HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.

Slides:



Advertisements
Similar presentations
RSA.
Advertisements

Public Key Cryptosystem
Data Security 1 El_Gamal Cryptography. Data Security2 Introduction El_Gamal is a public-key cryptosystem technique El_Gamal is a public-key cryptosystem.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Asymmetric-Key Cryptography
Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r p q p q p q p and q prime.
7. Asymmetric encryption-
Elliptic curve arithmetic and applications to cryptography By Uros Abaz Supervised by Dr. Shaun Cooper and Dr. Andre Barczak.
Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA Secret sharing Secret sharing DTTF/NB479: DszquphsbqizDay 29.
Announcements: 1. Term project groups and topics due midnight 2. HW6 due next Tuesday. Questions? This week: Primality testing, factoring Primality testing,
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Announcements: 1. Short “pop” quiz on Ch 3 (today?) 2. Term project groups and topics formed 3. HW6 due tomorrow. Questions? This week: Discrete Logs,
Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.
Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
Electronic Payment Systems Lecture 5: ePayment Security II
Cryptography & Number Theory
ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 29.
Announcements: 1. Pass in HW7 now. 2. Project rubrics posted (peruse together) 3. Teams choose presentation dates now Questions? This week: Birthday attacks,
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Announcements: 1. Term project groups and topics formed 2. HW6 due tomorrow. Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs,
Diffie-Hellman Key Exchange
CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.
Codes, Ciphers, and Cryptography-RSA Encryption
Asymmetric encryption. Asymmetric encryption, often called "public key" encryption, allows Alice to send Bob an encrypted message without a shared secret.
Public Key Model 8. Cryptography part 2.
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
1 CIS 5371 Cryptography 8. Asymmetric encryption-.
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
Rachana Y. Patil 1 1.
ElGamal Public Key Cryptography CS 303 Alg. Number Theory & Cryptography Jeremy Johnson Taher ElGamal, "A Public-Key Cryptosystem and a Signature Scheme.
The RSA Algorithm Rocky K. C. Chang, March
Elgamal Public Key Encryption CSCI 5857: Encoding and Encryption.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Lecture 7 Discrete Logarithms
RSA Implementation. What is Encryption ? Encryption is the transformation of data into a form that is as close to impossible as possible to read without.
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the order Teams mostly.
1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS CIS 5357 Network Security.
Public-Key Cryptography CS110 Fall Conventional Encryption.
Modular Arithmetic with Applications to Cryptography Lecture 47 Section 10.4 Wed, Apr 13, 2005.
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
CS461/ECE422 Spring 2012 Nikita Borisov — UIUC1.  Text Chapters 2 and 21  Handbook of Applied Cryptography, Chapter 8 
Discrete Logarithm(s) (DLs) Fix a prime p. Let a, b be nonzero integers (mod p). The problem of finding x such that a x ≡ b (mod p) is called the discrete.
Key Exchange Methods Diffie-Hellman and RSA CPE 701 Research Case Study Derek Eiler | April 2012.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
PUBLIC KEY CRYPTOGRAPHY ALGORITHM Concept and Example 1IT352 | Network Security |Najwa AlGhamdi.
Public Key Algorithms Lesson Introduction ●Modular arithmetic ●RSA ●Diffie-Hellman.
Public Key Cryptosystem Introduced in 1976 by Diffie and Hellman [2] In PKC different keys are used for encryption and decryption 1978: First Two Implementations.
1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.
Great Theoretical Ideas in Computer Science.
Introduction to Pubic Key Encryption CSCI 5857: Encoding and Encryption.
Homework #2 J. H. Wang Oct. 31, 2012.
Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:
Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption.
Elgamal Public Key Encryption CSCI 5857: Encoding and Encryption.
1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.
Information Security and Management 10. Other Public-key Cryptosystems Chih-Hung Wang Fall
1 The RSA Algorithm Rocky K. C. Chang February 23, 2007.
Intro to Cryptography ICS 6D Sandy Irani. Cryptography Intro Alice wants to send a message to Bob so that even if Eve can see the transmitted information,
CS480 Cryptography and Information Security Huiping Guo Department of Computer Science California State University, Los Angeles 14. Digital signature.
Public Key Cryptosystem
DTTF/NB479: Dszquphsbqiz Day 26
DTTF/NB479: Dszquphsbqiz Day 27
Introduction to Elliptic Curve Cryptography
DTTF/NB479: Dszquphsbqiz Day 25
DTTF/NB479: Dszquphsbqiz Day 25
Presentation transcript:

HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review of mid-term feedback This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions Hash Functions DTTF/NB479: DszquphsbqizDay 25

Discrete Logs Find x We denote this as Why is this hard? Given

Some things we won’t cover in class about Discrete Logs Baby step, Giant Step (worth reading) Index Calculus: like sieve method of factoring primes The equation on p. 207 might help with some of homework 7. The equation on p. 207 might help with some of homework 7. Discrete logs mod 4 and bit commitment We skip to make time for some applications of discrete logs We skip to make time for some applications of discrete logs Although the football game prediction analogy is interesting… Although the football game prediction analogy is interesting…

Diffie-Hellman is an alternative to RSA for key exchange, but is based on discrete logs Publish large prime p, and a primitive root  Alice’s secret exponent: x Bob’s secret exponent: y 0 < x,y < p-1 0 < x,y < p-1 Alice sends  x (mod p) to Bob Bob sends  y (mod p) to Alice Each know key K=  xy Eve sees p,  x,  y … why can’t she determine  xy ?

Diffie-Hellman Key Exchange Publish large prime p, primitive root  Alice’s secret exponent: x Bob’s secret exponent: y 0 < x,y < p-1 0 < x,y < p-1 Alice sends  x (mod p) to Bob Bob sends  y (mod p) to Alice Each know key K=  xy Eve sees , p,  x,  y ; why can’t she determine  xy ? Discrete logs: “Given  x =  (mod p), find x Computational Diffie-Hellman problem: “Given , p,  x (mod p),  y (mod p), find  xy (mod p)” Decision Diffie-Hellman problem: “Given , p,  x (mod p),  y (mod p), and c ≠ 0 (mod p). Verify that c=  xy (mod p)” What’s the relationship between the three? Which is hardest?

The ElGamal Cryptosystem is an entire public-key cryptosystem like RSA, but based on discrete logs p large so secure and > m = message 1 Bob chooses prime p, primitive root , integer a Bob computes  ≡  a (mod p) Bob publishes ( , p,  ) and holds a secret Alice chooses secret k, computes and sends to Bob the pair (r,t) where r ≡  k (mod p) r ≡  k (mod p) t ≡  k m (mod p) t ≡  k m (mod p) Bob calculates: tr -a ≡ m (mod p) Why does this decrypt?

ElGamal Cryptosystem Bob publishes ( , p,  ≡  a ) Alice chooses secret k, computes and sends to Bob the pair (r,t) where r ≡  k (mod p) r ≡  k (mod p) t ≡  k m (mod p) t ≡  k m (mod p) Bob finds: tr -a ≡ m (mod p) Why does this work? Multiplying m by  k scrambles it. Eve sees , p, , r, t. If she only knew a or k! Knowing a allows decryption. Knowing k also allows decryption. Why? Can’t find k from r or t. Why? 2-3

ElGamal Bob publishes ( , p,  ≡  a ) Alice chooses secret k, computes and sends to Bob the pair (r,t) where r ≡  k (mod p) r ≡  k (mod p) t ≡  k m (mod p) t ≡  k m (mod p) Bob finds: tr -a ≡ m (mod p) 1.Show that Bob’s decryption works 2.Eve would like to know k. Show that knowing k allows decryption. Why? 3.Why can’t Eve compute k from r or t? 4.Challenge: Alice should randomize k each time. If not, and Eve gets hold of a plaintext / ciphertext (m 1, r 1, t 1 ), she can decrypt other ciphertexts (m 2, r 2, t 2 ). Show how. 5.If Eve says she found m from (r,t), can we verify that she really found it, using only m,r,t, and the public key (and not k or a)? Explain. 6.(For HW: Create a public key ( , p,  ), encrypt a message as (r,t), and decrypt it using the private key. You may do this with a friend as we did for RSA, or do it on your own.) 4-6