Presentation is loading. Please wait.

Presentation is loading. Please wait.

Campbell R. Harvey Duke University and NBER

Published byMarian Procházka Modified over 5 years ago

Similar presentations

Presentation on theme: "Campbell R. Harvey Duke University and NBER"— Presentation transcript:

1 Campbell R. Harvey Duke University and NBER
Innovation and Cryptoventures Digital Signatures Campbell R. Harvey Duke University and NBER January 26, 2019

2 Campbell R. Harvey 2019

3 Definition Cryptography is the science of communication in the presence of an adversary. Part of the field of cryptology. Campbell R. Harvey 2019

4 Goals of Adversary Alice sends message to Bob Eve is the adversary
Campbell R. Harvey 2019

5 Goals of Adversary Eve’s goals could be: Eavesdrop
Steal secret key so that all future messages can be intercepted Change Alice’s message to Bob Masquerade as Alice in communicating to Bob Campbell R. Harvey 2019

6 Symmetric Keys Early algorithms were based on symmetric keys.
This meant a common key encrypted and decrypted the message You needed to share the common key and this proved difficult Campbell R. Harvey 2019

7 Secret Keys Symmetric key
DES (Data Encryption Standard) was a popular symmetric key method, initially used in SET (first on-line credit card protocol) DES has been replaced by AES (Advanced Encryption Standard) Campbell R. Harvey 2019

8 Diffie-Hellman Key Exchange
Breakthrough in 1976 with Diffie-Hellman-Merkle key exchange There is public information that everyone can see. Each person, say Alice and Bob, have secret information. The public and secret information is combined in a way to reveal a single secret key that only they know Campbell R. Harvey 2019

9 Diffie-Hellman Key Exchange
Will use prime numbers and modulo arithmetic We already encountered one example of modular arithmetic simple ciphers (also the SHA-256 which uses mod=232 or 4,294,967,296) Campbell R. Harvey 2019

10 Symmetric Key Exchange
Numerical example “5 mod 2” = 1 Divide 5 by 2 the maximum number of times (2) 2 is the modulus The remainder is 1 Remainders never larger than (mod-1) so for mod 12 (clock) you would never see remainders greater than 11. EXCEL function = mod(number, divisor) e.g., mod(329, 17) = 6 “mod” Campbell R. Harvey 2019

11 Symmetric Key Exchange
Alice and Bob decide on two public pieces for information A modulus (say 17) A generator (or the base for an exponent) (say 3) Alice has a private key (15) Bob has a private key (13) Is it possible for them to share a common secret that is unlikely to be intercepted? Campbell R. Harvey 2019

12 Symmetric Key Exchange
Alice: Calculates 315 mod 17 = 6 (i.e., =mod(3^(15), 17)) Alice send the message “6” to Bob Campbell R. Harvey 2019

13 Symmetric Key Exchange
Alice: Calculates 315 mod 17 = 6 (i.e., =mod(3^(15), 17)) Alice send the message “6” to Bob Eve intercepts the message! Campbell R. Harvey 2019

14 Symmetric Key Exchange
Bob: Calculates 313 mod 17 = 12 (i.e., =mod(3^(13), 17)) Bob send the message “12” to Alice Campbell R. Harvey 2019

15 Symmetric Key Exchange
Bob: Calculates 313 mod 17 = 12 (i.e., =mod(3^(13), 17)) Bob send the message “12” to Alice Eve intercepts the message! Now Eve has the 6 and the 12. Campbell R. Harvey 2019

16 Symmetric Key Exchange
Alice: She takes Bob’s message of 12 and raises it to the power of her private key. Calculates 1215 mod 17 = 10 (i.e., =mod(12^(15), 17))* This is their common secret Campbell R. Harvey 2019 *EXCEL only does 15 digits so this will not work

17 Symmetric Key Exchange
Bob: He takes Alice’s message of 6 and raises it to the power of his private key. Calculates 613 mod 17 = 10 (i.e., =mod(6^(13), 17)) This is their common secret Campbell R. Harvey 2019

18 Symmetric Key Exchange
Eve She has intercepted their message. However, without the common secret key, there is little chance she can recover the shared secret. Campbell R. Harvey 2019

19 Symmetric Key Exchange
Common secret Alice can now encrypt a message with the common secret and Bob can decrypt it with the common secret. Notice this is a common secret. Next we will talk private/public keys. That is, both and Alice have separate public keys and separate private keys. Campbell R. Harvey 2019

20 Asymmetric Keys: RSA - High Level Overview
RSA stands for Rivest, Shamir and Adleman. Discovered earlier by UK Communications-Electronics Security Group (CESG) – but kept secret. Receiver generates two public pieces of information and a private key One piece of public information is just the product of two prime numbers, N=p*q (called “max”) The other is the public key, e, is just another prime that is greater than 2 and less than the product, N The prime numbers, p and q, that are used are huge. The private key is mathematically linked to public keys. Sender encrypts with the two public keys, e and N Receiver can easily decrypt Campbell R. Harvey 2019

21 Asymmetric Keys: RSA - High Level Overview
See my Cryptography 101 (linked) deck for much more detail. Two prime numbers are chosen and they are secret (say 7 and 13, p, q). Multiply them together. The product (N=91) is public but people don’t know the prime numbers used to get it. A public key, e, is chosen (say 5). Given the two prime numbers, 7 and 13, and the public key, 5, we can derive the private key, which is 29. Campbell R. Harvey 2019

22 Asymmetric Keys: RSA - High Level Overview
Issues with RSA RSA relies on factoring N is public (our example was 91) as is e If you can guess the factors, p, q, then you can discover the private key Campbell R. Harvey 2019

23 Asymmetric Keys: RSA - High Level Overview
Issues with RSA Factoring algorithms have become very efficient To make things worse, the algorithms become more efficient as the size of the N increases Hence, larger and larger numbers are needed for N (moving to 2,048 bits) This creates issues for mobile and low power devices that lack the computational power Campbell R. Harvey 2019

24 Elliptic Curve Cryptography
Mathematics of elliptic curves Does not rely on factoring Curve takes the form of y2 = x3 + ax + b Note that diagram is “continuous” but we will be using discrete versions of this arithmetic Note: 4a3 + 27b2 ≠ 0 Bitcoin uses a=0 and b=7 Campbell R. Harvey 2019

25 Elliptic Curve Cryptography
Properties Symmetric in x-axis Any non-vertical line between two points intersects in three points Algebraic representation Campbell R. Harvey 2019

26 Elliptic Curve Cryptography
Properties: Addition Define a system of “addition”. To add “P” and “Q” pass a line through and intersect at third point “R”. Drop a vertical line down to symmetric part. This defines P+Q (usually denoted 𝑃⊕𝑄) R P Q P+Q Denote Elliptic Curve as E Campbell R. Harvey 2019

27 Elliptic Curve Cryptography
Properties: Doubling Define a system of “addition”. To add “P” and “P” use a tangent line and intersect at third point. Drop a vertical line down to symmetric part. This definite 2P (usually denoted 𝑃⊕𝑃) P Denote Elliptic Curve as E 2P Campbell R. Harvey 2019

28 Elliptic Curve Cryptography (Optional slide)
Properties: Other P + O = O + P = P for all P ∈ E. (existence of identity) (b) P + (−P) = O for all P ∈ E. (existence of inverse) (c) P + (Q + R) = (P + Q) + R for all P, Q, R ∈ E. (associative) (d) P + Q = Q + P for all P, Q ∈ E (communativity) Denote Elliptic Curve as E Campbell R. Harvey 2019

29 Elliptic Curve Cryptography
Why use in cryptography? Suggested by Koblitz and Miller in 1985 Implemented in 2005 Key insight: Adding and doubling on the elliptic curve is easy but undoing the adding is very difficult 256 bit ECC public key provides about the same security as 3,072 bit RSA public key Bitcoin uses a particular type of ECC known as secp256k1 Campbell R. Harvey 2019

30 ECDSA Private key is a number called “signing key” (SK). It is secret.
Public key is the “verification key” and is mathematically linked to the private key EC SK VK Private key: (number) Elliptic curve operations: Need base point, modulus, order Public key: coordinate (x, y) Note: Easy to generate a public key with a private key. Not easy to go the other way. Campbell R. Harvey 2019

31 ECDSA Digital signature EC DS SK Private key: (number)
Nonce: (random number) Nonce EC Message DS SK Private key: (number) Elliptic curve operations: Need base point, modulus, order (n) Digital signature: coordinate (r, s) Campbell R. Harvey 2019

32 ECDSA Verification s EC (x’, y’) VK Elliptic curve operations:
coordinates r Yes (verified) s EC (x’, y’) r = x’ mod n ? Message No (rejected) VK Elliptic curve operations: Need base point, order (n) Derive new point on elliptic curve Check x coordinate of new point and DS Public key: (x, y) Note r not used until verification step Campbell R. Harvey 2019

33 How DSAs Work Notice Proves that the person with the private key (that generated the public key) signed the message. Interestingly, digital signature is different from a usual signature in that it depends on the message, i.e., the signature is different for each different message. In practice, we do not sign the message, we sign a cryptographic hash of the message. This means that the size of the input is the same no matter how long the message is. Campbell R. Harvey 2019

34 ECDSA in Action Campbell R. Harvey 2019

35 ECDSA in Action OP_CHECKSIG uses Public Key + Digital Signature + Hash of Transaction Verifies whether this transaction has been signed by the owner of the Private Key (advanced by Matt Thomas) Campbell R. Harvey 2019

36 Application: PGP Email
My public key for secure You can encrypt an to me with my public key and only I can decrypt with my private key. Campbell R. Harvey 2019

37 Application: PGP Email
Steps Message compressed Random session key (based on mouse movements and keystrokes) is generated. Message encrypted with session key Session key is encrypted with receiver’s public key Encrypted message + encrypted session key sent via Recipient uses their private key to decrypt the session key Session key is used to decrypt the message Message decompressed Campbell R. Harvey 2019

38 References The Math Behind Bitcoin [recommended]
Elliptic Curve Digital Signature Algorithm (Bitcoin) What does the curve used in Bitcoin, secp256k1, look like? Elliptic Curve Digital Signature Algorithm (Wikipedia) Elliptic Curve Cryptography (UCSB) Elliptic Curve Cryptography and Digital Rights Management (Purdue) Zero to ECC in 30 minutes (Entrust) The Elliptic Curve Cryptosystem Goldwasser, Shaffi and Mihir Bellare, 2008, Lecture Notes on Cryptography Dan Boneh, Stanford University, Introduction to Cryptography Dan Boneh, Stanford University, Cryptography II Campbell R. Harvey 2019

Download ppt "Campbell R. Harvey Duke University and NBER"

Similar presentations

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.

BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 6 Epayment Security II.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Public Key Model 8. Cryptography part 2.

Public Key Model 8. Cryptography part 2.
Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.

Andreas Steffen, , 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.

1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
Prime Numbers Prime numbers only have divisors of 1 and self

Prime Numbers Prime numbers only have divisors of 1 and self
10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.

10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.
Encryption Coursepak little bit in chap 10 of reed.

Encryption Coursepak little bit in chap 10 of reed.
Cryptography Dec 29. This Lecture In this last lecture for number theory, we will see probably the most important application of number theory in computer.

Cryptography Dec 29. This Lecture In this last lecture for number theory, we will see probably the most important application of number theory in computer.
Chapter 21 Public-Key Cryptography and Message Authentication.

Chapter 21 Public-Key Cryptography and Message Authentication.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.

Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
Cryptography and Network Security Chapter 9 - Public-Key Cryptography

Cryptography and Network Security Chapter 9 - Public-Key Cryptography
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.

PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Public Key Algorithms Lesson Introduction ●Modular arithmetic ●RSA ●Diffie-Hellman.

Public Key Algorithms Lesson Introduction ●Modular arithmetic ●RSA ●Diffie-Hellman.
Public Key Cryptosystem Introduced in 1976 by Diffie and Hellman [2] In PKC different keys are used for encryption and decryption 1978: First Two Implementations.

Public Key Cryptosystem Introduced in 1976 by Diffie and Hellman [2] In PKC different keys are used for encryption and decryption 1978: First Two Implementations.

Similar presentations

Ads by Google