Académique Documents
Professionnel Documents
Culture Documents
Objectives
You should:
1. Be able to describe how public key systems simplify
key distribution.
2. Understand how public key systems use trapdoor
functions to realize cryptographic transformations with
separate encrypting and decrypting keys.
3. Know how the Diffie-Hellman key exchange algorithm
enables the secure exchange of secret keys over a
network.
4. Know how generate keys for the RSA system and how
to encipher and decipher messages with this system.
5. Be able to describe how certificate authorities assure
the validity of public keys
6. Be able to describe how public key systems are used
for digital signatures and identification.
7. Understand how hash functions are used for digital
signatures and be aware of current concerns about the
security of SHA-1.
but
E ( p , m)
and
D ( s, c )
must be feasible.
Indiv.Procedures/Protocols/Diffie-Hellman Demonstration
Diffie-Hellman key exchange is used by WAP Class 1
X2
x3
X4
x5
x6
G
G
Examples
In mod 7 arithmetic:
log 3 (6) 3
log 4 (5)
as 3
27 6 mod 7
as 4 is not a generator
Digital Signatures
Since any user of a public key system can use Bob's public
key to encrypt a message for Bob, he has no way of checking
the identity of the sender of a message.
Suppose Alice wants to send a message to Bob and arrange
that Bob can verify that it indeed came from her.
She takes the signature message she wishes to send and
decrypts it using her secret key S to obtain a digital
signature, which can be attached to the original message.
She then sends both to Bob ( MESS ).
A
10
So Alice obtains
SIGA DA ( s A , m)
Alice sends
MESS A E ( pB , m, SIGA )
Bob obtains
( m, SIG A ) DB ( s B , MESS A )
m E ( p A , SIG A )
11
13
21 n 2
I will pay
1
I will pay
1000
14
15
17
An attack on SHA-1
18
NIST plans
Although No attacks have been reported on the SHA-2
variants but they are algorithmically similar to SHA-1 and so
efforts are underway to develop improved alternative hashing
algorithms.
An open competition for a new SHA-3 function was
announced in the Federal Register on November 2, 2007.
"NIST is initiating an effort to develop one or more additional
hash algorithms through a public competition, similar to the
development process for the Advanced Encryption Standard
(AES)."
Submissions are due October 31, 2008 and the
announcement of a winner and publication of the new
standard are scheduled to take place in 2012.
20
Identification
Cryptographic algorithms have a third basic application in
addition to encryption and digital signatures, identification.
The primary use of identification is for access control.
Cryptographic algorithms used for identification are used
within identification protocols which enable the prover, Bob, to
prove to the verifier, Alice, their identity.
In a challenge response identification system if the prover,
Bob, wants to identify himself to the verifier, Alice, then Bob
must respond correctly to a question, or challenge, from
Alice.
o Bob responds to the challenge by computing a response
using a secret key and sending it to Alice.
o If the challenge response system is based on symmetric
key cryptography, Alice verifies the response using the
same secret key.
o If the system is based on public key cryptography, Alice
verifies the response using the public key that
corresponds to the secret key Bob used.
21
Suppose Alice and Bob agree a secret key by which they may
identify themselves to each other:
o If Bob wants to identify himself to Alice he asks Alice for a
random number, he then encrypts this random number
with the secret key and sends the cipher text to Alice who
decrypts the cipher text with the secret key and
compares the result with the number she sent.
o If there is a match then she accepts this as proof of
identity.
Public-key cryptography may be used for identification as
follows:
o If Bob wants to identify himself to Alice he asks Alice for a
random number, he then encrypts this random number
with his private key and sends the cipher text to Alice
who decrypts the cipher text using Bobs public key and
compares the result with the number she sent.
o If there is a match then she accepts this as proof of
identity. For this challenge response system to work Alice
must be sure that she has the authentic public key of
Bob.
22
Certification Authorities
26
27
The public key of the CA and the certificate of the user may
also be stored in the PSE of the user.
Some public and private keys have to be stored in archives
after they have expired.
As long a signature generated by a private signature key
may have to be verified the CA must store the
corresponding public key.
As long as documents encrypted by a public encryption key
may have to be read the corresponding private key must be
stored in the PSE of its user.
If the CA generated the key pairs of the user the user must
be provided with new private keys by the CA before the old
ones expire, this may be done using variants of the DiffieHellman key exchange protocol.
CrypTool provides a demonstration of digital signature
generation that requires you to generate a public key
certificate that contains the public signature key to be used
to check the signature.
From the pull down menu choose:
Digital Signatures/PKI/Signature Demonstration
28
29
30
31
Explanation of Step 3
In step 4 we need to compute the multiplicative inverse of p
modulo , this only exists if p is coprime to (n) .
In the case of RSA, we know that n is the product of two
primes q and r, so
32
years.
However, RSA is not known to be as hard as factoring and it is
possible there is an attack that does not involve factoring.
This appears unlikely as time passes as RSA has survived
intense investigation for 20 years.
In 1994 a 129-digit key RSA-129 was factorised and groups
throughout the World are constantly seeking to extend their
success to larger numbers. RSA-140 and RSA-155 were
factorised in 1999.
RSA-155 is 512 bits. Standard RSA keys are 1024 bits.
RSA-200 was factorised by the group of Prof. Jens Franke at
the University of Bonn in 2005.
The calculations took 17 months
It has been suggested that 1024-bit RSA keys by will be
factored by 2022.
The GISA (German Information Security Agency)
recommended the usage of 2048-bit keys from 2006 onwards.
34
35
36
Thin clients like smart cards usually have to store the (long)
secret key and have to process a digital signature rather than
verify one.
There is a clear advantage in using ECC in terms of
efficiency.
RSA public key cryptography is too computationally expensive
for mobile phones so WAP uses Elliptic Curve Cryptography
(ECC) by default.
Nowadays, the major problem with ECC-implementations is
the lack of standardization.
This causes problems in interoperability
Furthermore, ECC products have only begun to appear
recently and therefore only recently has there been sustained
interest in trying to find cryptographic weaknesses in ECC.
Consequently, there is less confidence in the security of ECC
than RSA.
ECC is fundamentally more difficult to understand than RSA
and beyond the scope of this course.
37