Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.

Published byGerard Rogers Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse."— Presentation transcript:

1

2 Lecture 15

3 Lecture’s outline

4

5

6

7 Public algorithms (usually) that are each other’s inverse

8

9

10 9 need K ( ) and K ( ) such that B.. given public key K, it should be impossible to compute private key K Requirements: 1 2 RSA: Rivest, Shamir, Adelson algorithm B + - K (K (m)) = m B B - + B + B -

11 10 x mod n = remainder of x when divide by n Facts: [(a mod n) + (b mod n)] mod n = (a+b) mod n [(a mod n) - (b mod n)] mod n = (a-b) mod n [(a mod n) * (b mod n)] mod n = (a*b) mod n Thus (a mod n) d mod n = a d mod n Example: x=14, n=10, d=2: (x mod n) d mod n = 4 2 mod 10 = 6 x d = 14 2 = 196 x d mod 10 = 6

12 11 A message is a bit pattern. A bit pattern can be uniquely represented by an integer number. Thus encrypting a message is equivalent to encrypting a number. Example m= 10010001. This message is uniquely represented by the decimal number 145. To encrypt m, we encrypt the corresponding number, which gives a new number (the cyphertext).

13 12 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. Public key is (n,e). Private key is (n,d). K B + K B -

14 13 0. Given (n,e) and (n,d) as computed above 1. To encrypt message m (<n), compute c = m mod n e 2. To decrypt received bit pattern, c, compute m = c mod n d m = (m mod n) e mod n d Magic happens! c

15 14 Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z). bit pattern m m e c = m mod n e 0000l000 12 24832 17 c m = c mod n d 17 481968572106750915091411825223071697 12 c d encrypt: decrypt: Encrypting 8-bit messages.

16 15 Must show that c d mod n = m where c = m e mod n Fact: for any x and y: x y mod n = x (y mod z) mod n – where n= pq and z = (p-1)(q-1) Thus, c d mod n = (m e mod n) d mod n = m ed mod n = m (ed mod z) mod n = m 1 mod n = m

17 16 The following property will be very useful later: K ( K (m) ) = m B B - + K ( K (m) ) B B + - = use public key first, followed by private key use private key first, followed by public key Result is the same!

18 17 Follows directly from modular arithmetic: (m e mod n) d mod n = m ed mod n = m de mod n = (m d mod n) e mod n K ( K (m) ) = m B B - + K ( K (m) ) B B + - = Why ?

19 18 Suppose you know Bob’s public key (n, e). How hard is it to determine d? Essentially need to find factors of n without knowing the two factors p and q. Fact: factoring a big number is hard. Generating RSA keys r Have to find big primes p and q r Approach: make good guess then apply testing rules (see Kaufman)

20

21 Can’t we simply use checksums/ CRC/ Parity Checks?

22

23 Most common hash functions are MD5 and SHA-1  A hash function maps a message of an arbitrary length to a m-bit output  output known as the fingerprint or the message digest

24 23 large message m H: Hash function H(m) digital signature (encrypt) Bob’s private key K B - + Bob sends digitally signed message: Alice verifies signature and integrity of digitally signed message: K B (H(m)) - encrypted msg digest K B (H(m)) - encrypted msg digest large message m H: Hash function H(m) digital signature (decrypt) H(m) Bob’s public key K B + equal ?

25 24 Suppose Alice receives msg m, digital signature K B (m) Alice verifies m signed by Bob by applying Bob’s public key K B to K B (m) then checks K B (K B (m) ) = m. If K B (K B (m) ) = m, whoever signed m must have used Bob’s private key. + + - - - - + Alice thus verifies that: üBob signed m. üNo one else signed m. üBob signed m and not m’. Non-repudiation: Alice can take m, and signature K B (m) to court and prove that Bob signed m. -

26 Hash Functions 25 Data X = (X 0,X 1,X 2,…,X n-1 ), each X i is a byte Suppose hash is –h(X) = X 0 +X 1 +X 2 +…+X n-1 Is this secure? Example: X = (10101010,00001111) Hash is 10111001 But so is hash of Y = (00001111,10101010) Easy to find collisions, so not secure…

27 Hash Functions 26 Data X = (X 0,X 1,X 2,…,X n-1 ) Suppose hash is –h(X) = nX 0 +(n-1)X 1 +(n-2)X 2 +…+1  X n-1 Is this hash secure? At least h(10101010,00001111)  h(00001111,10101010) But hash of (00000001,00001111) is same as hash of (00000000,00010001) Not too secure, need security requirements

28 CS526Fall 2011/Topic 527 Given a function h:X  Y, then we say that h is: preimage resistant (one-way): if given y  Y it is computationally infeasible to find a value x  X such that h(x) = y 2-nd preimage resistant (weak collision resistant): if given x  X it is computationally infeasible to find a value x’  X, such that x’  x and h(x’) = h(x) collision resistant (strong collision resistant): if it is computationally infeasible to find two distinct values x’, x  X, such that h(x’) = h(x)

29 CS526Fall 2011/Topic 528 MD5 – output 128 bits – collision resistance completely broken by researchers in China in 2004 SHA1 – output 160 bits – no collision found yet, but method exist to find collisions in less than 2^80 – considered insecure for collision resistance SHA2 (SHA-224, SHA-256, SHA-384, SHA-512) – outputs 224, 256, 384, and 512 bits, respectively – No real security concerns yet

30 CS526Fall 2011/Topic 529 Message is divided into fixed-size blocks and padded Uses a compression function f, which takes a chaining variable (of size of hash output) and a message block, and outputs the next chaining variable Final chaining variable is the hash value

31

Download ppt "Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse."

Similar presentations

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Cryptography. 8: Network Security8-2 The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encryption.

Cryptography. 8: Network Security8-2 The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encryption.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Public Key Cryptography & Message Authentication By Tahaei Fall 2012.

Public Key Cryptography & Message Authentication By Tahaei Fall 2012.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
CSE401n:Computer Networks

CSE401n:Computer Networks
Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.

Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Network Security understand principles of network security:

Network Security understand principles of network security:
Public Key Cryptography

Public Key Cryptography
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)

Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
Chapter 3 Encryption Algorithms & Systems (Part C)

Chapter 3 Encryption Algorithms & Systems (Part C)

Similar presentations

Ads by Google