Crypto Doc
- doc
- course
- certificate
- std
- oid
- lib
- bcp
- dev
- lwc : light weight cryptography
- attack
- KARN symmetric encrypt
- FeigeFiatShamir Zero Knowledge Proof
- Protocol for Protecting Against Impersonation
- hash
- password
doc
Developing Criteria for the Single-Device Trackof the Threshold Cryptography Project at NIST
the cryptopals crypto challenges
On the Soundness of Authenticate-then-Encrypt
course
A Graduate Course in Applied Cryptography
Advanced Tools from Modern Cryptography
Introduction to Modern Cryptography (2nd edition)
Index of /Courses/c653/lectures/PDF
Summer School on real-world crypto and privacy
Understanding Cryptography: A Textbook for Students and Practitioners
An Intensive Introduction to Cryptography
An Introduction to Mathematical Cryptography
certificate
std
| doc | note |
|---|---|
| NIST 800-38、FIPS 198 | mac |
| NIST 800-67 | 3-des |
| NIST 800-90 | random |
| RFC 5652、ANSI X9.23、ISO/IEC 7816-4 | padding |
| RFC 8017 | RSA |
| RFC 8937 | Randomness Improvements for Security Protocols |
| RFC9106 | Argon2 |
| FIPS 180-4 Secure Hash Standard (SHS) | hash |
| FIPS 202 SHA-3 Standardization | SHA3 |
| NIST 800-108 | kdf |
| NIST 800-53: Security and Privacy Controls for Information Systems and Organizations | 框架 |
| NIST 800-57 | Key Management |
| NIST 800-63 | Digital Identity Guidelines, 主要看63C |
| NIST Cryptographic Standards and Guidelines Development Program Briefing Book | 概要 |
| NIST Policy on Hash Functions | hash |
| NIST Special Publication (SP) 800-131A: Transitioning the Use of Cryptographic Algorithms and Key Lengths | algorithm & key length |
| Usage Limits on AEAD Algorithms | aead |
| Properties of AEAD algorithms | aead |
| FIPS PUB 186-3 Digital Signature Standard (DSS) | signature |
oid
Computer Security Objects Register
lib
bcp
Authenticated Encryption:Relations among notions and analysis of the generic composition paradigm
dev
Practical Cryptography for Developers
lwc : light weight cryptography
Current Lightweight Cryptography Protocols in Smart City IoT Networks: A Survey
attack
Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes
Merkle–Hellman
已被攻破,使用贪心算法。
Merkle–Hellman knapsack cryptosystem
KARN symmetric encrypt
512 bits 的 secret,拆分成left key & right key
将 plain text 拆分成 left block & right block
来回calculate hash,协助生成cipher
FeigeFiatShamir Zero Knowledge Proof
Feige–Fiat–Shamir identification scheme
零知识证明
verifier根据收到的目标数据校验,确认prover拥有某些源数据,而无需获得源数据本身。
Protocol for Protecting Against Impersonation
例如,client 生成随机数x,monitor返回 a = f(x, w),client 发送challenge c,monitor返回 z = g(x, w, a, c),client最终校验。
hash
challenge: client与server共享某个S。
client -> server 一个challenge R, server返回hash(S|R),client校验该hash;
server -> client一个challenge P,client返回hash(S|P),server校验该hash。
完整性:client与server共享某个S。
client -> server : hash(S|M),其中M为消息内容。此时该hash相归于消息验证码
password
加密一个hashed password的数据库
存储一个 hash(hash .. hash(password | salt | server ))
Lamport’s HashProblems 问题,并非双向认证,client无法鉴别server,因此client存在被中间人欺骗的风险
Strong Password Protocols
先假设client与server共享一个weak key W = hash(password)
client -> server : W(g^a mod p)
server -> client : W(g^b mod p, C) ,其中C为server到client的challenge
client -> server : K(C, D),其中K = g^(ab) mod p,D为client到server的challenge
server -> client : K(D)
Strong Password Protocols SPEKE
let g = W^2 mod p
client -> server : K_c = g^a mod p
server -> client : K_s = g^b mod p
双方共享的 K = g^(ab) mod p
Two Factor Authentication
例如,password + pin
KDC, Key Distribution Centers
例如A想与B通信,A/B均与KDC相连。
KDC将密钥R加密传给A。
KDC使用B的key加密R获得T,将T传给A。
A使用R加密消息M,获得C,将(C,T)传给B。
B使用自身的key解密T获得R,使用R解密C获得M。
问题在于KDC全控制。
CA
使用相同CA颁发的证书相互认证通信。
certificate必须与name关联。
iot 架构
perception layer (sensors, actuators),network layer(nodes, gateways, firmware), middleware layer(vendor specific third application, machine learning, real time action), application layer(third party application, consoles, websites, business model)
attack to different layer: …
network layer attack: device cloning, spoofing, eavesdropping, key attack(hard code key), brute-force, traffic analysis, MITM, sinkhole
perception layer key distribution:
- broadcast key
- group key
- master key pre-distribution
- pairwise key
factor
指标: block size, key length, gate area, technology value, round, latency, throughput
design complexity is determined by the gate value => 逻辑门。。。
ge (gate equivalent)
gate area : energy consumption relate to chip area => 大小。。。
cmos technology node: 密度。。。
security enhancement, decreasing latency, reducing energy consumption, lowering power consumption, chip area reducion
algorithm
key size, block size, round, structure type
LWBC: Lightweight Block Cipher
- FN: feistel network, 加解密电路相同(chaos-based prng, present, …)
- SPN: subtitution permutation network,没有key schedule(lwhc, qarma, lcc, …)
- SPN consume more resource than FN
LWSC: Lightweight Stream Cipher (lsc, hybrid symmetric, a4, llsc, …)
- LSFR: linear feedback shift registers
- NLFSRs: nonlinear feedback shift registers
- rc4, salsa20, trivium, chacha
ecc(modified ecc, iecc)
trade off
security, cost, performance
