1 / 18

Cryptography and Public Policy

Cryptography and Public Policy. Montclair State University CMPT 109 J.W. Benham Spring, 1998. Historical Background of Public-Key Cryptography.

marrim
Télécharger la présentation

Cryptography and Public Policy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography and Public Policy Montclair State University CMPT 109 J.W. Benham Spring, 1998

  2. Historical Background of Public-Key Cryptography • 1976: W. Diffie and M.E. Hellman proposed the first public-key encryption algorithms -- actually an algorithm for public exchange of a secret key. • 1978: L.M Adleman, R.L. Rivest and A. Shamir propose the RSA encryption method • Currently the most widely used • Basis for the spreadsheet used in the lab

  3. The RSA Encryption Algorithm • Use a random process to select two large prime numbers P and Q. Compute the product M = P*Q. This number is called the modulus, and is made publicly available. • RSA currently recommends a modulus that’s at least 768 bits long. • Also compute the Euler totientT = (P-1)*(Q-1). Keep this number (as well as P and Q) secret.

  4. RSA (continued) • Randomly choose a public key E that has no factors in common with T = (P-1)*(Q-1). • Compute a private key D so that E*D leaves a remainder of 1 when divided by T. • We say E*D is congruent to1moduloT • Note that D is easy to compute only if one knows the value of T. This is essentially the same as knowing the values of P and Q.

  5. RSA (continued) • If N is any number that is not divisible by M, then dividing NE*Dby M and taking the remainder yields the original value N. • This is a relatively deep mathematical theorem, which we can write as NE*D mod M = N.) • If N is a numeric encoding of a block of plaintext, the cyphertext is C = NE mod M. • Then CD mod M = (NE)D mod M = NE*D mod M = N. Thus, we can recover the plaintext N with the private key D.

  6. Why RSA Works • Multiplying P by Q is easy: the number of operations depends on the number of bits (number of digits) in P and Q. • For example, multiplying two 384-bit numbers takes approximately 3842 = 147,456 bit operations

  7. Why RSA Works (2) • If one knows only M, finding P and Q is hard: in essence, the number of operations depends on the value of M. • The simplest method for factoring a 768-bit number takes about 2384  3.94 10115 trial divisions. • A more sophisticated methods takes about 285  3.87  1025 trial divisions. • A still more sophisticated method takes about 241  219,000,000,000 trial divisions

  8. Why RSA Works (3) • No-one has found an really quick algorithm for factoring a large number M. • No-one has proven that such a quick algorithm doesn’t exist (or even that one is unlikely to exist). • Peter Shor has devised a very fast factoring algorithm for a quantum computer, if anyone manages to build one.

  9. Public Policy I: Export Control • No restrictions on printed descriptions of encryption methods. • U.S. government regards computer implementations of strong encryption methods as munitions, covered by ITAR. • Current regulations permit the export of relatively weak encryption systems (like 40-bit DES or 512-bit RSA).

  10. The Export Policy Debate • PRO: It is desirable to keep strong encryption out of the hands of international terrorists and unfriendly governments. • CON: Since strong encryption is available and permitted in other countries, export restrictions reduce the ability of US companies to compete internationally.

  11. Public Policy II: Key Escrow • Each Clipper Chip has the following: • Circuitry to implement SKIPJACK, an 80-bit private-key encryption algorithm developed by the NSA (classified as Secret) • A 22-bit unique identification number (UID) • An 80-bit family key (KF) common to all Clipper Chips. • An 80-bit unique chip key (KU)

  12. Key Escrow (2) • For each chip, the manufacturer produces two additional keys KU1 and KU2 that can be combined to recover KU. • Each additional key is combined with the chip’s UID and given to an escrowing agency -- currently the National Institute of Standards and the Treasury Department

  13. Key Escrow (3) • When two users wish to exchange encrypted messages, their chips establish an 80-bit shared session key (KS). • The chip also generates a Law Enforcement Access Field (LEAF) that includes the UID, the session key encrypted using the chips unique key (KU) and a check sum, all encrypted using the family key (KF)

  14. Key Escrow (4) • With appropriate authorization (e.g., a court order), the escrowing agencies must relinquish KU1 and KU2 to the police. • The police can then recover KU. From that and the LEAF, they can recover KS and “listen in” on the exchange (and any future exchanges that originate from the same chip).

  15. Defeating Key Escrow • Matthew Blaze showed that it was possible to generate a phony LEAF that one could substitute for the actual LEAF. • He also suggested an easier way: encrypt a message using software before or after encryption using the clipper chip.

  16. Debate on Key Escrow (PRO) • Key escrow provides a reasonable balance between citizen’s needs for privacy and the needs of law enforcement. • It gives the police no new power; it just ensures that they will retain their current powers to listen in on private conversations (with a warrant). • It will be a voluntary standard, not mandatory.

  17. Debate on Key Escrow (CON) • Even if it’s voluntary, an escrowed encryption system could become the de facto standard, discouraging the use of other (possibly stronger) methods. • An escrowed encryption standard is an unwarranted, and possibly unconstitutional, intrusion on individual privacy. • Escrowed encryption would increase the power and effectiveness of governments hostile to human liberty.

  18. Two Bills Before Congress • Security and Freedom through Encryption (SAFE) Bill • Loosens export restrictions • Permits private key escrow • Secure Public Networks Bill • Maintains strong export restrictions, subject to annual review by the President • Provides strong incentives for key escrow, but does not make it mandatory.

More Related