Beruflich Dokumente
Kultur Dokumente
Monday, August 23
Initial topic: A Survey of Basic
Cryptography
Peter Gemmell
277-6509 office
280-2557 cellular
gemmell@cs.unm.edu
What is cryptology?
k k
sender receiver
encryption decryption
M ciphertext ciphertext M
Enck Deck
Types of algorithms
Symmetric (authentication)
Alice Bob
k k
sender receiver
authentication verification
pubkey privkey
sender receiver
encryption decryption
M ciphertext ciphertext M
Encpubkey Decprivkey
Types of algorithms
Public Key (assymmetric authentication)
Alice Bob
privkey pubkey
sender receiver
authentication verification
Recipient knows:
a) that the message is that of the supposed sender
b) can prove (a) to a third party
Why Public Key is so important
It lessens the number of keys needed in a general purpose
virtual private network (VPN)
Non-repudiation
Math Background
Modular (clock) Arithmetic
Tripe-DES: ciphertext =
EncDESk1(EncDESk2(EncDESk3( plaintext)))
EncDESk1(DecDESk1 xor k2(EncDESk2( plaintext)))
a,b a,b
sender receiver
authentication verification
k k
sender receiver
authentication verification
k
Impersonation Attack
Alice
important information
Certification Authority (CA)
“Bob”
“Bob” CA
PubkeyBob
misc info
misc info CA
signature
• iKP of IBM
• SEPP: IBM, Netscape,GTE,CyberCash, and MasterCard
• VISA’s design
• First Virtual
• Secure Courier, STT
Electronic Payment Systems
Chaum-style untraceable Cash
The Bank/Mint
Ecash
withdrawer/payer
The Bank/Mint
SN =
12345
BankSig
SN=
12345
ECash
Payee/Depositor
SN =
BankSig BankSig 12345
BankSig
Electronic Payment Systems
Trustee-traceable Cash
Trustee 1
Trustee 2
The Bank/Mint
Ecash
Withdrawer/Payer
The Bank/Mint
SN =
12345
BankSig
SN=
12345
ECash
Payee/Depositor
SN =
BankSig BankSig 12345
BankSig
Key Escrow, e.g. Clipper
Trustee 1
escrow
key1
ECash User
escrow Trustee 2
key2
escrow Trustee L
keyL
The Threshold Paradigm is one of
Distributed Trust
Secret Information
Threshold Sharing
• Iterated
• Key Schedule
• Feistel -- e.g. DES
Modes of DES Encryption
DES is a block cipher, encryptions of the
same block repeated might yield the same
cipher text
M1-64 M65-128
DES k DES k
C1-64 C65-128
Cipher Block Chaining mode
(CBC)
M65-128
M1-64 XOR
DES k DES k
C1-64 C65-128
Attacks -- characterized by
needs of the attacker
• Known Plaintext
• Chosen Plaintext
• Chosen Ciphertext
Enck(M) = Enck1(Enck2(M))
k2 = 000..0 k1 = 000..0
P Enck2(P) = Deck1(C) C
k2 = 11….1
k1 = 11….1
Homework 2
• Why do people not advocate “double DES” ?
• Why do people not use error correcting codes for
encryption?
• Why do people not use error correcting codes for
authentication?
Using CBC DES for authentication
(symmetric)
M1-64 M65-128 Mlast block
XOR XOR
Authk(M)
RSA
(public key signatures)
Sigx(M) = (r,s)
The Digital Signature
Algorithm
signature verification
Given: M, (r,s)
process
compute
u1 = s-1 H(M) mod q
u2 = s-1 r mod q
v = (gu1 yu2 mod p) mod q
accept v=r
Primality Testing
For security and general fault-tolerant reasons,
need to know if p is really prime (divisible only by
1 and p)
Probabilistic:
Miller-Rabin
Solovay-Strassen
…
100% guaranteed:
Atkins
…
Strong primes p
• p+1 has a large prime factor
• p-1 has a large prime factor r
• r-1 has a large prime factor
Solution:
• theory: pseudo-random strings that are “polynomial time
indistinguishable” from truly random strings
• practice: use DES, hash functions generate bits from a
random seed (FIPS 186)
Stream Ciphers
(example -- binary cipher)
key: k
input: M1M2 M3 M4…
key stream: k1 k2 k3 k4…
Prover Verifier
(Interactive proofs)
Zero knowledge proofs are
simulateable
(conversation distributions are indistinguishable)
Prover Verifier
conversation 1
Simulator Verifier
conversation 2
Complexity Theory