the evolution of public key cryptography l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
The Evolution of Public Key Cryptography PowerPoint Presentation
Download Presentation
The Evolution of Public Key Cryptography

Loading in 2 Seconds...

play fullscreen
1 / 20

The Evolution of Public Key Cryptography - PowerPoint PPT Presentation


  • 123 Views
  • Uploaded on

The Evolution of Public Key Cryptography. Martin E. Hellman Professor Emeritus of Electrical Engineering October 9, 2003. Personal Evolution. Privacy and Authentication. Privacy prevents unauthorized users from reading messages not intended for them.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'The Evolution of Public Key Cryptography' - onan


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
the evolution of public key cryptography

The Evolution of Public Key Cryptography

Martin E. Hellman

Professor Emeritus of Electrical Engineering

October 9, 2003

privacy and authentication
Privacy and Authentication
  • Privacy prevents unauthorized users from reading messages not intended for them.
  • Authentication prevents unauthorized users from injecting or changing messages.
  • While modern communications require both, authentication is at least as important. Are you more unhappy if someone can read or write checks on your account?
economics of cryptography
Economics of Cryptography
  • The major military powers of WW2 could not afford secure encryption. How can we?
  • Computing power has increased by an order of magnitude every five years. Since 1945 that gains about 1011 = 100 billion.
  • While the cryptanalyst also benefits, n2:n or higher work factors imply more security, rather than less – but only for new systems!
economics of spying spoofing
Economics of Spying/Spoofing
  • Well over a billion words can be scanned for $1, looking for keywords. Credit card sniffers often “steal cycles” and cost nothing. Privacy is needed.
  • Economical, automated spoofing (denial of service attacks, viruses, worms) creates a similar need for authentication.
  • Encryption should be automatic, transparent, and integrated as in SSL.
conventional cryptosystem
Conventional Cryptosystem
  • C = EK(M) M = DK (C)
  • Once a secure channel (courier) has communicated the key K, an insecure channel (radio) can securely send M.
  • This protects against third party forgeries, but not disputes between the sender and receiver. (The key K is used both to encipher and decipher.)
public key distribution
Public Key Distribution
  • Alice and Bob, by talking back and forth across a public channel derive a random key that Eve, the eavesdropper, cannot determine.
  • This is impossible in the “Shanon theory” where A, B and E have unlimited computational power, but may be possible from a computational point of view (1 sec vs. 1 Gyr).
public key cryptosystems
Public Key Cryptosystems
  • User i generates a pair of random, inverse keys, PKi and SKi.
  • Alice sends Bob a private message: PKB(M)
  • Alice signs a message to Bob: SKA(M)
  • Alice signs a private message: PKB SKA(M)
  • Public key cryptosystems can be (and are) used as public key distributions systems.
revolution or evolution
Revolution or Evolution?
  • “We stand today on the brink of a revolution in cryptography,” Diffie & Hellman, New Directions in Cryptography, November 1976.
  • Public key cryptography was revolutionary, but especially in hindsight, we can see an evolutionary process as well.
la cryptographie militaire auguste kerckhoffs 1883
La Cryptographie MilitaireAuguste Kerckhoffs 1883
  • The general system must be considered public. All security must reside solely in the secrecy of the key.
  • Seemingly at odds with a public key.
  • But, in hindsight, it is the first step in making public what had before been thought to be necessarily secret.
lock analogy
Lock Analogy
  • A conventional (symmetric) cryptosystem is like a strange combination lock that requires the combination both to lock (encipher) and unlock (decipher). Dialing the combination does a flip-flop.
  • A public key (asymmetric) cryptosystem is like a stranger combination lock with two combinations, one to lock and a different one to unlock.
simple substitution as pkc
Simple Substitution as PKC?
  • Simple substitution key:

P abcdefghijklmnopqrstuvwxyz

C msdfghjklqwertyuiopzxcvbna

  • buy now <=> sxn tyv
  • Above key is best for enciphering. Better key for deciphering:

C abcdefghijklmnopqrstuvwxyz

P zxvcldefqghiayrsjmbnpwkuot

cryptographic hierarchy
Cryptographic Hierarchy
  • Conventional cryptosystems and one-way functions (login) were well known.
  • Cryptosystem > one-way function.

P0

P

K

C

X

Y

trap doors
Trap Doors
  • PK Cryptosystems are sometimes called trap door ciphers.
  • Trap doors are integral to all cryptographic problems, even before PKC.
  • One-way functions allow the ultimate trap door quiz problem.
  • Trap door ciphers are a general’s dream.
  • TDC PKC
merkle s puzzle pkd system
Merkle’s Puzzle PKD System
  • Predates RSA and DHM.
  • Birthday problem: If there are n days in the year, O[sqrt(n)] people needed for overlap.
  • n2:n work factor, so not very practical, especially since part of n is communication.
  • Depends only on existence of secure conventional system, so it is on the firmest theoretical foundation.
economics of merkle s pkd
Economics of Merkle’s PKD
  • Alice and Bob each generate n keys from a universe of n2.
  • Alice transmits the images of her n keys under a one-way function. Bob and Eve see these.
  • Bob generates images of his n keys, looks for a match, and enciphers M under the matching key.
  • Alice does exhaustive search over all n of her keys. Cost = O(n).
  • Eve’s exhaustive search is over n2 keys.
start with one way functions
Start With One-Way Functions
  • John Gill suggested discrete logarithms.
  • Y = aX % q with a and q public.
  • X ® Y is easy: a17 = a * (a2 ) 2) 2) 2
  • Y ® X is believed to be hard (discrete log)
  • Can discrete logs be used as a basis for the next most complex cryptographic entity, a conventional cryptosystem?
pohlig hellman system 1975
Pohlig-Hellman System 1975
  • a, X ® Y is easy: a17 = a * (a2 ) 2) 2) 2
  • X, Y ®a is easy: a = Y 1/X % q-1 % q
  • a, Y ® X is hard: discrete log problem.
  • P, K ® C is easy: enciphering.
  • C, K ® P is easy: deciphering.
  • P, C ® K is hard: cryptanalysis.
  • C = PK % q P = CD % q D = 1/K % q-1
rsa public key system 1977
RSA Public Key System 1977
  • C = PE % n P = CD % n D = 1/E % f(n) where f(n) = (p-1)(q-1).
  • RSA’s PKC is a natural evolution of Pohlig-Hellman’s conventional cryptosystem, but we missed that.
  • C = PK % q P = CD % q D = 1/K % f(q) since f(q) = q-1.
diffie hellman merkle system
Diffie-Hellman-Merkle System
  • Yi = aXi % q with a and q public.
  • KAB = YAXB= YBXA = aXA XB % q
  • Exponentiation is commutative.
  • All the major developments in PKC stem from John Gill’s original suggestion that we look at discrete logs as a possible one-way function.