1 / 82

Lecture 17&18 – Cryptographic Algorithms

Distributed Systems. Lecture 17&18 – Cryptographic Algorithms.

rusty
Télécharger la présentation

Lecture 17&18 – Cryptographic Algorithms

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Distributed Systems Lecture 17&18 – Cryptographic Algorithms

  2. Part 1 – RSA Public-key Algorithm: We will continue our study of cryptography today, by looking in detail at a particular algorithm known as RSA. It was developed in 1978 and was named after its inventors. RSA is an asymmetric algorithm that relies on a public key for encryption and a private key for decryption.

  3. RSA: • Rivest (Ron) • Shamir (Adi) • Adelman (Len)

  4. Ron Rivest

  5. Shamir, Rivest, & Adleman in 1978

  6. Adleman, Shamir, & Rivest At the Crypto-82 Conference in 1982

  7. Advances in Cryptology: Proceedings of Crypto82 (Still available at amazon.com for $132.99)

  8. Google Hits: Crypto78 to Crypto 2006

  9. RSA • Depends on finding two large primes ... LARGE! >10100 i.e. numbers with over 100 decimal digits!

  10. Is this like looking for a needle in a haystack?

  11. lim  (n) = n / ln n n  How difficult is this? Prime Number Theorem: Let (n) be the number of prime numbers equal to or less than n

  12.  (n)  n / ln n even when n is only 109 For n>109, this is accurate within 5%

  13. As n increases to 10100, clearly n / ln n gets pretty close to (n)

  14. So … To find two primes for RSA, pick a random number larger than 10100, then start searching for primes …

  15. How dense are the primes up near 10100? If there are n/ln n primes below n, then the ratio of primes to numbers is 1:ln n Therefore, at 10100, this ratio is 1:ln 10100 which is approximately 1:230

  16. So, its more like looking for a needle on a table full of needles.

  17. So, if we pick a number somewhat larger than 10100, we should be able to find a pair of prime numbers by testing primes on either side of it 115.

  18. ! … or at least that’s the generally accepted theory …

  19. (n) here can be used to describe the average density of all the primes here n … What about the density of the primes right at n? 0

  20. We want to know how far (x) we expect to move to pick up a new prime. We could solve this: #primes below n - #primes below (n+x) = 1 n/ln n - (n+x)/ln(n+x) = 1 OR … since this is rather difficult, let’s take an alternate approach

  21. At n, the rate of change in the total number of primes below n is equal to the density of the primes at n. In other words, if we go to the next number, n+1, and we now have (n+1) / ln(n+1) below us, then the expected number of additional primes we pick up in moving from n to n+1 is the density of the primes at n.

  22. So, instead, we can take advantage of this observation that the rate of change of n/ln n is the prime density at n as follows: Solve: n . ln n d dn apply chain rule, then split into partial fractions: 1 / ln n - 1 / (ln n)2

  23. So, at n=10100, the density of the primes is: 1 / ln n - 1 / (ln n)2 = 1 / ln 10100 - 1 / (ln 10100)2 0.004324 So, we expect to go 1/0.004324 or 231 away to find the next prime … NOT 230!!! The reason that the local density at 10100 is virtually the same as the average density from one to 10100 can be understood by observing that the second derivative is practically zero throughout the entire interval.

  24. So, we begin by finding two large primes, say P and Q

  25. Next, calculate the following: N = P X Q and Z = ( P - 1 ) X ( Q - 1 ) Clearly Z and N do not share any common factors. (presumably |P-Q|>1) So, Z is not divisible by P or Q.

  26. Now, chose a “d” which has no factors in common with Z. d will be used for decryption Solve for “e” in the following: e X d = 1 mod Z e will be used for encryption

  27. Note: e X d = 1 mod Z means: (e X d) mod Z = 1 [ most of us prefer the second … pure mathematicians have no problem with the original representation. ]

  28. We now have the following: d e P Q N Z and M and c where the latter are the plaintext and the ciphertext respectively.

  29. The encryption function is then: E(e,N,M) = Me mod N and the decryption function is: D(d,N,c) = cd mod N So, the effective “keys” are as follows: Ke = <e,N> Kd = <d,N>

  30. Let’s test: Message M = “G” = ASCII 71 P =11, Q =19 N = 11 X 19 = 209 Z = 10 X 18 =180 d =7 ( e X d ) mod 180 = 1 7e % 180 =1 7 X 103 =721 and 721 % 180 = 1 e = 103

  31. Let’s test: c = Me mod N = 71103 mod 209 = 59 Now we will decrypt: cd mod N =597 mod 209 =71 It works!!!!!

  32. … but WHY does it work? http://www.cse.iitd.ac.in/~suban/cs120/rsa/node9.html

  33. And you thought that was difficult? Elliptical Curve Algorithms are an alternative developed in 1993 • Text says: • “The relevant mathematics involves some quite complex properties of elliptical curves and is beyond the scope of this book.”

  34. Part 2 – Hybrid Protocols: We will review the advantages and disadvantages of the cryptographic systems we have studied so far and will see how consideration of these advantages and disadvantages motivates the development of hybrid cryptographic protocols.

  35. Asymmetric Symmetric

  36. Symmetric • Easy to compute • Requires secure transfer of a secret key

  37. Asymmetric • Complicated to compute • Exchange of shared secret key not required

  38. Hybrid • Combines strengths of both systems • Uses an asymmetric cipher to exchange a secret shared key securely • Only complicated to compute for the exchange of the shared key - small • Simpler method based on shared secret key is used once the key is securely exchanged

  39. So public-key encryption is used only for authenticating the parties and exchanging a secret key which is used for all subsequent communication. An example implementation of such a hybrid protocol is SSL used in SSH.

  40. Part 3 – Digital Signatures: So far, we have seen cryptography applied in a way to conceal the contents of a communication to prevent a third party from examining the contents while the message was in transit. In the case of a digital signature, the motivation behind the use of cryptography is completely different. In general, our primary goal is not to hide the contents of the message (although we may still elect to do so) but rather to provide proof that a document is authentic. We will now discuss this further.

  41. Properties of written signatures on hardcopy documents: • Authentic • Unforgeable • Non-repudiable

  42. Authentic: A signature shows that the document is authentic and that the signer agrees with the the contents • Unforgeable: It proves that the signer deliberately signed the document and that no one else could have done that • Non-repudiable: The signer can not deny that they signed the document Oh course we realize that these things are not guaranteed with hardcopy documents and signatures. They could, ironically, be potentially more trustworthy in electronic form.

  43. Message Message Message • Digital Signing: • The simplest approach involves including an encrypted version of the document encrypted using a secret key shared by the signer and those wishing to authenticate the document, or using public-key encryption. Oh course this is somewhat redundant … why not just send the document in encrypted form? signed document

  44. Digest Functions: • Also called “secure hash functions.” • The digest is relatively small compared to the document used to produce the digest. • Like a CRC or checksum but even less likely to be correct unless the original document is unaltered. • The digest is signed rather than the entire document.

  45. Review: • Signed document using a digest: Message signed document Digest Digest Here the document remains unencrypted, but the digest, which anyone can compute is included in an encrypted form …

  46. Message Digest Digest If the digest is encrypted using a secret key, only those with access to the secret key could have signed the document and only they can verify the authenticity of the signature. signed document If the digest is encrypted using public-key encryption, only that principal with access the private key could have signed the document and any party can verify its authenticity with the public key.

More Related