1 / 11

Secret-Key Agreement without Public-Key Cryptography

Secret-Key Agreement without Public-Key Cryptography. Security Seminars Kulesh Shanmugasundaram. SYN. SYN Secret-Key Paradigms Leighton-Micali Scheme Sensor Networks Perspectives References FIN. Secret-Key Sharing. Secret-Key Sharing Paradigms Public-key framework

paul
Download Presentation

Secret-Key Agreement without Public-Key Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secret-Key Agreement without Public-Key Cryptography Security Seminars Kulesh Shanmugasundaram

  2. SYN • SYN • Secret-Key Paradigms • Leighton-Micali Scheme • Sensor Networks Perspectives • References • FIN

  3. Secret-Key Sharing • Secret-Key Sharing Paradigms • Public-key framework • Needham-Schroeder framework • Needham-Schroeder framework • Trusted authority T mediates key agreements between Alice and Bob • We know the framework well(?)

  4. Needham-Schroeder • Issues with the scheme • Requires trusted authority to be continuously available • Exposes arbitrarily many clear-text-cipher-text pairs • Requires encryption to provide authentication • Security of the scheme depends on advances in number theory

  5. Leighton-Micali Scheme • Properties of the scheme • Simple, elegant and easy to implement • Depends on ordinary one-way functions • Continuous presence of trusted authority is not required • Requires computing or storing N2k-bit keys, for an N-node network • Encryption, authentication in one protocol • Compromising nodes, trusted authority doesn’t affect the security…

  6. Leighton-Micali Scheme • One time initialization of protocol • h() denotes a hash function, + denotes xor operation • Trusted authority creates two secret master keys • Exchange key – K • Authentication key – K’ • TA assigns two keys for each node • Exchange key Ki = h(K, i) • Authentication key K’i = h(K’, i) • TA computes O(N2) keys for each pair of nodes • Exchange key Pi,j = h(Kj, i) + h(Ki, j) • Authentication key Ai,j= h(K’i, h(Kj,i))

  7. Leighton-Micali Scheme… • Computing Secret-keys • Suppose Pa,b is pair key for Alice and Bob • Alice computes E = Pa,b + h(Ka, Bob) • Alice authenticates the key Aa,b= h(Ka, E) • To decrypt Bob simply computes h(Kb, Alice) • Done!

  8. Leighton-Micali Scheme… • Security properties of the scheme • Unpredictability of individual keys • Unpredictability of pair-keys • When requesting pair-keys, requestor doesn’t need to authenticate herself • No man-in-the-middle • This is not a public-key approach

  9. Leighton-Micali Scheme… • Sensor network perspectives… • Simple operations (hash, xor) • Relatively few messages across entities • No need for a trusted authority • Pair-keys can be stored on any or all nodes • Questions • Are hash functions inexpensive? • How to efficiently find pair-keys on nodes?

  10. References • Secret-Key Agreement without Public-Key Cryptography, Tom Leighton, Silvio Micali, Crypto 93

  11. FIN Questions, comments, concerns?

More Related