Introduction to Blockchain - Lecture 1: RSA, SHA and ... · Week 2 ( 28st May to 1st June) Software Security Attendance: Compulsory Passing this course requires satisfactory number

Introduction to BlockchainLecture 1: RSA, SHA and Digital Signatures

Ras Dwivedi

IIT Kanpur

May 21, 2018

Ras Dwivedi (IIT Kanpur) Introduction to Blockchain May 21, 2018 1 / 23

Outline

1 Introduction

2 Cryptography

3 RSA

4 HASH function


Introduction

Outline

1 Introduction

2 Cryptography

3 RSA

4 HASH function


Introduction

Course Logistic

Week 1 ( 21st May to 25th May)

BlockchainWeek 2 ( 28st May to 1st June)

Software SecurityAttendance: Compulsory

Passing this course requires satisfactory number of classes to beattended

Quiz:1 on 1st JuneWould have questions from both the sectionDuration: About 30 minsMandatory to pass the quiz

AssignmentWould not be gradedjust for practice


Introduction

Course Logistic

Week 1 ( 21st May to 25th May)Blockchain

Week 2 ( 28st May to 1st June)Software Security

Attendance: CompulsoryPassing this course requires satisfactory number of classes to beattended




Introduction

Course Logistic


Week 2 ( 28st May to 1st June)

Software SecurityAttendance: Compulsory





Introduction

Course Logistic







Introduction

Course Logistic



Attendance: Compulsory





Introduction

Course Logistic







Introduction

Course Logistic




Quiz:

1 on 1st JuneWould have questions from both the sectionDuration: About 30 minsMandatory to pass the quiz



Introduction

Course Logistic




Quiz:1 on 1st June

Would have questions from both the sectionDuration: About 30 minsMandatory to pass the quiz



Introduction

Course Logistic




Quiz:1 on 1st JuneWould have questions from both the section

Duration: About 30 minsMandatory to pass the quiz



Introduction

Course Logistic




Quiz:1 on 1st JuneWould have questions from both the sectionDuration: About 30 mins

Mandatory to pass the quizAssignment

Would not be gradedjust for practice


Introduction

Course Logistic







Introduction

Course Logistic





Assignment

Would not be gradedjust for practice


Introduction

Course Logistic





AssignmentWould not be graded

just for practice


Introduction

Course Logistic







Introduction

Course Logistic







Introduction

Blockchain

RSA, SHA and Digital SignaturesIntroduction to Cryptocurrency and BitcoinIntroduction to Ethereum and MistHands on Mist and GethByzantine General Problem


Introduction

Blockchain

RSA, SHA and Digital Signatures

Introduction to Cryptocurrency and BitcoinIntroduction to Ethereum and MistHands on Mist and GethByzantine General Problem


Introduction

Blockchain

RSA, SHA and Digital SignaturesIntroduction to Cryptocurrency and Bitcoin

Introduction to Ethereum and MistHands on Mist and GethByzantine General Problem


Introduction

Blockchain

RSA, SHA and Digital SignaturesIntroduction to Cryptocurrency and BitcoinIntroduction to Ethereum and Mist

Hands on Mist and GethByzantine General Problem


Introduction

Blockchain

RSA, SHA and Digital SignaturesIntroduction to Cryptocurrency and BitcoinIntroduction to Ethereum and MistHands on Mist and Geth

Byzantine General Problem


Introduction

Blockchain



Introduction

Blockchain



Cryptography

Outline

1 Introduction

2 Cryptography

3 RSA

4 HASH function


Cryptography

Cryptography

Figure:Ras Dwivedi (IIT Kanpur) Introduction to Blockchain May 21, 2018 7 / 23

Cryptography

Cesar Cipher

Figure: Cesar Cipher!!

RAS − > UDVRas Dwivedi (IIT Kanpur) Introduction to Blockchain May 21, 2018 8 / 23

Cryptography

Symmetric key Cryptography


Cryptography

Public key cryptography


RSA

Outline

1 Introduction

2 Cryptography

3 RSA

4 HASH function


RSA

Factoring is hard

6 = 2× 3Convince yourself that factoring is hard!!100 = 10× 10 = 2× 2× 5× 5299 = 13× 23437 = 19× 23589 = 19× 31So how to use it?


RSA

Factoring is hard

6 = 2× 3

Convince yourself that factoring is hard!!100 = 10× 10 = 2× 2× 5× 5299 = 13× 23437 = 19× 23589 = 19× 31So how to use it?


RSA

Factoring is hard

6 = 2× 3Convince yourself that factoring is hard!!

100 = 10× 10 = 2× 2× 5× 5299 = 13× 23437 = 19× 23589 = 19× 31So how to use it?


RSA

Factoring is hard

6 = 2× 3Convince yourself that factoring is hard!!100 =

10× 10 = 2× 2× 5× 5299 = 13× 23437 = 19× 23589 = 19× 31So how to use it?


RSA

Factoring is hard

6 = 2× 3Convince yourself that factoring is hard!!100 = 10× 10 = 2× 2× 5× 5

299 = 13× 23437 = 19× 23589 = 19× 31So how to use it?


RSA

Factoring is hard

6 = 2× 3Convince yourself that factoring is hard!!100 = 10× 10 = 2× 2× 5× 5299 =

13× 23437 = 19× 23589 = 19× 31So how to use it?


RSA

Factoring is hard

6 = 2× 3Convince yourself that factoring is hard!!100 = 10× 10 = 2× 2× 5× 5299 = 13× 23

437 = 19× 23589 = 19× 31So how to use it?


RSA

Factoring is hard

6 = 2× 3Convince yourself that factoring is hard!!100 = 10× 10 = 2× 2× 5× 5299 = 13× 23437 =

19× 23589 = 19× 31So how to use it?


RSA

Factoring is hard

6 = 2× 3Convince yourself that factoring is hard!!100 = 10× 10 = 2× 2× 5× 5299 = 13× 23437 = 19× 23

589 = 19× 31So how to use it?


RSA

Factoring is hard

6 = 2× 3Convince yourself that factoring is hard!!100 = 10× 10 = 2× 2× 5× 5299 = 13× 23437 = 19× 23589 = 19× 31So how to use it?


RSA

Fermat’s little theorem

ap−1 = 1 modulo p

p is primeExample24 %5 = 16%5 = 1410 %11= 1048576%11 = 1


RSA


ap−1 = 1 modulo pp is prime

Example24 %5 = 16%5 = 1410 %11= 1048576%11 = 1


RSA


ap−1 = 1 modulo pp is primeExample24 %5 =

16%5 = 1410 %11= 1048576%11 = 1


RSA


ap−1 = 1 modulo pp is primeExample24 %5 = 16%5 = 1

410 %11= 1048576%11 = 1


RSA


ap−1 = 1 modulo pp is primeExample24 %5 = 16%5 = 1410 %11

= 1048576%11 = 1


RSA


ap−1 = 1 modulo pp is primeExample24 %5 = 16%5 = 1410 %11= 1048576%11 = 1


RSA

RSA

proposed by Rivest,Shamir,Adlemanchoose two large distinct prime number p, qcalculate n = pqcalculate φ = lcm(p − 1, q − 1)choose e such that gcd(e, φ) = 1calculate d such that d = e−1modφ −→ e × d = 1 mod φ

Idea: me×d = med = m modulo nencryption: c = me mod ndecryption: p = cd mod n


RSA

RSA

proposed by Rivest,Shamir,Adleman

choose two large distinct prime number p, qcalculate n = pqcalculate φ = lcm(p − 1, q − 1)choose e such that gcd(e, φ) = 1calculate d such that d = e−1modφ −→ e × d = 1 mod φ



RSA

RSA

proposed by Rivest,Shamir,Adlemanchoose two large distinct prime number p, q

calculate n = pqcalculate φ = lcm(p − 1, q − 1)choose e such that gcd(e, φ) = 1calculate d such that d = e−1modφ −→ e × d = 1 mod φ



RSA

RSA

proposed by Rivest,Shamir,Adlemanchoose two large distinct prime number p, qcalculate n = pq

calculate φ = lcm(p − 1, q − 1)choose e such that gcd(e, φ) = 1calculate d such that d = e−1modφ −→ e × d = 1 mod φ



RSA

RSA

proposed by Rivest,Shamir,Adlemanchoose two large distinct prime number p, qcalculate n = pqcalculate φ = lcm(p − 1, q − 1)

choose e such that gcd(e, φ) = 1calculate d such that d = e−1modφ −→ e × d = 1 mod φ



RSA

RSA

proposed by Rivest,Shamir,Adlemanchoose two large distinct prime number p, qcalculate n = pqcalculate φ = lcm(p − 1, q − 1)choose e such that gcd(e, φ) = 1

calculate d such that d = e−1modφ −→ e × d = 1 mod φ



RSA

RSA

proposed by Rivest,Shamir,Adlemanchoose two large distinct prime number p, qcalculate n = pqcalculate φ = lcm(p − 1, q − 1)choose e such that gcd(e, φ) = 1calculate d such that d = e−1modφ

−→ e × d = 1 mod φ



RSA

RSA




RSA

RSA


Idea: me×d = med = m modulo n

encryption: c = me mod ndecryption: p = cd mod n


RSA

RSA


Idea: me×d = med = m modulo nencryption: c = me mod n

decryption: p = cd mod n


RSA

RSA




RSA

RSA




RSA

RSA: Example

p = 5,

q = 7 p × q = 35p − 1 = 4 , q − 1 = 6 , φ = 24Oops! φ = 12, but 24 would still worke = 11 ,d = 11e × d = 12124× 5 = 120

121% 24 =1m = 2c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2


RSA

RSA: Example

p = 5, q = 7

p × q = 35p − 1 = 4 , q − 1 = 6 , φ = 24Oops! φ = 12, but 24 would still worke = 11 ,d = 11e × d = 12124× 5 = 120



RSA

RSA: Example

p = 5, q = 7 p × q = 35

p − 1 = 4 , q − 1 = 6 , φ = 24Oops! φ = 12, but 24 would still worke = 11 ,d = 11e × d = 12124× 5 = 120



RSA

RSA: Example

p = 5, q = 7 p × q = 35p − 1 = 4

, q − 1 = 6 , φ = 24Oops! φ = 12, but 24 would still worke = 11 ,d = 11e × d = 12124× 5 = 120



RSA

RSA: Example

p = 5, q = 7 p × q = 35p − 1 = 4 , q − 1 = 6

, φ = 24Oops! φ = 12, but 24 would still worke = 11 ,d = 11e × d = 12124× 5 = 120



RSA

RSA: Example

p = 5, q = 7 p × q = 35p − 1 = 4 , q − 1 = 6 , φ = 24

Oops! φ = 12, but 24 would still worke = 11 ,d = 11e × d = 12124× 5 = 120



RSA

RSA: Example

p = 5, q = 7 p × q = 35p − 1 = 4 , q − 1 = 6 , φ = 24Oops! φ = 12, but 24 would still worke = 11

,d = 11e × d = 12124× 5 = 120



RSA

RSA: Example

p = 5, q = 7 p × q = 35p − 1 = 4 , q − 1 = 6 , φ = 24Oops! φ = 12, but 24 would still worke = 11 ,d =

11e × d = 12124× 5 = 120



RSA

RSA: Example

p = 5, q = 7 p × q = 35p − 1 = 4 , q − 1 = 6 , φ = 24Oops! φ = 12, but 24 would still worke = 11 ,d = 11e × d = 121

24× 5 = 120121% 24 =1m = 2c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2


RSA

RSA: Example

p = 5, q = 7 p × q = 35p − 1 = 4 , q − 1 = 6 , φ = 24Oops! φ = 12, but 24 would still worke = 11 ,d = 11e × d = 121

24× 5 = 120121% 24 =1m = 2c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2


RSA

RSA: Example

p = 5, q = 7 p × q = 35p − 1 = 4 , q − 1 = 6 , φ = 24Oops! φ = 12, but 24 would still worke = 11 ,d = 11e × d = 12124× 5 = 120

121% 24 =1

m = 2c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2


RSA

RSA: Example


121% 24 =1m = 2

c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2


RSA

RSA: Example


121% 24 =1m = 2c = me mod n

= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2


RSA

RSA: Example


121% 24 =1m = 2c = me mod n= 211 mod 35c = 2048 mod 35

; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2


RSA

RSA: Example


121% 24 =1m = 2c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18

(35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2


RSA

RSA: Example


121% 24 =1m = 2c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11

, c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2


RSA

RSA: Example


121% 24 =1m = 2c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18

m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2


RSA

RSA: Example


121% 24 =1m = 2c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod n

m = 1811 mod 35= 64268410079232%35m = 2


RSA

RSA: Example


121% 24 =1m = 2c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35

m = 2


RSA

RSA: Example


121% 24 =1m = 2c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2Ras Dwivedi (IIT Kanpur) Introduction to Blockchain May 21, 2018 15 / 23

RSA

RSA: Example


121% 24 =1m = 2c = me mod n= 211 mod 35c = 2048 mod 35 ; c = 18 (35× 58 = 2030)Decryptiond = 11 , c = 18m = cd mod nm = 1811 mod 35= 64268410079232%35m = 2Ras Dwivedi (IIT Kanpur) Introduction to Blockchain May 21, 2018 15 / 23

RSA

RSA: Example

p = 7,

q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15


RSA

RSA: Example

p = 7, q = 13

p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15


RSA

RSA: Example

p = 7, q = 13 p × q = 91

p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15


RSA

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6

, q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15


RSA

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12

, φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15


RSA

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5

,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15


RSA

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d =

2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15


RSA

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 29

72× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15


RSA

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1

m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15


RSA

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15

c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15


RSA

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n

= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15


RSA

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91

; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15


RSA

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71

Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15


RSA

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47

, c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15


RSA

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71

m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15


RSA

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod n

m = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15


RSA

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91

m = 15


RSA

RSA: Example

p = 7, q = 13 p × q = 91p − 1 = 6 , q − 1 = 12 , φ = 72Oops! φ = 12, but 72 would still worke = 5 ,d = 2972× 2 = 1445× 29 = 145(145)%72 == 1m = 15 c = me mod n= 155 mod 91c = 759375 mod 91 ; c = 71 Decryptiond = 47 , c = 71m = cd mod nm = 7129 mod 91=485838707624806667708811381704053376792688975925323431%91m = 15


RSA

Digital signature Attempt 1

AIM: Convince everybody that Alice have signed the document

nobody should be able to forge the documentsimple pasting a copy of signature do not workIDEA: USE RSAfor document m Alice uses s = md as her digital signature. To verify,verifier calculates se and if m = se mod n, signature is genuined is called Alice’s secret key and e is called Alice’s Public key


RSA


AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the document

simple pasting a copy of signature do not workIDEA: USE RSAfor document m Alice uses s = md as her digital signature. To verify,verifier calculates se and if m = se mod n, signature is genuined is called Alice’s secret key and e is called Alice’s Public key


RSA


AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the documentsimple pasting a copy of signature do not work

IDEA: USE RSAfor document m Alice uses s = md as her digital signature. To verify,verifier calculates se and if m = se mod n, signature is genuined is called Alice’s secret key and e is called Alice’s Public key


RSA


AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the documentsimple pasting a copy of signature do not workIDEA: USE RSA

for document m Alice uses s = md as her digital signature. To verify,verifier calculates se and if m = se mod n, signature is genuined is called Alice’s secret key and e is called Alice’s Public key


RSA


AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the documentsimple pasting a copy of signature do not workIDEA: USE RSAfor document m Alice uses s = md as her digital signature. To verify,verifier calculates se and if m = se mod n, signature is genuine

d is called Alice’s secret key and e is called Alice’s Public key


RSA


AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the documentsimple pasting a copy of signature do not workIDEA: USE RSAfor document m Alice uses s = md as her digital signature. To verify,verifier calculates se and if m = se mod n, signature is genuined is called Alice’s secret key and e is called Alice’s Public key


RSA


AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the documentsimple pasting a copy of signature do not workIDEA: USE RSAfor document m Alice uses s = md as her digital signature. To verify,verifier calculates se and if m = se mod n, signature is genuined is called Alice’s secret key and e is called Alice’s Public key


RSA

Is the Scheme secure?

No!given (n, e) private key of Alice cannot be calculatedgiven document m, s = md could not be guessed.Problem: forging given m1,m2 as two document, and s1, s2 as theirdigital signature, one can find the valid signature of m1.m2 as s1.s2

Also the length of the signature is proportional to the size of thedocumentslow

What could we do now?


RSA


No!

given (n, e) private key of Alice cannot be calculatedgiven document m, s = md could not be guessed.Problem: forging given m1,m2 as two document, and s1, s2 as theirdigital signature, one can find the valid signature of m1.m2 as s1.s2




RSA


No!given (n, e) private key of Alice cannot be calculated

given document m, s = md could not be guessed.Problem: forging given m1,m2 as two document, and s1, s2 as theirdigital signature, one can find the valid signature of m1.m2 as s1.s2




RSA


No!given (n, e) private key of Alice cannot be calculatedgiven document m, s = md could not be guessed.

Problem: forging given m1,m2 as two document, and s1, s2 as theirdigital signature, one can find the valid signature of m1.m2 as s1.s2




RSA






RSA



Also the length of the signature is proportional to the size of thedocument

slowWhat could we do now?


RSA






RSA






HASH function

Outline

1 Introduction

2 Cryptography

3 RSA

4 HASH function


HASH function

SHA: Secure Hash Functions

An Ideal Hash function is one which has following propertiesgiven f (x) it is impossible to guess x

given x1 its is impossible to find x2 such that f (x1) = f (x2)it is impossible to find x1, x2, such that x1 6= x2 and f (x1) = f (x2)

Lets understand by example


HASH function


An Ideal Hash function is one which has following propertiesgiven f (x) it is impossible to guess xgiven x1 its is impossible to find x2 such that f (x1) = f (x2)

it is impossible to find x1, x2, such that x1 6= x2 and f (x1) = f (x2)Lets understand by example


HASH function


An Ideal Hash function is one which has following propertiesgiven f (x) it is impossible to guess xgiven x1 its is impossible to find x2 such that f (x1) = f (x2)it is impossible to find x1, x2, such that x1 6= x2 and f (x1) = f (x2)



HASH function





HASH function

Example: Hash Function

Suppose I can see Future. So I can foretell score of tomorrow’s IPL’smatch.

But If I tell score before, you can always change it and prove mewrong. I publish Hash of tomorrow’s score as: ”a34728bfed78dc89...”

can you tell what score I had in Mind?can I later change the score I thought before?can I purposely find hash such that two score are possible for thathash ?


HASH function


Suppose I can see Future. So I can foretell score of tomorrow’s IPL’smatch. But If I tell score before, you can always change it and prove mewrong.

I publish Hash of tomorrow’s score as: ”a34728bfed78dc89...”can you tell what score I had in Mind?can I later change the score I thought before?can I purposely find hash such that two score are possible for thathash ?


HASH function


Suppose I can see Future. So I can foretell score of tomorrow’s IPL’smatch. But If I tell score before, you can always change it and prove mewrong. I publish Hash of tomorrow’s score as: ”a34728bfed78dc89...”



HASH function



can you tell what score I had in Mind?

can I later change the score I thought before?can I purposely find hash such that two score are possible for thathash ?


HASH function



can you tell what score I had in Mind?can I later change the score I thought before?

can I purposely find hash such that two score are possible for thathash ?


HASH function





HASH function





HASH function



Difference between 2nd and 3rd condition?


HASH function



Difference between 2nd and 3rd condition?


HASH function

Merkle Demgrad Construction

Need of Padding message m?

m is prefix of PAD(m)if |m1| = |m2| then |PAD(m1)| = |PAD(m2)|if |m1| 6= |m2| then the last block of PAD(m1) 6= PAD(m2)


HASH function


Need of Padding message m?m is prefix of PAD(m)

if |m1| = |m2| then |PAD(m1)| = |PAD(m2)|if |m1| 6= |m2| then the last block of PAD(m1) 6= PAD(m2)


HASH function


Need of Padding message m?m is prefix of PAD(m)if |m1| = |m2| then |PAD(m1)| = |PAD(m2)|

if |m1| 6= |m2| then the last block of PAD(m1) 6= PAD(m2)


HASH function


Need of Padding message m?m is prefix of PAD(m)if |m1| = |m2| then |PAD(m1)| = |PAD(m2)|if |m1| 6= |m2| then the last block of PAD(m1) 6= PAD(m2)


HASH function


Need of Padding message m?m is prefix of PAD(m)if |m1| = |m2| then |PAD(m1)| = |PAD(m2)|if |m1| 6= |m2| then the last block of PAD(m1) 6= PAD(m2)


Documents

Introduction to Blockchain - Lecture 1: RSA, SHA and ... · Week 2 ( 28st May to 1st June) Software Security Attendance: Compulsory Passing this course requires satisfactory number