Key Management and Elliptic Curves

Similar documents
Key Management and Distribution

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

Cryptography and Network Security

1. Diffie-Hellman Key Exchange

Chapter 9. Public Key Cryptography, RSA And Key Management

Public Key Cryptography and RSA

Abhijith Chandrashekar and Dushyant Maheshwary

Chapter 7 Public Key Cryptography and Digital Signatures

Elliptic Curve Public Key Cryptography

The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who

Lecture Note 6 KEY MANAGEMENT. Sourav Mukhopadhyay

Security Handshake Pitfalls

ECC Elliptic Curve Cryptography. Foundations of Cryptography - ECC pp. 1 / 31

Understanding Cryptography by Christof Paar and Jan Pelzl. Chapter 9 Elliptic Curve Cryptography

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Chapter 9 Public Key Cryptography. WANG YANG

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

UNIT III 3.1DISCRETE LOGARITHMS

Prime Field over Elliptic Curve Cryptography for Secured Message Transaction

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

10.1 Introduction 10.2 Asymmetric-Key Cryptography Asymmetric-Key Cryptography 10.3 RSA Cryptosystem

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Diffie-Hellman. Part 1 Cryptography 136

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Chapter 3 Public Key Cryptography

Cryptography and Network Security Chapter 14

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Public Key Algorithms

Cryptography and Network Security. Sixth Edition by William Stallings

Public Key Cryptography

Public Key Algorithms

Public-key encipherment concept

SEC 1: Elliptic Curve Cryptography

Cryptographic Systems

Lecture 6: Overview of Public-Key Cryptography and RSA

Contents Digital Signatures Digital Signature Properties Direct Digital Signatures

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Chapter 3. Principles of Public-Key Cryptosystems

Lecture 2 Applied Cryptography (Part 2)

PROTECTING CONVERSATIONS

Spring 2010: CS419 Computer Security

CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

Keywords Session key, asymmetric, digital signature, cryptosystem, encryption.

Cryptographic Concepts

PUBLIC KEY CRYPTO. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Cryptography and Network Security Chapter 13. Digital Signatures & Authentication Protocols

Computer Security 3/23/18

CSC 474/574 Information Systems Security

Overview. Public Key Algorithms I

CS669 Network Security

Elliptic Curves as Tool for Public Key Cryptography

Computer Security: Principles and Practice

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

Innovation and Cryptoventures. Digital Signatures. Campbell R. Harvey. Duke University, NBER and Investment Strategy Advisor, Man Group, plc

Innovation and Cryptoventures. Digital Signatures. Campbell R. Harvey. Duke University, NBER and Investment Strategy Advisor, Man Group, plc

Grenzen der Kryptographie

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

CS3235 Seventh set of lecture slides

Notes for Lecture 10

The Application of Elliptic Curves Cryptography in Embedded Systems

Public-Key Cryptography

(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography

Key Management and Distribution

What did we talk about last time? Public key cryptography A little number theory

Number Theory and RSA Public-Key Encryption

CT30A8800 Secured communications

SSH PK Authentication and Auto login configuration for Chassis Management Controller

Cryptography and Network Security. Sixth Edition by William Stallings

Introduction to Cryptography and Security Mechanisms. Abdul Hameed

Cryptography Lecture 9 Key distribution and trust, Elliptic curve cryptography

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

Cryptography and Network Security Chapter 13. Fourth Edition by William Stallings. Lecture slides by Lawrie Brown

Key Management and Distribution

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption

T Cryptography and Data Security

Elliptic Curve Cryptosystem

Public Key Cryptography

T Cryptography and Data Security

Implementation and Benchmarking of Elliptic Curve Cryptography Algorithms

CSC/ECE 774 Advanced Network Security

Elliptic Curve Cryptography

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Public Key Algorithms

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

COMPUTER & NETWORK SECURITY

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Digital Signatures. KG November 3, Introduction 1. 2 Digital Signatures 2

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

Cryptography and Network Security

Other Topics in Cryptography. Truong Tuan Anh

-3- Additionally or alternatively, the invention may comprise a method of controlling access to a digital wallet, the method comprising the steps:

Kurose & Ross, Chapters (5 th ed.)

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

Uzzah and the Ark of the Covenant

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Encryption. INST 346, Section 0201 April 3, 2018

UNIT - IV Cryptographic Hash Function 31.1

Transcription:

Key Management and Elliptic Curves Key Management Distribution of ublic Keys ublic-key Distribution of Secret Keys Diffie-Hellman Key Echange Elliptic Curves Mathematical foundations Elliptic curves over real numbers, Z p, and GF(2 m ) Key echange using Elliptic Curve Cryptography Elliptic Curve Encryption/Decryption Security of Elliptic Curve Cryptography

ublic Announcement of ublic Keys Announcing your key to the world This is what is done by G (pretty good privacy) Weakness: someone can pretend to be you, announce a public key (knowing the private key), and then receive all encrypted email sent by others and intended for you We need to look at other approaches with more security

ublicly Available Directory Steps in the process Register your name and public key with the directory Authentication occurs at this time The user can replace the public key at any time The entire directory is published periodically Access to the directory can be done electronically This is more secure, but improvements are possible

ublic-key Authority - 1 Steps in the process 1. Send a request to the public key authority for the current public key of user B 2. The authority sends a response using its private key; the user is able to decrypt using the authority s public key; the response will include B s public key, the original request and the original timestamp 3. Store B s public key and send an encrypted message that includes your identifier and a nonce 4. User B gets your public key using steps 1 and 2 5. B replies by sending A s nonce as well as a new nonce 6. Return B s nonce to ensure the channel is secure

ublic-key Authority - 2

ublic-key Certificates - 1 Using an authority is time consuming; an alternative approach is to use certificates We now have a certificate authority 1. Any participant can read a certificate determining the name and public key of the owner 2. Any participant can determine the info originated from the certificate authority 3. Only the certificate authority can update certificates 4. Any participant can determine the currency of the certificate Users can simply echange certificates to share their public keys

ublic-key Certificates - 2

Try to Answer the Questions Asked How can any participant determine the information originated from the certificate authority? How does the timestamp help eliminate forgery?

Simple Secret Key Distribution - 1 Suppose users A and B want to echange a secret key User A generates a public key and private key and contacts B User B generates a secret key and transmits it to A, encrypted with A s public key A decrypts the message to recover the secret key All public/private keys are discarded and communications proceeds using the secret key and symmetric encryption The risk seems minimal since the echange of a secret key happens quickly

Simple Secret Key Distribution - 2 If there is an active attack by an eavesdropper E, the following sequence may occur User A generates a public key and private key and contacts B User E intercepts this message, creates another public key and private key and transmits the public key and A s identity to B User B generates a secret key and transmits it to A, encrypted with A s public key User E intercepts this message and learns the secret key E transmits the secret key to A and proceeds to listen in on all subsequent messages What is lacking here is authentication that messages really come from the epected source and not an eavesdropper

Distribution with Confidentiality & Authentication We assume that A and B have echanged public keys by one of the schemes outlined earlier A uses B s public key to encrypt and transmit A s identifier and a nonce N 1 that is used to identify this transmission B sends A a message encrypted with A s public key that contains N 1 and a new nonce N 2 generated by B A returns N 2 encrypted to assure B that the message came from A A sends B a secret key encrypted using B s public key, so only B can read it, and A s private key so B can insure the message came from A B can apply decryption to recover the secret key

A ictorial View The information echange to insure confidentiality and authenticity is shown below

How it works A Hybrid Scheme A public key distribution center (KDC) shares a secret master key with each user Secret session keys are shared encrypted with the master key Advantages of this approach erformance is improved in applications that require frequent session key echanges ublic key encryption is only used occasionally to update the master key This approach is easily overlaid on an eisting KDC scheme

The Diffie-Hellman Key Echange This is the first published public key algorithm This approach is only used to echange a secret key Security is based on the difficulty of computing discrete logarithms Here is some mathematical background For prime p we find a primitive root, we call it a For an integer b we find the eponent i such that b a i mod p where 0 <= i <= (p-1) i is the inde, namely ind a,p (b)

Steps in the Calculation - A prime q and α, a primitive root of q, are known - User A selects a random integer X A < q and computes Y A = α X A mod q; similarly user B selects a random integer X B < q and computes Y B = α X B mod q - Each side keeps its X value private and make the Y value public - User A computes K = (Y B ) X A mod q - User B computes K = (Y A ) X B mod q - These calculations produce the same secret key - Attacking the secret of user B, the opponent must compute X B = ind α,q (Y B ) - Security lies in the difficulty in calculating discrete logarithms

The Algorithm

A Sample Calculation Suppose q = 353 and primitive root α = 3. A and B select secret keys X A = 97 and X B = 233. Each computes a public key Y A = 3 97 mod 353 = 40 Y B = 3 233 mod 353 = 248 After echanging public keys, A and B each computes the secret key for symmetric encryption K = (Y B ) X A mod 353 = 248 97 mod 353 = 160 K = (Y A ) X B mod 353 = 40 233 mod 353 = 160 The attacker knows q = 353, α = 3, Y A = 40 and Y B = 248 and must solve 3 a mod 353 = 40 or 3 b = mod 353 = 248; for large values this is very hard

Steps in the rocess Here is a communications protocol Of course, this protocol is symmetric, B could initiate the echange

Group Work Given q = 71 and primitive root α = 7 Suppose X A = 5, what is A s public key? Suppose X B = 12, what is B s public key? What is the shared private key?

Elliptic Curve Arithmetic Use of RSA and problems with RSA RSA is very widely used so codebreakers have concentrated on breaking this scheme To insure security keys have become larger and larger making it more computationally intensive Elliptic Curve Cryptography (ECC) Beginning to challenge the dominance of RSA ECC offers equal security to RSA with smaller keys Confidence in ECC is not as high as RSA since codebreakers have not probed its weaknesses Security in ECC depends on the difficulty of solving the discrete logarithm problem

Abelian Groups Remember of definition of abelian groups What is closure? What is associativity? What is an identity element? What are inverse elements? What is commutativity? In Diffie-Hellman keys are generated by eponentiation (repeated multiplication) In ECC keys are generated by multiplication (repeated addition)

Elliptic Curves over Real Numbers Elliptic curve equations In general, y 2 + ay + by = 3 + c 2 + d + e We consider, y 2 = 3 + a + b, to plot this curve we need to compute y = 3 + a + b On the net two slides we show two sample elliptical curves where we specify curves by E(a,b) We also have to include the element O, the point at infinity (also known as the zero point) The first curve is E(-1,0), namely y 2 = 3 The second curve is E(1,1), namely y 2 = 3 + + 1

An Eample Curve E(-1,0)

Another Curve E(1,1)

Geometric Description of Addition E(a,b) defines a group provided there are no repeated factors, this requires 4a 3 + 27b 2 0 Addition of points and Q O, the infinity point, is the additive identity If has coordinates (,y) then is at (,-y) To add and Q, connect them with a line, the third point of intersection is R = (+Q) This is true for Q itself, Q + -Q = O To add a point to itself, Q + Q = 2Q is the point where the tangent line intersects the curve

Algebraic Description of Addition is the slope of the line connecting and Q = (y y Q )/( Q ) R = 2 - Q y R = - y + ( R ) Suppose that + = R R y a 2 2 3 2 2 + = R R y y a y + = ) ( 2 3 2

Group Work Consider the curve y 2 = 3 36 over real numbers Let = (-3.5, 9.5) and Q = (-2.5, 8.5), find + Q Find 2

Our sample curve Elliptic Curves over Z p y 2 mod p = ( 3 + a + b) mod p one solution: a = 1, b = 1, = 9, y = 7, p = 23 Finding more points If p = 23, a = 1, b = 1, the curve is E 23 (1,1) The net slide shows the points that satisfy the equation, including the (9,7) above A plot of these points is also shown Notice that the points (ecept for one) are symmetric about the line y = 11.5

Elliptic Curve E 23 (1,1)

Group Work - 1 Given E 11 (1,6) defined by y 2 = 3 + + 6 Find all points by calculating the right hand side for all values of

A Sample Calculation - 1 Additive inverse + - = O, let = (13,7), - = (13,-7) = (13,16) why? Addition = + = = = Q if p y a Q pif y y p y y p Q Q R R Q R mod 2 3 mod ) mod ) ( ( ) mod ( 2 2 λ λ λ

A Sample Calculation - 2 Multiplication: 4 = + + + An eample of simple addition y R λ = R = (3,10) and 7 10 = mod 23 = 9 3 = (11 2 3 9) mod 23 (11(3 17) 10) mod 23 Q 6 3 = (9,7) mod 23 = 109mod 23 = 11 = 17 = 164 mod 23 = 20

Group Work - 2 Given E 11 (1,6) defined by y 2 = 3 + + 6 Give G = (2, 7) find multiples 2G to 13G

Elliptic curves over GF(2 m ) The basic equation is y 2 + y = 3 + a 2 + b if is (, y ) then is (, + y ) if Q is ( Q, y Q ) and ±Q then if R = 2 then + + = + + = + + + + = Q Q R R R Q R y y y y a λ λ λ λ ) ( 2 R R R y y a + = + + = + + = λ λ λ λ 2 2 1) (

Elliptic Curve Cryptography An Overview Given Q = k where Q, are in E p (a,b) and k < p It is relatively easy to calculate Q given k and It is difficult to determine k given Q and This is the discrete log problem for elliptic curves An eample calculation Let = (16,5) and Q = (4,5) in E 23 (9,7) defined by the equation y 2 mod 23 = ( 3 + 9 + 17) mod 23 To find k we can use a brute force approach: 2 = (20,20), 3 = (14, 14),, 9 = (4, 5) so k = 9 For large numbers this approach is impractical

Key Echange using Elliptic Curves Steps of the key echange Select a large integer q to define E q (a, b) The order n of a point G is the smallest positive integer n such that ng = O. ick a base point G in E q (a, b) with a very large order G and E q (a, b) are parameters known to all participants A selects n A < n its private key; A calculates public key A = n A G in E q (a, b) In a similar manner B selects n B and generates B A generates secret key K = n A B and B generates secret key K = n B A ; these values are equal

ECC Key Echange

A Numeric Eample The values and calculations = 211 in E p (0, -4) and G = (2, 2) One calculates 240 G = O A sets n A = 121 and A = 121(2, 2) = (115, 48) B sets n B = 203 and A = 203(2, 2) = (130, 203) The shared key is 121(130, 203) = 203(115, 48) = (161, 69)

Group Work Suppose we are using E 11 (1,6) Let G = (10,2) Suppose A selects n A = 5, find A s public key Suppose B selects n B = 7, find B s public key Show how both A and B find the secret key

Elliptic Curve Encryption/Decryption The initial calculations are similar to the key echange Select a large integer q to define E q (a, b) and a base point G in E q (a, b) with a very large order A selects n A, its private key, and calculates public key A = n A G in E q (a, b); B selects n B and calculates B To encrypt m and send to B, A selects a random positive integer k and generates the pair C m C m = (kg, m + k B ) B decrypts by multiplying the first point by B s secret key and subtracting the result from the second point m + k B n B (kg) = m

An Eample Calculation Give p = 751 and E p (-1, 188) The curve is y 2 = 3 + 188 Let G be (0, 376) Suppose the message m = (562, 201) A selects k = 386 and uses B = (201, 5) Calculating 386(0, 376) = (676, 558) And (562, 201) + 386(201, 5) = (385, 328) So A sends [(676, 558), (385, 328)]

Group Work Given E 11 (1,6), G = (2, 7) and n B = 7 Find B s public key B A wants to send m = (10, 9) and k = 3; find C m Show the calculations that let B recover m

Security of Elliptic Curve Cryptography ollard rho is the fastest method known to find discrete algorithms ECC can have the same level of security as RSA with smaller key sizes

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback