Symbiosis Among Cryptography, Coding Theory, Distributed Algorithms and Quantum Computing - PowerPoint PPT Presentation

Loading...

PPT – Symbiosis Among Cryptography, Coding Theory, Distributed Algorithms and Quantum Computing PowerPoint presentation | free to download - id: 617c70-ZDc2Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Symbiosis Among Cryptography, Coding Theory, Distributed Algorithms and Quantum Computing

Description:

Symbiosis Among Cryptography, Coding Theory, Distributed Algorithms and Quantum Computing Kannan Srinathan IIIT Hyderabad Our Focus (Contd.) A fundamental and ... – PowerPoint PPT presentation

Number of Views:99
Avg rating:3.0/5.0
Slides: 42
Provided by: jitsAcIn
Learn more at: http://www.jits.ac.in
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Symbiosis Among Cryptography, Coding Theory, Distributed Algorithms and Quantum Computing


1
Symbiosis Among Cryptography, Coding Theory,
Distributed Algorithms and Quantum Computing
  • Kannan Srinathan
  • IIIT Hyderabad

2
Our Focus
  • Achieving secure communication over an insecure
    channel

3
Our Focus (Contd.)
  • A fundamental and practical problem
  • Initial set-back Shannons pessimistic theorem
  • Circumventing Shannon Independently achieved by
    all four fields

4
Our Focus (Contd.)
  • Each of these four solutions has its own set of
    advantages and limitations
  • Each solution is better than the other three,
    in some sense.
  • These solutions are based on orthogonal
    assumptions and can be used together yielding
    improved security

5
Whats So Difficult About the Problem?
  • Classically, a perfect solution is impossible!
  • Shannon 1 proved that secure communication over
    an insecure channel is impossible.
  • The impossibility stems from the invariant that
    adversary knows all that receiver knows.
  • 1 Shannon, Claude. "Communication Theory of
    Secrecy Systems", Bell System Technical Journal,
    vol.28(4), page 656715, 1949.

6
Shannons Solution Assume a Secure Channel!
Perfectly secure channels are necessary for
perfectly secure communication
7
How fast should the secure channel be?
  • Shannon proved that even if there is a secure
    shared key between sender and receiver,
    theoretically unbreakable ciphers must use a key
    at least as big as the message. This is
    impractical.
  • Conclusion We need very fast secure channels

8
Solution is Impractical!
Overall secure throughput 1 Mbps
  • The secure communication throughput of the entire
    system is same as the cumulative bandwidth of
    truly secure channels in the system

9
The Main Issue
  • Fast secure channels are required for efficient
    secure communication

Chicken-and-Egg problem!
10
Solving the Issue
  • Some sort of assumptions are necessary to
    resolve the main issue
  • Different assumptions lead to different
    paradigms of security

11
Paradigm 1 Modern Cryptography
  • Shannons impossibility holds if the message is
    to be kept secure forever, however for all
    practical purposes it is enough to keep a message
    secure for a very long (finite) time
  • This paradigm is based on complexity theory
  • Assumption Everybodys (including adversarys)
    computing power is polynomial-time bounded

12
Solution 1 Modern Cryptographic Solution
  • One-way functions
  • For simulating slow secure channel over a
    insecure channel
  • For example, Diffie-Hellman Key exchange, RSA
    etc.
  • Psedorandom generators (stream ciphers) and
    pseudorandom functions (block ciphers)
  • For simulating a fast secure channel over a slow
    secure channel
  • For example, Blum-Blum-Shub, DES, AES, etc.

13
Diffie-Hellman Key Exchange 2
  • Based on the hardness of the Discrete Logarithm
    problem
  • 2 New Directions in Cryptography W. Diffie and
    M. E. Hellman, IEEE Transactions on Information
    Theory, vol. IT-22, Nov. 1976, pp 644-654.

14
The Protocol
  • Public information A prime p and a generator g
    of the cyclic (multiplicative) group Zp
  • Sender S chooses a random element a from Zp
    and sends (ga mod p) to R.
  • Receiver R chooses a random element b from Zp
    and sends (gb mod p) to S.
  • S computes K (gb)a gab (mod p)
  • R computes K (ga)b gab (mod p)

15
What about adversary ?
  • Adversary sees g,p,ga (mod p),gb (mod p)
  • Given g, p, ga (mod p) computing a is Hard -
    discrete logarithm problem.
  • Since adversary cannot find either a or b, it
    (conjecturally) cannot compute gab.

16
Paradigm 2 Distributed Algorithmic Solution
17
Distributed Algorithmic Solution
  • Shannons impossibility holds if the adversary
    possesses complete access to the channel
  • However for all practical purposes, the channel
    consists of a huge network of nodes and it may be
    assumed that not all of the network is
    simultaneously accessible to the adversary
  • This paradigm is based on Network theory
  • Key ingredient Secret Sharing
  • Assumption Everybodys (including adversarys)
    Bandwidth is bounded

18
t-Secret Sharing
  • Shamirs Protocol
  • Choose a t-degree polynomial p() over a (large
    enough) finite field
  • Let Secret s p(0)
  • Shares are p(1), p(2), p(n) for some n
  • Ref Adi Shamir. How to Share a Secret. CACM, 1979

19
Perfectly Secure Communication
  • Dolev et al. 3 Protocol
  • Sender shares the message using secret sharing
    and sends the shares to Receiver along different
    paths.
  • Receiver collects all the shares, and
    reconstructs the message.
  • 3 Danny Dolev, Cynthia Dwork, Orli Waarts, Moti
    Yung Perfectly secure message transmission, J.
    ACM 40, 1 (1993), 17-47.

20
Paradigm 3 Quantum Mechanical Solution
21
Quantum Secret Key Establishment Protocol
The Standard Setting
22
Quantum Secret Key Establishment Protocol
  • Sender S and receiver R share a quantum
    communication channel, via which quantum states
    can be transmitted.
  • Two conjugate bases are used, say b1 and b2.as
    shown in the table.
  • S chooses a random base, and based on the bit to
    send, it sends a qubit prepared in the
    corresponding state.
  • R measures the qubit received, with a random
    base. If the base is different from what S used,
    the bit is lost, else R measures the actual bit.

Bit 0 1
b1
b2
23
Quantum SKEP (Contd.)
  • This process is repeated for all the bits.
  • S and R publicly compare (through a classical
    channel) their respective bases, and discard all
    those bits where their bases were different.
  • The bases are same for nearly half the number of
    bits.
  • S and R now check whether adversary has
    intercepted (measured) any of these bits, by
    comparing a certain subset of the remaining bit
    strings.
  • If more than p bits differ, they abort the key
    and repeat the process.

24
Quantum SKEP (Contd.)
  • Eve will use the wrong basis approximately 50 of
    the time (while resending)
  • Bob measures a resent qubit with the correct
    basis there will be a 25 probability that he
    measures the wrong value.

25
Paradigm 4 Coding Theoretic Solution
26
Noise-based Secrecy
  • Shannons impossibility holds if the adversary
    can access all information that the receiver can
    access
  • However in practical scenarios, the channel is
    noisy and therefore it may be assumed that the
    noisy data received by the adversary is different
    from the noisy data received by the receiver
  • This paradigm is based on Information/Coding
    Theory
  • Assumption Everybody (including adversary)
    receives different noisy versions of the data

27
Intuitively
  • Noise is bad for any system because
  • it can affect the systems functionality,
    efficiency, accuracy and so on

28
Can Noise be Useful?
  • Usually NO
  • by definition
  • (naturally, it is termed as noise typically
    because of its adversarial nature!)

29
Can Noise be Useful? (Contd.)
  • Rarely YES but how?
  • Perhaps in situations where we need to
    simultaneously deal with another adversarial
    entity apart from noise
  • We may then hope that the two adversaries would
    fight among themselves making it easier for us to
    tackle them together, than each one individually

30
Does Our Hope Come True?
  • Are there real examples for such a comedy of
    errors by the adversarial entities?
  • YES

31
Whos Are Our Adversaries?
  • The First Adversary
  • Responsible for injecting noise in the
    communication channel
  • The Other Adversary
  • The Cryptographic Eavesdropper
  • Responsible for listening/reading critical
    information from channel/nodes

32
Revisiting Secure Communication
  • Shannons Result Information-theoretically
    Secure Communication is Impossible in a Noiseless
    Insecure Channel
  • Information-theoretically Secure Communication is
    possible in an appropriately Noisy Insecure
    Channel

Is it noisy?
33
Another Fundamental Problem Oblivious Transfer
Can A learn only the bit bi without revealing i
to B?
  • B

A
Index i
Bit-Array b0,b1,bn
  • Information-theoretically Secure Oblivious
    Transfer is Impossible in a Noiseless Channel
  • Information-theoretically Secure Oblivious
    Transfer is possible in an appropriately Noisy
    Insecure Channel

34
Yet Another Fundamental Problem Securely
Computing AND
  • Securely Computing x ? y in GF(2)

For simplicity assume the following channel
noise Any 1 bit out of every block of 4 bits
sent will be toggled
Fact Perfectly Secure AND is impossible in a
noiseless channel
35
Protocol for Secure AND
  • A chooses four random bits, r0,r1,r2,r3 and sends
    them to B, who receives s0,s1,s2,s3
  • One of the ri is different from si
  • Three of the others are equal
  • A and B compute the following 3-tuples
    respectively
  • A (respectively B) multiplies the ith row of
    matrix M with ri (respectively si) to obtain a
    matrix MA (resp. MB)
  • A (resp. B) adds up the resultant 4 by 3 matrix
    MA (resp. MB) column-wise to obtain a 3-tuple TA
    (a0, b0, c0) (resp. TB (a1,b1,c1))

0 0 0
0 1 0
1 0 0
1 1 1
M
36
Protocol for Secure AND (Contd.)
  • Let x x0 ?x1 and y y0 ?y1
  • A sends x1 to B and retains x0
  • B sends y0 to A and retains y1
  • Now,
  • A has x0, y0, a0, b0 and c0
  • B has x1, y1, a1, b1 and c1

37
Protocol for Secure AND (Contd.)
  • A publishes (x0?a0) and (y0?b0)
  • B publishes (x1?a1) and (y1?b1)
  • Both of them compute the bits P and Q
  • P (x0?a0) ? (x1?a1)
  • Q (y0?b0) ? (y1?b1)
  • A computes the bit z0 as follows
  • z0 (b0 ? P) ? (a0 ? Q) ? (P ? Q) ? c0
  • Similarly B computes z1 as
  • z1 (b1 ? P) ? (a1 ? Q) ? (P ? Q) ? c1
  • It can be showed that (z0 ? z1) (x ? y)

38
Securely Computing Any Function in GF(2)
  • Express the function by a Boolean circuit using
    only AND and XOR gates (fan-in 2 and fan-out 1)
  • Protocol for Secure AND securely transforms two
    shared inputs (x and y) to a shared output
    (z) of a single AND gate
  • Protocol for secure XOR is simple just locally
    XOR the input shares
  • Any circuit can thus be securely evaluated
    gate-by-gate till the output wire is reached the
    output shares can be XORed to obtain f(x,y)

39
Protocol for Oblivious Transfer
Can A learn only the bit bi without revealing i
to B?
  • B

A
Index i
Bit-Array b0,b1,bn
For n2 We may securely compute ((i?1)?b0) ?
(i ?b1)
40
Protocol for Secure Communication
  • To securely send a bit m, the receiver chooses
    uniformly at random a permutation of 0,1 and
    executes an Oblivious Transfer of the mth index
    bit to the Sender.
  • Upon receipt of the obliviously transferred bit,
    the Sender reliably sends that bit to the
    receiver who recovers m from it

41
Conclusions
  • Modern cryptography
  • Based on complexity theorys currently unproven
    hardness assumptions
  • Contemporary mathematicians suggest that these
    assumptions are (a) likely to be true and (b)
    unlikely to be proven in the near future
  • Very fast and scalable once a secret-key is
    established (symmetric-key cryptography)
  • Distributed Algorithmic Solution
  • Based on adversarys inability to simultaneously
    corrupt several routers
  • Necessitates highly connected networking
  • Can tolerate active adversaries too
  • Quantum Mechanical Solution
  • Based on the postulates of quantum mechanics
  • Currently secure transmission is achieved to
    about 100km
  • Is physically unbreakable, however several
    side-channel attacks are plausible
  • Noisy Channel Solution
  • It assumes that natural noise is not under the
    cryptographic adversarys control
  • It is an intriguing recycling of noise in to
    productive use
  • Noise is ubiquitous

42
Thank You
About PowerShow.com