PUBLIC KEY CRYPTO GRAD SEC OCT 26 2017
PUBLIC KEYCRYPTO
GRAD SECOCT 26 2017
RECAP
E
m
K
c
Deterministic ⟹ use IVs Fixed block size ⟹ use encryption “modes”
Block ciphersD
c
K
m
Kc, t
K
CONFIDENTIALITY
Send (message, tag) pairs Verify that they match
Message Authentication Codes (MACs)INTEGRITY
Sgn
m
K
t
Vfy
m
K
Yes/No
t
RECAP
E
m
K
c
Deterministic ⟹ use IVs Fixed block size ⟹ use encryption “modes”
Block ciphersD
c
K
m
Kc, t
K
CONFIDENTIALITY
Send (message, tag) pairs Verify that they match
Message Authentication Codes (MACs)INTEGRITY
Sgn
m
K
t
Vfy
m
K
Yes/No
t
Today: How do we establish K?
How do we know with whom we are communicating?
DIFFIE HELLMAN KEY ESTABLISHMENTBLACKBOX #4:
HIGH-LEVEL REVIEW OF MODULAR ARITHMETICx mod N
HIGH-LEVEL REVIEW OF MODULAR ARITHMETICx mod N
g is a generator of mod N if {1, 2, …, N-1} = {g0 mod N, g1 mod N, …, gN-2 mod N}
HIGH-LEVEL REVIEW OF MODULAR ARITHMETICx mod N
g is a generator of mod N if {1, 2, …, N-1} = {g0 mod N, g1 mod N, …, gN-2 mod N}
N=5, g=3 30 mod 5 = 1 31 mod 5 = 3 32 mod 5 = 4 33 mod 5 = 2
HIGH-LEVEL REVIEW OF MODULAR ARITHMETICx mod N
Given x and g, it is efficient to compute gx mod N
g is a generator of mod N if {1, 2, …, N-1} = {g0 mod N, g1 mod N, …, gN-2 mod N}
N=5, g=3 30 mod 5 = 1 31 mod 5 = 3 32 mod 5 = 4 33 mod 5 = 2
HIGH-LEVEL REVIEW OF MODULAR ARITHMETICx mod N
Given x and g, it is efficient to compute gx mod N
Given g and gx, it is efficient to compute x (simply take logg gx)
g is a generator of mod N if {1, 2, …, N-1} = {g0 mod N, g1 mod N, …, gN-2 mod N}
N=5, g=3 30 mod 5 = 1 31 mod 5 = 3 32 mod 5 = 4 33 mod 5 = 2
HIGH-LEVEL REVIEW OF MODULAR ARITHMETICx mod N
Given x and g, it is efficient to compute gx mod N
Given g and gx, it is efficient to compute x (simply take logg gx)
Given g and gx mod N it is infeasible to compute x Discrete log problem
g is a generator of mod N if {1, 2, …, N-1} = {g0 mod N, g1 mod N, …, gN-2 mod N}
N=5, g=3 30 mod 5 = 1 31 mod 5 = 3 32 mod 5 = 4 33 mod 5 = 2
DIFFIE-HELLMAN KEY EXCHANGE
DIFFIE-HELLMAN KEY EXCHANGE
Public knowledge: g and N
DIFFIE-HELLMAN KEY EXCHANGE
Public knowledge: g and N
g N
g N
g N
DIFFIE-HELLMAN KEY EXCHANGE
Public knowledge: g and N
Pick random a
g N
g N
g N
DIFFIE-HELLMAN KEY EXCHANGE
Public knowledge: g and N
Pick random a
g N
g N
g Na
DIFFIE-HELLMAN KEY EXCHANGE
Public knowledge: g and N
Pick random a
g N
g N
g N
ga mod N
a
DIFFIE-HELLMAN KEY EXCHANGE
Public knowledge: g and N
Pick random a
g N
g N
g N
ga mod N
aga mod N
ga mod N
DIFFIE-HELLMAN KEY EXCHANGE
Public knowledge: g and N
Pick random a
g N
g N
g N
ga mod N
aga mod N
ga mod N
Pick random b
b
DIFFIE-HELLMAN KEY EXCHANGE
Public knowledge: g and N
Pick random a
g N
g N
g N
ga mod N
aga mod N
ga mod N
Pick random bgb mod N
b
DIFFIE-HELLMAN KEY EXCHANGE
Public knowledge: g and N
Pick random a
g N
g N
g N
ga mod N
aga mod N
ga mod N
Pick random bgb mod N
bgb mod N
gb mod N
DIFFIE-HELLMAN KEY EXCHANGE
Public knowledge: g and N
Pick random a
g N
g N
g N
ga mod N
aga mod N
ga mod N
Pick random bgb mod N
bgb mod N
gb mod N
Compute (gb mod N)a = gab mod N Compute (ga mod N)b = gab mod N
DIFFIE-HELLMAN KEY EXCHANGE
Public knowledge: g and N
Pick random a
g N
g N
g N
ga mod N
aga mod N
ga mod N
Pick random bgb mod N
bgb mod N
gb mod N
Compute (gb mod N)a = gab mod N Compute (ga mod N)b = gab mod N
Shared secret: This is the key
DIFFIE-HELLMAN KEY EXCHANGEg Nga mod Ngb mod N
gab mod N
ga mod N gb mod N* = ga+b mod N
DIFFIE-HELLMAN KEY EXCHANGEg Nga mod Ngb mod N
Given g and gx mod N it is infeasible to compute x Discrete log problem
gab mod N
ga mod N gb mod N* = ga+b mod N
PUBLIC KEY CRYPTOGRAPHYBLACKBOX #5:
PUBLIC KEY INFRASTRUCTURE (PKI)PUTTING IT ALL TOGETHER: