Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptosystems, Hash Functions and Digital Signatures --- Lecture 4 ---

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Cryptosystems, Hash Functions and Digital Signatures --- Lecture 4 ---"— Presentation transcript:

1 Cryptosystems, Hash Functions and Digital Signatures --- Lecture 4 ---

2 Information and Nework Security2 Outline n Why public key cryptography ? n General principles of public key cryptography n The RSA public key cryptosystem n One way hash functions n Digital signature

3 Information and Nework Security3 Private key cipher E Network or Storage Plain Text Cipher Text D Bob Secret Key Alice Secret Key Plain Text

4 Information and Nework Security4 Problems with private key ciphers n In order for Alice & Bob to be able to communicate securely using a private key cipher, such as DES, they have to have a shared key in the first place. çQuestion: What if they have never met before ? n Alice needs to keep 100 different keys if she wishes to communicate with 100 different people

5 Information and Nework Security5 Motivation of Public Key Cryptography n Is it possible for Alice & Bob, who have no shared secret key, to communicate securely ? n This led to the SINGLE MOST IMPORTANT discovery of public key communications: çDiffie & Hellman’s ideas of public key cryptography: çDiffie & Hellman’s ideas of public key cryptography:

6 Information and Nework Security6 Main ideas n Bob: ç publishes, say in Yellow/White pages, his lpublic (for encryption) key, and lencryption algorithm. çkeeps to himself lthe matching secret (for decryption) key.

7 Information and Nework Security7 Main ideas (2) n Alice: çLooks up the phone book, and finds out Bob’s lpublic key, and lencryption algorithm. çEncrypts a message using Bob’s public key and encryption algorithm. çsends the ciphertext to Bob.

8 Information and Nework Security8 Main ideas (3) n Bob: çReceives the ciphertext from Alice çDecrypts the ciphertext using his secret key, together with the decryption algorithm

9 Information and Nework Security9 Public Key Cryptosystem E Network Plain Text Cipher Text D Plain Text Alice Bob Bob: Public Key Directory (Yellow/White Pages) Secret Key

10 Information and Nework Security10 Main differences with DES n The public key is different from the secret key. n Infeasible for an attacker to find out the secret key from the public key. n No need for Alice & Bob to distribute a shared secret key beforehand ! n Only one pair of public and secret keys is required for each user !

11 Information and Nework Security11 Realising public key ciphers n The most famous system that implements Diffie & Hellman’s ideas on public key ciphers is due to çRonald Rivest çAdi Shamir çLeonard Adleman n This public key cryptosystem is called RSA.

12 Information and Nework Security12 Mathematical background Assume that we are working with non- negative integers: n Prime and composite numbers ça prime number is an integer that can be divided only by 1 and itself lE.g.2,3,5,7,11,13, 101,...... çall other integers are composite lE.g.4,6,8,9,10,12, 523743960876432,800164386535

13 Information and Nework Security13 Mathematical background Modular operations n “remainder” ç13 mod 5 = 3, 1 mod 7 = 1 ç20 mod 5 = 0,32 mod 7 = 4 n modular exponentiation ç2 2 mod 3 = 1, 3 2 mod 3 = 0 ç2 2 mod 5 = 4, 10 2 mod 92 = 8 ç4 6 mod 10 = 6, 3 11 mod 10 = 7

14 Information and Nework Security14 Mathematical background n a is relative prime to b if the largest integer that divides both a & b is 1 çE.g: l any m (<>0) is relatively prime to a prime number l is 9 relatively prime to 10?

15 Information and Nework Security15 Mathematical background n Let ø(n) denote the total numbers that are less than n and relatively prime to n çIf n is a prime number then ø(n) = n – 1 çIf p, q are prime numbers and n=p*q, then l Ø(n) = Ø(p*q) = p*q – (p + q -1) = (p-1)*(q-1) - p & q are prime numbers => only multiples of p and q are not relatively prime to p*q - That is: there are (p + q – 1) multiples [0 is counted once] of p and q lE.g: p = 3; q=7; {0, 3, 7, 6, 9, 12, 14, 15, 18} are not relatively prime to p*q lØ(n) = ø(p*q) = 12 ; {1,2,4,5,8,10,11,13,16,17,19,20}

16 Information and Nework Security16 Mathematical background y & n are integers and y (mod ø(n)) = 1, for any x < n, x y mod n = x (1) y & n are integers and y (mod ø(n)) = 1, for any x < n, x y mod n = x (1) çE.g: ly=13 ; n=7; x = 4; lø(n) = 6; y mod ø(n) = 13 mod 6 = 1; lx y = 4 13; x y mod n = 4 13 mod 6 = 4 = x mod n;

17 Information and Nework Security17 Mathematical background The multiplicative inverse of x with modulo n is y such that: (x*y) mod n = 1 (2). The multiplicative inverse of x with modulo n is y such that: (x*y) mod n = 1 (2). n The above multiplicative inverse can be used to create a simple public key cipher: either x or y can be thought of as a secret key and the other is the public key. E.g: x=3; n=10; y=7; we have: (3*7) mod 10 = 1; ¥M =5 ; s3*5 (mod 10) = 5 ; 5*7 (mod 10) = 5 = M (message) ¥M =6 ; s3*6 (mod 10) = 8; 8*7 (mod 10) = 6 = M (message)

18 Information and Nework Security18 RSA Public Key Cryptosystem c= m e mod n Network Plain TextCipher Text Plain Text Alice Bob Bob: (e, n) Public Key Directory (Yellow/White Pages) public key: e & n secret key: d m= c d mod n

19 Information and Nework Security19 RSA (1) n Bob: çchooses 2 large prime numbers:p, q multiplies p and q:n = p*q çfinds out two numbers e & d such that (e * d) mod ø(n) = 1 [ similar to (2) ] (e * d) mod ø(n) = 1 [ similar to (2) ] Or (e * d) mod [(p-1)*(q-1)] = 1 çpublic key (published in the phone book) l2 numbers:(e, n) lencryption alg:modular exponentiation çsecret key:(d,n)

20 Information and Nework Security20 RSA (2) n Alice has a message m to be sent to Bob: çfinds out Bob’s public encryption key (e, n) çcalculates m e (mod n) -> c çsends the ciphertext c to Bob

21 Information and Nework Security21 RSA (3) n Bob: çreceives the ciphertext c from Alice çuses his matching secret decryption key d to calculate c d (mod n) -> m

22 Information and Nework Security22 RSA --- 1st small example (1) n Bob: çchooses 2 primes:p=5, q=11 multiplies p and q:n = p*q = 55 çfinds out two numbers e=3 & d=27 which satisfy (3 * 27) mod 40 = 1 çBob’s public key l2 numbers:(3, 55) lencryption alg:modular exponentiation çsecret key:(27,55)

23 Information and Nework Security23 RSA --- 1st small example (2) n Alice has a message m=13 to be sent to Bob: çfinds out Bob’s public encryption key (3, 55) çcalculates c: c = m e (mod n) = 13 3 (mod 55) = 2197 (mod 55) = 52 çsends the ciphertext c=52 to Bob

24 Information and Nework Security24 RSA --- 1st small example (3) n Bob: çreceives the ciphertext c=52 from Alice çuses his matching secret decryption key 27 to calculate m: m = 52 27 (mod 55) = 13 (Alice’s message)

25 Information and Nework Security25 How does RSA work? n n = p*q => Ø(n) = Ø(p*q) = (p-1)*(q-1) n We choose d & e such that  (e * d) mod ø(n) = = 1 ; similar to (2)  for any m < n: m de = m mod n ; from (1)  an RSA encryption consists of taking m and raising it to e ; and decrypting the ciphertext by raising the result of the encrytion to d : lWe have ¥(a*b) mod n = [(a mod n) * (b mod n)] mod n; ¥a x mod n = [(a mod n)* (a mod n)* … (a mod n)] mod n ----x times of a mod n--- ----x times of a mod n--- = (a mod n) x mod n hence : (m e mod n) d mod n = ( m e ) d mod n = ( m ed ) mod n = m mod n = m [from (1)] hence : (m e mod n) d mod n = ( m e ) d mod n = ( m ed ) mod n = m mod n = m [from (1)]

26 Information and Nework Security26 Remarks on RSA n The message m has to be an integer between the range [1, n). n To encrypt long messages we can use modes of operation as for block private key ciphers, or a hybrid cryptosystem.

27 Information and Nework Security27 Why RSA is Secure n Attack Scenario: çMarvin wants to read Alice’s private message (m) intended to be read only by Bob. çHowever, Alice used RSA to encrypt m using Bob’s public key (e, n), into the ciphertext c = m e (mod n). çMarvin is a determined attacker and managed to intercept the ciphertext c on its way from Alice’s to Bob’s computer. çMarvin also looked up Bob’s public key (e,n) to help him in his attack.

28 Information and Nework Security28 Why RSA is Secure n Marvin now has (c,e,n) and wants to find out m. n How can Marvin proceed to find m? çApproach 1: If Marvin could also find out Bob’s secret key d, he could decrypt c into m in the same way as Bob does. lSuppose Bob guards his secret key d very well, what can Marvin do then? çApproach 2: Marvin knows that c = m e (mod n). He knows that m is a number between 1 and n-1. So he could use exhaustive search through all n possible messages m. l But if n is large this takes a long time!

29 Information and Nework Security29 Why RSA is Secure n Marvin’s Attack options (cont): çApproach 3: Marvin can try to compute Bob’s secret key d from (e,n) and then use Approach 1. l Remember that (e * d) mod ((p-1)*(q-1) ) = 1 l Marvin found in a ‘Number Theory’ book a very fast algorithm called EUCLID to solve the following problem: Given two numbers (r,s), the algorithm outputs a number x such that (r * x) mod s = 1.

30 Information and Nework Security30 Why RSA is Secure n Approach 3 is the most efficient known method Marvin can use to attack RSA! n The time taken for Marvin to execute the attack in Approach 3 is essentially the time to factorize n (n=p*q) into the prime factors p and q. n Therefore, we say that RSA is based on the factorization problem: While it is easy to multiply large primes together, ! n Therefore, we say that RSA is based on the factorization problem: While it is easy to multiply large primes together, it is computationally infeasible to factorize or split a large composite into its prime factors !

31 Information and Nework Security31 Why RSA is Secure n Therefore, when both p and q in RSA are of at least 155 digits, the product n=p*q is 310 digits. n Then no one can factorize n in less time than a few thousand years, not even Marvin!! n Thus the only person who can extract the plaintext m from the ciphertext c is Bob, as only he knows the secret decryption key d !

32 Information and Nework Security32 Marvin’s New Attack Idea n Instead of just eavesdropping, Marvin can try a more active attack! n Outline of the New Attack: çMarvin generates an RSA key pair lPublic key = Kpub_* = (N_*, e_*) lSecret key = Ksec_* = (N_, d_*) çMarvin sends the following email to Alice, pretending to be Bob: lHi Alice, ¥Please use my new public key from now on to encrypt messages to me. My new public key is Kpub_*. ¥Yours sincerely, Bob. çMarvin decrypts any messages Alice sends to Bob (encrypted with Kpub_*), using Ksec_*.

33 Information and Nework Security33 Preventing Marvin’s Active Attack n The active attack works because: çAlice was tricked by Marvin into encrypting a message intended for Bob using a “fake” public key which is NOT Bob’s public key (in fact it was Marvin’s). n To prevent the attack: çBefore Alice encrypts a message for Bob, she must make sure she has Bob’s CORRECT public key (and not a fake one). çAlice needs a way of testing the truth of any “Bob’s key message” informing Alice of Bob’s Public Key. çNo one besides Bob should be able to produce such a message so that it will pass Alice’s Test.

34 Information and Nework Security34 Preventing Marvin’s Active Attack (2) n This is a setting where Alice and Bob have a message integrity security requirement! çIe. Alice and Bob want to prevent fabrication and/or modification of a “Bob’s key message” (a message informing Alice of Bob’s public key) by unautorised parties (like Marvin). n The main cryptographic tool used to achieve message integrity is “Authority Certificates”. n Later we will see how Digital Signatures can be used to prevent Marvin’s Attack!

35 Information and Nework Security35 Private key ciphers n Good points çin-expensive to use çfast çlow cost VLSI chips available n Bad points çkey distribution is a problem

36 Information and Nework Security36 Public key ciphers n Good points çkey distribution is NOT a problem n Bad points çrelatively expensive to use çrelatively slow çVLSI chips not available or relatively high cost

37 Information and Nework Security37 Combining 2 Type of Ciphers n In practice, we can çuse a public key cipher (such as RSA) to distribute keys çuse a private key cipher (such as DES) to encrypt and decrypt messages

38 Information and Nework Security38 The Need of Digital Signature n Social & business activities and their associated documents are becoming digital çdigital conferences çdigital contract signing çdigital cash payments,...... n Hand-written signatures are not applicable to digital data

39 Information and Nework Security39 Digital Signature (based on RSA) Public Key Directory (Yellow/White Pages) Bob: E Network Plain Text Bob Secret Key + Cathy Signature Accept if equal D Signature ? Public Key

40 Information and Nework Security40 Digital Signature (for short doc) Public Key Directory (Yellow/White Pages) Bob: (e, n) Network Plain Text Bob Secret Key d + Cathy Signature Accept if equal Signature ? Public Key (e, n) s = m d mod n t =s e mod n

41 Information and Nework Security41 RSA Signature --- an eg (1) n Bob: çchooses 2 primes:p=5, q=11 multiplies p and q:n = p*q = 55 çfinds out two numbers e=3 & d=27 which satisfy (3 * 27) mod 40 = 1 çBob’s public key l2 numbers:(3, 55) lencryption alg:modular exponentiation çsecret key:(27,55)

42 Information and Nework Security42 RSA Signature --- an eg (2) n Bob has a document m=19 to sign: çuses his secret key d=27 to calculate the digital signature of m=19: s = m d (mod n) = 19 27 (mod 55) = 24 çappends 24 to 19. Now (m, s) = (19, 24) indicates that the doc is 19, and Bob’s signature on the doc is 24.

43 Information and Nework Security43 RSA Signature --- an eg. (3) n Cathy, a verifier: çreceives a pair (m,s)=(19, 24) çlooks up the phone book and finds out Bob’s public key (e, n)=(3, 55) çcalculatest = s e (mod n) = 24 3 (mod 55) = 19 çchecks whether t=m çconfirms that (19,24) is a genuinely signed document of Bob if t=m.

44 Information and Nework Security44 How about Long Documents ? n In the previous example, a document has to be an integer in [1,...,n) n To sign a very long document, we need a so called one-way hash algorithm n Instead of signing directly on a doc, we hash the doc first, and sign the hashed data which is normally short.

45 Information and Nework Security45 One-Way Hash Algorithm n A one-way hash algorithm hashes an input document into a condensed short output (say of 100 bits) çDenoting a one-way hash algorithm by H(.), we have: lInput: m - a binary string of any length lOutput: H(m) - a binary string of L bits, called the “hash of m under H”. lThe output length parameter L is fixed for a given one- way hash function H, leg ¥The one-way hash function “MD5” has L = 128 bits ¥The one-way hash function “SHA-1” has L = 160 bits

46 Information and Nework Security46 One-Way Hash Algorithm A document (of any length) A condensed short output, say of 100 bits

47 Information and Nework Security47 Properties of One-Way Hash Algorithm n A good one-way hash algorithm H needs to have these properties : ç1. Easy to Evaluate: lThe hashing algorithm should be fast lI.e. given any document m, the hashed value h = H(m) can be computed quickly. ç2. Hard to Reverse: lThere is no feasible algorithm to “reverse” a hashed value, lI.e. given any hashed value h, it is computationally infeasible to find any document m such that H(m) = h. çNOTE: An algorithm is called ‘One-Way’ if it has BOTH properties 1 and 2. ç3. Hard to find Collisions: lThere is no feasible algorithm to find two or more input documents which are hashed into the same condensed output, lI.e it is computationally infeasible to find any two documents m 1, m 2 such that H(m 1 )= H(m 2 ).

48 Information and Nework Security48 The One-way Property Hash value h (length= L bits) H Document m (any length) This direction is easy to compute! Hash value h (length= L bits) H Document m (any length) But this direction is infeasible to compute!

49 Information and Nework Security49 Finding Collision is Infeasible (same condensed output) I, Bob, will pay $1,000 to Alice. I, Bob, will pay $10,000 to Alice. HH Document m 1 Document m 2

50 Information and Nework Security50 Digital Signature (for long doc) Public Key Directory (Yellow/White Pages) Bob: Network Plain Text H 100 bits Bob Secret Key + H 100 bits Cathy Signature Accept if equal 1-way hash 100 bits Signature ? Public Key

51 Information and Nework Security51 Why Digital Signature ? n Unforgeable çtakes 1 billion years to forge ! n Un-deniable by the signatory n Universally verifiable n Differs from doc to doc n Easily implementable by çsoftware or çhardware or çsoftware + hardware

52 Information and Nework Security52 Unforgeable Digital Signature I, Bob, will pay $1,000 to Alice. a valid signature 101001010 I, Bob, will pay $10,000 to Alice. 001001101 also a valid signature

53 Information and Nework Security53 Digital Signature -- summary n Three (3) steps are involved in digital signature çSetting up public and secret keys çSigning a document çVerifying a signature

54 Information and Nework Security54 Setting up Public & Secret Keys n Bob does the following çprepares a pair of public and secret keys çpublishes his public key in the public key file (such as an on-line phone book) çkeeps the secret key to himself n Note: çSetting up needs only to be done once !

55 Information and Nework Security55 Signing a Document n Once setting up is completed, Bob can sign a document (such as a contract, a cheque, a certificate,...) using the secret key n The pair of document & signature is a proof that Bob has signed the document.

56 Information and Nework Security56 Verifying a Signature n Any party, say Cathy, can verify the pair of document and signature, by using Bob’s public key in the public key file. n Important ! çCathy does NOT have to have public or secret key !

Download ppt "Cryptosystems, Hash Functions and Digital Signatures --- Lecture 4 ---"

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
22C:19 Discrete Structures Integers and Modular Arithmetic

22C:19 Discrete Structures Integers and Modular Arithmetic
BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.

BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.
22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.

22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Introduction to cryptography for authentication and identification systems --- FIT3105 --- Lecture 2 & 3.

Introduction to cryptography for authentication and identification systems --- FIT Lecture 2 & 3.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Introduction to Signcryption November 22, 2004. 22/11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.

Introduction to Signcryption November 22, /11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Similar presentations

Ads by Google