Chapter 8 Public-key Cryptography and Digital Signatures

Similar documents
Topic 6. Digital Signatures and Identity Based Encryption

Lecture V : Public Key Cryptography

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Public Key Cryptography

CIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography

Lecture 1: Introduction to Public key cryptography

Chapter 4 Asymmetric Cryptography

Asymmetric Cryptography

Asymmetric Encryption

Cryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg

10 Public Key Cryptography : RSA

Public Key Cryptography

Discrete Mathematics GCD, LCM, RSA Algorithm

CRYPTOGRAPHY AND NUMBER THEORY

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013

Mathematics of Cryptography

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

Number Theory & Modern Cryptography

MATH 158 FINAL EXAM 20 DECEMBER 2016

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

CIS 551 / TCOM 401 Computer and Network Security

5199/IOC5063 Theory of Cryptology, 2014 Fall

Introduction to Public-Key Cryptosystems:

Public Key Algorithms

Algorithmic Number Theory and Public-key Cryptography

Public-Key Cryptosystems CHAPTER 4

Cryptosystem. Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage

Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30

The security of RSA (part 1) The security of RSA (part 1)

Outline. Available public-key technologies. Diffie-Hellman protocol Digital Signature. Elliptic curves and the discrete logarithm problem

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

CPSC 467: Cryptography and Computer Security

The RSA cryptosystem and primality tests

RSA. Ramki Thurimella

Lecture Notes, Week 6

Week : Public Key Cryptosystem and Digital Signatures

RSA Algorithm. Factoring, EulerPhi, Breaking RSA. Çetin Kaya Koç Spring / 14

Question: Total Points: Score:

RSA RSA public key cryptosystem

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Network Security. Chapter 4 Asymmetric Cryptography

Ti Secured communications

Cryptography. P. Danziger. Transmit...Bob...

2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

New Variant of ElGamal Signature Scheme

Eindhoven University of Technology MASTER. Kleptography cryptography with backdoors. Antheunisse, M. Award date: 2015

L7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

Topics in Cryptography. Lecture 5: Basic Number Theory

Introduction to Modern Cryptography. Lecture RSA Public Key CryptoSystem 2. One way Trapdoor Functions

8.1 Principles of Public-Key Cryptosystems

NET 311D INFORMATION SECURITY

Threshold Cryptography

1 Number Theory Basics

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

CPSC 467b: Cryptography and Computer Security

An Introduction to Cryptography

Digital Signature Scheme Based on a New Hard Problem

Introduction. will now introduce finite fields of increasing importance in cryptography. AES, Elliptic Curve, IDEA, Public Key

NUMBER THEORY FOR CRYPTOGRAPHY

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Ma/CS 6a Class 3: The RSA Algorithm

My brief introduction to cryptography

Introduction to Modern Cryptography. Benny Chor

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

Week 7 An Application to Cryptography

Candidates must show on each answer book the type of calculator used. Only calculators permitted under UEA Regulations may be used.

Introduction to Cryptography. Lecture 6

Public-Key Encryption: ElGamal, RSA, Rabin

Practice Assignment 2 Discussion 24/02/ /02/2018

Mathematical Foundations of Public-Key Cryptography

10 Modular Arithmetic and Cryptography

Introduction to Modern Cryptography. Benny Chor

Biomedical Security. Overview 9/15/2017. Erwin M. Bakker

Lecture 14: Hardness Assumptions

ECE596C: Handout #11

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

Cryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups

and Other Fun Stuff James L. Massey

Digital Signatures. p1.

Methods of Public-Key Cryptography. Émilie Wheeler

Number Theory. Modular Arithmetic

Introduction to Cryptography. Lecture 8

Introduction to Cybersecurity Cryptography (Part 4)

Cryptography. pieces from work by Gordon Royle

RSA ENCRYPTION USING THREE MERSENNE PRIMES

THE RSA CRYPTOSYSTEM

CHAPTER 6: OTHER CRYPTOSYSTEMS, PSEUDO-RANDOM NUMBER GENERATORS and HASH FUNCTIONS. Part VI

Introduction to Cybersecurity Cryptography (Part 5)

Public Key Cryptography

Cryptography IV: Asymmetric Ciphers

Introduction to Cybersecurity Cryptography (Part 4)

Gurgen Khachatrian Martun Karapetyan

Blind Signature Protocol Based on Difficulty of. Simultaneous Solving Two Difficult Problems

Other Public-Key Cryptosystems

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

CHALMERS GÖTEBORGS UNIVERSITET. TDA352 (Chalmers) - DIT250 (GU) 11 April 2017, 8:30-12:30

Overview. Public Key Algorithms II

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Transcription:

Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital Signature 4. ElGamal Digital Signature 5. DSS (Digital Signature Standard) 6. ECDSA (Elliptic Curve Digital Signature Algorithm) @G. Gong, 2003 1

8.1. Introduction to Public-key Cryptography Bob s public key Bob s private key Plaintext Alice Encryption algorithm Ciphertext Decryption algorithm Plaintext Bob A. Figure 1. Simplified Model of Public-Key Encryption @G. Gong, 2003 2

B. Requirements of Public-key Cryptography One-way function: easy x infeasible f(x) Trapdoor one-way function: x easy infeasible if k is not known easy if k is known f k(x) @G. Gong, 2003 3

Therefore, security of public-key cryptosystems are based on the difficulty of different computational problems. Most important ones are - Factoring large integers - Finite field discrete logarithms - Elliptic curve discrete logarithms @G. Gong, 2003 4

C. Key pairs of the public-key system In a secure network system, for each user x, he has a pair of keys (E x, D x ): E x is an encryption key which is put into a public key directory or a file ( after certified), called a public-key of the user. D x is a decrypted key kept private, called a private key of the user. D x (E x ) = E x (D x ) = identity map From known E x, it is computational infeasible to obtain D x Alice C = E b (m) Bob: D b (C) = D b E b (m) = m @G. Gong, 2003 5

8.2. Diffie-Hellman Key Exchange the first example of the public-key scheme System public parameters: p: a prime number, g: a primitive element in GF(p). Alice: Private key: a, 0 < a < p, and gcd(a, p - 1) = 1 Public key: g a Bob: Private key: b, 0 < b < p, and gcd(b, p -1) = 1 Public key: g b @G. Gong, 2003 6

Diffie-Hellman Key Exchange Alice a g a Bob b g b (g b a ) = g ba b (g a ) = g ba @G. Gong, 2003 7

Example 1. Let p = 23. Then g = 5 is a primitive element of GF(p). Public key : g 7 = 5 Alice Private key : a = 7 7 = 17mod 23 g 7 =17 Private key : b = Public - key : g 3 = 5 Bob 3 3 = 10mod13 (g Compute: g 3 =10 Compute: 3 ) 7 7 7 3 3 = 10 = 14 mod 23 ( g ) = 17 = 14 mod 23 The secret information shared by Alice and Bob is 14. Attacker: known 7 g 21 g 3 = 14 g = 10? In other words, is attacker able to compute g ab from known g a and g b?

Diffe-Hellman Problem: Given g a and g b, compute g ab. Thus the Diffe-Hellman key exchange scheme is secure if the DH problem is computationally infeasible. The DH problem is computational feasible if the solving discrete logarithm in GF(p) is computationally feasible. Thus, we may say that the security of the DH key exchange scheme is based on the difficulty of solving discrete logarithm in the finite field GF(p). Remark. The DH key exchange scheme has a very important application in key distribution and management, we will discuss more properties of the DH key exchange scheme in Chapter 10). @G. Gong, 2003 9

Milestone work in public-key cryptography W. Diffie and M. E. Hellman, New direction in cryptography, IEEE Trans. On Inform. Theory, Vol. 22, pp644-654, 1976. @G. Gong, 2003 10

8.3. RSA Encryption and Digital Signature Requirement for digital signatures: Everyone can verify digital signature. Only the signer can sign; no one can forge the signer s signature ( this prevents forgery and denial attacks.) Once the dispute occurs, the third party can solve it. @G. Gong, 2003 11

More about number theory (a) The Euclidean algorithm for computing gcd(a, b), the greatest common divisor of two positive integers a and b, b > a. Input: a and b, b > a Output: d = gcd(a, b) Procedure_(a, b, d) Set r b and r = a 0 Compute: = 1 r, < r < r 0 = b = q1r1 + r2 0 r, < r < r 1 = q2r2 + r3 0 3 2 2 1 Return: r m In other words, gcd(a,b) = r m r, < r < r 2 = q3r3 + r4 0 r = q m 1 m M r m 4 3 @G. Gong, 2003 12

(b) The Chinese Remainder Theorem Let m 1,..., m r are pairwise relatively primes, i.e., gcd( m i, m j ) = 1if i j, and a 1,..., a r are integers, then the system of r congruent equations: X a 1 mod m 1 X a 2 mod m 2 M X a r mod m r has a unique solutions X modulo M = m 1 m r, which is given by X r i= 1 a M i i y i mod M where M = i M / mi and y i = M 1 i mod m i, for 1 i r @G. Gong, 2003 13

Example 1. Suppose r = 3, m 1 = 7, m 2 = 11 and m 3 = 13, then M =1001 M1 = M / m1 = 143 = 3mod 7 M 2 = 91= 3mod11 M 3 = 77 = 12mod13 and y =, y = 4 and y 12 1 5 2 3 = If X X 5 3 mod7 mod11 X 10 mod13 Then X = 715 5 + 364 3 + 924 10mod1001 = 13907mod1001 = 894 mod1001 @G. Gong, 2003 14

(c) Lagrange Theorem: suppose that G is a multiplicative group of order n (i.e. G =n) and g G, then the order of g divides n. Corollary: * Φ( n) If b Z, then b 1mod n, n where Φ(n) is the Euler function (i.e., Φ(n) is the number of integer in the range of 1 and n coprime with n), then Z * n = { a Z gcd( n, a) n = 1} @G. Gong, 2003 15

RSA Encryption User Bob sets up: 1. Generates two large primes p and q. 2. Computes n = pq and Φ(n) = (p-1)(q-1) 3. Chooses a random number e: 0 < e < Φ(n) such that gcd(e, Φ(n) ) = 1. 4. Computes d = e -1 mod Φ(n) using the Euclidean algorithm. 5. Do registration for his public-key {n, e} and publish this pair in a directory as his public key. Keep {d, p, q} as his private key. Encryption: Plaintext m < n: ciphertext c = m e mod n Decryption: m = c d, (c e ) d = c mod n @G. Gong, 2003 16

The RSA Algorithm Key Generation Select: p and q both prime; n = pq; e: gcd(e, φ(n)) = 1, 1<e< φ(n). Compute: d = e -1 mod φ(n). Public key: {e, n}. Private key: {d, p, q} Plaintext: m < n Encryption Ciphertext: c = m e mod n Decryption Ciphertext: c Plaintext: m = c d mod n

3. RSA Encryption and Digital Signature (Cont.) RSA Encryption User Bob sets up: 1. Generates two large primes p and q. 2. Computes n = pq and Φ(n) = (p-1)(q-1) 3. Chooses a random number e: 0 < e < Φ(n) such that gcd(e, Φ(n) ) = 1. 4. Computes d = e -1 mod Φ(n) using the Euclidean algorithm. 5. Do registration for his public-key {n, e} and publish this pair in a directory as his public key. Keep {d, p, q} as his private key. Encryption: Plaintext m < n: ciphertext c = m e mod n Decryption: m = c d, (c e ) d = c mod n @G. Gong, 2003 18

The RSA Algorithm Key Generation Select: p and q both prime; n = pq; e: gcd(e, φ(n)) = 1, 1<e< φ(n). Compute: d = e -1 mod φ(n). Public key: {e, n}. Private key: {d, p, q} Plaintext: m < n Encryption Ciphertext: c = m e mod n Decryption Ciphertext: c Plaintext: m = c d mod n @G. Gong, 2003 19

Example 2. Set up step: Bob: 1. Choose p = 101 and q = 113 2. Compute n = pq = 11413 and Φ(n) =100 112=11200=2 6 5 2 7 3. Choose e = 3533 with gcd(3533, Φ(n)) = 1 4. Compute d = e -1 = 6597 mod 11200 5. Bob s Public key: {3533, 11413}, private key: { 6597, 101,113} Encryption: Alice wants to send m = 9726 to Bob. She then computes c = 9726 3533 mod 11413=5761 Decryption: Bob: c 6597 = (9726) 3533 6597 = 9726 @G. Gong, 2003 20

Remark: Requirements for selection of p and q. (1) p and q should differ in length only a few digits. (2) Both p - 1 and q - 1 should contain a large prime factor. (3) gcd(p - 1, q - 1) should small. (4) d should not be small: d > n 1/4. Security of RSA: Security of RSA depends on the difficulty to compute d from known {e, n}. However, d = e -1 mod Φ(n). Usually it has no other way to compute Φ(n) except for knowing p and q. Thus the security of RSA depends on the difficulty of factorisation of a large digital n. @G. Gong, 2003 21

RSA Digital Signature Algorithm (RSA-DSA) User Bob wants to sign a message m, Signing process: 1. Compute h(m) = m, where h(x) is a hashing function. 2. r = m' d, r is a digital signature of m. Verifying process: Verifier uses Bob s public key {e, m} to compute whether r e m ' mod If yes, then r is a valid signature of m. = n Note. Hashing function h is public, which can be chosen as either MD5 (Message digest algorithm), Rivest 1990, or SHA (Secure Hash Algorithm), NIST, 1995. Employing a hashing function is required in any DSA. @G. Gong, 2003 22

RSA-DSA (Cont.) Bob: signer Message m m m r Hash: h r = h(m) d r signature mod n d: Bob s private key RSA-DSA Signing Process @G. Gong, 2003 23

RSA-DSA Verifying Process Alice: verifier m Hash: h r r e =h(m)? mod n e: Bob s public key @G. Gong, 2003 24

Three milestone works which established the foundation of public-key cryptology: W. Diffe and M. E. Hellman, New direction in cryptography, IEEE Trans. On Inform. Theory, Vol. 22, pp.644-654, 1976. R. L. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public cryptosystem, Communication of ACM, Vol. 21, No.2, pp.120-126, Feb. 1978. T. Elgamal, A public-key cryptosystem and signature scheme based on discrete logarithm, IEEE Trans. on Inform. Theory, vol. IT-31, pp.469-472, July, 1985 @G. Gong, 2003 25

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback