Presentation is loading. Please wait.

Presentation is loading. Please wait.

Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-9 Public-Key Cryptography.

Published byMarlene Farmer Modified over 8 years ago

Similar presentations

Presentation on theme: "Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-9 Public-Key Cryptography."— Presentation transcript:

1

2 Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-9 Public-Key Cryptography Diffie-Hellman Public-Key Exchange System Network Security Design Fundamentals ET-IDA-082 11.05.2016, v25 Prof. W. Adi

3 Page : 2 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Historical Overview Historical Overview Public Key Principle Public Key Principle DH Public Key Exchange DH Public Key Exchange Lecture Outlines

4 Page : 3 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Historical Public-Key Breakthrough in Cryptography Breakthrouh in Comunication 1949 Shannon (AT&T) 1948 'A Mathematical Theory of Communication‚ Shannon (AT&T) 1949 'Communication Theory of Secrecy Systems‘ Shannon’s Breakthrough in Communication: Error-free transmission is possible on noisy channels! C= B log 2 (1 + S/N) One unbreakable System is known !! (Vernam) Breakthrough to Modern Cryptology 1976 Diffie and Hellman 1976 Public key Cryptography (Stanford University) Diffie Hellman ‘s Breakthrough in Cryptography: Secured transmission is possible on unsecured channels without any secret agreement ! (No unbrakable system is known!!!!....... Any new Breakthrough expected or example a non-breakable public key system? !

5 Page : 4 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Key Idea of Public Key Systems: Using two different keys! K-secret K-public Two major schemes in Public Key Cryptography: Diffie-Hellman key exchange scheme RSA public key secrecy system - Open and close with different keys!! - No Secret Key Agreement required Conventional Secret Key Systems K-open = K-close (Symmetric System) -Open and close with the same key which has to be agreed secretly !! K-open  K-close (Asymmetric System)

6 Page : 5 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Y = E (Z,X) Channel Message Sender Receiver Message X E ( Z,X ) D ( Z,Y ) X Conventional Cryptographic Systems till 1976 Ciphering De-Ciphering Secret Key = Z Z Secret Key Channel Z Public-Key system drops out that secret key- agreement completely Is secret key exchange a big problem? Secret Key exchange technique is not defined in such systems:

7 Page : 6 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Why Public-Key Cryptography ? 2 3 4 Question: How many secret-keys needed to be exchanged in order to set up a system of n-users? 5 1 10 key-exchanges for 5 users 1 2 3 n... n (n-1) keys for n users 2 For 10 000 users we need 50 million key-exchanges !

8 Page : 7 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 The Solution was Public-Key Cryptography Breakthrough in 1976 by Diffie and Hellman Cryptogram = Y Message Sender Receiver Message X E( Z e, X ) D( Z d, Y ) X Ciphering De-Ciphering Public Directory Public Open Agreement No Prior Secret Communication ! Replace secret agreement by A public register

9 Page : 8 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 SENDER RECEIVER Secret Key Crypto-System : mechanical Simulation Message Z Lock Z Key = Z Secret key agreement Key = Z Message Essential Initialization Process

10 Page : 9 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Public-Key Cryptography First introduced by Diffie and Hellman 1976 (Stanford University) Key Revolutionary Idea: no need for any prior secret agreement In order to communicate securely 2. Any two users start open negotiations resulting with a shared secret ! K-public K-secret 1. Every user generates two keys: Could that work securely ? The answer is yes under some assumptions! Diffie and Hellmann showed 1976 for the first time that it is possible to share secrets without prior secret agreement (as we conventionally do in sharing secret keys) HOW ?

11 Page : 10 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Public-Key Cryptography Breakthrough 1976 Diffie-Hellman proposed mechanism Shared Secret without exchange of secrets “Mechanical simulation” AB ! Same thing ! Shared Secret SHIELD (open agreement) Secret key-A Secret key-B K-public-B Open Register K-public-A injection

12 Page : 11 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Key idea: by using the so called One-way Functions (OWF) SHIELD = One Way Function 6 How: 2 6 mod 11 = 9 How to “ publicly ” hide (shield) a secret ? Log 2 [ 2 6 mod 11 = 9 ] 6 = log 2 9 (mod 11) Discrete logarithm cmputation is still not known! (claim: no proof! : No efficient algorithm is known to compute the secret “6” as log 2 9 modulo 11 ! Secretshielded secret Diffie-Hellmann used a One-Way function: All computations in Z p = GF(p) a finite Ring Z p = GF(p) 9

13 Page : 12 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Open Agreement and Register Shielding function is : y = (5 x ) mod 7 Example for Diffie-Hellman key exchange scheme 1976 Widely use in internet and banking... AB ! same thing ! Z = 6 Shield Secret key-A= 3 Secret key-B= 5 5 5 3 5 3.5 K-open-A= 6 5 3 = 6 K-open-B= 3 5 5 = 3 5 5.3 ( ) 5 3 5 3 6 5 3

14 Page : 13 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Conventional Diffie-Hellman Public Key Distribution System User A User B x a = secret key of A xbxb [ y a ]  primitive element in GF(p) y a =  Xa public key of A y b =  Xb public key of B x b = secret key of B in Z p B, Open Directory Shared Secret: Z AB =  x a x b  in Z p yaya ybyb xaxa [ y b ] A, Z AB = x a x b  Z AB =

15 Page : 14 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Example: A public key exchange system is setup according to Diffie-Hellman key exchange scheme with y = 7 X mod 23 1.Compute the public keys Y A, Y B of users A and B if their secret keys are X A =5 and X B =4 respectively. 2.Compute the common shared secret Z AB between users A and B according to Diffie- Hellman key exchange scheme Solution two-way exchange : Secret Key X A = 5 Secret Key X B = 4 Public key for user A is : Y A = 7 5 mod 23 = 17 Z AB = 9 5 mod 23 = 8 Public key for user B is : Y B = 7 4 mod 23 = 9 Z AB = 17 4 mod 23 = 8 Common Secret is = 8

16 Page : 15 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Examples of “still claimed” as One-way Functions (OWF) Other One-Way Functions (Locks) from Number Theory a x mod p a x Y=a x ? Y a x=log a Y p.q p q m=p.q ? m p q X 2 mod m X m=p.q Y=X 2  Y=? mod m Y X m Discrete log Problem (DH Lock) Factorization Problem (RSA Lock) Factorization Problem (Rabin Lock) All are unproved claims! Locking Un-Locking

17 Page : 16 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Practical Use Cases of “Diffie-Hellman-Lock” In Public-Key Systems 1- SEEK: Key exchange System 2- Authenticated Public Key Distribution System 3- Two-Way Authenticated Public Key Distribution System Three application scenarios: - Many other scenarios ….

18 Page : 17 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 “SEEK” Secure Electronic Exchange of Keys A Public-Key Secrecy System Based on Diffie Hellman Key exchange Scheme [SEEK (Omura) cryptosystem 1985] User A User B If gcd(Z, q-1) = 1 then Z is adopted as a suitable key [ the inverse of Z is D = Z -1 (mod q -1) ] Z M Z M D Z M ( ) = M Step 1: Key agreement Step 2: Data Encryption and Decryption by Exponentiation in GF(q) shared secret key =Z 1 E a = secret key EaEa   EaEa EaEa  Z = ( ) = EbEb E a E b   2 EbEb E b = secret key  EbEb EbEb  Z = ( ) = EaEa E b E a  Arithmetic in GF(q)  = primitive element in GF(q) Open Directory

19 Page : 18 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Two-Way Authenticated Public Key Distribution System Based on Diffie-Hellman Scheme (Alexandris, Burmester, Chrissikopoulos, Desmedt,1993) User A User B x a = secret key of A r 1 = random in Z p-1 E a = ( r 1 - x a ) in Z p-1 A,  Ea EaEa [ y a.  ] r 1 r 2  primitive element in GF(p) y a =  Xa public key of A y b =  Xb public key of B x b = secret key of B r 2 = random in Z p-1 E b = (r 2 - x b ) in Z p-1 r2r2 EbEb [ y b.  ] r1r1 [ .  ] =  r 1 - x a r2r2 xaxa r 1 r 2 [ .  ] =  r 2 -x b r1r1 xbxb in Z p B,  Eb Open Directory Shared Secret: Z AB

20 Page : 19 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Two-Way Authenticated Public Key Distribution System Based on Diffie-Hellman-Hughs Scheme User A User B x a = secret key of A Z =  Xa  : as primitive element in GF(p) r = random in Z p-1 such that: gcd( p-1, r ) = 1 Compute r -1 in Z p-1 [Y 2 ] = [  r. Xa ] =  Xa = Z Y 2 =[ Y 1 ] Xa =  r. Xa Y 1 =  r Y2Y2 r -1 User A can enforce a certain key value Z ! Open Directory

21 Page : 20 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Security of Diffie-Hellman (DH) Public Key Exchange System Security considerations and few known facts: 1.Based on the claim that the discrete logarithm is not efficiently computable 2.A primitive element  from GF(p) or GF(2 m ) is used to make exhaustive search algorithms infeasible. If y =  I, only y and  are known. To break the system we need to find i. To find i, the powers  t are computed in the given GF until y =  t, then i=t. A maximum of p-1 or 2 m -1 cycles are required to find t [the order of  (as a primitive element) is p-1 in GF(p) or 2 m -1.in GF(2 m )]. Therefore p is selected as 1000 to 4000 bit prime or m> 1000 to attain a good security level. 3.Caution: There is no evidence that no efficient algorithms can be found to break the system. 4.(p-1) should have large prime factor to make the discrete logarithm computation infeasible (p is called then a strong prime ).

22 Page : 21 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Design Summary for Diffie-Hellman (DH) Public Key Exchange System Diffie-Hellman (DH) Public Key Exchange System A possible design procedure for GF(p) is: 1.Select a strong prime number p such that p-1 = 2 q where q is a prime. A possible procedure is to use Pocklington’s Theorem to find such a prime: - Select N = 2q + 1 where q is a large prime Check if the resulting N is prime according to Pocklington’s theorem - If N is prime, take p=N and generate GF(p) 2.Find a primitive element  in GF(p) by selecting any non-zero random value and checking if its order is p-1. The order of any element in GF(p) is a divisor of p-1=2q. That is the order can be either 1, 2, q or 2q. If  2  1 and  q  1 then the order of  is 2q and  is a primitive element. Repeat 3 until you get a primitive element. 3. Publish GF(p) and  in a public directory. The system is ready for use.

Download ppt "Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-9 Public-Key Cryptography."

Similar presentations

Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Chapter 9 – Public Key Cryptography and RSA Private-Key Cryptography  traditional private/secret/single key cryptography uses one key  shared by both.

Chapter 9 – Public Key Cryptography and RSA Private-Key Cryptography  traditional private/secret/single key cryptography uses one key  shared by both.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Public Key Model 8. Cryptography part 2.

Public Key Model 8. Cryptography part 2.
Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.

Andreas Steffen, , 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.
Prime Numbers Prime numbers only have divisors of 1 and self

Prime Numbers Prime numbers only have divisors of 1 and self
Network and Communications Network Security Department of Computer Science Virginia Commonwealth University.

Network and Communications Network Security Department of Computer Science Virginia Commonwealth University.
Midterm Review Cryptography & Network Security

Midterm Review Cryptography & Network Security
Cryptography and Network Security (CS435) Part Eight (Key Management)

Cryptography and Network Security (CS435) Part Eight (Key Management)
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.

Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
1 Public-Key Cryptography and Message Authentication.

1 Public-Key Cryptography and Message Authentication.
Cryptography and Network Security Chapter 9 - Public-Key Cryptography

Cryptography and Network Security Chapter 9 - Public-Key Cryptography
Public key ciphers 2 Session 6.

Public key ciphers 2 Session 6.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.

PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.

Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.

Similar presentations

Ads by Google