您好,欢迎访问代理记账网站
移动应用 微信公众号 联系我们

咨询热线 -

电话 15988168888

联系客服
  • 价格透明
  • 信息保密
  • 进度掌控
  • 售后无忧

现代密码学读书笔记

现代密码学三个基本原则:

1.Formulation of exact definitions
2.Reliance on precise assumptions
3.Rogorous proofs of security

Provable Security

1.security definition(model)
2.assumptions
2.proof: prove the scheme satisfies definition if assumption holds.

negligible

approaches 0 faster than the inverse of any polynomial
Formally:
A function μ \mu μ : N → \rightarrow R is negligible in n if for every positive polynomial p ( ⋅ ) p(\cdot) p() there exists an integer N such that for all n > N
∣ μ ( n ) ∣ < 1 p ( n ) |\mu(n)|<\frac{1}{p(n)} μ(n)<p(n)1
we call such a function negligible in n: negl(n)

Semantically secure:

we say a PKE is semantically secure, if for all PPT adversaries, we have: Pr[b=b’] <= 0.5 + negl(n).

Cryptographic building block:

such as cyclic group C, public key encryption scheme, signature scheme, secure key derivation function KDF.

Cryptographic primitives(密码学原语):

such as hash function, one-way function, MAC, PRG, PRF, FHE, MPC(multiparty computation), and so on.

unknown key share attack

为更好地理解“未知密钥共享攻击”,研究团队举了一个形象的例子:

Bart想耍耍他的朋友Milhouse。Bart知道Milhouse会用TextSecure邀请他来自己的生日派对,于是他用Nelson的公钥替换他自己的公钥,并让Milhouse验证他的新公钥指纹(fingerprint)。这个恶作剧可以做的合情合理,比如Bart可以编造理由说:自己买了个新手机,需要重新验证指纹……

那么,当Milhouse邀请Bart参加他的生日聚会,Bart只需转发此消息给Nelson,Nelson就会认为这条消息来自Milhouse。而Milhouse那边也被耍了:他本以为邀请了Bart参加他的生日派对,而实际上邀请的是Nelson。

SEUF-CMA

strong existential unforgeability under weak chosen message attacks.

ROR(real or random) model [ 1 ] ^{[1]} [1]:

R e v e a l Reveal Reveal queries are no longer allowed and are replaced by T e s t Test Test queries. In this case, however, the adversary is allowed to ask many T e s t Test Test queries as it wants.

FTG(find then guess) model [ 2 ] ^{[2]} [2]:

A d v e r s a r y Adversary Adversary is given access to the R e v e a l , E x e c u t e , S e n d , Reveal, Execute, Send, Reveal,Execute,Send, and T e s t Test Test oracles and ask a single T e s t Test Test query, and outputs a guess bit b ′ b' b.

outsider KCI resilience:

In an outsider KCI attack scenario, an adversary A A A is allowed to compromise the long-term private keys of up to all parties except one.
But, it is allowed neither to corrupt the protocol instances at any of parties nor to participate in the protocol on behalf of the corrupted parties.
A A A is an outsider to the specific protocol execution in consideration as no session specific information is revealed.

Reference:

[1] (Crypto 04)Password-Based Authenticated Key Exchange in the Three-Party Setting.
[2] (Crypto 00)Authenticated key exchange secure against
dictionary attacks


分享:

低价透明

统一报价,无隐形消费

金牌服务

一对一专属顾问7*24小时金牌服务

信息保密

个人信息安全有保障

售后无忧

服务出问题客服经理全程跟进