Presentation is loading. Please wait.

Presentation is loading. Please wait.

DTTF/NB479: Dszquphsbqiz Day 26

Published byLorena Jackson Modified over 6 years ago

Similar presentations

Presentation on theme: "DTTF/NB479: Dszquphsbqiz Day 26"— Presentation transcript:

1 DTTF/NB479: Dszquphsbqiz Day 26
Announcements: HW6 due now HW7 posted Will pick pres dates Friday Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Hash Functions, SHA1, Birthday attacks

2 ElGamal Name: ______________________ Show that Bob’s decryption works Plug in values for t, r, and b. Eve would like to know k. Show that knowing k allows decrpytion. Why? m=b-kt Why can’t Eve compute k from r or t? Need to calculate a discrete log to do so, which is hard when p is large Challenge: Alice should randomize k each time. If not, and Eve gets hold of a plaintext / ciphertext (m1, r1, t1), she can decrypt other ciphertexts (m2, r2, t2). Show how. Use m1, t1 to solve for bk. Then use b-k and t2 to find m2 If Eve says she found m from (r,t), can we verify that she really found it, using only the public key (and not k or a)? Explain. Not easily (see next slide) Bob publishes (a, p, b), where 1 < m < p and b=aa Alice chooses secret k, computes and sends to Bob the pair (r,t) where r=ak (mod p) t = bkm (mod p) Bob finds: tr-a=m (mod p) Notes:

3 Known plaintext attack
Bob publishes (a, p, b), where 1 < m < p and b=aa Alice chooses secret k, computes and sends to Bob the pair (r,t) where r=ak (mod p) t = bkm (mod p) Bob finds: tr-a=m (mod p) Why does this work? If Eve got hold of a plaintext/ciphertext (m1, r1, t1), she can decrypt other ciphertexts (m2, r2, t2): Answer: r=ak (mod p), t1 = bkm1 (mod p), t2 = bkm2 (mod p) So You can solve for m2, since everything else in the proportion is known. Alice should randomize k each time.

4 Tying everything together
Bob publishes (a, p, b), where 1 < m < p and b=aa Alice chooses secret k, computes and sends to Bob the pair (r,t) where r=ak (mod p) t = bkm (mod p) Bob finds: tr-a=m (mod p) Why does this work? If Eve says she found m from (r,t), can we verify that she really found it, using just m,r,t and the public key? Decision D-H Validity of (mod p) ElGamal ciphertexts. Computational D-H Decrypting (mod p) ElGamal ciphertexts. Not easily!

5 Cryptographic hash functions shrink messages into a digest
1 Cryptographic hash functions shrink messages into a digest Message m (long) Message digest, y (Shorter fixed length) Cryptographic hash Function, h Shrinks data, so 2 messages can have the same digest: m1 != m2, but h(m1) = h(m2) Goal: to provide a unique “fingerprint” of the message.

6 2 Cryptographic hash functions must satisfy three properties to be useful and secure Message m (long) Message digest, y (Shorter fixed length) Cryptographic hash Function, h Shrinks data, so 2 messages can have the same digest: m1 != m2, but h(m1) = h(m2) Fast to compute y from m. One-way: given y = h(m), can’t find any m’ satisfying h(m’) = y easily. Strongly collision-free: Can’t find any pair m1 ≠ m2 such that h(m1)=h(m2) easily (Sometimes we can settle for weakly collision-free: given m, can’t find m’ ≠ m with h(m) = h(m’).

7 Hash functions can be used for digital signatures and error detection
3 3 properties: Fast to compute One-way: given y = h(m), can’t find any m’ satisfying h(m’) = y easily. Strongly collision-free: Can’t find m1 ≠ m2 such that h(m1)=h(m2) Why do we care about these properties? Use #1: Digital signatures If Alice signs h(m), what if Bob could find m’ ≠ m, such that h(m) = h(m’)? He could claim Alice signed m’! Consider two contracts… Use #2: Error detection – simple example: Alice sends (m, h(m)), Bob receives (M, H). Bob checks if H=h(M). If not, there’s an error.

8 Hash function examples
4a-b 3 properties: Fast to compute One-way: given y = h(m), can’t find any m’ satisfying h(m’) = y easily. Strongly collision-free: Can’t find m1 ≠ m2 such that h(m1)=h(m2) Examples: h(m) = m (mod n) h(m) = am (mod p) for large prime p, which doesn’t divide a Discrete log hash Given large prime p, such that q=(p-1)/2 is also prime, and primitive roots a and b for p: where m = m0 + m1q EHA (next) SHA-1 (tomorrow) MD4, MD5 (weaker than SHA; won’t discuss) For first 2 examples, please check properties 2-3.

9 Easy Hash Algorithm (EHA) isn’t very secure!
Break m into n-bit blocks, append zeros to get a multiple of n. There are L of them, where L =|m|/n Fast! But not very secure. Does performing a left shift on the rows first help? Define as left-shifting m by y bits Then =h(m)

10 Easy Hash Algorithm (EHA) isn’t very secure!
3 properties: Fast to compute One-way: given y = h(m), can’t find any m’ satisfying h(m’) = y easily. Strongly collision-free: Can’t find m1 ≠ m2 such that h(m1)=h(m2) =h(m) Exercise: Show that the basic (unrotated) version doesn’t satisfy properties 2 and 3. What about the version that uses rotations?

Download ppt "DTTF/NB479: Dszquphsbqiz Day 26"

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.

HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.
Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,

Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.

Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Introduction to Modern Cryptography Homework assignments.

Introduction to Modern Cryptography Homework assignments.
Announcements:Questions? This week: Birthday attacks, Digital signatures, DSA Birthday attacks, Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 30.

Announcements:Questions? This week: Birthday attacks, Digital signatures, DSA Birthday attacks, Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 30.
Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.

Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.
Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.

Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 6 Epayment Security II.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 29.

Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 29.

Similar presentations

Ads by Google