cryptosystems hash functions and digital signatures l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Cryptosystems, Hash Functions and Digital Signatures PowerPoint Presentation
Download Presentation
Cryptosystems, Hash Functions and Digital Signatures

Loading in 2 Seconds...

play fullscreen
1 / 56

Cryptosystems, Hash Functions and Digital Signatures - PowerPoint PPT Presentation


  • 213 Views
  • Uploaded on

Cryptosystems, Hash Functions and Digital Signatures. --- Lecture 4 ---. Outline. Why public key cryptography ? General principles of public key cryptography The RSA public key cryptosystem One way hash functions Digital signature. Private key cipher. Cipher Text. Cipher Text.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Cryptosystems, Hash Functions and Digital Signatures' - ariella


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
outline
Outline
  • Why public key cryptography ?
  • General principles of public key cryptography
  • The RSA public key cryptosystem
  • One way hash functions
  • Digital signature

Information and Nework Security

private key cipher
Private key cipher

Cipher Text

Cipher Text

Plain Text

Plain Text

D

Network

or Storage

E

Secret Key

Secret Key

Bob

Alice

Information and Nework Security

problems with private key ciphers
Problems with private key ciphers
  • In order for Alice & Bob to be able to communicate securely using a private key cipher, such as DES, they have to have a shared key in the first place.
    • Question: What if they have never met before ?
  • Alice needs to keep 100 different keys if she wishes to communicate with 100 different people

Information and Nework Security

motivation of public key cryptography
Motivation of Public Key Cryptography
  • Is it possible for Alice & Bob, who have no shared secret key, to communicate securely ?
  • This led to the SINGLE MOST IMPORTANT discovery of public key communications:
    • Diffie & Hellman’s ideas of public key cryptography: <private-key, public-key>

Information and Nework Security

main ideas
Main ideas
  • Bob:
    • publishes, say in Yellow/White pages, his
      • public (for encryption) key, and
      • encryption algorithm.
    • keeps to himself
      • the matching secret (for decryption) key.

Information and Nework Security

main ideas 2
Main ideas (2)
  • Alice:
    • Looks up the phone book, and finds out Bob’s
      • public key, and
      • encryption algorithm.
    • Encrypts a message using Bob’s public key and encryption algorithm.
    • sends the ciphertext to Bob.

Information and Nework Security

main ideas 3
Main ideas (3)
  • Bob:
    • Receives the ciphertext from Alice
    • Decrypts the ciphertext using his secret key, together with the decryption algorithm

Information and Nework Security

public key cryptosystem

Network

Public Key Cryptosystem

Public Key Directory (Yellow/White Pages)

Bob:

Cipher Text

Cipher Text

Plain Text

Plain Text

D

E

Secret Key

Alice

Bob

Information and Nework Security

main differences with des
Main differences with DES
  • The public key is different from the secret key.
  • Infeasible for an attacker to find out the secret key from the public key.
  • No need for Alice & Bob to distribute a shared secret key beforehand !
  • Only one pair of public and secret keys is required for each user !

Information and Nework Security

realising public key ciphers
Realising public key ciphers
  • The most famous system that implements Diffie & Hellman’s ideas on public key ciphers is due to
    • Ronald Rivest
    • Adi Shamir
    • Leonard Adleman
  • This public key cryptosystem is called RSA.

Information and Nework Security

mathematical background
Mathematical background

Assume that we are working with non-negative integers:

  • Prime and composite numbers
    • a prime number is an integer that can be divided only by 1 and itself
      • E.g. 2, 3, 5, 7, 11, 13, 101, ......
    • all other integers are composite
      • E.g. 4, 6, 8, 9, 10, 12, 523743960876432, 800164386535

Information and Nework Security

mathematical background13
Mathematical background

Modular operations

  • “remainder”
    • 13 mod 5 = 3, 1 mod 7 = 1
    • 20 mod 5 = 0, 32 mod 7 = 4
  • modular exponentiation
    • 22 mod 3 = 1, 32 mod 3 = 0
    • 22 mod 5 = 4, 102 mod 92 = 8
    • 46 mod 10 = 6, 311 mod 10 = 7

Information and Nework Security

mathematical background14
Mathematical background
  • a is relative prime to b if the largest integer that divides both a & b is 1
    • E.g:
      • any m (<>0) is relatively prime to a prime number
      • is 9 relatively prime to 10?

Information and Nework Security

mathematical background15
Mathematical background
  • Let ø(n) denote the total numbers that are less thann and relatively prime to n
    • If n is a prime number thenø(n) = n– 1
    • If p, q are prime numbers and n=p*q, then
      • Ø(n) = Ø(p*q) = p*q – (p + q -1) = (p-1)*(q-1)

- p & q are prime numbers => only multiples of p and q are not relatively prime to p*q

- That is: there are (p + q – 1) multiples [0 is counted once] of p and q

      • E.g: p = 3; q=7; {0, 3, 7, 6, 9, 12, 14, 15, 18} are not relatively prime to p*q
      • Ø(n) = ø(p*q) = 12 ; {1,2,4,5,8,10,11,13,16,17,19,20}

Information and Nework Security

mathematical background16
Mathematical background
  • y & n are integers and y (mod ø(n)) = 1, for any x < n, xymod n = x (1)
    • E.g:
      • y=13 ; n=7; x = 4;
      • ø(n) = 6; y mod ø(n) = 13 mod 6 = 1;
      • xy = 413;xy mod n = 413 mod 6 = 4 = x mod n;

Information and Nework Security

mathematical background17
Mathematical background
  • The multiplicative inverse of x with modulo n is y such that: (x*y) mod n = 1 (2).
  • The above multiplicative inverse can be used to create a simple public key cipher: either x or y can be thought of as a secret key and the other is the public key.

E.g: x=3; n=10; y=7; we have: (3*7) mod 10 = 1;

        • M =5 ;
          • 3*5 (mod 10) = 5 ; 5*7 (mod 10) = 5 = M (message)
        • M =6 ;
          • 3*6 (mod 10) = 8; 8*7 (mod 10) = 6 = M (message)

Information and Nework Security

rsa public key cryptosystem

Network

RSA Public Key Cryptosystem

Public Key Directory (Yellow/White Pages)

Bob: (e, n)

public key:

e & n

Plain Text

Cipher Text

Cipher Text

Plain Text

c=

m e mod n

m=

c d mod n

Alice

secret key: d

Bob

Information and Nework Security

rsa 1
RSA (1)
  • Bob:
    • chooses 2 large prime numbers: p, qmultiplies p and q: n = p*q
    • finds out two numbers e & d such that
      • (e * d) mod ø(n) = 1 [ similar to(2) ]

Or (e * d) mod [(p-1)*(q-1)] = 1

    • public key (published in the phone book)
      • 2 numbers: (e, n)
      • encryption alg: modular exponentiation
    • secret key: (d,n)

Information and Nework Security

rsa 2
RSA (2)
  • Alice has a message m to be sent to Bob:
    • finds out Bob’s public encryption key (e, n)
    • calculatesme(mod n) -> c
    • sends the ciphertext c to Bob

Information and Nework Security

rsa 3
RSA (3)
  • Bob:
    • receives the ciphertext c from Alice
    • uses his matching secret decryption key d to calculate cd(mod n) -> m

Information and Nework Security

rsa 1st small example 1
RSA --- 1st small example (1)
  • Bob:
    • chooses 2 primes: p=5, q=11multiplies p and q: n = p*q = 55
    • finds out two numbers e=3 & d=27 which satisfy (3 * 27) mod 40 = 1
    • Bob’s public key
      • 2 numbers: (3, 55)
      • encryption alg: modular exponentiation
    • secret key: (27,55)

Information and Nework Security

rsa 1st small example 2
RSA --- 1st small example (2)
  • Alice has a message m=13 to be sent to Bob:
    • finds out Bob’s public encryption key (3, 55)
    • calculates c:c = me(mod n) = 133(mod 55) = 2197(mod 55) = 52
    • sends the ciphertext c=52 to Bob

Information and Nework Security

rsa 1st small example 3
RSA --- 1st small example (3)
  • Bob:
    • receives the ciphertext c=52 from Alice
    • uses his matching secret decryption key 27 to calculate m:m = 5227(mod 55) = 13 (Alice’s message)

Information and Nework Security

how does rsa work
How does RSA work?
  • n = p*q => Ø(n) = Ø(p*q) =(p-1)*(q-1)
  • We choose d & e such that
    • (e * d) mod ø(n) = = 1 ; similar to(2)
    • for any m < n: mde= m mod n ; from (1)
    • an RSAencryption consists of taking m and raising it to e; and decrypting the ciphertext by raising the result of the encrytion to d:
      • We have
        • (a*b)mod n = [(a mod n) * (b mod n)] mod n;
        • ax mod n = [(amod n)* (amod n)* … (amod n)] mod n

----x times of amod n---

= (amod n) x mod n

      • hence : (me mod n) d mod n = (me)d mod n= (med) mod n = mmodn = m [from (1)]

Information and Nework Security

remarks on rsa
Remarks on RSA
  • The message m has to be an integer between the range [1, n).
  • To encrypt long messages we can use modes of operation as for block private key ciphers, or a hybrid cryptosystem.

Information and Nework Security

why rsa is secure
Why RSA is Secure
  • Attack Scenario:
    • Marvin wants to read Alice’s private message (m) intended to be read only by Bob.
    • However, Alice used RSA to encrypt m using Bob’s public key (e, n), into the ciphertext c = me(mod n).
    • Marvin is a determined attacker and managed to intercept the ciphertext c on its way from Alice’s to Bob’s computer.
    • Marvin also looked up Bob’s public key (e,n) to help him in his attack.

Information and Nework Security

why rsa is secure28
Why RSA is Secure
  • Marvin now has (c,e,n) and wants to find out m.
  • How can Marvin proceed to find m?
    • Approach 1: If Marvin could also find out Bob’s secret key d, he could decrypt c into m in the same way as Bob does.
      • Suppose Bob guards his secret key d very well, what can Marvin do then?
    • Approach 2: Marvin knows that c = me(mod n). He knows that m is a number between 1 and n-1. So he could use exhaustive search through all n possible messages m.
      • But if n is large this takes a long time!

Information and Nework Security

why rsa is secure29
Why RSA is Secure
  • Marvin’s Attack options (cont):
    • Approach 3: Marvin can try to compute Bob’s secret key d from (e,n) and then use Approach 1.
      • Remember that (e * d) mod ((p-1)*(q-1) ) = 1
      • Marvin found in a ‘Number Theory’ book a very fast algorithm called EUCLID to solve the following problem: Given two numbers (r,s), the algorithm outputs a number x such that

(r * x) mod s = 1.

Information and Nework Security

why rsa is secure30
Why RSA is Secure
  • Approach 3 is the most efficient known method Marvin can use to attack RSA!
  • The time taken for Marvin to execute the attack in Approach 3 is essentially the time to factorize n (n=p*q) into the prime factors p and q.
  • Therefore, we say that RSA is based onthe factorization problem: While it is easy to multiply large primes together, it is computationally infeasible to factorize or split a large composite into its prime factors!

Information and Nework Security

why rsa is secure31
Why RSA is Secure
  • Therefore, when both p and q in RSA are of at least 155 digits, the product n=p*q is 310 digits.
  • Then no one can factorize n in less time than a few thousand years, not even Marvin!!
  • Thus the only person who can extract the plaintext m from the ciphertext c is Bob, as only he knows the secret decryption key d !

Information and Nework Security

slide32

Marvin’s New Attack Idea

  • Instead of just eavesdropping, Marvin can try a more active attack!
  • Outline of the New Attack:
    • Marvin generates an RSA key pair
      • Public key = Kpub_* = (N_*, e_*)
      • Secret key = Ksec_* = (N_, d_*)
    • Marvin sends the following email to Alice, pretending to be Bob:
      • Hi Alice,
        • Please use my new public key from now on to encrypt messages to me. My new public key is Kpub_*.
        • Yours sincerely, Bob.
    • Marvin decrypts any messages Alice sends to Bob (encrypted with Kpub_*), using Ksec_*.

Information and Nework Security

preventing marvin s active attack
Preventing Marvin’s Active Attack
  • The active attack works because:
    • Alice was tricked by Marvin into encrypting a message intended for Bob using a “fake” public key which is NOT Bob’s public key (in fact it was Marvin’s).
  • To prevent the attack:
    • Before Alice encrypts a message for Bob, she must make sure she has Bob’s CORRECT public key (and not a fake one).
    • Alice needs a way of testing the truth of any “Bob’s key message” informing Alice of Bob’s Public Key.
    • No one besides Bob should be able to produce such a message so that it will pass Alice’s Test.

Information and Nework Security

preventing marvin s active attack 2
Preventing Marvin’s Active Attack (2)
  • This is a setting where Alice and Bob have a message integrity security requirement!
    • Ie. Alice and Bob want to prevent fabrication and/or modification of a “Bob’s key message” (a message informing Alice of Bob’s public key) by unautorised parties (like Marvin).
  • The main cryptographic tool used to achieve message integrity is “Authority Certificates”.
  • Later we will see how Digital Signatures can be used to prevent Marvin’s Attack!

Information and Nework Security

private key ciphers
Private key ciphers
  • Good points
    • in-expensive to use
    • fast
    • low cost VLSI chips available
  • Bad points
    • key distribution is a problem

Information and Nework Security

public key ciphers
Public key ciphers
  • Good points
    • key distribution is NOT a problem
  • Bad points
    • relatively expensive to use
    • relatively slow
    • VLSI chips not available or relatively high cost

Information and Nework Security

combining 2 type of ciphers
Combining 2 Type of Ciphers
  • In practice, we can
    • use a public key cipher (such as RSA) to distribute keys
    • use a private key cipher (such as DES) to encrypt and decrypt messages

Information and Nework Security

the need of digital signature
The Need of Digital Signature
  • Social & business activities and their associated documents are becoming digital
    • digital conferences
    • digital contract signing
    • digital cash payments, ......
  • Hand-written signatures are not applicable to digital data

Information and Nework Security

digital signature based on rsa

?

Network

D

Digital Signature (based on RSA)

Public Key Directory (Yellow/White Pages)

Bob:

Plain Text

Plain Text

Accept if equal

+

E

Signature

Signature

Secret Key

Bob

Cathy

Public Key

Information and Nework Security

digital signature for short doc

?

Network

Digital Signature (for short doc)

Public Key Directory (Yellow/White Pages)

Bob: (e, n)

Plain Text

Plain Text

Accept if equal

+

s =

md mod n

t =se mod n

Signature

Signature

Secret Key d

Cathy

Bob

Public Key (e, n)

Information and Nework Security

rsa signature an eg 1
RSA Signature --- an eg (1)
  • Bob:
    • chooses 2 primes: p=5, q=11multiplies p and q: n = p*q = 55
    • finds out two numbers e=3 & d=27 which satisfy (3 * 27) mod 40 = 1
    • Bob’s public key
      • 2 numbers: (3, 55)
      • encryption alg: modular exponentiation
    • secret key: (27,55)

Information and Nework Security

rsa signature an eg 2
RSA Signature --- an eg (2)
  • Bob has a document m=19 to sign:
    • uses his secret key d=27 to calculate the digital signature of m=19:s = md(mod n) = 1927(mod 55) = 24
    • appends 24 to 19. Now (m, s) = (19, 24) indicates that the doc is 19, and Bob’s signature on the doc is 24.

Information and Nework Security

rsa signature an eg 3
RSA Signature --- an eg. (3)
  • Cathy, a verifier:
    • receives a pair (m,s)=(19, 24)
    • looks up the phone book and finds out Bob’s public key (e, n)=(3, 55)
    • calculates t = se(mod n) = 243(mod 55) = 19
    • checks whether t=m
    • confirms that (19,24) is a genuinely signed document of Bob if t=m.

Information and Nework Security

how about long documents
How about Long Documents ?
  • In the previous example, a document has to be an integer in [1,...,n)
  • To sign a very long document, we need a so called one-way hash algorithm
  • Instead of signing directly on a doc, we hash the doc first, and sign the hashed data which is normally short.

Information and Nework Security

one way hash algorithm
One-Way Hash Algorithm
  • A one-way hash algorithm hashes an input document into a condensed short output (say of 100 bits)
    • Denoting a one-way hash algorithm by H(.), we have:
      • Input: m - a binary string of any length
      • Output: H(m) - a binary string of L bits, called the “hash of m under H”.
      • The output length parameter L is fixed for a given one-way hash function H,
      • eg
        • The one-way hash function “MD5” has L = 128 bits
        • The one-way hash function “SHA-1” has L = 160 bits

Information and Nework Security

one way hash algorithm46

A condensed short output, say of 100 bits

One-Way Hash Algorithm

A document (of any length)

Information and Nework Security

properties of one way hash algorithm
Properties of One-Way Hash Algorithm
  • A good one-way hash algorithm H needs to have these properties:
    • 1. Easy to Evaluate:
      • The hashing algorithm should be fast
      • I.e. given any document m, the hashed value h = H(m) can be computed quickly.
    • 2. Hard to Reverse:
      • There is no feasible algorithm to “reverse” a hashed value,
      • I.e. given any hashed value h, it is computationally infeasible to find any document m such that H(m) = h.
    • NOTE: An algorithm is called ‘One-Way’ if it has BOTH properties 1 and 2.
    • 3. Hard to find Collisions:
      • There is no feasible algorithm to find two or more input documents which are hashed into the same condensed output,
      • I.e it is computationally infeasible to find any two documents m1, m2 such that H(m1)= H(m2).

Information and Nework Security

the one way property
The One-way Property

But this direction is infeasible to compute!

Document m

(any length)

Document m

(any length)

This direction is easy to compute!

H

H

Hash value h

(length= L bits)

Hash value h

(length= L bits)

Information and Nework Security

finding collision is infeasible
Finding Collision is Infeasible

I, Bob, will pay

$1,000 to Alice.

I, Bob, will pay

$10,000 to Alice.

Document m1

Document m2

H

H

(same condensed output)

Information and Nework Security

digital signature for long doc

H

100 bits

H

?

Network

100 bits

100 bits

Digital Signature (for long doc)

Public Key Directory (Yellow/White Pages)

Bob:

Plain Text

Plain Text

1-way hash

Accept if equal

+

Signature

Signature

Secret Key

Bob

Public Key

Cathy

Information and Nework Security

why digital signature
Why Digital Signature ?
  • Unforgeable
    • takes 1 billion years to forge !
  • Un-deniable by the signatory
  • Universally verifiable
  • Differs from doc to doc
  • Easily implementable by
    • software or
    • hardware or
    • software + hardware

Information and Nework Security

unforgeable digital signature
Unforgeable Digital Signature

I, Bob, will pay

$1,000 to Alice.

I, Bob, will pay

$10,000 to Alice.

101001010

001001101

a valid signature

also a valid signature

Information and Nework Security

digital signature summary
Digital Signature -- summary
  • Three (3) steps are involved in digital signature
    • Setting up public and secret keys
    • Signing a document
    • Verifying a signature

Information and Nework Security

setting up public secret keys
Setting up Public & Secret Keys
  • Bob does the following
    • prepares a pair of public and secret keys
    • publishes his public key in the public key file (such as an on-line phone book)
    • keeps the secret key to himself
  • Note:
    • Setting up needs only to be done once !

Information and Nework Security

signing a document
Signing a Document
  • Once setting up is completed, Bob can sign a document (such as a contract, a cheque, a certificate, ...) using the secret key
  • The pair of document & signature is a proof that Bob has signed the document.

Information and Nework Security

verifying a signature
Verifying a Signature
  • Any party, say Cathy, can verify the pair of document and signature, by using Bob’s public key in the public key file.
  • Important !
    • Cathy does NOT have to have public or secret key !

Information and Nework Security