Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key Exchange References: Applied Cryptography, Bruce Schneier

Published byArabella Marsh Modified over 6 years ago

Similar presentations

Presentation on theme: "Key Exchange References: Applied Cryptography, Bruce Schneier"— Presentation transcript:

1 Key Exchange References: Applied Cryptography, Bruce Schneier
Cryptography and Network Securiy, Willian Stallings

2 Outlines Primitives Root Discrete Logarithm Diffie-Hellman ElGamal
Shamir’s Three Pass Protocol

3 Primitive Root A primitive root of a prime number p as one whose powers modulo p generate all the integers from 1 to p-1. If α is primitive root of p, the numbers: α mod p, α 2 mod p, α 3 mod p, . . ., α p-1 mod p are difference. Example: A prime number 19 has primitive roots: 2, 3, 10, 13, 14, and 15. (It’s shown by Powers of Integers, Modulo 19 Table)

4 Powers of Integers, Modulo 19 Table

5 Discrete Logarithm For a pair of primitive root α and a prime number p: dlogα,p(1) = 0  α0 mod p = 1 mod p = 1 dlogα,p(α) = 1  α1 mod p = α Based on Powers of Integers, Modulo 19 Table (previous slide) : dlog2,19(3) = 13 dlog2,19(6) = 14

6 Diffie-Hellman Key Exchange

7 Diffie-Hellman Key Exchange
The Diffie Hellman was the first public-key algorithm. It was invented in 1976. This algorithm can be used to generate secret key but not to encrypt and decrypt message. Alice and Bob agree on large prime q and α. α is primitive root of q. q and α do not have to be secret and transmitted over insecure channel.

8 Diffie-Helman Protocol (1)
Alice chooses a random large integer XA and sends Bob YA = αXA mod q Bob chooses a random large integer XB and sends Alice YB = αXB mod q Alice computes K = YBXA mod q Bob computes K = YAXB mod q Everyone on the channel just know q, α, YA, and YB.

9 Diffie-Helman Protocol (2)

10

11 Diffie-Hellman with n Parties (1)
Alice chooses a random large integer XA and sends Bob : YA = αXA mod q. Bob chooses a random large integer XB and sends Carol : YB = αXB mod q. Carol chooses a random large integer XC and sends Alice : YC = αXC mod q. Alice sends Bob : YC‘ = YCXA mod q. Bob sends Carol : YA‘ = YAXB mod q. Carol sends Alice : YB‘ = YBXC mod q. Alice computes secret key : K = (YB’)XA mod q. Bob compues secret key : K = (YC’)XB mod q. Carol computes secret key : K = (YA’)XC mod q.

12 Diffie-Hellman with n Parties (2)
How about 4 parties?

13 Man-in-the-Middle Attack (1)
The key exchange of Diffie-Hellman is insecure against a man-in-the-middle attack. Alice and Bob will exchange the key, Darth is the adversary. Darth prepares the attack by generating two random keys XD1 and XD2. Darth computes YD1 and YD2. Alice sends Bob YA. Darth intercepts YA and sends Bob YD1. Darth computes K2 = (YA)XD2 mod q. Bob computes K1 = (YD1)XB mod q. Bob sends Alice YB. Darth intercepts YB and sends Alice YD2. Darth computes K1 = (YB)XD1 mod q. Alice computes K2 = (YD2)XA mod q.

14 Man-in-the-Middle Attack (2)
Communication between Alice and bob after key exchange process. Alice sends Bob encrypted message M: E(K2,M). Darth intercepts the encrypted message and decrypts it. Darth sends Bob E(K1,M) or E(K1,M’), M’ is any message (In this case, Darth alter the message).

15 ElGamal Key Exchange

16 ElGamal Key Exchange (1)
ElGamal was announced a public-key scheme based on discrete logarithms in 1984. ElGamal is closelly related to Diffie-Hellman technique. A prime number q and α in ElGamal an Diffie-Hellman are the same. Alice can generate a private/public key: Alice generates a random integer XA (1 < XA < q-1). Alice computes YA = αXA mod q. Alice has a private XA and public key {q, α, YA}.

17 ElGamal Key Exchange (2)
Bob can encrypt a message using Alice’s public key: The message is integer M in the range 0 ≤ M ≤ q-1. Bob chooses a random integer k (1 ≤ k ≤ q-1). Bob computer one-time key K = (YA)k mod q. Bob encrypts M  (C1,C2) where: C1 = αk mod q C2 = KM mod q Alice can recover the plaintext: Alice recovers the key by computing K = (C1)XA mod q. Alice computes M = (C2K-1) mod q.

18

19 Security of ElGamal To recover Alice’s private key, an adversary would have to compute discrete logarithm XA = dlogα,q(YA). To recover the one-time key K, an adversary would have to compute discrete logarithm k = dlogα,q(C1).

20 One-Way Function

21 one-way function is central to public-key cryptography
One-way functions are relatively easy to compute, but significantly harder to reverse That is, given x it is easy to compute f(x), but given f(x) it is hard to compute x.

22 Trapdoor A trapdoor one-way function is a special type of one-way function, one with a secret trapdoor. It is easy to compute in one direction and hard to compute in the other direction. But, if you know the secret, you can easily compute the function in the other direction That is, it is easy to compute f(x) given x, and hard to compute x given f(x). However, there is some secret information, y, such that given f(x) and y it is easy to compute x

23 One Way Hash Function A one-way hash function has many names: compression function, contraction function, message digest, fingerprint, cryptographic checksum, message integrity check (MIC), and manipulation detection code (MDC).

24 pre-image is likely to be the same as the real pre-image.
One Way Hash Function A hash function is a function mathematical or otherwise, that takes a variable-length input string (called a pre-image) and converts it to a fixed-length (generally smaller) output string (called a hash value). pre-image is likely to be the same as the real pre-image. to produce a value that indicates whether a candidate

25 A one-way hash function is a hash function that works in one direction: It is easy to compute a hash value from pre-image, but it is hard to generate a pre-image that hashes to a particular value. A good one-way hash function is also collision-free: It is hard to generate two pre-images with the same hash value.

26 Message Authentication Codes
A message authentication code (MAC), also known as a data authentication code (DAC), is a oneway hash function with the addition of a secret key . The hash value is a function of both the pre-image and the key. The theory is exactly the same as hash functions, except only someone with the key can verify the hash value. You can create a MAC out of a hash function or a block encryption algorithm; there are also dedicated MACs

27 Digital Signature Why Signature? The signature is authentic.
The signature is unforgeable. The signature is proof that the signer, and no one else, deliberately signed the document The signature is not reusable. The signed document is unalterable. After the document is signed, it cannot be altered. The signature cannot be repudiated.

28 Signing Documents with Public-Key Cryptography
Basic Protocol: Alice encrypts the document with her private key, thereby signing the document. Alice sends the signed document to Bob. Bob decrypts the document with Alice’s public key, thereby verifying the signature.

29 The Protocol Statisfies the Characteristic
The signature is authentic; when Bob verifies the message with Alice’s public key, he knows that she signed it. The signature is unforgeable; only Alice knows her private key. The signature is not reusable; the signature is a function of the document and cannot be transferred to any other document. The signed document is unalterable; if there is any alteration to the document, the signature can no longer be verified with Alice’s public key. The signature cannot be repudiated. Bob doesn’t need Alice’s help to verify her signature.

30 Signing Documents with Public-Key Cryptography and One-Way Hash Functions
Protocol: Alice produces a one-way hash of a document. Alice encrypts the hash with her private key, thereby signing the document. Alice sends the document and the signed hash to Bob. Bob produces a one-way hash of the document that Alice sent. He then, using the digital signature algorithm, decrypts the signed hash with Alice’s public key. If the signed hash matches the hash he generated, the signature is valid.

31 The bit string attached to the document when signed (in the previous example, the one-way hash of the document encrypted with the private key) will be called the digital signature, or just the signature. The entire protocol, by which the receiver of a message is convinced of the identity of the sender and the integrity of the message, is called authentication

32 Public Key Algorithm Since 1976, numerous public-key cryptography algorithms have been proposed. Many of these are insecure. Of those still considered secure, many are impractical. Either they have too large a key or the ciphertext is much larger than the plaintext

33 Only three algorithms work well for both encryption and digital signatures: RSA, ElGamal, and Rabin. All of these algorithms are slow. They encrypt and decrypt data much more slowly than symmetric algorithms; usually that’s too slow to support bulk data encryption.

34 Advantages Disadvantages Only private key must be kept secret.
In large network, the number of keys may be smaller than in the symmetric algorithm. Disadvantages Key sizes are larger than the key of symmetric algorithm. No public-key scheme has been proven to be secure. The most effective public-key encryption schemes have their security based on the set of number.

Download ppt "Key Exchange References: Applied Cryptography, Bruce Schneier"

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
The Diffie-Hellman Algorithm

The Diffie-Hellman Algorithm
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Introduction to Signcryption November 22, 2004. 22/11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.

Introduction to Signcryption November 22, /11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 6 Epayment Security II.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
Public Key Model 8. Cryptography part 2.

Public Key Model 8. Cryptography part 2.
8. Data Integrity Techniques

8. Data Integrity Techniques
CS5204 – Fall 2009 1 Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Chapter 2: Protocol Building Blocks

Chapter 2: Protocol Building Blocks
1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS 4362 - CIS 5357 Network Security.

1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS CIS 5357 Network Security.
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.

Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.

4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.

Similar presentations

Ads by Google