Vidéo pédagogique

5.3. Attacks against the CFS Scheme

Réalisation : 5 mai 2015 Mise en ligne : 5 mai 2015
  • document 1 document 2 document 3
  • niveau 1 niveau 2 niveau 3
  • audio 1 audio 2 audio 3
Descriptif

In this session, we willhave a look at the attacks against the CFS signature scheme. As for public-keyencryption, there are two kinds of attacks against signature schemes. First kind of attack iskey recovery attacks where an attacker tries torecover the secret key from the knowledge of the publickey. These attacks are exactly the same as against the McEliececryptosystem that you have seen last week. The only difference isthe parameters. Here in the signature, we have asmall t and a large n but the algorithm remains the same. So, we won't go intodetails in this session. The second kind ofattacks are forgery attacks. These attacks try to createa valid document-signature pair that is a pair ofdocumented signature that a verifier will be ableto verify successfully. They are similar to messageattacks against McEliece but with one very simpledifference, that is, the attacker has a complete control onthe documents he wants to sign. Whereas in the McEliecescheme, the attacker is given some ciphertexts andtries to decrypt them. Depending on the version ofthe CFS signature scheme, the forgery attack willbe slightly different. In the counter version ofCFS, the attacker will choose a document, pick a counteri, compute the hash of the document and the counterand try to decode this hash as an error of weight t. But,be careful, hash is probably not decodable, only one out of t! is decodable. In thecomplete decoding version, the attacker will choose adocument, compute this hash and try to decode it as anerror of weight t + δ. In both cases the attacker has tosolve an instance of syndrome decoding. And there are two mainalgorithms to do this: Information Set Decoding orGeneralized Birthday Attack. The only difference is, aswe said, the attacker has a complete control on the document. So, instead of focusingon a single document, the attacker can focus onmany documents at a time. Instead of choosing thedocument and picking one counter, he can pick many countersto obtain many different hash values, and among these hashvalues, some will be decodable. In the complete decodingversion, the same thing, the attacker can choose manydocuments and try to forge a signature for any of these documents.

Sous-titrage
Anglais
Langue :
Anglais
Conditions d'utilisation
Ces ressources de cours sont, sauf mention contraire, diffusées sous Licence Creative Commons. L’utilisateur doit mentionner le nom de l’auteur, il peut exploiter l’œuvre sauf dans un contexte commercial et il ne peut apporter de modifications à l’œuvre originale.
Citer cette ressource:
Inria. (2015, 5 mai). 5.3. Attacks against the CFS Scheme. [Vidéo]. Canal-U. https://www.canal-u.tv/92805. (Consultée le 25 janvier 2022)
Contacter

Dans la même collection

Avec les mêmes intervenants

Sur le même thème

  • Topological insights in neuroscience
    Conférence
    01:04:20
    Topological insights in neuroscience
    Hess Bellwald
    Kathryn

    Over the past decade, and particularly over the past five years, research at the interface of topology and neuroscience has grown remarkably fast. Topology has, for example, been successfully applied

  • Modélisation de la croissance des micro-organismes
    Conférence
    00:34:52
    Modélisation de la croissance des micro-organismes
    Jong
    Hidde de

    La croissance microbienne peut être formulée comme un problème d'optimisation : comment allouer les ressources nutritives extraites de l'environnement aux différentes fonctions cellulaires afin de

  • Caches, montrez-vous !
    Conférence
    00:24:04
    Caches, montrez-vous !
    Durand
    Marie

    Les processeurs actuels permettent de l'ordre de quelques tera-opérations par seconde. Puissance nécessaire pour soutenir les besoins en simulation numérique, qui constitue, après la théorie et l

  • Théorie de l’appariement et applications actuelles
    Conférence
    00:19:54
    Théorie de l’appariement et applications actuelles

    Pourquoi y a-t-il tant de personnes sans emploi alors qu’au même moment un grand nombre de postes sont disponibles ? La théorie de l’appariement analyse ces problèmes où un certain nombre de

  • Self-Supervised Visual Learning and Synthesis
    Conférence
    01:18:00
    Self-Supervised Visual Learning and Synthesis
    Efros
    Alexei A.

    Computer vision has made impressive gains through the use of deep learning models, trained with large-scale labeled data. However, labels require expertise and curation and are expensive to collect.

  • Theoretical Foundations for Runtime Monitoring
    Conférence
    01:08:53
    Theoretical Foundations for Runtime Monitoring
    Aceto
    Luca

    Runtime monitoring/verification is a lightweight technique that complements other verification methods in a multi-pronged approach towards ensuring software correctness. The technique poses novel

  • CoNeCo: Concurrency, Networks and Coinduction
    Conférence
    01:04:31
    CoNeCo: Concurrency, Networks and Coinduction
    Silva
    Alexandra

    In recent years, concurrent Kleene algebra (CKA), an extension of Kleene Algebra (KA) that includes concurrent composition as a first-class citizen, has been proposed by Hoare et al. as a setting to

  • Le numérique face aux enjeux environnementaux et sociétaux
    Conférence
    00:47:33
    Le numérique face aux enjeux environnementaux et sociétaux
    Prados
    Emmanuel

    L’humanité est aujourd'hui confrontée à des défis sans précédent et étroitement entremêlés. Le risque d'effondrement environnemental et civilisationnel est désormais établi. Face à ces enjeux, de