540 likes | 720 Vues
Key Topics. Asymmetric Key Cryptography RSA ElGamal Schnorr DSS Message Digest MD5 SHA-1 Message Authentication Code (MAC). Sender (A). Receiver (B). Network. Cipher text. Cipher text. Plain text. Plain text. Encrypt with B’s public key. Decrypt with B’s private key.
E N D
Key Topics • Asymmetric Key Cryptography • RSA • ElGamal • Schnorr • DSS • Message Digest • MD5 • SHA-1 • Message Authentication Code (MAC)
Sender (A) Receiver (B) Network Cipher text Cipher text Plain text Plain text Encrypt with B’s public key Decrypt with B’s private key Asymmetric Key Cryptography
Asymmetric Key Encryption • Each user has a key pair (public and private), each user’s public key is accessible, but his private key is kept in secrecy. • Two mainly usage :(Digital signature and confidential communication) • In confidential communication (CC): • Sender (Alice) encrypts M with recipient’s (Bob) public key • Recipient (Bob) decrypts C with its private key
In digital signature (DS): • Provider: (Alice) signs M with his own private key to produce the signature S. • Prove: by each one, given text M and signature S , verify the signature S is indeed signed by Alice by using Alice’s public Key.
Asymmetric Key Example (CC) • Consider a bank and its customers • Customers encrypt their messages with bank’s public key • Bank decrypts messages with its private key
Customer A Bank’s public key Customer B Bank Bank’s public key Bank’s private key Customer C Bank’s public key Asymmetric Key Cryptography Example Fig 4.3
RSA (Rivest, Shamir, Adleman) • World’s most popular Asymmetric Key Encryption algorithm • Use formula like: ME mod n (n = p * q) • Key length ( belongs to Zn ) (n must more than 512 bits) • Block size (M) must smaller than the key length. • The cipher block size (C) is the same length as key length. • RSA is much slower than DES, IDEA, and AES. (but fast in two keys system)
RSA Algorithm Alice send message to Bob (each one has a pair of key, call public and private key) 1. For user Bob, choose two large prime numbers PB and QB. 2. Calculate NB = PB x QB. 3. Select the public key (i.e. the encryption key) EB such that gcd (EB, (NB) )=1 , (NB)= (PB – 1) x(QB – 1). public key is < EB ,NB > 4. Select the private key (i.e. the decryption key) DB such that the following equation is true: private key is < DB ,NB > EB x DB = 1 mod (NB) 5. For encryption, calculate the cipher text C from the plain text P as follows: C = PEB mod NB 6. Send C as the cipher text to the receiver. 7. For decryption, calculate the plain text P from the cipher text C as follows: P = CDB mod NB Fig 4.4
Example of RSA Bob (each one has a pair of key, call public and private key) 1. For user Bob, choose two large prime numbers PB =7 and QB =17. 2. Calculate NB = PB x QB. NB = 7 x 17 =119 3. Select the public key (i.e. the encryption key) EB =5 such that gcd (EB, (NB) )=1 , (NB)= (PB – 1) x (QB – 1), (NB)=96 . public key is < 5,119> 4. Select the private key (i.e. the decryption key) DB =77such that the following equation is true: private key is < 77,119> EB x DB = 1 mod (NB)
. For simply, assume A = 1, B = 2 , and plain text is only character F. Decryption algorithm using the private key Encryption algorithm using the public key 1. When got message from Alice that is cipher text, now 41. 2. Find one’s private key <77,119>, and compute 4177 mod 3. When get 6 means F. 1 Alice find the Bob public key <5,119> 2. Compute 65 mod 119 , and send the result to Bob. B F 4177 Result modulo 119 6 F F 41 A F 6 65 Result modulo 119 = 41 Alice send message to Bob
Why RSA is security • One can find each one's public key < EB , NB > . Can we find the private key < DB, NB > through < EB , NB > • To find DB , we need to know (NB ) Since DB x EB =1 mod (NB ) • Is (NB ) easy to find?
Characteristic Symmetric Key Cryptography Asymmetric Key Cryptography Key used for encryption / decryption Same key is used for encryption and decryption One key used for encryption and another, different key is used for decryption Speed of encryption / decryption Very fast Slower Size of resulting encrypted text Usually same as or less than the original clear text size More than the original clear text size Key agreement / exchange A big problem No problem at all Number of keys required as compared to the number of participants in the message exchange Equals about the square of the number of participants, so scalability is an issue Same as the number of participants, so scales up quite well Usage Mainly for encryption and decryption (confidentiality), cannot be used for digital signatures (integrity and non-repudiation checks) Can be used for encryption and decryption (confidentiality) as well as for digital signatures (integrity and non-repudiation checks) Symmetric v/s Asymmetric
Digital Signature Concept • Sender signs (encrypts )message M or its fingerprint with its private key to get the signature S. • Verify:. Given M, and S, and signer’s public key, Guarantees that only the sender could have created this message • Basis for Non-repudiation
Basis for Digital Signatures Sender (A) Receiver (B) Network Signature on Plain text Plain text Proved S = S’ ? S S Sign (Encrypt ) with A’s private key M S’ M Verify (Decrypt) with A’s public key
RSA for Digital Signature Alice want to sign message M to everyone (Assume user Alice has a key public key is < EA ,NA > private key is < DA ,NA >) Sign: calculate the signature S from the plain text M as follows: S = MDA mod NA Verify: when get signature S, message M, and Alice’s public key is < EA ,NA > , calculate the plain text M from signature Sas follows: (if plain text M is what they mean, correct) M’ = SEA mod NA ( Check to see if M’=M)
ElGamal Signatures • Parameters: • System parameters: p, g (Big prime p, p2512 and primitive root g order of g is (p). • g (p)=g0 =1 mod p • User private key: x, 1<x<p-1 • User public key: y=gx mod p • Sign:for m, 1<m<p-1, random number k and gcd(k,p-1)=1. generate (r,s) as the signature:
r=gk mod p, s=k-1(m-xr) mod p-1 (r,s) as the signature • Verifying: (receive m,and its (r,s)) gm = yr rs mod p
Schnorr Signatures • Parameters: • System parameters:1. Big prime p, p25122. generating number g (g’s order q, q is prime and q 2160,i.e.,gq=1 mod • User private key: x, 1<x<q • User public key: y=gx mod p • Signing:1. random number k and find r=gk mod p
2. Find e=h(r,m) 3. Find s=(k-xe) mod q (e,s) is the signature • Verifying 1. Find r through gsye mod p 2. Verify h(r,m)=e?
Digital Signature Standard (DSS) • 1991 NIST (National Institute of Standard and Technology) proposed a DSA for signature. • Parameters: • System parameters: (p ,q, g)1. Big prime p, p25122. generating prime q (q 2160,i.e.,gq=1 mod 3. find g such as g=hp-1/q mod p, h[1,p-1]4. h one way hashing function (SHA-1) • User private-public key pair: (x,y) • Find x, as a private key 1<x<q • y=gx mod p, as public key
Sign: (r,s) plaintext m, 0<m<p, generate random number k, 0<k<q, find 1. r=(gk mod p) mod q2. s = k-1(h(m)+xr) mod q Verify: t= s-1 mod q, r’=(gh(m)tyrt mod p) mod q Verify r’=r?
Message Digest Concept • Summarize the message M into fixed bit size called digest or hashed value. • In Mathematic notation, f(M), h(M) • Also called as Hash • The digest of a message can uniquely represent the message but use much less bit. The bit size of the hashed value is fixed usually of 128~256 bit. • Similar to finger print of a human
Message Digest Usage • Mainly for Integrity • Others: MAC, Authentication • For example: (The reason) • M: give me 100 • C: hjwf nf 211 ( use m+1 mod 256) • Change cipher C to (modified): hjwf nf 21111 • we decrypt changed C to M: give me 10000
A simple Case of Digest use ADD • Original number is 7391743 • Two numbers as a block • 73 91 74 30 • Operation (mod 100) Result • Given a initial value I 0 • add with the block 1 73 • add with the block 2 64 • Given a initial value 3 38 • add with the block 4 68 • Message digest is 68
Discuss ADD method • Good sides: • Fixed length • Easy • One way (message digest, digest message) • Bad sides: • Easy to find the same digest with different message.
More good hashing • Original number is 7391743 • Operation Result • Multiply 7 by 3 21 • Discard first digit 1 • Multiply 1 by 9 9 • Multiply 9 by 1 9 • Multiply 9 by 7 63 • Discard first digit 3 • Multiply 3 by 4 12 • Discard first digit 2 • Multiply 2 by 3 6 • Message digest is 6 • Taiwan I.D. is p121282112 • Final digital is the hashed value of all the preceding character. • Operation Result • Homework to find? • Message digest is 2
Original data 101010101 010101010 …. Message digest algorithm 0111 0101 1011 Message Digest Message Digest Concept
Original data Message digest algorithm Message digest for the same original data should be the same Message digest Message Digest Demands - 1
Message digest Reverse Message digest algorithm Must not be possible Original data Message Digest Demands - 2
Original data 2 Original data 1 Message digest algorithm Message digest algorithm Message digest 2 Message digest 1 These two message digests must be different Message Digest Demands - 3 Fig 4.22
Message Digest Differences • Even if the original messages differ minutely, message digests differ dramatically • Basis for the guarantee of uniqueness
Message Please pay the newspaper bill today 306706092A864886F70D010705A05A3058020100300906052B0E03021A0500303206092A864886F70D010701A0250423506C656173652070617920746865206E65777370617065722062696C6C20746F646179041479630AC8041BAA1C40747F2FC29D881AEF92299B Message digest Please pay the newspaper bill tomorrow Message Message digest 306A06092A864886F70D010705A05D305B020100300906052B0E03021A0500303506092A864886F70D010701A0280426506C656173652070617920746865206E65777370617065722062696C6C20746F6D6F72726F7704146EEC2E0DB9570A5AF6CEB631CE057AE830A87C5B Message Digest Example
Message Digest Algorithms • Basic principle: Take the original message, and reduce it to a smaller fingerprint • Examples: MD5, SHA-1 • SHA-1 is considered stronger
MD5 • MD serial developed by Ron Rivest.MD, MD2, MD3, MD4, MD5, MD6,… • Processed in 512-bit blocks (divided into 16 32-bit sub-blocks • Output is a set of four 32-bit blocks, amount is 128-bit message digest.
How MD5 works? • Padding • Filling message m into multiple of 512-bit blocks • Append length (in padding) • Divide the input into 512-bit blocks • Initialize chaining variables • Process blocks
1~512 bits 64 bits original message 1000…000 original length in bits Multiple of 512 bits • Padding the original message into multiple of 512-bit • Append Length in the final 64-bit of the padding block.
block1 block2 blockn 512 bits 512 bits 512 bits • Divide the input into 512-bit blocks Original message + padding block
A A B B C C D D block1 block2 blockn 512 bits 512 bits 512 bits • Initial A, B, C,D value • A 0123456716 B 89ABCDEF16 • C FEDCBA8916 D 7654321016 MD5 MD5 MD5 MD5
Process inside MD5 • Operated at 32-bit based. • Four rounds, And each round take up 16 steps. All 4*16 steps. • There are another 64 constants called t[1],…t[64]
Conceptual view within one round • Round 1 to round 4 only differ in • 1)function, on process P • 2) input sequences of subblocks, M[0],..M[15] • 3) shift number of bits Block into sub blocks Constants t[1~64] MD5 round 1 to round 4 Register a b c d
Input data: • 512-bit block M is divided into 16 sub block called M[0], M[1],…M[15], another constants t[1],..t[64], and register a,b,c,d • Operation: (Perform round 1~4 step 1~16) • Mainly operated on register a, b, c, d; after each step, registers are rotate-one-position-right exchanged (a, b,c, d) (d, a,b,c) • Main processes: (for each step) • p1: process p on register b,c,d • p2: register a is added into p1’s result. • p3: sub block M[i] is added into p2’s result • p4: constant t[k] is added into p3’s result. • p5: the p4’s result is circular-left shifted by s bits • p6: register b is added into p5’s result • p7: p6’s result write into register a.
a b c d Step 1 Process P Step 2 Add Add M[i] Step 3 Add t[k] Step 4 Step 5 Shift Step 6 Add Step 7 a b c d a = b+(( a + process p (b,c,d) + M[i] + t[k] )<<<s) Fig 4.33
Secure Hash Algorithm (SHA) • NIST and NSA, developed in 1993. also called SHA-1 • Modified from MD serial hash function. • Five register a, b, c, d,e (four register in MD5) • 5 constants (64 constants 64 in MD5 ) • Function changed • Output is: 160 bits
a b c d e Process P Add s5 Add Add W[t] Add K[t] a b c d e Single SHA-1 Iteration Fig 4.39
Point of discussion MD5 SHA Message digest length in bits 128 160 Attack to try and find the original message given a message digest Requires 2128 operations to break in Requires 2160 operations to break in, therefore more secure Attack to try and find two messages producing the same message digest Requires 264 operations to break in Requires 280 operations to break in Successful attacks so far There have been reported attempts to some extent (as we discussed earlier) No such claims so far Speed Faster (64 iterations, and 128-bit buffer) Slower (80 iterations, and 160-bit buffer) Software implementation Simple, does not need any large programs or complex tables Simple, does not need any large programs or complex tables Comparison of MD5 and SHA-1 Fig 4.42
Message Authentication Code (MAC) • Make sure the message digest is sent by the sender (need to include the Secret between sender and receiver ) • MAC can ensure the message integrity and authentication, lack of confidentiality and non-repudiation
Step 1 Step 2 Step 3 S E N D E R (A) R E C E I V E R (B) M M M MAC Send MAC H1 H1 H2 Compare K K Step 4 Message Authentication Code (MAC) Fig 4.43
Hash-based Message Authentication Code (HMAC) • Basically use Hash function (MD5, SHA-1) • Shared Secret key join with message M to form the a package to be hashed.
HMAC Concept Original message message digest algorithms such as MD5 or SHA-1 + Hash fun-ction (MD5, SHA-1) MAC Message Digest Key K + Final output Key K Key K