1
play

1 Diffie-Hellman exponential key exchange Diffie-Hellman - PDF document

Aug 17, 2022 •439 likes •553 views

Symmetric cryptography Both parties must agree on a secret key, K message is encrypted, sent, decrypted at other side E K (P) D K (C) Secure Communication Bob Alice Key distribution must be secret otherwise messages can be

  1. Symmetric cryptography • Both parties must agree on a secret key, K • message is encrypted, sent, decrypted at other side E K (P) D K (C) Secure Communication Bob Alice • Key distribution must be secret – otherwise messages can be decrypted – users can be impersonated Key explosion Key distribution • Each pair of users needs a separate key for secure comm unication Bob Alice Alice Bob Secure key distribution is the biggest K AB K AB K AC K BC problem with symmetric cryptography 2 users: 1 key 4 users: 6 keys Charles 3 users: 3 keys 100 users: 4950 keys 1000 users: 399500 keys − n ( n 1 ) n users: keys 2 6 users: 1 5 keys Key exchange Diffie-Hellman exponential key exchange How can you communicate securely with Key distribution algorithm someone you’ve never met? – first algorithm to use public/ private keys – Whit Diffie - idea for a public key algorithm – not public key encryption – goal: sender can create two sets of keys: one public – based on difficulty of computing discrete and one private logarithms in a finite field compared with – sender sends data encrypted with the receiver’s ease of calculating exponentiation public key – receiver can decrypt data with her private key allows us to negotiate a secret session – challenge: can this be done securely? key without fear of eavesdroppers • Knowledge of public key should not allow derivation of private key 1

  2. Diffie-Hellman exponential key exchange Diffie-Hellman exponential key exchange • Alice has secret key • Bob has secret key • All arithmetic perform ed in X A X B field of integers modulo some large number • Alice has public key • Bob has public key • Both parties agree on Y A Y B – a large prim e num ber p – and a number α < p • Alice computes = X • Each party generates a public/ private key pair K Y A mod p B private key for user i : X i K = ( Bob’s public key) ( Alice’s private key) m od p X mod α public key for user i : Y i = i p Diffie-Hellman exponential key exchange Diffie-Hellman exponential key exchange • Alice has secret key • Bob has secret key • Alice has secret key • Bob has secret key X A X B X A X B • Alice has public key • Bob has public key • Alice has public key • Bob has public key Y A Y B Y A Y B • Alice computes • Bob computes • Alice computes • Bob computes = ' = = ' = X X X X K Y mod p K Y mod p K Y mod p K Y mod p A B A B B A B A • expanding: • expanding: K’ = ( Alice’s public key) ( Bob’s private key) m od p = = X X K Y A mod p K ' Y B mod p B A = α = α X X X X ( mod p ) mod p ( mod p ) mod p B A A B = α = α X X X X B A mod p A B mod p K = K’ K is a com m on key , known only to Bob and Alice Diffie-Hellman example Key distribution problem is solved! Suppose p = 31667, α = 7 • User maintains private key • Publishes public key in database (“phonebook”) • Bob picks • Alice picks X B = 27 X A = 18 • Bob’s public key is: • Communication begins with key exchange to • Alice’s public key is: Y B = 7 27 mod 31667 establish a com mon key Y A = 7 18 mod 31667 = 22184 = 6780 • Common key can be used to encrypt a session key • K = 6780 27 mod – increase difficulty of breaking common key by • K = 22184 18 mod reducing the amount of data we encrypt with it 31667 31667 – session key is valid only for one communication K = 1 4 2 6 5 K = 1 4 2 6 5 session 2

  3. RSA RSA algorithm Generate keys • Ron Rivest, Adi Shamir, Leonard Adleman created a true public key encryption algorithm in 1977 – choose two random large prim e numbers p , q • Each user generates two keys – Compute the product n= pq – private key (kept secret) – random ly choose the encryption key, e , such – public key that • Data encrypted with the private key can only be e and ( p -1)( q -1) are relatively prime decrypted with the corresponding public key – use the extended Euclidean algorithm to – integrity, authentication compute the decryption key, d : • Data encrypted with the public key can only be ed = 1 m od (( p -1)( q -1)) decrypted with the corresponding private key d = e -1 mod (( p -1)( q -1)) – secure comm unication • difficulty of algorithm based on the difficulty of factoring – discard p , q large numbers – keys are functions of a pair of large (~ 200 digits) prime numbers RSA algorithm Communication with public key algorithms • encrypt Different keys for encrypting and – divide data into numerical blocks < n decrypting – encrypt each block: – no need to worry about key distribution c = m e m od n • decrypt: m = c d m od n Communication with public key algorithms Communication with public key algorithms Alice Bob Alice Bob Alice’s public key: K A Alice’s public key: K A Alice’s public key: K A Alice’s public key: K A Bob’s public Bob’s public Bob’s public key: K B Bob’s public key: K B key: K B key: K B exchange public keys E B (P) D b (C) (or look up in a directory/ DB) encrypt message with decrypt message with Bob’s private key Bob’s public key 3

  4. Public key woes Communication with public key algorithms Alice Bob Public key cryptography is great but: Alice’s public key: K A Alice’s public key: K A – RSA about 100 times slower than DES in Bob’s public key: K B Bob’s public key: K B software, 1000 times slower in HW – Vulnerable to chosen plaintext attack E B (P) D b (C) • if you know the data is one of n messages, just encrypt each message with the recipient’s public key encrypt message with decrypt message with and compare Bob’s public key Bob’s private key – It’s a good idea to reduce the amount of data E A (P) D a (C) encrypted with any given key • but generating RSA keys is computationally very time consuming encrypt message with decrypt message with Alice’s private key Alice’s public key Hybrid cryptosystems Communication with a hybrid cryptosystem Alice Bob Use public key cryptography to encrypt a randomly generated symmetric key Bob’s public key: K B Bob’s public key: K B Get recipient’s public key session key (or fetch from directory/ database) Communication with a hybrid cryptosystem Communication with a hybrid cryptosystem Alice Bob Alice Bob Bob’s public key: K B Bob’s public key: K B Bob’s public key: K B Bob’s public key: K B E B ( K ) K = D b (E B ( K )) E B ( K ) Pick random session key, K Encrypt session key with Bob’s public key E K (P) D K (C) E B ( K ) K = D b (E B ( K )) E B ( K ) Bob decrypts K with his private key encrypt message using a decrypt message using a symmetric algorithm symmetric algorithm and key K and key K 4

  5. Communication with a hybrid cryptosystem Alice Bob Bob’s public key: K B Bob’s public key: K B E B ( K ) K = D b (E B ( K )) E B ( K ) E K (P) D K (C) Digital Signatures E K (P’) D K (C’) decrypt message using a encrypt message using a symmetric algorithm symmetric algorithm and key K and key K Digital signatures Digital signatures We use signatures because a signature is: We use signatures because a signature is Authentic Unforgeable Authentic Unforgeable Not reusable Non repudiatable Not reusable Non repudiatable Renders docum ent unalterable Renders docum ent unalterable ALL UNTRUE! Can we do better with digital signatures? Digital signatures - arbitrated protocol Digital signatures - arbitrated protocol Arbitrated protocol using sym m etric encryption – turn to trusted third party (arbiter) to authenticate messages Trent Trent Trent is trusted P= D A (C) and has everyone’s keys C= E A (P) Alice Bob Alice Bob Trent receives Alice’s message and decrypts it with Alice’s key - this authenticates that it came from Alice - he may choose to log a hash of the message to Alice encrypts message for herself and sends it to Trent create a record of the transmission 5

  6. Digital signatures - arbitrated protocol Digital signatures - arbitrated protocol Trent Trent C’= E B (P) P’= D B (C’) Bob Bob Alice Alice Bob receives the message and decrypts it - it must have come from Trent since only Trent and Bob have Bob’s key Trent now encrypts the message for Bob and sends it to Bob - if the message says it’s from Alice, it must be - we trust Trent Digital signatures with multiple parties Digital signatures with multiple parties Bob can forward the message to Charles in the same manner. Trent can validate stored hash to ensure that Bob did not alter the message Trent Charles Trent Charles P’’= D B (C’’) C’’= E B (P’) P’= D B (C’) Alice Bob Alice Bob Trent decrypts the message - knows it must be from Bob - looks up ID to match original hash from Alice’s message - validates that the message has not been modified Bob encrypts message with his key and sends it to Trent - adds a “signed by Bob” indicator to the message Digital signatures with multiple parties Digital signatures with multiple parties Charles Charles Trent Trent C’’’= E C (P’’) P’’’= D C (C’’’) Alice Bob Alice Bob Charles decrypts the message - knows the message must have come from Trent - trusts Trent’s assertion that the message originated with Alice Trent encrypts the new message for Charles and was forwarded through Bob 6

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Enc Encryp ypted Sear ed Search h Seny Kamara Brown University 2 3 4 Q: Why is this

Enc Encryp ypted Sear ed Search h Seny Kamara Brown University 2 3 4 Q: Why is this

Enc Encryp ypted Sear ed Search h Seny Kamara Brown University 2 3 4 Q: Why is this happening? 5 Big Data Industry and Governments want more data NaDonal security Machine learning Business analyDcs NLP

431 views • 30 slides
Cryptography Seny Kamara Cryptography Group Microsoft Research Outline Cloud Architecture

Cryptography Seny Kamara Cryptography Group Microsoft Research Outline Cloud Architecture

Cloud Cryptography Seny Kamara Cryptography Group Microsoft Research Outline Cloud Architecture What is cloud computing? o Cloud Ecosystem Who provides and who consumes cloud services? o Cloud Cryptography What are the security

637 views • 34 slides
Post-quantum cryptography Daniel J. Bernstein University of Illinois at Chicago; Ruhr University

Post-quantum cryptography Daniel J. Bernstein University of Illinois at Chicago; Ruhr University

Post-quantum cryptography Daniel J. Bernstein University of Illinois at Chicago; Ruhr University Bochum Wikipedia: Hoover became a controversial figure as evidence of his secretive abuses of power began to surface. He was found to have

1.21k views • 103 slides
Crypto: Symmetric-Key Cryptography Slides credit: Dan Boneh, David Wagner, Doug Tygar Dawn

Crypto: Symmetric-Key Cryptography Slides credit: Dan Boneh, David Wagner, Doug Tygar Dawn

Computer Security Course. Dawn Song Crypto: Symmetric-Key Cryptography Slides credit: Dan Boneh, David Wagner, Doug Tygar Dawn Overview Cryptography: secure communication over insecure communication channels Three goals

475 views • 30 slides
Cryptography &amp; Network Security Introduction Introduction Chester Rebeiro IIT Madras CR

Cryptography &amp; Network Security Introduction Introduction Chester Rebeiro IIT Madras CR

Cryptography &amp; Network Security Introduction Introduction Chester Rebeiro IIT Madras CR The Connected World CR 2 Information Storage CR 3 Increased Security Breaches 81% more in 2015 CR

1.46k views • 29 slides
Lattice-based cryptography II Constructions and implementation issues Leon Groot Bruinderink

Lattice-based cryptography II Constructions and implementation issues Leon Groot Bruinderink

Lattice-based cryptography II Constructions and implementation issues Leon Groot Bruinderink July 1st, 2019 July 1st, 2019 1 / 27 Lattice-based cryptography II In this talk: Introduction to (ring-)LWE Lattice-based key-exchange and

1.44k views • 80 slides
Lecture 9: Secret Sharing, Threshold Cryptography, MPC Helger Lipmaa Helsinki University of

Lecture 9: Secret Sharing, Threshold Cryptography, MPC Helger Lipmaa Helsinki University of

T-79.159 Cryptography and Data Security Lecture 9: Secret Sharing, Threshold Cryptography, MPC Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi T-79.159 Cryptography and Data Security, 24.03.2004 Lecture 9: Secret Sharing,

1.45k views • 33 slides
On Assumptions and the Limits of Cryptography Nils Fleischhacker Bochum, January 24, 2018 2 2

On Assumptions and the Limits of Cryptography Nils Fleischhacker Bochum, January 24, 2018 2 2

On Assumptions and the Limits of Cryptography Nils Fleischhacker Bochum, January 24, 2018 2 2 2 So, how do we know all of this is secure? 2 The sad truth is: We dont! Not really. So, how do we know all of this is secure? 2 The

1.56k views • 70 slides
S-Box Decompositions and some Applications L eo Perrin January 28, 2019, Nancy My Area of

S-Box Decompositions and some Applications L eo Perrin January 28, 2019, Nancy My Area of

S-Box Decompositions and some Applications L eo Perrin January 28, 2019, Nancy My Area of Research: Symmetric Cryptography From Russia With Love Cryptanalysis of a Theorem Conclusion Curriculum Currently : post-doc at SECRET in Inria Paris

1.39k views • 99 slides
IETF Security Tutorial Radia Perlman March, 2007 (radia.perlman@sun.com) 1 Why an IETF

IETF Security Tutorial Radia Perlman March, 2007 (radia.perlman@sun.com) 1 Why an IETF

IETF Security Tutorial Radia Perlman March, 2007 (radia.perlman@sun.com) 1 Why an IETF Security Tutorial? Security is important in all protocols; not just protocols in the security area IETF specs mandated to have a security

1.29k views • 95 slides
Multivariate Public Key Cryptography Jintai Ding University of Cincinnati Technical University

Multivariate Public Key Cryptography Jintai Ding University of Cincinnati Technical University

Multivariate Public Key Cryptography Jintai Ding University of Cincinnati Technical University of Darmstadt 1 1. General Introduction 2. Multivariate public key cryptosystems 3. Challenges 2 1 General Introduction In June 2006, in Belgium,

1.06k views • 68 slides
More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 4 Page 1 CS 236 Online Outline Desirable characteristics of ciphers Stream and block ciphers Cryptographic modes Uses of

475 views • 29 slides
Block Ciphers - The Basics Lars R. Knudsen Spring 2011 L.R. Knudsen Block Ciphers - The Basics

Block Ciphers - The Basics Lars R. Knudsen Spring 2011 L.R. Knudsen Block Ciphers - The Basics

Intro Attack on iterated ciphers Differential cryptanalysis Linear cryptanalysis Block Ciphers - The Basics Lars R. Knudsen Spring 2011 L.R. Knudsen Block Ciphers - The Basics Intro Attack on iterated ciphers Differential cryptanalysis

1.27k views • 77 slides
Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction to cryptographic protocols communication (various security goals) Bruno Blanchet use cryptographic primitives (e.g. encryption, hash function,

451 views • 14 slides
Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

. . . . . . Permutation-based encryption, authentication and authenticated encryption Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint work with DIAC 2012, Stockholm, July 6 Guido Bertoni 1 ,

739 views • 49 slides
Open problems in the design of cryptographic applications based on Cellular Automata Luca Mariot

Open problems in the design of cryptographic applications based on Cellular Automata Luca Mariot

University of Milano-Bicocca Department of Informatics, Systems and Communications Open problems in the design of cryptographic applications based on Cellular Automata Luca Mariot luca.mariot@disco.unimib.it Delft June 19, 2018 Context

329 views • 21 slides
s rtr s

s rtr s

s rtr s t tts 1 1 , 2 r

798 views • 66 slides
s Jrmy Jean - Ivica Nikoli Thomas Peyrin - Yannick Seurin NTU (Singapore)

s Jrmy Jean - Ivica Nikoli Thomas Peyrin - Yannick Seurin NTU (Singapore)

s Jrmy Jean - Ivica Nikoli Thomas Peyrin - Yannick Seurin NTU (Singapore) and ANSSI (France) DIAC 2016 Nagoya, Japan - September 27, 2016

714 views • 28 slides
r rtss t P

r rtss t P

r rtss t P r r rtsst rs r

770 views • 43 slides
On the Design and Use of Lightweight Cryptography for Cyber-Physical Systems Hirotaka Yoshida 1 1

On the Design and Use of Lightweight Cryptography for Cyber-Physical Systems Hirotaka Yoshida 1 1

On the Design and Use of Lightweight Cryptography for Cyber-Physical Systems Hirotaka Yoshida 1 1 AIST, Japan Kolkata, India (16 November 2018) 1 / 38 Table of contents 1 Introduction 2 Lightweight Crypto Stack for Circuit/RAM Size Requirement

670 views • 38 slides
P ttt Prtts

P ttt Prtts

P ttt Prtts rt r tt rtr r

554 views • 31 slides
Introduction to Lattices Oded Regev (Tel Aviv University and CNRS, ENS-Paris) Bar-Ilan

Introduction to Lattices Oded Regev (Tel Aviv University and CNRS, ENS-Paris) Bar-Ilan

Winter School on Lattice-Based Cryptography and Applications Bar-Ilan University, Israel 19/2/2012 Introduction to Lattices Oded Regev (Tel Aviv University and CNRS, ENS-Paris) Bar-Ilan University Dept. of Computer Science Lattices A

846 views • 41 slides
Number Theory and Cryptography Chapter 4 Chapter Motivation Number theory is the part of

Number Theory and Cryptography Chapter 4 Chapter Motivation Number theory is the part of

Number Theory and Cryptography Chapter 4 Chapter Motivation Number theory is the part of mathematics devoted to the study of the integers and their properties. Key ideas in number theory include divisibility and the primality of integers.

1.77k views • 103 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security fail?

758 views • 72 slides

More recommend