Скачать презентацию A Crash Course in Modern Crypto Tools Dan Скачать презентацию A Crash Course in Modern Crypto Tools Dan

02bc914843aafeeef3ba4c3850001ee3.ppt

  • Количество слайдов: 10

A Crash Course in Modern Crypto Tools Dan Boneh Stanford University A Crash Course in Modern Crypto Tools Dan Boneh Stanford University

1. Aggregate sigs [BGLS’ 02] User 1: PK 1 , M 1 S 1 1. Aggregate sigs [BGLS’ 02] User 1: PK 1 , M 1 S 1 User 2: PK 2 , M 2 S 2 S User n: PKn , Mn Sn n Anyone can aggregate n signatures into one. n Aggregate S convinces verifier that M 1, …, Mn were properly signed by users 1, …, n.

Sample applications n Secure routing protocols (SBGP) q q # sigs in path attestation Sample applications n Secure routing protocols (SBGP) q q # sigs in path attestation grows linearly in length of path. Aggregating sigs reduces traffic and memory. 5 3, 1 2 2, 1 8 8, 2, 1 9 n Certificate chains (chains of trust) q Aggregate all sigs in chain into one. 1 1 3 4 4, 1 6 4, 1 7

2. Group Signatures msg Key Issuer User 1 sig Is sig from user 1 2. Group Signatures msg Key Issuer User 1 sig Is sig from user 1 or 2? User 2 n Simple solution: give all users same private key n … but, also need to: q revoke signers when needed, and q trace: trapdoor for undoing sig privacy.

Example: Vehicle Safety Comm. (VSC) 1. Car 1 Car 2 Car 3 Car 4 Example: Vehicle Safety Comm. (VSC) 1. Car 1 Car 2 Car 3 Car 4 brake out of my way !! 2. Car Ambulance Ø Require authenticated (signed) messages from cars. - Prevent impersonation and Do. S on traffic system. Ø Privacy problem: cars broadcasting signed (x, y, v). Ø Clean solution: group sigs. Group = set of all cars.

3. Broadcast Encryption [FN’ 93] K 1 CT = E[M, S] S {1, …, 3. Broadcast Encryption [FN’ 93] K 1 CT = E[M, S] S {1, …, n} K 2 K 3 n Encrypt to arbitrary subsets S. n Collusion resistance: c q secure even if all users in S collude.

Example: Encrypted File Systems n Broadcast to small sets: n Best construction: trivial. n Example: Encrypted File Systems n Broadcast to small sets: n Best construction: trivial. n |S| << n Examples: EFS, Email. |CT|=O(|S|) , |priv|=O(1) EPKC[KF] Header < 256 K EPKB[KF] EPKA[KF] File F EKF[F]

Broadcast Encryption n Public-key BE system: q Setup(n): outputs private keys d 1 , Broadcast Encryption n Public-key BE system: q Setup(n): outputs private keys d 1 , …, dn and public-key PK. q Encrypt(S, PK, M): Encrypt M for users S {1, …, n} Output ciphertext CT. q n Decrypt(CT, S, j, dj, PK): If j S, output M. Broadcast contains ( [S], CT )

Broadcast size CT Size Small sets: trivial Large sets: NNL, HS, GST Any set: Broadcast size CT Size Small sets: trivial Large sets: NNL, HS, GST Any set: BGW ‘ 05 Priv-key size O(|S|) O(1) O(n-|S|) O(log n) O(1)

Summary Surveyed: Aggragate sigs, groups sigs, broadcast enc. All implemented in PBC Library: http: Summary Surveyed: Aggragate sigs, groups sigs, broadcast enc. All implemented in PBC Library: http: //crypto. stanford. edu/pbc Open source under GPL