Académique Documents
Professionnel Documents
Culture Documents
15-2
Key Exchange
Using public key cryptography is expensive. A better way is to use in limited amount to generate a key for a private key cryptosystem If p is prime then there is a primitive root modulo p, that is a p 1 2 3 number g such that {1,2,K, p 1} = {g , g , g ,K, g } Diffie Hellman protocol: - Alice chooses a prime q and finds a primitive root g - Alice chooses a random X from {1, , q 2} and sends X p, q and X g (mod q) to Bob - Bob chooses random Y from {1, , q 2} and sends Y g Y (mod q) to Alice - Alice and Bob compute k g XY (mod q) (by computing Y X and X Y respectively. They use k as a private key
15-3
gX
Alice
X Z* p k = (gY ) X gY
Bob
Y Z* p k = ( g X )Y
15-4
15-5
Alice
X Z* p g
W
Eve
V Z* p W Z* p k = ( g X )W k ' = ( g Y )V
gV
Bob
Y Z* p
gY
Eve masquerades as Bob for Alice and as Alice for Bob. So she can read all messages they send
15-6
Other Problems
How do we know that p is prime and g is a primitive root? What if Eve replace g X with 1? What if Eve replace g X with an element of small order Safe primes: p=2q+1 where q is a prime.
16-8
Definition
Similar to symmetric case we need to care about data integrity A triple (Gen, Sign, Ver) is called a (T,)-secure signature scheme if validity for any pair (s,v) generated by Gen and every P {0,1}n we have Verv ( P, Signs ( P )) = 1 security for any Eve with time complexity at most T in the following game: - Alice chooses (s,v) - Eve gets black box access to Sign s (she has access to Verv ) - Eve wins if in the end she produces a pair (P,) such that (a) M was not queried (b) Verv ( P, ) = 1
16-9
Definition (cntd)
The probability Eve wins Pr[Eve wins ] < A scheme is secure if it is (T,)-secure for a superpolynomial pair (T,)
16-10