Enviar búsqueda
Cargar
Emerging key-recovery-service
•
Descargar como PPT, PDF
•
0 recomendaciones
•
362 vistas
Bear Stern Lehman Brothers
Seguir
Relaciones con inversores
Denunciar
Compartir
Denunciar
Compartir
1 de 58
Descargar ahora
Recomendados
Beverly hills club
Beverly hills club
Lehman Brothers European Mezzanine Leverage part 03-A LP
digital-signature- 3.pptx
digital-signature- 3.pptx
Tamar Das
DESIGN AND IMPLEMENTATION OF DATA ENCRYPTION SOFTWARE
DESIGN AND IMPLEMENTATION OF DATA ENCRYPTION SOFTWARE
Ayanda Demilade
Peter Mell Cloud Standards 20090915
Peter Mell Cloud Standards 20090915
GovCloud Network
A NETWORK SECURITY APPROACH USING RSA.
A NETWORK SECURITY APPROACH USING RSA.
Tuhin_Das
Information Exchange Collaboration across Technical/Operational/Policy Bounda...
Information Exchange Collaboration across Technical/Operational/Policy Bounda...
APNIC
PRADS presentation (English) @ University of Oslo by Ebf0 and kwy
PRADS presentation (English) @ University of Oslo by Ebf0 and kwy
Rubén Romero
Presentation
Presentation
rokham khawaja
Recomendados
Beverly hills club
Beverly hills club
Lehman Brothers European Mezzanine Leverage part 03-A LP
digital-signature- 3.pptx
digital-signature- 3.pptx
Tamar Das
DESIGN AND IMPLEMENTATION OF DATA ENCRYPTION SOFTWARE
DESIGN AND IMPLEMENTATION OF DATA ENCRYPTION SOFTWARE
Ayanda Demilade
Peter Mell Cloud Standards 20090915
Peter Mell Cloud Standards 20090915
GovCloud Network
A NETWORK SECURITY APPROACH USING RSA.
A NETWORK SECURITY APPROACH USING RSA.
Tuhin_Das
Information Exchange Collaboration across Technical/Operational/Policy Bounda...
Information Exchange Collaboration across Technical/Operational/Policy Bounda...
APNIC
PRADS presentation (English) @ University of Oslo by Ebf0 and kwy
PRADS presentation (English) @ University of Oslo by Ebf0 and kwy
Rubén Romero
Presentation
Presentation
rokham khawaja
Big Data Security in Apache Projects by Gidon Gershinsky
Big Data Security in Apache Projects by Gidon Gershinsky
GidonGershinsky
Improved authentication & key agreement protocol using elliptic curve cryptog...
Improved authentication & key agreement protocol using elliptic curve cryptog...
CAS
Secure Your Encryption with HSM
Secure Your Encryption with HSM
Narudom Roongsiriwong, CISSP
Slide Deck – Session 6 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 6 – FRSecure CISSP Mentor Program 2017
FRSecure
Asymmetric Cryptography
Asymmetric Cryptography
UTD Computer Security Group
Data security using rsa
Data security using rsa
LAKSHMI TEJA SAYABARAPU
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Ramesh Nagappan
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
Toni de la Fuente
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
NRB
2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLD
2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLD
Jack Kessler
BPM and SOA Are Going Mobile: An Architectural Perspective
BPM and SOA Are Going Mobile: An Architectural Perspective
Guido Schmutz
Soc analyst course content v3
Soc analyst course content v3
ShivamSharma909
Soc analyst course content
Soc analyst course content
ShivamSharma909
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
ION Malta - DANE: The Future of TLS
ION Malta - DANE: The Future of TLS
Deploy360 Programme (Internet Society)
HUG_Ireland_Apache_Arrow_Tomer_Shiran
HUG_Ireland_Apache_Arrow_Tomer_Shiran
John Mulhall
Efficient Spark Analytics on Encrypted Data with Gidon Gershinsky
Efficient Spark Analytics on Encrypted Data with Gidon Gershinsky
Databricks
Fiware: Connecting to robots
Fiware: Connecting to robots
Jaime Martin Losa
Lesson 2
Lesson 2
MLG College of Learning, Inc
I psec
I psec
ahmad1986jor
The big picture films
The big picture films
Bear Stern Lehman Brothers
Ruthless entertainment
Ruthless entertainment
Bear Stern Lehman Brothers
Más contenido relacionado
Similar a Emerging key-recovery-service
Big Data Security in Apache Projects by Gidon Gershinsky
Big Data Security in Apache Projects by Gidon Gershinsky
GidonGershinsky
Improved authentication & key agreement protocol using elliptic curve cryptog...
Improved authentication & key agreement protocol using elliptic curve cryptog...
CAS
Secure Your Encryption with HSM
Secure Your Encryption with HSM
Narudom Roongsiriwong, CISSP
Slide Deck – Session 6 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 6 – FRSecure CISSP Mentor Program 2017
FRSecure
Asymmetric Cryptography
Asymmetric Cryptography
UTD Computer Security Group
Data security using rsa
Data security using rsa
LAKSHMI TEJA SAYABARAPU
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Ramesh Nagappan
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
Toni de la Fuente
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
NRB
2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLD
2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLD
Jack Kessler
BPM and SOA Are Going Mobile: An Architectural Perspective
BPM and SOA Are Going Mobile: An Architectural Perspective
Guido Schmutz
Soc analyst course content v3
Soc analyst course content v3
ShivamSharma909
Soc analyst course content
Soc analyst course content
ShivamSharma909
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
ION Malta - DANE: The Future of TLS
ION Malta - DANE: The Future of TLS
Deploy360 Programme (Internet Society)
HUG_Ireland_Apache_Arrow_Tomer_Shiran
HUG_Ireland_Apache_Arrow_Tomer_Shiran
John Mulhall
Efficient Spark Analytics on Encrypted Data with Gidon Gershinsky
Efficient Spark Analytics on Encrypted Data with Gidon Gershinsky
Databricks
Fiware: Connecting to robots
Fiware: Connecting to robots
Jaime Martin Losa
Lesson 2
Lesson 2
MLG College of Learning, Inc
I psec
I psec
ahmad1986jor
Similar a Emerging key-recovery-service
(20)
Big Data Security in Apache Projects by Gidon Gershinsky
Big Data Security in Apache Projects by Gidon Gershinsky
Improved authentication & key agreement protocol using elliptic curve cryptog...
Improved authentication & key agreement protocol using elliptic curve cryptog...
Secure Your Encryption with HSM
Secure Your Encryption with HSM
Slide Deck – Session 6 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 6 – FRSecure CISSP Mentor Program 2017
Asymmetric Cryptography
Asymmetric Cryptography
Data security using rsa
Data security using rsa
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLD
2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLD
BPM and SOA Are Going Mobile: An Architectural Perspective
BPM and SOA Are Going Mobile: An Architectural Perspective
Soc analyst course content v3
Soc analyst course content v3
Soc analyst course content
Soc analyst course content
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
ION Malta - DANE: The Future of TLS
ION Malta - DANE: The Future of TLS
HUG_Ireland_Apache_Arrow_Tomer_Shiran
HUG_Ireland_Apache_Arrow_Tomer_Shiran
Efficient Spark Analytics on Encrypted Data with Gidon Gershinsky
Efficient Spark Analytics on Encrypted Data with Gidon Gershinsky
Fiware: Connecting to robots
Fiware: Connecting to robots
Lesson 2
Lesson 2
I psec
I psec
Más de Bear Stern Lehman Brothers
The big picture films
The big picture films
Bear Stern Lehman Brothers
Ruthless entertainment
Ruthless entertainment
Bear Stern Lehman Brothers
Eddie norward jr llc
Eddie norward jr llc
Bear Stern Lehman Brothers
Lifestylez ov da poor&dangerous
Lifestylez ov da poor&dangerous
Bear Stern Lehman Brothers
Clubglobal
Clubglobal
Bear Stern Lehman Brothers
Flambayant entertainment
Flambayant entertainment
Bear Stern Lehman Brothers
Jerrick Electronics
Jerrick Electronics
Bear Stern Lehman Brothers
China exim bank
China exim bank
Bear Stern Lehman Brothers
Norward nfl football_1995
Norward nfl football_1995
Bear Stern Lehman Brothers
Más de Bear Stern Lehman Brothers
(9)
The big picture films
The big picture films
Ruthless entertainment
Ruthless entertainment
Eddie norward jr llc
Eddie norward jr llc
Lifestylez ov da poor&dangerous
Lifestylez ov da poor&dangerous
Clubglobal
Clubglobal
Flambayant entertainment
Flambayant entertainment
Jerrick Electronics
Jerrick Electronics
China exim bank
China exim bank
Norward nfl football_1995
Norward nfl football_1995
Último
ITAU EQUITY_STRATEGY_WARM_UP_20240505 DHG.pdf
ITAU EQUITY_STRATEGY_WARM_UP_20240505 DHG.pdf
Demetrius Brasil Faria da Silva
Financial Results for the Fiscal Year Ended March 2024
Financial Results for the Fiscal Year Ended March 2024
KDDI
Diligence Checklist for Early Stage Startups
Diligence Checklist for Early Stage Startups
TILDEN
Teekay Tankers Q1-24 Earnings Presentation
Teekay Tankers Q1-24 Earnings Presentation
Teekay Tankers Ltd
Osisko Gold Royalties Ltd - Corporate Presentation, May 2024
Osisko Gold Royalties Ltd - Corporate Presentation, May 2024
Osisko Gold Royalties Ltd
Osisko Development - Investor Presentation - May 2024
Osisko Development - Investor Presentation - May 2024
Philip Rabenok
Teck Supplemental Information, May 2, 2024
Teck Supplemental Information, May 2, 2024
TeckResourcesLtd
Terna - 1Q 2024 Consolidated Results Presentation
Terna - 1Q 2024 Consolidated Results Presentation
Terna SpA
Camil Institutional Presentation_Mai24.pdf
Camil Institutional Presentation_Mai24.pdf
CAMILRI
AMG Quarterly Investor Presentation May 2024
AMG Quarterly Investor Presentation May 2024
gstubel
Camil Institutional Presentation_Mai24.pdf
Camil Institutional Presentation_Mai24.pdf
CAMILRI
Corporate Presentation Probe Canaccord Conference 2024.pdf
Corporate Presentation Probe Canaccord Conference 2024.pdf
Probe Gold
The Leonardo 1Q 2024 Results Presentation
The Leonardo 1Q 2024 Results Presentation
Leonardo
Western Copper and Gold - May 2024 Presentation
Western Copper and Gold - May 2024 Presentation
Paul West-Sells
Osisko Gold Royalties Ltd - Q1 2024 Results
Osisko Gold Royalties Ltd - Q1 2024 Results
Osisko Gold Royalties Ltd
Collective Mining | Corporate Presentation - May 2024
Collective Mining | Corporate Presentation - May 2024
CollectiveMining1
SME IPO Opportunity and Trends of May 2024
SME IPO Opportunity and Trends of May 2024
Transique Corporate Advisors
Nicola Mining Inc. Corporate Presentation May 2024
Nicola Mining Inc. Corporate Presentation May 2024
nicola_mining
Teekay Corporation Q1-24 Earnings Results
Teekay Corporation Q1-24 Earnings Results
Teekay Corporation
countries with the highest gold reserves in 2024
countries with the highest gold reserves in 2024
Kweku Zurek
Último
(20)
ITAU EQUITY_STRATEGY_WARM_UP_20240505 DHG.pdf
ITAU EQUITY_STRATEGY_WARM_UP_20240505 DHG.pdf
Financial Results for the Fiscal Year Ended March 2024
Financial Results for the Fiscal Year Ended March 2024
Diligence Checklist for Early Stage Startups
Diligence Checklist for Early Stage Startups
Teekay Tankers Q1-24 Earnings Presentation
Teekay Tankers Q1-24 Earnings Presentation
Osisko Gold Royalties Ltd - Corporate Presentation, May 2024
Osisko Gold Royalties Ltd - Corporate Presentation, May 2024
Osisko Development - Investor Presentation - May 2024
Osisko Development - Investor Presentation - May 2024
Teck Supplemental Information, May 2, 2024
Teck Supplemental Information, May 2, 2024
Terna - 1Q 2024 Consolidated Results Presentation
Terna - 1Q 2024 Consolidated Results Presentation
Camil Institutional Presentation_Mai24.pdf
Camil Institutional Presentation_Mai24.pdf
AMG Quarterly Investor Presentation May 2024
AMG Quarterly Investor Presentation May 2024
Camil Institutional Presentation_Mai24.pdf
Camil Institutional Presentation_Mai24.pdf
Corporate Presentation Probe Canaccord Conference 2024.pdf
Corporate Presentation Probe Canaccord Conference 2024.pdf
The Leonardo 1Q 2024 Results Presentation
The Leonardo 1Q 2024 Results Presentation
Western Copper and Gold - May 2024 Presentation
Western Copper and Gold - May 2024 Presentation
Osisko Gold Royalties Ltd - Q1 2024 Results
Osisko Gold Royalties Ltd - Q1 2024 Results
Collective Mining | Corporate Presentation - May 2024
Collective Mining | Corporate Presentation - May 2024
SME IPO Opportunity and Trends of May 2024
SME IPO Opportunity and Trends of May 2024
Nicola Mining Inc. Corporate Presentation May 2024
Nicola Mining Inc. Corporate Presentation May 2024
Teekay Corporation Q1-24 Earnings Results
Teekay Corporation Q1-24 Earnings Results
countries with the highest gold reserves in 2024
countries with the highest gold reserves in 2024
Emerging key-recovery-service
1.
© RSA 1998 Why
Standards? • Many reasons: – interoperability – stability – assurance • De facto or de jure?
2.
RSA Data Security,
Inc. Emerging Standards for Public-Key Cryptography SEIKO INSTRUMENTS PAGER PAL
3.
© RSA 1998 Introduction •
As research matures, it can be made “standard” – ’70s and ’80s research in public-key cryptography leads to standards in ’90s • This talk is a snapshot of some of the standards efforts — and the interesting issues they raise
4.
RSA Data Security,
Inc. SEIKO INSTRUMENTS PAGER PAL Part I: Survey of Standards Efforts
5.
© RSA 1998 Outline I.
Survey of Standards Efforts II. A General Model for Public-Key Standards III. Strong Primes: A Recurring Technical Debate IV. Some Research Motivated by Standards
6.
© RSA 1998 Some
Public-Key Standards Efforts • ANSI X9F1 • IEEE P1363 • ISO/IEC JTC1 SC27 • US NIST
7.
© RSA 1998 ANSI
X9F1 Efforts • Some ANSI documents (drafts) – X9.30 DSA signatures – X9.31 RSA/RW signatures (rDSA) – X9.42 DH/MQV key agreement – X9.44 RSA key transport – X9.62 elliptic curve signatures – X9.63 EC key agreement / transport – X9.79 prime generation
8.
© RSA 1998 ANSI
X9F1 • Financial Services / Data and Information Security / Cryptographic Tools • Corporate membership • Quarterly meetings in North America • www.x9.org
9.
© RSA 1998 IEEE
P1363 • Standard Specifications for Public-Key Cryptography • Sponsored by IEEE Microprocessor Standards Committee • Individual participation • Meetings mostly in North America • grouper.ieee.org/groups/1363
10.
SEIKO INSTRUMENTS PAGER
PAL © RSA 1998
11.
© RSA 1998 IEEE
P1363 Coverage • Three types of technique: – key agreement, signature, encryption • From three families: – DL: discrete logarithm – EC: elliptic curve – IF: integer factorization • Also, number theory background, security considerations
12.
SEIKO INSTRUMENTS PAGER
PAL © RSA 1998
13.
© RSA 1998 IEEE
P1363a • Standard Specifications for Public-Key Cryptography: Additional Techniques • In preparation • More techniques, probably same families – identification likely to be added
14.
SEIKO INSTRUMENTS PAGER
PAL © RSA 1998
15.
© RSA 1998 ISO/IEC
JTC1 SC27 • International Organization for Standardization / International Electrotechnical Commission / Information Technology / IT Security Techniques • National representation, with experts • Meetings throughout the world • www.iso.ch
16.
SEIKO INSTRUMENTS PAGER
PAL © RSA 1998
17.
© RSA 1998 SC27
Efforts • Some ISO/IEC documents – 9796 Signatures with message recovery – 9798 Entity authentication – 11770 Key management – 13888 Nonrepudiation – 14888 Signatures with appendix • Symmetric and public-key techniques
18.
SEIKO INSTRUMENTS PAGER
PAL © RSA 1998
19.
© RSA 1998 U.S.
NIST FIPS • National Institute of Standards and Technology – part of U.S. Department of Commerce • Federal Information Processing Standards (FIPS) • Computer Security Act (1987) gives charter for government cryptography standards • www.nist.gov
20.
SEIKO INSTRUMENTS PAGER
PAL © RSA 1998
21.
© RSA 1998 NIST
Efforts • Some FIPS: – 186 Digital Signature Standard – 196 Entity Authentication – new Key Exchange / Agreement • Others of interest: – 46-2 Data Encryption Standard – 180-1 Secure Hash Standard – new Advanced Encryption Standard
22.
© RSA 1998 Comparing
the Efforts • Different goals: – ISO, IEEE: general building blocks – ANSI: US banking requirements – NIST: US government, commercial • Coordination: – IEEE, ANSI technical convergence – NIST will accept ANSI signature standards for government purposes – ISO TC68 adopts ANSI X9F1
23.
© RSA 1998 Application
Standards of Interest • S/MIME: messaging • SSL / TLS: communications • SET: bank card payments • PKIX: public-key infrastructure
24.
© RSA 1998 RSA
Laboratories’ PKCS • Public-Key Cryptography Standards • Informal, intervendor effort coordinated by RSA Laboratories • Periodic workshops • www.rsa.com/rsalabs/pubs/PKCS/
25.
© RSA 1998 PKCS
Efforts • Revisions and new documents: – PKCS #1 RSA Cryptography • v2.0 draft in review, includes Bellare- Rogaway OAEP – PKCS #5 Password-Based Encryption – PKCS #13 Elliptic Curve Cryptography – PKCS #14 Pseudorandom Generation – PKCS #15(?) Smart Card File Formats
26.
RSA Data Security,
Inc. SEIKO INSTRUMENTS PAGER PAL Part II: A General Model for Public-Key Standards
27.
© RSA 1998 A
General Model • Framework with abstraction, generally following P1363 • Three levels: – primitives – schemes – protocols • … plus key management
28.
© RSA 1998 P1363
Naming Convention • General form: – family type - instance • where – family is DL, EC, IF – type is one of: • SP: Signature Primitive • SSA: Signature Scheme with Appendix • etc. – instance is a particular algorithm, e.g., DSA, DH, RSA
29.
© RSA 1998 Primitives •
Basic mathematical operations • Low-level implementation – e.g., crypto-accelerator, software module • Computational security – enhanced when combined with additional techniques in a scheme
30.
© RSA 1998 Types
of Primitive • Secret value derivation – shared secret value from public key(s), party’s private key(s) • Signature and verification • Encryption and decryption
31.
© RSA 1998 Example:
DLSP-DSA / DLVP-DSA • DSA signature / verification primitives • DLSP-DSA ((p, q, g, x), m): – r = (gk mod p) mod q, k random – s = k-1 (m + xr) mod q • DLVP-DSA ((p, q, g, y), m, (r, s)) – r =? (gm/s yr/s mod p) mod q
32.
© RSA 1998 Primitives
in P1363 • Secret Value Derivation – DH, MQV in DL, EC families • Signature / Verification: – DSA, Nyberg-Rueppel in DL, EC families – RSA with and w/o absolute value – Rabin-Williams • Encryption / Decryption: – RSA
33.
© RSA 1998 Schemes •
Related operations combining primitives, additional techniques – a framework with options • Medium-level implementation – e.g., cryptographic service library • Complexity-theoretic security (ideally) – completed when appropriately applied in a protocol
34.
© RSA 1998 Types
of Scheme • Key agreement • Signature – with appendix – with message recovery • Encryption • Identification (in P1363a)
35.
© RSA 1998 Additional
Techniques • Encoding method – maps between message, data to be processed by primitive – for signatures, encryption schemes • Key derivation function – maps from shared secret value to key – for key agreement schemes
36.
© RSA 1998 Example:
DL/ECSSA • DL/EC signature scheme – options: SP / VP / encoding method • Signature operation (privKey, M): – S = SP (privKey, Encode (M)) • Verification operation (pubKey, M, S): – VP (pubKey, Encode (M), S) [DSA] – Encode (M) =? VP (pubKey, S) [NR]
37.
© RSA 1998 Encoding
Methods for Signatures • DL/EC signatures – Hash (M) • IF signatures with appendix – Pad || HashID || Hash (M) • IF signatures wit h message recovery – ISO9796-1 (M)
38.
© RSA 1998 Related
Scheme Operations • Domain parameter generation • Domain parameter validation • Key pair generation • Public key validation • Private key validation
39.
© RSA 1998 Schemes
in P1363 • Key agreement – three DL/EC generic: DH1, DH2, MQV • Signature with appendix – DL/EC generic – IF generic • Signature with message recovery – IF generic • Encryption – IF generic
40.
© RSA 1998 Protocols •
Sequence of operations to be performed by parties to achieve some security goal • High-level implementation – applications, services • “Real” security – but depends on implementation considerations • (No protocols in P1363)
41.
© RSA 1998 Types
of Protocol • Key establishment – key agreement – key transport • Entity authentication • Data origin authentication • Data confidentiality
42.
RSA Data Security,
Inc. SEIKO INSTRUMENTS PAGER PAL Part III: “Strong” Primes: A Recurring Technical Debate
43.
© RSA 1998 What
is a “Strong” Prime? • RSA key pair consists of – public key (n, e) – private key (n, d) – where n = pq, p and q are large primes, and ed ≡ 1 mod (p-1)(q-1) • A prime p is strong if p’, the largest factor of p-1, is large • Are strong primes necessary?
44.
© RSA 1998 Early
’80s: Yes • Pollard’s p-1 method (1974) can factor n in about p’ operations, so p’ should be large • Gordon (1984) gives method for generating RSA keys efficiently with strong prime factors – X.509 (1988) also mentions conditions • Related conditions on p+1, p’-1, etc.
45.
© RSA 1998 Late
’80s / Early ’90s: No • Lenstra’s ECM (1987) can factor n in O(exp (2 ln p ln ln p)1/2 ) operations, so p should be large • … but if p is large and random, then p’ will be large with high probability • Rivest (unpublished) argues that strong primes don’t help – but don’t hurt either
46.
© RSA 1998 Late
’90s: Maybe • What about signature repudiation? – Dishonest user chooses n with weak prime – Later, disavows signature, claiming that someone factored n by p-1 method • ANSI X9.31 (1998) standardizes on strong primes for banking – also, generates primes as one-way function of seed • Still, are strong primes necessary?
47.
RSA Data Security,
Inc. SEIKO INSTRUMENTS PAGER PAL Part IV: Some Research Motivated By Standards
48.
© RSA 1998 Standards
and Research • Just as mature research is standardized, so standards efforts promote additional research • Areas of research: – efficient implementation – cryptanalysis – components in the “framework”
49.
© RSA 1998 Authenticated
Encryption Schemes • Problem: – Construct authenticated encryption schemes for DL, EC, IF families with similar properties to OAEP, but with variable message length • Several solutions proposed for P1363a
50.
© RSA 1998 Model •
C = Encrypt (pubKey, M, P) • M = Decrypt (privKey, C, P) – M message – C ciphertext – P encoding parameters • M, C, P arbitrary length
51.
© RSA 1998 Desired
Properties • One application of underlying primitive • Plaintext-aware encryption – no partial information about M – cannot generate C without M • hence, cannot modify M • Binding of P to M – cannot modify P • Weaker assumptions – i.e., not just random oracle model
52.
© RSA 1998 OAEP
for RSA • As in P1363 (and PKCS #1 v2.0 draft): • Encrypt (pubKey, M, P): – EM = Encode (M, P) – C = EP (pubKey, EM) • Decrypt (privKey, C, P): – EM = DP (privKey, C) – M = Decode (EM, P) • M, C bounded, P arbitrary length
53.
© RSA 1998 OAEP
Encoding • Encode (M, P) – EM = maskedSeed || maskedDB where • maskedSeed = seed ⊕ G (maskedDB) • maskedDB = DB ⊕ G (seed) • DB = H (P) || pad || M • seed random • H hash function, G mask generation function • Decode (C, P): an exercise
54.
© RSA 1998 Limitations •
EM must be shorter than RSA modulus, so length of M is bounded • Assumes encryption primitive — but DL/EC only has secret value derivation primitive • Relies on random oracle model for G
55.
© RSA 1998 IF
Encryption Ideas 1. Encrypt only part of EM (various) – removes bound on length of M – which part? 2. Construct G only partly from random oracle (Bellare, Rogaway 1996) 3. Add more “rounds” to OAEP (Johnson, Matyas, Peyravian 1996) – may reduce assumptions, need for seed
56.
© RSA 1998 DL/EC
Encryption Ideas • General: Generate shared secret value K as in key agreement scheme, combine with M, P 1. Encode M as in OAEP, exclusive-OR K with part of result (various) 2. Combine with MACs, reduced r.o. methods (Bellare, Rogaway 1996) 3. Combine with universal hash functions, mask generation (Zheng 1996)
57.
© RSA 1998 Some
Other Recent Results • Security of “unified model” of DH key agreement (Blake-Wilson, Johnson, Menezes 1997) • RSA key validation (Liskov, Silverman 1997) • Storage-efficient basis conversion (Kaliski, Yin 1998)
58.
© RSA 1998 Conclusions •
Research in cryptology and data security is leading to standards, and vice versa • Several standards efforts for different sectors, but coordinated • General model for public-key standards emerging • … and some technical debate continues
Descargar ahora