© All Rights Reserved

15 views

© All Rights Reserved

- Types of Cryptography
- W07 Exchange Clients Security
- Project
- Network Security
- Z Crypto Hw Summary
- Understanding Digital Certificates & Wireless Transport Layer WTLS
- is material
- adhoc
- IEEE project topics and abstracts 2016
- cholantechnology4@gmail.com
- Gpg4win Compendium En
- Intro to Encryption
- Prjt repo
- A Public-Key Cryptosystem Based On Discrete Logarithm Problem over Finite Fields ?? ?
- Cryptography
- PGP
- 201103 s0819824 Masterthesis Print
- Proposed Optimum Hybrid Encryption for Non-Repudation False Modification and Authentication
- EMV v4.3 Book 2 Security and Key Management 20120607061923900
- 4c_discreteLogDiffieHellman_e.pdf

You are on page 1of 21

1

2

CSc 466/566

Computer Security

3

4

Version: 2012/02/15 16:15:24

University of Arizona

5

collberg@gmail.com

c 2012 Christian Collberg

Copyright

Christian Collberg

6

1/83

Introduction

RSA

Algorithm

Example

Correctness

Security

GPG

Elgamal

Algorithm

Example

Correctness

Security

Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange

Example

Correctness

Security

Summary

Introduction

2/83

Public-key Algorithms

RSA Conference 2011-Opening-Giants Among Us:

encryption and decryption.

http://www.youtube.com/watch?v=mvOsb9vNIWM&feature=related

http://www.youtube.com/watch?v=b57zGAkNKIc

http://www.youtube.com/watch?v=BuUSi_QvFLY&feature=related

EPB (M) = C

http://www.youtube.com/watch?v=nULAC_g22So http://www.youtube.com/watch?v=nJB7a79ahGM

DSB (C ) = M

DSB (EPB (M)) = M

Introduction

3/83

Introduction

4/83

algorithms Bob and Alice have to somehow agree on a key

to use.

Bob

Alice

used for encryption and and private one for decryption.

plaintext

Bob sends Alice his public key, or Alice gets it from a public

database.

Alice encrypts her plaintext using Bobs public key and sends

it to Bob.

Introduction

PB

5/83

Alice

SA , PA

PA , PC

PA , PB

PB , PC PA , PD

Carol

SC , PC

Eve

decrypt

plaintext

SB

Introduction

6/83

messages they are simply too slow.

Bob

SB , PB

keys for symmetric cryptosystems . These are called

session keys , and are discarded once the communication

session is over.

PB , PD

1

key, and sends it to Bob.

Bob decrypts the message using his private key to get the

session key K .

messages using K .

SD , PD

Disadvantages : Ciphers (RSA,. . . ) are slow; keys are large

Introduction

ciphertext

A Hybrid Protocol

Dave

PC , PD

encrypt

7/83

Introduction

8/83

Outline

1

2

Bob

Alice

3

4

encrypt

EPB (K )

PB

decrypt

SB

5

encrypt

K

EK (M)

decrypt

K

6

Introduction

9/83

RSA

Introduction

RSA

Algorithm

Example

Correctness

Security

GPG

Elgamal

Algorithm

Example

Correctness

Security

Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange

Example

Correctness

Security

Summary

RSA

10/83

RSA: Algorithm

Generate two large random primes p and q.

Compute n = pq.

Select a small odd integer e relatively prime with (n).

4 Compute (n) = (p 1)(q 1).

5 Compute d = e 1 mod (n).

1

2

3

based on the (believed) difficulty of factoring large numbers.

Plaintexts and ciphertexts are large numbers (1000s of bits).

SB = (d, n) is Bob RSA private key.

exponentiation.

1

2

Compute C = M e mod n.

1

RSA

11/83

RSA

Compute M = C d mod n.

12/83

It doesnt matter for security; everybody could use the same e.

It matters for performance: 3, 17, or 65537 are good choices.

Compute n = pq = 3337.

Select e = 79.

Compute

larger messages you need to break them into pieces, each < n.

exponentiation.

= 1019

RSA

13/83

1

2

RSA

14/83

Encrypt M = 6882326879666683.

Break up M into 3-digit blocks:

m = h688, 232, 687, 966, 668, 003i

= e 1 mod (n)

Encrypt each block:

m1 = c1d mod n

= 15701019 mod 3337

c1 = m1e mod n

= 688

= 1570

We get:

c = h1570, 2756, 2091, 2276, 2423, 158i

RSA

15/83

RSA

16/83

(3, n)

Show the result of encrypting M = 4 using the public key

(e, n) = (3, 77) in the RSA cryptosystem.

or

(16385, n)

as his RSA public key if he wants people to encrypt messages

for him from their cell phones.

As usual, n = pq, for two large primes, p and q.

What is the justification for Alices advice?

RSA

17/83

RSA

18/83

RSA Correctness

We have

C

= M e mod n

M = C d mod n.

1

Encrypt M = 88.

ciphertext actually gets the plaintext back, i.e that, for all

M<n

C d mod n = (M e )d mod n

= M ed mod n

= M

RSA

19/83

RSA

20/83

d

= e 1 mod (n)

M (n) mod n = 1 follows from Eulers theorem.

ed mod (n) = 1

ed

Theorem (Euler)

= k(n) + 1

n > 0, then

x (n) mod n = 1

C d mod n = M ed mod n

= M k(n)+1 mod n

= M (M (n) )k mod n

= M 1k mod n

= M mod n

= M

RSA

21/83

RSA

22/83

We have that

(n) = (pq) = (p)(q)

By Eulers theorem we have that

factor in common with n, since M < n.

There are two cases:

1

2

= (M k(p) )(q) mod q

= 1

M is relatively prime with p and M = iq.

M k(n) = 1 + hq

Multiply both sides by M

M M k(n) = M(1 + hq)

M k(n)+1 = M + Mhq

RSA

23/83

RSA

24/83

RSA Security

d

C mod n = M

= M

ed

Summary:

Compute n = pq, p and q prime.

Select a small odd integer e relatively prime with (n).

Compute (n) = (p 1)(q 1).

4 Compute d = e 1 mod (n).

5 PB = (e, n) is Bobs RSA public key.

6 SB = (d, n) is Bob RSA private key.

mod n

k(n)+1

1

2

3

mod n

= (M + Mhq) mod n

= (M + (ip)hq) mod n

= (M + (ih)pq) mod n

= (M + (ih)n) mod n

If she can compute d from e and n, she has Bobs private key.

d = e 1 mod (n) using Euclids algorithm.

= M mod n

= M

RSA

25/83

RSA

26/83

RSA Security. . .

broken.

As far as we know, factoring is hard.

1

2

RSA

It took 10 years to break the Chor-Rivest cryptosystem.

27/83

RSA

28/83

Name :

RSA576

Digits :

174

188198812 92 0 60 7 96 3 83 8 69 7 23 9 46 1 65 0 43 9 8 07 1 63 5 63 3 79 4 17 3 82 7 00 7 63 3 56 4 22

988859715 23 4 66 5 48 5 31 9 06 0 60 6 50 4 74 3 04 5 3 17 3 88 0 11 3 03 3 96 7 16 1 99 6 92 3 21 2 05

7340318795 50 6 56 9 96 22 1 30 5 16 87 5 93 0 76 5 02 57 0 59

T. Kleinjung continued its productivity with a successful

factorization of the challenge number RSA-640, reported on

November 2, 2005.

The factors are:

several other countries reported a successful factorization of

the challenge number RSA-576.

The factors are

1900871281 66 4 82 2 11 3 12 6 85 15 7 39 3 54 1 39 7 54 7 18 9 67 8 99 68

5154936666 38 5 39 0 88 0 27 10 3 80 2 10 4 49 8 95 7 19 1 26 14 6 55 7 1

47277214610 7 43 5 30 2 53 6 22 30 7 19 7 30 4 82 24 6 32 9 14 6 95

30209711645 9 85 2 17 11 3 05 2 07 11 2 56 3 63 5 90 39 7 52 7

RSA

RSA

Name :

RSA1536

Digits :

463

184769970 32 1 17 4 14 7 43 0 68 3 56 2 0 20 0 16 4 40 3 01 8 54 9 33 8 66 3 4 1 0 1 71 4 71 7 85 7 74 9 10 6 5 1

696711161 24 9 85 9 33 7 68 4 30 5 43 5 7 44 5 85 6 16 0 61 5 44 5 71 7 94 0 5 2 2 2 97 1 77 3 25 2 46 6 09 6 0 6

469460712 49 6 23 7 20 4 42 0 22 2 69 7 5 67 5 66 8 73 7 84 2 75 6 23 8 95 0 8 7 6 4 67 8 44 0 93 3 28 5 15 7 4 9

657884341 50 8 84 7 55 2 82 9 81 8 67 2 6 45 1 33 9 86 3 36 4 93 1 90 8 08 4 6 7 1 9 90 4 31 8 74 3 81 2 83 3 6 3

502795470 28 2 65 3 29 7 80 2 93 4 91 6 1 55 8 11 8 81 0 49 8 44 9 08 3 19 5 4 5 0 0 98 4 83 9 37 7 52 2 72 5 7 0

525785919 44 9 93 8 70 0 73 6 95 7 55 6 8 84 3 69 3 38 1 27 7 96 1 30 8 92 3 0 3 9 2 56 9 69 5 25 3 26 1 62 0 8 2

3676490316 03 6 55 1 37 14 4 79 1 39 3 23 47 1 69 5 66 9 88 06 9

Name :

RSA768

Digits :

232

123018668 45 3 01 1 77 5 51 3 04 9 49 5 8 38 4 96 2 72 0 77 2 85 3 56 9 59 5 33 4 7 92 1 97 3 22 4 52 1 51 7 2

640050726 36 5 75 1 87 4 52 0 21 9 97 8 6 46 9 38 9 95 6 47 4 94 2 77 4 06 3 84 5 9 25 1 92 5 57 3 26 3 03 4 5

373154826 85 0 79 1 70 2 61 2 21 4 29 1 3 46 1 67 0 42 9 21 4 31 1 60 2 22 1 2 4 0 4 79 2 74 7 37 7 94 0 80 6 6 5

351419597459 85 69 0 21 43 41 3

Name :

RSA2048

Digits :

617

251959084 75 6 57 8 93 4 94 0 27 1 83 2 4 00 4 83 9 85 7 14 2 92 8 21 2 62 0 4 0 3 2 02 7 77 7 13 7 83 6 04 3 6 6

202070759 55 5 62 6 40 1 85 2 58 8 07 8 4 40 6 91 8 29 0 64 1 24 9 51 5 08 2 1 8 9 2 98 5 59 1 49 1 76 1 84 5 0 2

808489120 07 2 84 4 99 2 68 7 39 2 80 7 2 87 7 76 7 35 9 71 4 18 3 47 2 70 2 6 1 8 9 63 7 50 1 49 7 18 2 46 9 1 1

650776133 79 8 59 0 95 7 00 0 97 3 30 4 5 97 4 88 0 84 2 84 0 17 9 74 2 91 0 0 6 4 2 45 8 69 1 81 7 19 5 11 8 7 4

612151517 26 5 46 3 22 8 22 1 68 6 99 8 7 54 9 18 2 42 2 43 3 63 7 25 9 08 5 1 4 1 8 65 4 62 0 43 5 76 7 98 4 2 3

387184774 44 7 92 0 73 9 93 4 23 6 58 4 8 23 8 24 2 81 1 98 1 63 8 15 0 10 6 7 4 8 1 04 5 16 6 03 7 73 0 60 5 6 2

016196762 56 1 33 8 44 1 43 6 03 8 33 9 0 44 1 49 5 26 3 44 3 21 9 01 1 46 5 7 5 4 4 45 4 17 8 42 4 02 0 92 4 6 1

651572335 07 7 87 0 77 4 98 1 71 2 57 7 2 46 7 96 2 92 6 38 6 35 6 37 3 28 9 9 1 2 1 54 8 31 4 38 1 67 8 99 8 8 5

0404453640 2 35 2 73 8 19 5 13 7 86 3 65 6 43 9 12 1 20 1 03 9 71 2 28 2 21 2 0 7 2 03 5 7

Name :

RSA896

Digits :

270

412023436 98 6 65 9 54 3 85 5 53 1 36 5 3 32 5 75 9 48 1 79 8 11 6 99 8 44 3 2 7 9 8 28 4 54 5 56 2 64 3 38 7 6 4

455652484 26 1 98 0 98 8 70 4 23 1 61 8 4 18 7 92 6 14 2 02 4 71 8 88 6 94 9 2 5 6 0 93 1 77 6 37 5 03 3 42 1 1 3

098239748 51 5 09 4 49 0 91 0 69 1 02 6 9 86 1 03 1 86 2 70 4 11 4 88 0 86 6 9 7 0 5 64 9 02 9 03 6 53 6 58 8 6 7

4337317208 1 31 0 41 0 51 9 08 6 4 25 4 79 3 28 2 60 1 39 1 25 7 62 4 03 3 94 6 37 3 26 9 39 1

Name :

RSA1024

Digits :

309

135066410 86 5 99 5 22 3 34 9 60 3 21 6 2 78 8 05 9 69 9 38 8 81 4 75 6 05 6 6 7 0 2 75 2 44 8 51 4 38 5 15 2 6 5

106048595 33 8 33 9 40 2 87 1 50 5 71 9 0 94 4 17 9 82 0 72 8 21 6 44 7 15 5 1 3 7 3 68 0 41 9 70 3 96 4 19 1 7 4

304649658 92 7 42 5 62 3 93 4 10 2 08 6 4 38 3 20 2 11 0 37 2 95 8 72 5 76 2 3 5 8 5 09 6 43 1 10 5 64 0 73 5 0 1

508187510 67 6 59 4 62 9 20 5 56 3 68 5 5 29 4 75 2 13 5 00 8 52 8 79 4 16 3 7 7 3 2 85 3 39 0 61 0 97 5 05 4 4 3

34999811150 05 69 7 72 36 8 90 92 75 6 3

RSA

30/83

Name :

RSA704

Digits :

212

740375634 79 5 61 7 12 8 28 0 46 7 96 0 97 4 29 5 7 31 4 25 9 31 8 88 8 92 3 12 8 90 8 49 3 62 3 2 63 8 97

276503402 82 6 62 7 68 9 19 9 64 1 96 2 51 1 78 4 3 99 5 89 4 33 0 50 2 12 7 58 5 37 0 11 8 96 8 0 98 2 86

733173273 10 8 93 0 90 0 5 52 5 05 1 16 8 77 0 6 32 9 90 7 23 9 63 8 07 8 6 71 0 08 6 09 6 96 2 5 37 9 34 6 50 5 63 7 96 3 5 9

according to the submitters, over five months of calendar time.

29/83

1634733645 80 9 25 3 84 8 44 3 13 3 88 3 86 50 9 08 5 98 4 17 8 36 7 00 3 30

9231218111 08 5 23 8 93 3 31 00 1 04 5 08 1 51 2 12 11 8 16 7 51 1 57 9

39807508642 4 06 4 93 7 39 7 12 55 0 05 5 03 8 64 91 1 99 0 64 3 62

34252670840 6 38 5 18 95 7 59 4 63 88 9 57 2 61 7 68 58 3 31 7

Name :

RSA640

Digits :

193

310741824 04 9 00 4 37 2 13 5 07 5 00 3 58 8 85 6 79 3 0 03 7 34 6 02 2 84 2 72 7 54 5 72 0 16 1 94 8 82

320644051 80 8 15 0 45 5 63 4 68 2 96 7 17 2 32 8 67 8 2 43 7 91 6 27 2 83 8 03 3 41 5 47 1 07 3 10 8 50

1919548529 0 07 3 37 7 2 48 2 27 8 35 2 57 4 23 8 64 5 40 1 46 9 17 3 66 0 24 7 76 5 23 4 66 0 9

http://www.rsa.com/rsalabs/node.asp?id=2093

31/83

RSA

32/83

Outline

1

2

and C2 .

Also, side-channel attacks are possible against RSA, for

example by measuring the time taken to encrypt.

5

6

RSA

33/83

Software GPG

Introduction

RSA

Algorithm

Example

Correctness

Security

GPG

Elgamal

Algorithm

Example

Correctness

Security

Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange

Example

Correctness

Security

Summary

GPG

34/83

> gpg --gen-key

(1) RSA and RSA (default)

(2) DSA and Elgamal

(3) DSA (sign only)

(4) RSA (sign only)

Your selection? 1

What keysize do you want? (2048)

Key is valid for? (0)

Key does not expire at all

Real name: Bobby

Email address: bobby@gmail.com

Comment: recipient

You need a Passphrase to protect your secret key.

Enter passphrase: Bob rocks

Repeat passphrase: Bob rocks

Supported algorithms:

Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA

Cipher: 3DES, CAST5, BLOWFISH, AES, AES192,

AES256, TWOFISH, CAMELLIA128,

CAMELLIA192, CAMELLIA256

Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384,

SHA512, SHA224

Compression: Uncompressed, ZIP, ZLIB, BZIP2

http://www.gnupg.org

GPG

35/83

GPG

36/83

Please select what kind of key you want:

(1) RSA and RSA (default)

(2) DSA and Elgamal

(3) DSA (sign only)

(4) RSA (sign only)

Your selection? 1

What keysize do you want? (2048)

Key is valid for? (0)

Key does not expire at all

Real name: Alice

Email address: alice@gmail.com

Comment: sender

You need a Passphrase to protect your secret key.

Enter passphrase: Alice is cute

Repeat passphrase: Alice is cute

GPG

-----BEGIN GPG PUBLIC KEY BLOCK----Version: GnuPG v1.4.11 (Darwin)

mQENBE83U28BCADTVOkHpNjWzk7yEzMhiNJcmOtmUYfn4hzgYTDsP2otI0UhfJ4q

EZCuPoxECIZ479k3YpBvZM2JC48Ht9j1kVnDPLCrongyRdSko0AwG7OYAyHWa7/U

SeGwjZ+0MUuM3SwqHdo1/0XS3P8LABTQNXtrQf9kF8UNLIaHr1IvBcae1K44MPL6

................................................................

EBHmAM7iiWgWI6/6qEmN46ZQEmoR86vWhQL3LQ6p/FUaBA==

=FZ78

-----END GPG PUBLIC KEY BLOCK-----

37/83

Encryption

GPG

38/83

Decryption

> cat message

Attack at dawn

> gpg --recipient bobby --armor --encrypt message

> cat message.asc

-----BEGIN PGP MESSAGE----Version: GnuPG v1.4.11 (Darwin)

Bobby can now decrypt the message using his private key:

> gpg --decrypt message.asc

You need a passphrase to unlock the secret key for

user: "Bobby (recipient) <bobby@gmail.com>"

2048-bit RSA key, ID D95291EF, created 2012-02-12

(main key ID 9974031B)

hQEMA97v9lbZUpHvAQf/a9QklXMiMzBWy5yyZBtNrg7FcrIqx+gXVVUXNN86tZtE

RF42elwU6QwamDzfcOHqp+3zeor4Y5xN+/pL91xti6uwFOhgGrCGJq//AfUKgQyk

MH2e4gR8Y1BuPm9b1c7uzXxRMMOUBBt75KquYGOBLybsP29ttD9iL/ZJl1zSPjSj

El7O0Gp7PqEBotStVOtuknYW/fX0zXndU8XNllKnsnZn21Xm0rMQcFMu8Do/tF5I

lRfTEcL4S9tV4vshgXhNSpTg9sZs1UZynvU2cJqyYkCtgT7TdtrK3fTa8UN+CYQv

U2QRnaNtFhYwBMonFqhefNzDqeZb+P0RqOuoDllYuNJRAViJ3CLjT7kwgBgRtNfY

RkGArQQmgrknW2jq/Y2GZTE8CC7pNXY8U3KYMl9hRA6U5fMp08ndFp8vowBbB2sw

zjxjSY7ZeIR2uwxdLYydtW4m

=B+JA

-----END PGP MESSAGE----GPG

gpg: encrypted with 2048-bit RSA key, ID D95291EF, created 2012-02-12

"Bobby (recipient) <bobby@gmail.com>"

Attack at dawn

39/83

GPG

40/83

The keyring

The keyring. . .

/Users/collberg/.gnupg/pubring.gpg

---------------------------------pub

2048R/9974031B 2012-02-12

uid

Bobby (recipient) <bobby@gmail.com>

sub

2048R/D95291EF 2012-02-12

/Users/collberg/.gnupg/secring.gpg

---------------------------------sec

2048R/9974031B 2012-02-12

uid

Bobby (recipient) <bobby@gmail.com>

ssb

2048R/D95291EF 2012-02-12

pub

uid

sub

sec

uid

ssb

2048R/4EC8A0CB 2012-02-12

Alice (sender) <alice@gmail.com>

2048R/B901E082 2012-02-12

GPG

41/83

2048R/4EC8A0CB 2012-02-12

Alice (sender) <alice@gmail.com>

2048R/B901E082 2012-02-12

GPG

42/83

Alice can now decrypt the message and check the signature:

> gpg --decrypt message.asc

You need a passphrase to unlock the secret key for

user: "Bobby (recipient) <bobby@gmail.com>"

2048-bit RSA key, ID 9974031B, created 2012-02-12

user: "Alice (sender) <alice@gmail.com>"

2048-bit RSA key, ID B901E082,

created 2012-02-12 (main key ID 4EC8A0CB)

-----BEGIN PGP MESSAGE----Version: GnuPG v1.4.11 (Darwin)

GPG

hQEMA7osp1S5AeCCAQgAsSqSs+Urf0f3KHTtP7cqTwugpcJ9oUAGkw/KQ0DHIE0v

................................................................

8XEAaCwZ8aZK1lXhqBSd/9hCm9Mup2NECihO8crVyff7NTWFyaTBeGAm10q3y46o

QpIgPbcdYZqIt8e/8wPU6xlMZUStzxBKLB+Rj/Zg35ZVioYL

=oiv8

-----END PGP MESSAGE-----

"Alice (sender) <alice@gmail.com>"

Attack at dawn

gpg: Signature made Sat Feb 11 23:10:59 2012 MST

using RSA key ID 9974031B

gpg: Good signature from "Bobby (recipient) <bobby@gmail.com>"

43/83

GPG

44/83

Deleting Keys

Enter passphrase: sultana

Repeat passphrase: sultana

> cat message.asc

-----BEGIN PGP MESSAGE----Version: GnuPG v1.4.11 (Darwin)

sec 2048R/9974031B 2012-02-12 Bobby (recipient) <bobby@gmail.com>

Delete this key from the keyring? (y/N) y

This is a secret key! - really delete? (y/N) y

jA0EBwMCgZ3PBfSZxJlg0ksBBooTMLEVQ2q9HkTR5y9FIoX9nbsyohrOXeQLFlcf

wtWcg+dZvlMS6D7OE3wZCeW2LX50kYcU17MUc8wnJLDAzAdRqPAgDma+sP4=

=UtI4

-----END PGP MESSAGE-----

pub 2048R/9974031B 2012-02-12 Bobby (recipient) <bobby@gmail.com>

gpg: AES encrypted data

Enter passphrase: sultana

gpg: encrypted with 1 passphrase

Attack at dawn

GPG

45/83

Generating Primes

GPG

46/83

Generate 100 (base64 encoded) random bytes:

C4B7

> gpg --gen-prime 1 1024

D34D4347ED013242EE06811BC561C6587D75ADE33D1BEC954D648E22

9D88B5E0AF1394459FB48B135B99C8BA8C50E5331C6226CBF6D70031

4A8CC84C7B363BE7DD7BBBB29E545D199339263F5FB2E9F1B84BA9D5

05B5B79858FC6149CF09E6C56D9730C3BD1E62B378C8DFAF4233B8DC

BA999A21EC9C4BF8C60AACDCBC607AC5

GPG

e0zAVl6jbe/Dma9VF20lMgZxE1RA4S8TwNwu6KP8+o1kjdtBm2

AjKFSVsj/d3zG/9KqmNj7j6symEUZ3e0fWZaWqLBxzJuSur5sK

C8omfPus2QtYJJNOgVbpJ7X9L4t1iNJtnw==

47/83

GPG

48/83

MD5

= 36 D1 A5 12 17 CD 34 FC 04 F5 6C C4 91 39 C7 59

SHA1

= 6DA4 473A 00CE 7AB6 7B6F 884D 1E75 6633 C21A 56DB

RMD160 = D1DE 4194 C0CD 3AED 30F3 38CD 68F3 800F CCF0 3B87

SHA224 = B4E94780 1AA1A9C3 418F72D8 651BA995 83284003

EBEE183A 589702EE

SHA256 = B83EF405 07696578 9D4BBDA7 D7932700 5F2AE6CB

A2696FDE 69694D12 AFE70E4A

SHA384 = 7AC39A0C 945844F1 1316BB46 C9FC7EEA E892A178

2D20E4CA E7BE686C 1A091C8C F1BBDFD1 3D42BEA2

88AF5A4F E3705474

SHA512 = 9CA1EB88 F064CB0D 536254B2 5755919F 45564276

96CA27A0 389E4817 53F81DC2 3222488D 7D11F3DD

C066B9E8 027F3870 395A2561 157DDC38 BD679D37

C2E361CC

GPG

other means (OR)

http://www.schneier.com/paper-attacktrees-fig7.html

49/83

GPG

50/83

Determine symmetric key by other means:

1 Fool sender into encrypting message using public key whose

private key is known (OR)

1 Break asymmetric encryption (OR)

1

2

Convince sender that fake key (with known private key) is the

key of the intended recipient

2 Convince sender to encrypt with more than one keythe real

key of the recipient and a key whose private key is known.

3 Have the message encrypted with a different public key in the

background, unbeknownst to the sender.

1

Mathematically break asymmetric encryption (OR)

1 Break RSA (OR)

2 Factor RSA modulus/calculate Elgamal discrete log

1 General cryptanalysis of RSA/Elgamal (OR)

2 Exploit weakness in RSA/Elgamal (OR)

3 Timing attack on RSA/Elgamal

2

3

4

2 Cryptanalysis of symmetric-key encryption

1

Implant virus that alters the state of randseed. (OR)

3 Implant software that affects the choice of symmetric key.

1

2

6

GPG

Monitor the senders computer memory (OR)

Monitor the receivers computer memory (OR)

Determine key from pseudo-random number generator (OR)

51/83

GPG

52/83

GPG

53/83

GPG

tree is that breaking the RSA or IDEA encryption

algorithms are not the most profitable attacks against

PGP. There are many ways to read someones

PGP-encrypted messages without breaking the

cryptography. You can capture their screen when they

decrypt and read the messages (using a Trojan horse like

Back Orifice, a TEMPEST receiver, or a secret camera),

grab their private key after they enter a passphrase (Back

Orifice again, or a dedicated computer virus), recover

their passphrase (a keyboard sniffer, TEMPEST receiver,

or Back Orifice), or simply try to brute force their

passphrase (I can assure you that it will have much less

entropy than the 128-bit IDEA keys that it generates).

GPG

54/83

key length is probably the least important thing that

affects PGPs overall security. PGP not only has to be

secure, but it has to be used in an environment that

leverages that security without creating any new

insecurities.

http://www.schneier.com/paper-attacktrees-fig7.html

55/83

GPG

56/83

Outline

1

2

3

4

Elgamal

RSA

Algorithm

Example

Correctness

Security

GPG

Elgamal

Algorithm

Example

Correctness

Security

Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange

Example

Correctness

Security

Summary

calculating discrete logarithms.

It is a probabilistic scheme:

a particular plaintext can be encrypted into multiple different

ciphertexts;

ciphertexts become twice the length of the plaintext.

Elgamal

57/83

Elgamal: Algorithm

Elgamal

58/83

Pick a prime p.

Find a generator g for Zp .

3 Pick a random number x between 1 and p 2.

4 Compute y = g x mod p.

PB = (p, g , y ) is Bobs RSA public key.

SB = x is Bob RSA private key.

1

2

message, or shell leak information.

Bob doesnt need to know the random value k to decrypt.

Each message has p 1 possible different encryptions.

Lagranges theorem :

2 Pick a random number k between 1 and p 2.

3 Compute the ciphertext C = (a, b):

1

a

b

=

=

M = b (ax )1 mod p

g k mod p

My k mod p

= b ap1x mod p

1

Elgamal

59/83

Elgamal

60/83

property that we can factor p 1.

Compute

y = g x mod p = 27 mod 13 = 11.

g (p1)/pi mod p 6= 1

If g is not a generator, then one of these powers will 6= 1.

Elgamal

61/83

Elgamal

a2

1

4

9

3

12

10

10

12

3

9

4

1

a3

1

8

1

12

8

8

5

5

1

12

5

12

a4

1

3

3

9

1

9

9

1

9

3

3

1

a5

1

6

9

10

5

2

11

8

3

4

7

12

a6

1

12

1

1

12

12

12

12

1

1

12

1

a7

1

11

3

4

8

7

6

5

9

10

2

12

Elgamal

62/83

i Z13 = {1, 2, 3, . . . , 12} theres an integer k, such that

i = 2k mod 13:

a1

1

2

3

4

5

6

7

8

9

10

11

12

a8

1

9

9

3

1

3

3

1

3

9

9

1

a9

1

5

1

12

5

5

8

8

1

12

8

12

a10

1

10

3

9

12

4

4

12

9

3

10

1

a11

1

7

9

10

8

11

2

5

3

4

6

12

Alice gets Bobs public key PB = (p, g , y ) = (13, 2, 11).

To encrypt:

a12

1

1

1

1

1

1

1

1

1

1

1

1

1

2

Compute:

a

b

=

=

g k mod p = 25 mod 13 = 6

My k mod p = 3 115 mod 13 = 8

63/83

Elgamal

64/83

In-Class Exercise

Compute

M = b (ax )1 mod p

y = g x mod p = 29 mod 13 = 5

= b ap1x mod p

= 8 61317 mod 13

= 8 65 mod 13

= 3

Elgamal

65/83

Elgamal Correctness

k = 10.

Elgamal

66/83

Elgamal Security

We have that

a = g k mod p

b = My k mod p

y

= g x mod p

the discrete logarithm problem.

We get

= (My k ) (g kx )1 mod p

= (M((g x )k ) (g kx )1 mod p

= Mg kx (g kx )1 mod p

= Mg kx g kx mod p

= M mod p

Elgamal

= M

67/83

Elgamal

68/83

Outline

1

2

3

4

Key Exchange

RSA

Algorithm

Example

Correctness

Security

GPG

Elgamal

Algorithm

Example

Correctness

Security

Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange

Example

Correctness

Security

Summary

way for parties to share a secret (such as a symmetric key)

over an insecure channel.

With an active adversary (who can modify messages) we

cant reliably share a secret.

With a passive adversary (who can only eavesdrop on

messages) we can share a secret.

A passive adversary is said to be honest but curious .

69/83

Diffie-Hellman: Algorithm

1

1

2

Compute

X = g x mod p.

Send X to Bob.

The secret K1 = K2 shared by Alice and Bob at the end of the

protocol would typically be a shared symmetric key.

4

5

71/83

Pick g , a generator for Zp .

Alice :

1

70/83

Bob :

1

2

Compute

Y = g y mod p.

Send Y to Alice

Bob computes the secret: K2 = X y mod p.

72/83

Example

In-Class Exercise

Alice :

Let p = 19.

Let g = 10.

Pick a random x = 3.

2 Compute X = g x mod p = 23 mod 13 = 8.

1

4

Bob :

1

2

Pick a random y = 7.

Compute Y = g y mod p = 27 mod 13 = 11.

Alice computes: K1 =

Bob computes: K2 =

K1 = K2 = 5.

Yx

Xy

mod p =

mod p =

113

87

mod 13 = 5.

Compute K1 .

Compute K2 .

mod 13 = 5.

73/83

Diffie-Hellman Correctness

74/83

Diffie-Hellman Correctness. . .

Alice has

K1 = Y x mod p

X

= (g y )x mod p

= g x mod p

= (g x )y mod p

K1 = Y x mod p.

= X y mod p

Y

Bob has

= g y mod p

K2 = X y mod p

K2 = X y mod p.

= (g x )y mod p

= X y mod p

K1 = K2 .

75/83

76/83

Diffie-Hellman Security

the discrete logarithm problem.

Alice :

1

Eve :

Intercept X = g x mod p from Alice.

Pick a number t in Zp .

3 Send T = g t mod p to Bob.

Diffie-Hellman Property :

1

2

Given

p, X = g x , Y = g y

Bob :

1

computing

K = g xy mod p

Eve :

Intercept Y = g y mod p from Bob.

Pick a number s in Zp .

3 Send S = g s mod p to Alice.

1

2

is thought to be hard.

77/83

78/83

7

8

Eve :

Intercept C .

Decrypt:M = DK1 (C )

Re-encrypt:C = EK2 (M)

4 Send C to Bob

1

1

2

3

Compute K1 = g xS mod p

1

Compute K2 = g yT mod p

9

10

Eve :

Intercept C .

Decrypt:M = DK2 (C )

3 Re-encrypt:C = EK1 (M)

4 Send C to Alice.

1

2

79/83

80/83

Outline

1

2

3

4

RSA

Algorithm

Example

Correctness

Security

GPG

Elgamal

Algorithm

Example

Correctness

Security

Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange

Example

Correctness

Security

Summary

Summary

Goodrich and Tamassia.

81/83

Acknowledgments

Additional material and exercises have also been collected from

these sources:

Summary

Cryptography.

1999, http://www.schneier.com/paper-attacktrees-ddj-ft.html .

Security of Cryptographic Schemes,

http://www.irisa.fr/celtique/blazy/seminar/20110204.pdf .

http://homes.cerias.purdue.edu/~crisn/courses/cs355_Fall_2008/lect18.pdf

83/83

Summary

82/83

- Types of CryptographyUploaded byBridget Smith
- W07 Exchange Clients SecurityUploaded byapi-3708138
- ProjectUploaded byAhmed Rgb
- Network SecurityUploaded byHaritha Devinani
- Z Crypto Hw SummaryUploaded byrgarcp2348
- Understanding Digital Certificates & Wireless Transport Layer WTLSUploaded byFawad Ali Sher Khan
- is materialUploaded byRamesh Rummy
- adhocUploaded byNadi Karunanithi
- IEEE project topics and abstracts 2016Uploaded byaswin
- cholantechnology4@gmail.comUploaded byஸ்ரீ கண்ணன்
- Gpg4win Compendium EnUploaded byElvis NightShade
- Intro to EncryptionUploaded byzackgeorge
- Prjt repoUploaded byRajesh Rai
- A Public-Key Cryptosystem Based On Discrete Logarithm Problem over Finite Fields ?? ?Uploaded byInternational Organization of Scientific Research (IOSR)
- CryptographyUploaded byAmit Badam
- PGPUploaded byRahul Singh
- 201103 s0819824 Masterthesis PrintUploaded bypalecsandru2001
- Proposed Optimum Hybrid Encryption for Non-Repudation False Modification and AuthenticationUploaded byCao Thủ
- EMV v4.3 Book 2 Security and Key Management 20120607061923900Uploaded byGregorio Gazca
- 4c_discreteLogDiffieHellman_e.pdfUploaded byshahrilyen89
- tybsc itUploaded byapi-292680897
- zkproto_draftv14Uploaded byASANGA
- SRS 6 finalUploaded byAnurag Banerjee
- BRKCCIE-3242Uploaded bydasramjith
- Ice TranUploaded byPeraKojot
- AsymmetricEncryption and PKI CAUploaded byEver Twins
- Thesis FYPUploaded byEyka Zulaika
- CryptographyUploaded byIffat Khan
- 3. Identity-Based Encryption with Cloud.docxUploaded byPidikiti Surendra Babu
- SHARVOT- Secret SHARe-based VOTing on the BlockchainUploaded bywind_art

- WS-INF3510-2012-L05-QAUploaded bySundresan Perumal
- Classical encryption techniquesUploaded bymimirose90
- section 20 hill cipher.pdfUploaded byRecall
- -problem-docx.pdfUploaded byRecall
- AesUploaded bykrishnakumariram
- Lecture2.pdfUploaded byRecall
- Lecture 5_chapter14 - Part 2.pptUploaded byRecall
- Lecture 5 Case Study.pptUploaded byRecall
- 237289170-Tutorial-3.pdfUploaded byRecall
- j_bsec.pdfUploaded byRecall

- I Card FormUploaded byrkkvi4u
- 9781947843806Uploaded byBusiness Expert Press
- Advances in NW and DSSUploaded byGaurav Ramdhony
- Second ReviewUploaded byNathan Bose Thiruvaimalar Nathan
- Cryptographic Hash Function.pdfUploaded byDishaSareen
- Nurit 8320 Restaurant Reference GuideUploaded byMerchant Service Provider
- How to Implement RSA in RubyUploaded bychris_hulbert
- Growbot White ListUploaded byNicolás Posenatto
- Factorization Hack of RSA Secret NumbersUploaded byAndysah Putra Utama Siahaan
- The RSAUploaded bycharchit99
- bandit levelsUploaded bySimbad M
- 6 Month Transaction bankUploaded byShravan Kumar
- VisitBit _ Free Bitcoin! Instant Payments!Uploaded bySaf Bes
- 2170709Uploaded bySaurabh Das
- Sign Crypt IonUploaded byDilshini Jayamaha
- 1551511989797p9U97CXEvYmN55JP.pdfUploaded bysameer solunke
- IntroUploaded byManuel Aleixo Leiria
- Java Client Certificates Over HTTPS SSLUploaded byThierry Nkengurutse
- Basics of Information SecurityUploaded byVarun Upadhyay
- 91bc69e9c1a645f39b673682b68f6a65_0000272300121055_MAR2016Uploaded byAndrei Cristian Tălpău
- Biometrics and Smart Cards in Identity ManagementUploaded byRevathi Krishnan
- Prioritized Approach V2.0Uploaded byprinsessafiona
- AAQ2.docUploaded byNadia Baker
- Kambai GasUploaded byMani Kandan
- ISG-Pay-v6Uploaded byVivek Rai
- fa189ea833b35d2a79e4ac745dc0066f-applicationpdfUploaded bySezWicked
- Two Factor Authentication 2fa Openotp 36087Uploaded byShiva Mca
- 1551510672721a9gvh7qyiVYUqfdr.xlsUploaded byAshish Yadav
- Presentation document of DAC-MACUploaded bysumalraj
- ImranUploaded byVivek Singh

## Much more than documents.

Discover everything Scribd has to offer, including books and audiobooks from major publishers.

Cancel anytime.