SlideShare ist ein Scribd-Unternehmen logo

Cupdf.com public key-cryptography-569692953829a

Als PPT, PDF herunterladen
J
jsk1950

crypto

Technologie
1 von 58
1 Public Key Cryptography Tom Horton Alfred C. Weaver CS453 Electronic Commerce
2 References  Chap. 12 of our textbook  Web articles on PGP, GPG, Phil Zimmerman  Bruce Schneier, “Applied Cryptography,” John Wiley & Sons  Andrew Tanenbaum, “Computer Networks,” Prentice-Hall  Jim Kurose and Keith Ross, “Computer Networking,” Addison-Wesley
3 Overview of PKC  Also known as using asymmetric keys  A pair of keys  (Can think of this as one long key in two parts)  One used for encryption, the other for decryption  One publicly accessible, the other private to one person  Algorithms / Systems  RSA (Rivest, Shamir, Adelman)  DSA (Digital Signature Algorithm)  PGP, OpenPGP, GPG (Gnu’s PGP)  ssh, sftp  SSL
4 Public Key Cryptography Plaintext Original Plaintext Encryption Decryption Ciphertext Encryption with Receiver’s Public Key Decryption with Receiver’s Private Key
5 Mailbox Analogy  Part of the system is public yet secure  Mailbox with slot  Public: everyone can access it and leave info  Secure: info not accessible to anyone except  Usefully accessing the info requires a private key  The recipient has something personal to get to the data and read it  Matches common use (shown in slide): Sending encrypted information to someone  Other ways to use this
6
7 Public Key Cryptography  Key is some large number (string of bits)  Key has two parts, one public, one private  Public key is well-known  Trusted agents verify the public key  Private key is a secret forever  Key is arbitrarily large  Encrypt with receiver’s public key  Decrypt with receiver’s private key
8 Public Key Cryptography  1. Choose two large primes, p and q  2. Compute n = (p)(q)  3. Compute z = (p-1)(q-1)  4. Choose d such that it is relatively prime to z (no common divisor)  5. Find e such that (e)(d) modulo z = 1  6. Public key is (e,n)  7. Private key is (d,n)
9 Public Key Cryptography  8. To encrypt plaintext message m, compute c = me mod n  9. To decrypt ciphertext message c, compute m = cd mod n.
10 PKC Example  1. Choose two (large) primes, p and q  p = 3 and q = 11  2. Compute n = (p)(q)  n = (3)(11) = 33  3. Compute z = (p-1)(q-1)  z = (2)(10) = 20  4. Choose d such that it is relatively prime to z (no common divisor)  choose d = 7  7 and 20 have no common divisor
11 PKC Example  5. Find e such that (e)(d) modulo z = 1  find e such that 7e mod 20 = 1  one solution is e = 3  6. Public key is (e,n)  public key = (3, 33)  7. Private key is (d,n)  private key is (7, 33)
12 PKC Example  8. To encrypt plaintext message m, compute c = me mod n  c = m3 mod 33  note: require m < n  9. To decrypt ciphertext message c, compute m = cd mod n  m = c7 mod 33
13 PKC Example  Encode letter “S” as 19 just because it is the 19th letter of the alphabet, so plaintext message m = “S” = 19  Of course we could use any other encoding, say ASCII  Encryption (e=3):  c = me mod n = 193 mod 33  c = 6,859 mod 33 = 28  Decryption (d=7):  m = cd mod n = 287 mod 33  m = 13,492,928,512 mod 33 = 19
14 Work an Example 1. Choose two (not so large) primes, p and q p = 47 and q = 71 2. n = (p)(q) = (47)(71) = 3337 = n 3. z = (p-1)(q-1) = (46)(70) = 3220 = z 4. Choose e (or d) such that it is relatively prime to z (i.e., e and z share no common divisors) e=5? 3220/5=644 no e=23? 3220/23=140 no e=35? 3220/35=92 no e=79? 3220 and 79 share no divisors ... yes
15 Work an Example 5. Choose d such that (e)(d) modulo z = 1 So: 79d mod z = 1 now what? 6. Public key = (e, n) = (79, 3337) 7. Private key = (d, n) = (1019, 3337) Compute candidate values of d d = 1019 or 4239 or 7459 or ...
16 Work an Example 8. Encrypt: c = me mod n Let the message = m = 3 c = 3 79 mod 3337 = 4926960980478197443869440340212776567 mod 3337 = 158
17
18 Work an Example 9. Decrypt: m = cd mod n m = 158 1019 mod 3337 m = 3
19
20 Now Do This One m = 12871283761287623450982346231237462836428 e = 98982347326723847658728742384782347823477 d = 87385671910957210238457823842398472397471 n = 91239128371982491824912873918237918239183 What is me mod n? What is cd mod n? 123981203981297532739456374587469898274502399 129837129837923593045734658264927341204389245 987239472934729375923457935793457938573947593 981239123912371982749128379357935793579872391 893459873495873294573298572986798256984569873 987347373477609823497243958713057312409857753 134957831294709246798570398422362456698987987 239048203850923486095860396840958609832492398 203895793867938679387593857392720020204230...
21 Public Key Cryptography  Now imagine that p and q are hundreds of digits long!  Power of PKC based upon the difficulty of factoring large numbers  Commercial firms provide:  choice of p and q  suitable e and d  software for large integer arithmetic  registration of keys to a particular entity
22
23 RSA Implementation  Java implementation of the RSA version of public key cryptography  http://intercom.virginia.edu/crypto/crypto.html
24 Public Key + Symmetric Key  Public key algorithms are slow when used with large numbers  Commercial practice:  generate random symmetric key for each message or session  use symmetric key techniques to encrypt message(s)  encrypt the random symmetric key using PKC  provide recipient with encrypted symmetric key, signed with a digital signature, and a signature certificate
25 Digital Signatures  Digital signatures use PKC techniques to sign a message, proving the authenticity of the sender  Sender encrypts some message with his private key  Receiver consults a certification authority to verify sender’s public key  Receiver uses sender’s verified public key to decrypt sender’s message
26 Digital Signatures Plaintext Original Plaintext Encryption Decryption Ciphertext Encryption with Sender’s Private Key Decryption with Sender’s Public Key
27 Digital Signatures  ciphertext = (message)private-key mod n  message = (ciphertext)public-key mod n  In other words, reverse the use of “e” and “d” from PKC  But, PKC is slow when the keys are large  So instead, take a “hash” of the message and sign that
28 Digital Signatures  Message = m = “ABCDE”  Let hash be mod 10 sum of bytes  hash(m) = (65+66+67+68+69) mod 10  = 335 mod 10 = 5  If any byte of message changes, there is a 1 in 10 change that we will catch it  Poor choice of h, but illustrative  Later we learn how to make a good hash function
29 Digital Signatures  Sender computes hash H of plaintext  Sender encrypts hash with his private key  digsig = (H)private mod n  Receiver decrypts the digsig with sender’s public key  Hdecrypted = (digsig)public mod n  Receiver recovers the plaintext of the message from its ciphertext (however that’s done)  Receiver uses same hash function on recovered plaintext to get computed hash value, Hcomputed  If Hcomputed = Hdecrypted, then with probability p the plaintext was not altered enroute, and with probability 1 the hash was signed by the owner of the public key  How do we make p vanishingly small? (soon)
30 Still Not Done  PKC is very, very powerful  So is symmetric key if key is long  But there are still ways to attack the process, if not the algorithm
31 Bob Talks to Alice 1. Bob sends his public key 2. Alice sends her public key 3. Bob encrypts with Alice’s public key 4. Bob sends encrypted message to Alice 5. Alice decrypts with Alice’s private key 6. Alice encrypts with Bob’s public key 7. Alice sends encrypted message to Bob 8. Bob decrypts with Bob’s private key Bob and Alice are now communicating securely --- or are they?
32 Risks Bob Alice Mallory Mallory replaces Alice's and Bob's public key with her own; records data and re-encrypts it with the other person's purported public key
33 How Secure is Symmetric Key Cryptography?  DES is toast  Known that DES can be broken in a few hours, and probably in just minutes or seconds  If DES can be broken in one second, then 128-bit AES takes 119 trillion years  3DES (168 bits) takes longer  256-bit AES takes far longer  This assumes there are no trap doors (and no reason to suspect there are any)
34 How Secure is Public Key Cryptography?  As secure as you wish it to be  Moore’s Law says that computing power doubles at no increase in cost every 18 months  Approximately true since 1976  As computing power progresses, increase key length  But beware distributed computing!  Make sure key is much, much longer than any one machine can solve, because many computers might be working on it
35 How Secure is Modern Crypto?  For now, crypto provides very serious protection for electronic commerce transactions when using  symmetric keys of length >= 128 bits  public keys of length >= 1024 bits  If cryptography is so strong, why is this not a completely solved problem?
36 Key Management  Crypto is strong – so criminals, hackers, and the government go after key management  If the keys are not secure, the communication is not secure  The threat to modern cryptography is key management  key distribution  key revocation  key storage  key theft
37 Digital Signature Sender’s data Hash algorithm (SHA-1, MD5) Hash code (message digest) PKC encryption Sender’s private key Digital signature Validate with sender’s public key Timestamp Timestamp
38 Hash Code  What makes a good hash code?  Recall why we use it:  the hash code is digitally signed (rather than the message itself) for computational economy  the hash code is used to prove message integrity  hash(P) = hash ( D ( E ( P) ) )
39 Characteristics  One-way hash function H operates on arbitrary length message M and returns a fixed length hash value, h=H(M)  Many functions can do that  Our goals are  given M, easy to compute h  given h, difficult to compute M s.t. H(M)=h  given M, hard to find M’ such that H(M’) = H(M)
40 Hash Codes (Message Digests) One example scheme: 01011111 …. 11 01001110 …. 10 00100001 …. 01 01001001 …. 11 11010100 …. 10 11110000 …. 11 10001011 …. 00 File for which you wish to prove integrity (M) h = 11010110 ... 10 = H(M) H = exclusive-OR
41 Discussion  Let the hash function H() be the n-bit wide exclusive-or of the message M.  Is that a good hash function?  Advantages?  Disadvantages?
42 Discuss What if H(M) is a 16-bit wide exclusive OR? M = “I will buy your house for $1,000,000” M base 2 = 01100101 01101100 00101010 01101010 ..... H(M) = 10010100 01010110 Premise: If I use EX-OR as hash, and digitally sign the hash value, then neither you nor I can change the contract because doing so would change the hash, and thus H(D(E(P))) != H(P). Is that true?
43 Cheating with Digital Signatures 1. Change $1,000,000 to $1 2. Hash is only 16 bits wide. 3. There are only 216 hash values. 4. Start generating other variations on the message that are merely cosmetic, e.g., replace space with space-backspace-space, or replace “.<CR>” with “.<space><CR>” 5. If this were a contract with >16 lines, making or not making one change on each of 16 lines would produce >216 variations of the document. 6. Not all 216 hash values are necessarily present---this just shows that it is relatively easy to produce a large number of variants quickly and easily – and automatically!
44 Cheating with Digital Signatures  So take the original document and digitally sign it.  Take a version of the altered document where H(M’)=H(M) and sign that one also.  Present your check for $1.  Go to court to enforce the digitally signed contract M’ where the price is $1.
45 Lessons  Lesson #1: H(M) needs to produce a lot more than 16 bits. Target 128 or 256.  Lesson #2: And while we’re at it, let’s stir the bits when computing H(M) so that hash bits are a function of more than just a single column of bits. Want each hash bit hi to be a function of many input bits (as with DES).
46 MD5  Bruce Schneier, “Applied Cryptography”, pages 436-441.
47 Key Escrow  The story of the Clipper chip and the plan for key escrow
48 Threats  Distributed computing (grid computing) on the scale of the Internet  Quantum computing
49
50 Pretty Good Privacy  PGP designed by Phillip Zimmerman for electronic mail  Uses three known techniques:  IDEA for encrypting email message  International Data Exchange Algorithm  block cipher with 64-bit blocks  similar in concept but different in details from DES  uses 128-bit keys  patented, but free for non-commercial use
51 Controversies  Was released overseas  Zimmerman says not by him  US Government investigated him for 3 years under the Arms Export Control Act  Dropped in 1996  Use of RSA patents  PGP eventually became a company  Open PGP  Use by non-government groups  Dissidents, terrorists, etc.
52 PGP  RSA public key encryption  permits keys up to 2,047 bits in length  Digital signatures use MD5 as the one-way hash function  PGP generates a random 128-bit symmetric key, used by IDEA for each email message  PGP generates its own public/private key pairs  Keys are stored locally using a hashed pass phrase
53 Hashed Pass Phrase  Access to the private key is granted by providing the “pass phrase” (not password)  Should be on the order of 100 characters  Issues with a pass phrase:  what’s the chance of guessing a 100 character phrase?  Is it 2^(100*8)?
54 Hashed Pass Phrase  People don’t want to type 100 characters, so they are typically shorter  Can you remember “ndjehrkanf48ahdmmdh3jnqlkfyebnekfjnanrb9roakfn 63nfgaprektnvcgesiwm”?  Dictionary attacks (common words)  Personal knowledge attacks (spouse, children, pets, birthdays, anniversaries)  Cultural bias (English)  Subject bias (computing, accounting)
55 PGP  PGP does not use conventional certificates (too expensive)  Instead,  users generate and distribute their own public keys  sign each other’s public keys  save trusted public keys on public-key ring  users build a web of trust  users determine how much to trust
56 PGP Comments  PGP is very powerful for email  runs on many platforms  available free from www.pgpi.org  But  no key revocation authority  no foolproof way to withdraw a compromised key  maybe there are some residual concerns over a prior government lawsuit (now resolved) against Phil Zimmerman
57
58

Empfohlen

D017433134
D017433134D017433134
D017433134IOSR Journals
 
RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHY
RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHYRSA - ENCRYPTION ALGORITHM CRYPTOGRAPHY
RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHYQualcomm
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 
Presentation on Cryptography_Based on IEEE_Paper
Presentation on Cryptography_Based on IEEE_PaperPresentation on Cryptography_Based on IEEE_Paper
Presentation on Cryptography_Based on IEEE_PaperNithin Cv
 
Using NP Problems to Share Keys in Secret-Key Cryptography
Using NP Problems to Share Keys in Secret-Key CryptographyUsing NP Problems to Share Keys in Secret-Key Cryptography
Using NP Problems to Share Keys in Secret-Key Cryptographyiosrjce
 
F010243136
F010243136F010243136
F010243136IOSR Journals
 
White Paper on Cryptography
White Paper on Cryptography White Paper on Cryptography
White Paper on Cryptography Durgesh Malviya
 
EFFICIENT CONDITIONAL PROXY REENCRYPTION WITH CHOSEN CIPHER TEXT SECURITY
EFFICIENT CONDITIONAL PROXY REENCRYPTION WITH CHOSEN CIPHER TEXT SECURITYEFFICIENT CONDITIONAL PROXY REENCRYPTION WITH CHOSEN CIPHER TEXT SECURITY
EFFICIENT CONDITIONAL PROXY REENCRYPTION WITH CHOSEN CIPHER TEXT SECURITYIJNSA Journal
 

Empfohlen

D017433134
D017433134D017433134
D017433134IOSR Journals
 
RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHY
RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHYRSA - ENCRYPTION ALGORITHM CRYPTOGRAPHY
RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHYQualcomm
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 
Presentation on Cryptography_Based on IEEE_Paper
Presentation on Cryptography_Based on IEEE_PaperPresentation on Cryptography_Based on IEEE_Paper
Presentation on Cryptography_Based on IEEE_PaperNithin Cv
 
Using NP Problems to Share Keys in Secret-Key Cryptography
Using NP Problems to Share Keys in Secret-Key CryptographyUsing NP Problems to Share Keys in Secret-Key Cryptography
Using NP Problems to Share Keys in Secret-Key Cryptographyiosrjce
 
F010243136
F010243136F010243136
F010243136IOSR Journals
 
White Paper on Cryptography
White Paper on Cryptography White Paper on Cryptography
White Paper on Cryptography Durgesh Malviya
 
EFFICIENT CONDITIONAL PROXY REENCRYPTION WITH CHOSEN CIPHER TEXT SECURITY
EFFICIENT CONDITIONAL PROXY REENCRYPTION WITH CHOSEN CIPHER TEXT SECURITYEFFICIENT CONDITIONAL PROXY REENCRYPTION WITH CHOSEN CIPHER TEXT SECURITY
EFFICIENT CONDITIONAL PROXY REENCRYPTION WITH CHOSEN CIPHER TEXT SECURITYIJNSA Journal
 
Ch12 Encryption
Ch12 EncryptionCh12 Encryption
Ch12 Encryptionphanleson
 
Rsa cryptosystem
Rsa cryptosystemRsa cryptosystem
Rsa cryptosystemAbhishek Gautam
 
Implementation of bpsc stegnography ( synopsis)
Implementation of bpsc stegnography ( synopsis)Implementation of bpsc stegnography ( synopsis)
Implementation of bpsc stegnography ( synopsis)Mumbai Academisc
 
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...IJNSA Journal
 
C0211822
C0211822C0211822
C0211822inventionjournals
 
BLIND SIGNATURE SCHEME BASED ON CHEBYSHEV POLYNOMIALS
BLIND SIGNATURE SCHEME BASED ON CHEBYSHEV POLYNOMIALSBLIND SIGNATURE SCHEME BASED ON CHEBYSHEV POLYNOMIALS
BLIND SIGNATURE SCHEME BASED ON CHEBYSHEV POLYNOMIALSIJNSA Journal
 
Design and implementation of network security using genetic algorithm
Design and implementation of network security using genetic algorithmDesign and implementation of network security using genetic algorithm
Design and implementation of network security using genetic algorithmeSAT Publishing House
 
A survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic EncryptionA survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic Encryptioniosrjce
 
Dsouza
DsouzaDsouza
Dsouzafdione
 
A Public-Key Cryptosystem Based On Discrete Logarithm Problem over Finite Fie...
A Public-Key Cryptosystem Based On Discrete Logarithm Problem over Finite Fie...A Public-Key Cryptosystem Based On Discrete Logarithm Problem over Finite Fie...
A Public-Key Cryptosystem Based On Discrete Logarithm Problem over Finite Fie...IOSR Journals
 
RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2Fahad Layth
 
A comparative analysis of the possible attacks on rsa cryptosystem
A comparative analysis of the possible attacks on rsa cryptosystemA comparative analysis of the possible attacks on rsa cryptosystem
A comparative analysis of the possible attacks on rsa cryptosystemIAEME Publication
 
3 pkc+rsa
3 pkc+rsa3 pkc+rsa
3 pkc+rsaShashank Mishra
 
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...CSCJournals
 
An Efficient and Secure ID Based Group Signature Scheme from Bilinear Pairings
An Efficient and Secure ID Based Group Signature Scheme from Bilinear PairingsAn Efficient and Secure ID Based Group Signature Scheme from Bilinear Pairings
An Efficient and Secure ID Based Group Signature Scheme from Bilinear PairingsEswar Publications
 
Criptography approach using magnets
Criptography approach using magnetsCriptography approach using magnets
Criptography approach using magnetssnv09
 
Pkcs 5
Pkcs 5Pkcs 5
Pkcs 5snakesv
 
Implementation of-hybrid-cryptography-algorithm
Implementation of-hybrid-cryptography-algorithmImplementation of-hybrid-cryptography-algorithm
Implementation of-hybrid-cryptography-algorithmIjcem Journal
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptographySuresh Thammishetty
 
Encryption
EncryptionEncryption
EncryptionNaiyan Noor
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityNagendra Um
 
Rsa diffi-network security-itt
Rsa diffi-network security-ittRsa diffi-network security-itt
Rsa diffi-network security-ittrameshvvv
 

Weitere ähnliche Inhalte

Was ist angesagt?

Ch12 Encryption
Ch12 EncryptionCh12 Encryption
Ch12 Encryptionphanleson
 
Implementation of bpsc stegnography ( synopsis)
Implementation of bpsc stegnography ( synopsis)Implementation of bpsc stegnography ( synopsis)
Implementation of bpsc stegnography ( synopsis)Mumbai Academisc
 
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...IJNSA Journal
 
BLIND SIGNATURE SCHEME BASED ON CHEBYSHEV POLYNOMIALS
BLIND SIGNATURE SCHEME BASED ON CHEBYSHEV POLYNOMIALSBLIND SIGNATURE SCHEME BASED ON CHEBYSHEV POLYNOMIALS
BLIND SIGNATURE SCHEME BASED ON CHEBYSHEV POLYNOMIALSIJNSA Journal
 
Design and implementation of network security using genetic algorithm
Design and implementation of network security using genetic algorithmDesign and implementation of network security using genetic algorithm
Design and implementation of network security using genetic algorithmeSAT Publishing House
 
A survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic EncryptionA survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic Encryptioniosrjce
 
Dsouza
DsouzaDsouza
Dsouzafdione
 
A Public-Key Cryptosystem Based On Discrete Logarithm Problem over Finite Fie...
A Public-Key Cryptosystem Based On Discrete Logarithm Problem over Finite Fie...A Public-Key Cryptosystem Based On Discrete Logarithm Problem over Finite Fie...
A Public-Key Cryptosystem Based On Discrete Logarithm Problem over Finite Fie...IOSR Journals
 
RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2Fahad Layth
 
A comparative analysis of the possible attacks on rsa cryptosystem
A comparative analysis of the possible attacks on rsa cryptosystemA comparative analysis of the possible attacks on rsa cryptosystem
A comparative analysis of the possible attacks on rsa cryptosystemIAEME Publication
 
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...CSCJournals
 
An Efficient and Secure ID Based Group Signature Scheme from Bilinear Pairings
An Efficient and Secure ID Based Group Signature Scheme from Bilinear PairingsAn Efficient and Secure ID Based Group Signature Scheme from Bilinear Pairings
An Efficient and Secure ID Based Group Signature Scheme from Bilinear PairingsEswar Publications
 
Criptography approach using magnets
Criptography approach using magnetsCriptography approach using magnets
Criptography approach using magnetssnv09
 
Implementation of-hybrid-cryptography-algorithm
Implementation of-hybrid-cryptography-algorithmImplementation of-hybrid-cryptography-algorithm
Implementation of-hybrid-cryptography-algorithmIjcem Journal
 

Was ist angesagt? (18)

Ch12 Encryption
Ch12 EncryptionCh12 Encryption
Ch12 Encryption
 
Rsa cryptosystem
Rsa cryptosystemRsa cryptosystem
Rsa cryptosystem
 
Implementation of bpsc stegnography ( synopsis)
Implementation of bpsc stegnography ( synopsis)Implementation of bpsc stegnography ( synopsis)
Implementation of bpsc stegnography ( synopsis)
 
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...
 
C0211822
C0211822C0211822
C0211822
 
BLIND SIGNATURE SCHEME BASED ON CHEBYSHEV POLYNOMIALS
BLIND SIGNATURE SCHEME BASED ON CHEBYSHEV POLYNOMIALSBLIND SIGNATURE SCHEME BASED ON CHEBYSHEV POLYNOMIALS
BLIND SIGNATURE SCHEME BASED ON CHEBYSHEV POLYNOMIALS
 
Design and implementation of network security using genetic algorithm
Design and implementation of network security using genetic algorithmDesign and implementation of network security using genetic algorithm
Design and implementation of network security using genetic algorithm
 
A survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic EncryptionA survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic Encryption
 
Dsouza
DsouzaDsouza
Dsouza
 
A Public-Key Cryptosystem Based On Discrete Logarithm Problem over Finite Fie...
A Public-Key Cryptosystem Based On Discrete Logarithm Problem over Finite Fie...A Public-Key Cryptosystem Based On Discrete Logarithm Problem over Finite Fie...
A Public-Key Cryptosystem Based On Discrete Logarithm Problem over Finite Fie...
 
RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2RSA-W7(rsa) d1-d2
RSA-W7(rsa) d1-d2
 
A comparative analysis of the possible attacks on rsa cryptosystem
A comparative analysis of the possible attacks on rsa cryptosystemA comparative analysis of the possible attacks on rsa cryptosystem
A comparative analysis of the possible attacks on rsa cryptosystem
 
3 pkc+rsa
3 pkc+rsa3 pkc+rsa
3 pkc+rsa
 
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...
 
An Efficient and Secure ID Based Group Signature Scheme from Bilinear Pairings
An Efficient and Secure ID Based Group Signature Scheme from Bilinear PairingsAn Efficient and Secure ID Based Group Signature Scheme from Bilinear Pairings
An Efficient and Secure ID Based Group Signature Scheme from Bilinear Pairings
 
Criptography approach using magnets
Criptography approach using magnetsCriptography approach using magnets
Criptography approach using magnets
 
Pkcs 5
Pkcs 5Pkcs 5
Pkcs 5
 
Implementation of-hybrid-cryptography-algorithm
Implementation of-hybrid-cryptography-algorithmImplementation of-hybrid-cryptography-algorithm
Implementation of-hybrid-cryptography-algorithm
 

Ähnlich wie Cupdf.com public key-cryptography-569692953829a

Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityNagendra Um
 
Rsa diffi-network security-itt
Rsa diffi-network security-ittRsa diffi-network security-itt
Rsa diffi-network security-ittrameshvvv
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptxSurendraBasnet6
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSASrilal Buddika
 
Cryptography and applications
Cryptography and applicationsCryptography and applications
Cryptography and applicationsthai
 
ch09_rsa_nemo.ppt
ch09_rsa_nemo.pptch09_rsa_nemo.ppt
ch09_rsa_nemo.pptChandraB15
 
aacyberessential3cryptography-131067585699078884.pptx
aacyberessential3cryptography-131067585699078884.pptxaacyberessential3cryptography-131067585699078884.pptx
aacyberessential3cryptography-131067585699078884.pptxImXaib
 
Senior Research Final Draft3
Senior Research Final Draft3Senior Research Final Draft3
Senior Research Final Draft3Coleman Gorham
 
PUBLIC KEY & RSA.ppt
PUBLIC KEY & RSA.pptPUBLIC KEY & RSA.ppt
PUBLIC KEY & RSA.pptRizwanBasha12
 

Ähnlich wie Cupdf.com public key-cryptography-569692953829a (20)

Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
 
Encryption
EncryptionEncryption
Encryption
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Rsa diffi-network security-itt
Rsa diffi-network security-ittRsa diffi-network security-itt
Rsa diffi-network security-itt
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptx
 
What is Encryption
What is EncryptionWhat is Encryption
What is Encryption
 
Rsa
RsaRsa
Rsa
 
Unit --3.ppt
Unit --3.pptUnit --3.ppt
Unit --3.ppt
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSA
 
Cryptography and applications
Cryptography and applicationsCryptography and applications
Cryptography and applications
 
ch09_rsa_nemo.ppt
ch09_rsa_nemo.pptch09_rsa_nemo.ppt
ch09_rsa_nemo.ppt
 
Unit 3(1)
Unit 3(1)Unit 3(1)
Unit 3(1)
 
aacyberessential3cryptography-131067585699078884.pptx
aacyberessential3cryptography-131067585699078884.pptxaacyberessential3cryptography-131067585699078884.pptx
aacyberessential3cryptography-131067585699078884.pptx
 
Public key algorithm
Public key algorithmPublic key algorithm
Public key algorithm
 
Unit 3(1)
Unit 3(1)Unit 3(1)
Unit 3(1)
 
Crypt
CryptCrypt
Crypt
 
1329 n 9460
1329 n 94601329 n 9460
1329 n 9460
 
Senior Research Final Draft3
Senior Research Final Draft3Senior Research Final Draft3
Senior Research Final Draft3
 
PUBLIC KEY & RSA.ppt
PUBLIC KEY & RSA.pptPUBLIC KEY & RSA.ppt
PUBLIC KEY & RSA.ppt
 

Kürzlich hochgeladen

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Kürzlich hochgeladen (20)

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

Cupdf.com public key-cryptography-569692953829a

  • 1. 1 Public Key Cryptography Tom Horton Alfred C. Weaver CS453 Electronic Commerce
  • 2. 2 References  Chap. 12 of our textbook  Web articles on PGP, GPG, Phil Zimmerman  Bruce Schneier, “Applied Cryptography,” John Wiley & Sons  Andrew Tanenbaum, “Computer Networks,” Prentice-Hall  Jim Kurose and Keith Ross, “Computer Networking,” Addison-Wesley
  • 3. 3 Overview of PKC  Also known as using asymmetric keys  A pair of keys  (Can think of this as one long key in two parts)  One used for encryption, the other for decryption  One publicly accessible, the other private to one person  Algorithms / Systems  RSA (Rivest, Shamir, Adelman)  DSA (Digital Signature Algorithm)  PGP, OpenPGP, GPG (Gnu’s PGP)  ssh, sftp  SSL
  • 4. 4 Public Key Cryptography Plaintext Original Plaintext Encryption Decryption Ciphertext Encryption with Receiver’s Public Key Decryption with Receiver’s Private Key
  • 5. 5 Mailbox Analogy  Part of the system is public yet secure  Mailbox with slot  Public: everyone can access it and leave info  Secure: info not accessible to anyone except  Usefully accessing the info requires a private key  The recipient has something personal to get to the data and read it  Matches common use (shown in slide): Sending encrypted information to someone  Other ways to use this
  • 6. 6
  • 7. 7 Public Key Cryptography  Key is some large number (string of bits)  Key has two parts, one public, one private  Public key is well-known  Trusted agents verify the public key  Private key is a secret forever  Key is arbitrarily large  Encrypt with receiver’s public key  Decrypt with receiver’s private key
  • 8. 8 Public Key Cryptography  1. Choose two large primes, p and q  2. Compute n = (p)(q)  3. Compute z = (p-1)(q-1)  4. Choose d such that it is relatively prime to z (no common divisor)  5. Find e such that (e)(d) modulo z = 1  6. Public key is (e,n)  7. Private key is (d,n)
  • 9. 9 Public Key Cryptography  8. To encrypt plaintext message m, compute c = me mod n  9. To decrypt ciphertext message c, compute m = cd mod n.
  • 10. 10 PKC Example  1. Choose two (large) primes, p and q  p = 3 and q = 11  2. Compute n = (p)(q)  n = (3)(11) = 33  3. Compute z = (p-1)(q-1)  z = (2)(10) = 20  4. Choose d such that it is relatively prime to z (no common divisor)  choose d = 7  7 and 20 have no common divisor
  • 11. 11 PKC Example  5. Find e such that (e)(d) modulo z = 1  find e such that 7e mod 20 = 1  one solution is e = 3  6. Public key is (e,n)  public key = (3, 33)  7. Private key is (d,n)  private key is (7, 33)
  • 12. 12 PKC Example  8. To encrypt plaintext message m, compute c = me mod n  c = m3 mod 33  note: require m < n  9. To decrypt ciphertext message c, compute m = cd mod n  m = c7 mod 33
  • 13. 13 PKC Example  Encode letter “S” as 19 just because it is the 19th letter of the alphabet, so plaintext message m = “S” = 19  Of course we could use any other encoding, say ASCII  Encryption (e=3):  c = me mod n = 193 mod 33  c = 6,859 mod 33 = 28  Decryption (d=7):  m = cd mod n = 287 mod 33  m = 13,492,928,512 mod 33 = 19
  • 14. 14 Work an Example 1. Choose two (not so large) primes, p and q p = 47 and q = 71 2. n = (p)(q) = (47)(71) = 3337 = n 3. z = (p-1)(q-1) = (46)(70) = 3220 = z 4. Choose e (or d) such that it is relatively prime to z (i.e., e and z share no common divisors) e=5? 3220/5=644 no e=23? 3220/23=140 no e=35? 3220/35=92 no e=79? 3220 and 79 share no divisors ... yes
  • 15. 15 Work an Example 5. Choose d such that (e)(d) modulo z = 1 So: 79d mod z = 1 now what? 6. Public key = (e, n) = (79, 3337) 7. Private key = (d, n) = (1019, 3337) Compute candidate values of d d = 1019 or 4239 or 7459 or ...
  • 16. 16 Work an Example 8. Encrypt: c = me mod n Let the message = m = 3 c = 3 79 mod 3337 = 4926960980478197443869440340212776567 mod 3337 = 158
  • 17. 17
  • 18. 18 Work an Example 9. Decrypt: m = cd mod n m = 158 1019 mod 3337 m = 3
  • 19. 19
  • 20. 20 Now Do This One m = 12871283761287623450982346231237462836428 e = 98982347326723847658728742384782347823477 d = 87385671910957210238457823842398472397471 n = 91239128371982491824912873918237918239183 What is me mod n? What is cd mod n? 123981203981297532739456374587469898274502399 129837129837923593045734658264927341204389245 987239472934729375923457935793457938573947593 981239123912371982749128379357935793579872391 893459873495873294573298572986798256984569873 987347373477609823497243958713057312409857753 134957831294709246798570398422362456698987987 239048203850923486095860396840958609832492398 203895793867938679387593857392720020204230...
  • 21. 21 Public Key Cryptography  Now imagine that p and q are hundreds of digits long!  Power of PKC based upon the difficulty of factoring large numbers  Commercial firms provide:  choice of p and q  suitable e and d  software for large integer arithmetic  registration of keys to a particular entity
  • 22. 22
  • 23. 23 RSA Implementation  Java implementation of the RSA version of public key cryptography  http://intercom.virginia.edu/crypto/crypto.html
  • 24. 24 Public Key + Symmetric Key  Public key algorithms are slow when used with large numbers  Commercial practice:  generate random symmetric key for each message or session  use symmetric key techniques to encrypt message(s)  encrypt the random symmetric key using PKC  provide recipient with encrypted symmetric key, signed with a digital signature, and a signature certificate
  • 25. 25 Digital Signatures  Digital signatures use PKC techniques to sign a message, proving the authenticity of the sender  Sender encrypts some message with his private key  Receiver consults a certification authority to verify sender’s public key  Receiver uses sender’s verified public key to decrypt sender’s message
  • 26. 26 Digital Signatures Plaintext Original Plaintext Encryption Decryption Ciphertext Encryption with Sender’s Private Key Decryption with Sender’s Public Key
  • 27. 27 Digital Signatures  ciphertext = (message)private-key mod n  message = (ciphertext)public-key mod n  In other words, reverse the use of “e” and “d” from PKC  But, PKC is slow when the keys are large  So instead, take a “hash” of the message and sign that
  • 28. 28 Digital Signatures  Message = m = “ABCDE”  Let hash be mod 10 sum of bytes  hash(m) = (65+66+67+68+69) mod 10  = 335 mod 10 = 5  If any byte of message changes, there is a 1 in 10 change that we will catch it  Poor choice of h, but illustrative  Later we learn how to make a good hash function
  • 29. 29 Digital Signatures  Sender computes hash H of plaintext  Sender encrypts hash with his private key  digsig = (H)private mod n  Receiver decrypts the digsig with sender’s public key  Hdecrypted = (digsig)public mod n  Receiver recovers the plaintext of the message from its ciphertext (however that’s done)  Receiver uses same hash function on recovered plaintext to get computed hash value, Hcomputed  If Hcomputed = Hdecrypted, then with probability p the plaintext was not altered enroute, and with probability 1 the hash was signed by the owner of the public key  How do we make p vanishingly small? (soon)
  • 30. 30 Still Not Done  PKC is very, very powerful  So is symmetric key if key is long  But there are still ways to attack the process, if not the algorithm
  • 31. 31 Bob Talks to Alice 1. Bob sends his public key 2. Alice sends her public key 3. Bob encrypts with Alice’s public key 4. Bob sends encrypted message to Alice 5. Alice decrypts with Alice’s private key 6. Alice encrypts with Bob’s public key 7. Alice sends encrypted message to Bob 8. Bob decrypts with Bob’s private key Bob and Alice are now communicating securely --- or are they?
  • 32. 32 Risks Bob Alice Mallory Mallory replaces Alice's and Bob's public key with her own; records data and re-encrypts it with the other person's purported public key
  • 33. 33 How Secure is Symmetric Key Cryptography?  DES is toast  Known that DES can be broken in a few hours, and probably in just minutes or seconds  If DES can be broken in one second, then 128-bit AES takes 119 trillion years  3DES (168 bits) takes longer  256-bit AES takes far longer  This assumes there are no trap doors (and no reason to suspect there are any)
  • 34. 34 How Secure is Public Key Cryptography?  As secure as you wish it to be  Moore’s Law says that computing power doubles at no increase in cost every 18 months  Approximately true since 1976  As computing power progresses, increase key length  But beware distributed computing!  Make sure key is much, much longer than any one machine can solve, because many computers might be working on it
  • 35. 35 How Secure is Modern Crypto?  For now, crypto provides very serious protection for electronic commerce transactions when using  symmetric keys of length >= 128 bits  public keys of length >= 1024 bits  If cryptography is so strong, why is this not a completely solved problem?
  • 36. 36 Key Management  Crypto is strong – so criminals, hackers, and the government go after key management  If the keys are not secure, the communication is not secure  The threat to modern cryptography is key management  key distribution  key revocation  key storage  key theft
  • 37. 37 Digital Signature Sender’s data Hash algorithm (SHA-1, MD5) Hash code (message digest) PKC encryption Sender’s private key Digital signature Validate with sender’s public key Timestamp Timestamp
  • 38. 38 Hash Code  What makes a good hash code?  Recall why we use it:  the hash code is digitally signed (rather than the message itself) for computational economy  the hash code is used to prove message integrity  hash(P) = hash ( D ( E ( P) ) )
  • 39. 39 Characteristics  One-way hash function H operates on arbitrary length message M and returns a fixed length hash value, h=H(M)  Many functions can do that  Our goals are  given M, easy to compute h  given h, difficult to compute M s.t. H(M)=h  given M, hard to find M’ such that H(M’) = H(M)
  • 40. 40 Hash Codes (Message Digests) One example scheme: 01011111 …. 11 01001110 …. 10 00100001 …. 01 01001001 …. 11 11010100 …. 10 11110000 …. 11 10001011 …. 00 File for which you wish to prove integrity (M) h = 11010110 ... 10 = H(M) H = exclusive-OR
  • 41. 41 Discussion  Let the hash function H() be the n-bit wide exclusive-or of the message M.  Is that a good hash function?  Advantages?  Disadvantages?
  • 42. 42 Discuss What if H(M) is a 16-bit wide exclusive OR? M = “I will buy your house for $1,000,000” M base 2 = 01100101 01101100 00101010 01101010 ..... H(M) = 10010100 01010110 Premise: If I use EX-OR as hash, and digitally sign the hash value, then neither you nor I can change the contract because doing so would change the hash, and thus H(D(E(P))) != H(P). Is that true?
  • 43. 43 Cheating with Digital Signatures 1. Change $1,000,000 to $1 2. Hash is only 16 bits wide. 3. There are only 216 hash values. 4. Start generating other variations on the message that are merely cosmetic, e.g., replace space with space-backspace-space, or replace “.<CR>” with “.<space><CR>” 5. If this were a contract with >16 lines, making or not making one change on each of 16 lines would produce >216 variations of the document. 6. Not all 216 hash values are necessarily present---this just shows that it is relatively easy to produce a large number of variants quickly and easily – and automatically!
  • 44. 44 Cheating with Digital Signatures  So take the original document and digitally sign it.  Take a version of the altered document where H(M’)=H(M) and sign that one also.  Present your check for $1.  Go to court to enforce the digitally signed contract M’ where the price is $1.
  • 45. 45 Lessons  Lesson #1: H(M) needs to produce a lot more than 16 bits. Target 128 or 256.  Lesson #2: And while we’re at it, let’s stir the bits when computing H(M) so that hash bits are a function of more than just a single column of bits. Want each hash bit hi to be a function of many input bits (as with DES).
  • 46. 46 MD5  Bruce Schneier, “Applied Cryptography”, pages 436-441.
  • 47. 47 Key Escrow  The story of the Clipper chip and the plan for key escrow
  • 48. 48 Threats  Distributed computing (grid computing) on the scale of the Internet  Quantum computing
  • 49. 49
  • 50. 50 Pretty Good Privacy  PGP designed by Phillip Zimmerman for electronic mail  Uses three known techniques:  IDEA for encrypting email message  International Data Exchange Algorithm  block cipher with 64-bit blocks  similar in concept but different in details from DES  uses 128-bit keys  patented, but free for non-commercial use
  • 51. 51 Controversies  Was released overseas  Zimmerman says not by him  US Government investigated him for 3 years under the Arms Export Control Act  Dropped in 1996  Use of RSA patents  PGP eventually became a company  Open PGP  Use by non-government groups  Dissidents, terrorists, etc.
  • 52. 52 PGP  RSA public key encryption  permits keys up to 2,047 bits in length  Digital signatures use MD5 as the one-way hash function  PGP generates a random 128-bit symmetric key, used by IDEA for each email message  PGP generates its own public/private key pairs  Keys are stored locally using a hashed pass phrase
  • 53. 53 Hashed Pass Phrase  Access to the private key is granted by providing the “pass phrase” (not password)  Should be on the order of 100 characters  Issues with a pass phrase:  what’s the chance of guessing a 100 character phrase?  Is it 2^(100*8)?
  • 54. 54 Hashed Pass Phrase  People don’t want to type 100 characters, so they are typically shorter  Can you remember “ndjehrkanf48ahdmmdh3jnqlkfyebnekfjnanrb9roakfn 63nfgaprektnvcgesiwm”?  Dictionary attacks (common words)  Personal knowledge attacks (spouse, children, pets, birthdays, anniversaries)  Cultural bias (English)  Subject bias (computing, accounting)
  • 55. 55 PGP  PGP does not use conventional certificates (too expensive)  Instead,  users generate and distribute their own public keys  sign each other’s public keys  save trusted public keys on public-key ring  users build a web of trust  users determine how much to trust
  • 56. 56 PGP Comments  PGP is very powerful for email  runs on many platforms  available free from www.pgpi.org  But  no key revocation authority  no foolproof way to withdraw a compromised key  maybe there are some residual concerns over a prior government lawsuit (now resolved) against Phil Zimmerman
  • 57. 57
  • 58. 58