Presentation is loading. Please wait.

Presentation is loading. Please wait.

HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review."— Presentation transcript:

1 HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review of mid-term feedback This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions Hash Functions DTTF/NB479: DszquphsbqizDay 25

2 Discrete Logs Find x We denote this as Why is this hard? Given

3 Some things we won’t cover in class about Discrete Logs 7.2.2 Baby step, Giant Step (worth reading) 7.2.3 Index Calculus: like sieve method of factoring primes The equation on p. 207 might help with some of homework 7. The equation on p. 207 might help with some of homework 7. Discrete logs mod 4 and bit commitment We skip to make time for some applications of discrete logs We skip to make time for some applications of discrete logs Although the football game prediction analogy is interesting… Although the football game prediction analogy is interesting…

4 Diffie-Hellman is an alternative to RSA for key exchange, but is based on discrete logs Publish large prime p, and a primitive root  Alice’s secret exponent: x Bob’s secret exponent: y 0 < x,y < p-1 0 < x,y < p-1 Alice sends  x (mod p) to Bob Bob sends  y (mod p) to Alice Each know key K=  xy Eve sees p,  x,  y … why can’t she determine  xy ?

5 Diffie-Hellman Key Exchange Publish large prime p, primitive root  Alice’s secret exponent: x Bob’s secret exponent: y 0 < x,y < p-1 0 < x,y < p-1 Alice sends  x (mod p) to Bob Bob sends  y (mod p) to Alice Each know key K=  xy Eve sees , p,  x,  y ; why can’t she determine  xy ? Discrete logs: “Given  x =  (mod p), find x Computational Diffie-Hellman problem: “Given , p,  x (mod p),  y (mod p), find  xy (mod p)” Decision Diffie-Hellman problem: “Given , p,  x (mod p),  y (mod p), and c ≠ 0 (mod p). Verify that c=  xy (mod p)” What’s the relationship between the three? Which is hardest?

6 The ElGamal Cryptosystem is an entire public-key cryptosystem like RSA, but based on discrete logs p large so secure and > m = message 1 Bob chooses prime p, primitive root , integer a Bob computes  ≡  a (mod p) Bob publishes ( , p,  ) and holds a secret Alice chooses secret k, computes and sends to Bob the pair (r,t) where r ≡  k (mod p) r ≡  k (mod p) t ≡  k m (mod p) t ≡  k m (mod p) Bob calculates: tr -a ≡ m (mod p) Why does this decrypt?

7 ElGamal Cryptosystem Bob publishes ( , p,  ≡  a ) Alice chooses secret k, computes and sends to Bob the pair (r,t) where r ≡  k (mod p) r ≡  k (mod p) t ≡  k m (mod p) t ≡  k m (mod p) Bob finds: tr -a ≡ m (mod p) Why does this work? Multiplying m by  k scrambles it. Eve sees , p, , r, t. If she only knew a or k! Knowing a allows decryption. Knowing k also allows decryption. Why? Can’t find k from r or t. Why? 2-3

8 ElGamal Bob publishes ( , p,  ≡  a ) Alice chooses secret k, computes and sends to Bob the pair (r,t) where r ≡  k (mod p) r ≡  k (mod p) t ≡  k m (mod p) t ≡  k m (mod p) Bob finds: tr -a ≡ m (mod p) 1.Show that Bob’s decryption works 2.Eve would like to know k. Show that knowing k allows decryption. Why? 3.Why can’t Eve compute k from r or t? 4.Challenge: Alice should randomize k each time. If not, and Eve gets hold of a plaintext / ciphertext (m 1, r 1, t 1 ), she can decrypt other ciphertexts (m 2, r 2, t 2 ). Show how. 5.If Eve says she found m from (r,t), can we verify that she really found it, using only m,r,t, and the public key (and not k or a)? Explain. 6.(For HW: Create a public key ( , p,  ), encrypt a message as (r,t), and decrypt it using the private key. You may do this with a friend as we did for RSA, or do it on your own.) 4-6

Download ppt "HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review."

Similar presentations

RSA.

RSA.
Public Key Cryptosystem

Public Key Cryptosystem
Data Security 1 El_Gamal Cryptography. Data Security2 Introduction El_Gamal is a public-key cryptosystem technique El_Gamal is a public-key cryptosystem.

Data Security 1 El_Gamal Cryptography. Data Security2 Introduction El_Gamal is a public-key cryptosystem technique El_Gamal is a public-key cryptosystem.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Asymmetric-Key Cryptography

Asymmetric-Key Cryptography
Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r 175753411947 p q p q p q p and q prime.

Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r p q p q p q p and q prime.
7. Asymmetric encryption-

7. Asymmetric encryption-
Elliptic curve arithmetic and applications to cryptography By Uros Abaz Supervised by Dr. Shaun Cooper and Dr. Andre Barczak.

Elliptic curve arithmetic and applications to cryptography By Uros Abaz Supervised by Dr. Shaun Cooper and Dr. Andre Barczak.
Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA Secret sharing Secret sharing DTTF/NB479: DszquphsbqizDay 29.

Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA Secret sharing Secret sharing DTTF/NB479: DszquphsbqizDay 29.
Announcements: 1. Term project groups and topics due midnight 2. HW6 due next Tuesday. Questions? This week: Primality testing, factoring Primality testing,

Announcements: 1. Term project groups and topics due midnight 2. HW6 due next Tuesday. Questions? This week: Primality testing, factoring Primality testing,
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Announcements: 1. Short “pop” quiz on Ch 3 (today?) 2. Term project groups and topics formed 3. HW6 due tomorrow. Questions? This week: Discrete Logs,

Announcements: 1. Short “pop” quiz on Ch 3 (today?) 2. Term project groups and topics formed 3. HW6 due tomorrow. Questions? This week: Discrete Logs,
Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.

Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.
Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.

Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.

Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
Electronic Payment Systems Lecture 5: ePayment Security II

Electronic Payment Systems Lecture 5: ePayment Security II
Cryptography & Number Theory

Cryptography & Number Theory
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 6 Epayment Security II.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 29.

Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 29.

Similar presentations

Ads by Google