1 / 13

Reminder: Public Key Cryptosystem

Reminder: Public Key Cryptosystem. I nvented in the late 1970's , with help from the development of complexity theory around that time. Based on a problem so difficult that it unrealistic computer time to solve

kaiser
Télécharger la présentation

Reminder: Public Key Cryptosystem

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Reminder: Public Key Cryptosystem • Invented in the late 1970's, with help from the development of complexity theory around that time. Based on a problem so difficult that it unrealistic computer time to solve • Has two keys, a public key [(e,n) for RSA] and a private key [d or n=pq for RSA] • Public key  encrypt messages: anyone/system knowing the public key could send them in privacy. • decrypt  private key. owner of the private key would be the only one who could decrypt the messages • Important ideaApplication to generate key exchange in a two-party communication: common secret key for bulk encryption using a private/symmetric key cryptosystem • Whitfield Diffie and Martin Hellman started the era of public key cryptosystems  ideas from number theory to construct a key exchange protocol • Shortly after Ron Rivest, Adi Shamir and Leonard Adleman developed RSA: first real public key cryptosystem capable of encryption and digital signatures. • Later several public cryptosystems followed using many different underlying ideas (e.g. knapsack problems, different groups on finite fields and lattices). Many of them were soon proven to be insecure. However, the Diffie-Hellman protocol and RSA appear to have remained two of the strongest up to now.

  2. 8.6 Cryptographic Protocols and Applications • Protocols = Algorithms used between two or more parties to achieve a specific goal • Cryptographic Protocol = performs a security-related function via a cryptosystem. Widely used for secure application-level data transport, ex. • Key Exchange. • Signature with RSA • Digital cash, signature, credentials • secure web (HTTP) connections, Online Poker, bid on auctions, • Sharing secrets that could only be recovered by a LARGE group of people • For more see [Meva Va97] “Menzes, Van Oorschot, Vanstone; Handbook of Applied Cryptography, CRC press, Boca Raton, Florida”

  3. Advanced cryptographic protocols • wide variety of cryptographic protocols go beyond the traditional goals of data confidentiality, integrity, and authentication to also secure a variety of other desired characteristics of computer-mediated collaboration. Blind signatures can be used for digital cash and digital credentials to prove that a person holds an attribute or right without revealing that person's identity or the identities of parties that person transacted with. Secure digital time-stamping can be used to prove that data (even if confidential) existed at a certain time. Secure multiparty computation can be used to compute answers (such as determining the highest bid in an auction) based on confidential data (such as private bids), so that when the protocol is complete the participants know only their own input and the answer. Undeniable signatures include interactive protocols that allow the signer to prove a forgery and limit who can verify the signature. Deniable encryption augments standard encryption by making it impossible for an attacker to mathematically prove the existence of a plaintext message. Digital mixes create hard-to-trace communications. (Wikipedia)

  4. 8.6.1. Diffie-Hellman Key Exchange (1976) • Popular public-key technique for establishing secret keys over an insecure channel (to use for symmetric/private Cryptosystem). • Example: exchange of keys between A & B over insecure communication links without previously shared information! Should not be discover by others in a feasible computer time. • Public information: (p,r) p=large prime r=primitive root of p: {rk, k in N}≡{1,2,…,p-1} (mod p)

  5. Private keys: • A picks a private #k from {1,2,…,p-2}  private key k • B picks a private #h from {1,2,…,p-2}  private key h Common Public Key K • From AB: y1≡rk(mod p) Bcommon key K≡ y1h ≡ rkh(mod p) • From BA: y2≡rh(mod p) Acommon key K ≡ y2k ≡ rhk(mod p)

  6. Cryptanalysis • Given the residues of rh & rkmodulo p find the key K ≡rhk (mod p) ? computationally difficult problem (see chapter 9) Example: r=2, p=53, k=7,h=8 27 ≡22(mod 53), 28 ≡44(mod 53), K=28*7 ≡16(mod 53) However, if only 22 and 44 are given, how to find K? • Increased complexity for a group of n individuals: K= rk1k2…kn (mod p)

  7. 8.6.2.Digital Signature • Make sure that a msg came for the supposed sender? Only the supposed sender is the source of that msg! • RSA(e , n=pq)  to send a “signed” msg • Applications: Email, E-banking, E-transactions… • A  public key (e1,n1) & private key (d1,n1) X≡Xe1d1 (mod n1) B public key (e2,n2) & private key (d2,n2)  X≡Xe2d2 (mod n2) P= Plaintext Signature S=Encrypted Signature by A that only B can decrypt without knowing private key d1 of A.

  8. Encryption by A P  S ≡ Pd1 (mod n1)  C ≡ Se2 (mod n2) • C is sent to B by A. • Decryption by B C S ≡ Cd2 (mod n2)  P ≡ Se1 (mod n1) • Intermediate step: If n2 > n1 direct Transformation S C If n2 ≤ n1, split S into blocks of size < n2 then the transformation SC for each block.

  9. Example: Romeo + Juliet • A= Romeo: (e,n)=(5,1273)=(5, 19*67)  Φ(n) =18*66= 1188  d= ē Φ [Φ(n)]-1 (mod Φ(n))= 5359= 713 • B= Juliet: (e,n)=(3,781)=(3, 11*71)  Φ(n) =10*70= 700  d= ē Φ [Φ(n)]-1 (mod Φ(n))= 3239= 107 • P= goodbye sweet love = 0614 1403 0124 0418 2204 0419 1114 2104 • Form blocks of four, then for each block compute: S ≡ Pd1 (mod n1) = P713 (mod 1273) = 1100 0731 0945 0304 0285 0324 1046 1248 • since n2 ≤ n1, split each block of S in two to get blocks of size < n2 • Transformation SC for each new block: C ≡ Se2 (mod n2)= S3 (mod 781) = 550 000 343 113 729 529 027 064 008 259 027 547 219 492 166 471 • Sent to Juliet. She decrypts: C S ≡ Cd2 (mod n2) then  P ≡ Se1 (mod n1)

  10. 8.6.3. Electronic Poker • A & B wish to play Poker Online • p= large prime Jointly choosing • A secret exponents keys ea da= inverse (mod p) • Bsecret exponents keys eb db= inverse (mod p) • Exponent Encryptions & decryptions: C=E (P)=Pe & P=D(C)= Cd  E(D(P))= P (mod p) • Ea , Eb , Da , Dbare commutative under compositions • M1,…,M52  the deck of cards

  11. B applies Eb Eb (M1),…, Eb (M52) • B shuffles (Permutation) sends to A • A  selects 5 cards Eb (M)  sends to B = B’s hand • B applies Db (to see the hand M)  Db[ Eb (M)]=M • A selects 5 cards C=Eb(N) with N in M1,…,M52 • A applies Ea (unable to see the hand N)  Ea (C)  sends to B • B applies Db (unable to see the hand N)  Db[Ea(C)]  sends to A Db[ Ea (C)] = Db[ Ea (Eb (N))]= Ea ( Db[Eb (N)])= Ea (N) • A applies Da (to see his hand N)  Da[ Ea (N)]=N • The same steps are followed for the rest of the game • Test for No Cheating: The Keys are revealed so each player (or the system) can verify that the cards claimed by each.

  12. 8.6.4.Secret Sharing • Protect an extremely sensitive information from: loss share its components with several individuals exposure but no small group can retrieve the information • Example: Master key K for access to the password file • Solution: (s,r)- threshold Schemes r individuals Shadows k1,…,kr = keys, each given to an individual K= master key To recover K least s of any of these shadows! but not less that s shadows!

  13. p = prime larger than K • p & m1<…<mr pairwise relatively prime • M= m1…ms > p mr-1…mr-s+2 • t integer with 0< t< M/p • K0= K + t p with K0 in {0,…,M-1} • The shadows: kj= K0 (mod mj) • Find K from any s individuals with shadows: k*1, …, k*s? • M*= m*1…m*s • Chinese remainder (theorem 4.12) for k*j= K0 (mod m*j)  solves K0 (mod M*) where 0 ≤ K0 < M ≤ M* • Determine K0 and then: K = K0 – t p

More Related