Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 11: Key Distribution

Published byBrice Barber Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 11: Key Distribution"— Presentation transcript:

1 David Evans http://www.cs.virginia.edu/evans
Lecture 11: Key Distribution The era of “electronic mail” [Potter1977] may soon be upon us; we must ensure that two important properties of the current “paper mail” system are preserved: (a) messages are private, and (b) messages can be signed. R. Rivest, A. Shamir and L. Adleman. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. January 1978. CS588: Security and Privacy University of Virginia Computer Science David Evans

2 Traditional Cryptology
Given a secure channel to transmit a shared secret key, symmetric cryptosystems amplify and time-shift that channel: Can transmit bigger secrets over an insecure channel (except one-time pad) Can transmit later secrets over an insecure channel But, the initial secure channel is required 15 March 2005 University of Virginia CS 588

3 University of Virginia CS 588
Key Distribution All the cryptosystems we have seen depend on two parties having a shared secret Distributing secret keys is hard and expensive Can two people communicate securely without having to meet first and establish a key? 15 March 2005 University of Virginia CS 588

4 University of Virginia CS 588
Trust a Third Party Keys “R” Us knows KA, KB ... Generates random KAB E (KAB, KA) E (KAB, KB) E (“Bob”, KA) E (“Alice” || KAB, KB) E (M, KAB) Bob Alice How can Alice and Bob securely provide their keys to Keys “R” Us? 15 March 2005 University of Virginia CS 588

5 University of Virginia CS 588
Merkle’s Puzzles Ralph Merkle [1974] Alice generates 220 messages: “This is puzzle x. The secret is y.” (x and y are random numbers) Encrypts each message using symmetric cipher with a different key. Sends all encrypted messages to Bob 15 March 2005 University of Virginia CS 588

6 Merkle’s Puzzles Key Agreement
Bob chooses random message, performs brute-force attack to recover plaintext and secret y Bob sends x (clear) to Alice Alice and Bob use y to encrypt messages 15 March 2005 University of Virginia CS 588

7 University of Virginia CS 588
Is this secure? Alice: symmetric cipher DES ~255 expected brute force work to break DES Eve: has to break the 220 to find which one matches x. ~ 219 * 255 expected work Alice and Bob change keys frequently enough since it is less work to agree to a new key Why not increase number of puzzle messages? 15 March 2005 University of Virginia CS 588

8 University of Virginia CS 588
Padlocked Boxes Hi! Alice 15 March 2005 University of Virginia CS 588

9 University of Virginia CS 588
Padlocked Boxes EA(M) Alice’s Padlock Hi! Alice Alice’s Padlock Key 15 March 2005 University of Virginia CS 588

10 University of Virginia CS 588
Padlocked Boxes Shady Sammy’s Slimy Shipping Service Alice Alice’s Padlock Key 15 March 2005 University of Virginia CS 588

11 University of Virginia CS 588
Padlocked Boxes EB( ) EA(M) Bob’s Padlock Alice Hi! Bob Alice’s Padlock Key Bob’s Padlock Key 15 March 2005 University of Virginia CS 588

12 University of Virginia CS 588
Padlocked Boxes EB(EA(M)) Hi! Alice Bob Alice’s Padlock Key Bob’s Padlock Key 15 March 2005 University of Virginia CS 588

13 University of Virginia CS 588
Padlocked Boxes DA(EB(EA(M))) = EB(M) Hi! Alice Bob Alice’s Padlock Key Bob’s Padlock Key 15 March 2005 University of Virginia CS 588

14 University of Virginia CS 588
Padlocked Boxes EB(M) Alice Hi! Bob Bob’s Padlock Key 15 March 2005 University of Virginia CS 588

15 University of Virginia CS 588
Padlocked Boxes Hi! Alice Hi! Bob Bob’s Padlock Key 15 March 2005 University of Virginia CS 588

16 Birth of Public Key Cryptosystems
1969 – ARPANet born: 4 sites Whitfield Diffie starts thinking about strangers sending messages securely 1974 – Whitfield Diffie gives talk at IBM lab Audience member mentions that Matrin Hellman (Stanford prof) had spoke about key distribution That night – Diffie starts driving 5000km to Palo Alto Diffie, Hellman and Ralph Merkle work on key distribution problem 15 March 2005 University of Virginia CS 588

17 University of Virginia CS 588
Whitfield Diffie 15 March 2005 University of Virginia CS 588

18 University of Virginia CS 588
We stand today on the brink of a revolution in cryptography. The development of cheap digital hardware has freed it from the design limitations of mechanical computing and brought the cost of high grade cryptographic devices down to where they can be used in such commercial applications as remote cash dispensers and computer terminals. In turn, such applications create a need for new types of cryptographic systems which minimize the necessity of secure key distribution channels and supply the equivalent of a written signature. At the same time, theoretical developments in information theory and computer science show promise of providing provably secure cryptosystems, changing this ancient art into a science. Diffie and Hellman, November 1976. 15 March 2005 University of Virginia CS 588

19 Secret Paint Mixing Alice Bob Yellow paint (public)
Analogy due to Simon Singh, The Code Book. Secret Paint Mixing Alice Bob Yellow paint (public) Alice’s Secret Color Bob’s Secret Color CA = Yellow + Purple CB = Yellow + Red K = Yellow + Red + Purple K = Yellow + Purple + Red Eve 15 March 2005 University of Virginia CS 588

20 Diffie-Hellman Key Agreement
Choose public numbers: q (large prime number),  (primitive root of q) A generates random XA and sends B: YA = XA mod q. B generates random XB and sends A: YB =  XB mod q. A calculates secret key: K = (YB) XA mod q. B calculates secret key: K = (YA) XB mod q. 15 March 2005 University of Virginia CS 588

21 What’s a primitive root?
 is a primitive root of q if for all 1  n < q, there is some m, 1  m < q such that m = n mod q Given , n and q can we solve for m? Yes: there is only one possible m But, it might be hard to find Discrete logarithm: given , n, and q find 0  m < q such that m = n mod q. 15 March 2005 University of Virginia CS 588

22 University of Virginia CS 588
Example What is a primitive root for q = 11? 21  = 64 11 9 22  = 128 11 7 23  = 256 11 3 24 = 16  = 512 11 6 25 = 32  = 1024 11 1 15 March 2005 University of Virginia CS 588

23 Finding Primitive Roots
Theorem: All prime numbers have primitive roots. Proof: by intimidation 15 March 2005 University of Virginia CS 588

24 Diffie-Hellman Example
Choose public numbers: q (large prime number),  (generator mod q): q = 11,  = 2 A generates random XA and sends B: YA = XA mod q. XA = 4, YA = 24 mod 11 = 16 mod 11 = 5 B generates random XB and sends A: YB =  XB mod q. XB = 6, YB = 26 mod 11 = 64 mod 11 = 9 Example from Tom Dunigan’s notes: 15 March 2005 University of Virginia CS 588

25 Diffie-Hellman Example, cont.
q = 11,  = 2 XA = 4, YA = 5 XB = 6, YB = 9 A calculates secret key: K = (YB) XA mod q. K = 94 mod 11 = 6561 mod 11 = 5. B calculates secret key: K = (YA) XB mod q. K = 56 mod 11 = mod 11 = 5. 15 March 2005 University of Virginia CS 588

26 Is it magic? Things to Prove:
They generate the same keys: K = (YB) XA mod q = (YA) XB mod q An eavesdropper cannot find K from any transmitted value: q, , YA, YB 15 March 2005 University of Virginia CS 588

27 University of Virginia CS 588
1. Keys Agree Prove K = (YB)XA mod q = (YA)XB mod q. (YB)XA mod q (YA)XB mod q = (XB mod q)XA mod q = (XA mod q)XB mod q = (XB)XA mod q = (XA)XB mod q = XBXA mod q = XAXB mod q QED. 15 March 2005 University of Virginia CS 588

28 Modular Exponentiation
(a mod q)b mod q = ab mod q (7 mod 6)2 mod 6 = 72 mod 6 12 mod 6 = 49 mod 6 Proof by example? 15 March 2005 University of Virginia CS 588

29 Modular Exponentiation
First prove: (a * b) mod q = (a mod q) * (b mod q) mod q Then, by induction, (a mod q)b mod q = ab mod q since ab = a * ab-1 and a1 = a. 15 March 2005 University of Virginia CS 588

30 University of Virginia CS 588
Modular Arithmetic (a * b) mod n = x x + (n * d0) = a * b x = a * b – (n * d0) a mod n = y  y = a – (n * d1) b mod n = z  z = b – (n * d2) (a mod n) * (b mod n) mod n = (a – (n * d1)) * (b – (n * d2)) mod n = (a * b + (a * (n * d2) – b * (n * d1) + (n * d1)(n * d2)) mod n = a * b mod n (all terms with n * are 0 mod n) 15 March 2005 University of Virginia CS 588

31 2. Secure from Eavesdropper
An eavesdropper cannot find K = (YB)XA mod q = (YA)XB mod q from any transmitted value: q, , YA = XA mod q, YB =  XB mod q Attacker needs to solve YA = XA mod q for XA Finding discrete logarithms is (probably) hard! Best known algorithm: e((ln q)1/3 ln (ln q)) 2/3) 15 March 2005 University of Virginia CS 588

32 Secure from Active Eavesdropper?
Public: q,  YA = XA mod q Bob Secret: XB Alice Secret: XA YB =  XB mod q K = (YA)XB mod q K = (YB)XA mod q 15 March 2005 University of Virginia CS 588

33 Secure from Active Eavesdropper?
Public: q,  YA = XA mod q YE = XE mod q Bob YE =  XE mod q Secret: XB Alice Secret: XA YB =  XB mod q KAE = (YE)XA mod q KEB = (YE)XB mod q Secret: XE 15 March 2005 University of Virginia CS 588

34 University of Virginia CS 588
Diffie-Hellman Use SSL Cisco encrypting routers Sun secure RPC etc... 15 March 2005 University of Virginia CS 588

35 Does D-H solve all problems?
Only key agreement Cannot do: Authentication Signatures 15 March 2005 University of Virginia CS 588

36 University of Virginia CS 588
Charge Next time: Public Key Encryption Read the paper! Go somewhere appropriate: this is perhaps the most important paper in past 30 years! Identify 2 questionable statements in the paper them to me before class Thursday: token prize for best Wednesday Talk, 3:30pm: Brian Demsky How to make buggy programs run apparently correctly 15 March 2005 University of Virginia CS 588

Download ppt "Lecture 11: Key Distribution"

Similar presentations

Public Key Cryptography Nick Feamster CS 6262 Spring 2009.

Public Key Cryptography Nick Feamster CS 6262 Spring 2009.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa Spring 2006 David Evans Class 4: Modern Cryptography

Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa Spring 2006 David Evans Class 4: Modern Cryptography
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
95-712 OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.

OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.

Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Public Encryption: RSA

Public Encryption: RSA
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Introduction to Modern Cryptography Lecture 7 1.RSA Public Key CryptoSystem 2.One way Trapdoor Functions.

Introduction to Modern Cryptography Lecture 7 1.RSA Public Key CryptoSystem 2.One way Trapdoor Functions.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.

Similar presentations

Ads by Google