 # Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.

## Presentation on theme: "Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse."— Presentation transcript:

Lecture 15

Lecture’s outline

Public algorithms (usually) that are each other’s inverse

9 need K ( ) and K ( ) such that B.. given public key K, it should be impossible to compute private key K Requirements: 1 2 RSA: Rivest, Shamir, Adelson algorithm B + - K (K (m)) = m B B - + B + B -

10 x mod n = remainder of x when divide by n Facts: [(a mod n) + (b mod n)] mod n = (a+b) mod n [(a mod n) - (b mod n)] mod n = (a-b) mod n [(a mod n) * (b mod n)] mod n = (a*b) mod n Thus (a mod n) d mod n = a d mod n Example: x=14, n=10, d=2: (x mod n) d mod n = 4 2 mod 10 = 6 x d = 14 2 = 196 x d mod 10 = 6

11 A message is a bit pattern. A bit pattern can be uniquely represented by an integer number. Thus encrypting a message is equivalent to encrypting a number. Example m= 10010001. This message is uniquely represented by the decimal number 145. To encrypt m, we encrypt the corresponding number, which gives a new number (the cyphertext).

12 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. Public key is (n,e). Private key is (n,d). K B + K B -

13 0. Given (n,e) and (n,d) as computed above 1. To encrypt message m (<n), compute c = m mod n e 2. To decrypt received bit pattern, c, compute m = c mod n d m = (m mod n) e mod n d Magic happens! c

14 Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z). bit pattern m m e c = m mod n e 0000l000 12 24832 17 c m = c mod n d 17 481968572106750915091411825223071697 12 c d encrypt: decrypt: Encrypting 8-bit messages.

15 Must show that c d mod n = m where c = m e mod n Fact: for any x and y: x y mod n = x (y mod z) mod n – where n= pq and z = (p-1)(q-1) Thus, c d mod n = (m e mod n) d mod n = m ed mod n = m (ed mod z) mod n = m 1 mod n = m

16 The following property will be very useful later: K ( K (m) ) = m B B - + K ( K (m) ) B B + - = use public key first, followed by private key use private key first, followed by public key Result is the same!

17 Follows directly from modular arithmetic: (m e mod n) d mod n = m ed mod n = m de mod n = (m d mod n) e mod n K ( K (m) ) = m B B - + K ( K (m) ) B B + - = Why ?

18 Suppose you know Bob’s public key (n, e). How hard is it to determine d? Essentially need to find factors of n without knowing the two factors p and q. Fact: factoring a big number is hard. Generating RSA keys r Have to find big primes p and q r Approach: make good guess then apply testing rules (see Kaufman)

Can’t we simply use checksums/ CRC/ Parity Checks?

Most common hash functions are MD5 and SHA-1  A hash function maps a message of an arbitrary length to a m-bit output  output known as the fingerprint or the message digest

23 large message m H: Hash function H(m) digital signature (encrypt) Bob’s private key K B - + Bob sends digitally signed message: Alice verifies signature and integrity of digitally signed message: K B (H(m)) - encrypted msg digest K B (H(m)) - encrypted msg digest large message m H: Hash function H(m) digital signature (decrypt) H(m) Bob’s public key K B + equal ?

24 Suppose Alice receives msg m, digital signature K B (m) Alice verifies m signed by Bob by applying Bob’s public key K B to K B (m) then checks K B (K B (m) ) = m. If K B (K B (m) ) = m, whoever signed m must have used Bob’s private key. + + - - - - + Alice thus verifies that: üBob signed m. üNo one else signed m. üBob signed m and not m’. Non-repudiation: Alice can take m, and signature K B (m) to court and prove that Bob signed m. -

Hash Functions 25 Data X = (X 0,X 1,X 2,…,X n-1 ), each X i is a byte Suppose hash is –h(X) = X 0 +X 1 +X 2 +…+X n-1 Is this secure? Example: X = (10101010,00001111) Hash is 10111001 But so is hash of Y = (00001111,10101010) Easy to find collisions, so not secure…

Hash Functions 26 Data X = (X 0,X 1,X 2,…,X n-1 ) Suppose hash is –h(X) = nX 0 +(n-1)X 1 +(n-2)X 2 +…+1  X n-1 Is this hash secure? At least h(10101010,00001111)  h(00001111,10101010) But hash of (00000001,00001111) is same as hash of (00000000,00010001) Not too secure, need security requirements

CS526Fall 2011/Topic 527 Given a function h:X  Y, then we say that h is: preimage resistant (one-way): if given y  Y it is computationally infeasible to find a value x  X such that h(x) = y 2-nd preimage resistant (weak collision resistant): if given x  X it is computationally infeasible to find a value x’  X, such that x’  x and h(x’) = h(x) collision resistant (strong collision resistant): if it is computationally infeasible to find two distinct values x’, x  X, such that h(x’) = h(x)

CS526Fall 2011/Topic 528 MD5 – output 128 bits – collision resistance completely broken by researchers in China in 2004 SHA1 – output 160 bits – no collision found yet, but method exist to find collisions in less than 2^80 – considered insecure for collision resistance SHA2 (SHA-224, SHA-256, SHA-384, SHA-512) – outputs 224, 256, 384, and 512 bits, respectively – No real security concerns yet

CS526Fall 2011/Topic 529 Message is divided into fixed-size blocks and padded Uses a compression function f, which takes a chaining variable (of size of hash output) and a message block, and outputs the next chaining variable Final chaining variable is the hash value

Download ppt "Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse."

Similar presentations