Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Similar documents
Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Key Exchange. Secure Software Systems

18733: Applied Cryptography Anupam Datta (CMU) Basic key exchange. Dan Boneh

Encryption. INST 346, Section 0201 April 3, 2018

Lecture 6 - Cryptography

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Chapter 9 Public Key Cryptography. WANG YANG

CSC/ECE 774 Advanced Network Security

CSE 127: Computer Security Cryptography. Kirill Levchenko

Other Topics in Cryptography. Truong Tuan Anh

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Symmetric Encryption 2: Integrity

Introduction to Cryptography Lecture 7

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Uzzah and the Ark of the Covenant

Introduction to Cryptography. Lecture 6

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption

Crypto Background & Concepts SGX Software Attestation

Chapter 9. Public Key Cryptography, RSA And Key Management

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Public Key Cryptography

CS 161 Computer Security

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest

Lecture 20 Public key Crypto. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller and Bailey s ECE 422

Diffie-Hellman. Part 1 Cryptography 136

Applied Cryptography and Computer Security CSE 664 Spring 2018

2.1 Basic Cryptography Concepts

Public-Key Cryptography

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Overview. Public Key Algorithms I

CS 161 Computer Security

Part VI. Public-key cryptography

Public Key Algorithms

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

RSA. Public Key CryptoSystem

ENEE 459-C Computer Security. Message authentication

Cryptographic Systems

Introduction to Cryptography Lecture 7

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

ISA 662 Internet Security Protocols. Outline. Prime Numbers (I) Beauty of Mathematics. Division (II) Division (I)

Spring 2010: CS419 Computer Security

Cryptographic Hash Functions

CPSC 467b: Cryptography and Computer Security

Computer Security: Principles and Practice

Public Key Algorithms

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

COMPUTER & NETWORK SECURITY

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Channel Coding and Cryptography Part II: Introduction to Cryptography

CS Computer Networks 1: Authentication

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

1. Diffie-Hellman Key Exchange

CPSC 467: Cryptography and Computer Security

CSC 774 Network Security

n-bit Output Feedback

CIS 4360 Secure Computer Systems Applied Cryptography

CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

An IBE Scheme to Exchange Authenticated Secret Keys

Cryptographic Concepts

CPSC 467: Cryptography and Computer Security

Key Establishment and Authentication Protocols EECE 412

Lecture IV : Cryptography, Fundamentals

CSC 474/574 Information Systems Security

Public Key Cryptography

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

Public Key Algorithms

Introduction to Public-Key Cryptography

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Implementation and Benchmarking of Elliptic Curve Cryptography Algorithms

Cryptography and Network Security

Introduction to Cryptography and Security Mechanisms. Abdul Hameed

A Simple User Authentication Scheme for Grid Computing

CS408 Cryptography & Internet Security

(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography

Lecture 4: Authentication and Hashing

Key Management and Distribution

Network Security. Chapter 4 Public Key Cryptography. Public Key Cryptography (4) Public Key Cryptography

Advanced Crypto. 2. Public key, private key and key exchange. Author: Prof Bill Buchanan

Public-key encipherment concept

Kurose & Ross, Chapters (5 th ed.)

Cryptography and Network Security. Sixth Edition by William Stallings

Data Integrity. Modified by: Dr. Ramzi Saifan

Computer Security 3/23/18

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

Public Key Cryptography and the RSA Cryptosystem

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Overview of Cryptography

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Lecture 2 Applied Cryptography (Part 2)

Chapter 7 Public Key Cryptography and Digital Signatures

Transcription:

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Course Summary Introduction Stream & Block Ciphers Block Ciphers Modes (ECB,CBC,OFB) Advanced Encryption Standard (AES) Message Authentication Codes (based on CBC and on cryptographic hashing)

The Birthday Paradox: Wrap Up Let R be a finite set of size r. Pick k elements of R uniformly and independently. What is the probability of getting at least one collision?

The Birthday Paradox (cont.) Consider the event E k : No Collision after k elements. Prob(E k )=1(1-1/r)(1-2/r) (1- (k-1)/r) < exp(-1/r) exp(-2/r) exp(-(k-1)/r) = exp(-(1+2+ +(k-1) )/r) = exp(-(k(k-1) )/2r) ~ exp(-k 2 /2r) For k=r 1/2, Prob(E k )<0.607, thus Prob(Collision k )>0.393 For k=1.2r 1/2, Prob(E k )<0.487, thus Prob(Collision k )>0.513 plot({exp(-x),1-x},x=0..0.5);

Application to Cryptographic Hashing Let H:D --> R, R of size r. Suppose we can get k random images under H. If k 2 is larger than r then the probability of a collision, 1-exp(-k 2 /2r), is large. Thus a necessary condition for avoiding collisions is that r is so large that it is infeasible to generate r 2 hash values. This leads to requiring that message digests be at least 160 bits long (2 160/2 = 2 80 is large enough).

One Way Function (OWF) easy x hard x e mod N easy: there exists a (probabilistic) polynomial time algorithm (PPT) A such that A(x)= f(x) for each x hard: there is not a PPT algorithm B such that for each sufficently large k Prob (B(f(x)= x t.c. f(x)= f(x )) x = k should be the same as tossing coins (random guess)

OWF: definition Definition: f:d R is one way function if It is easy to compute It is difficult to invert Recall difficult = computationally hard that is Not possible in polynomial time Even in probabilistic terms (say with prob. >0.001) Note: OWF are useful in cryptography we do not know whether OWF exists. We conjecture their existence

Discrete Log (DL) Let G be a group and g an element in G. Let y=g x and x the minimal non negative integer satisfying the equation. x is called the discrete log of y to base g. Example: y=g x mod p in the multiplicative group of Z p

Discrete Log in Z p A candidate for One Way Function Let y=g x mod p in the multiplicative group of Z p Exponentiation takes O(log 3 p) steps Standard discrete log is believed to be computationally hard. x g x is easy (efficiently computable). g x x believed hard (computionally infeasible). x g x is a one way function.

Public-Key Cryptography The New Era (1976-present)

Classical, Symmetric Ciphers Alice and Bob share the same secret key K A,B. K A,B must be secretly generated and exchanged prior to using the unsecure channel. Alice Bob

Diffie and Hellman (76) New Directions in Cryptography Split the Bob s secret key K to two parts: K E, to be used for encrypting messages to Bob. K D, to be used for decrypting messages by Bob. K E can be made public (public key cryptography, assymetric cryptography)

New Directions in Cryptography The Diffie-Hellman paper (IEEE IT, vol. 22, no. 6, Nov. 1976) generated lots of interest in crypto research in academia and private industry. Diffie & Hellman came up with the revolutionary idea of public key cryptography, but did not have a proposed implementation (these came up 2 years later with Merkle-Hellman and Rivest-Shamir- Adelman). In their 76 paper, Diffie & Hellman did invent a method for key exchange over insecure communication lines, a method that is still in use today.

Public Exchange of Keys Goal: Two parties (Alice and Bob) who do not share any secret information, perform a protocol and derive the same shared key. Eve who is listening in cannot obtain the new shared key if she has limited computational resources.

Diffie-Hellman Key Exchange Public parameters: A prime p, and an element g (possibly a generator of the multiplicative group Z p * ) Alice chooses a at random from the interval [1..p-2] and sends g a mod p to Bob. Bob chooses b at random from the interval [1..p-2] and sends g b mod p to Alice. Alice and Bob compute the shared key g ab mod p : Bob holds b, computes (g a ) b = g ab. Alice holds a, computes (g b ) a = g ab.

DH Security DH is at most as strong as DL in Z p. Formal equivalence unknown, though some partial results known. Despite 25 years effort, still considered secure todate. Computation time is O(log 3 p).

Properties of Key Exchange Necessary security requirement: the shared secret key is a one way function of the public and transmitted information. Necessary constructive requirement: an appropriate combination of public and private pieces of information forms the shared secret key efficiently. DH Key exchange by itself is effective only against a passive adversary. Man-inthe-middle attack is lethal.

Security Requirements Is the one-way relationship between public information and shared private key sufficient? A one-way function may leak some bits of its arguments. The full requirement is: given all the communication recorded throughout the protocol, computing any bit of the shared key is hard Note that the any bit requirement is especially important

Other DH Systems The DH idea can be used with any group structure Limitation: groups in which the discrete log can be easily computed are not useful Example: additive group of Z p Currently useful DH systems: the multiplicative group of Z p and elliptic curve systems

Key Exchange in Systems VPN usually has two phases Handshake protocol: key exchange between parties sets symmetric keys Traffic protocol: communication is encrypted and authenticated by symmetric keys Automatic distribution of keys- flexibility and scalability Periodic refreshing of keys- reduced material for attacks, recovery from leaks

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback