SlideShare ist ein Scribd-Unternehmen logo

Security protocols

Abhijit Mondal
Abhijit Mondal

Some security protocols

Technologie
1 von 3
Downloaden Sie, um offline zu lesen
Security Protocols and Applications of Cryptography By: Abhijit Mondal Needham-Schroeder Protocol : Suppose A wants to talk with B over the network. How will B know that he is really talking to A. This protocol authenticates A to B at the same time allowing them to exchange session keys over the network. 1. A sends a message to Trent( a trusted individual or a computer program over the network) consisting of his name a, B's name b and a random number rA 2. Trent generates a random session key k . Trent then computes c2 = (beA , keA , rA eA , keAeB , aeAeB , teAeB ) mod p , where eA and eB are the secret keys that Trent shares with A and B respectively, and t is the current system time. Trent sends c2 to A. The time t is sent to prevent replay attacks, i.e. an adversary pretending to be A may sent an old message to Bob. 3. A decrypts the message with eA and extracts the session key k and confirms that rA is the same value that he sent to Trent. Then A sends to B, c3 = ( keB , aeB , teB ) mod p. 4. B decrypts the message with eB and extracts the session key k, generates a random value rB , and sends to A the message c4 = rBk mod p. 5. A decrypts the message with k and computes rB -1 and send to B the message c5 = (rB -1)k mod p. 6. B decrypts the message with k and verifies that it is rB -1 so A must have the same session key and he is the real person. Kerberos Protocol : Suppose A wants some service from a server S. Then A must authenicate himself to the server before using it's services. In this symmetric key cryptographic protocol (using DES as encryption algorithm) , there are 2 doors that needs to be opened before getting access to the server. The first door is guarded by Kerberos and the second is the Ticket Granting Service(TGS) of the server. 1. A sends a message to the Kerberos server with his identity/password 'a' and the identity of the Ticket Granting Service(TGS) of the server 'tgs'. 2. The Kerberos server generates a timestamp t, a lifetime for the timestamp l, a random session key Ka,tgs . It then computes Ta,tgs = {tgs, DES(a, N, l, Ka,tgs ) (etgs) } , where N is the network address of A, and etgs is the secret key of the TGS shared with Kerberos. The Kerberos then encrypts the following with A's secret key eA , c1 = DES(Ka,tgs)(eA) and the following with the TGS's secret key etgs : c2 = DES(Ta,tgs)(etgs). It then sends c1 and c2 to A. 3. A decrypts c1 and extracts Ka,tgs and computes the following Aa,tgs = {DES(a, t, key) (Ka,tgs) }, where key is an additional session key . Then A computes c3 = DES(Aa,tgs)(Ka,tgs ) and sends c2 and c3 to the TGS of the server. 4. The TGS then decrypts c2 using etgs and extracts Ta,tgs . Then uses Ta,tgs to extract Ka,tgs . The TGS then decrypt c3 using Ka,tgs and extracts Aa,tgs . The TGS then decrypts Aa,tgs and compares the information in Aa,tgs with the information in Ta,tgs . If they match then the TGS sends the following to the client A: c4 = {DES( Ka,s) (Ka,tgs )} and c5 = {DES(Ta,s) ( es )}, where Ta,s = {s, DES(a, N, l, Ka,s ) (es) }, Ka,s is the secret session key for A and the server and es is the secret key the TGS shares with the server. 5. A then decrypts c4 with Ka,tgs and computes the following Aa,s = {DES(a, t, key) (Ka,s) }and then c6 = {DES(Aa,s ) (Ka,s )}. A then sends c5 and c6 to the server for communication. Secret Sharing Protocol : Handing over the control of a missile to one military general or handing over the key of the locker
at the Swiss bank to any one individual would be a risky issue since he may turn out to be crooked. So to minimise risk of a missile disaster or a bankruptcy is to partition the single key into n parts and give each part to a trusted individual responsible for the control of the missile or the locker at Swiss Bank, such that no less than m individuals can recover the orginal key from their share of the keys. e.g. If the key is K and n = 3, and m =3 then choose k1 and k2 and compute K⊕k1⊕k2 = k3 . Then distribute k1 , k2 and k3 to three trusted individuals. To construct the original key K , they need all three keys such that k1⊕k1⊕k3 = K. Algorithm : 1. Construct a (m-1) degree polynomial f(x) = am-1xm-1 + am-2xm-2 +.....+ a1x + K, where K is the original secret key and ai ∈Zp for prime p, ai 's are the secrets that must be destroyed. 2. Evaluate f(1), f(2),....., f(n) (mod p) and distribute these values to the n trusted officials assigned for the execution of the task. 3. To find K atleast m officials must come together and disclose their values, then perform Gaussian elimination to solve the linear system of equations for ai 's and K. Less than m individual cannot find K without a brute force search over Zp . Zero Knowledge Proofs : How to prove someone your identity without revealing information about you? How do you prove someone that you know the proof of a problem without showing him/her the actual proof ? This is called Zero Knowledge Proofs since you are not revealing information about your secret to the verifier at the same time convincing him/her that you are the authentic person. The verifier may be a spy who is looking to know your secret and pass on that secret to his nation. e.g. Proving Graph Isomorphism to a verifier V. Problem : P wants to prove to V the isomorphism between graphs G1 and G2 . 1. P generates a random permutation H of G1 such that H is isomorphic to G1 . P knows the isomorphism between H and G2 . Finding the isomorphism between G1 and H or G2 and H is as hard as finding the isomorphism between G1 and G2 , hence nobody knows the relations between them. 2. P sends H to V. 3. V flips a coin and if its a head then V asks P to prove that H and G1 are isomorphic, else if its a tail then V asks P to prove that H and G2 are isomorphic. 4. P then complies and proves to V either H and G1 are isomorphic or H and G2 are isomorphic. 5. P then again generates a random permutation graph H' isomorphic to either G1 or G2 and both of them then follows the steps through 1 to 4. They do these n times until V is convinced that P knows the isomorphism between G1 and G2 . Here is how it works: If P knows the isomorphism between G1 and G2 : Then whether V asks P to prove H and G1 are isomorphic or H and G2 are isomorphic, P will be able to prove V everytime until V is convinced of P's identity. If P does not know the isomorphism between G1 and G2 : Then if V asks P to prove H and , the graph from which P generated H, are isomorphic then P will be able to fool V else P will be caught as some false guy. The probability that P will be able to fool V after n round is 1 in 2n because in one round P fools V with a chance of ½. For n large, the chances of a false P passing the test is very small. Here is another variant of Zero Knowledge Proof : Suppose P wants to prove to V that he knows the solution to the DLP : my = x (mod p) without telling V what is the value of y. 1. P sends to V the values m, x and p. 2. V generates a random number a and computes the four combinations{am, a-1m-1, a-1m, am-1}
(mod p) in any random order and sends the quadruple to P, but does not reveal to P what is the ordering of the values. V only sends {u,v,w,z} ∈ {am, a-1m-1, a-1m, am-1} (mod p) and asks P to compute {uy, vy, wy, zy} (mod p). 3. P computes {uy, vy, wy, zy} (mod p) and sends them to V. 4. V then sends a (mod p) to P and asks him to find ay (mod p). 5. P computes ay (mod p) and sends to V. 6. Now V checks : {uy, vy, wy, zy} (mod p) ∈{ayx, a-yx-1, a-yx, ayx-1} (mod p) expects to be in the correct order as he sent it before. 7. If all of the above relations hold and are in the correct order then V starts another round of computation from step 2 and continues until V is convinced that P truly knows the value of y. If any of the above results does not match then P is an impostor. If P knows the ordering of {am, a-1m-1, a-1m, am-1} (mod p), then P can compute a and P can construct values such that they give the same relations as when V computes them, thus V has no chance of knowing whether P really did the computation V desired or P just constructed values to fool him. Thus an impostor P has a chance of 1 in 24 of correctly guessing the exact permutation and thus fooling V. In n rounds the chances that an impostor P successfully passes the test is 1/(24)n, which is extremely small for large n. For n=10, chances that P fools V is of the order of 10-14. V can still decrease this probability by choosing s random numbers and sending a permutation of 2s+1 elements modulo p. In that case chances of P fooling V in n rounds is 1/(2s+1 !)n . But for large s the computation performed on the part of V increases exponentially, so s = 2 and n = 10 will be a good enough choice to catch even the most notorious masterminds.

Empfohlen

Authentication protocols based on zero knowledge proof (Part 2 - Brief talk)
Authentication protocols based on zero knowledge proof (Part 2 - Brief talk)Authentication protocols based on zero knowledge proof (Part 2 - Brief talk)
Authentication protocols based on zero knowledge proof (Part 2 - Brief talk)Israel Buitron
 
Zero knowledge proofsii
Zero knowledge proofsiiZero knowledge proofsii
Zero knowledge proofsiisreesaiprakash
 
ZeroKnowledge Nominative Signatures
ZeroKnowledge Nominative SignaturesZeroKnowledge Nominative Signatures
ZeroKnowledge Nominative SignaturesSeungjoo Kim
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
Ntewrok secuirty cs7
Ntewrok secuirty cs7Ntewrok secuirty cs7
Ntewrok secuirty cs7Infinity Tech Solutions
 
Twenty years of attacks on the rsa cryptosystem
Twenty years of attacks on the rsa cryptosystemTwenty years of attacks on the rsa cryptosystem
Twenty years of attacks on the rsa cryptosystemlinzi320
 
Improving-The-Round-Complexity-of-VSS-in-Point-To-Point-Networks
Improving-The-Round-Complexity-of-VSS-in-Point-To-Point-NetworksImproving-The-Round-Complexity-of-VSS-in-Point-To-Point-Networks
Improving-The-Round-Complexity-of-VSS-in-Point-To-Point-NetworksJITENDRA KUMAR PATEL
 
encryption and decryption
encryption and decryptionencryption and decryption
encryption and decryptionSri Manakula Vinayagar Engineering College
 

Empfohlen

Authentication protocols based on zero knowledge proof (Part 2 - Brief talk)
Authentication protocols based on zero knowledge proof (Part 2 - Brief talk)Authentication protocols based on zero knowledge proof (Part 2 - Brief talk)
Authentication protocols based on zero knowledge proof (Part 2 - Brief talk)Israel Buitron
 
Zero knowledge proofsii
Zero knowledge proofsiiZero knowledge proofsii
Zero knowledge proofsiisreesaiprakash
 
ZeroKnowledge Nominative Signatures
ZeroKnowledge Nominative SignaturesZeroKnowledge Nominative Signatures
ZeroKnowledge Nominative SignaturesSeungjoo Kim
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
Ntewrok secuirty cs7
Ntewrok secuirty cs7Ntewrok secuirty cs7
Ntewrok secuirty cs7Infinity Tech Solutions
 
Twenty years of attacks on the rsa cryptosystem
Twenty years of attacks on the rsa cryptosystemTwenty years of attacks on the rsa cryptosystem
Twenty years of attacks on the rsa cryptosystemlinzi320
 
Improving-The-Round-Complexity-of-VSS-in-Point-To-Point-Networks
Improving-The-Round-Complexity-of-VSS-in-Point-To-Point-NetworksImproving-The-Round-Complexity-of-VSS-in-Point-To-Point-Networks
Improving-The-Round-Complexity-of-VSS-in-Point-To-Point-NetworksJITENDRA KUMAR PATEL
 
encryption and decryption
encryption and decryptionencryption and decryption
encryption and decryptionSri Manakula Vinayagar Engineering College
 
Diffie-hellman algorithm
Diffie-hellman algorithmDiffie-hellman algorithm
Diffie-hellman algorithmComputer_ at_home
 
Number Theory In Cryptography
Number Theory In CryptographyNumber Theory In Cryptography
Number Theory In CryptographyAadya Vatsa
 
Network security CS2
Network security CS2Network security CS2
Network security CS2Infinity Tech Solutions
 
Diffie_Hellman-Merkle Key Exchange
Diffie_Hellman-Merkle Key ExchangeDiffie_Hellman-Merkle Key Exchange
Diffie_Hellman-Merkle Key ExchangeKevin OBrien
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Block coding, error detection (Parity checking, Cyclic redundancy checking (C...
Block coding, error detection (Parity checking, Cyclic redundancy checking (C...Block coding, error detection (Parity checking, Cyclic redundancy checking (C...
Block coding, error detection (Parity checking, Cyclic redundancy checking (C...Paulo_Vangui
 
Fast Multiparty Threshold ECDSA with Fast TrustlessSetup
Fast Multiparty Threshold ECDSA with Fast TrustlessSetupFast Multiparty Threshold ECDSA with Fast TrustlessSetup
Fast Multiparty Threshold ECDSA with Fast TrustlessSetupNational Chengchi University
 
Basics of coding theory
Basics of coding theoryBasics of coding theory
Basics of coding theoryMadhumita Tamhane
 
Answers computer networks 159334 assignment_2_2010
Answers computer networks 159334 assignment_2_2010Answers computer networks 159334 assignment_2_2010
Answers computer networks 159334 assignment_2_2010Lakshmi Gupta
 
Cs8792 cns - Public key cryptosystem (Unit III)
Cs8792 cns - Public key cryptosystem (Unit III)Cs8792 cns - Public key cryptosystem (Unit III)
Cs8792 cns - Public key cryptosystem (Unit III)ArthyR3
 
Diffiehellman
DiffiehellmanDiffiehellman
Diffiehellmanchenlahero
 
Hamming codes
Hamming codesHamming codes
Hamming codesGIGI JOSEPH
 
G0423538
G0423538G0423538
G0423538IOSR Journals
 
Classical programming interview questions
Classical programming interview questionsClassical programming interview questions
Classical programming interview questionsGradeup
 
RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2Fahad Layth
 
Fibonacci using matlab
Fibonacci using matlabFibonacci using matlab
Fibonacci using matlabAdeshina Adebanjo
 
Ch09
Ch09Ch09
Ch09Joe Christensen
 
Data Protection Techniques and Cryptography
Data Protection Techniques and CryptographyData Protection Techniques and Cryptography
Data Protection Techniques and CryptographyTalha SAVAS
 
Al-Gamal-W6(al gamal)-d1-d2
Al-Gamal-W6(al gamal)-d1-d2Al-Gamal-W6(al gamal)-d1-d2
Al-Gamal-W6(al gamal)-d1-d2Fahad Layth
 
linear codes and cyclic codes
linear codes and cyclic codeslinear codes and cyclic codes
linear codes and cyclic codessaigopinadh bodigiri
 
Compiler design file
Compiler design fileCompiler design file
Compiler design fileUrvashi Tyagi
 
Storyboard.
Storyboard.Storyboard.
Storyboard.andresdiazinfnte
 

Weitere ähnliche Inhalte

Was ist angesagt?

Number Theory In Cryptography
Number Theory In CryptographyNumber Theory In Cryptography
Number Theory In CryptographyAadya Vatsa
 
Diffie_Hellman-Merkle Key Exchange
Diffie_Hellman-Merkle Key ExchangeDiffie_Hellman-Merkle Key Exchange
Diffie_Hellman-Merkle Key ExchangeKevin OBrien
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Block coding, error detection (Parity checking, Cyclic redundancy checking (C...
Block coding, error detection (Parity checking, Cyclic redundancy checking (C...Block coding, error detection (Parity checking, Cyclic redundancy checking (C...
Block coding, error detection (Parity checking, Cyclic redundancy checking (C...Paulo_Vangui
 
Fast Multiparty Threshold ECDSA with Fast TrustlessSetup
Fast Multiparty Threshold ECDSA with Fast TrustlessSetupFast Multiparty Threshold ECDSA with Fast TrustlessSetup
Fast Multiparty Threshold ECDSA with Fast TrustlessSetupNational Chengchi University
 
Answers computer networks 159334 assignment_2_2010
Answers computer networks 159334 assignment_2_2010Answers computer networks 159334 assignment_2_2010
Answers computer networks 159334 assignment_2_2010Lakshmi Gupta
 
Cs8792 cns - Public key cryptosystem (Unit III)
Cs8792 cns - Public key cryptosystem (Unit III)Cs8792 cns - Public key cryptosystem (Unit III)
Cs8792 cns - Public key cryptosystem (Unit III)ArthyR3
 
Classical programming interview questions
Classical programming interview questionsClassical programming interview questions
Classical programming interview questionsGradeup
 
RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2Fahad Layth
 
Data Protection Techniques and Cryptography
Data Protection Techniques and CryptographyData Protection Techniques and Cryptography
Data Protection Techniques and CryptographyTalha SAVAS
 
Al-Gamal-W6(al gamal)-d1-d2
Al-Gamal-W6(al gamal)-d1-d2Al-Gamal-W6(al gamal)-d1-d2
Al-Gamal-W6(al gamal)-d1-d2Fahad Layth
 

Was ist angesagt? (20)

Diffie-hellman algorithm
Diffie-hellman algorithmDiffie-hellman algorithm
Diffie-hellman algorithm
 
Number Theory In Cryptography
Number Theory In CryptographyNumber Theory In Cryptography
Number Theory In Cryptography
 
Network security CS2
Network security CS2Network security CS2
Network security CS2
 
Diffie_Hellman-Merkle Key Exchange
Diffie_Hellman-Merkle Key ExchangeDiffie_Hellman-Merkle Key Exchange
Diffie_Hellman-Merkle Key Exchange
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Block coding, error detection (Parity checking, Cyclic redundancy checking (C...
Block coding, error detection (Parity checking, Cyclic redundancy checking (C...Block coding, error detection (Parity checking, Cyclic redundancy checking (C...
Block coding, error detection (Parity checking, Cyclic redundancy checking (C...
 
Fast Multiparty Threshold ECDSA with Fast TrustlessSetup
Fast Multiparty Threshold ECDSA with Fast TrustlessSetupFast Multiparty Threshold ECDSA with Fast TrustlessSetup
Fast Multiparty Threshold ECDSA with Fast TrustlessSetup
 
Basics of coding theory
Basics of coding theoryBasics of coding theory
Basics of coding theory
 
Answers computer networks 159334 assignment_2_2010
Answers computer networks 159334 assignment_2_2010Answers computer networks 159334 assignment_2_2010
Answers computer networks 159334 assignment_2_2010
 
Cs8792 cns - Public key cryptosystem (Unit III)
Cs8792 cns - Public key cryptosystem (Unit III)Cs8792 cns - Public key cryptosystem (Unit III)
Cs8792 cns - Public key cryptosystem (Unit III)
 
Diffiehellman
DiffiehellmanDiffiehellman
Diffiehellman
 
Hamming codes
Hamming codesHamming codes
Hamming codes
 
G0423538
G0423538G0423538
G0423538
 
Classical programming interview questions
Classical programming interview questionsClassical programming interview questions
Classical programming interview questions
 
RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2
 
Fibonacci using matlab
Fibonacci using matlabFibonacci using matlab
Fibonacci using matlab
 
Ch09
Ch09Ch09
Ch09
 
Data Protection Techniques and Cryptography
Data Protection Techniques and CryptographyData Protection Techniques and Cryptography
Data Protection Techniques and Cryptography
 
Al-Gamal-W6(al gamal)-d1-d2
Al-Gamal-W6(al gamal)-d1-d2Al-Gamal-W6(al gamal)-d1-d2
Al-Gamal-W6(al gamal)-d1-d2
 
linear codes and cyclic codes
linear codes and cyclic codeslinear codes and cyclic codes
linear codes and cyclic codes
 

Andere mochten auch

Compiler design file
Compiler design fileCompiler design file
Compiler design fileUrvashi Tyagi
 
ひとりでできるもん
ひとりでできるもんひとりでできるもん
ひとりでできるもんEikichi Gotoh
 
Anteprima Legge266
Anteprima Legge266Anteprima Legge266
Anteprima Legge266MeMeEsposito
 
Ma4 set-u-s54
Ma4 set-u-s54Ma4 set-u-s54
Ma4 set-u-s54Koku Love
 
File management 101
File management 101File management 101
File management 101Niamh Foley
 
GMC Ukraine 2011/2012
GMC Ukraine 2011/2012GMC Ukraine 2011/2012
GMC Ukraine 2011/2012jshappo
 
TUGAS TIK KOMPUTER MENURUT UKURAN DAN KAPASITAS
TUGAS TIK KOMPUTER MENURUT UKURAN DAN KAPASITASTUGAS TIK KOMPUTER MENURUT UKURAN DAN KAPASITAS
TUGAS TIK KOMPUTER MENURUT UKURAN DAN KAPASITASAgus Ansori
 
Evaluation Question 2
Evaluation Question 2Evaluation Question 2
Evaluation Question 2Sammi Wilde
 
快樂,腫瘤就消失了
快樂,腫瘤就消失了快樂,腫瘤就消失了
快樂,腫瘤就消失了Fa Zhou Shi
 
Studio appartment in taj expressway 7428424386
Studio appartment in taj expressway 7428424386Studio appartment in taj expressway 7428424386
Studio appartment in taj expressway 7428424386Adore Global Pvt. Ltd
 
เครื่องใช้ไฟฟ้า
เครื่องใช้ไฟฟ้าเครื่องใช้ไฟฟ้า
เครื่องใช้ไฟฟ้าthananat
 
Simo Corporation Overview
Simo Corporation OverviewSimo Corporation Overview
Simo Corporation Overviewdscitthelm
 
Computer and cleaning service it outsourcing
Computer and cleaning service it outsourcingComputer and cleaning service it outsourcing
Computer and cleaning service it outsourcingthuongdang1511
 
Ibope - relatório completo aprovação do governo - Julho 2016
Ibope - relatório completo aprovação do governo - Julho 2016Ibope - relatório completo aprovação do governo - Julho 2016
Ibope - relatório completo aprovação do governo - Julho 2016Miguel Rosario
 
Spanish powerpoint presentation
Spanish powerpoint presentationSpanish powerpoint presentation
Spanish powerpoint presentationMbrewer1
 

Andere mochten auch (20)

Compiler design file
Compiler design fileCompiler design file
Compiler design file
 
Storyboard.
Storyboard.Storyboard.
Storyboard.
 
ひとりでできるもん
ひとりでできるもんひとりでできるもん
ひとりでできるもん
 
Anteprima Legge266
Anteprima Legge266Anteprima Legge266
Anteprima Legge266
 
Ma4 set-u-s54
Ma4 set-u-s54Ma4 set-u-s54
Ma4 set-u-s54
 
Casbase presentation
Casbase presentationCasbase presentation
Casbase presentation
 
File management 101
File management 101File management 101
File management 101
 
Formato planeacion
Formato planeacionFormato planeacion
Formato planeacion
 
GMC Ukraine 2011/2012
GMC Ukraine 2011/2012GMC Ukraine 2011/2012
GMC Ukraine 2011/2012
 
TUGAS TIK KOMPUTER MENURUT UKURAN DAN KAPASITAS
TUGAS TIK KOMPUTER MENURUT UKURAN DAN KAPASITASTUGAS TIK KOMPUTER MENURUT UKURAN DAN KAPASITAS
TUGAS TIK KOMPUTER MENURUT UKURAN DAN KAPASITAS
 
Evaluation Question 2
Evaluation Question 2Evaluation Question 2
Evaluation Question 2
 
Mif special print_offer - 14.09.2011
Mif special print_offer - 14.09.2011Mif special print_offer - 14.09.2011
Mif special print_offer - 14.09.2011
 
快樂,腫瘤就消失了
快樂,腫瘤就消失了快樂,腫瘤就消失了
快樂,腫瘤就消失了
 
Studio appartment in taj expressway 7428424386
Studio appartment in taj expressway 7428424386Studio appartment in taj expressway 7428424386
Studio appartment in taj expressway 7428424386
 
Kkp sce 3106
Kkp sce 3106Kkp sce 3106
Kkp sce 3106
 
เครื่องใช้ไฟฟ้า
เครื่องใช้ไฟฟ้าเครื่องใช้ไฟฟ้า
เครื่องใช้ไฟฟ้า
 
Simo Corporation Overview
Simo Corporation OverviewSimo Corporation Overview
Simo Corporation Overview
 
Computer and cleaning service it outsourcing
Computer and cleaning service it outsourcingComputer and cleaning service it outsourcing
Computer and cleaning service it outsourcing
 
Ibope - relatório completo aprovação do governo - Julho 2016
Ibope - relatório completo aprovação do governo - Julho 2016Ibope - relatório completo aprovação do governo - Julho 2016
Ibope - relatório completo aprovação do governo - Julho 2016
 
Spanish powerpoint presentation
Spanish powerpoint presentationSpanish powerpoint presentation
Spanish powerpoint presentation
 

Ähnlich wie Security protocols

Senior Research Final Draft3
Senior Research Final Draft3Senior Research Final Draft3
Senior Research Final Draft3Coleman Gorham
 
Mathematical Statistics Assignment Help
Mathematical Statistics Assignment HelpMathematical Statistics Assignment Help
Mathematical Statistics Assignment HelpExcel Homework Help
 
Derivation of a prime verification formula to prove the related open problems
Derivation of a prime verification formula to prove the related open problemsDerivation of a prime verification formula to prove the related open problems
Derivation of a prime verification formula to prove the related open problemsChris De Corte
 
The Complexity Of Primality Testing
The Complexity Of Primality TestingThe Complexity Of Primality Testing
The Complexity Of Primality TestingMohammad Elsheikh
 
AUTHENTICATED PUBLIC KEY ENCRYPTION SCHEME USING ELLIPTIC CURVE CRYPTOGRAPHY
AUTHENTICATED PUBLIC KEY ENCRYPTION SCHEME USING ELLIPTIC CURVE CRYPTOGRAPHYAUTHENTICATED PUBLIC KEY ENCRYPTION SCHEME USING ELLIPTIC CURVE CRYPTOGRAPHY
AUTHENTICATED PUBLIC KEY ENCRYPTION SCHEME USING ELLIPTIC CURVE CRYPTOGRAPHYijujournal
 
AUTHENTICATED PUBLIC KEY ENCRYPTION SCHEME USING ELLIPTIC CURVE CRYPTOGRAPHY
AUTHENTICATED PUBLIC KEY ENCRYPTION SCHEME USING ELLIPTIC CURVE CRYPTOGRAPHYAUTHENTICATED PUBLIC KEY ENCRYPTION SCHEME USING ELLIPTIC CURVE CRYPTOGRAPHY
AUTHENTICATED PUBLIC KEY ENCRYPTION SCHEME USING ELLIPTIC CURVE CRYPTOGRAPHYijujournal
 
Question 1 of 215.0 PointsPseudo-random generators, pseudo.docx
Question 1 of 215.0 PointsPseudo-random generators, pseudo.docxQuestion 1 of 215.0 PointsPseudo-random generators, pseudo.docx
Question 1 of 215.0 PointsPseudo-random generators, pseudo.docxIRESH3
 
Mathematical Statistics Assignment Help
Mathematical Statistics Assignment HelpMathematical Statistics Assignment Help
Mathematical Statistics Assignment HelpExcel Homework Help
 
Elliptic Curves as Tool for Public Key Cryptography
Elliptic Curves as Tool for Public Key CryptographyElliptic Curves as Tool for Public Key Cryptography
Elliptic Curves as Tool for Public Key Cryptographyinventy
 
Complete ncert exemplar class 10
Complete ncert exemplar class 10Complete ncert exemplar class 10
Complete ncert exemplar class 10physicsmaths5
 

Ähnlich wie Security protocols (20)

Statistics Coursework Help
Statistics Coursework HelpStatistics Coursework Help
Statistics Coursework Help
 
Mathematical Statistics Assignment Help
Mathematical Statistics Assignment HelpMathematical Statistics Assignment Help
Mathematical Statistics Assignment Help
 
Statistics Coursework Help
Statistics Coursework HelpStatistics Coursework Help
Statistics Coursework Help
 
Cryptography
CryptographyCryptography
Cryptography
 
jalalam.ppt
jalalam.pptjalalam.ppt
jalalam.ppt
 
Statistics Coursework Exam Help
Statistics Coursework Exam HelpStatistics Coursework Exam Help
Statistics Coursework Exam Help
 
Senior Research Final Draft3
Senior Research Final Draft3Senior Research Final Draft3
Senior Research Final Draft3
 
Mathematical Statistics Assignment Help
Mathematical Statistics Assignment HelpMathematical Statistics Assignment Help
Mathematical Statistics Assignment Help
 
Derivation of a prime verification formula to prove the related open problems
Derivation of a prime verification formula to prove the related open problemsDerivation of a prime verification formula to prove the related open problems
Derivation of a prime verification formula to prove the related open problems
 
The Complexity Of Primality Testing
The Complexity Of Primality TestingThe Complexity Of Primality Testing
The Complexity Of Primality Testing
 
AUTHENTICATED PUBLIC KEY ENCRYPTION SCHEME USING ELLIPTIC CURVE CRYPTOGRAPHY
AUTHENTICATED PUBLIC KEY ENCRYPTION SCHEME USING ELLIPTIC CURVE CRYPTOGRAPHYAUTHENTICATED PUBLIC KEY ENCRYPTION SCHEME USING ELLIPTIC CURVE CRYPTOGRAPHY
AUTHENTICATED PUBLIC KEY ENCRYPTION SCHEME USING ELLIPTIC CURVE CRYPTOGRAPHY
 
AUTHENTICATED PUBLIC KEY ENCRYPTION SCHEME USING ELLIPTIC CURVE CRYPTOGRAPHY
AUTHENTICATED PUBLIC KEY ENCRYPTION SCHEME USING ELLIPTIC CURVE CRYPTOGRAPHYAUTHENTICATED PUBLIC KEY ENCRYPTION SCHEME USING ELLIPTIC CURVE CRYPTOGRAPHY
AUTHENTICATED PUBLIC KEY ENCRYPTION SCHEME USING ELLIPTIC CURVE CRYPTOGRAPHY
 
Algorithms Exam Help
Algorithms Exam HelpAlgorithms Exam Help
Algorithms Exam Help
 
Question 1 of 215.0 PointsPseudo-random generators, pseudo.docx
Question 1 of 215.0 PointsPseudo-random generators, pseudo.docxQuestion 1 of 215.0 PointsPseudo-random generators, pseudo.docx
Question 1 of 215.0 PointsPseudo-random generators, pseudo.docx
 
Mathematical Statistics Assignment Help
Mathematical Statistics Assignment HelpMathematical Statistics Assignment Help
Mathematical Statistics Assignment Help
 
Programming Exam Help
Programming Exam Help Programming Exam Help
Programming Exam Help
 
Elliptic Curves as Tool for Public Key Cryptography
Elliptic Curves as Tool for Public Key CryptographyElliptic Curves as Tool for Public Key Cryptography
Elliptic Curves as Tool for Public Key Cryptography
 
Complete ncert exemplar class 10
Complete ncert exemplar class 10Complete ncert exemplar class 10
Complete ncert exemplar class 10
 
Mathematical Statistics Homework Help
Mathematical Statistics Homework HelpMathematical Statistics Homework Help
Mathematical Statistics Homework Help
 
Probability Assignment Help
Probability Assignment HelpProbability Assignment Help
Probability Assignment Help
 

Mehr von Abhijit Mondal

Mysql Performance Optimization Indexing Algorithms and Data Structures
Mysql Performance Optimization Indexing Algorithms and Data StructuresMysql Performance Optimization Indexing Algorithms and Data Structures
Mysql Performance Optimization Indexing Algorithms and Data StructuresAbhijit Mondal
 
MySQL Performance Optimization
MySQL Performance OptimizationMySQL Performance Optimization
MySQL Performance OptimizationAbhijit Mondal
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key CryptographyAbhijit Mondal
 
Number Theory for Security
Number Theory for SecurityNumber Theory for Security
Number Theory for SecurityAbhijit Mondal
 

Mehr von Abhijit Mondal (8)

Pagerank
PagerankPagerank
Pagerank
 
Poster Presentation
Poster PresentationPoster Presentation
Poster Presentation
 
Mysql Performance Optimization Indexing Algorithms and Data Structures
Mysql Performance Optimization Indexing Algorithms and Data StructuresMysql Performance Optimization Indexing Algorithms and Data Structures
Mysql Performance Optimization Indexing Algorithms and Data Structures
 
MySQL Performance Optimization
MySQL Performance OptimizationMySQL Performance Optimization
MySQL Performance Optimization
 
My MSc. Project
My MSc. ProjectMy MSc. Project
My MSc. Project
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
 
Number Theory for Security
Number Theory for SecurityNumber Theory for Security
Number Theory for Security
 
Quantum games
Quantum gamesQuantum games
Quantum games
 

Kürzlich hochgeladen

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Kürzlich hochgeladen (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

Security protocols

  • 1. Security Protocols and Applications of Cryptography By: Abhijit Mondal Needham-Schroeder Protocol : Suppose A wants to talk with B over the network. How will B know that he is really talking to A. This protocol authenticates A to B at the same time allowing them to exchange session keys over the network. 1. A sends a message to Trent( a trusted individual or a computer program over the network) consisting of his name a, B's name b and a random number rA 2. Trent generates a random session key k . Trent then computes c2 = (beA , keA , rA eA , keAeB , aeAeB , teAeB ) mod p , where eA and eB are the secret keys that Trent shares with A and B respectively, and t is the current system time. Trent sends c2 to A. The time t is sent to prevent replay attacks, i.e. an adversary pretending to be A may sent an old message to Bob. 3. A decrypts the message with eA and extracts the session key k and confirms that rA is the same value that he sent to Trent. Then A sends to B, c3 = ( keB , aeB , teB ) mod p. 4. B decrypts the message with eB and extracts the session key k, generates a random value rB , and sends to A the message c4 = rBk mod p. 5. A decrypts the message with k and computes rB -1 and send to B the message c5 = (rB -1)k mod p. 6. B decrypts the message with k and verifies that it is rB -1 so A must have the same session key and he is the real person. Kerberos Protocol : Suppose A wants some service from a server S. Then A must authenicate himself to the server before using it's services. In this symmetric key cryptographic protocol (using DES as encryption algorithm) , there are 2 doors that needs to be opened before getting access to the server. The first door is guarded by Kerberos and the second is the Ticket Granting Service(TGS) of the server. 1. A sends a message to the Kerberos server with his identity/password 'a' and the identity of the Ticket Granting Service(TGS) of the server 'tgs'. 2. The Kerberos server generates a timestamp t, a lifetime for the timestamp l, a random session key Ka,tgs . It then computes Ta,tgs = {tgs, DES(a, N, l, Ka,tgs ) (etgs) } , where N is the network address of A, and etgs is the secret key of the TGS shared with Kerberos. The Kerberos then encrypts the following with A's secret key eA , c1 = DES(Ka,tgs)(eA) and the following with the TGS's secret key etgs : c2 = DES(Ta,tgs)(etgs). It then sends c1 and c2 to A. 3. A decrypts c1 and extracts Ka,tgs and computes the following Aa,tgs = {DES(a, t, key) (Ka,tgs) }, where key is an additional session key . Then A computes c3 = DES(Aa,tgs)(Ka,tgs ) and sends c2 and c3 to the TGS of the server. 4. The TGS then decrypts c2 using etgs and extracts Ta,tgs . Then uses Ta,tgs to extract Ka,tgs . The TGS then decrypt c3 using Ka,tgs and extracts Aa,tgs . The TGS then decrypts Aa,tgs and compares the information in Aa,tgs with the information in Ta,tgs . If they match then the TGS sends the following to the client A: c4 = {DES( Ka,s) (Ka,tgs )} and c5 = {DES(Ta,s) ( es )}, where Ta,s = {s, DES(a, N, l, Ka,s ) (es) }, Ka,s is the secret session key for A and the server and es is the secret key the TGS shares with the server. 5. A then decrypts c4 with Ka,tgs and computes the following Aa,s = {DES(a, t, key) (Ka,s) }and then c6 = {DES(Aa,s ) (Ka,s )}. A then sends c5 and c6 to the server for communication. Secret Sharing Protocol : Handing over the control of a missile to one military general or handing over the key of the locker
  • 2. at the Swiss bank to any one individual would be a risky issue since he may turn out to be crooked. So to minimise risk of a missile disaster or a bankruptcy is to partition the single key into n parts and give each part to a trusted individual responsible for the control of the missile or the locker at Swiss Bank, such that no less than m individuals can recover the orginal key from their share of the keys. e.g. If the key is K and n = 3, and m =3 then choose k1 and k2 and compute K⊕k1⊕k2 = k3 . Then distribute k1 , k2 and k3 to three trusted individuals. To construct the original key K , they need all three keys such that k1⊕k1⊕k3 = K. Algorithm : 1. Construct a (m-1) degree polynomial f(x) = am-1xm-1 + am-2xm-2 +.....+ a1x + K, where K is the original secret key and ai ∈Zp for prime p, ai 's are the secrets that must be destroyed. 2. Evaluate f(1), f(2),....., f(n) (mod p) and distribute these values to the n trusted officials assigned for the execution of the task. 3. To find K atleast m officials must come together and disclose their values, then perform Gaussian elimination to solve the linear system of equations for ai 's and K. Less than m individual cannot find K without a brute force search over Zp . Zero Knowledge Proofs : How to prove someone your identity without revealing information about you? How do you prove someone that you know the proof of a problem without showing him/her the actual proof ? This is called Zero Knowledge Proofs since you are not revealing information about your secret to the verifier at the same time convincing him/her that you are the authentic person. The verifier may be a spy who is looking to know your secret and pass on that secret to his nation. e.g. Proving Graph Isomorphism to a verifier V. Problem : P wants to prove to V the isomorphism between graphs G1 and G2 . 1. P generates a random permutation H of G1 such that H is isomorphic to G1 . P knows the isomorphism between H and G2 . Finding the isomorphism between G1 and H or G2 and H is as hard as finding the isomorphism between G1 and G2 , hence nobody knows the relations between them. 2. P sends H to V. 3. V flips a coin and if its a head then V asks P to prove that H and G1 are isomorphic, else if its a tail then V asks P to prove that H and G2 are isomorphic. 4. P then complies and proves to V either H and G1 are isomorphic or H and G2 are isomorphic. 5. P then again generates a random permutation graph H' isomorphic to either G1 or G2 and both of them then follows the steps through 1 to 4. They do these n times until V is convinced that P knows the isomorphism between G1 and G2 . Here is how it works: If P knows the isomorphism between G1 and G2 : Then whether V asks P to prove H and G1 are isomorphic or H and G2 are isomorphic, P will be able to prove V everytime until V is convinced of P's identity. If P does not know the isomorphism between G1 and G2 : Then if V asks P to prove H and , the graph from which P generated H, are isomorphic then P will be able to fool V else P will be caught as some false guy. The probability that P will be able to fool V after n round is 1 in 2n because in one round P fools V with a chance of ½. For n large, the chances of a false P passing the test is very small. Here is another variant of Zero Knowledge Proof : Suppose P wants to prove to V that he knows the solution to the DLP : my = x (mod p) without telling V what is the value of y. 1. P sends to V the values m, x and p. 2. V generates a random number a and computes the four combinations{am, a-1m-1, a-1m, am-1}
  • 3. (mod p) in any random order and sends the quadruple to P, but does not reveal to P what is the ordering of the values. V only sends {u,v,w,z} ∈ {am, a-1m-1, a-1m, am-1} (mod p) and asks P to compute {uy, vy, wy, zy} (mod p). 3. P computes {uy, vy, wy, zy} (mod p) and sends them to V. 4. V then sends a (mod p) to P and asks him to find ay (mod p). 5. P computes ay (mod p) and sends to V. 6. Now V checks : {uy, vy, wy, zy} (mod p) ∈{ayx, a-yx-1, a-yx, ayx-1} (mod p) expects to be in the correct order as he sent it before. 7. If all of the above relations hold and are in the correct order then V starts another round of computation from step 2 and continues until V is convinced that P truly knows the value of y. If any of the above results does not match then P is an impostor. If P knows the ordering of {am, a-1m-1, a-1m, am-1} (mod p), then P can compute a and P can construct values such that they give the same relations as when V computes them, thus V has no chance of knowing whether P really did the computation V desired or P just constructed values to fool him. Thus an impostor P has a chance of 1 in 24 of correctly guessing the exact permutation and thus fooling V. In n rounds the chances that an impostor P successfully passes the test is 1/(24)n, which is extremely small for large n. For n=10, chances that P fools V is of the order of 10-14. V can still decrease this probability by choosing s random numbers and sending a permutation of 2s+1 elements modulo p. In that case chances of P fooling V in n rounds is 1/(2s+1 !)n . But for large s the computation performed on the part of V increases exponentially, so s = 2 and n = 10 will be a good enough choice to catch even the most notorious masterminds.