Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Chapter 4 Key Topics Asymmetric Key Cryptography –RSA –ElGamal Schnorr DSS Message Digest –MD5 –SHA-1 Message Authentication Code (MAC)

Published byJulianna Bridges Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Chapter 4 Key Topics Asymmetric Key Cryptography –RSA –ElGamal Schnorr DSS Message Digest –MD5 –SHA-1 Message Authentication Code (MAC)"— Presentation transcript:

1 1 Chapter 4 Key Topics Asymmetric Key Cryptography –RSA –ElGamal Schnorr DSS Message Digest –MD5 –SHA-1 Message Authentication Code (MAC)

2 2 Chapter 4 Asymmetric Key Cryptography Plain text Encrypt with B’s public key Plain text Decrypt with B’s private key Sender (A) Netw ork Receiver (B) Cipher text

3 3 Chapter 4 Asymmetric Key Encryption Each user has a key pair (public and private), each user’s public key is accessible, but his private key is kept in secrecy. Two mainly usage :(Digital signature and confidential communication) –In confidential communication (CC): Sender (Alice) encrypts M with recipient’s (Bob) public key Recipient (Bob) decrypts C with its private key

4 4 Chapter 4 –In digital signature (DS): Provider: (Alice) signs M with his own private key to produce the signature S. Prove: by each one, given text M and signature S, verify the signature S is indeed signed by Alice by using Alice’s public Key.

5 5 Chapter 4 Asymmetric Key Example (CC) Consider a bank and its customers Customers encrypt their messages with bank’s public key Bank decrypts messages with its private key

6 6 Chapter 4 Asymmetric Key Cryptography Example Fig 4.3 Customer A Customer B Customer C Bank’s public key Bank’s private key Bank

7 7 Chapter 4 RSA (Rivest, Shamir, Adleman) World’s most popular Asymmetric Key Encryption algorithm Use formula like: M E mod n (n = p * q) Key length ( belongs to Z n ) (n must more than 512 bits) Block size (M) must smaller than the key length. The cipher block size (C) is the same length as key length. RSA is much slower than DES, IDEA, and AES. (but fast in two keys system)

8 8 Chapter 4 RSA Algorithm Fig 4.4 Alice send message to Bob (each one has a pair of key, call public and private key) 1. For user Bob, choose two large prime numbers P B and Q B. 2. Calculate N B = P B x Q B. 3. Select the public key (i.e. the encryption key) E B such that gcd (E B,  (N B ) )=1,  (N B )= (P B – 1) x (Q B – 1). public key is 4. Select the private key (i.e. the decryption key) D B such that the following equation is true: private key is E B x D B = 1 mod  (N B ) 5. For encryption, calculate the cipher text C from the plain text P as follows: C = P E B mod N B 6. Send C as the cipher text to the receiver. 7. For decryption, calculate the plain text P from the cipher text C as follows: P = C D B mod N B

9 9 Chapter 4 Example of RSA Bob (each one has a pair of key, call public and private key) 1. For user Bob, choose two large prime numbers P B =7 and Q B =17. 2. Calculate N B = P B x Q B. N B = 7 x 17 =119 3. Select the public key (i.e. the encryption key) E B =5 such that gcd (E B,  (N B ) )=1,  (N B )= (P B – 1) x (Q B – 1),  (N B )=96. public key is 4. Select the private key (i.e. the decryption key) D B =77 such that the following equation is true: private key is E B x D B = 1 mod  (N B )

10 10 Chapter 4 Alice send message to Bob. For simply, assume A = 1, B = 2, and plain text is only character F. A F F 6 6 5 Result modulo 119 = 41 1 Alice find the Bob public key 2. Compute 6 5 mod 119, and send the result to Bob. Encryption algorithm using the public key B 41 41 77 Result modulo 119 6 F 1. When got message from Alice that is cipher text, now 41. 2. Find one’s private key, and compute 41 77 mod 3. When get 6 means F. Decryption algorithm using the private key F

11 11 Chapter 4 Why RSA is security One can find each one's public key. Can we find the private key through –To find D B, we need to know  (N B ) Since D B x E B =1 mod  (N B ) –Is  (N B ) easy to find?

12 12 Chapter 4 Symmetric v/s Asymmetric CharacteristicSymmetric Key CryptographyAsymmetric Key Cryptography Key used for encryption / decryption Same key is used for encryption and decryption One key used for encryption and another, different key is used for decryption Speed of encryption / decryptionVery fastSlower Size of resulting encrypted textUsually same as or less than the original clear text size More than the original clear text size Key agreement / exchangeA big problemNo problem at all Number of keys required as compared to the number of participants in the message exchange Equals about the square of the number of participants, so scalability is an issue Same as the number of participants, so scales up quite well UsageMainly for encryption and decryption (confidentiality), cannot be used for digital signatures (integrity and non- repudiation checks) Can be used for encryption and decryption (confidentiality) as well as for digital signatures (integrity and non-repudiation checks)

13 13 Chapter 4 Digital Signature Concept Sender signs (encrypts )message M or its fingerprint with its private key to get the signature S. Verify:. Given M, and S, and signer’s public key, Guarantees that only the sender could have created this message Basis for Non-repudiation

14 14 Chapter 4 Basis for Digital Signatures Plain text Sign (Encrypt ) with A’s private key Proved S = S’ ? Verify (Decrypt) with A’s public key Sender (A) Netwo rk Receiver (B) Signature on Plain text SS M MS’

15 15 Chapter 4 RSA for Digital Signature Alice want to sign message M to everyone (Assume user Alice has a key public key is private key is ) Sign : calculate the signature S from the plain text M as follows: S = M D A mod N A Verify: when get signature S, message M, and Alice’s public key is, calculate the plain text M from signature S as follows: (if plain text M is what they mean, correct) M’ = S E A mod N A ( Check to see if M’=M)

16 16 Chapter 4 ElGamal Signatures Parameters: –System parameters: p, g (Big prime p, p  2 512 and primitive root g  order of g is  (p). g  (p) =g 0 =1 mod p –User private key: x, 1<x<p-1 –User public key: y=g x mod p Sign: for m, 1<m<p-1, random number k and gcd(k,p-1)=1. generate (r,s) as the signature:

17 17 Chapter 4 r=g k mod p, s=k -1 (m-xr) mod p-1 (r,s) as the signature Verifying: (receive m,and its (r,s)) g m = y r r s mod p

18 18 Chapter 4 Schnorr Signatures Parameters: –System parameters: 1. Big prime p, p  2 512 2. generating number g (g’s order q, q is prime and q  2 160,i.e.,g q =1 mod –User private key: x, 1<x<q –User public key: y=g x mod p Signing: 1. random number k and find r=g k mod p

19 19 Chapter 4 2. Find e=h(r,m) 3. Find s=(k-xe) mod q (e,s) is the signature Verifying 1. Find r through g s y e mod p 2. Verify h(r,m)=e?

20 20 Chapter 4 Digital Signature Standard (DSS) 1991 NIST (National Institute of Standard and Technology) proposed a DSA for signature. Parameters: –System parameters: (p,q, g) 1. Big prime p, p  2 512 2. generating prime q (q  2 160,i.e.,g q =1 mod 3. find g such as g=h p-1/q mod p, h  [1,p-1] 4. h one way hashing function (SHA-1) –User private-public key pair: (x,y) Find x, as a private key 1<x<q y=g x mod p, as public key

21 21 Chapter 4 Sign: (r,s) plaintext m, 0<m<p, generate random number k, 0<k<q, find 1. r=(g k mod p) mod q 2. s = k -1 (h(m)+xr) mod q Verify: t= s -1 mod q, r’=(g h(m)t y rt mod p) mod q Verify r’=r?

22 22 Chapter 4 Message Digest Concept Summarize the message M into fixed bit size called digest or hashed value. –In Mathematic notation, f(M), h(M) Also called as Hash The digest of a message can uniquely represent the message but use much less bit. The bit size of the hashed value is fixed usually of 128~256 bit. Similar to finger print of a human

23 23 Chapter 4 Message Digest Usage Mainly for Integrity –Others: MAC, Authentication For example: (The reason) –M: give me 100 –C: hjwf nf 211 ( use m+1 mod 256) –Change cipher C to (modified): hjwf nf 21111 –we decrypt changed C to M: give me 10000

24 24 Chapter 4 A simple Case of Digest use ADD  Original number is 7391743 Two numbers as a block 73 91 74 30 Operation(mod 100) Result Given a initial value I 0 add with the block 1 73 add with the block 2 64 Given a initial value 3 38 add with the block 4 68  Message digest is 68

25 25 Chapter 4 Discuss ADD method Good sides: –Fixed length –Easy –One way (message  digest, digest  message) Bad sides: –Easy to find the same digest with different message. 

26 26 Chapter 4 More good hashing  Original number is 7391743 OperationResult Multiply 7 by 3 21 Discard first digit 1 Multiply 1 by 9 9 Multiply 9 by 1 9 Multiply 9 by 7 63 Discard first digit 3 Multiply 3 by 4 12 Discard first digit 2 Multiply 2 by 3 6  Message digest is 6  Taiwan I.D. is p121282112 Final digital is the hashed value of all the preceding character. OperationResult Homework to find?  Message digest is 2

27 27 Chapter 4 Message Digest Concept Original data 101010101 010101010 …. 0111 0101 1011 Message Digest Message digest algorithm

28 28 Chapter 4 Message Digest Demands - 1 Original data Message digest algorithm Message digest Message digest for the same original data should be the same

29 29 Chapter 4 Message Digest Demands - 2 Original data Reverse Message digest algorithm Message digest Must not be possible

30 30 Chapter 4 Message Digest Demands - 3 Fig 4.22 Original data 1 Message digest algorithm Message digest 1 Original data 2 Message digest algorithm Message digest 2 These two message digests must be different

31 31 Chapter 4 Message Digest Differences Even if the original messages differ minutely, message digests differ dramatically Basis for the guarantee of uniqueness

32 32 Chapter 4 Message Digest Example Please pay the newspaper bill today Please pay the newspaper bill tomorrow 306706092A864886F70D010705A05A3058020100300906052B0E03021A050 0303206092A864886F70D010701A0250423506C65617365207061792074686 5206E65777370617065722062696C6C20746F646179041479630AC8041BA A1C40747F2FC29D881AEF92299B Message Message digest Message Message digest 306A06092A864886F70D010705A05D305B020100300906052B0E03021A0 500303506092A864886F70D010701A0280426506C65617365207061792074 6865206E65777370617065722062696C6C20746F6D6F72726F7704146EE C2E0DB9570A5AF6CEB631CE057AE830A87C5B

33 33 Chapter 4 Message Digest Algorithms Basic principle: Take the original message, and reduce it to a smaller fingerprint Examples: MD5, SHA-1 SHA-1 is considered stronger

34 34 Chapter 4 MD5 MD serial developed by Ron Rivest. MD, MD2, MD3, MD4, MD5, MD6,… Processed in 512-bit blocks (divided into 16 32-bit sub-blocks Output is a set of four 32-bit blocks, amount is 128-bit message digest.

35 35 Chapter 4 How MD5 works? Padding –Filling message m into multiple of 512-bit blocks Append length (in padding) Divide the input into 512-bit blocks Initialize chaining variables Process blocks

36 36 Chapter 4 Padding the original message into multiple of 512-bit Append Length in the final 64-bit of the padding block. original message1000…000original length in bits 1~512 bits 64 bits Multiple of 512 bits

37 37 Chapter 4 Divide the input into 512-bit blocks Original message + padding block block1blocknblock2 512 bits

38 38 Chapter 4 Initial A, B, C,D value –A 01234567 16 B 89ABCDEF 16 –C FEDCBA89 16 D 76543210 16 block1blocknblock2 512 bits MD5 A B C D A B C D

39 39 Chapter 4 Process inside MD5 Operated at 32-bit based. Four rounds, And each round take up 16 steps. All 4*16 steps. There are another 64 constants called t[1],…t[64]

40 40 Chapter 4 Conceptual view within one round Constants t[1~64] Register a b c d Block into sub blocks MD5 round 1 to round 4 Round 1 to round 4 only differ in –1)function, on process P –2) input sequences of subblocks, M[0],..M[15] –3) shift number of bits

41 41 Chapter 4 Input data: –512-bit block M is divided into 16 sub block called M[0], M[1],…M[15], another constants t[1],..t[64], and register a,b,c,d Operation: (Perform round 1~4 step 1~16) –Mainly operated on register a, b, c, d; after each step, registers are rotate- one-position-right exchanged (a, b,c, d)  (d, a,b,c) –Main processes: (for each step) p1: process p on register b,c,d p2: register a is added into p1’s result. p3: sub block M[i] is added into p2’s result p4: constant t[k] is added into p3’s result. p5: the p4’s result is circular-left shifted by s bits p6: register b is added into p5’s result p7: p6’s result write into register a.

42 42 Chapter 4 a = b+(( a + process p (b,c,d) + M[i] + t[k] )<<<s) Fig 4.33 abcd Process P Add t[k] Shift Add abcd Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Add M[i] Step 7

43 43 Chapter 4

44 44 Chapter 4 Secure Hash Algorithm (SHA) NIST and NSA, developed in 1993. also called SHA-1 Modified from MD serial hash function. –Five register a, b, c, d,e (four register in MD5) –5 constants (64 constants 64 in MD5 ) –Function changed Output is: 160 bits

45 45 Chapter 4 Single SHA-1 Iteration Fig 4.39 abcde Process P Add s5s5 W[t] Add K[t] abcde

46 46 Chapter 4 Comparison of MD5 and SHA-1 Fig 4.42 Point of discussionMD5SHA Message digest length in bits 128160 Attack to try and find the original message given a message digest Requires 2 128 operations to break in Requires 2 160 operations to break in, therefore more secure Attack to try and find two messages producing the same message digest Requires 2 64 operations to break in Requires 2 80 operations to break in Successful attacks so farThere have been reported attempts to some extent (as we discussed earlier) No such claims so far SpeedFaster (64 iterations, and 128-bit buffer) Slower (80 iterations, and 160-bit buffer) Software implementationSimple, does not need any large programs or complex tables

47 47 Chapter 4 Message Authentication Code (MAC) Make sure the message digest is sent by the sender (need to include the Secret between sender and receiver ) MAC can ensure the message integrity and authentication, lack of confidentiality and non-repudiation

48 48 Chapter 4 Message Authentication Code (MAC) Fig 4.43 S E N D E R (A) M H1 MAC M H1 Send M H2 MAC R E C E I V E R (B) Compare Step 1 Step 2Step 3 Step 4 K K

49 49 Chapter 4 Hash-based Message Authentication Code (HMAC) Basically use Hash function (MD5, SHA-1) Shared Secret key join with message M to form the a package to be hashed.

50 50 Chapter 4 HMAC Concept Key K message digest algorithms such as MD5 or SHA-1 Original message Message Digest Hash fun- ction (MD5, SHA-1) MAC Final output Key K + +

51 51 Chapter 4 Complete HMAC Operation Transformed key (K) Key (K) ipad XOR S1M Message Digest algorithm H Transformed key (K)opad XOR S2H HMAC Message Digest algorithm 120 bits 512 bits 512 bits 00110110… 512 bits 01011010…

52 52 Chapter 4 Appendix 1. Prime testing Miller-Rabin probability testing –Input n, and assume n=2 s t+1, t is odd number, and s ≧ 1 –Choose positive integer a: a t ≠ 1mod n, and a 2jt ≠ -1 mod n 0 ≦ j ≦ s-1 If a satisfy condition above n is not a prime –Choose different a for k round. (if n pass k round than the probability of n is not a prime is below 1-(1/4) k )

53 53 Chapter 4 prime determinate testing –Input n, –If n satisfy b n-1 =1 mod n and b (n-1/pi) ≠ 1 mod n b is positive integer, and pi is the prime factor of n –then, n is prime

54 54 Chapter 4 Determinate Prime number generation Demytko (prime number determinate generation) –Assume, p i+1 =h i p i +1 and satisfy the following: p i is an odd prime h i <4(p i +1), h i is even 2 hipi =1 mod p i+1 2 hi ≠ 1 mod p i+1 –Then, p i+1 is a prime

Download ppt "1 Chapter 4 Key Topics Asymmetric Key Cryptography –RSA –ElGamal Schnorr DSS Message Digest –MD5 –SHA-1 Message Authentication Code (MAC)"

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)

Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Similar presentations

Ads by Google