A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 # Public/Private Keys = 2 n.

AA

EE DD

CC

BB

# Symmetric Keys = n*(n-1)/2

# Public/Private Keys = 2n

RSA

• Chose two random large prime numbers p & q (of equal length is best)

• Compute their product n = pq

• Randomly choose an encryption key e :e and (p-1)(q-1) are relatively prime (gcd=1)

• Calculate the decryption key d :d = e-1 mod ((p-1)(q-1))

2

RSA encryption

Split up the message into blocks less than n

ci = mie mod n

Decryption is similar

di = cid mod n

3

RSA Example

p=47 , q=71, n=pq=3337

Choose e : no factors common with (p-1)(q-1) = 46*70 = 3220

Randomly choose e to be 79

Then d=79-1 mod 3220 = 1019

4

RSA Example (cont)

• Encrypt m=6882326879666683• Break it up into blocks688 232 687 966 668 003 m1 m2 m3 m4 m5 m6

• Encrypt:68879 mod 3337 = 1570 = c1

• Decrypt:15701019 mod 3337 = 688 = m1

5

Symmetric Key Signatures1 Alice uses kA to encrypt the document going to Bob and sends it to Trent

2 Trent decrypts the document with kA

3 Trent appends a statement that he received it from Alice

4 Trent encrypts the bundle with kB

5 Trent sends the encrypted bundle to Bob

6 Bob decrypts the bundle with kB , and can read the message and Trent’s certification

6

Public Key Signatures

7

1 Alice encrypts the document with her private key2 Alice sends the encrypted (signed) document to Bob3 Bob decrypts the document with Alice’s public key

Cryptographic Hashes

8

Public Key Signature w/ Timestamp

9

1 Alice adds a timestamp to the document2 Alice encrypts the document with her private key3 Alice sends the encrypted (signed) document to Bob4 Bob takes the check to the bank5 Bank decrypts the document with Alice’s public key6 Bank stores the check information and the timestamp in a database7 If Bob tries to deposit the check again, its information will match the database

Multiple Signatures

10

1 Alice signs a hash of the document2 Bob signs a hash of the document3 Bob sends his signature to Alice4 Alice sends the document, her signature, and Bob’s signature to Carol5 Carol can verify both signatures

Digital Signatures and Encryption

11

1 Alice signs the message with her private key2 Alice encrypts the signed message with Bob’s public key and sends it to Bob3 Bob decrypts the message with his private key4 Bob verifies with Alice’s public key and recovers the message

Digital Signatures and Encryptiontypical notation

12

Alice Bob

SA (M)

EB (SA (M) )

DB (EB (SA (M))) = SA(M)

VA (SA (M)) = M

Needham-Schroeder Protocol

13

MITM Attack on N-S

14

The Fix

15

16

SSL

17

18

Xkcd http://xkcd.com/221/

Netscape 1.1 Seeding Process

19

RNG_CreateContext() {

(seconds, microseconds) = time of day; /* Time elapsed since 1970 */

pid = process ID; ppid = parent process ID;

a = mklcpr(microseconds);

b = mklcpr(pid + seconds + (ppid << 12));

seed = MD5(a, b); /* seed is a global variable */}

mklcpr(x) { /* not cryptographically significant; shown for completeness */ return ((0xDEECE66D * x + 0x2BBB62DC) >> 1);}

From Goldberg and Wagner, “Randomness and the Netscape Browser”, Dr. Dobb’s, January 1996.

Netscape 1.1 Key Generation

20

From Goldberg and Wagner, “Randomness and the Netscape Browser”, Dr. Dobb’s, January 1996.

RNG_GenerateRandomBytes() {x = MD5(seed);seed = seed + 1;return x;

}global variable challenge, secret_key;create_key() {

RNG_CreateContext();tmp = RNG_GenerateRandomBytes();tmp = RNG_GenerateRandomBytes();challenge = RNG_GenerateRandomBytes();secret_key = RNG_GenerateRandomBytes();

}

Jone’s RNG Rules

1. Don’t use system generators

2. Use a known good RNG you implemented

3. Properly seed the RNG

21

KISS Generator (G. Marsaglia)static unsigned int /* Seed variables */

x = 123456789,y = 362436000,z = 521288629,c = 7654321;

unsigned int KISS()

{ unsigned long long t, a = 698769069ULL;

x = 69069*x+12345; // y never == 0! */ y ^= (y<<13); y ^= (y>>17); y ^= (y<<5); t = a*z+c; c = (t>>32); // Also avoid setting z=c=0!

return x+y+(z=t); }

22