Introduction to Computer Security

Similar documents
CIS 5371 Cryptography. 8. Encryption --

Elements of Applied Cryptography Public key encryption

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Public Key Cryptography: RSA and Lots of Number Theory

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

Overview of Public-Key Cryptography

CSCE 465 Computer & Network Security

Discrete Mathematics, Chapter 4: Number Theory and Cryptography

Public Key (asymmetric) Cryptography

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, Notes on Algebra

Cryptography and Network Security Chapter 10

Cryptography and Network Security

The application of prime numbers to RSA encryption

Notes on Network Security Prof. Hemant K. Soni

Public Key Cryptography and RSA. Review: Number Theory Basics

MATH 168: FINAL PROJECT Troels Eriksen. 1 Introduction

Public Key Cryptography Overview

Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

Computer Security: Principles and Practice

Lecture 13 - Basic Number Theory.

Applied Cryptography Public Key Algorithms

Network Security. Chapter 2 Basics 2.2 Public Key Cryptography. Public Key Cryptography. Public Key Cryptography

Shor s algorithm and secret sharing

Cryptography and Network Security Chapter 9

Implementation of Elliptic Curve Digital Signature Algorithm

= = 3 4, Now assume that P (k) is true for some fixed k 2. This means that

Lecture 6 - Cryptography

Mathematics of Internet Security. Keeping Eve The Eavesdropper Away From Your Credit Card Information

Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

Advanced Cryptography

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

On Factoring Integers and Evaluating Discrete Logarithms

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis

Study of algorithms for factoring integers and computing discrete logarithms

The Mathematics of the RSA Public-Key Cryptosystem

A SOFTWARE COMPARISON OF RSA AND ECC

RSA Attacks. By Abdulaziz Alrasheed and Fatima

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Public Key Cryptography. c Eli Biham - March 30, Public Key Cryptography

Digital Signature. Raj Jain. Washington University in St. Louis

RSA Question 2. Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p-1)(q-1) = φ(n). Is this true?

Software Tool for Implementing RSA Algorithm

QUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University

ECE 842 Report Implementation of Elliptic Curve Cryptography

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Homework until Test #2

Table of Contents. Bibliografische Informationen digitalisiert durch

Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may

A short primer on cryptography

SFWR ENG 4C03 - Computer Networks & Computer Security

LUC: A New Public Key System

Groups in Cryptography

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

Number Theory and the RSA Public Key Cryptosystem

A Factoring and Discrete Logarithm based Cryptosystem

Elliptic Curve Cryptography Methods Debbie Roser Math\CS 4890

Basic Algorithms In Computer Algebra

Symmetric Key cryptosystem

An Introduction to the RSA Encryption Method

Lecture 3: One-Way Encryption, RSA Example

Secure File Transfer Using USB

Lukasz Pater CMMS Administrator and Developer

Cryptography and Network Security

An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Public-Key Cryptanalysis 1: Introduction and Factoring

Elliptic Curve Cryptography

EXAM questions for the course TTM Information Security June Part 1

A New Efficient Digital Signature Scheme Algorithm based on Block cipher

RSA and Primality Testing

NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES

Chapter. Number Theory and Cryptography. Contents

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

How To Know If A Message Is From A Person Or A Machine

Number Theory and Cryptography using PARI/GP

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Introduction to Computer Security

Textbook: Introduction to Cryptography 2nd ed. By J.A. Buchmann Chap 12 Digital Signatures

Digital Signatures. Prof. Zeph Grunschlag

CS549: Cryptography and Network Security

Cryptography and Network Security Number Theory

Factoring integers, Producing primes and the RSA cryptosystem Harish-Chandra Research Institute

Crittografia e sicurezza delle reti. Digital signatures- DSA

Computer Science A Cryptography and Data Security. Claude Crépeau

Lecture 13: Factoring Integers

DIGITAL SIGNATURES 1/1

Public Key Cryptography. Performance Comparison and Benchmarking

Public-key cryptography RSA

An Approach to Shorten Digital Signature Length

Factoring & Primality

A New Generic Digital Signature Algorithm

Discrete logarithms within computer and network security Prof Bill Buchanan, Edinburgh Napier

FACTORING LARGE NUMBERS, A GREAT WAY TO SPEND A BIRTHDAY

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Kleptography: The unbearable lightness of being mistrustful

Signature Schemes. CSG 252 Fall Riccardo Pucella

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Transcription:

Introduction to Computer Security Asymmetric Cryptography Pavel Laskov Wilhelm Schickard Institute for Computer Science

Key distribution problem any valid key shared key shared key Alice unitue unitue Bob plaintext ciphertext plaintext I love you Encryption C ywoy cih Decryption I love you

Key distribution problem any valid key shared key shared key Alice unitue unitue Bob plaintext ciphertext plaintext I love you Encryption C ywoy cih Decryption I love you How can Alice send a key to Bob over an insecure channel?

Key distribution problem any valid key shared key shared key Alice unitue unitue Bob plaintext ciphertext plaintext I love you Encryption C ywoy cih Decryption I love you How can Alice send a key to Bob over an insecure channel? Idea: Instead of sending a key from one party to another, both parties should work out a key in a series of secure transactions.

Key distribution problem any valid key shared key shared key Alice unitue unitue Bob plaintext ciphertext plaintext I love you Encryption C ywoy cih Decryption I love you How can Alice send a key to Bob over an insecure channel? Idea: Instead of sending a key from one party to another, both parties should work out a key in a series of secure transactions. Enter group theory...

Definition of a group A group is a set G equipped with a binary operation such that the following properties hold: 1. Closure: g, h G, g h G 2. Existence of identity: There exists an identity element e G such that g G, e g = g e = g. 3. Existence of inverse: There exists an inverse element h G such that g G, h g = g h = e. 4. Associativity: (g 1 g 2 ) g 3 = g 1 (g 2 g 3 ).

Finite and abelian groups A group is called finite if it has a finite number of elements. The number of elements in a group G is called the order of the group. A group is called abelian if, in addition to the four basic properties, the commutativity property holds: g h = h g.

Subgroups If G is a group, a set H is a subgroup of G if H itself forms a group under the same operation associated with G.

Examples of groups The set of integers Z is an abelian group under addition. The set of integers Z is not a group under multiplication. The sef of real numbers R is not a group under multiplication. The set of non-zero real numbers R is an abelian group under multiplication. For any N 2, the set Z N = {0, 1,..., N 1} is an abelian group of order N under addition modulo N.

Group exponentiation Group exponentiation is a repetitive application of the group operation: g m def = g... g m times

Group exponentiation Group exponentiation is a repetitive application of the group operation: g m def = g... g m times Some useful properties of exponentiation for finite groups G of order m: For any element g G, g m = 1. For any element g G and any integer i, g i = g [i mod m].

Group exponentiation Group exponentiation is a repetitive application of the group operation: g m def = g... g m times Some useful properties of exponentiation for finite groups G of order m: For any element g G, g m = 1. For any element g G and any integer i, g i = g [i mod m]. Example: How much is 152 11 mod 15? 152 11 = [152 mod 15] 11 = 2 11 = 11 + 11 = 22 = 7 mod 15

Element order We saw that, for a group of order m, applying the group operation m times always produces the identity element. But can this happen for some i < m?

Element order We saw that, for a group of order m, applying the group operation m times always produces the identity element. But can this happen for some i < m? Consider, for some element g G a sequence g = {g 0, g 1,...} Let k be the smallest i m such that g i = 1. Then k is called the order of an element g, g = {g 0, g 1,... g k 1 } is a finite subgroup of G.

Group generator and cyclic groups We saw that the element order k determines the wrap-around period of exponentiation. Does there exist an element g whose order is equal to m, the group order?

Group generator and cyclic groups We saw that the element order k determines the wrap-around period of exponentiation. Does there exist an element g whose order is equal to m, the group order? An element g of order m is called a generator for a group G of order m. A group which has a generator is called cyclic.

Examples of cyclic groups Z N is cyclic for any N > 1. Z 15 is cyclic but has multiple generators, e.g., 2 = {0, 2, 4,..., 14, 1, 3, 5,..., 13} Some other elements of Z 15 have orders less than 15, e.g., 10 = {0, 10, 5} Zp is cyclic for any prime p.

Discrete logarithm (DL) If G is a cyclic group of order m with a generator g, then g = {g 0, g 1,..., g m 1 } = G. Equivalently, for every h G there is a unique x Z m such that g x = h, called a discrete logarithm of h.

Discrete logarithm (DL) If G is a cyclic group of order m with a generator g, then g = {g 0, g 1,..., g m 1 } = G. Equivalently, for every h G there is a unique x Z m such that g x = h, called a discrete logarithm of h. Good news / bad news: While computing the exponentiation in most groups is easy (polylogarithmic in m, how?), there exist groups for which computing discrete logarithms is believed to be hard (no efficient solutions are known).

Brute force computation of DL Let G be the group of order m. For each x {0, 1,..., m 1, compute g x and compare it with h. Output x if equality is found.

Brute force computation of DL Let G be the group of order m. For each x {0, 1,..., m 1, compute g x and compare it with h. Output x if equality is found. Complexity analysis. Each exponentiation takes O(log 2 m), hence the overall complexity is O(m log m).

Brute force computation of DL Let G be the group of order m. For each x {0, 1,..., m 1, compute g x and compare it with h. Output x if equality is found. Complexity analysis. Each exponentiation takes O(log 2 m), hence the overall complexity is O(m log m). The catch. Usually, m is so large that such numbers cannot be considered constant but rather an exponential function of the number of bits: m = 2 k. Then O(m log m) becomes O(k 2 k ).

Diffie-Hellman key exchange How can Alice and Bob compute a key K using group theory?

Diffie-Hellman key exchange How can Alice and Bob compute a key K using group theory? 1. Agree on a cyclic group G with a generator g. 2. Choose random numbers x (Alice) and y (Bob) from G. 3. Compute X = g x (Alice) and Y = g y (Bob). 4. Transmit X and Y to each other. 5. Compute Y x = g yx (Alice) and X y = g xy (Bob). These are the same, hence they can use g xy as a key!

Diffie-Hellman key exchange How can Alice and Bob compute a key K using group theory? 1. Agree on a cyclic group G with a generator g. 2. Choose random numbers x (Alice) and y (Bob) from G. 3. Compute X = g x (Alice) and Y = g y (Bob). 4. Transmit X and Y to each other. 5. Compute Y x = g yx (Alice) and X y = g xy (Bob). These are the same, hence they can use g xy as a key! An attacker only sees g x and g y, but can compute neither x nor y, and hence also not g xy. For finite groups, g x g y = g xy.

Scalability of key exchange Alice Bob Cathy Dan Quadratic growth of the number of keys: for n parties, n(n 1) keys must be generated.

Scalability of key exchange Alice Bob Cathy Dan Quadratic growth of the number of keys: for n parties, n(n 1) keys must be generated. Can the problem be solved with linear number of keys?

Asymmetric cryptography specially generated keypair Bob s public key Bob s private key Alice unitue zxtr9y Bob plaintext ciphertext plaintext I love you Encryption C ywoy cih Decryption I love you

Prime numbers An integer p is a prime number if its only divisors are ±1 and ±p. A positive integer c is said to be the greatest common divisor of a and b if c is a divisor of a and of b; any divisor of a and of b is a divisor of c. Integers a and b are said to be relatively prime if gcd(a, b) = 1.

Euler s totient function A totient φ(n) of an integer n is the number of integers less than n that are relatively prime to n. Example: φ(9) = 6 : {1, 2, 4, 5, 7, 8} Two integers a and b are congruent modulo n, written as a b mod n, if (a mod n) = (b mod n) Euler s Theorem: If a and n are relatively prime, then a φ(n) 1 mod n.

RSA overview Alice sends her love message to Bob via RSA: Alice Bob Generate a keypair K u / K r Send K u to Alice Encrypt plaintext M with K u Send ciphertext C to Bob Decrypt C with K r

RSA key generation Step Condition Select p, q p, q prime, p = q Compute n = p q Compute φ(n) = (p 1)(q 1) Select 1 < e < φ(n) gcd(φ(n), e) = 1 Compute d (de) mod φ(n) = 1 ( ) Public key K u = {e, n} Private key K r = {d, n}

RSA encryption and decryption Encryption: Plaintext: M < n Ciphertext: C = M e mod n Decryption: Ciphertext: C Plaintext: M = C d mod n

Correctness of RSA encryption By the property ( ), (de) mod φ(n) = 1 k : (de) = 1 + kφ(n). Then, M? C d mod n (M e ) d mod n M (ed) mod n M 1+kφ(n) mod n? M mod n

Correctness of RSA encryption (ctd.) Recall that φ(n) = (p 1) (q 1).

Correctness of RSA encryption (ctd.) Recall that φ(n) = (p 1) (q 1). By Euler s Theorem, if p does not divide M, M (p 1) = 1 mod p.

Correctness of RSA encryption (ctd.) Recall that φ(n) = (p 1) (q 1). By Euler s Theorem, if p does not divide M, M (p 1) = 1 mod p. Since (p 1) divides φ(n) M 1+kφ(n) M mod p.

Correctness of RSA encryption (ctd.) Recall that φ(n) = (p 1) (q 1). By Euler s Theorem, if p does not divide M, M (p 1) = 1 mod p. Since (p 1) divides φ(n) M 1+kφ(n) M mod p. Similar argument holds for q and hence for n = pq.

What s secret in RSA? An attacker needs to know d to decrypt C. To find d, an attacker needs to solve ( ): (de) mod φ(n) = 1. For this, he needs to know φ(n). If p and q are known, then finding φ(n) is trivial: φ(n) = (p 1) (q 1) However p and q are discarded during key generation. Factoring n into a product of two prime numbers is an intractable problem! Finding φ(n) directly is likewise intractable.

Comparison of asymmetric methods Algorithm E/D D.S. KEX Hardness RSA Yes Yes Yes Factorization ElGamal Yes No No DLP DSS No Yes No DLP Diffie-Hellmann No No Yes DLP Elliptic curve Yes Yes Yes EC DLP

Summary Group theory provides a mathematical basis for key distribution schemes. Asymmetric cryptography is based two related keys; only one of them (private key) must be kept secret, the other one (public key) can be distributed over insecure media. Security of asymmetric cryptography is based on the (assumed) hardness of certain computational problems (discrete logarithms and integer factorization).

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information