Presentation is loading. Please wait.

Presentation is loading. Please wait.

Announcements: HW4 – DES due Friday midnight HW4 – DES due Friday midnight Any volunteers to help config C/C# later today? Who’s using Scheme? Quiz on.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Announcements: HW4 – DES due Friday midnight HW4 – DES due Friday midnight Any volunteers to help config C/C# later today? Who’s using Scheme? Quiz on."— Presentation transcript:

1 Announcements: HW4 – DES due Friday midnight HW4 – DES due Friday midnight Any volunteers to help config C/C# later today? Who’s using Scheme? Quiz on ch 3 postponed until after break Quiz on ch 3 postponed until after break Term project groups and topics due end of week after break Term project groups and topics due end of week after break Use ch 10 – 19 as inspiration Today Finish Rijndael Finish Rijndael RSA concepts RSA conceptsQuestions? DTTF/NB479: DszquphsbqizDay 19

2 Rijndael/AES Tie-ins with Galois field, GF(2 8 ): S-box implements z = Ax -1 + b in GF(2 8 ) MixColumn multiplies by a matrix in GF(2 8 ) to diffuse bits Key schedule (next) uses S-box and powers in GF(2 8 ) Wikipedia’s visuals visuals

3 AddRoundKey (ARK) XOR the round key with matrix d. XOR the round key with matrix d. Key schedule on next slide

4 Key Schedule Write original key as 4x4matrix with 4 columns: W(0), W(1), W(2), W(3). Key for round i is (W(4i), W(4i+1), W(4i+2), W(4i+3)) Other columns defined recursively: Highly non-linear. Resists attacks at finding whole key when part is known K0K0 K1K1 K 10 192-, 256-bit versions similarsimilar

5 Decryption E(k) is: (ARK 0, BS, SR, MC, ARK 1, … BS, SR, MC, ARK 9, BS, SR, ARK 10 ) Each function is invertible: ARK; IBS; ISR; IMC So D(k) is: ARK 10, ISR, IBS, ARK 9, IMC, ISR, IBS, … ARK 1, IMC, ISR, IBS, ARK 0 ) Half-round structure: Write E(k) = ARK, (BS, SR), (MC, ARK), … (BS, SR), (MC, ARK), (BS, SR), ARK Write E(k) = ARK, (BS, SR), (MC, ARK), … (BS, SR), (MC, ARK), (BS, SR), ARK (Note that last MC wouldn’t fit) D(k) = ARK, (ISR, IBS), (ARK, IMC), (ISR, IBS), … (ARK, IMC), (ISR, IBS), ARK D(k) = ARK, (ISR, IBS), (ARK, IMC), (ISR, IBS), … (ARK, IMC), (ISR, IBS), ARK Can write: D(k) = ARK, (IBS, ISR), (IMC, IARK), … (IBS, ISR), (IMC, IARK), (IBS, ISR), ARK

6 Wrap-up Do you trust 128-bit encryption now? You should, especially when keys are sent using public key cryptography (next)

7 Public-key Cryptography Problem: how can I send my AES key without Eve intercepting it? Consider a scheme in which everyone publishes a (public) method by which messages can be encrypted and sent to them … but only the publisher can decrypt. Knowing how to encrypt does not reveal how to decrypt! Knowing how to encrypt does not reveal how to decrypt!

8 RSA (Rivest – Shamir – Adelman) For Alice to send a message to Bob. Bob chooses primes p,q (large, ~100 digits each) He publishes his public key (n,e): n = pq n = pq e, a large number such that gcd(e, (p-1)(q-1)) = 1 e, a large number such that gcd(e, (p-1)(q-1)) = 1 Alice has a message m < n. Otherwise (if m > n), break message into chunks n), break message into chunks < n Alice sends c = m e (mod n) Bob computes c d (mod n) = (m e ) d = m (mod n). What does he use for d?

9 Why does decryption work? Alice – (m)  Bob Bob’s key: n = pq n = pq e: gcd(e, (p-1)(q-1)) = 1 e: gcd(e, (p-1)(q-1)) = 1 This is so d=e -1 mod (p-1)(q-1) exists This is so d=e -1 mod (p-1)(q-1) exists Alice sends c = m e (mod n) Bob computes c d (mod n) = (m e ) d = m (mod n), where d = e -1 (mod n). What does he use for d? Recall Euler’s theorem: as long as gcd(m,n) = 1 So m ed = m (mod n) iff ed = 1 (mod  (n) = 1 (mod (p-1)(q-1)) So d = e -1 *mod (p-1)(q-1)

10 Toy example Alice – (m)  Bob Bob’s key: n = pq = (13)(17) = 221 n = pq = (13)(17) = 221 e = 35: gcd(e, (p-1)(q-1)) = 1 e = 35: gcd(e, (p-1)(q-1)) = 1 d=e -1 mod 192 exists: d = __11__ d=e -1 mod 192 exists: d = __11__ m = 20 (letter t) 1-based, so leading ‘a’ = 1 not ignored 1-based, so leading ‘a’ = 1 not ignored c = m e (mod n) = _197___ c d (mod n) = _20__ Issues: How to compute 20 35 (mod 221)? Efficiency is O(log e) How to compute d? Extended Euclidean alg. And why is this secure? Why can’t Eve calculate d herself?

11 Security Eve knows e, n, and c only To find d = e -1 (mod  (n)), Eve needs to know  (n) = (p-1)(q-1) If she knows n, she can factor it into p and q to find  (n), right? That’s a big if, since n is ~200 digits long! Large numbers are hard to factor! Can’t just test every prime from 1.. sqrt(n) Can’t just test every prime from 1.. sqrt(n)

12 Security c = m e (mod n) Can Eve just compute e-th root of c? Not since mod n Not since mod n Unless we brute force, but not when n is large! Unless we brute force, but not when n is large!

13 Is  (n) as hard to find as the factors of n? Claim: factoring n hard  finding  (n) hard Equivalently:  (n) easy  factoring n easy If I know n and  (n), how can I find p, q? Hint: write n and  (n) in terms of p and q. Hint: write n and  (n) in terms of p and q. I will show later that finding d is as hard to find as factors of n (uses factoring). So Eve has no shortcuts to factoring!

Download ppt "Announcements: HW4 – DES due Friday midnight HW4 – DES due Friday midnight Any volunteers to help config C/C# later today? Who’s using Scheme? Quiz on."

Similar presentations

RSA.

RSA.
IS 302: Information Security and Trust Week 4: Asymmetric Encryption

IS 302: Information Security and Trust Week 4: Asymmetric Encryption
Public Key Encryption Algorithm

Public Key Encryption Algorithm
Computer Science CSC 405By Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 2. Basic Cryptography (Part II)

Computer Science CSC 405By Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 2. Basic Cryptography (Part II)
Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.
Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA Secret sharing Secret sharing DTTF/NB479: DszquphsbqizDay 29.

Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA Secret sharing Secret sharing DTTF/NB479: DszquphsbqizDay 29.
Announcements: Quiz grades entered Quiz grades entered Homework 4 updated with more details. Homework 4 updated with more details. Discussion forum is.

Announcements: Quiz grades entered Quiz grades entered Homework 4 updated with more details. Homework 4 updated with more details. Discussion forum is.
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.

Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
95-712 OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.

OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Attacks on Digital Signature Algorithm: RSA

Attacks on Digital Signature Algorithm: RSA
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.

HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.
Announcements: HW4 – DES due midnight HW4 – DES due midnight So far the record is less than 15 sec on 1 million iters Quiz on ch 3 postponed until after.

Announcements: HW4 – DES due midnight HW4 – DES due midnight So far the record is less than 15 sec on 1 million iters Quiz on ch 3 postponed until after.
Announcements: 1. Short “pop” quiz on Ch 3 (today?) 2. Term project groups and topics due midnight 3. HW6 due Tuesday. Questions? This week: Primality.

Announcements: 1. Short “pop” quiz on Ch 3 (today?) 2. Term project groups and topics due midnight 3. HW6 due Tuesday. Questions? This week: Primality.
Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.

Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.
Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.

Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.
Announcements: Homework 2 returned Homework 2 returned Monday: Written (concept and small calculations) exam on breaking ch 2 ciphers Monday: Written (concept.

Announcements: Homework 2 returned Homework 2 returned Monday: Written (concept and small calculations) exam on breaking ch 2 ciphers Monday: Written (concept.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Announcements: Quizzes returned at end of class Quizzes returned at end of class This week: Mon-Thurs: Data Encryption Standard (DES) Mon-Thurs: Data Encryption.

Announcements: Quizzes returned at end of class Quizzes returned at end of class This week: Mon-Thurs: Data Encryption Standard (DES) Mon-Thurs: Data Encryption.
Public Key Cryptography

Public Key Cryptography
Public Encryption: RSA

Public Encryption: RSA

Similar presentations

Ads by Google