1. Public-Key Cryptography and Message Authentication
In the Name of the Most High
Public-Key Cryptography and Message Authentication
Behzad Akbari
Fall 2010

2. OUTLINE Approaches to Message Authentication
Secure Hash Functions and HMAC
Public-Key Cryptography Principles
Public-Key Cryptography Algorithms
Digital Signatures
Key Management

3. Authentication Requirements: must be able to verify that:
1. Message came from apparent source or author,
2. Contents have not been altered,
3. Sometimes, it was sent at a certain time or sequence.
Protection against active attack (falsification of data and transactions)

4. Approaches to Message Authentication
Authentication Using Conventional Encryption
Only the sender and receiver should share a key
Message Authentication without Message Encryption
An authentication tag is generated and appended to each message
Message Authentication Code
Calculate the MAC as a function of the message and the key. MAC = F(K, M)

6. One-way HASH function

7. One Way Hash Function
Ideally we would like to avoid encryption, because:
Encryption software is slow
Encryption hardware costs aren’t cheap
Hardware optimized toward large data sizes
Algorithms covered by patents
Algorithms subject to export control

8. One-way HASH function
Secret value is added before the hash and removed before transmission.

9. Secure HASH Functions
Purpose of the HASH function is to produce a ”fingerprint.
Properties of a HASH function H :
H can be applied to a block of data at any size
H produces a fixed length output
H(x) is easy to compute for any given x.
For any given value h, it is computationally infeasible to find x such that H(x) = h
For any given block x, it is computationally infeasible to find with H(y) = H(x).
It is computationally infeasible to find any pair (x, y) such that H(x) = H(y)

10. Simple Hash Function
One-bit circular shift on the hash value after each block is processed would improve

11. Message Digest Generation Using SHA-1

12. SHA-1 Processing of single 512-Bit Block

13. Other Secure HASH functions
SHA-1
MD5
RIPEMD-160
Digest length
160 bits
128 bits
Basic unit of processing
512 bits
Number of steps
80 (4 rounds of 20)
64 (4 rounds of 16)
160 (5 paired rounds of 16)
Maximum message size
264-1 bits

14. HMAC(Hash-based MAC)
Use a MAC derived from a cryptographic hash code, such as SHA-1.
Motivations:
Cryptographic hash functions executes faster in software than encryptoin algorithms such as DES
Library code for cryptographic hash functions is widely available
No export restrictions from the US

15. HMAC Structure

16. Public-Key Cryptography Principles
The use of two keys has consequences in: key distribution, confidentiality and authentication.
The scheme has six ingredients (see Figure 3.7)
Plaintext
Encryption algorithm
Public and private key
Ciphertext
Decryption algorithm
استفاده از توابع ریاضی بجای اسفاده از عملییات ساده روی الگوهای بیتی
امنیت هر طرح رمز نگاری وابسته به –ظول کلید و کار محاسباتی در شکستن رمز
سربار محاسباتی در رمز نگاری عمومی بیشتر است در نتیجه پر کاربرد تر است
کلید ها:تبدیلات واقعی که توسط الگوریتم ها انجام میشود وابسته به به کلید عمومی و خصوصی است
متن رمز شده وابسته به کلید و متن ساده است

17. Encryption using Public-Key system

18. Authentication using Public-Key System

19. Applications for Public-Key Cryptosystems
Three categories:
Encryption/decryption: The sender encrypts a message with the recipient’s public key.
Digital signature: The sender ”signs” a message with its private key.
Key echange: Two sides cooperate exhange a session key.

20. Requirements for Public-Key Cryptography
Computationally easy for a party B to generate a pair (public key KUb, private key KRb)
Easy for sender to generate ciphertext:
Easy for the receiver to decrypt ciphertect using private key:

21. Requirements for Public-Key Cryptography
Computationally infeasible to determine private key (KRb) knowing public key (KUb)
Computationally infeasible to recover message M, knowing KUb and ciphertext C
Either of the two keys can be used for encryption, with the other used for decryption:

22. Public-Key Cryptographic Algorithms
RSA - Ron Rives, Adi Shamir and Len Adleman at MIT, in 1977.
RSA is a block cipher
The most widely implemented

23. The RSA Algorithm–Key Generation
Select p,q p and q both prime
Calculate n = p x q
Calculate
Select integer e
Calculate d
Public Key KU = {e,n}
Private key KR = {d,n}

24. The RSA Algorithm - Encryption
Plaintext: M<n
Ciphertext: C = Me (mod n)

25. The RSA Algorithm - Decryption
Ciphertext: C
Plaintext: M = Cd (mod n)

26. RSA example: Bob chooses p=5, q=7. Then n=35, z=(p-1) (q-1)=24.
e=5 (so e, z relatively prime).
(d=29 (so ed-1 exactly divisible by z. e
c = m mod n e
letter m m
encrypt: l 12 17 c d
m = c mod n d c
letter
decrypt: 17 12 l

27. Example of RSA Algorithm

28. Diffie-Hellman Key Echange

29. Diffie-Hellman

30. Diffie-Hellman
Alice and Bob agree to use a prime number p=23 and base g=5.
Alice chooses a secret integer a=6, then sends Bob (ga mod p)
56 mod 23 = 8.
Bob chooses a secret integer b=15, then sends Alice (gb mod p)
515 mod 23 = 19.
Alice computes (gb mod p)a mod p
196 mod 23 = 2.
Bob computes (ga mod p)b mod p
815 mod 23 = 2.
base g : primitive root of p
A primitive root of p is a number r such that any integer a between 1 and p-1 can be expressed by a=r^k mod p, with k a nonnegative integer smaller that p-1.

31. Message Authentication Code
(shared secret) s m
H(m+s)
H(.)
compare
(message)
public
Internet
append m
H(m+s) m
H(.)
H(m+s) s
(shared secret)

32. Digital Signatures
cryptographic technique analogous to hand-written signatures.
sender (Bob) digitally signs document, establishing he is document owner/creator.
verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document

33. Digital Signatures simple digital signature for message m:
Bob “signs” m by encrypting with his private key KB, creating “signed” message, KB(m) - - K B -
Bob’s message, m
Bob’s private
key K B -
(m)
Dear Alice
Oh, how I have missed you. I think of you all the time! …(blah blah blah)
Bob
Bob’s message, m, signed (encrypted) with his private key
public key
encryption
algorithm

34. Digital Signatures (more)-
suppose Alice receives msg m, digital signature KB(m)
Alice verifies m signed by Bob by applying Bob’s public key KB to KB(m) then checks KB(KB(m) ) = m.
if KB(KB(m) ) = m, whoever signed m must have used Bob’s private key. + - - + + -
Alice thus verifies that:
Bob signed m.
No one else signed m.
Bob signed m and not m’.
non-repudiation:
Alice can take m, and signature KB(m) to court and prove that Bob signed m. -

35. Digital signature = signed MAC
Alice verifies signature and integrity of digitally signed message:
Bob sends digitally signed message:
large
message m
H: hash
function
KB(H(m)) -
encrypted
msg digest
H(m)
digital
signature
(encrypt)
Bob’s
private
key
large
message m K B -
Bob’s
public
key
digital
signature
(decrypt) K B +
KB(H(m)) -
encrypted
msg digest
H: hash
function +
H(m)
H(m)
equal ?

36. Public Key Certification
public key problem:
When Alice obtains Bob’s public key (from web site, , diskette), how does she know it is Bob’s public key, not Trudy’s?
solution:
trusted certification authority (CA)

37. Certification Authorities
Certification Authority (CA): binds public key to particular entity, E.
E registers its public key with CA.
E provides “proof of identity” to CA.
CA creates certificate binding E to its public key.
certificate containing E’s public key digitally signed by CA: CA says “This is E’s public key.” - K CA
(K ) B +
digital
signature
(encrypt) K B +
Bob’s
public
key K B + CA
private
key
certificate for Bob’s public key, signed by CA -
Bob’s
identifying information K CA

38. Certification Authorities
when Alice wants Bob’s public key:
gets Bob’s certificate (Bob or elsewhere).
apply CA’s public key to Bob’s certificate, get Bob’s public key K B + - K CA
(K ) B +
digital
signature
(decrypt)
Bob’s
public
key K B + CA
public
key + K CA

39. Key ManagementPublic-Key Certificate Use