1 tayangan

Diunggah oleh seriousmd

- 14 Applications of Number Theory
- ME I Year Information Security Two Mark Questions and Answers
- Scriptie Tim Cooijmans
- A comparison between traditional public key infrastructures and identity-based cryptography
- Elliptic Curves Matlab
- Ensuring the Data Integrity and Confidentiality in Cloud Storage Using Hash Function and TPA
- Digital Signature
- 137.pdf
- Crypto Pres
- Encryption Project
- addhhoc
- Guidelines Use and Control of Electronic Records for Stat Comp Ver1Read in Conjunction With AMN200701
- Encryption Technology Paper
- A Novel Identity Based Blind Signature Scheme Using DLP for E-Commerce
- seminar.docx
- Evaluation of Common Encryption Algorithm and Scope of Advanced Algorithm for Simulated Wireless Network
- E- Governance Docs Tracking System
- Security and the web
- Electronic Evidence
- ppt bandana.pptx

Anda di halaman 1dari 44

Thomas Johansson

Key distribution

key.

Some means of distributing a copy of the secret key

physical distribution.

Network example

Assume that n users are connected in a network and any two of them

may want to communicate

This would require each user to securely store n 1 different

symmetric keys (one for each other user), resulting in a total of

n(n 1)/2 keys.

If the network is connecting 2000 university students, then there will

be roughly 2 million different keys.

A huge key management problem with questions like; How do you add

add a new user to the system? What if a users key is compromised?

How long should a key be considered valid and how should we refresh

them?

Key distribution

symmetric key distribution protocols.

A trusted third party (TTP). Each user has a unique secret key shared

with the TTP.

When two users would like to communicate, they establish a shared

secret key, usually called a session key, by interacting with the TTP.

There are still drawbacks that can be serious problems in certain

situations. For example, we need access and trust to a TTP and we

still need to distribute one key shared with the TTP for each user.

Public-key cryptography

message and another for decryption of a ciphertext message.

Allow the encryption key to be public!

Anyone with access to the public encryption key to send an encrypted

plaintext to the receiver.

One-way functions and trapdoor one-way functions

Informal definition.

Definition

A one-way function f (x) is a function from a set X to a set Y such that

f (x) is easy to compute for all x X , but for essentially all elements

y Y it is computationally infeasible to find any x X such that

f (x) = y.

essentially all elements

Example

Calculate 22 = 2 2 = 4, then 24 = 4 4 = 16 and finally multiplying with

2, i.e., 25 = 16 2 = 3. This procedure required 3 multiplications.

Example

that f (x) = 5?

One way would be to calculate 21 = 2, 22 = 4, 23 = 8, . . . until we reach

2x = 5. We find . . . , 222 = 5 and this procedure resulted in 21

multiplications.

Example 2

with

f (x) = x3 mod n,

where n is the number

n = 27997833911221327870829467638722601621070446786955428537560009929326128400107609345671052955360

18223519109513657886371059544820065767750985805576135790987349501441788631789462951872378692218

Trapdoor one-way function

Definition

A trapdoor one-way function f (x) is a one-way function f : X 7 Y such

that if one knows some specific information T , called the trapdoor

information, then f (x) is computationally easy to invert f , i.e., for any

y Y it is easy to find a x X such that f (x) = y. For anyone without

knowledge of the trapdoor information T , f (x) is a one-way function.

Example 2 again

function.

We said that the function looked like a one-way function. However,

there is some secret information about this number that can be used.

The number n is in fact the product of two large prime numbers. The

trapdoor information T is in this case these two prime numbers.

Knowing them, you can easily invert the f function.

Example 2 again

The RSA-200 number n above was factored in 2003 and the factors are

3532461934402770121272604978198464368671197400197625023649303468776121253679423200058547956528088

and

7925869954478333033347085841480059687737975857364219960734330341455767872818152135381409304740185

factor this number.

Public-key encryption scheme

Definition

A public-key encryption scheme is a set of encryption transformations

{Ee : e K} and a set of decryption transformations {Dd : d K}. For

each e K there is a corresponding d K such that Dd (Ee (M )) = M ,

M . Furthermore, after choosing such a pair (e, d), the public key e (or the

public parameter) is made public, while the associated secret key d is kept

secret. For the scheme to be secure, it must be computationally infeasible

to compute d as well as computing Ee1 (C), knowing the public value e.

Complexity

under assumptions of computational limitations.

We can never have unconditional security in a public-key cryptosystem.

Some assumption is required to be true for the scheme to be secure.

We assume that the opponent cannot solve a certain (computationally

difficult but solvable) problem. For example, factor a given very large

number.

he RSA public-key encryption scheme

Definition

The RSA public-key encryption scheme works as follows. Let n = pq,

where p and q are two large primes. Let M = C = Zn . Pick a number e

relatively prime to (n) and calculate a number d such that

ed = 1 mod (n). The public key is the two numbers (n, e) and the

(public) encryption transformation E(M ) is

E(M ) = M e mod n.

The secret key is the number d (as well as p, q and (n)) and the secret

decryption transformation D(C) is

D(C) = C d mod n.

Verify that decrypting a ciphertext returns the encrypted plaintext.

D(C) = C d = (M e )d = M ed mod n.

Now we note that ed = 1 mod (n), which means that we can write

ed = 1 + t (n),

that M is invertible we have

Example

Compute (n) = (p 1)(q 1) = 7636. Next, we must choose a value e

such that gcd(e, (n)) = 1. We can check that e = 25 is such a value.

When gcd(e, (n)) = 1 we know that e = 25 has a multiplicative inverse in

Z(n) . We use Euclidean algorithm and Bezouts lemma to find the inverse

d = 2749, i.e.,

e d = 25 2749 = 1 mod 7636.

Example

Anyone with access to our public key can now send us an encrypted

message M Z7849 , by calculating

C = M e mod n.

M = C d = 24012749 mod n

message.

Security of the RSA cryptosystem

RSA relies on the factoring problem.

This does not mean that breaking RSA is equivalent to solving a

factorization problem. It is not known whether RSA can be broken without

factoring n.

Implementation

M e mod n.

A good idea to reduce modulo n as soon as one receives an intermediate

value outside the interval [0, n 1].

Example

27282 = 7441984,

then computing

7441984 mod 7849 = 1132.

Continuing,

1132 2728 = 3088096

and finally

3088096 mod 7849 = 3439.

So 27283 mod 7849 = 3439.

Exponentiation

The square and multiply algorithm:

First rewrite e as a sum of powers of 2, i.e.,

e = e0 + e1 2 + e2 22 + + eL1 2L1 ,

computing the values

M 2 , M 4 = (M 2 )2 , M 8 = (M 4 )2 , . . . ,

as

L1

M e = M e0 (M 2 )e1 (M 4 )e2 (M 2 )eL1 .

Example

We rewrite 25 as 25 = 16 + 8 + 1 and get

Performing the multiplications we get

Primality testing

Naive approach: test by trial division, i.e., we check if x|m for all integers

x, where 2 x m.

The problem is that if m is a 1024 bit number then m is of size 512 bits

and 2512 tests is not possible.

Probabilistic algorithms for testing primality.

am1 = 1 mod m,

When m is not a prime we cannot really know what we will receive when

computing am1 .

But if am1 6= 1 mod m we know for certain that m is not a prime number.

Algorithm

1. Select a random a and compute A = am1 .

2. If A 6= 1 we know that m is composite and we end.

3. k = k + 1

}

Assume m prime.

Performance

The error probability after repeating the test k time would then be less

than 1/2k .

A composite m such that am1 = 1 mod m is said to be a pseudo-prime

to the base a.

If a composite m is such that it is a pseudo-prime for every base a with

gcd(a, m) = 1, the the number is called a Carmichael number.

The smallest Carmichael number is 561.

Miller-Rabin test:

Write m 1 = 2b q, where q is odd.

c

If aq = 1 mod m or a2 q = 1 mod m for any c < b then return m

probably prime and go back and choose a new base, otherwise return

m definitely not prime.

One can prove that P (m probably prime|m not prime) < 1/4.

Factoring

Some algorithms apply to numbers of special form.

Others are general, i.e., that they can factor any number.

Pollards (p 1)-method

Let n = pq and let p 1 factor as

p 1 = q1 q2 qk ,

Condition: each qi < B, where B is a predetermined bound.

Algorithm:

Compute a = 2B! mod n and compute the unknown prime p as

p = gcd(a 1, n).

Pollards (p 1)-method

(p 1)|B!.

We compute a = 2B! mod n. Now let a0 = 2B! mod p. Since p|n we must

have a mod p = a0 . Fermats little theorem states that

2p1 = 1 mod p

So p|(a 1) and since p|n we have p = gcd(a 1, n).

Pollards: Important conclusion

The primes p and q must then be chosen such that p 1 and q 1 each

contains a large prime in their factorisation.

A usual approach is to generate a random bprime p1 and then test whether

p = 2p1 + 1 is a prime number. If so, we choose p.

Modern factoring algorithms

rho algorithm method,...

See project 1.

The computational complexity of factoring

have sub-exponential behaviour.

Number Field Sieve: This is currently the most successful method for

numbers with more than 100 decimal digits. It can factor numbers of

the size of 2512 and has complexity LN (1/3, 1.923).

It is recommended that one takes N of size around 1024 bits to ensure

medium-term security. For long-term security one would need to take

a size of over 2048 bits.

Public Key Cryptography

public key and cannot be decrypted by anyone except the recipient

possessing the private key.

Digital signatures: A message signed with a senders private key can

be verified by anyone who has access to the senders public key,

thereby proving that the sender signed it and that the message has not

been tampered with (authenticity and nonrepudiation).

Key exchange: is a cryptographic protocol that allows two parties

that have no prior knowledge of each other to jointly establish a

shared secret key.

Public Key Cryptography

The main tool in use today is the digital certificate. A special trusted

third party, called a certificate authority, or CA, is used to vouch for

the validity of the public keys.

Public Key Cryptography

All users have a trusted copy of the public key of the CA. For example,

embedded in your browser when you buy your computer.

The CA sign data strings containing the following information

certificate. The CA will only sign this data if it truly believes that the

public key really does belong to Alice.

When Alice now sends you her public key, contained in a digital

certificate, you now trust that the public key is that of Alice, since you

trust the CA and you checked the signature.

The Discrete Logarithm Problem

Discrete Logarithm Problem: Given g, h G, find an x (if it exists)

such that g x = h.

The difficulty of this problem depends on the group G

Very easy: polynomial time algorithm, e.g. (ZN , +)

Hard: sub-exponential time algorithm, e.g. (Fp ).

Very hard: exponential time algorithm, e.g. elliptic curve groups.

Diffie Hellman Key Exchange

allows two parties to agree a secret key over an insecure channel without

having met before.

G = Fp and g Fp

The basic message flows for the Diffie Hellman protocol

Alice sends A = g a to Bob. Bob sends B = g b to Alice.

Alice computes K = B a . Bob computes K = Ab . Note

B a = Ab = g ab = K.

Example DH key exchange

Alice Bob

a = 12345 b = 654323

A = g a = 428647416 A = 428647416

B = 450904856 B = g b = 450904856

Bob computes Ab = 428647416654323 (modp) = 1333327162, Alice

computes B a = 45090485612345 (modp), = 1333327162.

Digital Signatures

Message + Alices private key = Signature,

Message + Signature + Alices public key = YES/NO.

(signature scheme with appendix)

three important security properties:

message integrity the message has not been altered in transit,

message origin the message was sent by Alice,

non-repudiation Alice cannot claim she did not send the message.

Cryptographic hash functions - more later

length bit strings as input and produces a fixed length bit string as

output, the hash value.

Preimage Resistant: It should be hard to find a message with a given

hash value.

Second Preimage Resistant: Given one message it should be hard to

find another message with the same hash value.

Collision Resistant: It should be hard to find two messages with the

same hash value.

Signatures with RSA

Message m for signing, we first compute h(m) and then apply the RSA

signing transform to h(m), i.e.

s = h(m)d mod N.

Verifying: Recover h, i.e.

h0 = se mod N.

If they agree accept the signature as valid, otherwise reject.

Security assumptions for Signatures

algorithm.

Known message attack: Eve knows also a list of signed messages.

Chosen message attack: Eve gets a list of messages of her choice

signed.

Adversarial goals:

Selective forgery: Try to get a valid signature on a given message

not signed before.

Existential forgery: Try to get a valid signature on a any message

not signed before.

- 14 Applications of Number TheoryDiunggah olehKetan Deokar
- ME I Year Information Security Two Mark Questions and AnswersDiunggah olehLeah Stephens
- Scriptie Tim CooijmansDiunggah olehdasdsada
- A comparison between traditional public key infrastructures and identity-based cryptographyDiunggah olehBing Liu
- Elliptic Curves MatlabDiunggah olehCahya Chaqiqi
- Ensuring the Data Integrity and Confidentiality in Cloud Storage Using Hash Function and TPADiunggah olehEditor IJRITCC
- Digital SignatureDiunggah olehBalaram Korra
- 137.pdfDiunggah olehSDIWC
- Crypto PresDiunggah olehFazliana Mansor
- Encryption ProjectDiunggah oleheyadakram
- addhhocDiunggah olehJitender Grover
- Guidelines Use and Control of Electronic Records for Stat Comp Ver1Read in Conjunction With AMN200701Diunggah olehManish Bansal
- A Novel Identity Based Blind Signature Scheme Using DLP for E-CommerceDiunggah olehEditor IJRITCC
- Encryption Technology PaperDiunggah olehJustin Palmer
- seminar.docxDiunggah olehcreative ideas
- Evaluation of Common Encryption Algorithm and Scope of Advanced Algorithm for Simulated Wireless NetworkDiunggah olehseventhsensegroup
- E- Governance Docs Tracking SystemDiunggah olehryan_macadangdang
- Security and the webDiunggah olehSaman
- Electronic EvidenceDiunggah olehRandal's Case
- ppt bandana.pptxDiunggah olehBandana Rajanandini
- RSA (2).pptDiunggah olehmrahsanali
- 10.1109@MSP.2017.3151339Diunggah olehritesh_nec
- it secDiunggah olehGeorge Kariuki
- rajanDiunggah olehvijetameena
- 3. Abstract-Two-Factor Data SecurityDiunggah olehPavan Kumar
- kokokoDiunggah olehAshokTambe
- Discussion NetworkingDiunggah olehNor Fitri Hana Jaafar
- Sample 1Diunggah olehNisheeth_Ranja_5706
- Legal DocumentDiunggah olehdshakti india
- MID Uet NSDiunggah olehAli Ahmad

- Design Future- Hydrogen event 2015Diunggah olehSaif Amin
- Binary Dependent VarDiunggah olehManali Pawar
- Blood & Honour Field ManualDiunggah olehAnonymous
- AICTE Sponsored Faculty Development Programme on Recent Advances in Pharmaceutical Analysis at School of Pharmacy (Revised) 22-02-2014 to 08-03-2014Diunggah olehshaikhjaved1
- accentureDiunggah olehPradeepkumar Saini
- Underdark AdventureDiunggah olehOzPium
- Non-Hodgkin LymphomaDiunggah olehHealth Education Library for People
- UN Infantry Battalion Manual .VolDiunggah olehrahanian
- Guidelines on InternshipDiunggah olehSyed Irfan Bin Inayat
- PP for Chapter 3 Completing the Accounting Cycle - FinalDiunggah olehSozia Tan
- 2SC5297Diunggah olehAlan Burn
- deinoDiunggah olehJeshi
- Quiz 2.1Diunggah olehcruik5298
- STG Pumps and Motors ManagementDiunggah olehHendra Prudential
- Biomech of Space Closure-Ortho / orthodontic courses by Indian dental academyDiunggah olehindian dental academy
- Perspective final.pptxDiunggah olehSaloni Zanzari
- YCH Cattle Panel StructuresDiunggah olehTravis Stinnett
- Planning for an Uncertain Future: Promoting adaptation to climate change through flexible and forward-looking decision makingDiunggah olehOxfam
- Galtronics LMP / LMR Antenna Catalog January 2014Diunggah olehGaltronics Marketing
- Botanicals for Blood Pressure and Cholesterol Dr. Mary BoveDiunggah olehstevenheise
- Retail Environments Magazine - International PerspectivesDiunggah olehMichael Diliberto
- Selecting_Elbows_for_Pneumatic_Conveying_Systems (1).pdfDiunggah olehAshnek
- ASEAN IPR Helpdesk - Indonesia Factsheet.pdfDiunggah olehselram2006
- 8200MB-Audiolab Service Manual v02 20110316Diunggah olehbassetrox
- Finite Element Methods of Structural AnalysisDiunggah olehwaqasahmed1983
- Polar Bears and Penguins (1)Diunggah olehPrueba3
- Leica Viva GS16 GNSS Smart Antenna DSDiunggah olehJelena Terzic
- Engineeringcivil.com-M25 Mix Designs as Per IS102622009Diunggah olehgdesh90
- Rosicrucian Digest, November 1951Diunggah olehsauron385
- Slaves of Fate ConversionDiunggah olehFééricOy