Announcements: HW4 – DES due Friday midnight HW4 – DES due Friday midnight Any volunteers to help config C/C# later today? Who’s using Scheme? Quiz on.

Slides:



Advertisements
Similar presentations
RSA.
Advertisements

IS 302: Information Security and Trust Week 4: Asymmetric Encryption
Public Key Encryption Algorithm
Computer Science CSC 405By Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 2. Basic Cryptography (Part II)
Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.
Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA Secret sharing Secret sharing DTTF/NB479: DszquphsbqizDay 29.
Announcements: Quiz grades entered Quiz grades entered Homework 4 updated with more details. Homework 4 updated with more details. Discussion forum is.
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Attacks on Digital Signature Algorithm: RSA
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.
Announcements: HW4 – DES due midnight HW4 – DES due midnight So far the record is less than 15 sec on 1 million iters Quiz on ch 3 postponed until after.
Announcements: 1. Short “pop” quiz on Ch 3 (today?) 2. Term project groups and topics due midnight 3. HW6 due Tuesday. Questions? This week: Primality.
Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.
Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.
Announcements: Homework 2 returned Homework 2 returned Monday: Written (concept and small calculations) exam on breaking ch 2 ciphers Monday: Written (concept.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Announcements: Quizzes returned at end of class Quizzes returned at end of class This week: Mon-Thurs: Data Encryption Standard (DES) Mon-Thurs: Data Encryption.
Public Key Cryptography
Public Encryption: RSA
Public Key Cryptography and the RSA Algorithm
Announcements: How was last Saturday’s workshop? How was last Saturday’s workshop? DES due now DES due now Chapter 3 Exam tomorrow Chapter 3 Exam tomorrow.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Announcements: DES due Thursday. DES due Thursday. Try not to use late day, so you can study for Ch 3 quiz Friday. Try not to use late day, so you can.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 29.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.
“RSA”. RSA  by Rivest, Shamir & Adleman of MIT in 1977  best known & widely used public-key scheme  RSA is a block cipher, plain & cipher text are.
Introduction to Public Key Cryptography
Public Key Model 8. Cryptography part 2.
 Introduction  Requirements for RSA  Ingredients for RSA  RSA Algorithm  RSA Example  Problems on RSA.
Chapter 12 Cryptography (slides edited by Erin Chambers)
Cryptography Lecture 8 Stefan Dziembowski
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the order Teams mostly.
1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS CIS 5357 Network Security.
Public-Key Cryptography CS110 Fall Conventional Encryption.
David Evans CS200: Computer Science University of Virginia Computer Science Class 36: Public-Key Cryptography If you want.
Midterm Review Cryptography & Network Security
Announcements: HW4 – DES due Thursday HW4 – DES due Thursday I have installed, or will install: Java, C (gcc), Python. What other languages? Please make.
Cryptography Lecture 7: RSA Primality Testing Piotr Faliszewski.
Day 37 8: Network Security8-1. 8: Network Security8-2 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key:
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Modular Arithmetic with Applications to Cryptography Lecture 47 Section 10.4 Wed, Apr 13, 2005.
Private-Key Cryptography  traditional private/secret/single key cryptography uses one key  shared by both sender and receiver  if this key is disclosed.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
1 Public-Key Cryptography and Message Authentication.
Cryptography and Network Security Chapter 9 - Public-Key Cryptography
The RSA Algorithm. Content Review of Encryption RSA An RSA example.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Cryptography and Network Security Public Key Cryptography and RSA.
Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.
Scott CH Huang COM 5336 Cryptography Lecture 6 Public Key Cryptography & RSA Scott CH Huang COM 5336 Cryptography Lecture 6.
Cryptography Lecture 17: Advanced Encryption Standard (AES) Piotr Faliszewski.
Chapter 9 Public Key Cryptography and RSA. Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender.
Announcements: Homework 2 returned Homework 2 returned Monday: Written (concept and small calculations) exam on breaking ch 2 ciphers Monday: Written (concept.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Great Theoretical Ideas in Computer Science.
RSA Cryptosystem Great Theoretical Ideas In Computer Science S. Rudich V. Adamchik CS Spring 2006 Lecture 8Feb. 09, 2006Carnegie Mellon University.
Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli Alger.
Chapter 9 – Public Key Cryptography and RSA Every Egyptian received two names, which were known respectively as the true name and the good name, or the.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
Intro to Cryptography ICS 6D Sandy Irani. Cryptography Intro Alice wants to send a message to Bob so that even if Eve can see the transmitted information,
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
Revision. Cryptography depends on some properties of prime numbers. One of these is that it is rather easy to generate large prime numbers, but much harder.
Public Key Cryptography
DTTF/NB479: Dszquphsbqiz Day 17
DTTF/NB479: Dszquphsbqiz Day 19
Presentation transcript:

Announcements: HW4 – DES due Friday midnight HW4 – DES due Friday midnight Any volunteers to help config C/C# later today? Who’s using Scheme? Quiz on ch 3 postponed until after break Quiz on ch 3 postponed until after break Term project groups and topics due end of week after break Term project groups and topics due end of week after break Use ch 10 – 19 as inspiration Today Finish Rijndael Finish Rijndael RSA concepts RSA conceptsQuestions? DTTF/NB479: DszquphsbqizDay 19

Rijndael/AES Tie-ins with Galois field, GF(2 8 ): S-box implements z = Ax -1 + b in GF(2 8 ) MixColumn multiplies by a matrix in GF(2 8 ) to diffuse bits Key schedule (next) uses S-box and powers in GF(2 8 ) Wikipedia’s visuals visuals

AddRoundKey (ARK) XOR the round key with matrix d. XOR the round key with matrix d. Key schedule on next slide

Key Schedule Write original key as 4x4matrix with 4 columns: W(0), W(1), W(2), W(3). Key for round i is (W(4i), W(4i+1), W(4i+2), W(4i+3)) Other columns defined recursively: Highly non-linear. Resists attacks at finding whole key when part is known K0K0 K1K1 K , 256-bit versions similarsimilar

Decryption E(k) is: (ARK 0, BS, SR, MC, ARK 1, … BS, SR, MC, ARK 9, BS, SR, ARK 10 ) Each function is invertible: ARK; IBS; ISR; IMC So D(k) is: ARK 10, ISR, IBS, ARK 9, IMC, ISR, IBS, … ARK 1, IMC, ISR, IBS, ARK 0 ) Half-round structure: Write E(k) = ARK, (BS, SR), (MC, ARK), … (BS, SR), (MC, ARK), (BS, SR), ARK Write E(k) = ARK, (BS, SR), (MC, ARK), … (BS, SR), (MC, ARK), (BS, SR), ARK (Note that last MC wouldn’t fit) D(k) = ARK, (ISR, IBS), (ARK, IMC), (ISR, IBS), … (ARK, IMC), (ISR, IBS), ARK D(k) = ARK, (ISR, IBS), (ARK, IMC), (ISR, IBS), … (ARK, IMC), (ISR, IBS), ARK Can write: D(k) = ARK, (IBS, ISR), (IMC, IARK), … (IBS, ISR), (IMC, IARK), (IBS, ISR), ARK

Wrap-up Do you trust 128-bit encryption now? You should, especially when keys are sent using public key cryptography (next)

Public-key Cryptography Problem: how can I send my AES key without Eve intercepting it? Consider a scheme in which everyone publishes a (public) method by which messages can be encrypted and sent to them … but only the publisher can decrypt. Knowing how to encrypt does not reveal how to decrypt! Knowing how to encrypt does not reveal how to decrypt!

RSA (Rivest – Shamir – Adelman) For Alice to send a message to Bob. Bob chooses primes p,q (large, ~100 digits each) He publishes his public key (n,e): n = pq n = pq e, a large number such that gcd(e, (p-1)(q-1)) = 1 e, a large number such that gcd(e, (p-1)(q-1)) = 1 Alice has a message m < n. Otherwise (if m > n), break message into chunks n), break message into chunks < n Alice sends c = m e (mod n) Bob computes c d (mod n) = (m e ) d = m (mod n). What does he use for d?

Why does decryption work? Alice – (m)  Bob Bob’s key: n = pq n = pq e: gcd(e, (p-1)(q-1)) = 1 e: gcd(e, (p-1)(q-1)) = 1 This is so d=e -1 mod (p-1)(q-1) exists This is so d=e -1 mod (p-1)(q-1) exists Alice sends c = m e (mod n) Bob computes c d (mod n) = (m e ) d = m (mod n), where d = e -1 (mod n). What does he use for d? Recall Euler’s theorem: as long as gcd(m,n) = 1 So m ed = m (mod n) iff ed = 1 (mod  (n) = 1 (mod (p-1)(q-1)) So d = e -1 *mod (p-1)(q-1)

Toy example Alice – (m)  Bob Bob’s key: n = pq = (13)(17) = 221 n = pq = (13)(17) = 221 e = 35: gcd(e, (p-1)(q-1)) = 1 e = 35: gcd(e, (p-1)(q-1)) = 1 d=e -1 mod 192 exists: d = __11__ d=e -1 mod 192 exists: d = __11__ m = 20 (letter t) 1-based, so leading ‘a’ = 1 not ignored 1-based, so leading ‘a’ = 1 not ignored c = m e (mod n) = _197___ c d (mod n) = _20__ Issues: How to compute (mod 221)? Efficiency is O(log e) How to compute d? Extended Euclidean alg. And why is this secure? Why can’t Eve calculate d herself?

Security Eve knows e, n, and c only To find d = e -1 (mod  (n)), Eve needs to know  (n) = (p-1)(q-1) If she knows n, she can factor it into p and q to find  (n), right? That’s a big if, since n is ~200 digits long! Large numbers are hard to factor! Can’t just test every prime from 1.. sqrt(n) Can’t just test every prime from 1.. sqrt(n)

Security c = m e (mod n) Can Eve just compute e-th root of c? Not since mod n Not since mod n Unless we brute force, but not when n is large! Unless we brute force, but not when n is large!

Is  (n) as hard to find as the factors of n? Claim: factoring n hard  finding  (n) hard Equivalently:  (n) easy  factoring n easy If I know n and  (n), how can I find p, q? Hint: write n and  (n) in terms of p and q. Hint: write n and  (n) in terms of p and q. I will show later that finding d is as hard to find as factors of n (uses factoring). So Eve has no shortcuts to factoring!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.