Announcements: 1. Pass in HW7 now. 2. Project rubrics posted (peruse together) 3. Teams choose presentation dates now Questions? This week: Birthday attacks,

Slides:



Advertisements
Similar presentations
1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
Advertisements

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and applications Math 7290CryptographySu07.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 # Public/Private Keys = 2 n.
Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA Secret sharing Secret sharing DTTF/NB479: DszquphsbqizDay 29.
Announcements: 1. Term project groups and topics due midnight 2. HW6 due next Tuesday. Questions? This week: Primality testing, factoring Primality testing,
Announcements: See schedule for weeks 8 and 9 See schedule for weeks 8 and 9 Project workdays, due dates, exam Project workdays, due dates, exam Projects:
Announcements: 1. Pass in Homework 5 now. 2. Term project groups and topics due by Friday 1.Can use discussion forum to find teammates 3. HW6 posted, due.
Attacks on Digital Signature Algorithm: RSA
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.
Announcements: HW4 – DES due midnight HW4 – DES due midnight So far the record is less than 15 sec on 1 million iters Quiz on ch 3 postponed until after.
Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Announcements: 1. Presentations start Friday 2. Cem Kaner presenting O th block today. Questions? This week: DSA, Digital Cash DSA, Digital Cash.
Announcements:Questions? This week: Birthday attacks, Digital signatures, DSA Birthday attacks, Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 30.
Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,
Announcements: 1. Short “pop” quiz on Ch 3 (not today) 2. Term project groups and topics due tomorrow midnight Waiting for posts from 22 of you. 3. HW6:
Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.
Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.
Chapter 7-1 Signature Schemes.
Announcements: How was last Saturday’s workshop? How was last Saturday’s workshop? DES due now DES due now Chapter 3 Exam tomorrow Chapter 3 Exam tomorrow.
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)
Announcements: HW4 – DES due Friday midnight HW4 – DES due Friday midnight Any volunteers to help config C/C# later today? Who’s using Scheme? Quiz on.
Introduction to Modern Cryptography Lecture 7 1.RSA Public Key CryptoSystem 2.One way Trapdoor Functions.
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Topic 5 Essential Public Key Crypto Methods.
ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 29.
Announcements: 1. Late HW7’s now. Questions? This week: Birthday attacks, Digital signatures, DSA Birthday attacks, Digital signatures, DSA DTTF/NB479:
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.
Cryptography and Network Security Chapter 13
Introduction to Public Key Cryptography
Asymmetric encryption. Asymmetric encryption, often called "public key" encryption, allows Alice to send Bob an encrypted message without a shared secret.
Public Key Model 8. Cryptography part 2.
13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.
Digital Signatures (DSs) The digital signatures cannot be separated from the message and attached to another The signature is not only tied to signer but.
Chapter 13 Digital Signature
Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
11 Digital Signature.  Efficiency  Unforgeability : only signer can generate  Not reusable : not to use for other message  Unalterable : No modification.
Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
1 Lect. 15 : Digital Signatures RSA, ElGamal, DSA, KCDSA, Schnorr.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the order Teams mostly.
1 Digital signatures Chapter 7: Digital signatures IV054 Example: Assume that each user A uses a public-key cryptosystem (e A,d A ). Signing a message.
Topic 22: Digital Schemes (2)
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
Announcements: HW4 – DES due Thursday HW4 – DES due Thursday I have installed, or will install: Java, C (gcc), Python. What other languages? Please make.
Software Security Seminar - 1 Chapter 5. Advanced Protocols 조미성 Applied Cryptography.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Algebra of RSA codes Yinduo Ma Tong Li. Ron Rivest, Adi Shamir and Leonard Adleman.
Remaining course content Remote, fair coin flipping Remote, fair coin flipping Presentations: Protocols, Elliptic curves, Info Theory, Quantum Crypto,
Section 3: Public Key, Digital Signature
A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 F F
Prepared by Dr. Lamiaa Elshenawy
Public Key Algorithms Lesson Introduction ●Modular arithmetic ●RSA ●Diffie-Hellman.
Public Key Cryptosystem Introduced in 1976 by Diffie and Hellman [2] In PKC different keys are used for encryption and decryption 1978: First Two Implementations.
CS 4803 Fall 04 Public Key Algorithms. Modular Arithmetic n Public key algorithms are based on modular arithmetic. n Modular addition. n Modular multiplication.
Digital Signature Standard (DSS) US Govt approved signature scheme designed by NIST & NSA in early 90's published as FIPS-186 in 1991 revised in 1993,
 Requirement  Security  Classification  RSA Signature  ElGamal Signature  DSS  Other Signature Schemes  Applied Digital Signatures 11.
Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli Alger.
CS480 Cryptography and Information Security Huiping Guo Department of Computer Science California State University, Los Angeles 14. Digital signature.
KNAPSACK公開金鑰密碼學 Algorithms FINITE DEFINITENESS INPUT/OUTPUT GENERALITY
Public Key Cryptosystem
DTTF/NB479: Dszquphsbqiz Day 26
第四章 數位簽章.
第四章 數位簽章.
Digital Signatures.
DTTF/NB479: Dszquphsbqiz Day 27
Lecture 6: Digital Signature
Chapter 13 Digital Signature
Presentation transcript:

Announcements: 1. Pass in HW7 now. 2. Project rubrics posted (peruse together) 3. Teams choose presentation dates now Questions? This week: Birthday attacks, Digital signatures, DSA Birthday attacks, Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 31

Why are digital signatures important? Compare with paper signatures Danger: Eve would like to use your signature on other documents! Solution: sig = f(document, user) Let m be the message/document Let m be the message/document Algorithms we’ll study: RSA RSA ElGamal ElGamal DSA (Digital Signature Algorithm) DSA (Digital Signature Algorithm)

RSA Signatures Alice chooses: p,q, n=pq, p,q, n=pq, e: gcd(n, (p-1)(q-1))=1, e: gcd(n, (p-1)(q-1))=1, d: ed = 1(mod ((p-1)(q-1)) d: ed = 1(mod ((p-1)(q-1)) Publishes n, e Alice’s signature: y = m d (mod n). Delivers (m, y) y = m d (mod n). Delivers (m, y) Bob’s verification: Does m = y e (mod n)? Does m = y e (mod n)? Show the verification works. Note that given the signature y, Bob can compute the message, m.

RSA Signatures Alice chooses: p,q, n=pq, p,q, n=pq, e: gcd(n, (p-1)(q-1))=1, e: gcd(n, (p-1)(q-1))=1, d: ed = 1(mod ((p-1)(q-1)) d: ed = 1(mod ((p-1)(q-1)) Publishes n, e Alice’s signature: y = m d (mod n). Delivers (m, y) y = m d (mod n). Delivers (m, y) Bob’s verification: Does m = y e (mod n)? Does m = y e (mod n)? Show the verification works. Note that given the signature y, Bob can compute the message, m. Eve wants to use Alice’s signature on a different document, m 1 Why doesn’t this work? Eve wants to choose a new y 1, then compute m 1 = y 1 e Why doesn’t this work?

Blind Signature Alice chooses: p,q, n=pq, p,q, n=pq, e: gcd(n, (p-1)(q-1))=1, e: gcd(n, (p-1)(q-1))=1, d: ed = 1(mod ((p-1)(q-1)) d: ed = 1(mod ((p-1)(q-1)) Publishes n, e Bob wants m signed Bob chooses: k: random, gcd(k, n)=1 k: random, gcd(k, n)=1 Bob sends: t=k e m Alice’s signature: s = t d (mod n). s = t d (mod n). Bob’s verification: Computes sk -1 Computes sk -1 Bob wants Alice to sign a document as a method of time-stamping it, but doesn’t want to release the contents yet. Why can’t Alice read m? Verification: Find sk -1 in terms of m What is the significance of this? What’s the danger to Alice of a blind signature?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.