Introduction to Blockchain - Lecture 1: RSA, SHA and ... · Week 2 ( 28st May to 1st June) Software...

Introduction to BlockchainLecture 1: RSA, SHA and Digital Signatures

Ras Dwivedi

IIT Kanpur

May 21, 2018

Ras Dwivedi (IIT Kanpur) Introduction to Blockchain May 21, 2018 1 / 23

Outline

1 Introduction

2 Cryptography

4 HASH function

Introduction

Outline

1 Introduction

2 Cryptography

4 HASH function

Introduction

Course Logistic

Week 1 ( 21st May to 25th May)

BlockchainWeek 2 ( 28st May to 1st June)

Software SecurityAttendance: Compulsory

Passing this course requires satisfactory number of classes to beattended

Quiz:1 on 1st JuneWould have questions from both the sectionDuration: About 30 minsMandatory to pass the quiz

AssignmentWould not be gradedjust for practice

Introduction

Course Logistic

Week 1 ( 21st May to 25th May)Blockchain

Week 2 ( 28st May to 1st June)Software Security

Attendance: CompulsoryPassing this course requires satisfactory number of classes to beattended

Introduction

Course Logistic

Week 2 ( 28st May to 1st June)

Software SecurityAttendance: Compulsory

Introduction

Course Logistic

Introduction

Course Logistic

Attendance: Compulsory

Introduction

Course Logistic

Introduction

Course Logistic

1 on 1st JuneWould have questions from both the sectionDuration: About 30 minsMandatory to pass the quiz

Introduction

Course Logistic

Quiz:1 on 1st June

Would have questions from both the sectionDuration: About 30 minsMandatory to pass the quiz

Introduction

Course Logistic

Quiz:1 on 1st JuneWould have questions from both the section

Duration: About 30 minsMandatory to pass the quiz

Introduction

Course Logistic

Quiz:1 on 1st JuneWould have questions from both the sectionDuration: About 30 mins

Mandatory to pass the quizAssignment

Would not be gradedjust for practice

Introduction

Course Logistic

Introduction

Course Logistic

Assignment

Would not be gradedjust for practice

Introduction

Course Logistic

AssignmentWould not be graded

just for practice

Introduction

Course Logistic

Introduction

Course Logistic

Introduction

Blockchain

RSA, SHA and Digital SignaturesIntroduction to Cryptocurrency and BitcoinIntroduction to Ethereum and MistHands on Mist and GethByzantine General Problem

Introduction

Blockchain

RSA, SHA and Digital Signatures

Introduction to Cryptocurrency and BitcoinIntroduction to Ethereum and MistHands on Mist and GethByzantine General Problem

Introduction

Blockchain

RSA, SHA and Digital SignaturesIntroduction to Cryptocurrency and Bitcoin

Introduction to Ethereum and MistHands on Mist and GethByzantine General Problem

Introduction

Blockchain

RSA, SHA and Digital SignaturesIntroduction to Cryptocurrency and BitcoinIntroduction to Ethereum and Mist

Hands on Mist and GethByzantine General Problem

Introduction

Blockchain

RSA, SHA and Digital SignaturesIntroduction to Cryptocurrency and BitcoinIntroduction to Ethereum and MistHands on Mist and Geth

Byzantine General Problem

Introduction

Blockchain

Introduction

Blockchain

Cryptography

Outline

1 Introduction

2 Cryptography

4 HASH function

Cryptography

Figure:Ras Dwivedi (IIT Kanpur) Introduction to Blockchain May 21, 2018 7 / 23

Cryptography

Cesar Cipher

Figure: Cesar Cipher!!

RAS − > UDVRas Dwivedi (IIT Kanpur) Introduction to Blockchain May 21, 2018 8 / 23

Cryptography

Symmetric key Cryptography

Cryptography

Public key cryptography

Outline

1 Introduction

2 Cryptography

4 HASH function

Factoring is hard

6 = 2× 3Convince yourself that factoring is hard!!100 = 10× 10 = 2× 2× 5× 5299 = 13× 23437 = 19× 23589 = 19× 31So how to use it?

Factoring is hard

6 = 2× 3

Convince yourself that factoring is hard!!100 = 10× 10 = 2× 2× 5× 5299 = 13× 23437 = 19× 23589 = 19× 31So how to use it?

Factoring is hard

6 = 2× 3Convince yourself that factoring is hard!!

100 = 10× 10 = 2× 2× 5× 5299 = 13× 23437 = 19× 23589 = 19× 31So how to use it?

Factoring is hard

6 = 2× 3Convince yourself that factoring is hard!!100 =

10× 10 = 2× 2× 5× 5299 = 13× 23437 = 19× 23589 = 19× 31So how to use it?

Factoring is hard

6 = 2× 3Convince yourself that factoring is hard!!100 = 10× 10 = 2× 2× 5× 5

299 = 13× 23437 = 19× 23589 = 19× 31So how to use it?

Factoring is hard

6 = 2× 3Convince yourself that factoring is hard!!100 = 10× 10 = 2× 2× 5× 5299 =

13× 23437 = 19× 23589 = 19× 31So how to use it?

Factoring is hard

6 = 2× 3Convince yourself that factoring is hard!!100 = 10× 10 = 2× 2× 5× 5299 = 13× 23

437 = 19× 23589 = 19× 31So how to use it?

Factoring is hard

6 = 2× 3Convince yourself that factoring is hard!!100 = 10× 10 = 2× 2× 5× 5299 = 13× 23437 =

19× 23589 = 19× 31So how to use it?

Factoring is hard

6 = 2× 3Convince yourself that factoring is hard!!100 = 10× 10 = 2× 2× 5× 5299 = 13× 23437 = 19× 23

589 = 19× 31So how to use it?

Factoring is hard

6 = 2× 3Convince yourself that factoring is hard!!100 = 10× 10 = 2× 2× 5× 5299 = 13× 23437 = 19× 23589 = 19× 31So how to use it?

Fermat’s little theorem

ap−1 = 1 modulo p

p is primeExample24 %5 = 16%5 = 1410 %11= 1048576%11 = 1

ap−1 = 1 modulo pp is prime

Example24 %5 = 16%5 = 1410 %11= 1048576%11 = 1

ap−1 = 1 modulo pp is primeExample24 %5 =

16%5 = 1410 %11= 1048576%11 = 1

ap−1 = 1 modulo pp is primeExample24 %5 = 16%5 = 1

410 %11= 1048576%11 = 1

ap−1 = 1 modulo pp is primeExample24 %5 = 16%5 = 1410 %11

= 1048576%11 = 1

ap−1 = 1 modulo pp is primeExample24 %5 = 16%5 = 1410 %11= 1048576%11 = 1

proposed by Rivest,Shamir,Adlemanchoose two large distinct prime number p, qcalculate n = pqcalculate φ = lcm(p − 1, q − 1)choose e such that gcd(e, φ) = 1calculate d such that d = e−1modφ −→ e × d = 1 mod φ

Idea: me×d = med = m modulo nencryption: c = me mod ndecryption: p = cd mod n

proposed by Rivest,Shamir,Adleman

choose two large distinct prime number p, qcalculate n = pqcalculate φ = lcm(p − 1, q − 1)choose e such that gcd(e, φ) = 1calculate d such that d = e−1modφ −→ e × d = 1 mod φ

proposed by Rivest,Shamir,Adlemanchoose two large distinct prime number p, q

calculate n = pqcalculate φ = lcm(p − 1, q − 1)choose e such that gcd(e, φ) = 1calculate d such that d = e−1modφ −→ e × d = 1 mod φ

proposed by Rivest,Shamir,Adlemanchoose two large distinct prime number p, qcalculate n = pq

calculate φ = lcm(p − 1, q − 1)choose e such that gcd(e, φ) = 1calculate d such that d = e−1modφ −→ e × d = 1 mod φ

proposed by Rivest,Shamir,Adlemanchoose two large distinct prime number p, qcalculate n = pqcalculate φ = lcm(p − 1, q − 1)

choose e such that gcd(e, φ) = 1calculate d such that d = e−1modφ −→ e × d = 1 mod φ

proposed by Rivest,Shamir,Adlemanchoose two large distinct prime number p, qcalculate n = pqcalculate φ = lcm(p − 1, q − 1)choose e such that gcd(e, φ) = 1

calculate d such that d = e−1modφ −→ e × d = 1 mod φ

proposed by Rivest,Shamir,Adlemanchoose two large distinct prime number p, qcalculate n = pqcalculate φ = lcm(p − 1, q − 1)choose e such that gcd(e, φ) = 1calculate d such that d = e−1modφ

−→ e × d = 1 mod φ

Idea: me×d = med = m modulo n

encryption: c = me mod ndecryption: p = cd mod n

Idea: me×d = med = m modulo nencryption: c = me mod n

decryption: p = cd mod n

RSA: Example

p = 5,

q = 7 p × q = 35p − 1 = 4 , q − 1 = 6 , φ = 24Oops! φ = 12, but 24 would still worke = 11 ,d = 11e × d = 12124× 5 = 120

121% 24 =1m = 2c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2

RSA: Example

p = 5, q = 7

p × q = 35p − 1 = 4 , q − 1 = 6 , φ = 24Oops! φ = 12, but 24 would still worke = 11 ,d = 11e × d = 12124× 5 = 120

RSA: Example

p = 5, q = 7 p × q = 35

p − 1 = 4 , q − 1 = 6 , φ = 24Oops! φ = 12, but 24 would still worke = 11 ,d = 11e × d = 12124× 5 = 120

RSA: Example

p = 5, q = 7 p × q = 35p − 1 = 4

, q − 1 = 6 , φ = 24Oops! φ = 12, but 24 would still worke = 11 ,d = 11e × d = 12124× 5 = 120

RSA: Example

p = 5, q = 7 p × q = 35p − 1 = 4 , q − 1 = 6

, φ = 24Oops! φ = 12, but 24 would still worke = 11 ,d = 11e × d = 12124× 5 = 120

RSA: Example

p = 5, q = 7 p × q = 35p − 1 = 4 , q − 1 = 6 , φ = 24

Oops! φ = 12, but 24 would still worke = 11 ,d = 11e × d = 12124× 5 = 120

RSA: Example

p = 5, q = 7 p × q = 35p − 1 = 4 , q − 1 = 6 , φ = 24Oops! φ = 12, but 24 would still worke = 11

,d = 11e × d = 12124× 5 = 120

RSA: Example

p = 5, q = 7 p × q = 35p − 1 = 4 , q − 1 = 6 , φ = 24Oops! φ = 12, but 24 would still worke = 11 ,d =

11e × d = 12124× 5 = 120

RSA: Example

p = 5, q = 7 p × q = 35p − 1 = 4 , q − 1 = 6 , φ = 24Oops! φ = 12, but 24 would still worke = 11 ,d = 11e × d = 121

24× 5 = 120121% 24 =1m = 2c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2

RSA: Example

p = 5, q = 7 p × q = 35p − 1 = 4 , q − 1 = 6 , φ = 24Oops! φ = 12, but 24 would still worke = 11 ,d = 11e × d = 121

24× 5 = 120121% 24 =1m = 2c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2

RSA: Example

p = 5, q = 7 p × q = 35p − 1 = 4 , q − 1 = 6 , φ = 24Oops! φ = 12, but 24 would still worke = 11 ,d = 11e × d = 12124× 5 = 120

121% 24 =1

m = 2c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2

RSA: Example

121% 24 =1m = 2

c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2

RSA: Example

121% 24 =1m = 2c = me mod n

= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2

RSA: Example

121% 24 =1m = 2c = me mod n= 211 mod 35c = 2048 mod 35

; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2

RSA: Example

121% 24 =1m = 2c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18

(35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2

RSA: Example

121% 24 =1m = 2c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11

, c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2

RSA: Example

121% 24 =1m = 2c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18

m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2

RSA: Example

121% 24 =1m = 2c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod n

m = 1811 mod 35= 64268410079232%35m = 2

RSA: Example

121% 24 =1m = 2c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35

RSA: Example

121% 24 =1m = 2c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2Ras Dwivedi (IIT Kanpur) Introduction to Blockchain May 21, 2018 15 / 23

RSA: Example

121% 24 =1m = 2c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2Ras Dwivedi (IIT Kanpur) Introduction to Blockchain May 21, 2018 15 / 23

RSA: Example

p = 7,

q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15

RSA: Example

p = 7, q = 13

p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15

RSA: Example

p = 7, q = 13 p × q = 91

p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6

, q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12

, φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5

,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d =

2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 29

72× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1

m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15

c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n

= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91

; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71

Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47

, c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71

m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod n

m = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91

m = 15

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15

Digital signature Attempt 1

AIM: Convince everybody that Alice have signed the document

nobody should be able to forge the documentsimple pasting a copy of signature do not workIDEA: USE RSAfor document m Alice uses s = md as her digital signature. To verify,verifier calculates se and if m = se mod n, signature is genuined is called Alice’s secret key and e is called Alice’s Public key

AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the document

simple pasting a copy of signature do not workIDEA: USE RSAfor document m Alice uses s = md as her digital signature. To verify,verifier calculates se and if m = se mod n, signature is genuined is called Alice’s secret key and e is called Alice’s Public key

AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the documentsimple pasting a copy of signature do not work

IDEA: USE RSAfor document m Alice uses s = md as her digital signature. To verify,verifier calculates se and if m = se mod n, signature is genuined is called Alice’s secret key and e is called Alice’s Public key

AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the documentsimple pasting a copy of signature do not workIDEA: USE RSA

for document m Alice uses s = md as her digital signature. To verify,verifier calculates se and if m = se mod n, signature is genuined is called Alice’s secret key and e is called Alice’s Public key

AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the documentsimple pasting a copy of signature do not workIDEA: USE RSAfor document m Alice uses s = md as her digital signature. To verify,verifier calculates se and if m = se mod n, signature is genuine

d is called Alice’s secret key and e is called Alice’s Public key

AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the documentsimple pasting a copy of signature do not workIDEA: USE RSAfor document m Alice uses s = md as her digital signature. To verify,verifier calculates se and if m = se mod n, signature is genuined is called Alice’s secret key and e is called Alice’s Public key

Is the Scheme secure?

No!given (n, e) private key of Alice cannot be calculatedgiven document m, s = md could not be guessed.Problem: forging given m1,m2 as two document, and s1, s2 as theirdigital signature, one can find the valid signature of m1.m2 as s1.s2

Also the length of the signature is proportional to the size of thedocumentslow

What could we do now?

given (n, e) private key of Alice cannot be calculatedgiven document m, s = md could not be guessed.Problem: forging given m1,m2 as two document, and s1, s2 as theirdigital signature, one can find the valid signature of m1.m2 as s1.s2

No!given (n, e) private key of Alice cannot be calculated

given document m, s = md could not be guessed.Problem: forging given m1,m2 as two document, and s1, s2 as theirdigital signature, one can find the valid signature of m1.m2 as s1.s2

No!given (n, e) private key of Alice cannot be calculatedgiven document m, s = md could not be guessed.

Problem: forging given m1,m2 as two document, and s1, s2 as theirdigital signature, one can find the valid signature of m1.m2 as s1.s2

Also the length of the signature is proportional to the size of thedocument

slowWhat could we do now?

HASH function

Outline

1 Introduction

2 Cryptography

4 HASH function

HASH function

SHA: Secure Hash Functions

An Ideal Hash function is one which has following propertiesgiven f (x) it is impossible to guess x

given x1 its is impossible to find x2 such that f (x1) = f (x2)it is impossible to find x1, x2, such that x1 6= x2 and f (x1) = f (x2)

Lets understand by example

HASH function

An Ideal Hash function is one which has following propertiesgiven f (x) it is impossible to guess xgiven x1 its is impossible to find x2 such that f (x1) = f (x2)

it is impossible to find x1, x2, such that x1 6= x2 and f (x1) = f (x2)Lets understand by example

HASH function

An Ideal Hash function is one which has following propertiesgiven f (x) it is impossible to guess xgiven x1 its is impossible to find x2 such that f (x1) = f (x2)it is impossible to find x1, x2, such that x1 6= x2 and f (x1) = f (x2)

HASH function

Example: Hash Function

Suppose I can see Future. So I can foretell score of tomorrow’s IPL’smatch.

But If I tell score before, you can always change it and prove mewrong. I publish Hash of tomorrow’s score as: ”a34728bfed78dc89...”

can you tell what score I had in Mind?can I later change the score I thought before?can I purposely find hash such that two score are possible for thathash ?

HASH function

Suppose I can see Future. So I can foretell score of tomorrow’s IPL’smatch. But If I tell score before, you can always change it and prove mewrong.

I publish Hash of tomorrow’s score as: ”a34728bfed78dc89...”can you tell what score I had in Mind?can I later change the score I thought before?can I purposely find hash such that two score are possible for thathash ?

HASH function

Suppose I can see Future. So I can foretell score of tomorrow’s IPL’smatch. But If I tell score before, you can always change it and prove mewrong. I publish Hash of tomorrow’s score as: ”a34728bfed78dc89...”

HASH function

can you tell what score I had in Mind?

can I later change the score I thought before?can I purposely find hash such that two score are possible for thathash ?

HASH function

can you tell what score I had in Mind?can I later change the score I thought before?

can I purposely find hash such that two score are possible for thathash ?

HASH function

Difference between 2nd and 3rd condition?

HASH function

Difference between 2nd and 3rd condition?

HASH function

Merkle Demgrad Construction

Need of Padding message m?

m is prefix of PAD(m)if |m1| = |m2| then |PAD(m1)| = |PAD(m2)|if |m1| 6= |m2| then the last block of PAD(m1) 6= PAD(m2)

HASH function

Need of Padding message m?m is prefix of PAD(m)

if |m1| = |m2| then |PAD(m1)| = |PAD(m2)|if |m1| 6= |m2| then the last block of PAD(m1) 6= PAD(m2)

HASH function

Need of Padding message m?m is prefix of PAD(m)if |m1| = |m2| then |PAD(m1)| = |PAD(m2)|

if |m1| 6= |m2| then the last block of PAD(m1) 6= PAD(m2)

HASH function

Need of Padding message m?m is prefix of PAD(m)if |m1| = |m2| then |PAD(m1)| = |PAD(m2)|if |m1| 6= |m2| then the last block of PAD(m1) 6= PAD(m2)

HASH function

Need of Padding message m?m is prefix of PAD(m)if |m1| = |m2| then |PAD(m1)| = |PAD(m2)|if |m1| 6= |m2| then the last block of PAD(m1) 6= PAD(m2)

Introduction to Blockchain - Lecture 1: RSA, SHA and ... · Week 2 ( 28st May to 1st June) Software...

Documents

Document of The World Bank...(USD millions) 1 06/17/2004 Satisfactory Satisfactory 39.27 2 12/19/2004 Highly Satisfactory Highly Satisfactory 160.50 3 06/06/2005 Highly Satisfactory

The World Bankdocuments.worldbank.org/curated/en/... · 1 04/10/2002 Satisfactory Satisfactory 0.00 2 12/17/2002 Satisfactory Satisfactory 1.03 3 05/29/2003 Satisfactory Satisfactory

Document of The World Bank€¦ · 10 12/22/2003 Satisfactory Satisfactory 134.14 11 06/14/2004 Satisfactory Satisfactory 148.73 12 12/29/2004 Satisfactory Satisfactory 156.55 13

Sha update

Document of The World Bank€¦ · 1 11/02/2003 Satisfactory Satisfactory 0.00 2 06/28/2004 Satisfactory Satisfactory 0.31 3 12/03/2004 Satisfactory Unsatisfactory 0.89 4 06/22/2005

CCNSO MEMBERS MEETING IANA Names Function Update · GOST R 34.11-94 SHA-384 RSA/SHA-256 RSA/SHA-512 GOST R 34.10-2001 ECDSA P-256 SHA-256 ECDSA P-384 SHA-384 EdDSA 25519 EdDSA 448

REAL TIME AIR QUALITY REPORTING SYSTEM SHA-SHA

SHA-3 vs the world - OWASP...SHA-2 Merkle–Damgård MD4. Snefru MD5 SHA-1 SHA-2 Merkle–Damgård MD4. Keccak BLAKE, Grøstl, JH, Skein. Outline 1.SHA-3 2.derived functions 3.derived

Facial Gua Sha - tcmtips.comtcmtips.com/wp-content/uploads/2018/02/Facial-Gua-Sha-eBook.pdf · Why is the gua sha tool better than my fingers?..... 4 Is facial gua sha painful

Subject: Sha Sha Higby | Discipline : Performance Art

Calendar Year 2020 SHA Proposed Annual Budget …...2020 SHA PROPOSED ANNUAL BUDGET – SUMMARY 1 OVERVIEW OF THE 2020 SHA PROPOSED BUDGET The 2020 Seattle Housing Authority (SHA)

Implementation Completion and Results Report (ICR) Document · 2018. 6. 5. · 07 04-Jan-2016 Satisfactory Satisfactory 24.37 08 28-Jun-2016 Satisfactory Satisfactory 30.23 09 Satisfactory20-Dec-2016

27th & 28st March 2021

World Bank Documentdocuments.worldbank.org/curated/en/...02 09-Nov-2012 Satisfactory Satisfactory 1.86 03 22-Jun-2013 Satisfactory Satisfactory 11.57 04 30-Dec-2013 Satisfactory Moderately

Public Key Infrastructure SHA-1 to SHA-2 migration service€¦ · INDUSTRY SHIFT FROM SHA-1 TO SHA-2. SHA-2 is now the standard for self-managed and public CAs, although SHA-1 is

Document of The World Bank...02 19-Dec-2011 Satisfactory Satisfactory 1.43 03 07-Jul-2012 Satisfactory Satisfactory 2.35 04 26-Dec-2012 Satisfactory Satisfactory 4.33 05 04-Jul-2013

Descriptions of SHA-256, SHA-384, and SHA-512iwar.org.uk/comsec/resources/cipher/sha256-384-512.pdfDescriptions of SHA-256, SHA-384, and SHA-512 1. In tro duction An n-bit hash is

Implementation Completion and Results ... - The World Bank · 08 28-Apr-2014 Satisfactory Satisfactory 41.90 09 13-Nov-2014 Satisfactory Satisfactory 41.90 10 Satisfactory15-Jun-2015

Gua sha is a healing technique of Traditional Chinese ... · Gua sha Gua sha is a healing technique of Traditional Chinese Medicine. Gua sha is defined as instrument-assisted unidirectional

IMPLEMENTATION COMPLETION AND RESULTS REPORT CREDIT … · 2019. 4. 22. · 01‐ May‐ 2015 Satisfactory Satisfactory IDA‐55480: 19.44 2 04‐ Nov‐ 2015 Satisfactory Satisfactory