (single
-
message security implies multiple
-
message security) : A public
-
key
encryption scheme has indistinguishable encryptions for multiple messages if and only
if it has indistinguishable encryptions for a single message .

Proof done in class.

Propositions 5.2.12 (Effect on the private
-
key model) : Suppose there exists pseudorandom
generators (robust against polynomial size circuits). Then there exists a private
-
key
encryption scheme that satisfies Def. 5.2.3. but does not satisfy Def. 5.2.9 .

Proof done in class.

Constructions of Encryption Schemes

Block
-
Ciphers (Def. 5.3.5 ) , Semantic
-
security

private
-
key block
-
ciphers
(Def. 5.3.6) , Public
-
key equivalent definition can be given similarly.

Construction 5.3.7 (from block
-
ciphers to general encryption schemes)

Proposition 5.3.8 : Suppose (G,E,D) and (G’,E’,D’) be as in Construction 5.3.7 .
Suppose that the former is a secure private
-
key (resp. public
-
key) block
cipher. Then the latter is a secure private
-
key (resp. public
-
key) encryption
scheme.

Proof done in class .

Construction 5.3.9 (a private
-
key block
-
cipher based on pseudorandom
functions)

Constructions of Encryption Schemes

Proposition 5.3.10 : Let F and (G,E,D) be as in Construction 5.3.9 and suppose that F is pseudorandom
with respect to polynomial size circuits. Then (G,E,D) is secure.

Proof done in class.

Theorem 5.3.11 : If there exists (non
-
uniformly strong) one
-
way functions, then there exists secure
private
-
key encryption schemes.

Proof done in class.

Public key encryptions schemes
: Trapdoor permutations, definition.

Construction 5.3.13 (public
-
key block
-
cipher with block length 1 using trapdoor permutations with a
hard
-
core predicate).

Proposition 5.3.14 : Suppose that b is a (non
-
uniformly strong) hard core of the collection {p
α
}. Then
Construction 5.3.13 constitutes a secure public
-
key block
-
cipher with block length l = 1.

Proof done in class.

Constructions of Encryption Schemes

Theorem 5.3.15: If there exists collections of (non
-
uniformly hard) trapdoor
permutations, then there exists secure public
-
key encryption schemes.

Proof done in class.

Large Hard
-
Core Conjecture for RSA.

Construction 5.3.16 (
Randomized
-
RSA, a public
-
key block
-
cipher scheme
)

Proposition 5.3.17 : Suppose that the large hard
-
core conjecture for RSA does hold.
Then Construction 5.3.16 constitutes a secure public
-
key block
-
cipher (with block
-
length l(n) = n ) .

Proof done in class.

Constructions of Encryption Schemes

Construction 5.3.18 (an alternate public
-
key encryption scheme based on one
-
way
permutations)

Proposition 5.3.19 : Suppose that b is a (non
-
uniformly strong) hard core of the
collection {p
α
}. Furthermore, suppose that this trapdoor collection utilizes a
domain sampling algorithm S so that the statistical difference between S(
α
) and
the uniform distribution over the domain of p
α

is negligible in terms of |
α
|. Then
Construction 5.3.18 constitutes a secure public
-
key encryption scheme.

Proof done in class.

Construction 5.3.20 (the Blum
-
Goldwasser

Public
-
Key Encryption Scheme)

Corollary 5.3.21: Suppose factoring is infeasible, then Construction 5.3.20 constitutes a
secure public
-
key encryption scheme.

Digital Signatures and Message
Authentication

Digital Signatures and Message
Authentication

A scheme for
unforgeable

signatures must satisfy:

1)
Each user can efficiently produce his/her own signature on documents of his/her
choice;

2)
Every user can efficiently verify whether a given string is a signature of another
(specific) user on a specific document; but

3)
It is infeasible to produce signatures of other users to documents that they did not sign.

A scheme for message authentication should satisfy:

1)
Each of the communicating parties can efficiently produce an authentication tag to any
message of his/her choice;

2)
Each of the communication parties can efficiently verify whether a given string is an
authentication tag of a given message; but

3)
It is infeasible for an external adversary (i.e. a party other than the communicating
parties) to produce authentication tags to messages not sent by the communicating
parties.

Digital Signatures and Message
Authentication

Definition 6.1.1 (signature scheme)

A chosen message attack is a process that can obtain signatures to strings of its choice,
relative to some fixed signing
-
key that is generated by G. We distinguish two case:

The private
-
key case: Here the attacker is
given 1
n