Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day."— Presentation transcript:

1 Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day in the order But one incentive not to burn them all: teams will get to pick their presentation day in the orderAnnouncements: 1. HW7 posted. Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions Hash Functions DTTF/NB479: DszquphsbqizDay 26

2 Plus-delta feedback Thanks for some great feedback! My eyes are opened.

3 Discrete Logs Find x We denote this as Why is this hard? Given

4 Diffie-Hellman Key Exchange Publish large prime p, primitive root  Alice’s secret exponent: x Bob’s secret exponent: y 0 < x,y < p-1 0 < x,y < p-1 Alice sends  x (mod p) to Bob Bob sends  y (mod p) to Alice Each know key K=  xy Eve sees p,  x,  y ; why can’t she determine  xy ?

5 Diffie-Hellman Key Exchange Publish large prime p, primitive root  Alice’s secret exponent: x Bob’s secret exponent: y 0 < x,y < p-1 0 < x,y < p-1 Alice sends  x (mod p) to Bob Bob sends  y (mod p) to Alice Each know key K=  xy Eve sees , p,  x,  y ; why can’t she determine  xy ? Computational Diffie-Hellman problem: “Given , p,  x (mod p),  y (mod p), find  xy (mod p)” Not harder than problem of finding discrete logs Is it easier? No one knows! Decision Diffie-Hellman problem: “Given , p,  x (mod p),  y (mod p), and c != 0 (mod p). Verify that c=  xy (mod p)” What’s the relationship between the two? Which is harder?

6 ElGamal Cryptosystem Another public-key cryptosystem like RSA. Bob publishes ( , p,  ), where 1 < m < p and  =  a Alice chooses secret k, computes and sends to Bob the pair (r,t) where r=  k (mod p) r=  k (mod p) t =  k m (mod p) t =  k m (mod p) Bob calculates: tr -a =m (mod p) Why does this decrypt?

7 ElGamal Cryptosystem Bob publishes ( , p,  ), where 1 < m < p and  =  a Alice chooses secret k, computes and sends to Bob the pair (r,t) where r=  k (mod p) r=  k (mod p) t =  k m (mod p) t =  k m (mod p) Bob finds: tr -a =m (mod p) Why does this work? Multiplying m by  k scrambles it. Eve sees , p, , r, t. If she only knew a or k! Knowing a allows decryption. Knowing k also allows decryption. Why? Can’t find k from r or t. Why?

8 ElGamal Bob publishes ( , p,  ), where 1 < m < p and  =  a Alice chooses secret k, computes and sends to Bob the pair (r,t) where r=  k (mod p) t =  k m (mod p) Bob finds: tr -a =m (mod p) 1.Show that Bob’s decryption works 2.Eve would like to know k. Show that knowing k allows decrpytion. Why? 3.Why can’t Eve compute k from r or t? 4.Challenge: Alice should randomize k each time. If not, and Eve gets hold of a plaintext / ciphertext (m 1, r 1, t 1 ), she can decrypt other ciphertexts (m 2, r 2, t 2 ). Show how. 5.If Eve says she found m from (r,t), can we verify that she really found it, using only m,r,t, and the public key (and not k or a)? Explain. 6.If time allows, send a friend a public key ( , p,  ), have him encrypt a message as (r,t), and decrypt it. Otherwise, you can run through the cycle on your own. Name: ______________________ Notes:

Download ppt "Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day."

Similar presentations

Data Security 1 El_Gamal Cryptography. Data Security2 Introduction El_Gamal is a public-key cryptosystem technique El_Gamal is a public-key cryptosystem.

Data Security 1 El_Gamal Cryptography. Data Security2 Introduction El_Gamal is a public-key cryptosystem technique El_Gamal is a public-key cryptosystem.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Asymmetric-Key Cryptography

Asymmetric-Key Cryptography
Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r 175753411947 p q p q p q p and q prime.

Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r p q p q p q p and q prime.
7. Asymmetric encryption-

7. Asymmetric encryption-
Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA Secret sharing Secret sharing DTTF/NB479: DszquphsbqizDay 29.

Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA Secret sharing Secret sharing DTTF/NB479: DszquphsbqizDay 29.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Announcements: 1. Term project groups and topics due midnight 2. HW6 due next Tuesday. Questions? This week: Primality testing, factoring Primality testing,

Announcements: 1. Term project groups and topics due midnight 2. HW6 due next Tuesday. Questions? This week: Primality testing, factoring Primality testing,
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
95-712 OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.

OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Announcements: 1. Term project groups and topics due tomorrow midnight Waiting for posts from most of you. Questions? This week: Primality testing, factoring.

Announcements: 1. Term project groups and topics due tomorrow midnight Waiting for posts from most of you. Questions? This week: Primality testing, factoring.
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.

HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.
Announcements: HW4 – DES due midnight HW4 – DES due midnight So far the record is less than 15 sec on 1 million iters Quiz on ch 3 postponed until after.

Announcements: HW4 – DES due midnight HW4 – DES due midnight So far the record is less than 15 sec on 1 million iters Quiz on ch 3 postponed until after.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Announcements: 1. Short “pop” quiz on Ch 3 (today?) 2. Term project groups and topics due midnight 3. HW6 due Tuesday. Questions? This week: Primality.

Announcements: 1. Short “pop” quiz on Ch 3 (today?) 2. Term project groups and topics due midnight 3. HW6 due Tuesday. Questions? This week: Primality.
Announcements: 1. Short “pop” quiz on Ch 3 (today?) 2. Term project groups and topics formed 3. HW6 due tomorrow. Questions? This week: Discrete Logs,

Announcements: 1. Short “pop” quiz on Ch 3 (today?) 2. Term project groups and topics formed 3. HW6 due tomorrow. Questions? This week: Discrete Logs,
Announcements: 1. Short “pop” quiz on Ch 3 (not today) 2. Term project groups and topics due tomorrow midnight Waiting for posts from 22 of you. 3. HW6:

Announcements: 1. Short “pop” quiz on Ch 3 (not today) 2. Term project groups and topics due tomorrow midnight Waiting for posts from 22 of you. 3. HW6:
Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.

Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.
Announcements: How was last Saturday’s workshop? How was last Saturday’s workshop? DES due now DES due now Chapter 3 Exam tomorrow Chapter 3 Exam tomorrow.

Announcements: How was last Saturday’s workshop? How was last Saturday’s workshop? DES due now DES due now Chapter 3 Exam tomorrow Chapter 3 Exam tomorrow.
Announcements: HW4 – DES due Friday midnight HW4 – DES due Friday midnight Any volunteers to help config C/C# later today? Who’s using Scheme? Quiz on.

Announcements: HW4 – DES due Friday midnight HW4 – DES due Friday midnight Any volunteers to help config C/C# later today? Who’s using Scheme? Quiz on.

Similar presentations

Ads by Google