4 th lecture. message to be encrypted: hello key: xmckl h e l l o message 7 (h) 4 (e) 11 (l) 11...
TRANSCRIPT
![Page 1: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/1.jpg)
4th lecture
![Page 2: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/2.jpg)
Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message+ 23 (X) 12 (M) 2 (C) 10 (K) 11 (L) key = 30 16 13 21 25 message + key
= 4 (E) 16 (Q) 13 (N) 21 (V) 25 (Z) message + key (mod 26)
E Q N V Z → ciphertext
![Page 3: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/3.jpg)
To obtain the plaintext from the ciphertext, the key is subtracted from the ciphertext using modular arithmetic.
E Q N V Z ciphertext 4 (E) 16 (Q) 13 (N) 21 (V) 25 (Z) ciphertext - 23 (X) 12 (M) 2 (C) 10 (K) 11 (L) key = -19 4 11 11 14 ciphertext - key = 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) ciphertext - key (mod 26) H E L L O → message
![Page 4: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/4.jpg)
Encryption M: 0 1 1 0 1 0 1 0 0 1 1 K: 1 1 1 1 0 1 1 0 1 1 0 ------------------------------ C: 1 0 0 1 1 1 0 0 1 0 1 C = M (xor) K
Decryption C: 1 0 0 1 1 1 0 0 1 0 1 K: 1 1 1 1 0 1 1 0 1 1 0 --------------------------------- M: 0 1 1 0 1 0 1 0 0 1 1 M = C (xor) K
![Page 5: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/5.jpg)
They are a fundamental building block for most of the protocols.
They are easy to compute, but hard to reverse
Given X it is easy to compute f(x), but given f(x) it is hard to compute X.
“hard” is defined as something like, it would take millions of years to compute X from f(X).
![Page 6: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/6.jpg)
A special type of one-way function, one with a secret trapdoor.
It is easy to compute in one direction and hard to compute in the other direction. But, if you know the secret, you can easily compute the function in the other direction.
![Page 7: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/7.jpg)
Message digest (MD), message integrity check (MIC), fingerprint, …
It takes a variable-length input string (pre-image) and converts it to a fixed-length output string (hash value).
It is easy to compute a hash value from pre-image, but it is hard to generate a pre-image that hashes to a particular value.
![Page 8: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/8.jpg)
A good one-way hash function is collision-free. Collision-free means that, it is hard to find two
pre-images that generate the same hash value. A single bit change in the pre-image changes
on the average half of the bits in the hash value.
Application: File fingerprinting. The two most common hash functions are:
Message Digest 5 (MD5): produce 120-b digest.
Secure Hash Algorithm 1 (SHA-1): produces 160-b.
![Page 9: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/9.jpg)
MAC is a one-way hash function with the addition of a secret key.
Someone with the key can verify the hash value.
One-way hash function
Pre-image
Key
Hash value
![Page 10: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/10.jpg)
• Requirements - must be able to verify that:
1. Message came from apparent source or author.
2. Contents have not been altered.3. Sometimes, it was sent at a certain time or sequence.
• Protection against active attacks.
![Page 11: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/11.jpg)
Authentication Using Conventional Encryption◦ Only the sender and receiver should share a key
Authentication without Message Encryption◦ An authentication tag is generated and appended
to each message
Message Authentication Code◦ Calculate the MAC as a function of the message
and the key. MAC = F(K, M)
![Page 12: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/12.jpg)
![Page 13: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/13.jpg)
Using One-way HASH Using One-way HASH functionfunction
![Page 14: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/14.jpg)
Introduced by Diffie and Hellman. Two different keys are used (public - private). It is computationally hard to deduce the
private key from the public key. It is based on the trap-door one-way
functions. A network of users can communicate
together using the public-key cryptosystem.
![Page 15: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/15.jpg)
![Page 16: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/16.jpg)
![Page 17: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/17.jpg)
Three categories:◦Encryption/decryption: The sender encrypts
a message with the recipient’s public key.
◦Digital signature: The sender ”signs” a message with its private key.
◦Key echange: Two sides cooperate to exhange a session key.
![Page 18: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/18.jpg)
1. Computationally easy for a party B to generate a pair (public key KUb, private key KRb)
2. Easy for sender to generate
3. Easy for the receiver to decrypt ciphertect using private key:
ciphertext: )(MEC KUb
)]([)( MEDCDM KUbKRbKRb
![Page 19: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/19.jpg)
4. Computationally infeasible to determine private key (KRb) knowing public key (KUb)
5. Computationally infeasible to recover message M, knowing KUb and ciphertext C
6. Either of the two keys can be used for encryption, with the other used for decryption: )]([)]([ MEDMEDM KRbKUbKUbKRb
![Page 20: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/20.jpg)
Public-key algorithms are slow. Public-key cryptosystems are vulnerable to
chosen-plaintext attacks:◦ If C=E(P), and P is one plaintext out of a set of n
possible plaintexts, then a cryptanalyst only has to encrypt all n possible plaintexts and compare the results with C.
It is used to distribute session keys which are used with symmetric algorithms to secure messages. “This is called a hybrid cryptosystem”
![Page 21: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/21.jpg)
A hybrid cryptosystem can be constructed using any two separate cryptosystems:
a key encapsulation scheme, which is a public-key cryptosystem, and
a data encapsulation scheme, which is a symmetric-key cryptosystem.
![Page 22: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/22.jpg)
To encrypt a message addressed to Alice in a hybrid cryptosystem, Bob does the following:
Obtains Alice's public key. Generates a fresh symmetric key for the
data encapsulation scheme. Encrypts the message under the data
encapsulation scheme, using the symmetric key just generated.
![Page 23: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/23.jpg)
Encrypt the symmetric key under the key encapsulation scheme, using Alice's public key.
Send both of these encryptions to Alice.To decrypt this hybrid ciphertext, Alice does
the following: uses her private key to decrypt the
symmetric key contained in the key encapsulation segment.
uses this symmetric key to decrypt the message contained in the data encapsulation segment.
![Page 24: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/24.jpg)
RSA and Diffie-Hellman RSA - Ron Rives, Adi Shamir and Len
Adleman at MIT, in 1977.◦ RSA is a block cipher◦ The most widely implemented
Diffie-Hellman ◦ Echange a secret key securely
![Page 25: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/25.jpg)
Characteristics of signatures:
◦ The signature is authentic.◦ The signature is unforgeable.◦ The signature is not reusable.◦ The signed document is unalterable.◦ The signature can not be repudiated.
![Page 26: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/26.jpg)
There are some problems if signatures is used in computer environment (digital signature):◦ Computer files are easy to copy.◦ It is easy to cut and paste a valid signature from
one document to another.◦ Computer files are easy to modify after they are
signed.
![Page 27: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/27.jpg)
Alice sends a message to Bob that includes both the plaintext “P” and an encrypted version of P, “C” using her private key. This encrypted version is her digital signature.
Bob receives the message “C” and decrypts it using her public key.
Bob compares the decrypted message and the plaintext message.
![Page 28: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/28.jpg)
Bob can authenticate that the message came from Alice because he decrypted it using Alice’s public key.
![Page 29: 4 th lecture. Message to be encrypted: HELLO Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11](https://reader035.vdocuments.mx/reader035/viewer/2022062518/56649ed25503460f94be25a1/html5/thumbnails/29.jpg)
if Alice and Bob are strangers who have never communicated to each other before, then the digital signature is useless for authentication. it cannot be used to authenticate the identity of the sender. In this case, a trusted third party “arbitrator” is required to authenticate the identity of the transacting parties