Académique Documents
Professionnel Documents
Culture Documents
madhu Viswanatham 1
Symmetric-key cryptography based
on sharing secrecy
• In symmetric –key cryptography, symbols are
permuted or substituted
• In asymmetric-key cryptography, numbers are
manipulated.
• Symmetric-key cryptography based on sharing
secrecy
• Asymmetric-key cryptography id based on
personal secrecy
Bob generates the session key k, sends Alice the encrypted session key.
• Encryption/decryption
• Digital Signature(Authentication)
• Key Exchange
Example:
RSA: √ √ √
Diffie_Hellman: × × √
DSA: × √ ×
Key used for Same Key is used for One key is used for encryption
encryption/decryption encryption and and another different key is
decryption used for decryption
Speed of Very fast slower
Encryption/decryption
Size of resulting cipher text Usually same as or less More than the original text
than the original text size size
Key agreement/exchange A big problem No problem
• y is the product of nb terms. Each term is either 1 (if the corresponding bit is 0) or a2i
is the bit is 1y is the bit is 1. In other words, the term a2 i is included in the multiplication if the bit
is 1, it is not included if the bi is 0 (multiplication by 1 has no effect).
P =ax mod n
Launch a timing attack against the decryption of RSA to figure out the private key
x if RSA uses above fast exponentiation algorithm.
Hint: use a timer to record execution time of each iteration, use the average value
of all iteration as threshold to determine each bit of d is 0 (below threshold) or 1
(above threshold).
2/2/2018 V.madhu Viswanatham 15
Diffie-Hellman Key exchange Protocol
A B
1 R1=gx mod p
2 R1
R2=gy mod p 3
R2 4
K=gxy mod p
1st 2 R1
message R2=gy mod p 3
K=(R1)y mod p 4
k
R2 B’s certificate SigB(A|R1|R2) 5 2nd
message
Signed by B’s private key
6 )x
K=(R2 mod p
-Entity authentication
- Data authentication
+ + +
-----------
DES DES DES DES
K(56bits)
encrypt encrypt encrypt encrypt
One round
a b c d
2/2/2018 V.madhu Viswanatham 33
• In each round we have 16 input sub-blocks,named
M[0],M[1],….,M[15].
• Also,t is an arrayof constants.It consists of 64 elements,with
each element consisting of 32 bits.We denote the elemnts of
this array t ast[0],t[1],……,t[63].
• K[i] := floor(232 × abs(sin(i + 1)))
• g(a,b,c) = (bc)(~b d)
• g(a,b,c) = (b d) (c ~ d)
• g(a,b,c) = bc d
• g(a,b,c) = c(b ~d)
One round
a b c d e
2/2/2018 V.madhu Viswanatham 41
2/2/2018 V.madhu Viswanatham 42
• Each round has 20 steps of the form:
abcde=(e + function F+s5(a)+W[t]+K[t]),a, s30(b),c,d
Successful attacks so far There have been reported No such claims so far
attempts to some extent(as
we discussed earlier)
Speed Faster(64 iterations and Slowerr(80 iterations and
128 bit buffer) 160 bit buffer)
One round
a | b | c | d | e | f | g |h
2/2/2018 V.madhu Viswanatham 47
SHA-512 Round Function
Ch(e,f,g)=(e AND f) XOR (NOT e AND g)
Maj(a,b,c)= (a AND b) XOR (a AND c ) XOR (b AND c)
Sum(a)= ROTR( a by 28 bits) XOR ROTR(a by 34 bits) XOR ROTR(a by 39 bits)
1. For the first 16 rounds (0 to 15),the value of W[t] is equal to the corresponding
word in the message block.
2. For the remaining 64 steps,the value of W[t] is equal to the circular left shift by
one bit of the XOR of the four preceding values of W[t] with two of them
subjected to the circular left shift by 1 bit.
M II M H
KRa
KUG s
KUa
KUG
H r
Sig
Ver Compare
E-mail architecture
PGP ;
• widely used de facto secure email
• developed by Phil Zimmermann
• selected best available crypto algs to use
• integrated into a single program
• on Unix, PC, Macintosh and other systems
• originally free, now also have commercial
versions available
PGP Operation – Authentication
1. sender creates message
2. make SHA-1160-bit hash of message
3. attached RSA signed hash to message
4. receiver decrypts & recovers hash code
5. receiver verifies received message hash
PGP Operation – Confidentiality
1. sender forms 128-bit random session key
2. encrypts message with session key
3. attaches session key encrypted with RSA
4. receiver decrypts & recovers session key
5. session key is used to decrypt message
PGP Operation – Confidentiality &
Authentication
• can use both services on same message
– create signature & attach to message
– encrypt both message & signature
– attach RSA/ElGamal encrypted session key
PGP Operation – Compression
• by default PGP compresses message
after signing but before encrypting
– so can store uncompressed message &
signature for later verification
– & because compression is non deterministic
• uses ZIP compression algorithm
PGP Operation – Email
Compatibility
• when using PGP will have binary data to send
(encrypted message etc)
• however email was designed only for text
• hence PGP must encode raw binary data into
printable ASCII characters
• uses radix-64 algorithm
– maps 3 bytes to 4 printable chars
– also appends a CRC
• PGP also segments messages if too big
PGP Operation – Summary
PGP Message Format
PGP Key Rings
each PGP user has a pair of keyrings:
public-key ring contains all the public-keys of
other PGP users known to this user, indexed
by key ID
private-key ring contains the public/private
key pair(s) for this user, indexed by key ID &
encrypted keyed from a hashed passphrase
security of private keys thus depends on
the pass-phrase security
PGP Key Rings
Let us show a private key ring table for Alice. We assume that
Alice has only two user IDs, alice@some.com and
alice@anet.net. We also assume that Alice has two sets of
private/public keys, one for each user ID.
It may become necessary for an entity to revoke his or her public key from the
ring. This may happen if the owner of the key feels that the key is compromised
(stolen, for example) or just too old to be safe.
PGP Message Generation
PGP Message Reception
PGP Key Management
• rather than relying on certificate authorities
• in PGP every user is own CA
– can sign keys for users they know directly
• forms a “web of trust”
– trust keys have signed
– can trust keys others have signed if have a chain of
signatures to them
• key ring includes trust indicators
• users can also revoke their keys
MIME
MIME-Version
This header defines the version of MIME used. The
current version is 1.1.
• The content type and the content subtype are
separated by a slash. Depending on the subtype, the
header may contain other parameters.
• Content-Type
S/MIME
16.101
Digest-data content type
Authenticated-data content type
Cryptographic Algorithms
S/MIME defines several cryptographic algorithms. The
term “must” means an absolute requirement; the term
“should” means recommendation.
Example