Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key Exchange in Systems VPN usually has two phases –Handshake protocol: key exchange between parties sets symmetric keys –Traffic protocol: communication.

Published byMaximillian Fletcher Modified over 7 years ago

Similar presentations

Presentation on theme: "Key Exchange in Systems VPN usually has two phases –Handshake protocol: key exchange between parties sets symmetric keys –Traffic protocol: communication."— Presentation transcript:

1 Key Exchange in Systems VPN usually has two phases –Handshake protocol: key exchange between parties sets symmetric keys –Traffic protocol: communication is encrypted and authenticated by symmetric keys Automatic distribution of keys- flexibility and scalability Periodic refreshing of keys- reduced material for attacks, recovery from leaks

2 Group Size Best current approach to break DH: through breaking Discrete logarithm Best current attacks on discrete logarithms: about 2 O(  log p log log p) time The default for applications should be 1024 bit prime. SSL and TLS allow 512 bits (borderline security). Other common sizes are 768 and 1536 bits

3 DH Security If g is a generator, it is easy to determine whether the shared key is a quadratic residue or not. Hardness of discrete log is necessary for hardness of standard DH It is an open question whether it is sufficient Standard DH assumption: given (g,p,g x,g y ) it is hard to compute g xy

4 Number Theory

5 Chinese Remainder Theorem Let m,n be two integers such that (m,n)=1. Claim: there is an isomorphism between Z mn and Z m  Z n. Claim: a set of linear equations modulo m and n has a unique solution modulo mn. Let p, q be prime. Each quadratic residue in Z pq has 4 roots.

6 Square Roots Claim: let p be a prime of the form p=4k+3. For every quadratic residue y  Z p the element x  y k+1 is a square root of y. Claim: let p be a prime of the form p=4k+1. There is a polynomial algorithm that finds roots with arbitrarily high probability.

7 Public Key Encryption

8 Trap-Door OWF Definition: f:D  R is a trap-door one way function if there is a trap-door s such that: –Without knowledge of s, the function f is a one way function –Given s, inverting f is easy Example: f g,p (x) = g x mod p is not a trap- door one way function. Example: RSA is a trap-door OWF.

9 Basic Scheme A public key encryption scheme includes the following elements: –A private key k –A public key k’ –An encryption algorithm, which is a trap door OWF. The trap-door info is the private key Public key is published Encryption uses the public key (anyone can encrypt) Decryption requires the private key

10 Key Exchange Links P1P1 Alice P3P3 P4P4 P2P2

11 Public Key Encryption Links P1P1 Alice P3P3 P4P4 P2P2

12 El-Gamal Encryption Constructed by El-Gamal in 1985 Similar to DH Alice publishes p, g as public parameters Alice chooses x as a private key and publishes g x mod p as a public key Encryption of m  Z p by sending (g y mod p, mg xy mod p) or (g y mod p, m+g xy mod p) Requires two exponentiations per each block transmitted.

13 RSA Let n=pq be the product of two primes Choose e such that (e,  (n))=1 Let d be such that de  1 mod  (n) The public key is (n,e) The private key is d Encryption of m  Z n by m e mod n Decryption of c by c d mod n

14 Properties of RSA The requirement (e,  (n))=1 is important for decryption Finding d, given p and q is easy. Finding d given only n and e is assumed to be hard (the RSA assumption) The public exponent e may be small. Typically its value is either 3 (problematic) or 2 16 +1 Each encryption involves several modular multiplications. Decryption is longer.

15 PKCS PKCS – Public Key Cryptographic Standards. A set of standards published by RSA PKCS#1 – defines formats for RSA encryption

16 Security of Factoring Usually (but not always) the problem is to factor n=pq, where p,q are prime Trivial algorithm takes O(  n) Pollard’s rho heuristic takes an expected O(  p) Number field Sieve and Elliptic Curve Method are the current state of the art.

17 Security of RSA Solving factoring implies a solution for RSA Breaking RSA is not known to be equivalent to factoring. RSA is very “sensitive”

18 Security of RSA (cont.) The following must be kept secret: p, q,  (n), d If e is too small (say 3) the Hastad attack is sometimes applicable If d is too small (currently d<n 0.29 ) RSA can be broken in a different way. If Bob receives n=pq, and David receives m=qr, both can be broken. If Bob receives (n,e 1 ), David (n,e 2 ) and (e 1,e 2 )=1 the system can be broken in a third way.

19 Probabilistic Encryption [GM82]: trap-door OWF are not enough to ensure security Same plaintext is mapped to same ciphertext Semantic security: given the ciphertext, gaining information on the plaintext (beyond what is known a-priori) is hard The GM scheme relied on quadratic residuosity Real-world schemes rely on heuristic formatting and addition of a random string or OAEP

20 Encryption Algorithms RSA – in use Elliptic Curve algorithms – in use Multi-prime – Compaq simple variation on RSA, now used by RSA Rabin – not in use El-Gamal – not in use Knapsack – broken NTRU – recently attacked by regev and Nguyen, though still in use Lattice systems – theoretical

21 Real World usage Two words: Key Exchange

Download ppt "Key Exchange in Systems VPN usually has two phases –Handshake protocol: key exchange between parties sets symmetric keys –Traffic protocol: communication."

Similar presentations

7. Asymmetric encryption-

7. Asymmetric encryption-
Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
Introduction to Cryptography and Security Mechanisms

Introduction to Cryptography and Security Mechanisms
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.

Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.

The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie.

Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie.
Foundations of Network and Computer Security J J ohn Black Lecture #13 Sep 26 th 2007 CSCI 6268/TLEN 5831, Fall 2007.

Foundations of Network and Computer Security J J ohn Black Lecture #13 Sep 26 th 2007 CSCI 6268/TLEN 5831, Fall 2007.
Foundations of Network and Computer Security J J ohn Black Lecture #12 Sep 23 rd 2009 CSCI 6268/TLEN 5550, Fall 2009.

Foundations of Network and Computer Security J J ohn Black Lecture #12 Sep 23 rd 2009 CSCI 6268/TLEN 5550, Fall 2009.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.

Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
CS470, A.SelcukPublic Key Cryptography1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukPublic Key Cryptography1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Public Key Cryptography and the RSA Algorithm

Public Key Cryptography and the RSA Algorithm
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Introduction to Modern Cryptography Lecture 7 1.RSA Public Key CryptoSystem 2.One way Trapdoor Functions.

Introduction to Modern Cryptography Lecture 7 1.RSA Public Key CryptoSystem 2.One way Trapdoor Functions.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.

Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.

Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Similar presentations

Ads by Google