Introduction to cryptography for authentication and identification systems --- FIT3105 --- Lecture 2 & 3.

Introduction to cryptography Introduction to cryptography for authentication and for authentication and identification systemsidentification systems

--- FIT3105 ------ FIT3105 ---

Lecture 2 & 3Lecture 2 & 3

FIT3105 - Security and Identity MFIT3105 - Security and Identity Managementanagement

22

OutlineOutline Why study crypto-based authentication and Why study crypto-based authentication and

identification systemsidentification systems? ? The importance of cryptography for The importance of cryptography for

authentication and identificationauthentication and identification The importance of light and secure ciphers for The importance of light and secure ciphers for

portable devices. E.g; smart cardsportable devices. E.g; smart cards Introduction to private key cryptographyIntroduction to private key cryptography Introduction to public key cryptographyIntroduction to public key cryptography Introduction to one-way hash functionsIntroduction to one-way hash functions Introduction to digital signaturesIntroduction to digital signatures


33

Some referencesSome references

http://www.rsa.com/http://www.rsa.com/ (RSA website) (RSA website) http://www.certicom.com/index.php?action=rhttp://www.certicom.com/index.php?action=r

es,ecc_faqes,ecc_faq (good introduction papers) (good introduction papers)

http://cnscenter.future.co.kr/crypto/algorithmhttp://cnscenter.future.co.kr/crypto/algorithm/ecc.html/ecc.html (more materials) (more materials)

http://www.cs.mdx.ac.uk/staffpages/m_chenhttp://www.cs.mdx.ac.uk/staffpages/m_cheng/link/ecc_simple.pdfg/link/ecc_simple.pdf (good introduction for students with strong (good introduction for students with strong maths background)maths background)

(You can find many more from the Web)(You can find many more from the Web)

http://www.rsa.com/

http://www.certicom.com/index.php?action=res,ecc_faq

http://www.certicom.com/index.php?action=res,ecc_faq

http://cnscenter.future.co.kr/crypto/algorithm/ecc.html

http://cnscenter.future.co.kr/crypto/algorithm/ecc.html

http://www.cs.mdx.ac.uk/staffpages/m_cheng/link/ecc_simple.pdf

http://www.cs.mdx.ac.uk/staffpages/m_cheng/link/ecc_simple.pdf


44

The importance of cryptography for The importance of cryptography for authentication and identificationauthentication and identification

If we can generate a unique key for each If we can generate a unique key for each entity (a person, an object, etc) universally, entity (a person, an object, etc) universally, thenthen– An entity can be identified by its key (one single An entity can be identified by its key (one single

key or hash value)key or hash value)– An entity can be identified by a pair of key (one An entity can be identified by a pair of key (one

private key and one public key).private key and one public key).– An entity can be identified by a digital signature.An entity can be identified by a digital signature.


55

The importance of light and secure ciphers for The importance of light and secure ciphers for small and portable devicessmall and portable devices

For some applications, the size of the key For some applications, the size of the key and the encrypt/decrypt algorithms are the and the encrypt/decrypt algorithms are the critical factorcritical factor– Smart cards require to work with Smart cards require to work with

encrypt/decrypt algorithms, so wee need light encrypt/decrypt algorithms, so wee need light and good ciphers.and good ciphers.

– A portable device may be used to store many A portable device may be used to store many different keys to identify an entity. different keys to identify an entity.

– Keys are stored together with other information Keys are stored together with other information to identify an entity. to identify an entity.


66

Why study crypto: the basic problemWhy study crypto: the basic problem

We consider the We consider the confidentialityconfidentiality goal: goal:– Alice and Bob are FriendsAlice and Bob are Friends– Marvin is a rivalMarvin is a rival– Alice wants to send secret messages (MAlice wants to send secret messages (M11,M,M22,…) to Bob ,…) to Bob

over the Internetover the Internet– Rival Marvin wants to read the messages (MRival Marvin wants to read the messages (M11,M,M22,…) - Alice ,…) - Alice

and Bob want to prevent this! and Bob want to prevent this! – Assumption:Assumption: The network is OPEN: Marvin is able to The network is OPEN: Marvin is able to

eavesdrop and read all data sent from Alice to Bob.eavesdrop and read all data sent from Alice to Bob.– Consequence:Consequence: Alice must not send messages (M Alice must not send messages (M11,M,M22,…) ,…)

directly – they must be “scrambled” or directly – they must be “scrambled” or encryptedencrypted using a using a ‘secret code’ unknown to Marvin but known to Bob.‘secret code’ unknown to Marvin but known to Bob.


77

CryptographyCryptography

plaintext (data file or messages)

encryption

ciphertext (stored or transmitted safely)

decryption

plaintext (original data or messages)


88

ED

Message(cleartext, plaintext)

Encrypted message(ciphertext)

Encrypted message(ciphertext)

Encryption

Decryption

key

AliceBob

Private key cipherPrivate key cipher

Message(cleartext,plaintext

)


99

Basic termsBasic terms Cryptology (to be very precise)Cryptology (to be very precise)

– Cryptography --- code designingCryptography --- code designing– Cryptanalysis --- code breakingCryptanalysis --- code breaking

Cryptologist: Cryptologist: – Cryptographer & cryptanalystCryptographer & cryptanalyst

Encryption/enciphermentEncryption/encipherment– Scrambling data into unintelligible to unauthorised Scrambling data into unintelligible to unauthorised

partiesparties Decryption/deciphermentDecryption/decipherment

– Un-scramblingUn-scrambling


1010

Types of ciphersTypes of ciphers Private key cryptosystems/ciphersPrivate key cryptosystems/ciphers

– The secret key is shared between two partiesThe secret key is shared between two parties

Public key cryptosystems/ciphersPublic key cryptosystems/ciphers– The secret key is not shared and two parties The secret key is not shared and two parties

can still communicate using their public keyscan still communicate using their public keys


1111

Examples of “Messages”Examples of “Messages”

Types of secret “Messages” Alice might Types of secret “Messages” Alice might want to send Bob (in increasing length):want to send Bob (in increasing length):– Decision (yes/no),Decision (yes/no), eg. as answer to the question eg. as answer to the question

“Are we meeting tomorrow?”“Are we meeting tomorrow?”– Numerical ValueNumerical Value, eg. as answer to the question , eg. as answer to the question

“at what hour are we meeting?”“at what hour are we meeting?”– DocumentDocument– SoftwareSoftware, , – ImagesImages etc. etc.


1212

ConceptsConcepts A private key cipher is composed of two A private key cipher is composed of two

algorithmsalgorithms– encryption algorithm Eencryption algorithm E– decryption algorithm Ddecryption algorithm D

The same key K is used for encryption & The same key K is used for encryption & decryptiondecryption

K has to be distributed beforehandK has to be distributed beforehand


1313

NotationsNotations Encrypt a plaintext P using a key K & an Encrypt a plaintext P using a key K & an

encryption algorithm Eencryption algorithm EC = E(K,P)C = E(K,P)

Decrypt a ciphertext C using the same key Decrypt a ciphertext C using the same key K and the matching decryption algorithm DK and the matching decryption algorithm D

P = D(K,C)P = D(K,C)

Note: P = D(K,C) = D(K, E(K,P))Note: P = D(K,C) = D(K, E(K,P))


1414

The Caesar cipher (e.g)The Caesar cipher (e.g) The Caesar cipher is a substitution cipher, The Caesar cipher is a substitution cipher,

named after Julius Caesar.named after Julius Caesar. Operation principle:Operation principle:

each letter is translated into the letter each letter is translated into the letter a a fixed number of positionsfixed number of positions after it in the after it in the alphabet table.alphabet table.

The fixed number of positions is a key both The fixed number of positions is a key both for encryption and decryption.for encryption and decryption.


1515

The Caesar cipher (cnt’d)The Caesar cipher (cnt’d)K=3

Inner: ciphertext

Outer: plaintext


1616

An exampleAn example For a key K=3,For a key K=3,

plaintext letter:plaintext letter: ABCDEF...UVWXYZABCDEF...UVWXYZciphtertext letter: ciphtertext letter: DEF...UVWXYZABCDEF...UVWXYZABC

HenceHenceTREATY IMPOSSIBLETREATY IMPOSSIBLE

is translated intois translated intoWUHDWB LPSRVVLEOHWUHDWB LPSRVVLEOH


1717

Breaking classic ciphersBreaking classic ciphers With the help of fast computers, 99.99% With the help of fast computers, 99.99%

ciphers used before 1976 are breakable by ciphers used before 1976 are breakable by using one of the 4 types of attacks using one of the 4 types of attacks (described later).(described later).

Modern cluster computers and future Modern cluster computers and future quantum computers can break several quantum computers can break several existing ciphers due to the power of such existing ciphers due to the power of such computers.computers.


1818

Breaking the Caesar cipherBreaking the Caesar cipher By trial-and errorBy trial-and error By using statistics on lettersBy using statistics on letters

– frequency distributions of lettersfrequency distributions of lettersletterletter percentpercentAA 7.49%7.49%BB 1.29%1.29%CC 3.54%3.54%DD 3.62%3.62%EE 14.00%14.00%....................................................................


1919

Toy example of private keyToy example of private key Assume that a message is broken into 64-bit blocks and each 64-bit block Assume that a message is broken into 64-bit blocks and each 64-bit block

of plaintext is encrypted separately:of plaintext is encrypted separately: Key space are combinations of numerical digits – max: 7 digits- Key space are combinations of numerical digits – max: 7 digits-

– (eg: key = [1]; or key = [1,3], or key = [1,4,2]).(eg: key = [1]; or key = [1,3], or key = [1,4,2]). Assume that all 8 bits of a byte is used and key digits start from left to Assume that all 8 bits of a byte is used and key digits start from left to

right.right. Encryption: Each plaintext block is first shifted by the number of binary Encryption: Each plaintext block is first shifted by the number of binary

digits before the last non-zero digit of the key. It is then exclusive-ored with digits before the last non-zero digit of the key. It is then exclusive-ored with the key starting from the first byte of the block, repeatedly to the end of the the key starting from the first byte of the block, repeatedly to the end of the block (the key moves a distance of its size from left to right of the plaintext block (the key moves a distance of its size from left to right of the plaintext block).block).

Decryption: do the reverse of encryption: the cipher-text is exclusive-ored Decryption: do the reverse of encryption: the cipher-text is exclusive-ored and then shifted.and then shifted.

0 0 0=1 1 0=0 1 1=1 0 1= : : exclusive exclusive oror


2020

Using TPCUsing TPC

Use TPC to encrypt the plaintext “12345”, key Use TPC to encrypt the plaintext “12345”, key = [1,4,2]= [1,4,2]Use TPC to encrypt the plaintext “TREATY Use TPC to encrypt the plaintext “TREATY IMPOSSIBLE”; key = [4];IMPOSSIBLE”; key = [4];Use TPC to encrypt the plaintext “100 Use TPC to encrypt the plaintext “100 dollars”, key = [2,4];dollars”, key = [2,4];


2121

Principles of Private Key EncryptionPrinciples of Private Key Encryption

Devise cryptographic algorithms: Devise cryptographic algorithms: – a set of fast functions (E1, E2, E3, ..En) that when in turn a set of fast functions (E1, E2, E3, ..En) that when in turn

applied to an input (initial or intermediate input) will produce a applied to an input (initial or intermediate input) will produce a more potentially scrambled output.more potentially scrambled output.

– and a set of functions (D1,D2,D3, .. Dn) that when in turn and a set of functions (D1,D2,D3, .. Dn) that when in turn applied to the cipher text (final or intermediate) will produce applied to the cipher text (final or intermediate) will produce the original input text.the original input text.

Devise algorithms, tests and proofs to validate your Devise algorithms, tests and proofs to validate your cryptographic algorithmscryptographic algorithms– Analysing algorithms.Analysing algorithms.– Tests with powerful computers such as specialised, parallel, Tests with powerful computers such as specialised, parallel,

cluster, or quantum computers.cluster, or quantum computers.– Mathematical proofs.Mathematical proofs.


2222

Toy example of public key Toy example of public key cryptographycryptography

Definition: The multiplicative inverse of Definition: The multiplicative inverse of xx with modulo with modulo nn is is yy such that (such that (xx**yy) mod ) mod nn = 1 = 1

E.g:x=3; n=10, => y=7; since (3*7) mod 10 = 1 E.g:x=3; n=10, => y=7; since (3*7) mod 10 = 1

The above multiplicative inverse can be used to create a The above multiplicative inverse can be used to create a simple public key cipher: either simple public key cipher: either xx or or yy can be thought of as can be thought of as a secret key and the other is the public key. Let a secret key and the other is the public key. Let xx = 3, = 3, yy = = 7, 7, nn = 10, and M be the message: = 10, and M be the message:– M = 4 ;M = 4 ;

3*4 mod 10 = 2; (ciphertext) - encrypting 3*4 mod 10 = 2; (ciphertext) - encrypting 2*7 mod 10 = 4 = M ; (message) - decrypting2*7 mod 10 = 4 = M ; (message) - decrypting

– M =6 ; M =6 ; 3*6 mod 10 = 8; 3*6 mod 10 = 8; 8*7 mod 10 = 6 = M (message)8*7 mod 10 = 6 = M (message)


2323

Problems with private key Problems with private key ciphersciphers

In order for Alice & Bob to be able to In order for Alice & Bob to be able to communicate securely using a private key communicate securely using a private key cipher, such as DES, they have to have a cipher, such as DES, they have to have a shared key in the first place.shared key in the first place.– Question: Question:

What if they have never met before ?What if they have never met before ?

Alice needs to keep Alice needs to keep 100100 different keys if she different keys if she wishes to communicate with wishes to communicate with 100100 different different peoplepeople


2424

Motivation of Public Key Motivation of Public Key CryptographyCryptography

Is it possible for Alice & Bob, who have no Is it possible for Alice & Bob, who have no shared secret key, to communicate securely shared secret key, to communicate securely ??

This led to the SINGLE MOST IMPORTANT This led to the SINGLE MOST IMPORTANT discovery of public key communications: discovery of public key communications: – Diffie & Hellman’s ideas of public key Diffie & Hellman’s ideas of public key

cryptography: <private-key, public-key>cryptography: <private-key, public-key>


2525

Main ideasMain ideas Bob:Bob:

– publishes, say in Yellow/White pages, his publishes, say in Yellow/White pages, his public (for encryption) key, andpublic (for encryption) key, and encryption algorithm.encryption algorithm.

– keeps to himself keeps to himself the matching secret (for decryption) key.the matching secret (for decryption) key.


2626

Main ideas (2)Main ideas (2) Alice:Alice:

– Looks up the phone book, and finds out Bob’sLooks up the phone book, and finds out Bob’s public key, andpublic key, and encryption algorithm.encryption algorithm.

– Encrypts a message using Bob’s public key and Encrypts a message using Bob’s public key and encryption algorithm.encryption algorithm.

– sends the ciphertext to Bob.sends the ciphertext to Bob.


2727

Main ideas (3)Main ideas (3) Bob:Bob:

– Receives the ciphertext from AliceReceives the ciphertext from Alice– Decrypts the ciphertext using his secret key, Decrypts the ciphertext using his secret key,

together with the decryption algorithmtogether with the decryption algorithm


2828

Public Key CryptosystemPublic Key Cryptosystem

E Network

Plain Text Cipher Text Cipher Text

D

Plain Text

Alice

Bob

Bob:

Public Key Directory (Yellow/White Pages)

Secret Key


2929

Main differences with DESMain differences with DES The public key is different from the secret The public key is different from the secret

key.key. Infeasible for an attacker to find out the Infeasible for an attacker to find out the

secret key from the public key.secret key from the public key. No need for Alice & Bob to distribute a No need for Alice & Bob to distribute a

shared secret key beforehand !shared secret key beforehand ! Only one pair of public and secret keys is Only one pair of public and secret keys is

required for each user !required for each user !


3030

Realising public key ciphersRealising public key ciphers The most famous system that implements The most famous system that implements

Diffie & Hellman’s ideas on public key Diffie & Hellman’s ideas on public key ciphers is due tociphers is due to– Ronald Ronald RRivestivest– Adi Adi SShamirhamir– Leonard Leonard AAdlemandleman

This public key cryptosystem is callThis public key cryptosystem is calleded RSA. RSA.


3131

Mathematical backgroundMathematical backgroundAssume that we are working with non-negative Assume that we are working with non-negative

integers:integers:

Prime and composite numbersPrime and composite numbers– a prime number is an integer that can be divided only by 1 a prime number is an integer that can be divided only by 1

and itselfand itself E.g.E.g. 2,2, 3,3, 5,5, 7,7, 11,11,

13,13, 101, ......101, ......

– all other integers are compositeall other integers are composite E.g.E.g. 4,4, 6,6, 8,8, 9,9, 10,10,

12,12, 523743960876432,523743960876432, 800164386535800164386535


3232

Mathematical backgroundMathematical backgroundModular operationsModular operations ““remainder”remainder”

– 13 mod 5 = 3,13 mod 5 = 3, 1 mod 7 = 1 1 mod 7 = 1 – 20 mod 5 = 0,20 mod 5 = 0, 32 mod 7 = 4 32 mod 7 = 4

modular exponentiationmodular exponentiation– 2222 mod 3 = 1, mod 3 = 1, 3 322 mod 3 = 0 mod 3 = 0– 2222 mod 5 = 4, mod 5 = 4, 10 1022 mod 92 = 8 mod 92 = 8– 4466 mod 10 = 6, mod 10 = 6, 3 31111 mod 10 = 7 mod 10 = 7


3333

Mathematical backgroundMathematical background aa is relative prime to is relative prime to bb if the largest integer if the largest integer

that divides both that divides both aa & & bb is 1 is 1– E.g: E.g:

anyany m m (<>0) is relatively prime to a prime number (<>0) is relatively prime to a prime number is 9 relatively prime to 10?is 9 relatively prime to 10?


3434

Mathematical backgroundMathematical background Let Let øø((nn) denote the total numbers that are ) denote the total numbers that are less thanless than nn and and

relatively prime to relatively prime to nn– If If nn is a prime number then is a prime number then øø((nn) = ) = nn – 1– 1– If If pp, , qq are prime numbers and are prime numbers and nn==pp**qq, then , then

ØØ((nn) = ) = ØØ((pp**qq) =) = p p**qq – ( – (pp + + qq -1) = ( -1) = (pp-1)*(-1)*(qq-1) -1) - - pp & & qq are prime numbers => only multiples of are prime numbers => only multiples of pp and and q q are are

not relatively prime to p*qnot relatively prime to p*q- That is: there are (- That is: there are (pp + + qq – 1) multiples [0 is counted once] of – 1) multiples [0 is counted once] of

pp and and qq E.g: E.g: p p = 3; = 3; qq=7; {0, 3, 7, 6, 9, 12, 14, 15, 18} are not =7; {0, 3, 7, 6, 9, 12, 14, 15, 18} are not

relatively prime to relatively prime to pp**qq ØØ((nn) = ) = øø((pp**qq) = 12 ; {1,2,4,5,8,10,11,13,16,17,19,20}) = 12 ; {1,2,4,5,8,10,11,13,16,17,19,20}


3535

Mathematical backgroundMathematical background

yy & & nn are integers and are integers and yy (mod (mod øø((nn)) = 1, for )) = 1, for

any any xx < < nn, , xxyy mod mod n = x n = x (1)(1)

– E.g:E.g: y=13 ; n=7; x = 4; y=13 ; n=7; x = 4; øø((nn) = 6; ) = 6; y y mod mod øø((nn) = 13 mod 6 = 1; ) = 13 mod 6 = 1; xxyy = 4 = 413;13; xxyy mod mod nn = 4 = 41313 mod 6 = 4 = mod 6 = 4 = xx mod mod nn;;


3636

Mathematical backgroundMathematical background The multiplicative inverse of The multiplicative inverse of xx with modulo with modulo nn is is yy

such that: (such that: (xx**yy) mod ) mod nn = 1 = 1 (2).(2). The above multiplicative inverse can be used to The above multiplicative inverse can be used to

create a simple public key cipher: either create a simple public key cipher: either xx or or yy can can be thought of as a secret key and the other is the be thought of as a secret key and the other is the public key.public key.

E.g: E.g: xx=3; =3; nn=10; =10; yy=7; we have: (3*7) mod 10 = 1; =7; we have: (3*7) mod 10 = 1; – M =5 ; M =5 ;

3*5 (mod 10) = 5 ; 5*7 (mod 10) = 5 = M (message)3*5 (mod 10) = 5 ; 5*7 (mod 10) = 5 = M (message)– M =6 ; M =6 ;

3*6 (mod 10) = 8; 8*7 (mod 10) = 6 = M (message)3*6 (mod 10) = 8; 8*7 (mod 10) = 6 = M (message)


3737

RSA Public Key CryptosystemRSA Public Key Cryptosystem

c=m e mod n

Network

Plain Text Cipher Text Cipher Text Plain Text

Alice

Bob

Bob: (e, n)Public Key Directory (Yellow/White Pages)

public key:

e & n

secret key: d

m=c d mod n


3838

RSA (1)RSA (1) Bob:Bob:

– chooses 2 large prime numbers:chooses 2 large prime numbers: p, qp, qmultiplies p and q:multiplies p and q: n = p*qn = p*q

– finds out two numbers finds out two numbers ee & & dd such that such that ((e * de * d)) mod mod øø((nn) = 1 ) = 1 [ similar to[ similar to (2) (2) ]]

Or Or ((e * de * d)) mod mod [([(p-1p-1))**((q-1q-1)])] = 1 = 1

– public key (published in the phone book)public key (published in the phone book) 2 numbers:2 numbers: ((e, ne, n)) encryption alg:encryption alg: modular exponentiationmodular exponentiation

– secret key:secret key: ((d,nd,n))


3939

RSA (2)RSA (2) Alice has a message Alice has a message mm to be sent to Bob: to be sent to Bob:

– finds out Bob’s public encryption key finds out Bob’s public encryption key ((ee, , nn))

– calculatescalculatesmmee (mod n) -> c(mod n) -> c

– sends the ciphertext sends the ciphertext cc to Bob to Bob


4040

RSA (3)RSA (3) Bob:Bob:

– receives the ciphertext receives the ciphertext cc from Alice from Alice– uses his matching secret decryption key uses his matching secret decryption key dd to to

calculatecalculate c cdd (mod n) -> m(mod n) -> m


4141

RSA --- 1st small example (1)RSA --- 1st small example (1) Bob:Bob:

– chooses 2 primes:chooses 2 primes: p=5, q=11p=5, q=11multiplies p and q:multiplies p and q: n = p*q = 55n = p*q = 55

– finds out two numbers finds out two numbers e=3e=3 & & d=27d=27 which satisfy which satisfy((3 * 273 * 27)) mod 40 = 1 mod 40 = 1

– Bob’s public key Bob’s public key 2 numbers:2 numbers: ((3, 553, 55)) encryption alg:encryption alg: modular exponentiationmodular exponentiation

– secret key:secret key: ((27,5527,55))


4242

RSA --- 1st small example (2)RSA --- 1st small example (2) Alice has a message Alice has a message m=13m=13 to be sent to Bob: to be sent to Bob:

– finds out Bob’s public encryption key finds out Bob’s public encryption key ((3, 553, 55))

– calculates c:calculates c:c = mc = mee (mod n)(mod n) = 13 = 1333 (mod 55)(mod 55) = 2197 = 2197 (mod 55)(mod 55) = 52 = 52

– sends the ciphertext sends the ciphertext c=52c=52 to Bob to Bob


4343

RSA --- 1st small example (3)RSA --- 1st small example (3) Bob:Bob:

– receives the ciphertext receives the ciphertext c=52c=52 from Alice from Alice– uses his matching secret decryption key uses his matching secret decryption key 2727 to to

calculate m:calculate m:m = 52m = 522727 (mod 55)(mod 55) = 13 (Alice’s message) = 13 (Alice’s message)


4444

Elliptic curve cryptosystem (ECC)Elliptic curve cryptosystem (ECC)

Extract from my student’s Thesis – Markku N.M. PekkarinenKey Size Equivalence Against Best Known Attacks(Based on López and Dahab, 2000 and Fibíková, 2002)

30:130:151251215360153601536015360AES-256AES-256256256

20:120:13843847680768076807680AES-192AES-192192192

12:112:12562563072307230723072AES-128AES-128128128

9:19:12242242048204820482048Triple DESTriple DES112112

6:16:11601601024102410241024SKIPJACK22SKIPJACK228080

5:15:1112112512512512512--5656

Key size ratio Key size ratio of RSA to of RSA to

ECC (approx)ECC (approx)

ECC key size ECC key size for for

equivalent equivalent securitysecurity

((nn in bits) in bits)

RSA key size for RSA key size for equivalent equivalent securitysecurity

((nn in bits) in bits)

DLP key size DLP key size for for

equivalent equivalent securitysecurity

((pp in bits) in bits)

Example Example algorithmalgorithm

SymmetriSymmetric key sizec key size(in bits)(in bits)


4545

YearYear Number of Number of decimal decimal digitsdigits

NumbeNumber of r of bitsbits

MIPS MIPS YearsYears

Calendar Calendar Time to Time to SolutionSolution

Method (year Method (year method method

developed)developed)

19941994 129129 429429 50005000 8 months, 8 months, using 1600 using 1600 computerscomputers

Quadratic Sieve Quadratic Sieve (1984)(1984)

19951995 119119 395395 250250

19961996 130130 432432 750750 General General Number Field Number Field Sieve (1989)Sieve (1989)

19991999 140140 466466 20002000

19991999 155155 512512 80008000 3.7 months3.7 months General General Number Field Number Field Sieve (1989)Sieve (1989)

RSA and ECC challenges RSA and ECC challenges

Progress in Integer Factorisation (Certicom 1997)


4646

The Need of Digital SignatureThe Need of Digital Signature Social & business activities and their Social & business activities and their

associated documents are becoming digitalassociated documents are becoming digital– AuthenticationAuthentication– digital conferencesdigital conferences– digital contract signingdigital contract signing– digital cash payments, ......digital cash payments, ......

Hand-written signatures are not applicable Hand-written signatures are not applicable to digital datato digital data


4747

Digital Signature Digital Signature (based on RSA)(based on RSA)Public Key Directory (Yellow/White Pages)

Bob:

E

Network

Plain Text

Plain Text

Bob

Secret Key

+

Cathy

Signature

Accept if equal

D

Signature

?

Public Key


4848

Digital Signature Digital Signature (for short doc)(for short doc)

Public Key Directory (Yellow/White Pages)

Bob: (e, n)

Network

Plain Text

Plain Text

Bob

Secret Key d

+

Cathy

Signature

Accept if equal

Signature

?

Public Key (e, n)

s =md mod n t =se mod n


4949

RSA Signature --- an eg (1)RSA Signature --- an eg (1) Bob:Bob:

– chooses 2 primes:chooses 2 primes: p=5, q=11p=5, q=11multiplies p and q:multiplies p and q: n = p*q = 55n = p*q = 55

– finds out two numbers finds out two numbers e=3e=3 & & d=27d=27 which satisfy which satisfy((3 * 273 * 27)) mod 40 = 1 mod 40 = 1

– Bob’s public key Bob’s public key 2 numbers:2 numbers: ((3, 553, 55)) encryption alg:encryption alg: modular exponentiationmodular exponentiation

– secret key:secret key: ((27,55)27,55)


5050

RSA Signature --- an eg (2)RSA Signature --- an eg (2) Bob has a document Bob has a document m=19 m=19 to sign:to sign:

– uses his secret key uses his secret key d=27d=27 to calculate the digital to calculate the digital signature of signature of m=19m=19::

s = ms = mdd (mod n)(mod n) = 19 = 192727 (mod 55)(mod 55) = 24 = 24

– appends 24 to 19. Now appends 24 to 19. Now (m, s) = (19, 24) (m, s) = (19, 24) indicates that the doc is 19, and Bob’s signature indicates that the doc is 19, and Bob’s signature on the doc is 24.on the doc is 24.


5151

RSA Signature --- an eg. (3)RSA Signature --- an eg. (3) Cathy, a verifier:Cathy, a verifier:

– receives a pair receives a pair (m,s)=(19, 24)(m,s)=(19, 24)– looks up the phone book and finds out Bob’s public looks up the phone book and finds out Bob’s public

key key (e, n)=(3, 55)(e, n)=(3, 55)

– calculatescalculates t = st = see (mod n)(mod n) = 24 = 2433 (mod 55) (mod 55) = 19 = 19

– checks whether checks whether t=mt=m– confirms that (confirms that (19,2419,24) is a ) is a genuinely signed document genuinely signed document

of Bob of Bob if if t=mt=m..


5252

How about Long Documents ?How about Long Documents ? In the previous example, a document has to In the previous example, a document has to

be an integer in [1,...,n)be an integer in [1,...,n) To sign a very long document, we need a so To sign a very long document, we need a so

called called one-way hash algorithmone-way hash algorithm Instead of signing directly on a doc, we hash Instead of signing directly on a doc, we hash

the doc first, and sign the hashed data the doc first, and sign the hashed data which is normally short.which is normally short.


5353

One-Way Hash AlgorithmOne-Way Hash Algorithm A one-way hash algorithm hashes an input document A one-way hash algorithm hashes an input document

into a into a condensedcondensed short output (say of 100 bits) short output (say of 100 bits)– Denoting a one-way hash algorithm by H(.), we have:Denoting a one-way hash algorithm by H(.), we have:

Input: m - a binary string of any lengthInput: m - a binary string of any length Output: H(m) - a binary string of L bits, called the “hash of m Output: H(m) - a binary string of L bits, called the “hash of m

under H”.under H”. The output length parameter L is fixed for a given one-way The output length parameter L is fixed for a given one-way

hash function H, hash function H, egeg

– The one-way hash function “MD5” has L = 128 bitsThe one-way hash function “MD5” has L = 128 bits– The one-way hash function “SHA-1” has L = 160 bitsThe one-way hash function “SHA-1” has L = 160 bits


5454

One-Way Hash AlgorithmOne-Way Hash AlgorithmA document (of any length)

A condensed short output, say of 100 bits


5555

Properties of One-Way Hash AlgorithmProperties of One-Way Hash Algorithm

A good one-way hash algorithm H needs to have A good one-way hash algorithm H needs to have these propertiesthese properties::– 1. Easy to Evaluate:1. Easy to Evaluate:

The hashing algorithm should be fastThe hashing algorithm should be fast I.e. given any document m, the hashed value h = H(m) can be computed quickly.I.e. given any document m, the hashed value h = H(m) can be computed quickly.

– 2. Hard to Reverse:2. Hard to Reverse: There is no feasible algorithm to “reverse” a hashed value, There is no feasible algorithm to “reverse” a hashed value, I.e. given any hashed value h, it is computationally infeasible to find any I.e. given any hashed value h, it is computationally infeasible to find any

document m such that H(m) = h.document m such that H(m) = h.– NOTE: An algorithm is called NOTE: An algorithm is called ‘One-Way’‘One-Way’ if it has BOTH properties 1 and 2. if it has BOTH properties 1 and 2.

– 3. Hard to find Collisions:3. Hard to find Collisions: There is no feasible algorithm to find two or more input documents which are There is no feasible algorithm to find two or more input documents which are

hashed into the same condensed output, hashed into the same condensed output, I.e it is computationally infeasible to find any two documents mI.e it is computationally infeasible to find any two documents m11, m, m2 2 such that such that

H(mH(m11)= H(m)= H(m22).).


5656

The One-way PropertyThe One-way Property

Hash value h(length= L bits)

H

Document m

(any length)

This direction is easy to compute!

Hash value h(length= L bits)

H

Document m

(any length)

But this direction is infeasible to compute!


5757

Finding Collision is InfeasibleFinding Collision is Infeasible

(same condensed output)

I, Bob, will pay$1,000 to Alice.


H H

Document m1

Document m2


5858

Digital Signature Digital Signature (for long doc)(for long doc)Public Key Directory (Yellow/White Pages)

Bob:

Network

Plain Text

Plain Text

H

100 bits

Bob

Secret Key

+

H100 bits

Cathy

Signature

Accept if equal1-way hash

100 bits

Signature

?

Public Key


5959

Why Digital Signature ?Why Digital Signature ? UnforgeableUnforgeable

– takes 1 billion years to forge !takes 1 billion years to forge ! Un-deniable by the signatoryUn-deniable by the signatory Universally verifiableUniversally verifiable Differs from doc to docDiffers from doc to doc Easily implementable byEasily implementable by

– software orsoftware or– hardware orhardware or– software + hardwaresoftware + hardware


6060

Unforgeable Digital SignatureUnforgeable Digital Signature


a valid signature

101001010

I, Bob, will pay$10,000 to Alice.001001101

also a valid signature?


6161

Digital Signature -- summaryDigital Signature -- summary Three (3) steps are involved in digital Three (3) steps are involved in digital

signature signature – Setting up public and secret keys Setting up public and secret keys – Signing a documentSigning a document– Verifying a signatureVerifying a signature


6262

Setting up Public & Secret KeysSetting up Public & Secret Keys

Bob does the followingBob does the following– prepares a pair of public and secret keysprepares a pair of public and secret keys– publishes his public key in the public key file publishes his public key in the public key file

(such as an on-line phone book)(such as an on-line phone book)– keeps the secret key to himselfkeeps the secret key to himself

Note:Note:– Setting up needs only to be done once !Setting up needs only to be done once !


6363

Signing a DocumentSigning a Document Once setting up is completed, Bob can sign Once setting up is completed, Bob can sign

a document (such as a contract, a cheque, a document (such as a contract, a cheque, a certificate, ...) using the secret keya certificate, ...) using the secret key

The pair of document & signature is a proof The pair of document & signature is a proof that Bob has signed the document.that Bob has signed the document.


6464

Verifying a SignatureVerifying a Signature Any party, say Cathy, can verify the pair of Any party, say Cathy, can verify the pair of

document and signature, by using Bob’s document and signature, by using Bob’s public key in the public key file.public key in the public key file.

Important !Important !– Cathy does NOT have to have public or secret Cathy does NOT have to have public or secret

key !key !

Introduction to cryptography for authentication and identification systems --- FIT3105 --- Lecture 2 & 3.

Documents

fit3105 security

faq http

plaintext slide

single key

unique key

pair of key

references http

materials http