Embed Size (px)
Citation preview
4th lecture
Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message+ 23 (X) 12 (M) 2 (C) 10 (K) 11 (L) key = 30 16 13 21 25 message + key
= 4 (E) 16 (Q) 13 (N) 21 (V) 25 (Z) message + key (mod 26)
E Q N V Z → ciphertext
To obtain the plaintext from the ciphertext, the key is subtracted from the ciphertext using modular arithmetic.
E Q N V Z ciphertext 4 (E) 16 (Q) 13 (N) 21 (V) 25 (Z) ciphertext - 23 (X) 12 (M) 2 (C) 10 (K) 11 (L) key = -19 4 11 11 14 ciphertext - key = 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) ciphertext - key (mod 26) H E L L O → message
Encryption M: 0 1 1 0 1 0 1 0 0 1 1 K: 1 1 1 1 0 1 1 0 1 1 0 ------------------------------ C: 1 0 0 1 1 1 0 0 1 0 1 C = M (xor) K
Decryption C: 1 0 0 1 1 1 0 0 1 0 1 K: 1 1 1 1 0 1 1 0 1 1 0 --------------------------------- M: 0 1 1 0 1 0 1 0 0 1 1 M = C (xor) K
They are a fundamental building block for most of the protocols.
They are easy to compute, but hard to reverse
Given X it is easy to compute f(x), but given f(x) it is hard to compute X.
“hard” is defined as something like, it would take millions of years to compute X from f(X).
A special type of one-way function, one with a secret trapdoor.
It is easy to compute in one direction and hard to compute in the other direction. But, if you know the secret, you can easily compute the function in the other direction.
Message digest (MD), message integrity check (MIC), fingerprint, …
It takes a variable-length input string (pre-image) and converts it to a fixed-length output string (hash value).
It is easy to compute a hash value from pre-image, but it is hard to generate a pre-image that hashes to a particular value.
A good one-way hash function is collision-free. Collision-free means that, it is hard to find two
pre-images that generate the same hash value. A single bit change in the pre-image changes
on the average half of the bits in the hash value.
Application: File fingerprinting. The two most common hash functions are:
Message Digest 5 (MD5): produce 120-b digest.
Secure Hash Algorithm 1 (SHA-1): produces 160-b.
MAC is a one-way hash function with the addition of a secret key.
Someone with the key can verify the hash value.
One-way hash function
Pre-image
Key
Hash value
• Requirements - must be able to verify that:
1. Message came from apparent source or author.
2. Contents have not been altered.3. Sometimes, it was sent at a certain time or sequence.
• Protection against active attacks.
Authentication Using Conventional Encryption◦ Only the sender and receiver should share a key
Authentication without Message Encryption◦ An authentication tag is generated and appended
to each message
Message Authentication Code◦ Calculate the MAC as a function of the message
and the key. MAC = F(K, M)
Using One-way HASH Using One-way HASH functionfunction
Introduced by Diffie and Hellman. Two different keys are used (public - private). It is computationally hard to deduce the
private key from the public key. It is based on the trap-door one-way
functions. A network of users can communicate
together using the public-key cryptosystem.
Three categories:◦Encryption/decryption: The sender encrypts
a message with the recipient’s public key.
◦Digital signature: The sender ”signs” a message with its private key.
◦Key echange: Two sides cooperate to exhange a session key.
1. Computationally easy for a party B to generate a pair (public key KUb, private key KRb)
2. Easy for sender to generate
3. Easy for the receiver to decrypt ciphertect using private key:
ciphertext: )(MEC KUb
)]([)( MEDCDM KUbKRbKRb
4. Computationally infeasible to determine private key (KRb) knowing public key (KUb)
5. Computationally infeasible to recover message M, knowing KUb and ciphertext C
6. Either of the two keys can be used for encryption, with the other used for decryption: )]([)]([ MEDMEDM KRbKUbKUbKRb
Public-key algorithms are slow. Public-key cryptosystems are vulnerable to
chosen-plaintext attacks:◦ If C=E(P), and P is one plaintext out of a set of n
possible plaintexts, then a cryptanalyst only has to encrypt all n possible plaintexts and compare the results with C.
It is used to distribute session keys which are used with symmetric algorithms to secure messages. “This is called a hybrid cryptosystem”
A hybrid cryptosystem can be constructed using any two separate cryptosystems:
a key encapsulation scheme, which is a public-key cryptosystem, and
a data encapsulation scheme, which is a symmetric-key cryptosystem.
To encrypt a message addressed to Alice in a hybrid cryptosystem, Bob does the following:
Obtains Alice's public key. Generates a fresh symmetric key for the
data encapsulation scheme. Encrypts the message under the data
encapsulation scheme, using the symmetric key just generated.
Encrypt the symmetric key under the key encapsulation scheme, using Alice's public key.
Send both of these encryptions to Alice.To decrypt this hybrid ciphertext, Alice does
the following: uses her private key to decrypt the
symmetric key contained in the key encapsulation segment.
uses this symmetric key to decrypt the message contained in the data encapsulation segment.
RSA and Diffie-Hellman RSA - Ron Rives, Adi Shamir and Len
Adleman at MIT, in 1977.◦ RSA is a block cipher◦ The most widely implemented
Diffie-Hellman ◦ Echange a secret key securely
Characteristics of signatures:
◦ The signature is authentic.◦ The signature is unforgeable.◦ The signature is not reusable.◦ The signed document is unalterable.◦ The signature can not be repudiated.
There are some problems if signatures is used in computer environment (digital signature):◦ Computer files are easy to copy.◦ It is easy to cut and paste a valid signature from
one document to another.◦ Computer files are easy to modify after they are
signed.
Alice sends a message to Bob that includes both the plaintext “P” and an encrypted version of P, “C” using her private key. This encrypted version is her digital signature.
Bob receives the message “C” and decrypts it using her public key.
Bob compares the decrypted message and the plaintext message.
Bob can authenticate that the message came from Alice because he decrypted it using Alice’s public key.
if Alice and Bob are strangers who have never communicated to each other before, then the digital signature is useless for authentication. it cannot be used to authenticate the identity of the sender. In this case, a trusted third party “arbitrator” is required to authenticate the identity of the transacting parties
