Digital Signatures
Anononymity and the Internet
Potential For Mischief
Potential For Mischief
Dilemma Need encryption for security Encryption needs shared key
Dilemma Need encryption for security Encryption needs shared key Diffie Hellman produces shared key
Dilemma Need encryption for security Encryption needs shared key Diffie Hellman produces key But with who???
Symmetric Cryptography Traditional cryptography Same secret encrypts and decrypts: Shift by three letters XOR with bits
Asymmetric Cryptography Symmetric cryptography: Key for encoding same as key for decoding Shift three letters
Asymmetric Cryptography Asymmetric cryptography: Key for encoding different than for decoding
Asymmetric Cryptography Keys work in both directions
Asymmetric Cryptography You can't unlock with key used to lock
Public/Private Keys Make an A/B pair of asymmetric keys Give one away : Public Key Keep one secret : Private Key
Private Key Message is "Signed" Only owner can lock with private key Anyone can unlock Message is "Signed"
Public Key Everyone can lock with public key Only private key holder can unlock
Key Distribution Problem How do you get the right public key from Wells Fargo?
Key Distribution Problem How do you get the right public key from Wells Fargo? Sure, I'm Wells Fargo, here is my public key!!!
Signature Bank Record of signatures
Authenticating a Key Official key bank?? Wells Fargo
Can't Trust Internet Bank Same problem: Key Bank Sure, I'm the key bank, here is Wells Fargo's key!!!
Authenticating a Key Computers & Browsers come with public keys from Certification Authorities
Authenticating a Key Browsers come with public keys of known banks called Certification Authorities
Authenticating a Key Certification Authorities use private key to lock up public keys of other companies "Certificate"
Authenticating a Key If your computer can open box with Verisign public key you can trust what is inside "Certificate"
Chain Of Trust Reality may involve chain of locks
Chain Of Trust Reality may involve chain of locks
Web Security HTTPS : Secure web connection Browser asks server for certificated public key Browser picks shared secret Encrypts with public key, sends to server
Web Security HTTPS : Secure web connection Browser asks server for public key Browser picks shared secret, encrypts with public key, sends to server
Asymmetric Math Use same tricks as Diffie-Hellman: Exponents Mod
Asymmetric Math Possible to pick numbers A, B, C so that:
Asymmetric Math Example: A = 3, B = 7, C = 22 Encrypt with A, decrypt with B
Asymmetric Math Example: A = 3, B = 7, C = 22 OR encrypt with B, decrypt with A
RSA How do we pick A, B, C that work together??? RSA algorithm invented in 1977 (Rivest, Shamir, Adelman)
Picking Keys Start with two prime numbers p, q – multiply to make clock size (C)
Picking Keys Start with two prime numbers p, q – multiply to make clock size (C) Pick (A) that will be part of your private key: {A, C}
Picking Keys Start with two prime numbers p, q – multiply to make clock size (C) Pick (A) that will be part of your private key: {A, C} Calculate (B) from p, q and (A). This makes your public key: {B, C}
Picking Keys Start with two prime numbers p, q – multiply to make clock size (C) Pick (A) that will be part of your private key: {A, C} Calculate (B) from p, q and (A). This makes your public key: {B, C} If anyone figures out p and q they can use B to calculate A !!!
Picking Keys Start with two prime numbers p, q – multiply to make clock size (C) … If anyone figures out p and q they can use B to calculate A !!! To get p and q you have to factor C
Factoring Factoring large numbers is hard But we are getting faster
Factoring Factoring large numbers is hard But we are getting faster Larger keys : 2048 bits (prime numbers with 100's of digits)
Signed Message Messages can be anything Data, Other keys Any attempt to modify encrypted box will mess up the message
Four messages: Message 5 4 15 8 Encrypted Version 11 30 12 2 I sent four messages "signed" with private key My public key: exponent 3, clock 34 message = encrypted ^ exponent mod clock One message was modified, which one is it? Three should check out, one should not private key 11