Public Key Cryptography

1
(No Transcript)
2
Public Key Cryptography

• Alice and Bob agree on a key, without meeting!

3
Cryptosystems
Eve
4
Beware Security Through Obscurity

• Kerckhoffs Principle (1883)
• The system must not require secrecy, and it
  could fall into the hands of the enemy without
  causing trouble. If a system requiring secrecy
  were to find itself in the hands of too many
  individuals, it could be compromised upon each
  engagement in which any of them take part.
• Still regularly violated by Internet security
  start-ups and their credulous investors

5
(No Transcript)
6
DES The Data Encryption Standard

• A 1976 public standard
• 56 bit key
• Long enough in 1976
• With todays more powerful computers a brute
  force search through possible keys takes only a
  day
• Superceded by Advanced Encryption Standard or
  AES 128, 192, or 256 bit key
• AES not cracked as far as we know

7
The Problem Remains How to Get the Key from
Alice to Bob?
The Internet
(Alices Credit Card )
(Alices Credit Card )
8
Public-Key Cryptography

• Whit Diffie and Marty Hellman, New Directions in
  Cryptography, 1976

9
A Way for Alice and Bob to agree on a secret key

• through messages that are completely public

10
The basic idea of Diffie-Hellman key agreement

• Arrange things so that
• Alice has a secret number that only Alice knows
• Bob has a secret number that only Bob knows
• Alice and Bob then communicate something publicly
• They somehow compute the same number
• Only they know the shared number -- thats the
  key!
• No one else can compute this number without
  knowing Alices secret or Bobs secret
• But Alices secret number is still hers alone,
  and Bobs is Bobs alone
• Sounds impossible

11
One-Way Computation

• Easy to compute, hard to uncompute
• What is 28487532223?72342452989?
• Not hard -- easy on a computer -- about 100
  digit-by-digit multiplications
• What are the factors of
• 206085796112139733547?
• Seems to require vast numbers of trial divisions

12
Modular arithmetic
6 5 3 (mod 8)
13
Math Quiz
1
5
1
1
(23)100 1100 1
14
(mod p) notation

• Think of the (mod p) at the end of the line as
  referring to everything in the equation
• (23)100 1100 1 (mod 7) means
• (23)100 , 1100 , and 1 are all equivalent if you
  divide by 7 and keep just the remainder
• (mod 100) means just keep the last two
  digits

15
Theres a shortcut for computing powers

• Problem Given q and p and n, find qn (mod p)
• Method 1 multiply q by itself n-1 times
• Requires n-1 multiplications
• Method 2 use successive squaring
• Requires about lg n multiplications
• Example If n is a 500-digit number, we can
  compute qn (mod p) in about 1700 ( lg 10500)
  steps.

16
Theres no shortcut for computing logarithms mod p

• Problem Given q and p and y, find n such that
• qn y (mod p)
• As far as anyone knows, there are no shortcuts.
• The only way to do this is essentially by
  brute-force search among all possibilities for n.
• Example If p is a 500-digit number, finding n
  so that
• qn y (mod p)
• requires about 10500 steps.

17
Discrete logarithm problem

• It is easy to compute modular powers but seems to
  be hard to reverse that operation
• For what value of n does 54321n18789 mod 70707?
• Try n1, 2, 3, 4,
• Get 54321n 54321, 26517, 57660, 40881 mod
  70707
• n43210 works, but no known quick way to discover
  that

18
The math behind Diffie-Hellman key agreement

• Given q and p, and an equation of the form
• qn y (mod p)
• Then it is exponentially harder to compute n
  given y, than it is to compute y given n.
• For 500-digit numbers, were talking about a
  computing effort of 1700 steps vs. 10500 steps.

19
Discrete logarithm seems to be a one-way function

• Fix numbers q and p
• (big numbers, qltp)
• Let f(a) qa (mod p)
• Given a, computing f(a)A is easy
• But it is impossibly hard, given A, to find an a
  such that f(a)A.

20
Another useful fact

• Let xn xn (mod p)
• Then for any two numbers n, m,
• (xn)m (xm)n
• Recall f(a) qa

21
Diffie-Hellman
A
B
Pick a secret number a
Pick a secret number b
Compute A f(a)
Compute B f(b)
Shout out A
Shout out B
Compute Ba
Compute Ab
Main point Alice and Bob have computed the same
number, because Ba f(b)a (qb)a
(qa)b f(a)b Ab.
Use this number as the encryption key!
22
Diffie-Hellman
A
B
a
b
Let K Ba Ab
Alice and Bob can now use this number as a shared
key for encrypted communication
Eve the eavesdropper knows A f(a) and B f(b)
And (per Kerckhoffs) she also knows how to
compute f and g. But going from these back to a
or b requires reversing a one-way
computation.
23
Secure Internet Communication

• https//www99.americanexpress.com/
• https (with an s) indicates a secure, encrypted
  communication is going on
• We are all cryptographers now
• So is Al Qaeda(?)
• Internet security depends on difficulty of
  factoring numbers -- doing that quickly would
  require a deep advance in mathematics

24
Confidential email from anyone

• Bob picks secret key b and computes his public
  key B
• Bob publishes B in a public directory!
• Now Anyone can send Bob secret email
• Pick secret key a and compute public key A
• Compute encryption key K using a and B
• Send encrypted message and also include public
  key A in the same email!
• Bob computes K using A and b and decrypts the
  message!

25
But theres a problem

• How can Alice know that the listing in the
  directory is really Bobs?
• Maybe it is Eve pretending to be Bob!
• Certificates and certifying authorities provide
  solution to authentication problem

26
Two more problems solved by digital signatures

• Integrity When Bob receives a message, he can be
  sure that it was not modified en route after
  Alice sent it.
• Non-repudiation Alice cannot later deny that the
  message was sent. Bob cannot later deny that the
  message was received.
• Digital signatures are a variant on public-key
  encryption technology

27
Cryptography and National Security
There is a very real and critical danger that
unrestrained public discussion of cryptologic
matters will seriously damage the ability of this
government to conduct signals intelligence and
the ability of this government to carry out its
mission of protecting national security
information from hostile exploitation. -- Admiral
Bobby Ray Inman (Director of the NSA, 1979)
28
CALEA, October 1994
to make clear a telecommunications carrier's
duty to cooperate in the interception of
communications for Law Enforcement purposes, and
for other purposes.
29
Governments big hammerCrypto export controls

• Pre-1995 Encryption technology classified by
  State Department as a munition
• Illegal to export hardware, software, technical
  information, unless you register as an arms
  dealer and adhere to stringent regulations
• Illegal to provide material or technical
  assistance to non-US citizens (even within the
  US)
• 1996 Jurisdiction for crypto exports transferred
  to Commerce Department, but restrictions remain.

30
The basic proposal escrowed encryption

• Require encryption products to have a back door
  controlled by a set of keys (escrowed keys)
  that are held by the government or by its
  licensed agents
• Might require this for products that can be
  exported, or maybe all encryption products
• Proposal first unveiled for telephones in 1994
  (the Clipper phone)
• Modified in various ways throughout 1994-1998

31
(No Transcript)
32
The crypto wars, 1994-1998

• Dramatis Personae
• Industry
• Law enforcement
• National security
• Civil libertarian groups

33
Industry claims and issues

• Customers want security for electronic commerce,
  for protecting remote access, for confidentiality
  of business information.
• Export restrictions are a pain in the butt.
• Providing encryption is cheap, but providing an
  escrow infrastructure is not, and theres no
  commercial demand for it.

34
Law enforcement claims and issues

• Wiretapping is a critical law-enforcement tool.
• Wiretaps are conducted on specific, identified
  targets under lawful authority.
• Many criminals are often sloppy and/or stupid
  They wont use encryption unless it becomes
  ubiquitous. Some criminals are far from sloppy
  or stupid They will use encryption if it is
  available.

35
Civil libertarian claims and issues

• As computer communication technology becomes more
  pervasive, allowing government access to
  communications becomes much more than traditional
  wiretapping of phone conversations.
• How do we guard against abuse of the system?
• If we make wiretapping easy, then what are the
  checks on its increasing use?
• There are other tools (bugging, data mining, DNA
  matching) that can assist law enforcement.
  People have less privacy than previously, even
  without wiretapping.

36
National security establishment claims and issues

• We cant tell you, but they are really serious.

37
Legislation, 1997

• Bills introduced in Congress all over the map,
  ranging from elimination of export controls to
  bills that would mandate key escrow, even for
  domestic use.

38
More recently

• 1998-2000 Crypto export regulations modified and
  relaxed, but still exist
• Sept. 13, 2001 Sen. Judd Gregg (New Hampshire)
  calls for encryption regulations, saying
  encryption makers have as much at risk as we
  have at risk as a nation, and they should
  understand that as a matter of citizenship, they
  have an obligation to include decryption methods
  for government agents.
• By October, Gregg had changed his mind about
  introducing legislation.

39
Why Arent Emails Encrypted?

• Email is more like postcards than letters!
• Standard email software doesnt make it easy
• But encrypted-email software is freely available
  (PGP)
• Regulations require some businesses to know what
  their employees are doing