Innovation and Cryptoventures. Digital Signatures. Campbell R. Harvey. Duke University, NBER and Investment Strategy Advisor, Man Group, plc

Similar documents
Innovation and Cryptoventures. Digital Signatures. Campbell R. Harvey. Duke University, NBER and Investment Strategy Advisor, Man Group, plc

Elliptic Curve Key Pair Generation

Implementation and Benchmarking of Elliptic Curve Cryptography Algorithms

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Diffie-Hellman. Part 1 Cryptography 136

Activity Guide - Public Key Cryptography

Cryptography and Network Security

An Introduction to Bitcoin

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption

Public Key Algorithms

Key Management and Distribution

Key Exchange. Secure Software Systems

Smalltalk 3/30/15. The Mathematics of Bitcoin Brian Heinold

Introduction to Elliptic Curve Cryptography

Public Key Cryptography and RSA

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

Understanding Cryptography by Christof Paar and Jan Pelzl. Chapter 9 Elliptic Curve Cryptography

Public Key Cryptography and the RSA Cryptosystem

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

Overview. Public Key Algorithms I

The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who

CS 161 Computer Security

Digital Signatures. KG November 3, Introduction 1. 2 Digital Signatures 2

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

Abhijith Chandrashekar and Dushyant Maheshwary

Elliptic Curve Public Key Cryptography

ECC Elliptic Curve Cryptography. Foundations of Cryptography - ECC pp. 1 / 31

Public Key Cryptography

What did we talk about last time? Public key cryptography A little number theory

Applied Cryptography and Computer Security CSE 664 Spring 2018

Chapter 9. Public Key Cryptography, RSA And Key Management

The Application of Elliptic Curves Cryptography in Embedded Systems

1 Identification protocols

UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Introduction to Cryptography ECE 597XX/697XX

Key Management and Elliptic Curves

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

RSA. Public Key CryptoSystem

Chapter 9 Public Key Cryptography. WANG YANG

1. Diffie-Hellman Key Exchange

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

CHAPTER 4 VERIFIABLE ENCRYPTION OF AN ELLIPTIC CURVE DIGITAL SIGNATURE

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Davenport University ITS Lunch and Learn February 2, 2012 Sneden Center Meeting Hall Presented by: Scott Radtke

Kurose & Ross, Chapters (5 th ed.)

Spring 2010: CS419 Computer Security

An IBE Scheme to Exchange Authenticated Secret Keys

Introduction to Cryptography and Security Mechanisms. Abdul Hameed

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Channel Coding and Cryptography Part II: Introduction to Cryptography

Lecture 20 Public key Crypto. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller and Bailey s ECE 422

Introduction to Cryptography Lecture 7

Lecture 2 Applied Cryptography (Part 2)

CSC 474/574 Information Systems Security

CPSC 467b: Cryptography and Computer Security

ECE596C: Handout #9. Authentication Using Shared Secrets. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

Public-Key Encryption, Key Exchange, Digital Signatures CMSC 23200/33250, Autumn 2018, Lecture 7

Algorithms (III) Yu Yu. Shanghai Jiaotong University

Uzzah and the Ark of the Covenant

Algorithms (III) Yijia Chen Shanghai Jiaotong University

Crypto Background & Concepts SGX Software Attestation

Algorithms (III) Yijia Chen Shanghai Jiaotong University

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Cryptographic Systems

Secrets & Lies, Knowledge & Trust. (Modern Cryptography) COS 116 4/20/2006 Instructor: Sanjeev Arora

Public Key Cryptography

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

10.1 Introduction 10.2 Asymmetric-Key Cryptography Asymmetric-Key Cryptography 10.3 RSA Cryptosystem

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Cryptography: Matrices and Encryption

Public Key Algorithms

CPSC 467: Cryptography and Computer Security

Senior Math Circles Cryptography and Number Theory Week 1

(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography

Introduction to Cryptography Lecture 7

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Computer Security 3/23/18

RSA (material drawn from Avi Kak Lecture 12, Lecture Notes on "Computer and Network Security" Used in asymmetric crypto.

Digital Signatures. Luke Anderson. 7 th April University Of Sydney.

Quantum Encryption Keys

CS 161 Computer Security

Some Stuff About Crypto

Chapter 7 Public Key Cryptography and Digital Signatures

Public-key encipherment concept

RSA Cryptography in the Textbook and in the Field. Gregory Quenell

A SIGNATURE ALGORITHM BASED ON DLP AND COMPUTING SQUARE ROOTS

CS669 Network Security

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Proposal For C%: A Language For Cryptographic Applications

Chapter 3 Public Key Cryptography

CS 161 Computer Security

Key Establishment and Authentication Protocols EECE 412

Lecture 6: Overview of Public-Key Cryptography and RSA

CS408 Cryptography & Internet Security

Other Topics in Cryptography. Truong Tuan Anh

Transcription:

Innovation and Cryptoventures Digital Signatures Campbell R. Harvey Duke University, NBER and Investment Strategy Advisor, Man Group, plc January 30, 2017 Definition Cryptography is the science of communication in the presence of an adversary. Part of the field of cryptology. 2

Goals of Adversary Alice sends message to Bob Eve is the adversary 3 Goals of Adversary Eve s goals could be: 1. Eavesdrop 2. Steal secret key so that all future messages can be intercepted 3. Change Alice s message to Bob 4. Masquerade as Alice in communicating to Bob 4

Symmetric Keys Early algorithms were based on symmetric keys. This meant a common key encrypted and decrypted the message You needed to share the common key and this proved difficult 5 Symmetric Keys Early methods relied on a shared key or code A message would be encrypted and sent but the receiver needed to decode with a key or a special machine Example: The Lektor in James Bond, From Russia with Love. 6

Symmetric Keys However, you needed to securely share the key or decoder. 7 Symmetric Keys However, you needed to securely share the key or decoder. The adversary 8

Symmetric Keys Nazi Enigma Machine is an earlier version of the Lektor https://www.youtube.com/watch?v=g2_q9fod oq https://www.youtube.com/watch?v=v4v2bpzlqx8 Recommended videos! 9 Secret Keys Symmetric key DES (Data Encryption Standard) was a popular symmetric key method, initially used in SET (first on line credit card protocol) DES has been replaced by AES (Advanced Encryption Standard) 10

Diffee Hellman Key Exchange Breakthrough in 1976 with Diffie Hellman Merkle key exchange There is public information that everyone can see. Each person, say Alice and Bob, have secret information. The public and secret information is combined in a way to reveal a single secret key that only they know https://www.youtube.com/watch?v=yebfamv _do 11 Diffee Hellman Key Exchange Will use prime numbers and modulo arithmetic We already encountered one example of modular arithmetic in the SHA 256 which uses mod=2 32 or 4,294,967,296 https://www.youtube.com/watch?v=yebfamv _do 12

Key Exchange Numerical example 5 mod 2 = 1 Divide 5 by 2 the maximum number of times (2) 2 is the modulus The remainder is 1 Remainders never larger than (mod 1) so for mod 12 (clock) you would never see remainders greater than 11. EXCEL function = mod(number, divisor) e.g., mod(329, 17) = 6 mod 13 Key Exchange Alice and Bob decide on two public pieces for information A modulus (say 17) A generator (or the base for an exponent) (say 3) Alice has a private key (15) Bob has a private key (13) Is it possible for them to share a common secret that is unlikely to be intercepted? https://www.khanacademy.org/computing/computer science/cryptography/modern crypt/v/diffie hellman key exchange part 2 14

Key Exchange Alice: Calculates 3 15 mod 17 = 6 (i.e., =mod(3^(15), 17)) Alice send the message 6 to Bob 15 Key Exchange Alice: Calculates 3 15 mod 17 = 6 (i.e., =mod(3^(15), 17)) Alice send the message 6 to Bob Eve intercepts the message! 16

Key Exchange Bob: Calculates 313 mod 17 = 12 (i.e., =mod(3^(13), 17)) Bob send the message 12 to Alice 17 Key Exchange Bob: Calculates 313 mod 17 = 12 (i.e., =mod(3^(13), 17)) Bob send the message 12 to Alice Eve intercepts the message! Now Eve has the 6 and the 12. 18

Key Exchange Alice: Takes Bob s message of 12 and raises it to the power of her private key. Calculates 12 15 mod 17 = 10 (i.e., =mod(12^(15), 17)) * This is their common secret *EXCEL only does 15 digits so this will not work 19 Key Exchange Bob: Takes Alice s message of 12 and raises it to the power of his private key. Calculates 6 13 mod 17 = 10 (i.e., =mod(6^(13), 17)) This is their common secret 20

Key Exchange Eve She has intercepted their message. However, without the common secret key, there is little chance she can recover the shared secret. 21 Key Exchange Common secret Alice can now encrypt a message with the common secret and Bob can decrypt it with the common secret. Notice this is a common secret. Next we will talk private/public keys. That is, both and Alice have separate public keys and separate private keys. 22

Key Exchange (Optional slide) Why does this work They are solving the same problem. Alice sent Bob 3 15 mod 17 = 6. Bob raises the to power of 13. This is the same as 6 13 mod 17 = [3 15 ]^(13) mod 17 =10 Alice s original calculation 23 Key Exchange (Optional slide) Why does this work They are solving the same problem. Bob sent Alice 3 13 mod 17 = 12. Alice raises the to power of 15. This is the same as 12 15 mod 17 = [3 13 ]^(15) mod 17 =10 Bob s original calculation 24

Key Exchange (Optional slide) Why does this work They are solving the same problem. The modular arithmetic is crucial. See! [3 13 ]^(15) = [315 ]^(13) 25 Key Exchange RSA and ECC Now we will introduce key pairs. The basic idea of modular arithmetic provides the foundation for RSA private/public key cryptography. The prime numbers that are used are huge. Private keys are mathematically linked to public keys. 26

RSA: High Level Overview See my Cryptography 101 deck for much more detail. Two prime numbers are chosen and they are secret (say 7 and 13, called p,q). Multiply them together. The product (N=91) is public but people don t know the prime numbers used to get it. A public key is chosen (say 5). Given the two prime numbers, 7 and 13, and the public key, we can derive the private key, which is 29. 27 RSA Issues with RSA RSA relies on factoring N is public (our example was 91) If you can guess the factors, p, q, then you can discover the private key 28

RSA Issues with RSA Factoring algorithms have become very efficient To make things worse, the algorithms become more efficient as the size of the N increases Hence, larger and larger numbers are needed for N This creates issues for mobile and low power devices that lack the computational power 29 http://www.slate.com/articles/health_and_science/science/2016/01/the_world_s_largest_prime_number_has_22_338_618_digits_here_s_why_you_should.html Elliptic Curve Cryptography Mathematics of elliptic curves Do not rely on factoring Curve takes the form of y 2 = x 3 + ax + b Note that diagram is continuous but we will be using discrete versions of this arithmetic Bitcoin uses a=0 and b=7 Note: 4a 3 + 27b 2 0 30

Elliptic Curve Cryptography Properties Symmetric in x axis Any non vertical line intersects in three points Algebraic representation 31 Elliptic Curve Cryptography Properties R Define a system of addition. To add P and Q pass a line through and intersect at third point R. Drop a vertical line down to symmetric part. This defines P+Q (usually denoted ) P Q Denote Elliptic Curve as E P+Q 32

Elliptic Curve Cryptography Properties P Define a system of addition. To add P and P use a tangent line and intersect at third point. Drop a vertical line down to symmetric part. This definite 2P (usually denoted ) Denote Elliptic Curve as E 2P 33 Elliptic Curve Cryptography (Optional slide) Properties (a) P + O = O + P = P for all P E. (existence of identity) (b) P + ( P) = O for all P E. (existence of inverse) (c) P + (Q + R) = (P + Q) + R for all P, Q, R E. (associative) (d) P + Q = Q + P for all P, Q E (communativity) Denote Elliptic Curve as E 34

Elliptic Curve Cryptography (Optional slide) Why use in cryptography? Suggested by Koblitz and Miller in 1985 Implemented in 2005 Key insight: Adding and doubling on the elliptic curve is easy but undoing the adding is very difficult 35 Elliptic Curve Cryptography (Optional slide) Modulo arithmetic on EC Example of modulo 67 (means only points are between 0 and 66 Notice the symmetry http://www.coindesk.com/math behind bitcoin/# 36

Elliptic Curve Cryptography (Optional slide) Modulo arithmetic on EC Notice the symmetry (reflection in the red line) http://www.coindesk.com/math behind bitcoin/# 37 Elliptic Curve Cryptography (Optional slide) Modulo arithmetic on EC Example of modulo 67 Addition of (2,22) and (6,25) Note (2,22) called the base point The dashed blue line wraps around and intersects at (47,39) and the reflection is (47,28) http://www.coindesk.com/math behind bitcoin/# 38

Elliptic Curve Cryptography (Optional slide) Modulo arithmetic on EC Example of modulo 67 Addition of (2,22) and (6,25) Note (2,22) called the base point The dashed blue line wraps around and intersects at (47,39) and the reflection is (47,28) http://www.coindesk.com/math behind bitcoin/# 39 Elliptic Curve Cryptography (Optional slide) Four choices: Form of elliptic curve Prime modulo Base point Order http://www.coindesk.com/math behind bitcoin/# 40

Elliptic Curve Cryptography (Optional slide) Four choices: Form of elliptic curve: y 2 = x 3 + 7 Prime modulo: 2 256 2 32 2 9 2 8 2 7 2 6 2 4 1 = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F Base point: 04 79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798 483ADA77 26A3C465 5DA4FBFC 0E1108A8 FD17B448 A6855419 9C47D08F FB10D4B8 Order: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141 http://www.coindesk.com/math behind bitcoin/# 41 Elliptic Curve Cryptography (Optional slide) How it works: Private key is a random number chosen between 1 and the order Public key = private key*base point Maximum number of private keys (and bitcoin addresses) is equal to the order. It is straightforward to go from private key to a public key but brutally difficult to go from public key to private key. http://www.coindesk.com/math behind bitcoin/# 42

Elliptic Curve Cryptography (Optional slide) How it works: 1. Choose private key and derive public key Let prime modulus = m Let base point (x,y) = G Let order = n Let private key = d (which is just a number) Public key Q(x,y) = d*g [operations on the elliptic curve with prime modulus m] http://www.coindesk.com/math behind bitcoin/# 43 Elliptic Curve Cryptography (Optional slide) How it works: 2. Sign Let data = z (which could be a SHA 256 of the data you are signing) Generate a random number k Calculate k*g which leads to particular coordinates (x,y) * Calculate r = x mod n [Note n=order] Calculate s = (z + r*d)/k mod n Private key Digital Signature (DS) = (r, s) is just a set of coordinates http://www.coindesk.com/math behind bitcoin/# 44 *I am not sure what modulus is used for this EC operation.

Elliptic Curve Cryptography (Optional slide) How it works: 3. Verify Calculate w = s 1 mod n Calculate u = z*w mod n Base point Calculate v = r*w mod n Calculate the point (x, y ) = ug + vq Verify that r = x mod n If yes, verified. Remember DS = (r, s) Public key http://www.coindesk.com/math behind bitcoin/# 45 Elliptic Curve Cryptography (Optional slide) How it works: 4. Intuition Anyone can encrypt something with a public key The digital signature algorithm uses the data, a random number, and both the private and public keys Verification shows that only the owner of both the private and public key could have signed. Verification is a yes or a no. http://www.coindesk.com/math behind bitcoin/# 46

ECDSA Private key is a number called signing key (SK). It is secret. Public key is the verification key and is mathematically linked to the private key SK EC VK Private key: (number) Elliptic curve operations: Need base point, modulus, order Public key: coordinate (x, y) Note: Easy to generate a public key with a private key. Not easy to go the other way. 47 ECDSA Digital signature Nonce: (random number) Nonce Message EC DS SK Private key: (number) Elliptic curve operations: Need base point, modulus, order (n) Digital signature: coordinate (r, s) 48

ECDSA Verification DS coordinates r Yes (verified) s EC (x, y ) r = x mod n? Message No (rejected) VK Elliptic curve operations: Need base point, order (n) Derive new point on elliptic curve Check x coordinate of new point and DS Public key: (x, y) 49 How DSAs Work Notice Proves that the person with the private key (that generated the public key) signed the message. Interestingly, digital signature is different from a usual signature in that it depends on the message, i.e., the signature is different for each different message. In practice, we do not sign the message, we sign a cryptographic hash of the message. This means that the size of the input is the same no matter how long the message is. 50

ECDSA in Action https://kjur.github.io/jsrsasign/sample ecdsa.html 51 ECDSA in Action OP_CHECKSIG uses Public Key + Digital Signature + Hash of Transaction Verifies whether this transaction has been signed by the owner of the Private Key 52

Application: PGP Email My public key for secure email You can encrypt an email to me with my public key and only I can decrypt with my private key. 53 Application: PGP Email Steps 1. Message compressed 2. Random session key (based on mouse movements and keystrokes) is generated. 3. Message encrypted with session key 4. Session key is encrypted with receiver s public key 5. Encrypted message + encrypted session key sent via email 6. Recipient uses their private key to decrypt the session key 7. Session key is used to decrypt the message 8. Message decompressed http://www.pgpi.org/doc/pgpintro/ 54

References The Math Behind Bitcoin [recommended] Elliptic Curve Digital Signature Algorithm (Bitcoin) What does the curve used in Bitcoin, secp256k1, look like? Elliptic Curve Digital Signature Algorithm (Wikipedia) Elliptic Curve Cryptography (UCSB) Elliptic Curve Cryptography and Digital Rights Management (Purdue) Zero to ECC in 30 minutes (Entrust) The Elliptic Curve Cryptosystem Goldwasser, Shaffi and Mihir Bellare, 2008, Lecture Notes on Cryptography Dan Boneh, Stanford University, Introduction to Cryptography Dan Boneh, Stanford University, Cryptography II https://arstechnica.com/security/2013/10/a relatively easy to understand primer on elliptic curve cryptography/ 55

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback