Download presentation

Presentation is loading. Please wait.

1
Cryptosystems, Hash Functions and Digital Signatures --- Lecture 4 ---

2
Information and Nework Security2 Outline n Why public key cryptography ? n General principles of public key cryptography n The RSA public key cryptosystem n One way hash functions n Digital signature

3
Information and Nework Security3 Private key cipher E Network or Storage Plain Text Cipher Text D Bob Secret Key Alice Secret Key Plain Text

4
Information and Nework Security4 Problems with private key ciphers n In order for Alice & Bob to be able to communicate securely using a private key cipher, such as DES, they have to have a shared key in the first place. çQuestion: What if they have never met before ? n Alice needs to keep 100 different keys if she wishes to communicate with 100 different people

5
Information and Nework Security5 Motivation of Public Key Cryptography n Is it possible for Alice & Bob, who have no shared secret key, to communicate securely ? n This led to the SINGLE MOST IMPORTANT discovery of public key communications: çDiffie & Hellman’s ideas of public key cryptography: çDiffie & Hellman’s ideas of public key cryptography:

6
Information and Nework Security6 Main ideas n Bob: ç publishes, say in Yellow/White pages, his lpublic (for encryption) key, and lencryption algorithm. çkeeps to himself lthe matching secret (for decryption) key.

7
Information and Nework Security7 Main ideas (2) n Alice: çLooks up the phone book, and finds out Bob’s lpublic key, and lencryption algorithm. çEncrypts a message using Bob’s public key and encryption algorithm. çsends the ciphertext to Bob.

8
Information and Nework Security8 Main ideas (3) n Bob: çReceives the ciphertext from Alice çDecrypts the ciphertext using his secret key, together with the decryption algorithm

9
Information and Nework Security9 Public Key Cryptosystem E Network Plain Text Cipher Text D Plain Text Alice Bob Bob: Public Key Directory (Yellow/White Pages) Secret Key

10
Information and Nework Security10 Main differences with DES n The public key is different from the secret key. n Infeasible for an attacker to find out the secret key from the public key. n No need for Alice & Bob to distribute a shared secret key beforehand ! n Only one pair of public and secret keys is required for each user !

11
Information and Nework Security11 Realising public key ciphers n The most famous system that implements Diffie & Hellman’s ideas on public key ciphers is due to çRonald Rivest çAdi Shamir çLeonard Adleman n This public key cryptosystem is called RSA.

12
Information and Nework Security12 Mathematical background Assume that we are working with non- negative integers: n Prime and composite numbers ça prime number is an integer that can be divided only by 1 and itself lE.g.2,3,5,7,11,13, 101,...... çall other integers are composite lE.g.4,6,8,9,10,12, 523743960876432,800164386535

13
Information and Nework Security13 Mathematical background Modular operations n “remainder” ç13 mod 5 = 3, 1 mod 7 = 1 ç20 mod 5 = 0,32 mod 7 = 4 n modular exponentiation ç2 2 mod 3 = 1, 3 2 mod 3 = 0 ç2 2 mod 5 = 4, 10 2 mod 92 = 8 ç4 6 mod 10 = 6, 3 11 mod 10 = 7

14
Information and Nework Security14 Mathematical background n a is relative prime to b if the largest integer that divides both a & b is 1 çE.g: l any m (<>0) is relatively prime to a prime number l is 9 relatively prime to 10?

15
Information and Nework Security15 Mathematical background n Let ø(n) denote the total numbers that are less than n and relatively prime to n çIf n is a prime number then ø(n) = n – 1 çIf p, q are prime numbers and n=p*q, then l Ø(n) = Ø(p*q) = p*q – (p + q -1) = (p-1)*(q-1) - p & q are prime numbers => only multiples of p and q are not relatively prime to p*q - That is: there are (p + q – 1) multiples [0 is counted once] of p and q lE.g: p = 3; q=7; {0, 3, 7, 6, 9, 12, 14, 15, 18} are not relatively prime to p*q lØ(n) = ø(p*q) = 12 ; {1,2,4,5,8,10,11,13,16,17,19,20}

16
Information and Nework Security16 Mathematical background y & n are integers and y (mod ø(n)) = 1, for any x < n, x y mod n = x (1) y & n are integers and y (mod ø(n)) = 1, for any x < n, x y mod n = x (1) çE.g: ly=13 ; n=7; x = 4; lø(n) = 6; y mod ø(n) = 13 mod 6 = 1; lx y = 4 13; x y mod n = 4 13 mod 6 = 4 = x mod n;

17
Information and Nework Security17 Mathematical background The multiplicative inverse of x with modulo n is y such that: (x*y) mod n = 1 (2). The multiplicative inverse of x with modulo n is y such that: (x*y) mod n = 1 (2). n The above multiplicative inverse can be used to create a simple public key cipher: either x or y can be thought of as a secret key and the other is the public key. E.g: x=3; n=10; y=7; we have: (3*7) mod 10 = 1; ¥M =5 ; s3*5 (mod 10) = 5 ; 5*7 (mod 10) = 5 = M (message) ¥M =6 ; s3*6 (mod 10) = 8; 8*7 (mod 10) = 6 = M (message)

18
Information and Nework Security18 RSA Public Key Cryptosystem c= m e mod n Network Plain TextCipher Text Plain Text Alice Bob Bob: (e, n) Public Key Directory (Yellow/White Pages) public key: e & n secret key: d m= c d mod n

19
Information and Nework Security19 RSA (1) n Bob: çchooses 2 large prime numbers:p, q multiplies p and q:n = p*q çfinds out two numbers e & d such that (e * d) mod ø(n) = 1 [ similar to (2) ] (e * d) mod ø(n) = 1 [ similar to (2) ] Or (e * d) mod [(p-1)*(q-1)] = 1 çpublic key (published in the phone book) l2 numbers:(e, n) lencryption alg:modular exponentiation çsecret key:(d,n)

20
Information and Nework Security20 RSA (2) n Alice has a message m to be sent to Bob: çfinds out Bob’s public encryption key (e, n) çcalculates m e (mod n) -> c çsends the ciphertext c to Bob

21
Information and Nework Security21 RSA (3) n Bob: çreceives the ciphertext c from Alice çuses his matching secret decryption key d to calculate c d (mod n) -> m

22
Information and Nework Security22 RSA --- 1st small example (1) n Bob: çchooses 2 primes:p=5, q=11 multiplies p and q:n = p*q = 55 çfinds out two numbers e=3 & d=27 which satisfy (3 * 27) mod 40 = 1 çBob’s public key l2 numbers:(3, 55) lencryption alg:modular exponentiation çsecret key:(27,55)

23
Information and Nework Security23 RSA --- 1st small example (2) n Alice has a message m=13 to be sent to Bob: çfinds out Bob’s public encryption key (3, 55) çcalculates c: c = m e (mod n) = 13 3 (mod 55) = 2197 (mod 55) = 52 çsends the ciphertext c=52 to Bob

24
Information and Nework Security24 RSA --- 1st small example (3) n Bob: çreceives the ciphertext c=52 from Alice çuses his matching secret decryption key 27 to calculate m: m = 52 27 (mod 55) = 13 (Alice’s message)

25
Information and Nework Security25 How does RSA work? n n = p*q => Ø(n) = Ø(p*q) = (p-1)*(q-1) n We choose d & e such that (e * d) mod ø(n) = = 1 ; similar to (2) for any m < n: m de = m mod n ; from (1) an RSA encryption consists of taking m and raising it to e ; and decrypting the ciphertext by raising the result of the encrytion to d : lWe have ¥(a*b) mod n = [(a mod n) * (b mod n)] mod n; ¥a x mod n = [(a mod n)* (a mod n)* … (a mod n)] mod n ----x times of a mod n--- ----x times of a mod n--- = (a mod n) x mod n hence : (m e mod n) d mod n = ( m e ) d mod n = ( m ed ) mod n = m mod n = m [from (1)] hence : (m e mod n) d mod n = ( m e ) d mod n = ( m ed ) mod n = m mod n = m [from (1)]

26
Information and Nework Security26 Remarks on RSA n The message m has to be an integer between the range [1, n). n To encrypt long messages we can use modes of operation as for block private key ciphers, or a hybrid cryptosystem.

27
Information and Nework Security27 Why RSA is Secure n Attack Scenario: çMarvin wants to read Alice’s private message (m) intended to be read only by Bob. çHowever, Alice used RSA to encrypt m using Bob’s public key (e, n), into the ciphertext c = m e (mod n). çMarvin is a determined attacker and managed to intercept the ciphertext c on its way from Alice’s to Bob’s computer. çMarvin also looked up Bob’s public key (e,n) to help him in his attack.

28
Information and Nework Security28 Why RSA is Secure n Marvin now has (c,e,n) and wants to find out m. n How can Marvin proceed to find m? çApproach 1: If Marvin could also find out Bob’s secret key d, he could decrypt c into m in the same way as Bob does. lSuppose Bob guards his secret key d very well, what can Marvin do then? çApproach 2: Marvin knows that c = m e (mod n). He knows that m is a number between 1 and n-1. So he could use exhaustive search through all n possible messages m. l But if n is large this takes a long time!

29
Information and Nework Security29 Why RSA is Secure n Marvin’s Attack options (cont): çApproach 3: Marvin can try to compute Bob’s secret key d from (e,n) and then use Approach 1. l Remember that (e * d) mod ((p-1)*(q-1) ) = 1 l Marvin found in a ‘Number Theory’ book a very fast algorithm called EUCLID to solve the following problem: Given two numbers (r,s), the algorithm outputs a number x such that (r * x) mod s = 1.

30
Information and Nework Security30 Why RSA is Secure n Approach 3 is the most efficient known method Marvin can use to attack RSA! n The time taken for Marvin to execute the attack in Approach 3 is essentially the time to factorize n (n=p*q) into the prime factors p and q. n Therefore, we say that RSA is based on the factorization problem: While it is easy to multiply large primes together, ! n Therefore, we say that RSA is based on the factorization problem: While it is easy to multiply large primes together, it is computationally infeasible to factorize or split a large composite into its prime factors !

31
Information and Nework Security31 Why RSA is Secure n Therefore, when both p and q in RSA are of at least 155 digits, the product n=p*q is 310 digits. n Then no one can factorize n in less time than a few thousand years, not even Marvin!! n Thus the only person who can extract the plaintext m from the ciphertext c is Bob, as only he knows the secret decryption key d !

32
Information and Nework Security32 Marvin’s New Attack Idea n Instead of just eavesdropping, Marvin can try a more active attack! n Outline of the New Attack: çMarvin generates an RSA key pair lPublic key = Kpub_* = (N_*, e_*) lSecret key = Ksec_* = (N_, d_*) çMarvin sends the following email to Alice, pretending to be Bob: lHi Alice, ¥Please use my new public key from now on to encrypt messages to me. My new public key is Kpub_*. ¥Yours sincerely, Bob. çMarvin decrypts any messages Alice sends to Bob (encrypted with Kpub_*), using Ksec_*.

33
Information and Nework Security33 Preventing Marvin’s Active Attack n The active attack works because: çAlice was tricked by Marvin into encrypting a message intended for Bob using a “fake” public key which is NOT Bob’s public key (in fact it was Marvin’s). n To prevent the attack: çBefore Alice encrypts a message for Bob, she must make sure she has Bob’s CORRECT public key (and not a fake one). çAlice needs a way of testing the truth of any “Bob’s key message” informing Alice of Bob’s Public Key. çNo one besides Bob should be able to produce such a message so that it will pass Alice’s Test.

34
Information and Nework Security34 Preventing Marvin’s Active Attack (2) n This is a setting where Alice and Bob have a message integrity security requirement! çIe. Alice and Bob want to prevent fabrication and/or modification of a “Bob’s key message” (a message informing Alice of Bob’s public key) by unautorised parties (like Marvin). n The main cryptographic tool used to achieve message integrity is “Authority Certificates”. n Later we will see how Digital Signatures can be used to prevent Marvin’s Attack!

35
Information and Nework Security35 Private key ciphers n Good points çin-expensive to use çfast çlow cost VLSI chips available n Bad points çkey distribution is a problem

36
Information and Nework Security36 Public key ciphers n Good points çkey distribution is NOT a problem n Bad points çrelatively expensive to use çrelatively slow çVLSI chips not available or relatively high cost

37
Information and Nework Security37 Combining 2 Type of Ciphers n In practice, we can çuse a public key cipher (such as RSA) to distribute keys çuse a private key cipher (such as DES) to encrypt and decrypt messages

38
Information and Nework Security38 The Need of Digital Signature n Social & business activities and their associated documents are becoming digital çdigital conferences çdigital contract signing çdigital cash payments,...... n Hand-written signatures are not applicable to digital data

39
Information and Nework Security39 Digital Signature (based on RSA) Public Key Directory (Yellow/White Pages) Bob: E Network Plain Text Bob Secret Key + Cathy Signature Accept if equal D Signature ? Public Key

40
Information and Nework Security40 Digital Signature (for short doc) Public Key Directory (Yellow/White Pages) Bob: (e, n) Network Plain Text Bob Secret Key d + Cathy Signature Accept if equal Signature ? Public Key (e, n) s = m d mod n t =s e mod n

41
Information and Nework Security41 RSA Signature --- an eg (1) n Bob: çchooses 2 primes:p=5, q=11 multiplies p and q:n = p*q = 55 çfinds out two numbers e=3 & d=27 which satisfy (3 * 27) mod 40 = 1 çBob’s public key l2 numbers:(3, 55) lencryption alg:modular exponentiation çsecret key:(27,55)

42
Information and Nework Security42 RSA Signature --- an eg (2) n Bob has a document m=19 to sign: çuses his secret key d=27 to calculate the digital signature of m=19: s = m d (mod n) = 19 27 (mod 55) = 24 çappends 24 to 19. Now (m, s) = (19, 24) indicates that the doc is 19, and Bob’s signature on the doc is 24.

43
Information and Nework Security43 RSA Signature --- an eg. (3) n Cathy, a verifier: çreceives a pair (m,s)=(19, 24) çlooks up the phone book and finds out Bob’s public key (e, n)=(3, 55) çcalculatest = s e (mod n) = 24 3 (mod 55) = 19 çchecks whether t=m çconfirms that (19,24) is a genuinely signed document of Bob if t=m.

44
Information and Nework Security44 How about Long Documents ? n In the previous example, a document has to be an integer in [1,...,n) n To sign a very long document, we need a so called one-way hash algorithm n Instead of signing directly on a doc, we hash the doc first, and sign the hashed data which is normally short.

45
Information and Nework Security45 One-Way Hash Algorithm n A one-way hash algorithm hashes an input document into a condensed short output (say of 100 bits) çDenoting a one-way hash algorithm by H(.), we have: lInput: m - a binary string of any length lOutput: H(m) - a binary string of L bits, called the “hash of m under H”. lThe output length parameter L is fixed for a given one- way hash function H, leg ¥The one-way hash function “MD5” has L = 128 bits ¥The one-way hash function “SHA-1” has L = 160 bits

46
Information and Nework Security46 One-Way Hash Algorithm A document (of any length) A condensed short output, say of 100 bits

47
Information and Nework Security47 Properties of One-Way Hash Algorithm n A good one-way hash algorithm H needs to have these properties : ç1. Easy to Evaluate: lThe hashing algorithm should be fast lI.e. given any document m, the hashed value h = H(m) can be computed quickly. ç2. Hard to Reverse: lThere is no feasible algorithm to “reverse” a hashed value, lI.e. given any hashed value h, it is computationally infeasible to find any document m such that H(m) = h. çNOTE: An algorithm is called ‘One-Way’ if it has BOTH properties 1 and 2. ç3. Hard to find Collisions: lThere is no feasible algorithm to find two or more input documents which are hashed into the same condensed output, lI.e it is computationally infeasible to find any two documents m 1, m 2 such that H(m 1 )= H(m 2 ).

48
Information and Nework Security48 The One-way Property Hash value h (length= L bits) H Document m (any length) This direction is easy to compute! Hash value h (length= L bits) H Document m (any length) But this direction is infeasible to compute!

49
Information and Nework Security49 Finding Collision is Infeasible (same condensed output) I, Bob, will pay $1,000 to Alice. I, Bob, will pay $10,000 to Alice. HH Document m 1 Document m 2

50
Information and Nework Security50 Digital Signature (for long doc) Public Key Directory (Yellow/White Pages) Bob: Network Plain Text H 100 bits Bob Secret Key + H 100 bits Cathy Signature Accept if equal 1-way hash 100 bits Signature ? Public Key

51
Information and Nework Security51 Why Digital Signature ? n Unforgeable çtakes 1 billion years to forge ! n Un-deniable by the signatory n Universally verifiable n Differs from doc to doc n Easily implementable by çsoftware or çhardware or çsoftware + hardware

52
Information and Nework Security52 Unforgeable Digital Signature I, Bob, will pay $1,000 to Alice. a valid signature 101001010 I, Bob, will pay $10,000 to Alice. 001001101 also a valid signature

53
Information and Nework Security53 Digital Signature -- summary n Three (3) steps are involved in digital signature çSetting up public and secret keys çSigning a document çVerifying a signature

54
Information and Nework Security54 Setting up Public & Secret Keys n Bob does the following çprepares a pair of public and secret keys çpublishes his public key in the public key file (such as an on-line phone book) çkeeps the secret key to himself n Note: çSetting up needs only to be done once !

55
Information and Nework Security55 Signing a Document n Once setting up is completed, Bob can sign a document (such as a contract, a cheque, a certificate,...) using the secret key n The pair of document & signature is a proof that Bob has signed the document.

56
Information and Nework Security56 Verifying a Signature n Any party, say Cathy, can verify the pair of document and signature, by using Bob’s public key in the public key file. n Important ! çCathy does NOT have to have public or secret key !

Similar presentations

© 2019 SlidePlayer.com Inc.

All rights reserved.

To make this website work, we log user data and share it with processors. To use this website, you must agree to our Privacy Policy, including cookie policy.

Ads by Google