4 th lecture

 Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11 (L) key = message + key = 4 (E) 16 (Q) 13 (N) 21 (V) 25 (Z) message + key (mod 26) E Q N V Z → ciphertext

 To obtain the plaintext from the ciphertext, the key is subtracted from the ciphertext using modular arithmetic. E Q N V Z ciphertext 4 (E) 16 (Q) 13 (N) 21 (V) 25 (Z) ciphertext - 23 (X) 12 (M) 2 (C) 10 (K) 11 (L) key = ciphertext - key = 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) ciphertext - key (mod 26) H E L L O → message

 Encryption  M:  K:  C: C = M (xor) K  Decryption  C:  K:  M: M = C (xor) K

 They are a fundamental building block for most of the protocols.  They are easy to compute, but hard to reverse  Given X it is easy to compute f(x), but given f(x) it is hard to compute X.  “hard” is defined as something like, it would take millions of years to compute X from f(X).

 A special type of one-way function, one with a secret trapdoor.  It is easy to compute in one direction and hard to compute in the other direction. But, if you know the secret, you can easily compute the function in the other direction.

 Message digest (MD), message integrity check (MIC), fingerprint, …  It takes a variable-length input string (pre- image) and converts it to a fixed-length output string (hash value).  It is easy to compute a hash value from pre- image, but it is hard to generate a pre-image that hashes to a particular value.

 A good one-way hash function is collision-free.  Collision-free means that, it is hard to find two pre-images that generate the same hash value.  A single bit change in the pre-image changes on the average half of the bits in the hash value.  Application: File fingerprinting.  The two most common hash functions are:  Message Digest 5 (MD5): produce 120-b digest.  Secure Hash Algorithm 1 (SHA-1): produces 160-b.

 MAC is a one-way hash function with the addition of a secret key.  Someone with the key can verify the hash value. One-way hash function Pre-image Key Hash value

Requirements - must be able to verify that: 1. Message came from apparent source or author. 2. Contents have not been altered. 3. Sometimes, it was sent at a certain time or sequence. Protection against active attacks.

 Authentication Using Conventional Encryption ◦ Only the sender and receiver should share a key  Authentication without Message Encryption ◦ An authentication tag is generated and appended to each message  Message Authentication Code ◦ Calculate the MAC as a function of the message and the key. MAC = F(K, M)

Using One-way HASH function

 Introduced by Diffie and Hellman.  Two different keys are used (public - private).  It is computationally hard to deduce the private key from the public key.  It is based on the trap-door one-way functions.  A network of users can communicate together using the public-key cryptosystem.

 Three categories: ◦ Encryption/decryption : The sender encrypts a message with the recipient’s public key. ◦ Digital signature : The sender ”signs” a message with its private key. ◦ Key echange : Two sides cooperate to exhange a session key.

1. Computationally easy for a party B to generate a pair (public key KU b, private key KR b ) 2. Easy for sender to generate 3. Easy for the receiver to decrypt ciphertect using private key: ciphertext:

4. Computationally infeasible to determine private key (KR b ) knowing public key (KU b ) 5. Computationally infeasible to recover message M, knowing KU b and ciphertext C 6. Either of the two keys can be used for encryption, with the other used for decryption:

 Public-key algorithms are slow.  Public-key cryptosystems are vulnerable to chosen-plaintext attacks: ◦ If C=E(P), and P is one plaintext out of a set of n possible plaintexts, then a cryptanalyst only has to encrypt all n possible plaintexts and compare the results with C. It is used to distribute session keys which are used with symmetric algorithms to secure messages. “This is called a hybrid cryptosystem”

 A hybrid cryptosystem can be constructed using any two separate cryptosystems:  a key encapsulation scheme, which is a public-key cryptosystem, and  a data encapsulation scheme, which is a symmetric-key cryptosystem.

To encrypt a message addressed to Alice in a hybrid cryptosystem, Bob does the following:  Obtains Alice's public key.  Generates a fresh symmetric key for the data encapsulation scheme.  Encrypts the message under the data encapsulation scheme, using the symmetric key just generated.

 Encrypt the symmetric key under the key encapsulation scheme, using Alice's public key.  Send both of these encryptions to Alice. To decrypt this hybrid ciphertext, Alice does the following:  uses her private key to decrypt the symmetric key contained in the key encapsulation segment.  uses this symmetric key to decrypt the message contained in the data encapsulation segment.

 RSA and Diffie-Hellman  RSA - Ron Rives, Adi Shamir and Len Adleman at MIT, in ◦ RSA is a block cipher ◦ The most widely implemented  Diffie-Hellman ◦ Echange a secret key securely

 Characteristics of signatures: ◦ The signature is authentic. ◦ The signature is unforgeable. ◦ The signature is not reusable. ◦ The signed document is unalterable. ◦ The signature can not be repudiated.

 There are some problems if signatures is used in computer environment (digital signature): ◦ Computer files are easy to copy. ◦ It is easy to cut and paste a valid signature from one document to another. ◦ Computer files are easy to modify after they are signed.

 Alice sends a message to Bob that includes both the plaintext “P” and an encrypted version of P, “C” using her private key. This encrypted version is her digital signature.  Bob receives the message “C” and decrypts it using her public key.  Bob compares the decrypted message and the plaintext message.

 Bob can authenticate that the message came from Alice because he decrypted it using Alice’s public key.

 if Alice and Bob are strangers who have never communicated to each other before, then the digital signature is useless for authentication. it cannot be used to authenticate the identity of the sender. In this case, a trusted third party “arbitrator” is required to authenticate the identity of the transacting parties