Presentation is loading. Please wait.

Presentation is loading. Please wait.

Public Key Encryption Terminology RSA Hash functions CSCE 522 - Farkas.

Published byClifton Horton Modified over 9 years ago

Similar presentations

Presentation on theme: "Public Key Encryption Terminology RSA Hash functions CSCE 522 - Farkas."— Presentation transcript:

1 Public Key Encryption Terminology RSA Hash functions CSCE 522 - Farkas

2 2 Lecture 6 Reading Assignment Reading assignments for current lecture: Required:  Pfleeger: 2.7, …, 2.12 Recommended:  Tom Simonite, MIT Technology Review: NSA Leak Leaves Crypto-math Intact but Highlights Known Workarounds, http://www.dfinews.com/news/2013/09/nsa-leak-leaves-crypto-math- intact-highlights-known-workarounds#.UjdU8X-d6So http://www.dfinews.com/news/2013/09/nsa-leak-leaves-crypto-math- intact-highlights-known-workarounds#.UjdU8X-d6So CSCE 522 - Farkas

3 Summary of Secret Key Encryption Basic methods: Substitution Transposition Security: secrecy of secret key CSCE 522 - Farkas

4 Compare DES and AES DESAES Date19761999 Block size64 bits128 bits Key length56 bits128, 192, 256 bits EncryptionSubstitution, permutationSubstitution, shift, mixing CryptographyConfusion, diffusion DesignOpen Design rationaleClosedOpen Selection processSecretSecret with public comments SourceIBM, enhanced by NSAIndependent Dutch cryptographers CSCE 522 - Farkas

5 Weakness of Secret Key Encryption Secrecy of key How to distribute the keys securely? Large number of keys N(N-1) / 2 Other issues: no support for Third party verification Non-repudiation CSCE 522 - Farkas Can we provide other methods for confidentiality?

6 CSCE 522 - Farkas 6 Public-Key Encryption Two keys – one is private one is public Solves the key distribution problem (but need reliable channel) Provides electronic signatures Slower than secret-key encryption

7 CSCE 522 - Farkas 7 Public-Key Encryption Needed for security:  One of the keys must be kept secret  Impossible (at least impractical) to decipher message if no other information is available  Knowledge of algorithm, one of the keys, and samples of ciphertext must be insufficient to determine the other key

8 CSCE 522 - Farkas 8 Confidentiality A Sender B Recipient Insecure channel Plaintext Ciphertext Encryption Alg. Decryption Alg. B’s public key B’s private key (need reliable channel)

9 CSCE 522 - Farkas 9 Public Key Cryptosystem Concept conceived by Diffie and Hellman in 1976 Rivest, Shamir, and Adleman (RSA) describe a public key system in 1978 Many proposals have been broken e.g., Merkle-Hellman proposal broken by Shamir Serious candidates (public domain)  RSA  El Gamal

10 RSA CSCE 522 - Farkas

11 11 Notation C = E(KE-B, M) M = D(KD-B,C) KE-B:public key of B KD-B:private key of B E: encryption alg. D:decryption alg. M:plaintext C:ciphertext

12 CSCE 522 - Farkas 12 RSA Both sender and receiver know n Sender knows e Only receiver knows d Modulus: Remainder after division, i.e., if a mod n=b then a=c*n+b Need:  Find values e,d,n such that  Easy to calculate M e, C d for all M < n  Infeasible to determine d give e M ed mod n = M mod n

13 CSCE 522 - Farkas 13 RSA Public key:(n,e) Private key:(n,d) n is a 200 digit number C = M e mod n M = C d mod n

14 CSCE 522 - Farkas 14 RSA Keys Generation of public and private keys Choose 2 large (100 digit) prime numbers p and q Compute n = p*q Choose e > 1 relatively prime to  (n) = (p-1)*(q-1) Compute d such that e*d = 1 mod (p-1)*(q-1) Publish (n,e) Secret (n,d), p, q

15 CSCE 522 - Farkas 15 RSA Keys Example 1. Choose 2 “large” prime numbers p=7, q=17 Compute n=p*q 7*17=119 Choose e relative prime to (p-1)*(q-1) 6*16=96, e=5 Compute d = 5 –1 mod 96=77 Publish (5,119) Keep (77,119), 7, 17

16 CSCE 522 - Farkas 16 RSA Key Example 1 Let M =19 Encrypt 19 5 mod 119 = 2,476,099 mod 119 = 66 Decrypt 66 77 mod 119 = 19 mod 119

17 CSCE 522 - Farkas 17 RSA Keys Compute d such that e*d = 1 mod (p-1)*(q-1) If factorization of n into p*q is known: Easy Otherwise: Hard How hard is it to compute d given (n,e)? Don’t know BUT not harder than factoring n into p*q  Security of RSA is no better than the complexity of the factorization problem

18 CSCE 522 - Farkas 18 Digital Signatures in RSA RSA Property: encryption and decryption are commutative  Encryption followed by decryption yields the original message (M e mod n) d mod n = M  Decryption followed by encryption yields the original message (M d mod n) e mod n = M Cryptosystems that preserve message length have this property

19 CSCE 522 - Farkas 19 Digital Signatures in RSA A B Insecure channel Plaintext Signed plaintext Encryption Alg. Decryption Alg. A’s public keyA’s private key (need reliable channel) SignVerify

20 CSCE 522 - Farkas 20 Signature and Encryption D EDE A B Plaintext Signed Plaintext Signed Plaintext Encrypted Signed Plaintext A’s private key B’s public key B’s private key A’s public key

21 CSCE 522 - Farkas 21 Signature and Encryption We could do the encryption first, followed by the signature. Adv. signature first: parties, other than B can verify the signature DES can be used for encryption

22 CSCE 522 - Farkas 22 Non-repudiation Requires notarized signature, involving a third party Large system: hierarchies of notarization

23 Hash Functions CSCE 522 - Farkas

24 24 Lecture 8-9 Hash Functions Hash function h maps an input x of arbitrary length to a fixed length output h(x) (compression) Accidental or intentional change to the data will change the hash value Given h and x, h(x) is easy to compute (ease of computation)

25 CSCE 522 - Farkas 25 Lecture 8-9 Good Hash Function 1. It is easy to compute the hash value for any given message 2. It is infeasible to find a message that has a given hash (one-way property) 3. It is infeasible to modify a message without changing its hash 4. It is infeasible to find two different messages with the same hash (collision-free property)

26 CSCE 522 - Farkas 26 Lecture 8-9 Hash functions Preimage resistant (one-way): if for all specified outputs, it is computationally infeasible to find any input that hashes to that output Second-preimage resistent (weak collision resistant): if it is computationally infeasible to find any second input which has the same output as any specified input Collision resistant (strong collision resistant): if it is computationally infeasible to find any two distinct inputs that has the same output

27 Use of Hash function Message integrity Message authentication (hash is signed) Protect password files Support for intrusion detection Support for virus detection CSCE 522 - Farkas Lecture 8-9

28 CSCE 522 - Farkas 28 Lecture 8-9 Hash Algorithms Input of arbitrary length Output size Block size Rounds Bitwise operations: and, or, xor, not

29 CSCE 522 - Farkas 29 Lecture 8-9 SHA Security SHA-1: in 2005 security flaws were identified  A possible mathematical weakness might exist SHA-2: no attacks have yet been reported  SHA-2 variants are algorithmically similar to SHA-1 and so efforts are underway to develop improved alternatives SHA-3: new hash standard is currently under development

30 CSCE 522 - Farkas 30 Lecture 8-9 SHA-2 Family 2001: first published in the draft FIPS PUB 180-2 2002, 2004: FIPS PUB 180-2 modified SHA-224, SHA-256, SHA-384, and SHA-512

31 CSCE 522 - Farkas 31 Lecture 8-9 MD5 vs. SHA Very similar Security: SHA’s digest is 32 bits longer  without algorithm flaws SHA is more secure Speed: SHA has more steps and produces 160-bit buffer  SHA slower Simplicity and compactness: MD5 has more internal steps with varying buffer modification  SHA is simpler

32 CSCE 522 - Farkas 32 Lecture 8-9 Attacks First preimage attack: given a hash h, find a message m such that hash(m) = h Second preimage attack: given a fixed message m1, find a different message m2 such that hash(m2) = hash(m1) Attack complexity: 2 n (considered too high for a typical output size of n=160 bits) Practical attacks: Collision attack

33 CSCE 522 - Farkas 33 Lecture 8-9 Collision Attack  Cryptographic attack  Based on probability theory  Given a function ƒ, the goal of the attack is to find two different inputs x1, x2 such that ƒ(x1) = ƒ(x2), (complexity is 2 n/2 )

34 CSCE 522 - Farkas 34 Lecture 8-9 Hash Functions Message digest Used for authenticity (sign hash value of a message) and integrity purposes Algorithms:  MD2,MD4,MD5 (128), SHA0 (160) -- insecure  SHA1 (160) – theoretical collision attack  SHA-2, SHA-3 (256, 512, 1024) – OK

35 CSCE 522 - Farkas 35 Lecture 8-9 MD6 MD6 was submitted to the NIST SHA-3 competition July 1, 2009: Rivest posted a comment at NIST that MD6 is not yet ready to be candidated for SHA-3  speed issues and  inability to supply a proof of security for a faster reduced-round version

36 CSCE 522 - Farkas 36 Next Class Protocol Analysis and hash

37 How does it work? Chapter 12 CSCE 522 - Farkas Not required for tests

38 CSCE 522 - Farkas 38 Arithmetic Identity i: x op i = x Inverse: b is inverse of a under op if a op b = i Prime numbers: p is prime if 1 < p and divisible by {1,p} only Euclidean algorithm: if x divides a and b then x also divides a-(k*b) a-(k*b)=x*a1-(k*x*b1) =x*(a1-(k*b1)) =x*d

39 CSCE 522 - Farkas 39 Greatest common divisor Given a > b, the greatest common divisor x=gcd(a,b) can be calculated as follows: 1. Rewrite a as a=m*b+r, where m=a/b and r is the remainder 2. If x divides a and b, it also divides r, therefore x=gcd(a,b)=gcd(b,r)  b=m’*r+ r’ 3. Continue until the remainder is zero

40 CSCE 522 - Farkas 40 Modular Arithmetic Results stay in the underlying range of numbers +,-,* can be applied before or after the modulus is taken with similar results Modulus: remainder after division, that is if a mod n=b then a=c*n+b Examples 9 mod 3 = 0 12 mod 5 = 2 12 mod 10 = 2

41 CSCE 522 - Farkas 41 Modular Arithmetic Properties:  Associative a+(b+c) mod n = (a+b)+c mod n a*(b*c) mod n = (a*b)*c mod n  Commutative a+b mod n = b+a mod n a*b mod n = b*a mod n  Distributive (a*(b+c)) mod n = ((a*b) mod n) + (a*c) mod n)) mod n  Existence of identities a+0 mod n = 0+a mod n = a a*1 mod n = 1*a mod n = a

42 CSCE 522 - Farkas 42 Modular Arithmetic Properties:  Existence of inverses a+(-a) mod n = 0 a*(a –1 ) mod n = 1 if a  0 (and gcd(a,n) = 1; see next slide)  Reducibility (a+b) mod n = ((a mod n) + (b mod n)) mod n (a*b) mod n = ((a mod n) * (b mod n)) mod n a e mod n = [  i=1 e (a mod n)] mod n

43 CSCE 522 - Farkas 43 Modular Arithmetic a –1 = x mod n has unique solution if a and n are relatively prime

44 CSCE 522 - Farkas 44 Fermat’s and Euler’s Theorem Fermat’s Theorem: For any prime number p and any element a<p a p mod p = a or a p-1 mod p = 1 Inverse of a is x, such that ax mod p = 1 ax mod p = 1= a p-1 mod p x = a p-2 mod p Euler’s theorem: if a and n are relative primes, then a  (n) mod n = 1 = ax mod n x = a  (n)-1 mod n Example: inverse of 4 mod 5 4 -1 mod 5 = 4 5-2 mod 5 = 64 mod 5 = 4 4*4 mod 5 = 16 mod 5 = 1

Download ppt "Public Key Encryption Terminology RSA Hash functions CSCE 522 - Farkas."

Similar presentations

Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.

Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Computer Science CSC 405By Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 2. Basic Cryptography (Part II)

Computer Science CSC 405By Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 2. Basic Cryptography (Part II)
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.

 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Chapter 3 Encryption Algorithms & Systems (Part C)

Chapter 3 Encryption Algorithms & Systems (Part C)
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.

Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Similar presentations

Ads by Google