1 / 37

Public-Key Cryptography and Selected Applications in 30 Minutes

Public-Key Cryptography and Selected Applications in 30 Minutes Selected slides for ad-hoc discussions Related to IP Cores Protection in FPGA Environment! W. Adi Technical University of Braunschweig, Germany. Outlines. Historical Overview: Finite Rings in Cryptography

jamese
Télécharger la présentation

Public-Key Cryptography and Selected Applications in 30 Minutes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Public-Key Cryptography and Selected Applications in 30 Minutes Selected slides for ad-hoc discussions Related to IP Cores Protection in FPGA Environment! W. Adi Technical University of Braunschweig, Germany

  2. Outlines • Historical Overview: • Finite Rings in Cryptography • Fuzzy Computation Concept • Applications • Conclusions

  3. Indusrial Networks - CAN-Bus TV Remote Control Car Wireless Service Light Network node Heating Kitchen Garage Internet Door Gates ... Power Station power line network Why security? Global Information Short Circuit ! Need Reliability and Security • Intensive Use of Coding and Cryptography • Discrete mathematics. . • Number Theory

  4. Cryptography ?... Art orScience ? In three epochs: I. Conventional Cryptography asArt • Julius Caesar Cipher • 873 : Al-Kindi: “Letters on Extracting Cryptograms” • Kaisiski “ The Art of Deciphering” 1863, ... Gauss • Vernam (AT&T) 1926, first and last unbreakable system • II world ware 1945, Enigma, Hagelin .... Alan Turing II.Coding and Cryptograph asScience1949C= B log2 (1 + S/N) • Shannon (AT&T) 1948'A Mathematical Theory of Communication‚ • Shannon (AT&T) 1949 'Communication Theory of Secrecy Systems‘ III. Breakthrough to Modern Cryptology 1976 • Diffie and Hellmann 1976 Public key Cryptography (Stanford University) • RSA 1978 (public key secrecy system) (MIT) • ....... Any new Breakthrough expected ? ! Intensive use of Finite Rings Historical overview:Coding & Cryptography

  5. Cryptographic Functions Using Finite Rings

  6. Open Register A B Secret key-B Secret key-A injection SHIELD injection ! Same thing ! Shared Secret Public-Key Cryptography Breakthrough 1976 (Diffie-Hellman) Shared Secretwithout exchange of secrets“Mechanical Scenario”

  7. Secret shielded secret SHIELD =One Way Function How: 2 6 mod 11 = 9 log2 9 (mod 11) = 6 Discrete logarithm Problem : no efficient algorithm is known to compute log2 9 modulo 11 ! How to “publicly” hide (shield) a secret ? All operations in A finite RingZm! One-Way function: 6 9

  8. Open Agreement and Register Shielding function is: y = (5 x) mod 7 A B 5 3 = 6 5 5 = 3 K-open-A= 6 K-open-B=3 6 3 3 ( ) 5 ( ) 5 5 5 3 Shield 5 5.3 5 3.5 ! same thing ! Z = 6 Example for Diffie-Hellman key exchange scheme 1976 Widely use in internet and banking ... Secret key-B= 5 Secret key-A= 3 5 3 5 5

  9. User A User B Public register Ko.Kc =1 in Z(m) Close Kc Kc ( )Kc(mod m) open Ko (MKc)Ko Basic Public Key Secrecy System (RSA system) (Mechanical simulation: user B wants secured message from A) All operations inZm M MKc.Ko=M Breaking this system is equivalent to factoring m ! MKc MKc

  10. Commutative lock is : MKeyinZm A B B A User A User B Pass 1 A A A B A A B B B A B B A B A A A B Pass 2 Pass 3 No Key Cryptography : Shamir 3-Pass Protocol MKa Mka Kb M MKb

  11. User A User B B B A B A A B B A A A B B A A B Research Question: Can anybody find a mathematical function which is equivalent to the following non-commutative mechanical lock simulation? Non-Commutative No Key Cryptography : Shamir 3-Pass Protocol

  12. Rabin Lock Based on Quadratic Residue in the Ring Zm Simple Arithmetic!

  13. x ? Inverse function is unknown in Zm Squaring and Square Roots in Zm(Rabin Lock) the function Y =X2 is one-way in Zm if m is a product of two unknown primes ! Squaring:Y =x2 (mod m) x y x 2 Breaking this lock is equivalent to factoring m !

  14. Conventional Secret Key Identification Mechanism Fundamental Concepts

  15. Challenge-Response Identification Protocol Explicit Secret Key Signature Authenticity without Secrecy Set up: Agree on a secret key Ki and a One-Way Function F Prover A Verifier Ki Ki Generate a random R (Challenge) Who are you ? : Prove by using R that you know Ki Authentication Request RES=F(Ki , R) ? I am A, and this is the proof : RES (Response) If RES = F(Ki , R) then accept

  16. 128 bits RAND RAND Authentication request 32 Bit Authentication response = XRES Authentication Result GSM: Challenge-Response identification mechanism Mobil-Station Verifier-Station SIM Identity key max. 128 Bit Random Generator Ki Ki RAND RAND A3 A3 XRES XRES

  17. Public-Key Identification Mechanism Fundamental Concepts

  18. Identification Protocols/Mechanisms Zero- Knowledge Iterative Proof (ZKIP) Authenticity without Secrecy Prover Verifier Who are you ? Authentication Request I am A, and this is the proof ZK: Prover reveals no secrets, whatever to the verifier !

  19. Omura Proof-of-Identity Protocol Based on Discrete Log. Problem public directory  is primitive element in GF(p) ya = public key of A Xa = ya Verifier Prover A I am user A xa Randomly choose k compute R =  k R R RXa RXa compute yak check RXa = yak RXa =  k. Xa Is not Zero Knowledge if verifier cheats !

  20. Fiat-Shamir Proof-of-Identity Protocol (1986) A Zero-Knowledge proof ! public directory p1p2 are secret m is RSA type modulus xa secret key of A ya = xa2 in Zm (mod m) Prover A Verifier A chooses a unitr in Zm and computes (I am user A, S) randomly choose b b = 1 or 0 S = r 2 b S ya xa If t2 = S . yab then accept (A knows xa ) t t= r. xab Prob. of attack success for k trials= 2-k

  21. All operations in a Finite RingZm! Discrete log problem Factorizing Problem Famous One-Way Functions used for Public-Key Systems • Exponentiation Y  a k (mod p) • Multiplication in Elliptic-Curve Group • Exponentiation Y  M k (mod m) • Factoring m  p . q • Squaring C  M 2 (mod m) • Knapsack Problem m = p.q , p, q = large primes

  22. Simplify Public-Key Arithmetic using fuzzy modular computations (Adi, Eurocom 2000)

  23. Fuzzy Modular Computations Division Algorithm to compute the remainder of Y mod m R Y mod m Y/m = q + R/m Y = q m + R=> R = Y – q m To findR, subtract exactly q times of m from Y What happens if we subtract only z times of m? R´ = Y – z m or R´ = (q-z) m + R R’R mod m

  24. Example : Using fuzzy modular computations Copmute R = 43 modulo 5 The correct answer is R=3 As 43 - 5. 8 = 3 (division Algorithm) We do not want to divide! Let us compute roughly R’ = 43 – 5 x 6 = 13 Anybody receiving R’ = 13 can run the division algorithm and get the final answer R=3 Sender need not to run the division algorithm, just subtract unpredictable random number of m’s from the original value and send what you get! Saving! No division operation at all, just one subtraction!

  25. How to attack the system R´ and m are known Try to find Y R´ = Y – z m Chose z with weight = n/2. Number of z combinations is high: Security-loss is only log2 n bits!

  26. Impact on Modular Multiplication Complexity Fuzzy Modular Multiplication

  27. Fuzzy Modular Multiplication

  28. Fuzzy Modular Multiplication Simplified Circuitry

  29. Secret Hiding Using the Fuzzy Modular Concept Hiding a secret kby exponentiation in RSA based systems S  C kmod N Let us substitute k byk´ = k– z (N) S  C k –z (Ni)mod N (same S) Send k´ = k– z (N) And do not exponentiatiate leave the work to the receiver

  30. Danger of sending the same k two times! Send k´ = k– z1 (N) Send k´´ = k– z2 (N) => k´ – K´´ = - (z1 + z2) (N) Having even unknown multiple of (N) simplify computing (N) Breaking RSA system is equivalent to computing Euler function ! Therefore K should be used only once in the system

  31. One possible Application Fast Public-Key Image Signature in a Mobile system Environment Using Fuzzy Modular Arithmetic

  32. Digital Frame Digital Frame Simple Data Compressor Digital Frame DCT coef. Frame digest Public-Key Signature Generator Digital Frame Signed Frame Signature Signature Public-Key Image Signature

  33. D1,1 D1,2 D1,3 D1,4 D1,5 D1,6 D1,7 D1,M-1 S1,M verifier Mobile Signer D2,1 D2,2 D2,3 D2,4 D2,5 D2,6 D2,7 D2,M-1 S2,M D3,1 D3,2 D3,3 D3,4 D3,5 D3,6 D3,7 D3,M-1 S3,M Calculate K’ out of K K ’ A frame with N x M blocks Calculate r r Calculate s DN-1,1 DN-1,2 DN-1,3 DN-1,4 DN-1,5 DN-1,6 DN-1,7 DN-1,M-1 SN-1,M ( r , s , M ) SN,1 SN,2 SN,3 SN,4 SN,5 SN,6 SN,7 SN,M-1 SN,M Public-Key Image Signature Using DSA system

  34. Message (M) is signed by User A Xa = Secret Key of A Xa = yain GF(p) Public Directory Verifier  is element in GF(p) with order q where q = large prime p, q, , ya ya = public key of A u1 u2 [ . ya ] U mod p M or H(M) M S r If k-1 ( M + r . Xa ) in GF(q) = S r  U mod p Rq[ Rp(k) ] = r k Then M is authentic k = Random integer in GF(q) Signed Message Public-Key Signature Using DSA system

  35. Resulting Simplified Computations For signing a piece of image data M : • -          Compute A = k-1 H(M) (3) • -          Compute B = r * (k-1 Xa) (4) • -          Compute s = A + B – t’ q (5) No modular computations are involved.

  36. Advantages and Disadvantages Advantage: Only Two multiplications and one addition are required Implementation in a low complexity mobile environment is possible Disadvantages: Signature data overhead of at most log2 q bits. Assume we have q as a prime in the range if 1000 bits Then the signature size is doubled to 2000 bits The security level is reduced. The new system key-size n’ is then n’ = log2 q - log2 (log2 q) => 1000 –10 = 990 bits instead of 1000 bits

  37. The END

More Related