Lecture 2 - Department of Computer Scienceabhishek/classes/CS601-641-441-Spring...Hash pointer...
Transcript of Lecture 2 - Department of Computer Scienceabhishek/classes/CS601-641-441-Spring...Hash pointer...
![Page 1: Lecture 2 - Department of Computer Scienceabhishek/classes/CS601-641-441-Spring...Hash pointer pointer to where some info is stored, and cryptographichash of the info If we have a](https://reader033.fdocuments.us/reader033/viewer/2022053017/5f1b0d732e9f90418446490a/html5/thumbnails/1.jpg)
Lecture 2Crypto Background – II
![Page 2: Lecture 2 - Department of Computer Scienceabhishek/classes/CS601-641-441-Spring...Hash pointer pointer to where some info is stored, and cryptographichash of the info If we have a](https://reader033.fdocuments.us/reader033/viewer/2022053017/5f1b0d732e9f90418446490a/html5/thumbnails/2.jpg)
Hash Pointers and Data Structures
![Page 3: Lecture 2 - Department of Computer Scienceabhishek/classes/CS601-641-441-Spring...Hash pointer pointer to where some info is stored, and cryptographichash of the info If we have a](https://reader033.fdocuments.us/reader033/viewer/2022053017/5f1b0d732e9f90418446490a/html5/thumbnails/3.jpg)
Hash pointer● pointer to where some info is stored, and● cryptographic hash of the info
If we have a hash pointer, we can● ask to get the info back, and● verify that it hasn’t changed
![Page 4: Lecture 2 - Department of Computer Scienceabhishek/classes/CS601-641-441-Spring...Hash pointer pointer to where some info is stored, and cryptographichash of the info If we have a](https://reader033.fdocuments.us/reader033/viewer/2022053017/5f1b0d732e9f90418446490a/html5/thumbnails/4.jpg)
(data)
H( )
will draw hash pointers like this
![Page 5: Lecture 2 - Department of Computer Scienceabhishek/classes/CS601-641-441-Spring...Hash pointer pointer to where some info is stored, and cryptographichash of the info If we have a](https://reader033.fdocuments.us/reader033/viewer/2022053017/5f1b0d732e9f90418446490a/html5/thumbnails/5.jpg)
Building data structures with hash pointers
![Page 6: Lecture 2 - Department of Computer Scienceabhishek/classes/CS601-641-441-Spring...Hash pointer pointer to where some info is stored, and cryptographichash of the info If we have a](https://reader033.fdocuments.us/reader033/viewer/2022053017/5f1b0d732e9f90418446490a/html5/thumbnails/6.jpg)
Linked list with hash pointers
data
prev: H( )
data
prev: H( )
data
prev: H( )
H( )
use case: tamper-evident log
= “Blockchain”
![Page 7: Lecture 2 - Department of Computer Scienceabhishek/classes/CS601-641-441-Spring...Hash pointer pointer to where some info is stored, and cryptographichash of the info If we have a](https://reader033.fdocuments.us/reader033/viewer/2022053017/5f1b0d732e9f90418446490a/html5/thumbnails/7.jpg)
detecting tampering
data
prev: H( )
data
prev: H( )
data
prev: H( )
H( )
use case: tamper-evident log
![Page 8: Lecture 2 - Department of Computer Scienceabhishek/classes/CS601-641-441-Spring...Hash pointer pointer to where some info is stored, and cryptographichash of the info If we have a](https://reader033.fdocuments.us/reader033/viewer/2022053017/5f1b0d732e9f90418446490a/html5/thumbnails/8.jpg)
binary tree with hash pointers = “Merkle tree”
H( ) H( )
H( ) H( ) H( ) H( )
H( ) H( ) H( ) H( ) H( ) H( ) H( ) H( )
(data) (data) (data) (data) (data) (data) (data) (data)
![Page 9: Lecture 2 - Department of Computer Scienceabhishek/classes/CS601-641-441-Spring...Hash pointer pointer to where some info is stored, and cryptographichash of the info If we have a](https://reader033.fdocuments.us/reader033/viewer/2022053017/5f1b0d732e9f90418446490a/html5/thumbnails/9.jpg)
proving membership in a Merkle tree
H( ) H( )
H( ) H( )
H( ) H( )
(data)
show O(log n) items
![Page 10: Lecture 2 - Department of Computer Scienceabhishek/classes/CS601-641-441-Spring...Hash pointer pointer to where some info is stored, and cryptographichash of the info If we have a](https://reader033.fdocuments.us/reader033/viewer/2022053017/5f1b0d732e9f90418446490a/html5/thumbnails/10.jpg)
Advantages of Merkle trees
● Tree holds many items, but just need to remember the root hash
● Can verify membership in O(log n) time/space
Variant: sorted Merkle tree● can verify non-membership in O(log n)● show items before, after the missing one
![Page 11: Lecture 2 - Department of Computer Scienceabhishek/classes/CS601-641-441-Spring...Hash pointer pointer to where some info is stored, and cryptographichash of the info If we have a](https://reader033.fdocuments.us/reader033/viewer/2022053017/5f1b0d732e9f90418446490a/html5/thumbnails/11.jpg)
More generally ...
Can use hash pointers in any pointer-baseddata structure that has no cycles
![Page 12: Lecture 2 - Department of Computer Scienceabhishek/classes/CS601-641-441-Spring...Hash pointer pointer to where some info is stored, and cryptographichash of the info If we have a](https://reader033.fdocuments.us/reader033/viewer/2022053017/5f1b0d732e9f90418446490a/html5/thumbnails/12.jpg)
Digital Signatures
![Page 13: Lecture 2 - Department of Computer Scienceabhishek/classes/CS601-641-441-Spring...Hash pointer pointer to where some info is stored, and cryptographichash of the info If we have a](https://reader033.fdocuments.us/reader033/viewer/2022053017/5f1b0d732e9f90418446490a/html5/thumbnails/13.jpg)
What we want from signatures
● Only you can sign, but anyone can verify● Signature is tied to a particular document
(can’t be cut-and-pasted to another doc)
● Even if one can see your signature on some documents, he cannot “forge” it
![Page 14: Lecture 2 - Department of Computer Scienceabhishek/classes/CS601-641-441-Spring...Hash pointer pointer to where some info is stored, and cryptographichash of the info If we have a](https://reader033.fdocuments.us/reader033/viewer/2022053017/5f1b0d732e9f90418446490a/html5/thumbnails/14.jpg)
Digital signatures
● (sk, pk) ß keygen(1k)sk: secret signing key
pk: public verification key
● sig ß sign(sk, message)
● isValid ß verify(pk, message, sig)
randomizedalgorithm
Security parameter
Typically randomized
![Page 15: Lecture 2 - Department of Computer Scienceabhishek/classes/CS601-641-441-Spring...Hash pointer pointer to where some info is stored, and cryptographichash of the info If we have a](https://reader033.fdocuments.us/reader033/viewer/2022053017/5f1b0d732e9f90418446490a/html5/thumbnails/15.jpg)
Requirements for signatures
● Correctness: “valid signatures verify”○ verify(pk, message, sign(sk, message)) == true
● Unforgeability under chosen-message attacks (UF-CMA): “can’t forge signatures”○ adversary who knows pk, and gets to see signatures on messages of his
choice, can’t produce a verifiable signature on another message
![Page 16: Lecture 2 - Department of Computer Scienceabhishek/classes/CS601-641-441-Spring...Hash pointer pointer to where some info is stored, and cryptographichash of the info If we have a](https://reader033.fdocuments.us/reader033/viewer/2022053017/5f1b0d732e9f90418446490a/html5/thumbnails/16.jpg)
Challenger Adversary
(sk, pk) ß keygen(1k)
m0
sign(sk, m0)
m1
sign(sk, m1)
. . .M, sig
M not in { m0, m1, … }
verify(pk, M, sig)
ifValid, attacker wins
pk
UF-CMA Security
Definition: A signature scheme (keygen,sign,verify) is UF-CMA secure if for every PPT adversary A, there exists a negligible function n(k) s.t.Pr[A wins in above game] = n(k)
![Page 17: Lecture 2 - Department of Computer Scienceabhishek/classes/CS601-641-441-Spring...Hash pointer pointer to where some info is stored, and cryptographichash of the info If we have a](https://reader033.fdocuments.us/reader033/viewer/2022053017/5f1b0d732e9f90418446490a/html5/thumbnails/17.jpg)
Notes
● Signatures can be shorter than message: signHash(message) rather than message
● Algorithms are randomized: need good source of randomness. Bad randomness may reveal the secret key
● fun trick: sign a hash pointer. signature “covers” the whole structure
![Page 18: Lecture 2 - Department of Computer Scienceabhishek/classes/CS601-641-441-Spring...Hash pointer pointer to where some info is stored, and cryptographichash of the info If we have a](https://reader033.fdocuments.us/reader033/viewer/2022053017/5f1b0d732e9f90418446490a/html5/thumbnails/18.jpg)
● Bitcoin uses Elliptic Curve Digital Signature Algorithm (ECDSA)
● ECDSA is a close variant of Schnorr Signature scheme over Elliptic curves
Notes…