katacryptology
play

Katacryptology trust or not your favorite cryptotool ? RSA PreSE - PowerPoint PPT Presentation

Dec 19, 2022 •469 likes •922 views

Katacryptology Robert Erra LSE WEEK 2014 Catacrypt ? Why should you Katacryptology trust or not your favorite cryptotool ? RSA PreSE 1 Robert Erra PreSE 2 LSE WEEK 2014 PreSE 3 PreSE 5 PostSE 1 July 17, 2014 PostSE 3 Back to RSA

  1. Katacryptology Robert Erra LSE WEEK 2014 Catacrypt ? Why should you Katacryptology trust or not your favorite cryptotool ? RSA PreSE 1 Robert Erra PreSE 2 LSE WEEK 2014 PreSE 3 PreSE 5 PostSE 1 July 17, 2014 PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  2. Plan Katacryptology Robert Erra LSE WEEK 2014 Catacrypt ? Why should you trust or not your favorite cryptotool 1 Catacrypt ? ? RSA PreSE 1 PreSE 2 PreSE 3 PreSE 5 PostSE 1 PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  3. Catacrypt ? Chairman: J.-J. Quisquater Katacryptology Robert Erra LSE WEEK 2014 From http: // catacrypt.net / : Catacrypt ? The main point is: many cryptographic protocols are only based Why should you on the security of one cryptographic algorithm (e.g. RSA) and trust or not your favorite cryptotool we don’t know the exact RSA security (including Ron Rivest). ? What if somebody finds a clever and fast factoring algorithm? RSA Well, it is indeed an hypothesis but we know several instances PreSE 1 of possible progress. A new fast algorithm is a possible PreSE 2 PreSE 3 catastroph if not handled properly. And there are other PreSE 5 problems with hash functions, elliptic curves, aso. Think also PostSE 1 about the recent Heartbleed bug (April 2014, see PostSE 3 http: // en.wikipedia.org / wiki / Heartbleed): the discovery was very Back to RSA late and we were close to a catastrophic situation. . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  4. Plan Katacryptology Robert Erra LSE WEEK 2014 Catacrypt ? Why should you trust or not your favorite cryptotool 2 Why should you trust or not your favorite cryptotool ? ? RSA PreSE 1 PreSE 2 PreSE 3 PreSE 5 PostSE 1 PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  5. Rise and Fall of a cryptographic tool: 1 Katacryptology Robert Erra LSE WEEK 2014 There is a Pre and Post Snowden Era : Catacrypt ? Why should you trust or not your favorite cryptotool Pre Snowden Era Problems: ? RSA • PreSE 1: Your key got older PreSE 1 • PreSE 2: Your algorithm got older PreSE 2 • PreSE 3: Your(s) key(s) has(have) been badly PreSE 3 computed PreSE 5 PostSE 1 • PreSE 4: Your algorithm has been badly PostSE 3 programmed 1 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? 1 See https: // cryptocoding.net Robert Erra LSE WEEK 2014 Katacryptology

  6. Rise and Fall of a cryptographic tool: 2 Katacryptology Robert Erra LSE WEEK 2014 Catacrypt ? Pre Snowden Era Problems: Why should you trust or not your • PreSE 5: Your algorithm is used into an insecure favorite cryptotool ? protocol RSA • PreSE 6: Your software is used on an insecure device PreSE 1 (a smart card) PreSE 2 PreSE 3 • PreSE 7: Your processor has a bug (we can use the PreSE 5 intel division bug to factor a RSA key) PostSE 1 PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  7. Rise and Fall of a cryptographic tool: 3 Katacryptology Robert Erra LSE WEEK 2014 Catacrypt ? Why should you trust or not your Post Snowden Era Problems: favorite cryptotool ? • PostSE 1: Your algorithm has a backdoor RSA • PostSE 2: Your processor has a backdoor PreSE 1 • PostSE 3: Your key has a backdoor PreSE 2 PreSE 3 • and so on . . . PreSE 5 PostSE 1 PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  8. Rise and Fall of a cryptographic tool: 4 Katacryptology Robert Erra LSE WEEK 2014 To trust your favorite cryptotool means: You have to trust the full stack : Catacrypt ? Why should you • To trust your algorithm trust or not your favorite cryptotool • To trust your code ? RSA • To trust all the computations that use randomness PreSE 1 • To trust the protocols that uses your cryptotool PreSE 2 • To trust your processor PreSE 3 PreSE 5 • To trust your device PostSE 1 • and so on . . . PostSE 3 Back to RSA Remind: Attackers can do what they want! So, is it . . . weaknesses possible to trust your favorite cryptotool? Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  9. Plan Katacryptology Robert Erra LSE WEEK 2014 Catacrypt ? Why should you trust or not your favorite cryptotool 3 RSA ? RSA PreSE 1 PreSE 2 PreSE 3 PreSE 5 PostSE 1 PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  10. RSA: A "joke" Katacryptology RSA on the shirt / gift september 17th 2000 (end of the Robert Erra LSE WEEK 2014 patent RSA (1978)) par RSA Data Securiy ! Catacrypt ? Why should you trust or not your favorite cryptotool ? RSA PreSE 1 PreSE 2 PreSE 3 PreSE 5 PostSE 1 PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  11. RSA Katacryptology Robert Erra LSE WEEK 2014 RSA: Rivest Shamir Adleman (cf wikipedia) Catacrypt ? Why should you • RSA is an algorithm for public-key cryptography . . . trust or not your favorite cryptotool • . . . publicly described in 1977 by Ron Rivest, Adi ? Shamir, and Leonard Adleman at MIT RSA PreSE 1 • . . . and probably invented by Cli ff ord Cocks, a British PreSE 2 mathematician working for the UK intelligence PreSE 3 agency GCHQ PreSE 5 • . . . and is believed to be secure given su ffi ciently long PostSE 1 keys and the use of up-to-date implementations. PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  12. RSA: Computing the keys Katacryptology Robert Erra LSE WEEK 2014 Catacrypt ? 1 Choose two � large random prime numbers p and q . Why should you 2 Compute n = p × q ; n is the modulus trust or not your favorite cryptotool ? 3 Compute the Euler totient: ϕ ( n ) = ( p − 1)( q − 1). RSA 4 Choose an integer e such that 1 < e < ϕ ( n ), and e is PreSE 1 coprime to ϕ ( n ) : gcd ( e , ϕ ( n )) = 1. PreSE 2 5 Compute d to satisfy the congruence equation PreSE 3 d e ≡ 1 mod ϕ ( n ), i.e. for some integer k: PreSE 5 PostSE 1 d e = 1 + k ϕ ( n ) PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  13. RSA: vocabulary Katacryptology Robert Erra LSE WEEK 2014 Catacrypt ? Remarks Why should you trust or not your • e is released as the public key exponent. favorite cryptotool ? • d is kept as the private key exponent RSA • The public key consists of the modulus n and the PreSE 1 public (or encryption) exponent e : ( n , e ). PreSE 2 • The private key consists of the modulus n and the PreSE 3 PreSE 5 private (or decryption) exponent d which must be PostSE 1 kept secret: ( n , d ). PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  14. RSA: how to use it ? Katacryptology Robert Erra LSE WEEK 2014 Suppose Alice uses Bob’s public key to send him Catacrypt ? Why should you . . . an encrypted message. But Bob has no way of trust or not your favorite cryptotool verifying that the message was actually from Alice since ? anyone can use Bob’s public key to send him encrypted RSA messages. So, in order to verify the origin of a message, PreSE 1 RSA can also be used to sign a message. PreSE 2 • Encryption: C = M e mod n PreSE 3 PreSE 5 • Decryption: M = C d mod n PostSE 1 • Signature: S = M d mod n PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  15. Plan Katacryptology Robert Erra LSE WEEK 2014 Catacrypt ? Why should you trust or not your favorite cryptotool 4 PreSE 1 ? RSA PreSE 1 PreSE 2 PreSE 3 PreSE 5 PostSE 1 PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  16. PreSE 1: factoring an RSA modulus ? Katacryptology Robert Erra LSE WEEK 2014 Catacrypt ? The Humpich a ff air Why should you trust or not your • In 1997 S. Humpich factored the GIE CB Public RSA favorite cryptotool ? modulus RSA • It has been chosen years before: 320 bits PreSE 1 PreSE 2 • In 1991 the record was RSA100: which means 330 bits PreSE 3 • In 2000 the record was RSA512: which means 512 bits PreSE 5 • S. Humpich was put in jail . . . PostSE 1 PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  17. Factorization Katacryptology Robert Erra — Some factorisation records LSE WEEK 2014 Catacrypt ? N Year Algorithm Why should you RSA-120 (399 bits) 1993 MQPS trust or not your favorite cryptotool RSA-129 (429 bits) 1994 MPQS ? RSA-130 (432 bits) 1996 NFS RSA PreSE 1 RSA-140 (466 bits) 1999 NFS PreSE 2 RSA-155 (512 bits) 1999 NFS PreSE 3 RSA-160 (532 bits) 2003 NFS PreSE 5 RSA-200 (665 bits) 2005 NFS PostSE 1 RSA-768 bits 2010 NFS PostSE 3 2030 ? RSA-1024 bits ?? Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security and Protection Xavier Martorell-Bofill 1 Ren Serral-Graci 1 Universitat Politcnica

Security and Protection Xavier Martorell-Bofill 1 Ren Serral-Graci 1 Universitat Politcnica

Security and Protection Xavier Martorell-Bofill 1 Ren Serral-Graci 1 Universitat Politcnica de Catalunya (UPC) May 26, 2014 Introduction About security Security components Lectures System administration introduction 1 Operating System

517 views • 35 slides
syzkaller Mark Johnston markj@FreeBSD.org FreeBSD Bay Area Vendor Summit October 12, 2019

syzkaller Mark Johnston markj@FreeBSD.org FreeBSD Bay Area Vendor Summit October 12, 2019

syzkaller Mark Johnston markj@FreeBSD.org FreeBSD Bay Area Vendor Summit October 12, 2019 System Call Fuzzing: What? Common syscall usage patterns cover a small space Why would you ever call send(2) after listen(2) ? Increase

744 views • 12 slides
Security in a cloud context David Crooks, for the EGI CSIRT Lessons learned from recent incidents

Security in a cloud context David Crooks, for the EGI CSIRT Lessons learned from recent incidents

Security in a cloud context David Crooks, for the EGI CSIRT Lessons learned from recent incidents www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number 654142 Cloud Security EGI

571 views • 16 slides
Accessing Samba from Linux. Whats new? Whats faster? Whats better? Steve French

Accessing Samba from Linux. Whats new? Whats faster? Whats better? Steve French

Accessing Samba from Linux. Whats new? Whats faster? Whats better? Steve French Principal Systems Engineer Primary Data Legal Statement T h i s w o r k r e p r e s e n t s t h e v i e w s o f t h e a u t h o r ( s ) a n d d o e

480 views • 28 slides
Lattice-based cryptography, day 1: simplicity D. J. Bernstein University of Illinois at Chicago;

Lattice-based cryptography, day 1: simplicity D. J. Bernstein University of Illinois at Chicago;

1 Lattice-based cryptography, day 1: simplicity D. J. Bernstein University of Illinois at Chicago; Ruhr University Bochum 2 2000 Cohen cryptosystem Public key: vector of integers K = ( K 1 ; : : : ; K N ) { X; : : : ; X } N .

1.84k views • 164 slides
Discrete Logarithm with Auxiliary Inputs (Special Semester Workshop 4) Jung Hee Cheon (partly

Discrete Logarithm with Auxiliary Inputs (Special Semester Workshop 4) Jung Hee Cheon (partly

Discrete Logarithm with Auxiliary Inputs (Special Semester Workshop 4) Jung Hee Cheon (partly joint work with Taechan Kim and Yongsu Song) Department of Mathematical Sciences and ISaC-RIM Seoul National University December 13, 2013 1 / 41

557 views • 41 slides
Exploring the Effect of an Advance Letter on Response and Eligibility Rates: A M Met eta-Ana

Exploring the Effect of an Advance Letter on Response and Eligibility Rates: A M Met eta-Ana

Exploring the Effect of an Advance Letter on Response and Eligibility Rates: A M Met eta-Ana nalysis S Stud udy for the he Nationa nal I Immuni unization S n Sur urvey (NIS) Abera Wouhib 1 , Jie Zhao 2 , Meena Khare 1 and Vicki Pineau 2

812 views • 17 slides
ENISA EUROPEAN NIS AGENDA AND THE PERSPECTIVE Prof. Dr. Reinhard Posch Chairperson ENISA

ENISA EUROPEAN NIS AGENDA AND THE PERSPECTIVE Prof. Dr. Reinhard Posch Chairperson ENISA

ENISA EUROPEAN NIS AGENDA AND THE PERSPECTIVE Prof. Dr. Reinhard Posch Chairperson ENISA Management Board THE GENERAL GOAL The general goal of ENISA and of any subsequent situation is to strengthen Euorpe with NIS and to enable NIS

337 views • 10 slides
www.enisa.eu.int ENISA update 17 th TF-CSIRT, Amsterdam, 23.01.2006 Marco Thorbruegge

www.enisa.eu.int ENISA update 17 th TF-CSIRT, Amsterdam, 23.01.2006 Marco Thorbruegge

www.enisa.eu.int ENISA update 17 th TF-CSIRT, Amsterdam, 23.01.2006 Marco Thorbruegge marco.thorbruegge@enisa.eu.int 1 ENISAs tasks Risk assessment Becoming a centre and Track of expertise risk management standardisation Information

728 views • 16 slides
System Administration HW5 - Mini Private Lab tzute Computer Center, CS, NCTU Architecture

System Administration HW5 - Mini Private Lab tzute Computer Center, CS, NCTU Architecture

System Administration HW5 - Mini Private Lab tzute Computer Center, CS, NCTU Architecture Overview (1/3) behind account SSH playground storage 2 Computer Center, CS, NCTU Architecture Overview (2/3) Sharing these via YP: behind ypbind

397 views • 28 slides
Web-based Supporting Materials for Power/Sample Size Calculations for Assessing Correlates of Risk

Web-based Supporting Materials for Power/Sample Size Calculations for Assessing Correlates of Risk

Web-based Supporting Materials for Power/Sample Size Calculations for Assessing Correlates of Risk in Clinical Efficacy Trials Peter B. Gilbert, Holly E. Janes, Yunda Huang Appendix A: Unbiased Biomarker Characterization Accounting for the Sam-

396 views • 12 slides
ETC Teaching Session Instructor: Swara Ravindranath JWST Proposal Planning Workshop May 15

ETC Teaching Session Instructor: Swara Ravindranath JWST Proposal Planning Workshop May 15

The Canadian NIRISS Unbiased Cluster Survey (CANUCS) ETC Teaching Session Instructor: Swara Ravindranath JWST Proposal Planning Workshop May 15 18, 2017 STScI The Canadian NIRISS Unbiased Cluster Survey (CANUCS) Slitless spectroscopy

1.08k views • 14 slides
Indian National System of Innovation and Globalisation: Some Lessons for African National System

Indian National System of Innovation and Globalisation: Some Lessons for African National System

INNOVATION SYSTEMS AND DEVELOPMENT STRATEGIES FOR THE THIRD MILLENIUM Rio de Janeiro, Brazil 2-6 November 2003 Indian National System of Innovation and Globalisation: Some Lessons for African National System of Innovation Mammo Muchie

270 views • 23 slides
CS 171: Introduction to Computer Science II Algorithm Analysis Li Xiong Today Hw1

CS 171: Introduction to Computer Science II Algorithm Analysis Li Xiong Today Hw1

CS 171: Introduction to Computer Science II Algorithm Analysis Li Xiong Today Hw1 discussion Recap: linear search and binary search Algorithm Analysis Big-O Notation Big-O Notation Loop Analysis Hw1 Discussion Read

2.41k views • 45 slides
www.transparency.org.nz Policy Implications of Transparency International Integrity Plus 2013

www.transparency.org.nz Policy Implications of Transparency International Integrity Plus 2013

1 www.transparency.org.nz Policy Implications of Transparency International Integrity Plus 2013 NZ's National Integrity System Assessment The Treasury Friday 14 th March 2014 1:30pm- 3:00pm liz.brown@paradise.net.nz mpetrie@esg.co.nz

947 views • 45 slides
Changing the probability distribution Recall the binary tree with a probability distribution P

Changing the probability distribution Recall the binary tree with a probability distribution P

Changing the probability distribution Recall the binary tree with a probability distribution P defined by with probability p u S i +1 = S i with probability 1 p d The process { S i } 0 i N is not a P

499 views • 14 slides
Rule Models as Semantic Models for Command and Control Francisco Loaiza Steven Wartik Institute

Rule Models as Semantic Models for Command and Control Francisco Loaiza Steven Wartik Institute

I N F O R M A T I O N T E C H N O L O G Y &amp; S Y S T E M S D I V I S I O N Rule Models as Semantic Models for Command and Control Francisco Loaiza Steven Wartik Institute for Defense Analyses TOC I N F O R M A T I O N T E C H N O L

621 views • 13 slides
Deploying pNFS solution over Distributed Storage Jiffin Tony Thottan Associate Software Engineer

Deploying pNFS solution over Distributed Storage Jiffin Tony Thottan Associate Software Engineer

Deploying pNFS solution over Distributed Storage Jiffin Tony Thottan Associate Software Engineer Agenda pNFS protocol NFS-Ganesha GlusterFS Integration Challenges Configuring pNFS cluster 2 pNFS Protocol Overview

587 views • 31 slides
Nursing Nursing Informati tion Syste tem A relevant t substi titu tute te of th the paper

Nursing Nursing Informati tion Syste tem A relevant t substi titu tute te of th the paper

Nursing Nursing Informati tion Syste tem A relevant t substi titu tute te of th the paper record M.B. Michel-Verkerke Saxion University of Applied Sciences, Enschede, The Netherlands MIE 2011 Oslo, August 31 Nurse Donna Taylor uses a

404 views • 19 slides
a superconducting qubit and a single-electron transistor Jukka Pekola, Aalto University,

a superconducting qubit and a single-electron transistor Jukka Pekola, Aalto University,

Experiments on quantum heat transport through a superconducting qubit and a single-electron transistor Jukka Pekola, Aalto University, Helsinki, Finland 1. Heat in circuits: measurement and control 2. Thermometry 3. Single-electron transistor:

390 views • 36 slides
Peer-to-Peer Networks 01: Organization and Introduction Christian Schindelhauer Technical

Peer-to-Peer Networks 01: Organization and Introduction Christian Schindelhauer Technical

Peer-to-Peer Networks 01: Organization and Introduction Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg Web &amp; Dates Web page -

494 views • 17 slides
PHP Chapter 1 Introduction Survey Have you ever written a web application? Have you used

PHP Chapter 1 Introduction Survey Have you ever written a web application? Have you used

MCIS/UA PHP Training 2003 PHP Chapter 1 Introduction Survey Have you ever written a web application? Have you used any of the following languages? C PHP C++ Java Perl Have you ever written an object-oriented

535 views • 27 slides
Counterattack Turning the tables on exploitation attempts from tools like Metasploit whoami

Counterattack Turning the tables on exploitation attempts from tools like Metasploit whoami

Counterattack Turning the tables on exploitation attempts from tools like Metasploit whoami scriptjunkie Security research Metasploit contributor whoami wrote this thing whoami I work here Disclaimer This

1.02k views • 76 slides
Routing and Transport in Wireless Sensor Networks Ibrahim Matta (matta@bu.edu) Niky Riga

Routing and Transport in Wireless Sensor Networks Ibrahim Matta (matta@bu.edu) Niky Riga

10/21/2003 Routing and Transport in Wireless Sensor Networks Ibrahim Matta (matta@bu.edu) Niky Riga (inki@bu.edu) Georgios Smaragdakis (gsmaragd@bu.edu) Wei Li (wli@bu.edu) Vijay Erramilli (evijay@bu.edu) References Adaptive Protocols

633 views • 23 slides

More recommend