Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

CS555Spring 2012/Topic 171 Cryptography CS 555 Topic 17: Textbook RSA encryption.
CSE331: Introduction to Networks and Security Lecture 19 Fall 2002.
CS252: Systems Programming Ninghui Li Topic 3: Programming in a FIZ: Simple Functional Programming Language.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Introduction to Public Key Cryptography
Public Key Model 8. Cryptography part 2.
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
 Introduction  Requirements for RSA  Ingredients for RSA  RSA Algorithm  RSA Example  Problems on RSA.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
CS555Topic 211 Cryptography CS 555 Topic 21: Digital Schemes (1)
CSCE 201 Introduction to Information Security Fall 2010 Data Protection.
1 Lect. 13 : Public Key Encryption RSA ElGamal. 2 Shamir Rivest Adleman RSA Public Key Systems  RSA is the first public key cryptosystem  Proposed in.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
BASIC CRYPTOGRAPHIC CONCEPTS. Public Key Cryptography  Uses two keys for every simplex logical communication link.  Public key  Private key  The use.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Chapter 21 Public-Key Cryptography and Message Authentication.
Cryptography and Network Security (CS435) Part Eight (Key Management)
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
1 Public-Key Cryptography and Message Authentication.
Computer and Network Security Rabie A. Ramadan Lecture 6.
Cryptography and Network Security Chapter 9 - Public-Key Cryptography
CS461/ECE422 Spring 2012 Nikita Borisov — UIUC1.  Text Chapters 2 and 21  Handbook of Applied Cryptography, Chapter 8 
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
Symmetric Cryptography, Asymmetric Cryptography, and Digital Signatures.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Cryptography Chapter 7 Part 3 Pages 812 to 833. Symmetric Cryptography Security Services – Only confidentiality, not authentication or non- repudiation.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Information Security CS 526
Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.
Chapter 9 Public Key Cryptography and RSA. Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender.
Fall 2002CS 395: Computer Security1 Chapter 9: Public Key Cryptography.
Public Key Algorithms Lesson Introduction ●Modular arithmetic ●RSA ●Diffie-Hellman.
CS 4803 Fall 04 Public Key Algorithms. Modular Arithmetic n Public key algorithms are based on modular arithmetic. n Modular addition. n Modular multiplication.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Computer Security Lecture 5 Ch.9 Public-Key Cryptography And RSA Prepared by Dr. Lamiaa Elshenawy.
Lecture 3 (Chapter 9) Public-Key Cryptography and RSA Prepared by Dr. Lamiaa M. Elshenawy 1.
RSA Pubic Key Encryption CSCI 5857: Encoding and Encryption.
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
Public Key Cryptography. Asymmetric encryption is a form of cryptosystem in which Encryption and decryption are performed using the different keys—one.
Asymmetric-Key Cryptography
Public Key Encryption and Digital Signatures
Information Security CS 526
Topic 2: Public Key Encryption and Digital Signatures
Real-world Security of Public Key Crypto
Asymmetric Cryptography
Topic 2: Public Key Encryption and Digital Signatures
Information Security CS 526
NET 311 Information Security
Lecture 6: Digital Signature
LAB 3: Digital Signature
Presentation transcript:

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures

Fall 2010/Lecture 312 Review of Secret Key (Symmetric) Cryptography Confidentiality –stream ciphers (uses PRNG) –block ciphers with encryption modes Integrity –Cryptographic hash functions –Message authentication code (keyed hash functions) Limitation: sender and receiver must share the same key –Needs secure channel for key distribution –Impossible for two parties having no prior relationship –Needs many keys for n parties to communicate

Fall 2010/Lecture 313 Public Key Encryption Overview Each party has a PAIR (K, K -1 ) of keys: –K is the public key, and used for encryption –K -1 is the private key, and used for decryption –Satisfies D K -1 [E K [M]] = M Knowing the public-key K, it is computationally infeasible to compute the private key K -1 –How to check (K,K -1 ) is a pair? –Offers only computational security. PK Encryption impossible when P=NP, as deriving K -1 from K is in NP. The public-key K may be made publicly available, e.g., in a publicly available directory –Many can encrypt, only one can decrypt Public-key systems aka asymmetric crypto systems

Fall 2010/Lecture 314 Public Key Cryptography Early History The concept is proposed in Diffie and Hellman (1976) “New Directions in Cryptography” –public-key encryption schemes –public key distribution systems Diffie-Hellman key agreement protocol –digital signature Public-key encryption was proposed in 1970 by James Ellis –in a classified paper made public in 1997 by the British Governmental Communications Headquarters Concept of digital signature is still originally due to Diffie & Hellman

Fall 2010/Lecture 315 Public Key Encryption Algorithms Almost all public-key encryption algorithms use either number theory and modular arithmetic, or elliptic curves RSA –based on the hardness of factoring large numbers El Gamal –Based on the hardness of solving discrete logarithm –Basic idea: public key g x, private key x, to encrypt: [g y, g xy M].

Fall 2010/Lecture 316 RSA Algorithm Invented in 1978 by Ron Rivest, Adi Shamir and Leonard Adleman –Published as R L Rivest, A Shamir, L Adleman, "On Digital Signatures and Public Key Cryptosystems", Communications of the ACM, vol 21 no 2, pp , Feb 1978 Security relies on the difficulty of factoring large composite numbers Essentially the same algorithm was discovered in 1973 by Clifford Cocks, who works for the British intelligence

Fall 2010/Lecture 317 RSA Public Key Crypto System Key generation: 1. Select 2 large prime numbers of about the same size, p and q Typically each p, q has between 512 and 2048 bits 2. Compute n = pq, and  (n) = (q-1)(p-1) 3. Select e, 1<e<  (n), s.t. gcd(e,  (n)) = 1 Typically e=3 or e= Compute d, 1< d<  (n) s.t. ed  1 mod  (n) Knowing  (n), d easy to compute. Public key: (e, n) Private key: d

Fall 2010/Lecture 318 RSA Description (cont.) Encryption Given a message M, 0 < M < nM  Z n  {0} use public key (e, n) compute C = M e mod n C  Z n  {0} Decryption Given a ciphertext C, use private key (d) Compute C d mod n = (M e mod n) d mod n = M ed mod n = M

Fall 2010/Lecture 319 Plaintext: M C = M e mod (n=pq) Ciphertext: C C d mod n From n, difficult to figure out p,q From (n,e), difficult to figure d. From (n,e) and C, difficult to figure out M s.t. C = M e

Fall 2010/Lecture 3110 RSA Example p = 11, q = 7, n = 77,  (n) = 60 d = 13, e = 37 (ed = 481; ed mod 60 = 1) Let M = 15. Then C  M e mod n –C  (mod 77) = 71 M  C d mod n –M  (mod 77) = 15

RSA Example 2 Parameters: –p = 3, q = 5, q= pq = 15 –  (n) = ? Let e = 3, what is d? Given M=2, what is C? How to decrypt? Fall 2010/Lecture 3111

Fall 2010/Lecture 3112 RSA Security Security depends on the difficulty of factoring n –Factor n =>  (n) => compute d from (e,  (n)) The length of n=pq reflects the strength –700-bit n factored in 2007 –768 bit factored in bit for minimal level of security today –likely to be breakable in near future Minimal 2048 bits recommended for current usage NIST suggests bit RSA keys are equivalent in strength to 256-bit RSA speed is quadratic in key length

Real World Usage of Public Key Encryption Often used to encrypt a symmetric key –To encrypt a message M under a public key (n,e), generate a new AES key K, compute [RSA(n,e,K), AES(K,M)] Plain RSA does not satisfy IND requirement. –How to break it? One often needs padding, e.g., Optimal Asymmetric Encryption Padding (OAEP) –Roughly, to encrypt M, chooses random r, encode M as M’ = [X = M  H 1 (r), Y= r  H 2 (X) ] where H 1 and H 2 are cryptographic hash functions, then encrypt it as (M’) e mod n –Note that given M’=[X,Y], r = Y  H 2 (X), and M = X  H 1 (r) Fall 2010/Lecture 3113

Fall 2010/Lecture 3114 Digital Signatures: The Problem Consider the real-life example where a person pays by credit card and signs a bill; the seller verifies that the signature on the bill is the same with the signature on the card Contracts, they are valid if they are signed. Signatures provide non-repudiation. –ensuring that a party in a dispute cannot repudiate, or refute the validity of a statement or contract. Can we have a similar service in the electronic world? –Does Message Authentication Code provide non-repudiation? Why?

Fall 2010/Lecture 3115 Digital Signatures MAC: One party generates MAC, one party verifies integrity. Digital signatures: One party generates signature, many parties can verify. Digital Signature: a data string which associates a message with some originating entity. Digital Signature Scheme: –a signing algorithm: takes a message and a (private) signing key, outputs a signature –a verification algorithm: takes a (public) key verification key, a message, and a signature Provides: –Authentication, Data integrity, Non-Repudiation

Fall 2010/Lecture 3116 Digital Signatures and Hash Very often digital signatures are used with hash functions, hash of a message is signed, instead of the message. Hash function must be: –Pre-image resistant –Weak collision resistant –Strong collision resistant

Fall 2010/Lecture 3117 RSA Signatures Key generation (as in RSA encryption): Select 2 large prime numbers of about the same size, p and q Compute n = pq, and  = (q - 1)(p - 1) Select a random integer e, 1 < e < , s.t. gcd(e,  ) = 1 Compute d, 1 < d <  s.t. ed  1 mod  Public key: (e, n)used for verification Secret key: d, used for generation

Fall 2010/Lecture 3118 RSA Signatures (cont.) Signing message M Verify 0 < M < n Compute S = M d mod n Verifying signature S Use public key (e, n) Compute S e mod n = (M d mod n) e mod n = M Note: in practice, a hash of the message is signed and not the message itself.

Fall 2010/Lecture 3119 The Big Picture Secrecy / Confidentiality Stream ciphers Block ciphers + encryption modes Public key encryption: RSA, El Gamal, etc. Authenticity / Integrity Message Authentication Code Digital Signatures: RSA, DSA, etc. Secret Key Setting Public Key Setting

Fall 2010/Lecture 3120 Readings for This Lecture Differ & Hellman: –New Directions in Cryptography

Fall 2010/Lecture 3121 Coming Attractions … Key management and certificates