1 / 31

Lecture 9 Overview

Lecture 9 Overview. RSA. Invented by Cocks (GCHQ), independently, by Rivest, Shamir and Adleman (MIT) Two keys e and d used for Encryption and Decryption The keys are interchangeable M = D( d , E( e , M) ) = D( e , E( d , M) ) Public key encryption

iona
Télécharger la présentation

Lecture 9 Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 9 Overview

  2. RSA • Invented by Cocks (GCHQ), independently, by Rivest, Shamir and Adleman (MIT) • Two keys e and d used for Encryption and Decryption • The keys are interchangeable • M = D(d, E(e, M) ) = D(e, E(d, M) ) • Public key encryption • Based on problem of factoring large numbers • Not in NP-complete • Best known algorithm is exponential CS 450/650 Lecture 9: RSA

  3. RSA • To encrypt message M compute • c = Me mod N • To decrypt ciphertext c compute • M = cd mod N CS 450/650 Lecture 9: RSA

  4. Key Choice • Let p and q be two large prime numbers • Let N = pq • Choose e relatively prime to (p1)(q1) • a prime number larger than p-1 and q-1 • Find d such that ed mod (p1)(q1) = 1 CS 450/650 Lecture 9: RSA

  5. RSA • Recall that e and N are public • If attacker can factor N, he can use e to easily find d • since ed mod (p1)(q1) = 1 • Factoring the modulus breaks RSA • It is not known whether factoring is the only way to break RSA CS 450/650 Lecture 9: RSA

  6. Does RSA Really Work? • Given c = Me mod N we must show • M = cd mod N = Med mod N • We’ll use Euler’s Theorem • If x is relatively prime to N then x(N) mod N =1 • (n): number of positive integers less than n that are relatively prime to n. • If p is prime then, (p) = p-1 CS 450/650 Lecture 9: RSA

  7. Does RSA Really Work? • Facts: • ed mod (p  1)(q  1) = 1 • ed = k(p  1)(q  1) + 1 by definition of mod • (N) = (p  1)(q  1) • Then ed  1 = k(p  1)(q  1) = k(N) • Med = M(ed-1)+1 = MMed-1 = MMk(N) = M(M(N)) k mod N = M1 k mod N = M mod N CS 450/650 Lecture 9: RSA

  8. More Efficient RSA • Modular exponentiation example • 520 = 95367431640625 = 25 mod 35 • A better way: repeated squaring • Note that 20 = 2  10, 10 = 2  5, 5 = 2  2 + 1, 2 = 1 2 • 51= 5 mod 35 • 52= (51) 2 = 52 = 25 mod 35 • 55= (52) 2 51 = 252 5 = 3125 = 10 mod 35 • 510 = (55) 2 = 102 = 100 = 30 mod 35 • 520 = (510) 2 = 302 = 900 = 25 mod 35 • No huge numbers and it’s efficient! CS 450/650 Lecture 9: RSA

  9. Symmetric vs Asymmetric CS 450/650 Fundamentals of Integrated Computer Security

  10. Lecture 10Cryptographic Hash Functions CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini

  11. Cryptographic Hash Functions • Message Digest Functions • Protect integrity • Create a message digest or fingerprint of a digital document • MD4, MD5, SHA • Message Authentication Codes (MACs) • Protect both integrity and authenticity • Produce fingerprints based on both a given document and a secret key CS 450/650 Lecture 10: Hash Functions

  12. Message Digest Functions • Checksums  fingerprint of a message • If message changes, checksum will not match • Most checksums are good in detecting accidental changes made to a message • They are not designed to prevent an adversary from intentionally changing a message resulting a message with the same checksum • Message digests are designed to protect against this possibility CS 450/650 Lecture 10: Hash Functions

  13. One-Way Hash Functions Example • M = “Elvis” • H(M) = (“E” + “L” + “V” + “I” + “S”) mod 26 • H(M) = (5 + 12 + 22 + 9 + 19) mod 26 • H(M) = 67 mod 26 • H(M) = 15 M H H(M) = h CS 450/650 Lecture 10: Hash Functions

  14. Collision Example • x = “Viva” • Y = “Vegas” • H(x) = H(y) = 2 x H H(x) = y H H(y) CS 450/650 Lecture 10: Hash Functions

  15. Collision-resistant, One-way hash fnc. • Given M, • it is easy to compute h • Given any h, • it is hard to find any M such that H(M) = h • Given M1, it is difficult to find M2 • such that H(M1) = H(M2) • Functions that satisfy these criteria are called message digest • They produce a fixed-length digest (fingerprint) CS 450/650 Lecture 10: Hash Functions

  16. Message Authentication Codes • A message authentication code (MAC) is a key-dependent message digest function • MAC(M,k) = h CS 450/650 Lecture 10: Hash Functions

  17. A MAC Based on a Block Cipher M1 M1 M1 XOR XOR Encrypt … Encrypt Encrypt MAC k k k CS 450/650 Lecture 10: Hash Functions

  18. Secure Hash Algorithm (SHA)

  19. Secure Hash Algorithm (SHA) • SHA-0 1993 • SHA-1 1995 • SHA-2 2002 • SHA-224, SHA-256, SHA-384, SHA-512 SHA-1 160-bit message digest A message composed of b bits CS 450/650 Lecture 8: Secure Hash Algorithm

  20. Step 1 -- Padding • Padding the total length of a padded message is multiple of 512 • Every message is padded even if its length is already a multiple of 512 • Padding is done by appending to the input • A single bit, 1 • Enough additional bits, all 0, to make the final 512 block exactly 448 bits long • A 64-bit integer representing the length of the original message in bits CS 450/650 Lecture 8: Secure Hash Algorithm

  21. Padding (cont.) Message 1 0…0 Message length 1 bit 64 bits Multiple of 512 CS 450/650 Lecture 8: Secure Hash Algorithm

  22. Example • M = 01100010 11001010 1001 (20 bits) • Padding is done by appending to the input • A single bit, 1 • 427 0s • A 64-bit integer representing 20 • Pad(M) = 01100010 11001010 10011000 … 00010100

  23. Example • Length of M = 500 bits • Padding is done by appending to the input: • A single bit, 1 • 459 0s • A 64-bit integer representing 500 • Length of Pad(M) = 1024 bits

  24. Step 2 -- Dividing Pad(M) • Pad (M) = B1, B2, B3, …, Bn • Each Bi denote a 512-bit block • Each Bi is divided into 16 32-bit words • W0, W1, …, W15 CS 450/650 Lecture 8: Secure Hash Algorithm

  25. Step 3 – Compute W16 – W79 • To Compute word Wj (16<=j<=79) • Wj-3, Wj-8, Wj-14 , Wj-16 are XORed • The result is circularly left shifted one bit CS 450/650 Lecture 8: Secure Hash Algorithm

  26. Initialize 32-bit words • A = H0 = 67452301 • B = H1 = EFCDAB89 • C = H2 = 98BADCFE • D = H3 = 10325476 • E = H4 = C3D2E1F0 • K0 – K19 = 5A827999 • K20 – K39 = 6ED9EBA1 • K40 – K49 = 8F1BBCDC • K60 – K79 = CA62C1D6 CS 450/650 Lecture 8: Secure Hash Algorithm

  27. Step 5 – Loop For j = 0 … 79 TEMP = CircLeShift_5 (A) + fj(B,C,D) + E + Wj + Kj E = D; D = C; C = CircLeShift_30(B); B = A; A = TEMP Done +  addition (ignore overflow) CS 450/650 Lecture 8: Secure Hash Algorithm

  28. Four functions • For j = 0 … 19 • fj(B,C,D) = (B AND C) OR (B AND D) OR (C AND D) • For j = 20 … 39 • fj(B,C,D) = (B XOR C XOR D) • For j = 40 … 59 • fj(B,C,D) = (B AND C) OR ((NOT B) AND D) • For j = 60 … 79 • fj(B,C,D) = (B XOR C XOR D) CS 450/650 Lecture 8: Secure Hash Algorithm

  29. Step 6 – Final • H0 = H0 + A • H1 = H1 + B • H2 = H2 + C • H3 = H3 + D • H4 = H4 + E CS 450/650 Lecture 8: Secure Hash Algorithm

  30. Done • Once these steps have been performed on each 512-bit block (B1, B2, …, Bn) of the padded message, • the 160-bit message digest is given by H0 H1 H2 H3 H4 CS 450/650 Lecture 8: Secure Hash Algorithm

  31. SHA CS 450/650 Lecture 8: Secure Hash Algorithm

More Related