public key encryption systems
play

Public Key Encryption Systems The encrypter and decrypter have - PowerPoint PPT Presentation

Jun 23, 2023 •370 likes •618 views

Public Key Encryption Systems The encrypter and decrypter have different keys C = E(K E ,P) P = D(K D ,C) Often, works the other way, too Lecture 4 Page 1 CS 236 Online History of Public Key Cryptography Invented by Diffie and

  1. Public Key Encryption Systems • The encrypter and decrypter have different keys C = E(K E ,P) P = D(K D ,C) • Often, works the other way, too Lecture 4 Page 1 CS 236 Online

  2. History of Public Key Cryptography • Invented by Diffie and Hellman in 1976 • Merkle and Hellman developed Knapsack algorithm in 1978 • Rivest-Shamir-Adelman developed RSA in 1978 – Most popular public key algorithm • Many public key cryptography advances secretly developed by British and US government cryptographers earlier Lecture 4 Page 2 CS 236 Online

  3. Practical Use of Public Key Cryptography • Keys are created in pairs • One key is kept secret by the owner • The other is made public to the world • If you want to send an encrypted message to someone, encrypt with his public key – Only he has private key to decrypt Lecture 4 Page 3 CS 236 Online

  4. Authentication With Shared Keys • If only two people know the key, and I didn’t create a properly encrypted message - – The other guy must have • But what if he claims he didn’t? • Or what if there are more than two? • Requires authentication servers Lecture 4 Page 4 CS 236 Online

  5. Authentication With Public Keys • If I want to “sign” a message, encrypt it with my private key • Only I know private key, so no one else could create that message • Everyone knows my public key, so everyone can check my claim directly Lecture 4 Page 5 CS 236 Online

  6. Scaling of Public Key Cryptography K e K e K e K e K e K d K d K d K d K d Nice scaling properties K e K e K d K d K e K d K e K e K e K d K e K d K e K d K d K d Lecture 4 Page 6 CS 236 Online

  7. Key Management Issues • To communicate via shared key cryptography, key must be distributed – In trusted fashion • To communicate via public key cryptography, need to find out each other’s public key – “Simply publish public keys” Lecture 4 Page 7 CS 236 Online

  8. Issues of Key Publication • Security of public key cryptography depends on using the right public key • If I am fooled into using the wrong one, that key’s owner reads my message • Need high assurance that a given key belongs to a particular person • Which requires a key distribution infrastructure Lecture 4 Page 8 CS 236 Online

  9. RSA Algorithm • Most popular public key cryptographic algorithm • In wide use • Has withstood much cryptanalysis • Based on hard problem of factoring large numbers Lecture 4 Page 9 CS 236 Online

  10. RSA Keys • Keys are functions of a pair of 100-200 digit prime numbers • Relationship between public and private key is complex • Recovering plaintext without private key (even knowing public key) is supposedly equivalent to factoring product of the prime numbers Lecture 4 Page 10 CS 236 Online

  11. Comparison of AES and RSA • AES is much more complex • However, AES uses only simple arithmetic, logic, and table lookup • RSA uses exponentiation to large powers – Computationally 1000 times more expensive in hardware, 100 times in software • RSA key selection also much more expensive Lecture 4 Page 11 CS 236 Online

  12. Is RSA Secure? • Conjectured that security depends on factoring large numbers – But never proven – Some variants proven equivalent to factoring problem • Probably the conjecture is correct • Key size for RSA doesn’t have same meaning as DES and AES Lecture 4 Page 12 CS 236 Online

  13. Attacks on Factoring RSA Keys • In 2005, a 663 bit RSA key was successfully factored • A 768 bit key factored in 2009 • Research on integer factorization suggests keys up to 2048 bits may be insecure • Insecure key length will only increase • The longer the key, the more expensive the encryption and decryption Lecture 4 Page 13 CS 236 Online

  14. Elliptical Cryptography • RSA and similar algorithms related to factoring products of large primes • Other math can be used for PK, instead – Properties of elliptical curves, e.g. • Can give same security as other public key schemes, with much smaller keys • Widely studied, regarded as safe – But the NSA is pushing it . . . – Often used for small devices Lecture 4 Page 14 CS 236 Online

  15. Combined Use of Symmetric and Asymmetric Cryptography • Common to use both in a single session • Asymmetric cryptography essentially used to “bootstrap” symmetric crypto • Use RSA (or another PK algorithm) to authenticate and establish a session key • Use AES with that session key for the rest of the transmission Lecture 4 Page 15 CS 236 Online

  16. Combining Symmetric and Asymmetric Crypto Alice wants to share the key only with Bob Bob wants to be sure But there are problems we’ll discuss later it’s Alice’s key Only Bob Alice Bob can decrypt it K EA K DA K EB K DB Only Alice could K EB K EA have created it C=E(K S ,K EB ) K S =D(C,K DB ) C=D(M,K EA ) M K S M=E(C,K DA ) Lecture 4 Page 16 CS 236 Online

  17. Digital Signature Algorithms • In some cases, secrecy isn’t required • But authentication is • The data must be guaranteed to be that which was originally sent • Especially important for data that is long-lived Lecture 4 Page 17 CS 236 Online

  18. Desirable Properties of Digital Signatures • Unforgeable • Verifiable • Non-repudiable • Cheap to compute and verify • Non-reusable • No reliance on trusted authority • Signed document is unchangeable Lecture 4 Page 18 CS 236 Online

  19. Encryption and Digital Signatures • Digital signature methods are based on encryption • The basic act of having performed encryption can be used as a signature – If only I know K , then C=E(P,K) is a signature by me – But how to check it? Lecture 4 Page 19 CS 236 Online

  20. Signatures With Shared Key Encryption • Requires a trusted third party • Signer encrypts document with secret key shared with third party • Receiver checks validity of signature by consulting with trusted third party • Third party required so receiver can’t forge the signature Lecture 4 Page 20 CS 236 Online

  21. For Example, K s When in Elas7pa the Course 1o’gw0mega of human 30’sswp. events it 1f43’-s 4 becomes 32.doas3 necessary Dsp5.a#l for one ^o,a 02 When in the Course of human events it becomes necessary for one K s Lecture 4 Page 21 CS 236 Online

  22. Signatures With Public Key Cryptography • Signer encrypts document with his private key • Receiver checks validity by decrypting with signer’s public key • Only signer has the private key – So no trusted third party required • But receiver must be certain that he has the right public key Lecture 4 Page 22 CS 236 Online

  23. For Example, K d When in the Course When in Elas7pa Alice’s of human the Course 1o’gw0mega K e events it of human 30’sswp. becomes events it 1f43’-s 4 necessary public becomes 32.doas3 for one necessary Dsp5.a#l for one ^o,a 02 key Lecture 4 Page 23 CS 236 Online

  24. Problems With Simple Encryption Approach • Computationally expensive – Especially with public key approach • Document is encrypted – Must be decrypted for use – If in regular use, must store encrypted and decrypted versions Lecture 4 Page 24 CS 236 Online

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption [DH76,M78,RSA78,GM84] Avoid Prior Secret Exchange PubK SK 2 Functional Encryption [SW05] Functionality: f( , ) MSK Authority Key: y 2 {0,1}* y SK CT: x

945 views • 16 slides
Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange

Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange

Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange Shared/Symmetric-Key PKE scheme Encryption (a.k.a. private-key encryption) a.k.a. asymmetric-key encryption PKE SKE: Syntax Syntax KeyGen outputs KeyGen

366 views • 13 slides
Public-Key Cryptography Lecture 10 DDH Assumption El Gamal Encryption Public-Key Encryption

Public-Key Cryptography Lecture 10 DDH Assumption El Gamal Encryption Public-Key Encryption

Public-Key Cryptography Lecture 10 DDH Assumption El Gamal Encryption Public-Key Encryption from Trapdoor OWP RECALL Diffie-Hellman Key-exchange Secure if (g x ,g y ,g xy ) (g x ,g y ,g r ) Random x {0,..,|G|-1} Random y

173 views • 13 slides
Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Encryption Public-Key

Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Encryption Public-Key

Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Encryption Public-Key Cryptography Lecture 8 Public-Key Encryption Diffie-Hellman Key-Exchange PKE scheme PKE scheme SKE: Syntax KeyGen outputs K K Enc: M K R

1.18k views • 104 slides
Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

842 views • 26 slides
Laconic Zero Knowledge to Public Key Cryptography Public Key Cryptography Akshay Degwekar

Laconic Zero Knowledge to Public Key Cryptography Public Key Cryptography Akshay Degwekar

Laconic Zero Knowledge to Public Key Cryptography Public Key Cryptography Akshay Degwekar (MIT) Public Key Encryption (PKE) [Diffie-Hellman76, Rivest-Shamir-Adelman78, Goldwasser-Micali82] pk sk Public Key Encryption Public Key Encryption

296 views • 25 slides
Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption Standardization Consortium HomomorphicEncryption.org 0.1 Presenters Roger A. Hallman (SPAWAR Systems Center Pacific; Thayer School of

1.36k views • 91 slides
1 Message Encryption- see Table 11.1 in the book Message Encryption if public-key encryption

1 Message Encryption- see Table 11.1 in the book Message Encryption if public-key encryption

Message Authentication CPE 542: CRYPTOGRAPHY & NETWORK SECURITY message authentication is concerned with: protecting the integrity of a message Chapter 11 Message Authentication and validating identity of originator Hash

462 views • 6 slides
Lecture 9 Public Key Cryptography: Encryption + Signatures 1 El Gamal PK cryptosystem (83) -

Lecture 9 Public Key Cryptography: Encryption + Signatures 1 El Gamal PK cryptosystem (83) -

Lecture 9 Public Key Cryptography: Encryption + Signatures 1 El Gamal PK cryptosystem (83) - p large prime - b base, primitive element, generator - x private exponent - x y public residue y b p ; mod = P Z * p =

272 views • 25 slides
gone WILD Gregory Neven IBM Zurich Research Laboratory Public-key encryption PKI pk KeyGen

gone WILD Gregory Neven IBM Zurich Research Laboratory Public-key encryption PKI pk KeyGen

Identity-Based Encryption gone WILD Gregory Neven IBM Zurich Research Laboratory Public-key encryption PKI pk KeyGen sk M C M Enc Dec Sender (pk) Receiver (sk) 2 1 Identity-based encryption (IBE) [S84] Goal: Allow to encrypt based

584 views • 10 slides
Bi-Deniable Public-Key Encryption Adam ONeill 1 , 2 Chris Peikert 1 Brent Waters 2 1 Georgia

Bi-Deniable Public-Key Encryption Adam ONeill 1 , 2 Chris Peikert 1 Brent Waters 2 1 Georgia

Bi-Deniable Public-Key Encryption Adam ONeill 1 , 2 Chris Peikert 1 Brent Waters 2 1 Georgia Tech 2 U Texas, Austin CRYPTO 2011 17 Aug 1 / 13 Deniable Encryption [CDNO97] c = Enc pk (surpriz prty 4 big bro!) (Images courtesy

694 views • 55 slides
Adaptive partitioning Dennis Hofheinz (KIT, Karlsruhe) Public-Key Encryption Public-Key

Adaptive partitioning Dennis Hofheinz (KIT, Karlsruhe) Public-Key Encryption Public-Key

Adaptive partitioning Dennis Hofheinz (KIT, Karlsruhe) Public-Key Encryption Public-Key Encryption Accepted security notion: chosen-ciphertext security (IND-CCA) Public-Key Encryption Accepted security notion: chosen-ciphertext security

1.16k views • 83 slides
The Public Key Muddle How to manage transparent end-to-end encryption in organizations Dr.

The Public Key Muddle How to manage transparent end-to-end encryption in organizations Dr.

The Public Key Muddle How to manage transparent end-to-end encryption in organizations Dr. Gunnar Jacobson CEO Secardeo GmbH Business Communication E-Mail Desktop (e.g. Outlook) Cloud (e.g. Office 365) More than 50% opened on

503 views • 29 slides
Public Key (RSA) Encryption Bernd Schr oder logo1 Bernd Schr oder Louisiana Tech

Public Key (RSA) Encryption Bernd Schr oder logo1 Bernd Schr oder Louisiana Tech

Overview Needed Theorems RSA Encryption Public Key (RSA) Encryption Bernd Schr oder logo1 Bernd Schr oder Louisiana Tech University, College of Engineering and Science Public Key (RSA) Encryption Overview Needed Theorems RSA

1.62k views • 137 slides
Public-Key Encryption: The Auxiliary-Input Setting Zvika Brakerski Gil Segev Microsoft Research

Public-Key Encryption: The Auxiliary-Input Setting Zvika Brakerski Gil Segev Microsoft Research

Better Security for Deterministic Public-Key Encryption: The Auxiliary-Input Setting Zvika Brakerski Gil Segev Microsoft Research Weizmann Institute Silicon Valley Probabilistic Encryption Enc Semantic Security [GM82]: No

341 views • 14 slides
DTTF/NB479: Dszquphsbqiz Day 30 Announcements: Questions? This week: Digital signatures, DSA

DTTF/NB479: Dszquphsbqiz Day 30 Announcements: Questions? This week: Digital signatures, DSA

DTTF/NB479: Dszquphsbqiz Day 30 Announcements: Questions? This week: Digital signatures, DSA Coin flipping over the phone RSA Signatures allow you to recover the message from the signature; ElGamal signatures dont ElGamal Sig

410 views • 14 slides
Diffie-Hellman not secure against Man-in-the-Middle-attack: Alice Mallory Bob g a a g

Diffie-Hellman not secure against Man-in-the-Middle-attack: Alice Mallory Bob g a a g

Diffie-Hellman not secure against Man-in-the-Middle-attack: Alice Mallory Bob g a a g m m g ma g ma g n n g b b g nb g nb g ma g ma , g nb g nb Eike Ritter Cryptography 2014/15 106

417 views • 9 slides
Multivariate Cryptography Part 3: HFE (Hidden Field Equations) Albrecht Petzoldt PQCrypto Summer

Multivariate Cryptography Part 3: HFE (Hidden Field Equations) Albrecht Petzoldt PQCrypto Summer

Multivariate Cryptography Part 3: HFE (Hidden Field Equations) Albrecht Petzoldt PQCrypto Summer School 2017 Eindhoven, Netherlands Friday, 23.06.2017 A. Petzoldt Multivariate Cryptography PQCrypto Summer School 1 / 53 Reminder:

831 views • 55 slides
Cryptographic Hash Functions Signatures Requirements MD5 and SHA CSS441: Security and

Cryptographic Hash Functions Signatures Requirements MD5 and SHA CSS441: Security and

CSS441 Hash Functions Hash Functions Authentication Cryptographic Hash Functions Signatures Requirements MD5 and SHA CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by

1.04k views • 24 slides
hig igh-performance and lo low-power applications Real World Cryptography Conference 2017

hig igh-performance and lo low-power applications Real World Cryptography Conference 2017

Four -based cryptography for hig igh-performance and lo low-power applications Real World Cryptography Conference 2017 January 4-6, New York, USA Patrick Longa Microsoft Research Next-generation elliptic curves New IETF Standards

861 views • 59 slides
Cryptography: RSA and Factoring; Digital Signatures; Ssh Greg Plaxton Theory in Programming

Cryptography: RSA and Factoring; Digital Signatures; Ssh Greg Plaxton Theory in Programming

Cryptography: RSA and Factoring; Digital Signatures; Ssh Greg Plaxton Theory in Programming Practice, Fall 2005 Department of Computer Science University of Texas at Austin The Hardness of Breaking RSA One approach to breaking RSA is to

274 views • 15 slides
Improved Digital Signatures Based on Elliptic Curve Endomorphism Rings Xiu Xu 3,4,5 Christopher

Improved Digital Signatures Based on Elliptic Curve Endomorphism Rings Xiu Xu 3,4,5 Christopher

Improved Digital Signatures Based on Elliptic Curve Endomorphism Rings Xiu Xu 3,4,5 Christopher Leonardi 1 Anzo Teh 1 David Jao 1,2 Kunpeng Wang 3,4,5 Wei Yu 3,4,5 Reza Azarderakhsh 6 [1] Department of Combinatorics and Optimization, University of

911 views • 72 slides
Digital Signatures Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Digital Signatures Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Digital Signatures Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay July 24, 2018 1 / 29 Group Theory Recap Groups Definition A set G with a binary operation defined

483 views • 29 slides

More recommend