View by Category

Loading...

PPT – Public-Key Cryptography PowerPoint presentation | free to download - id: 1f40c-Nzg1Z

The Adobe Flash plugin is needed to view this content

About This Presentation

Write a Comment

User Comments (0)

Transcript and Presenter's Notes

Public-Key Cryptography

- Dr. Ron Rymon
- Efi Arazi School of Computer Science
- IDC, Herzliya. 2010/11

Pre-Requisites Conventional Cryptography

Overview

- Public Key Cryptography
- Crossword puzzles
- Diffie-Hellman
- RSA
- Elliptic Curves
- Digital Signatures
- Key Management for Public-Key Cryptography

Public-Key Cryptography

Main sources Network Security Essential /

Stallings Applied

Cryptography / Schneier

Motivation

- Until early 70s, cryptography was mostly owned by

government and military - Key distribution is more manageable and better

funded - Symmetric cryptography not ideal for

commercialization - Enormous key distribution problem most parties

may never meet physically - Must ensure authentication, to avoid

impersonation, fabrication - Few researchers (Diffie, Hellman, Merkle), in

addition to the IBM group, started exploring

Cryptography because they realized it is critical

to the forthcoming digital world - Privacy
- Effective commercial relations
- Payment
- Voting

Public-Key Cryptography

- Idea use separate keys to encrypt and decrypt
- First proposed by Diffie and Hellman
- Independently proposed by Merkle (1976)
- Pair of keys for each user
- generated by the user himself
- Public key is advertised
- Private key is kept secret, and is

computationally infeasible to discover from the

public key and ciphertexts - Each key can decrypt messages encrypted using the

other key - Applications
- Encryption
- Authentication (Digital Signature)
- Key Exchange (to establish Session Key)

Crossword Puzzles

- Ralph Merkles Key Exchange Algorithm
- Alice generates MANY crossword puzzles and sends

to Bob - Bob chooses ONE and solves it
- The solution includes an identifier, and the key
- Bob communicates the identifier to Alice
- Alice and Bob communicate using the key
- Important observation Eve would have to solve

ALL puzzles to identify the right one and the

key. - First attempt, cumbersome, and not working, but

very revolutionary at the time - Later, Merkle suggested to use NP-Hard problems
- Hard to solve, but easy to check (e.g.,

knapsack). - Also proven inadequate later...

Diffie-Hellman Key Exchange

- First public-key algorithm, based on the

difficulty of computing discrete logarithms

modulo n - Protocol
- Use key exchange protocol to establish session

key - Use session key to encrypt actual communication
- Algorithm
- Choose a large prime n, and a primitive root g

Bob

Alice

Xgx mod n

select x

Ygy mod n

select y

Compute KYx mod n

Kgxy mod n

Compute KXy mod n

Diffie-Hellman Protocol

- DH does not offer authentication
- Trudy can use a man-in-the-middle attack
- Impersonating Alice to Bob and vice versa
- Using his own key (or different keys) with each
- Solution establish a public directory
- Each person publishes (g,n,gx) this is the

public key - Note g,n may be different from one user to

another - Make sure not to select x0/1 mod n

Two-key Public-Key Encryption

- Sender uses the public key of the receiver to

encrypt - Receiver uses her private key to decrypt

Two-Key Public-key Authentication

- The sender encrypts some message (e.g. a

certificate) with his own private key - The receiver, by decrypting, verifies key

possession

Public-Key AlgorithmsThe Requirements

- It is computationally feasible to generate a pair

of keys - It is computationally easy to encrypt using the

public key - It is computationally easy to decrypt using the

private key - It is computationally infeasible to compute the

private key from the public key - It is computationally infeasible to recover the

plaintext from the public key and ciphertext - Either of the keys can decrypt a message

encrypted using the other key

RSA

- Developed by Rivest, Shamir, and Adleman (1977)
- Most widely used public key algorithm
- Receives its security from the difficulty of

factoring large numbers - Actually discovered first by UK GCHQ (Ellis and

Cocks) in 1973 ! - Algorithm
- Works as a block cipher, where each

plaintext/ciphertext block is integer between 0

and n (for some n2k) - Each receiver chooses e, d
- The values of e, and n are made public d is kept

secret - Encryption CMe mod n
- Decryption MCd mod n Med mod n
- Requisites
- Find e, d such that MMed mod n, for all Mltn
- Make sure that d cannot be computed from n and e,

not even if a ciphertext is available

RSA Keys and Key Generation

- Select primes p and q, npq
- ?(n)(p-1)(q-1) Euler totient of n number of

integers between 1 and n that are relatively

prime to n, i.e., m gcd(m,n)1 - Select integer elt?(n) such that gcd(?(n),e)1
- Guarantees that e-1 exists
- Calculate d such that de-1 mod ?(n),
- Use Euler extended GCD algorithm
- Now, for every Mltn, we have
- Med M 1 mod ?(n) M
- Note
- The message could have been encrypted with d and

decrypted by e

Recall Math Backgrounder

- Fermats Little Theorem
- For a prime p, ?a such that 0ltaltp, a(p-1)1 mod p
- Eulers extension
- For any n, ?a such that 0ltaltn, a ?(n) mod n 1

mod n - For primes p,q, ?a such that gcd(a,pq)1,

a(p-1)(q-1) 1 mod pq - Hence, Med mod n Mk(p-1)(q-1)1 mod n 1xM M
- To generate primes, use primality test
- For a non-prime, Fermats theorem will usually

fail on a random a - Carmichael numbers are rare exception, and if

chosen decryption wont work. Can reduce the

probability by checking more as - Primes are dense enough (almost one of every k

k-bit numbers) - GCD to select e takes O(log n) time
- Calculate de-1mod ?(n) - Euler extended GCD.

O(log n) - Exponentiation (Encrypt/Decrypt) takes O(log n)

time - RSA gets its security from the difficulty of

factoring npq

RSA Example

- Key Generation
- Select p7, q17, npq119, ?(119)96
- Select e5 Calculate d77 (7753851 mod 96)

Attacks on RSA Algorithm

- If one could factor n, which is available, into p

and q, then d could be calculated (as inverse of

e), and then the message deciphered - If one could guess the value of ?(n)(p-1)(q-1),

even without factoring n, then again d could be

computed as the inverse of e

Attacks on RSA Protocol

- Chosen ciphertext attack
- Attack get sender to sign (decrypt) a chosen

message - Inputs original (unknown) ciphertext CMe
- Construct
- XRe mod n, for a random R
- YXC mod n
- Ask sender to sign Y, obtaining UYd mod n
- Compute
- TR-1 mod n
- TU mod n R-1Yd mod n R-1 Xd Cd mod n Cd mod

n M - Exploits preservation of multiplication in group
- Conclusion
- never sign a random message
- sign only hashes
- use different keys for encryption and signature

Other precautions when implementing RSA protocol

- Do not use same n for multiple users
- A third party can sometimes decipher if same

message is encrypted using both encryption

(public) keys, without needing the decryption

(private) key - Always pad messages with random numbers, making

sure that M is about same size as n - If e is small, there is an attack that uses

e(e1)/2 linearly dependent messages, and if

messages are small its easier to find linearly

dependent ones - Do not choose low values for e and d
- For e, see above, and there is also attack on

small ds

Elliptic Curves Cryptography

- ECC addresses the cost of exponentiation in DH

and RSA - Use Abelian groups w/ addition defined on cubic

equations

- E.g., y2 x3 ax b (for some a, b)
- For RPQ, find third point of intersection on

line that connects P and Q (use tangent line if

PQ). This is R, and R is its mirror. - O is a point of infinity and is defined as

OP(-P). As a result it is also the identity

since POP - Can also be defined over GF(p)
- Consider QkP mod p
- Easy to compute Q from k, P
- Difficult to determine k from P, Q (except

through brute force)

Elliptic Curves Key Exchange

- Key Generation
- Select/agree on cubic curve (p, a, b) ---

public - Select a base point G with a high order n ---

public - i.e., smallest n such that nGO
- Private key of Alice is an integer KA lt n
- Public key of Alice is KAG
- Key Exchange
- Alice and Bob send public key to each other
- Each of them multiplies the result by own private

key - Agreed Key KA KBG
- Like DH but uses addition instead of

exponentiation

Timing and Power Attacks

- Ciphertext-only attack
- No mathematical analysis
- How it works
- Measure the effort (time, power) to decrypt a

message - Correlate the effort to the probability that

certain key bits are on - Idea
- Different algorithms work more on certain

combinations of bit values - E.g., in RSA the exponentiation effort depends on

the number of bits that are 1 - Solutions
- Idle computation to randomize even out

Other Public-Key Algorithms

- Merkle-Hellman Knapsack Algorithms
- First public-key cryptography (not key exch)

algorithm (1976) - patented - Encode a message as a series of solutions to

knapsack problems (NP-Hard). Easy

(superincreasing) knapsack serves as private key,

and a hard knapsack as a public key. - Broken by Shamir and Zippel in 1980, showing a

reconstruction of superincreasing knapsacks from

the normal knapsacks - Rabin
- Based on difficulty of finding square roots

modulo n - Encryption is faster CM2 mod n (npq)
- Decryption is a bit complicated and the plaintext

has to be selected from 4 possibilities (also

makes it difficult to use it for signature) - El Gamal
- Based on difficulty of calculating discrete

logarithms in a finite field - Elliptic Curves can be used to implement El Gamal

and Diffie-Hellman faster

Digital Signatures

Main sources Network Security Essential /

Stallings Applied

Cryptography / Schneier

Public-Key Digital Signature

- Same as authentication
- The sender encrypts a message with his own

private key - The receiver, by decrypting, verifies key

possession

Digital Signatures

- It is possible to use the entire message,

encrypted with the private key, as the digital

signature - But, this is computationally expensive
- And, anyone can then decrypt the original message
- Alternatively, a digest can be used
- Should be short
- Prevent decryption of the original message
- Prevent modification of original message
- Difficult to fake signature for
- If message authentication (integrity) is needed,

we may use the hash code of the message - If only source authentication is needed, a

different message can be used (certificate)

Digital Signature Algorithm (DSA)

- Proposed in 1991 by NIST as a standard (DSS)
- Based on difficulty of computing discrete

logarithms (like Diffie-Hellman and El Gamal) - Encountered resistance because RSA was already

de-facto standard, and already drew significant

investment - DSA cannot be used for encryption or key

distribution - RSA is advantageous in most applications (exc.

smart cards) - RSA is 10x faster in signature
- DSA is faster in verification
- Concerns about NSA backdoor (table can be built

for some primes) - Key size was increased from 512 to 2048 and 3072

bits - In DSA, the key size needs to be 4 times the

security level - DSA has an Elliptic Curve version
- Faster to compute, and requires half the bits

Description of DSA

- Parameters
- p is a prime number with up to 1024 bits public

key - q is a 160-bit factor of (p-1), and itself prime

public key - gh(p-1)/q mod p (h is random) public key
- x is the private key and is smaller than q --

private key - ygx mod p is part of the public key public key

- Signature
- Given a message M, generate a random kltq -- keep

secret - Signature is a pair (r,s)
- send r(gk mod p) mod q signature
- send sk-1(H(M)xr) mod q signature
- If r0 or s0, choose a new k
- Verification
- Compute ws-1 mod q
- Compute u1H(M)w mod q u2rw mod q
- Compute v(gu1yu2 mod p) mod q
- If vr then the signature is verified verificatio

n

Key Generation in DSA

- Generate q as a SHA on an arbitrary 160-bit

string - If not prime, try another string
- Use Rabin method for primality testing
- To get (p-1)
- Concatenate additional 160 bit numbers until you

get to the right size (e.g., 1024) - Subtract the remainder after division by 2q
- q is a factor from construction
- Since p-1 is even, then 2 is also a factor
- If p is not prime, repeat the process

One-Time Signatures (Merkle)

- Key Generation
- Let t n 1 log n, where n is message size
- Select random K1, Kt (private key)
- Let ViH(Ki) for a hash function H (public key)
- Signature
- Let C be the number of 0s in message M
- Let W M C, and let A1 At be Ws bits
- Signature is (S1 Su) such that SjKl if Al is

the jth 1-bit of W - Verification
- Compute W as above
- Compute H(Si) for each bit and compare to

(properly indexed) Vj

Key Management for Public Key Cryptographic

Protocols

Main sources Network Security Essential /

Stallings Applied

Cryptography / Schneier

Certificate Authority Verifying the Public Key

- How to ensure that Charles doesnt pretend to be

Bob by publishing a public-key for Bob. Then,

using a Man-in-the-Middle attack, Charles can

read the message and reencrypt-resend to Bob

- Bob prepares certificate with his identifying

information and his public key - The Certificate Authority (CA) verifies the

details and sign Bobs certificate - Bob can publish the signed certificate

More on (Public) Key Management

- Alice may have more than one key
- e.g., personal key and work key
- Where shall Alice store her keys?
- Alice may not want to trust her work

administrator with her personal banking key - Distributed certification a la X.509
- CA certifies Agents who certify organizations who

certify others - Distributed certification a la PGP
- Alice will present her certificate with

introducers who will vouch for her (PKI

parties) - Key Escrow
- US American Escrowed Encryption Standard suggests

that private keys be broken in half and kept by

two Government agencies - Clipper for cellular phone encryption
- Capstone for computer communication

Summary

Cryptography Summary

- Cryptography (and steganography) were always

considered a strategic tool - Used mostly by governments and military

organizations - Served to keep top secrets and in wars
- Different generations were characterized by

either the cryptographers or cryptanalysts

winning the battle - Today, cryptographers seem certainly on top, with

unbreakable ciphers (but, remember Vigeneres

unbreakable cipher) - Must remember that cryptanalysis is not the only

attack - It is usually the hardest way to break a message
- May attack human weaknesses in crypto protocol
- May attack communication, hosts, etc.
- Much easier to get information using good old

3Bs bribery, burglary, and bending

About PowerShow.com

PowerShow.com is a leading presentation/slideshow sharing website. Whether your application is business, how-to, education, medicine, school, church, sales, marketing, online training or just for fun, PowerShow.com is a great resource. And, best of all, most of its cool features are free and easy to use.

You can use PowerShow.com to find and download example online PowerPoint ppt presentations on just about any topic you can imagine so you can learn how to improve your own slides and presentations for free. Or use it to find and download high-quality how-to PowerPoint ppt presentations with illustrated or animated slides that will teach you how to do something new, also for free. Or use it to upload your own PowerPoint slides so you can share them with your teachers, class, students, bosses, employees, customers, potential investors or the world. Or use it to create really cool photo slideshows - with 2D and 3D transitions, animation, and your choice of music - that you can share with your Facebook friends or Google+ circles. That's all free as well!

For a small fee you can get the industry's best online privacy or publicly promote your presentations and slide shows with top rankings. But aside from that it's free. We'll even convert your presentations and slide shows into the universal Flash format with all their original multimedia glory, including animation, 2D and 3D transition effects, embedded music or other audio, or even video embedded in slides. All for free. Most of the presentations and slideshows on PowerShow.com are free to view, many are even free to download. (You can choose whether to allow people to download your original PowerPoint presentations and photo slideshows for a fee or free or not at all.) Check out PowerShow.com today - for FREE. There is truly something for everyone!

You can use PowerShow.com to find and download example online PowerPoint ppt presentations on just about any topic you can imagine so you can learn how to improve your own slides and presentations for free. Or use it to find and download high-quality how-to PowerPoint ppt presentations with illustrated or animated slides that will teach you how to do something new, also for free. Or use it to upload your own PowerPoint slides so you can share them with your teachers, class, students, bosses, employees, customers, potential investors or the world. Or use it to create really cool photo slideshows - with 2D and 3D transitions, animation, and your choice of music - that you can share with your Facebook friends or Google+ circles. That's all free as well!

For a small fee you can get the industry's best online privacy or publicly promote your presentations and slide shows with top rankings. But aside from that it's free. We'll even convert your presentations and slide shows into the universal Flash format with all their original multimedia glory, including animation, 2D and 3D transition effects, embedded music or other audio, or even video embedded in slides. All for free. Most of the presentations and slideshows on PowerShow.com are free to view, many are even free to download. (You can choose whether to allow people to download your original PowerPoint presentations and photo slideshows for a fee or free or not at all.) Check out PowerShow.com today - for FREE. There is truly something for everyone!

presentations for free. Or use it to find and download high-quality how-to PowerPoint ppt presentations with illustrated or animated slides that will teach you how to do something new, also for free. Or use it to upload your own PowerPoint slides so you can share them with your teachers, class, students, bosses, employees, customers, potential investors or the world. Or use it to create really cool photo slideshows - with 2D and 3D transitions, animation, and your choice of music - that you can share with your Facebook friends or Google+ circles. That's all free as well!

For a small fee you can get the industry's best online privacy or publicly promote your presentations and slide shows with top rankings. But aside from that it's free. We'll even convert your presentations and slide shows into the universal Flash format with all their original multimedia glory, including animation, 2D and 3D transition effects, embedded music or other audio, or even video embedded in slides. All for free. Most of the presentations and slideshows on PowerShow.com are free to view, many are even free to download. (You can choose whether to allow people to download your original PowerPoint presentations and photo slideshows for a fee or free or not at all.) Check out PowerShow.com today - for FREE. There is truly something for everyone!

For a small fee you can get the industry's best online privacy or publicly promote your presentations and slide shows with top rankings. But aside from that it's free. We'll even convert your presentations and slide shows into the universal Flash format with all their original multimedia glory, including animation, 2D and 3D transition effects, embedded music or other audio, or even video embedded in slides. All for free. Most of the presentations and slideshows on PowerShow.com are free to view, many are even free to download. (You can choose whether to allow people to download your original PowerPoint presentations and photo slideshows for a fee or free or not at all.) Check out PowerShow.com today - for FREE. There is truly something for everyone!

Recommended

«

/ »

Page of

«

/ »

Promoted Presentations

Related Presentations

Page of

Home About Us Terms and Conditions Privacy Policy Contact Us Send Us Feedback

Copyright 2017 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.

Copyright 2017 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.

The PowerPoint PPT presentation: "Public-Key Cryptography" is the property of its rightful owner.

Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!