Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Cristina Onete || 25/09/2014 || 1 TD – Cryptography 25 Sept: Public Key Encryption + RSA 02 Oct: RSA Continued 09 Oct: NO TD 16 Oct: Digital Signatures.

Published bySharleen Hines Modified over 9 years ago

Similar presentations

Presentation on theme: " Cristina Onete || 25/09/2014 || 1 TD – Cryptography 25 Sept: Public Key Encryption + RSA 02 Oct: RSA Continued 09 Oct: NO TD 16 Oct: Digital Signatures."— Presentation transcript:

1  Cristina Onete || 25/09/2014 || 1 TD – Cryptography 25 Sept: Public Key Encryption + RSA 02 Oct: RSA Continued 09 Oct: NO TD 16 Oct: Digital Signatures 23 Oct: Key Exchange 30 Oct: NO TD 06 Nov: Multi-party key Exchange 13 Nov: Secure channels: TLS/SSL 20 Nov: Secure channels: TLS/SSL 27 Nov: Privacy-preserving Signatures

2  Cristina Onete || 25/09/2014 || 2 Graded Assignment (TD Noté)  Travail individuel À envoyer au plus tard le 21 octobre à 15H  2 TD’s Notés  À envoyer: par courriel à: maria-cristina.onete@irisa.fr  TD noté numéro 1: À envoyer au plus tard le 25 novembre à 15H  TD noté numéro 2:

3 Rennes, 25/09/2014 Cristina Onete maria-cristina.onete@irisa.fr Public-Key Encryption. RSA Basics

4  Cristina Onete || 25/09/2014 || 4 Why Cryptography Amelie Baptiste Jean Secret The enemy is all around us Goal: Secure communication over insecure channels Message confidentiality

5  What is Encryption? Amelie Baptiste B Jean C Secret Cristina Onete || 25/09/2014 || 5

6  What is Encryption? (II)  Symmetric Encryption  Public-Key Encryption B Used to encryptNeeded to decrypt B Key shared between parties Key must remain secret! B Public key Secret key Public key known to everyone Secret key must be secret! Block ciphers, AES Cristina Onete || 25/09/2014 || 6

7  What is Encryption? (III)  Some uses for Public Key Encryption: Confidential exchange of messages Key Exchange  Establishing secure channels https:// (TLS/SSL, see TD, lectures 3,4) ftp Onion routing (Tor networks) Digital signatures Authenticating messages or transactions Secure e-mail transmission: PGP, Outlook Cristina Onete || 25/09/2014 || 7

8  Contents  Basics of Public-Key Encryption  RSA Encryption Syntax – general algorithms Plaintext security notions Certification and PKI Basics: number theory Textbook RSA Cristina Onete || 25/09/2014 || 8 Security of Textbook RSA & Fixes Bleichenbacher’s attack  Next lecture: attacks, safe modes, applications

9  PKE Algorithms & Syntax  PKE = (KGen, Enc, Dec) B Security parameter: determines key size Everyone pksk Secret m ciphertext Secret Cristina Onete || 25/09/2014 || 9

10  Security of PKE  Assume: sk only known to Baptiste (as it should)  When do we call PKE secure? When attacker can’t learn m from c Can know one bit of m? When can’t learn anything about m from c Cristina Onete || 25/09/2014 || 10 Indistinguishability IND-CPA/IND-CCA ? ? ?

11  Security of PKE (II)  Deterministic vs. probabilistic encryption Deterministic encryption: Plaintext m always encrypts to same ciphertext What if message space is tiny? (“yes”/”no”)? Yes No Find plaintext Can never get IND- CCA security Cristina Onete || 25/09/2014 || 11 Remember: A knows pk; she can encrypt!

12  Security of PKE (III)  Deterministic vs. probabilistic encryption Probabilistic encryption Plaintext m encrypts to different ciphertexts Yes No ? ? ? Cristina Onete || 25/09/2014 || 12

13  Security of PKE (IV)  Probabilistic Encryption: How do we get probabilistic behaviour? Use different randomness at each encryption Yes Can two messages encrypt to same ciphertext? No ? ? ? No, that would confuse decryption Cristina Onete || 25/09/2014 || 13

14  Security of PKE (V)  How do we get IND-CCA/IND-CPA security? Keep the keys safe Keep the message safe B B B Secret Cristina Onete || 25/09/2014 || 14

15  Secret and Public Keys B pk sk connected HOW? Can sk be short (20-50 bits)? Wait until you get a ciphertext, try out all the keys, see which decryption make sense. Sufficient key-space principle: Any secure encryption scheme must have a key space that is not vulnerable to exhaustive search. Cristina Onete || 25/09/2014 || 15

16  Secret and Public Keys (II) B pk sk connected HOW? If Jean needs to read some of Baptiste’s messages, does Baptiste give him the key? Once Jean has a secret key, he can decrypt ALL the messages encrypted for Baptiste Cristina Onete || 25/09/2014 || 16

17  Secret and Public Keys (III) B pk sk connected HOW? Should users share one sk? If sk corresponds to many pks given to many users, is this good? Insecure: easier to make one give it away Either they share sk, which is not good BB Or only one has the sk, which means none of the others can decrypt. One sk should correspond to one pk Cristina Onete || 25/09/2014 || 17

18  Secret and Public Keys (IV) B pksk connected HOW? Can one pk correspond to many sks, given to many users? One-to-one relationship between sk and pk Anything one decrypts, the others can decrypt too; easier to corrupt one of them One pk should correspond to one sk Cristina Onete || 25/09/2014 || 18

19  Secret and Public Keys (V) B pk sk Easy Hard pk should be easily computable from sk sk must be hard to compute from pk! Usually rely on some “hard” problem QC: you physically can’t invert Cristina Onete || 25/09/2014 || 19

20  Secret and Public Keys (VI) B pk sk Easy Hard Computable  If c constant: generate keys, learn c  If c unique (per user), and chosen at random out of big space, it could be ok Cristina Onete || 25/09/2014 || 20

21  Secret and Public Keys (VII)  Assume keys are “well” chosen: pk easy to compute from sk sk large enough; hard to find from pk  How does Amelie know which pk is Baptiste’s? Baptiste could give it to Amelie in person cumbersome Get someone to check and attest that a specific key is Baptiste’s certification! Cristina Onete || 25/09/2014 || 21

22  B Certification  Centralized certification – hierarchical  Decentralized – PGP B Baptiste Certification Authority (CA) Certificate Baptiste public key pk used for:  PKE  signatures Expires on… CA Cristina Onete || 25/09/2014 || 22

23  Cristina Onete || 25/09/2014 || 23 Aside: Digital Signatures  Digital Signature (will come back in TDs 3 and 4) Baptiste Signer M Goal: message authenticity Yes, M came from Signer No, M is not from Signer NOT a Goal: message confidentiality Signatures usually do not hide the message In fact, M is often sent in clear, before the signature

24  Cristina Onete || 25/09/2014 || 24 Aside: Digital Signatures  Digital Signature (will come back in TDs 3 and 4) Baptiste Signer M How signatures work:  Signer has a secret key, known only to him  He signs M with the secret key  Everyone can check the signature given M and the public key Security: nobody can forge the signature without the secret key

25  Certification (II)  General structure of X.509 certificates: “Header”: version, serial number, algorithm (goal) Signer info: Issuer ID Validity: start date end date Content: who the certificate goes to Algorithm for PK Actual PK  Certificate  Signing Algorithm  Signature Extensions Cristina Onete || 25/09/2014 || 25

26  Certification (III)  Certificate Issuers and Receivers Issuer is either CA or has a valid certificate to sign certificates Verify Issuer Signature Check Issuer certificate validity Receiver is who he claims to be Alternative identification PK issued to name in DN style (unique), to email address, or DNS entry Blacklisting Cristina Onete || 25/09/2014 || 26

27  Up to now  Secure communication over insecure channels Use encryption  Symmetric vs. Public-Key Encryption SE: sk used for encryption and decryption PKE: pk for encryption; sk for decryption  PKE Security pk easy to compute from sk and certified sk hard to retrieve from pk and long enough Goal: attacker can’t learn anything about plaintext: IND-CPA/IND-CCA Cristina Onete || 25/09/2014 || 27

28  Contents  Basics of Public-Key Encryption  RSA Encryption Syntax – general algorithms Plaintext security notions Certification and PKI Basics: number theory Textbook RSA Security of Textbook RSA & Fixes Bleichenbacher’s attack  Next lecture: attacks, safe modes, applications Cristina Onete || 25/09/2014 || 28

29  Secret and Public Keys (IV) B pk sk Easy Hard pk should be easily computable from sk sk must be hard to compute from pk! Usually rely on some “hard” problem QC: you physically can’t invert Cristina Onete || 25/09/2014 || 29

30  Number Theory: Prime fields  Prime numbers, finite fields p is prime if its divisible only by 1 and p 2; 3; 17; 91; 293; 1777; 2,147,483,647 Z p = {0, 1, … p-1} is a finite field; p = 0 Z p is a group under addition Cristina Onete || 25/09/2014 || 30

31  Number Theory: Prime Fields (II) Cristina Onete || 25/09/2014 || 31  Example: p = 17.

32  Number Theory: Prime Fields (III)  Generators: Z p = {0, 1, … p-1} is a finite field; p = 0 Cristina Onete || 25/09/2014 || 32 12345678910 111213141516

33  Cristina Onete || 25/09/2014 || 33 Number Theory: Prime Fields (IV)

34  Number Theory: Factoring  Greatest common divisor (GCD) of t and n: Largest d such that d divides both t and n  t and n are co-prime iff. GCD(t, n) = 1 Cristina Onete || 25/09/2014 || 34

35  Number Theory: Factoring (II) Number of integers <n co-prime with n  Factoring (finding p, q) is hard given n Cristina Onete || 25/09/2014 || 35

36  To Remember Cristina Onete || 25/09/2014 || 36

37  RSA Encryption  RSA = Rivest, Shamir, Adelman Scientific American, 1977  Currently the backbone of Internet security Most of Public-Key Infrastructure (Certificates) SSL/TLS (https://) – main mode for Key Exchange Secure e-mailing: PGP, Outlook… Cristina Onete || 25/09/2014 || 37

38  Textbook RSA  Secret and public keys: B Cristina Onete || 25/09/2014 || 38

39  Textbook RSA (II) p, q, n:=pq B Secret Cristina Onete || 25/09/2014 || 39

40  Textbook RSA (III)  Why it works: Encryption: Decryption: Also works though if m = p or q Cristina Onete || 25/09/2014 || 40 We show this = 1

41  Textbook RSA (IV)  Parameter size: For “securer” RSA, choose parameters of around 2048 bits Cristina Onete || 25/09/2014 || 41

42 Thanks!

Download ppt " Cristina Onete || 25/09/2014 || 1 TD – Cryptography 25 Sept: Public Key Encryption + RSA 02 Oct: RSA Continued 09 Oct: NO TD 16 Oct: Digital Signatures."

Similar presentations

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
Public Key Encryption Algorithm

Public Key Encryption Algorithm
Rennes, 23/10/2014 Cristina Onete Putting it all together: using multiple primitives together.

Rennes, 23/10/2014 Cristina Onete Putting it all together: using multiple primitives together.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.

Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Cryptographic Technologies

Cryptographic Technologies
EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao

EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao
Cryptography and Network Security Chapter 9. Chapter 9 – Public Key Cryptography and RSA Every Egyptian received two names, which were known respectively.

Cryptography and Network Security Chapter 9. Chapter 9 – Public Key Cryptography and RSA Every Egyptian received two names, which were known respectively.
Public Key Cryptography and the RSA Algorithm

Public Key Cryptography and the RSA Algorithm
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.

Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Similar presentations

Ads by Google