# ECC (Part II) & Smart Contracts. Sep. 16, 2019

Size: px
Start display at page:

Transcription

1 ECC (Part II) & Smart Contracts Sep. 16, 2019

2 Overview Cryptography with ECC How to send secret messages Bitcoin s Stack Machine scripts Review Limitations Ethereum s answer to those limitations Applications Programming Language Solidity Examples Advantages/Disadvantages

3 Elliptic Curve Cryptography (Part II)

4 Points on elliptic curve Points can be added P + Q Points can be added n times np Points can be subtracted P Q P Q P+Q

5 Points on elliptic curves The entire math of ECC is based on adding points G A point can be added to itself, the new point is k Added times to itself results in point Points can be added very fast F = kg H = 2G As a side node, for ECC-based cryptography, everything happens A point is on a curve iff y 2 mod n = x 3 + ax + b mod n mod n Point arithmetics are still well defined

6 Elliptic curve mod p! p PRIMES

7 Elliptic curve mod p! p PRIMES

8 Elliptic curve mod p! p PRIMES P+Q P Q

9 Inverse addition problem! H G Given two points, G, H, find a Z p so that H = ag How often to I need to add p = (x, y) itself to reach q?

10 Inverse addition problem! H G Super hard, we just can t do it efficiently

11 Inverse addition problem! H G Super hard, we just can t do it efficiently NSA supposedly convinced software vendors to use special random number generators that made points predictable

12 Inverse addition problem! H G Super hard, we just can t do it efficiently NSA supposedly convinced software vendors to use special random number generators that made points predictable Quantum computer can solve this efficiently

13 Inverse addition problem! H G Super hard, we just can t do it efficiently NSA supposedly convinced software vendors to use special random number generators that made points predictable Quantum computer can solve this efficiently For now, we this this is a difficult problem

14 Notation We have one operations: combining 2 points Before we used the symbol + for this P + Q, H = ag, etc. We can also re-use the multiplication notation g h, g a

15 Notation ECC math appears in 2 different notations adding points, written as addition and multiplication P + Q, H = ag, etc. Usually this goes with the following standard: Numbers: lowercase characters Points: uppercase characters Often in introductory texts, blogs, s (easy to type) multiplying points, written as multiplication and exponentiation g h, g a Usually this goes with the following standard: Everything lowercase exponents (integers) as Greek letters Often in scientific texts Correlation to other fields better visible (cf. a b mod n) Better readability for complex operations, e.g. (g a h γ ) x

16 Notation A foolish consistency is the hobgoblin of little minds, adored by little statesmen and philosophers and divines. With consistency a great soul has simply nothing to do. Ralph Waldo Emerson (poet) We will use additive and multiplicative notations in this course

17 Discrete Logarithm In scientific notation, the hard problem is Find, so that a y = g a mod n called Discrete Logarithm

18 Summary ECC Point Math The entire math of ECC is based on adding points A point G can be added to itself, the new point is H = 2G Added k times to itself results in point F = kg Points can be added very fast Inverse problem: Given a base point G and a second point R, it is not possible to efficiently compute integer so that R = rg r Z p

19 RSA & ECC y = g a mod n Given compute Given compute Given g y y compute and a y and g a and a g : easy : hard : hard

20 RSA & ECC y = g a mod n Given compute Given and a and g compute Given g y y and a compute y a g : easy : hard : hard One popular curve (Curve25519) has points ( )

21 Cryptography with ECC Known parameters a, b Z, n for curve (y 2 mod n) = (x 3 + ax + b mod n) starting point G on that curve Private key random number n N (does not have to be prime) Public key Point ng

22 Cryptography with ECC Diffie-Hellman (DH) Key exchange Alice: sk=a, pk=ag Bob: sk=b, pk=bg exchange of public keys Alice sends ag to Bob Bob sends bg to Alice Whitfield Diffie and Martin Hellman Alice can now compute a(bg)=(ab)g Bob can now compute b(ag)=(ba)g Only Alice and Bob know point (ab)g! No one else does

23 Cryptography with ECC Alice Bob ag After exchange, Alice and Bob know (ab)g Alice can now send the point Q=P+(ab)G to Bob a(bg) bg b(ag) Bob can extract the point P = Q-(ab)G Nobody, even when listening to all communication, can compute the point P. All they see is Q Q=P+a(bG) Q P=Q-b(aG)

24 Cryptography with ECC Alice can send the point P to Bob P is known to only Alice & Bob P is a point (x,y), i.e. all I need to do in to encode my secret message as a point often used DH to share a different key for other cryptography systems One way is to encode message as y coordinate and compute x

25 Cryptography with ECC Summary Points on a curve A method to combine points Well defined operation, some use +", others use * Inverse operation (discrete logarithm) is very hard Diffie-Hellman key exchange Find a new point, only known to Alice and Bob Usable to send secret messages Signatures, Arithmetics, Zero-Knowledge Will be introduces throughout the course

26 Bitcoin s Stack Machine Verify public/private key Given y=h(pk), msg Require sig, pk: verify(pk, msg, sig)=true AND y=h(pk) Show that you own private key to (the hash of) a public key Program (scriptpubkey) 1. Duplicate top element 2. Hash top element 3. Push compare value onto stack 4. Verify that the two top elements are equal 5. Verify that (sign., pk, transactiondata) is valid Init state of stack (scriptsig) public Key signature

27 Bitcoin s Stack Machine Verify preimage of a hash Given y Require x: y=h(x) Pay to whoever knows the preimage of a hash Program (scriptpubkey) Init state of stack (scriptsig) 1. Hash top element 2. Push compare value onto stack 3. Verify that the two top elements are equal data

28 Bitcoin s Stack Machine Require several parties to agree on a transaction Multi-signature Pay if all / 3-out-of-5 / n-out-of-m signatures are present Program (scriptpubkey) Init state of stack (scriptsig) 1. Push value n onto the stack (i.e. 2) 2. Push pubkey1 3. Push pubkey2 4. Push pubkey Push value m onto the stack (i.e. 3) 7. Check n-out-of-m multisig one signature another signature

29 Bitcoin s Stack Machine 3-out-of-5 signatures are present Program (scriptpubkey) Init state of stack (scriptsig) 1. Push value 3 onto the stack 2. Push pubkey1 3. Push pubkey2 4. Push pubkey3 5. Push pubkey4 6. Push pubkey5 7. Push value 5 onto the stack 8. Check n-out-of-m multisig signature E signature A signature C

30 Bitcoin s Stack Machine 3-out-of-5 signatures are present Program (scriptpubkey) 1. Push value 3 onto the stack 2. Push pubkey1 3. Push pubkey2 4. Push pubkey3 5. Push pubkey4 6. Push pubkey5 7. Push value 5 onto the stack 8. Check n-out-of-m multisig Init state of stack (scriptsig) 3 signature E signature A signature C

31 Bitcoin s Stack Machine 3-out-of-5 signatures are present Program (scriptpubkey) 1. Push value 3 onto the stack 2. Push pubkey1 3. Push pubkey2 4. Push pubkey3 5. Push pubkey4 6. Push pubkey5 7. Push value 5 onto the stack 8. Check n-out-of-m multisig Init state of stack (scriptsig) pubkey1 3 signature E signature A signature C

32 Bitcoin s Stack Machine 3-out-of-5 signatures are present Program (scriptpubkey) 1. Push value 3 onto the stack 2. Push pubkey1 3. Push pubkey2 4. Push pubkey3 5. Push pubkey4 6. Push pubkey5 7. Push value 5 onto the stack 8. Check n-out-of-m multisig Init state of stack (scriptsig) pubkey4 pubkey1 3 signature E signature A signature C

33 Bitcoin s Stack Machine Program (scriptpubkey) 3-out-of-5 signatures are present 1. Push value 3 onto the stack 2. Push pubkey1 3. Push pubkey2 4. Push pubkey3 5. Push pubkey4 6. Push pubkey5 7. Push value 5 onto the stack 8. Check n-out-of-m multisig pubkey5 pubkey4 pubkey1 3 signature E signature A signature C

34 Bitcoin s Stack Machine 3-out-of-5 signatures are present Program (scriptpubkey) 1. Push value 3 onto the stack 2. Push pubkey1 3. Push pubkey2 4. Push pubkey3 5. Push pubkey4 6. Push pubkey5 7. Push value 5 onto the stack 8. Check n-out-of-m multisig OP_CHECKMULTISIG: read m read m public keys read n read n signatures return TRUE if all signatures can be verified (no duplicates) 5 pubkey5 pubkey4 pubkey1 3 signature E signature A signature C

35 Bitcoin s Stack Machine What we can do Create scripts that govern who can access the money If it can be implemented in a Stack Machine, it can be done in Bitcoin Complex scripts could implement a new form of smart banking One could write the rules on how an organization can control Bitcoin does not have a physical place in the world (no regulations) Decentralized Autonomous Corporation (DAO)

36 Decentralized Autonomous Corporation (DAO) Corporations are people, my friend. Mitt Romney What if we encode everything a corporation does/decide into Bitcoin s scripting language is it possible? Can we imagine a corporation without people? Also Mitt Romney: Everything corporations earn ultimately goes to people. Where do you think it goes?

37 Bitcoin s Stack Machine What we can not do As it turns out, we are quite limited with this Stack Machine No if-then-else branch No loops No Turing-completeness Provably less powerful than a normal program Done on purpose to limit the time to validate a block

38 More powerful scripts Can we do more?

39 More powerful scripts Let s re-design Bitcoin to make it more powerful Downsides of Bitcoin s scripting language No Turing-completeness Money can be spend or not, no fine-grained access Scripts are always completely executed. No program state Scripts cannot access other Blockchain info (Nonce, etc.)

40 More powerful scripts Obvious solution: Instead of a Stack Machine, allow any computer program to run Expose specific variables inputs, keys, etc. Global variables Nonce, Block-height, other transactions, etc. Allow halting points

41 More powerful scripts Obvious solution: Instead of a Stack Machine, allow any computer program to run Susceptible to attacks def transactioncode(self): done = False while(not done): pass

42 More powerful scripts Obvious solution: Instead of a Stack Machine, allow any computer program to run Susceptible to attacks def transactioncode(self): done = False while(not done): pass Miner will never finish mining a block Miner cannot analyze code to verify if it will eventually stop Halting problem

43 Limit code run time A car runs X miles on a tank of gas Introduce a notion of the maximum number of instructions a code can run Provide sufficient gas

44 More powerful scripts Ethereum intends to provide is a blockchain with a builtin fully fledged Turing-complete programming language

45 Ethereum Just like Bitcoin Blockchain Proof-of-Work Not like Bitcoin Allow Turing-complete DAPPs (Distributed Applications) A programming language (Solidity) For each transaction, pay fee in gas 1 Eth = Gas (currently, may change)

46 Ethereum 2 types of accounts Externally owned accounts Controlled by People (public/private keys) No Code Contract accounts Controlled by code Not something that needs to be fulfilled, but autonomous agents

47 Ethereum Each block describes a state of the Ethereum Virtual Machine (EVM) Transactions are state transitions ad6bb32b: 712d9a77: State 0 tx 0 State eth etc 122 eth 1024 etc code data from: ad6bb32b to: 712d9a7 value: 4 eth call: send(xyz) ad6bb32b: 712d9a77: eth etc 126 eth 1024 etc code data b39458a7: eth etc b39458a7: eth etc

48 Ethereum Each block describes a state of the Ethereum Virtual Machine (EVM) Transactions are state transitions tx 0 State 0 State 1 APPLY(S[0], Tx[0])! S[1]

49 Ethereum Each block describes a state of the Ethereum Virtual Machine (EVM) Transactions are state transitions Blocks are mined by processing a set of transitions Ethereum White Paper

50 Smart Contracts With Smart Contracts, we can implement new currencies A lookup table as ledger User pay money (eth) to contract to get coins Every transaction happens by external users sending messages to it External user Ethereum new coin transactions

51 Smart Contracts Example (new currency) if Smart Contracts were written in Python class MyCoin: def init (self): self.balance = dict() self.balance[ CentralBank ] = Initialize by giving 1B MyCoins to the central bank

52 Smart Contracts Example (new currency) if Smart Contracts were written in Python class MyCoin: def init (self): self.balance = dict() self.balance[ CentralBank ] = def getbalance(self, accountid): if accountid in self.balance: return self.balance return 0 reading the account balance 0 if the account doesn t exist

53 Smart Contracts Example (new currency) if Smart Contracts were written in Python class MyCoin: def init (self): self.balance = dict() self.balance[ CentralBank ] = def getbalance(self, accountid): if accountid in self.balance: return self.balance return 0 def transfer(self, accountid, amount, to): maxtransferrable = min(self.getbalance(accountid), amount) self.balance[accountid] -= maxtransferrable self.balance[to] = maxtransferrable transfer amount from the sender (accountid) to the recipient (to). If the balance is less than the amount, transfer only as much as available

54 Smart Contracts Example (new currency) class MyCoin: if Smart Contracts were written in Python def init (self): self.balance = dict() self.balance[ CentralBank ] = def getbalance(self, accountid): if accountid in self.balance: return self.balance return 0 def transfer(self, accountid, amount, to): maxtransferrable = min(self.getbalance(accountid), amount) self.balance[accountid] -= maxtransferrable self.balance[to] = maxtransferrable def buy(self, accountid, amount): self.balance[accountid] += amount buy MyCoins by sending eth

55 Solidity The programming language for Ethereum Smart Contracts (Python is not a good language for this) Full fledged, object-oriented programming language compiled and runs on the EVM Can send money to other contracts/accounts on the EVM cannot access I/O (i.e. Internet) A block must always be verifiable, but in the future any external reference might have changed immutable objects (history, nonces, blocks, etc.) are fine

56 Solidity Example contract GavCoin { mapping(address=>uint) balances; uint constant totalcoins = ; function GavCoin(){ balances[msg.sender] = totalcoins; } function balance(address who) constant returns (uint256 balanceinmgav) { balanceinmgav = balances[who]; } function send(address to, uint256 valueinmgav) { if (balances[msg.sender] >= valueinmgav) { balances[to] += valueinmgav; balances[msg.sender] -= valueinmgav; } } Endows creator of contract with 100B GAV = 100B getter function for the balance Send \$(valueinmgav) GAV from the account of \$(message.caller.address()), to an account accessible only by \$(to.address()) }

57 Smart Contracts Used in many different applications Betting/Prediction Markets Standards (like ERC20) for tokens/currencies CryptoKitties Potential problems Everything is open source and cannot change once submitted Bugs are inevitable, this is a security problem Every computation is repeated many times Whenever someone wants to mine/verify block

58 Smart Contracts Smart contracts and their implications are the scope of several other lectures

### CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and

### Notes on Network Security Prof. Hemant K. Soni

Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications

### Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

Kommunikationssysteme (KSy) - Block 8 Secure Network Communication Part II II Public Key Cryptography Dr. Andreas Steffen 2000-2001 A. Steffen, 28.03.2001, KSy_RSA.ppt 1 Secure Key Distribution Problem

### Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret

### The Mathematics of the RSA Public-Key Cryptosystem

The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through

### Digital Signature. Raj Jain. Washington University in St. Louis

Digital Signature Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/

### Cryptography and Network Security

Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared

### Elliptic Curve Cryptography

Elliptic Curve Cryptography Elaine Brow, December 2010 Math 189A: Algebraic Geometry 1. Introduction to Public Key Cryptography To understand the motivation for elliptic curve cryptography, we must first

### Signature Schemes. CSG 252 Fall 2006. Riccardo Pucella

Signature Schemes CSG 252 Fall 2006 Riccardo Pucella Signatures Signatures in real life have a number of properties They specify the person responsible for a document E.g. that it has been produced by

### Bitcoin: Concepts, Practice, and Research Directions

Bitcoin: Concepts, Practice, and Research Directions Ittay Eyal, Emin Gün Sirer Computer Science, Cornell University DISC Bitcoin Tutorial, October 2014 Barter Gold Fiat 2 Barter Gold Fiat Bitcoin 2008:

### Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:

### Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike

### 1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?

### Public Key Cryptography. c Eli Biham - March 30, 2011 258 Public Key Cryptography

Public Key Cryptography c Eli Biham - March 30, 2011 258 Public Key Cryptography Key Exchange All the ciphers mentioned previously require keys known a-priori to all the users, before they can encrypt

### Computer Security: Principles and Practice

Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography

### Cryptography and Network Security Chapter 10

Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 10 Other Public Key Cryptosystems Amongst the tribes of Central

### Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Module No. # 01 Lecture No. # 05 Classic Cryptosystems (Refer Slide Time: 00:42)

### SECURITY IN NETWORKS

SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,

### Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport

### Cryptography and Network Security Chapter 9

Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,

### Public Key (asymmetric) Cryptography

Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,

### Public Key Cryptography: RSA and Lots of Number Theory

Public Key Cryptography: RSA and Lots of Number Theory Public vs. Private-Key Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver

### Overview of Public-Key Cryptography

CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows

### Shor s algorithm and secret sharing

Shor s algorithm and secret sharing Libor Nentvich: QC 23 April 2007: Shor s algorithm and secret sharing 1/41 Goals: 1 To explain why the factoring is important. 2 To describe the oldest and most successful

### CRYPTOGRAPHY IN NETWORK SECURITY

ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

### The science of encryption: prime numbers and mod n arithmetic

The science of encryption: prime numbers and mod n arithmetic Go check your e-mail. You ll notice that the webpage address starts with https://. The s at the end stands for secure meaning that a process

### CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

### Practice Questions. CS161 Computer Security, Fall 2008

Practice Questions CS161 Computer Security, Fall 2008 Name Email address Score % / 100 % Please do not forget to fill up your name, email in the box in the midterm exam you can skip this here. These practice

### Digital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?

Cryptography Digital Signatures Professor: Marius Zimand Digital signatures are meant to realize authentication of the sender nonrepudiation (Note that authentication of sender is also achieved by MACs.)

### A New Efficient Digital Signature Scheme Algorithm based on Block cipher

IOSR Journal of Computer Engineering (IOSRJCE) ISSN: 2278-0661, ISBN: 2278-8727Volume 7, Issue 1 (Nov. - Dec. 2012), PP 47-52 A New Efficient Digital Signature Scheme Algorithm based on Block cipher 1

### Network Security. Chapter 2 Basics 2.2 Public Key Cryptography. Public Key Cryptography. Public Key Cryptography

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Encryption/Decryption using Public Key Cryptography Network Security Chapter 2 Basics 2.2 Public Key Cryptography

### 2. Cryptography 2.4 Digital Signatures

DI-FCT-UNL Computer and Network Systems Security Segurança de Sistemas e Redes de Computadores 2010-2011 2. Cryptography 2.4 Digital Signatures 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures

### Public Key Cryptography and RSA. Review: Number Theory Basics

Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and

### A SOFTWARE COMPARISON OF RSA AND ECC

International Journal Of Computer Science And Applications Vol. 2, No. 1, April / May 29 ISSN: 974-13 A SOFTWARE COMPARISON OF RSA AND ECC Vivek B. Kute Lecturer. CSE Department, SVPCET, Nagpur 9975549138

### Introduction to Cryptography CS 355

Introduction to Cryptography CS 355 Lecture 30 Digital Signatures CS 355 Fall 2005 / Lecture 30 1 Announcements Wednesday s lecture cancelled Friday will be guest lecture by Prof. Cristina Nita- Rotaru

### Cryptography and Network Security

Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 9: Authentication protocols, digital signatures Ion Petre Department of IT, Åbo Akademi University 1 Overview of

### Lukasz Pater CMMS Administrator and Developer

Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign

### Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Modern/Public-key cryptography started in 1976 with the publication of the following paper. W. Diffie

### Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

### DIGITAL SIGNATURES 1/1

DIGITAL SIGNATURES 1/1 Signing by hand COSMO ALICE ALICE Pay Bob \$100 Cosmo Alice Alice Bank =? no Don t yes pay Bob 2/1 Signing electronically Bank Internet SIGFILE } {{ } 101 1 ALICE Pay Bob \$100 scan

### RSA Encryption. Tom Davis tomrdavis@earthlink.net http://www.geometer.org/mathcircles October 10, 2003

RSA Encryption Tom Davis tomrdavis@earthlink.net http://www.geometer.org/mathcircles October 10, 2003 1 Public Key Cryptography One of the biggest problems in cryptography is the distribution of keys.

### Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem

Digital Signatures Murat Kantarcioglu Based on Prof. Li s Slides Digital Signatures: The Problem Consider the real-life example where a person pays by credit card and signs a bill; the seller verifies

### Network Security. HIT Shimrit Tzur-David

Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key

### Using the Bitcoin Blockchain for secure, independently verifiable, electronic votes. Pierre Noizat - July 2014

Using the Bitcoin Blockchain for secure, independently verifiable, electronic votes. Pierre Noizat - July 2014 The problem with proprietary voting systems Existing electronic voting systems all suffer

### Elements of Applied Cryptography Public key encryption

Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let

### Usable Crypto: Introducing minilock. Nadim Kobeissi HOPE X, NYC, 2014

Usable Crypto: Introducing minilock Nadim Kobeissi HOPE X, NYC, 2014 2012 Browsers are an environment that is hostile to cryptography Malleability of the JavaScript runtime. The lack of low-level (system-level)

### A short primer on cryptography

A short primer on cryptography A. V. Atanasov April 14 2007 1 Preliminaries (This section is an introduction to the referred mathematical concepts. Feel free to skip it if you are familiar with the first

### An Analysis of the Bitcoin Electronic Cash System

An Analysis of the Bitcoin Electronic Cash System Danielle Drainville University of Waterloo December 21, 2012 1 Abstract In a world that relies heavily on technology, privacy is sought by many. Privacy,

### SIMS 255 Foundations of Software Design. Complexity and NP-completeness

SIMS 255 Foundations of Software Design Complexity and NP-completeness Matt Welsh November 29, 2001 mdw@cs.berkeley.edu 1 Outline Complexity of algorithms Space and time complexity ``Big O'' notation Complexity

### 7! Cryptographic Techniques! A Brief Introduction

7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (Public-Key) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures

### Distributed Public Key Infrastructure via the Blockchain. Sean Pearl smp1697@cs.rit.edu April 28, 2015

Distributed Public Key Infrastructure via the Blockchain Sean Pearl smp1697@cs.rit.edu April 28, 2015 Overview Motivation: Electronic Money Example TTP: PayPal Bitcoin (BTC) Background Structure Other

### QUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University

QUANTUM COMPUTERS AND CRYPTOGRAPHY Mark Zhandry Stanford University Classical Encryption pk m c = E(pk,m) sk m = D(sk,c) m??? Quantum Computing Attack pk m aka Post-quantum Crypto c = E(pk,m) sk m = D(sk,c)

### NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES

NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES Ounasser Abid 1, Jaouad Ettanfouhi 2 and Omar Khadir 3 1,2,3 Laboratory of Mathematics, Cryptography and Mechanics, Department of Mathematics, Fstm,

### Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles

### Authentication requirement Authentication function MAC Hash function Security of

UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy

### Arithmetic algorithms for cryptology 5 October 2015, Paris. Sieves. Razvan Barbulescu CNRS and IMJ-PRG. R. Barbulescu Sieves 0 / 28

Arithmetic algorithms for cryptology 5 October 2015, Paris Sieves Razvan Barbulescu CNRS and IMJ-PRG R. Barbulescu Sieves 0 / 28 Starting point Notations q prime g a generator of (F q ) X a (secret) integer

### Factoring Algorithms

Factoring Algorithms The p 1 Method and Quadratic Sieve November 17, 2008 () Factoring Algorithms November 17, 2008 1 / 12 Fermat s factoring method Fermat made the observation that if n has two factors

### Discrete Mathematics, Chapter 4: Number Theory and Cryptography

Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility

### Chapter 7: Network security

Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport

### 2. Elections We define an electronic vote as a chain of digital signatures. Each owner transfers the vote to the candidate or legislation by digitally

Abstract A purely peer to peer version of electronic vote would allow online votes to be sent directly from one party to another without going through a central voting register. Digital signatures provide

### 26 Integers: Multiplication, Division, and Order

26 Integers: Multiplication, Division, and Order Integer multiplication and division are extensions of whole number multiplication and division. In multiplying and dividing integers, the one new issue

### Alternative machine models

Alternative machine models Computational complexity thesis: All reasonable computer models can simulate one another in polynomial time (i.e. P is robust or machine independent ). But the Turing machine

### Elements of Applied Cryptography. Key Distribution. Trusted third party: KDC, KTC Diffie-Helmann protocol The man-in-the-middle attack

Elements of Applied Cryptography Key Distribution Trusted third party: KDC, KTC Diffie-Helmann protocol The man-in-the-middle attack Point-to-point key establishment Alice Bob Each pair of users must share

### Digital Signatures. Prof. Zeph Grunschlag

Digital Signatures Prof. Zeph Grunschlag (Public Key) Digital Signatures PROBLEM: Alice would like to prove to Bob, Carla, David,... that has really sent them a claimed message. E GOAL: Alice signs each

### 1. The RSA algorithm In this chapter, we ll learn how the RSA algorithm works.

MATH 13150: Freshman Seminar Unit 18 1. The RSA algorithm In this chapter, we ll learn how the RSA algorithm works. 1.1. Bob and Alice. Suppose that Alice wants to send a message to Bob over the internet

### Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

Breaking The Code Ryan Lowe Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and a minor in Applied Physics. As a sophomore, he took an independent study

### Section 1.5 Exponents, Square Roots, and the Order of Operations

Section 1.5 Exponents, Square Roots, and the Order of Operations Objectives In this section, you will learn to: To successfully complete this section, you need to understand: Identify perfect squares.

### A New Generic Digital Signature Algorithm

Groups Complex. Cryptol.? (????), 1 16 DOI 10.1515/GCC.????.??? de Gruyter???? A New Generic Digital Signature Algorithm Jennifer Seberry, Vinhbuu To and Dongvu Tonien Abstract. In this paper, we study

### ECE 842 Report Implementation of Elliptic Curve Cryptography

ECE 842 Report Implementation of Elliptic Curve Cryptography Wei-Yang Lin December 15, 2004 Abstract The aim of this report is to illustrate the issues in implementing a practical elliptic curve cryptographic

### Mathematics Review for MS Finance Students

Mathematics Review for MS Finance Students Anthony M. Marino Department of Finance and Business Economics Marshall School of Business Lecture 1: Introductory Material Sets The Real Number System Functions,

### How To Know If A Message Is From A Person Or A Machine

The RSA Algorithm Evgeny Milanov 3 June 2009 In 1978, Ron Rivest, Adi Shamir, and Leonard Adleman introduced a cryptographic algorithm, which was essentially to replace the less secure National Bureau

1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...

### Computing exponents modulo a number: Repeated squaring

Computing exponents modulo a number: Repeated squaring How do you compute (1415) 13 mod 2537 = 2182 using just a calculator? Or how do you check that 2 340 mod 341 = 1? You can do this using the method

### Blockchain and Smart Contracts Joe Guagliardo

Blockchain and Smart Contracts Joe Guagliardo Partner and Vice Chair, Technology Practice Group The [financial services] industry has a once-ina-generation opportunity to reimagine and modernize its infrastructure

### Lecture 17: Re-encryption

600.641 Special Topics in Theoretical Cryptography April 2, 2007 Instructor: Susan Hohenberger Lecture 17: Re-encryption Scribe: Zachary Scott Today s lecture was given by Matt Green. 1 Motivation Proxy

### Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Network Security 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination

### Randomized Hashing for Digital Signatures

NIST Special Publication 800-106 Randomized Hashing for Digital Signatures Quynh Dang Computer Security Division Information Technology Laboratory C O M P U T E R S E C U R I T Y February 2009 U.S. Department

### Lecture 9: Application of Cryptography

Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that

### Discrete logarithms within computer and network security Prof Bill Buchanan, Edinburgh Napier

Discrete logarithms within computer and network security Prof Bill Buchanan, Edinburgh Napier http://asecuritysite.com @billatnapier Introduction. Encryption: Public/Private Key. Key Exchange. Authentication.

### The application of prime numbers to RSA encryption

The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered

### A Novel Approach to combine Public-key encryption with Symmetric-key encryption

Volume 1, No. 4, June 2012 ISSN 2278-1080 The International Journal of Computer Science & Applications (TIJCSA) RESEARCH PAPER Available Online at http://www.journalofcomputerscience.com/ A Novel Approach

### Digital Signatures. Meka N.L.Sneha. Indiana State University. nmeka@sycamores.indstate.edu. October 2015

Digital Signatures Meka N.L.Sneha Indiana State University nmeka@sycamores.indstate.edu October 2015 1 Introduction Digital Signatures are the most trusted way to get documents signed online. A digital

### Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

### Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis

Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis by Susana Sin A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master

### Digital signatures. Informal properties

Digital signatures Informal properties Definition. A digital signature is a number dependent on some secret known only to the signer and, additionally, on the content of the message being signed Property.

### Software Tool for Implementing RSA Algorithm

Software Tool for Implementing RSA Algorithm Adriana Borodzhieva, Plamen Manoilov Rousse University Angel Kanchev, Rousse, Bulgaria Abstract: RSA is one of the most-common used algorithms for public-key

### Cryptography and Network Security

Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 7: Public-key cryptography and RSA Ion Petre Department of IT, Åbo Akademi University 1 Some unanswered questions

### Crittografia e sicurezza delle reti. Digital signatures- DSA

Crittografia e sicurezza delle reti Digital signatures- DSA Signatures vs. MACs Suppose parties A and B share the secret key K. Then M, MAC K (M) convinces A that indeed M originated with B. But in case

### Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Goals v understand principles of network security: cryptography and its many uses beyond

Hill Cipher Project K80TTQ1EP-??,VO.L,XU0H5BY,_71ZVPKOE678_X,N2Y-8HI4VS,,6Z28DDW5N7ADY013 Directions: Answer all numbered questions completely. Show non-trivial work in the space provided. Non-computational

### Public Key Cryptography. Performance Comparison and Benchmarking

Public Key Cryptography Performance Comparison and Benchmarking Tanja Lange Department of Mathematics Technical University of Denmark tanja@hyperelliptic.org 28.08.2006 Tanja Lange Benchmarking p. 1 What

### Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian

### CUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631

Cunsheng DING, HKUST Lecture 08: Key Management for One-key Ciphers Topics of this Lecture 1. The generation and distribution of secret keys. 2. A key distribution protocol with a key distribution center.

### Public Key Cryptography Overview

Ch.20 Public-Key Cryptography and Message Authentication I will talk about it later in this class Final: Wen (5/13) 1630-1830 HOLM 248» give you a sample exam» Mostly similar to homeworks» no electronic

### Lecture 3: One-Way Encryption, RSA Example

ICS 180: Introduction to Cryptography April 13, 2004 Lecturer: Stanislaw Jarecki Lecture 3: One-Way Encryption, RSA Example 1 LECTURE SUMMARY We look at a different security property one might require

### Efficient Nonce-based Authentication Scheme for. session initiation protocol

International Journal of Network Security, Vol.9, No.1, PP.12 16, July 2009 12 Efficient Nonce-based Authentication for Session Initiation Protocol Jia Lun Tsai Degree Program for E-learning, Department

### IoT Babelchain. Proof of Understanding. How Machines learn to communicate

IoT Babelchain Proof of Understanding How Machines learn to communicate Benedikt Herudek (benedikt.herudek@gmail.com) April2016 Linux Foundation Open IoT Abstract Having Machines talk to each other is

### Everything you wanted to know about using Hexadecimal and Octal Numbers in Visual Basic 6

Everything you wanted to know about using Hexadecimal and Octal Numbers in Visual Basic 6 Number Systems No course on programming would be complete without a discussion of the Hexadecimal (Hex) number