10 - Data Integrity and Chosen Introduction Attacks...

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon
Introduction Data Integrity and Chosen Ciphertext Attacks Cryptography and Protocols Andrei Bulatov
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Cryptography and Protocols – Data Integrity and CCA 10-2 Data Integrity Privacy is not the same as integrity!!! If we encrypt data with a CPA-secure scheme, does it mean that we also protect its integrity? NO Suppose we encrypt message with the PRF-based CPA secure scheme, so that ciphertext is The attacker flips the last bit of the ciphertext making Bob to believe that the message sent is n P P P K 1 = < P r f r s ) ( , n n P P P 1 1 - K
Background image of page 2
Cryptography and Protocols – Data Integrity and CCA 10-3 Chosen Ciphertext Attacks In a chosen ciphertext attack Eve is allowed to ask for encryptions of chosen plaintexts, and for decryptions of chosen ciphertexts The login problem Suppose that a server and a client share a secret PIN, I, that was chosen at random (13 bits) They also share a secret key k Protocol: the client sends encrypted I the server decrypts and check if the PIN is correct if PIN is incorrect the server aborts the communication Can the adversary learn the PIN? 4 10 0 I
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Cryptography and Protocols – Data Integrity and CCA 10-4 Chosen Ciphertext Attacks (cntd) Lemma There exists a CPA-secure scheme (K,E,D) such that if the client and the server use (K,E,D) in this protocol, Eve that sits on the communication channel can learn the PIN after at most 13 sessions. Proof
Background image of page 4
Image of page 5
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/05/2012 for the course CMPT 404 taught by Professor Andreia.bulatov during the Spring '12 term at Simon Fraser.

Page1 / 13

10 - Data Integrity and Chosen Introduction Attacks...

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online