chapter 3 public key cryptography · 30 one way datadata hash value hash value. 31 collision...
TRANSCRIPT
![Page 1: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/1.jpg)
1
Public Key InfrastructuresPublic Key Infrastructures
Chapter 3Public Key Cryptography
Cryptography and Computeralgebra
Johannes Buchmann
![Page 2: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/2.jpg)
2
Encryption
plaintextplaintext plaintextplaintext
secret secret=
symmetric
decryptencrypt
![Page 3: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/3.jpg)
3
Symmetric encryption schemes
170 msIDEA
80 msMARS
100 msTWOFISH
78 msRC6
Performance*Scheme
95 msSERPENT
65 msRIJNDEAL (AES)
250 msDES-ede
*) Encryption of 1 MByte on a Pentium 2.8 GHz, using the FlexiProvider (Java)
![Page 4: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/4.jpg)
4
BUT: key exchange problem
n*(n-1)/2 keys
Internet: ∼ 1,093,529,692 users => 1,195,807,187,285,614,864 keys
![Page 5: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/5.jpg)
5
One solution
Key-Server
The key-server knows all secret keys!
![Page 6: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/6.jpg)
6
Example
The authentication center (AC) in mobile communications knows all the keys. It stores them in a database.
From “IT-Sicherheit”, page 785, 800
![Page 7: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/7.jpg)
7
Encryption
plaintextplaintext plaintextplaintextdecryptencrypt
public private
≠asymmetric
![Page 8: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/8.jpg)
8
Key exchange problem solved!
Public-Key-Server
The server does not know any private information!
![Page 9: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/9.jpg)
9
Public-Key-Server
......
8422834964509823610263135768Karatsiolis
13121311235912753192375134123Buchmann
Public Directory
mapping: names ↔ public keys
![Page 10: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/10.jpg)
10
Asymmetric encryption schemes
6,6 sRSA (1024 bits)
Performance*Scheme
11.8 sRSA (2048 bits)
Disadvantage: Complex operations with big numbers
⇒ schemes are slow
*) Encryption of 1 MByte on a Pentium 2.8 GHz, using the FlexiProvider (Java)
![Page 11: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/11.jpg)
11
Solution
plaintextplaintextdecryptencryptplaintextplaintext
decryptencrypt
symmetric session key
public secrethybrid
encryption
![Page 12: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/12.jpg)
12
…using 200 digits provides a margin of safety against future developments…
RSA
published in 1978
![Page 13: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/13.jpg)
13
RSA-200 factored in 2005
After 27 years
![Page 14: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/14.jpg)
14
Security
Impossibility to factor the RSA module
21335625291600027351142759355194209132914767425698066864818245285802697571587504827160038792867188144217660057955934845800814958268691260056037643469790871613988653520618544234805258949423413033375605873213651488760386443075342912012970548900016706067393246389837569751517347745772076420507479301672647916792373351492517320962556245120580406546060184803670311182370599074873628794261731191112555208060025609009047888480639771734426254325175122847998160609602132860929278043535478577169570898641110787987645625919308715088016517131066837168489289581361754587749922998809128927098697538006934652117684098976045960758751
![Page 15: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/15.jpg)
15
n = 2799783391122132787082946763872260162107044678695542853756000992932612840010760934567105295536085606 1822351910951365788637105954482006576775098580557613579098734950144178863178946295187237869221823983
was factored in May 2005:
p = 3532461934402770121272604978198464368671197400197625023649303468776121253679423200058547956528088349
q = 7925869954478333033347085841480059687737975857364219960734330341455767872818152135381409304740185467
Secret
![Page 16: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/16.jpg)
16
Factors
Factors of 6?
Factors of 143?11, because 143 = 11*13
3, because 6 = 3*2
Factors of213356252916000273511427593551942091329147674256980668648182452858026975715875048271600387928671881442176600579559348458008149582686912600560376434697908716139886535206185442348052589494234130333756058732136514887603864430753429120129705489000167060673932463898375697515173477457720764205074793016726479167923733514925173209625562451205804065460601848036703111823705990748736287942617311911125552080600256090090478884806397717344262543251751228479981606096021328609292780435354785771695708986411107879876456259193087150880165171310668371684892895813617 54587749922998809128927098697538006934652117684098976045960758751
?
![Page 17: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/17.jpg)
17
Fermat – Numbers (Pierre de Fermat, 1601-1665)
122 +=m
mF
F0 = 3
F1 = 5
F2 = 17
F3 = 257
F4 = 65537
F5 = 4294967297= 641*6700417
Difficult computational problem: factoring
![Page 18: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/18.jpg)
18
Difficulty of factoring
Completely factored Fermat numbers
617
309
155
78
39
20
10
Cunningham, Brent, Morain198811
Selfridge, Brillhart, Brent199510
Western, Lenstra, Manasse, u.a.19909
Brent, Pollard19808
Morrison, Brillhart19707
Landry, Le Lasseur18806
Euler17325
Decimal digits
discovereryearm
![Page 19: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/19.jpg)
19
L u v env n nu u
[ , ] (log ) (log log ) ( )
=−1
L vn [ , ]0
polynomial exponential
L vn[ , ]1
complexity
Number Field Sieve NFS 1990
1/3
Quadratic Sieve 1980
1/2
Computational complexity
![Page 20: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/20.jpg)
20
open$200,000617RSA-2048
open$150,000463RSA-1536
open$100,000309RSA-1024
open$75,000270RSA-896
open$50,000232RSA-768
open$30,000212RSA-704
Nov. 4, 2005$20,000193RSA-640
Dec. 3, 2003$10,000174RSA-576
May 9, 2005200RSA-200
Apr. 1, 2003160RSA-160
Aug. 22, 1999155RSA-155
Apr. 16, 2004150RSA-150
Feb. 2, 1999140RSA-140
Apr. 10, 1996130RSA-130
Apr. 1994$100129RSA-129
Jun. 1993120RSA-120
Apr. 1992110RSA-110
Apr. 1991100RSA-100
factoredprizedigitsnumber
![Page 21: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/21.jpg)
21
G group of points on an elliptic curve:
Exponential complexity
Small keys are possible
Discrete-Logarithm-Problem (DLP):
Solve gx = a
G Group
ax glog=
Difficult computational problem: DLP
![Page 22: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/22.jpg)
22
ECC challenges
20029x10^7109ECCp-10919987198297ECCp-971998436089ECCp-89199714679ECCp-7920042.1x10^7109ECC2-10920001.3x10^6109ECC2K-108199918044897ECC2-971998863797ECC2K-9519981127889ECC2-89199735279ECC2-79DateDaysField SizeECC
From www.certicon.com
![Page 23: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/23.jpg)
23
factoring easy
ECDLP easy
all popular cryptosystems insecure
make
Quantum computers
![Page 24: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/24.jpg)
24
Alternative: Short lattice vectors
![Page 25: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/25.jpg)
25
Alternative: Short lattice vectors
![Page 26: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/26.jpg)
26
2 d
27.7 h
9 h
2 h
8 min
4*108450
1*108400
4*106300
2*105200
3*103100
Running Time LLL Length SV Dimension
Architekture: SunBlade 100 (C++)
Short vectors
![Page 27: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/27.jpg)
27
Find difficult computational problems
Find correct security models
Find provable secure cryptosystems
Research challenges
![Page 28: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/28.jpg)
28
Cryptographic hash functions
datadata hashfunction
hashvaluehashvalue
nh }1,0{}1,0{: * →
![Page 29: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/29.jpg)
29
Easy
easy and fast to calculate
85 msSHA-256
Performance*Scheme
48 msRIPEMD-16050 msSHA-1
*) Hashing of 1 MByte on a Pentium 2.8 GHz, using the FlexiProvider (Java)
![Page 30: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/30.jpg)
30
One way
datadatahashvaluehashvalue
![Page 31: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/31.jpg)
31
Collision resistant
datadata
hashfunction
hashvaluehashvalue
datadata
![Page 32: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/32.jpg)
32
Message Authentication Code
valid /invalid
plaintextplaintext
secret
MACfunction
secret
MACfunction
plaintextplaintext
MACvalueMACvalue
![Page 33: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/33.jpg)
33
MAC schemes
HMAC
CBC-MAC (3-DES, IDEA, other)
Two-Track-Mac
![Page 34: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/34.jpg)
34
MAC applications
For securing the transport of a private key in software based solutionse.g. PKCS12, to protect the private key from tampering. The key is derived from a password.
In many protocols:
SSL/TLS, mobile communications
![Page 35: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/35.jpg)
35
Message Authentication Code
symmetric scheme
⇒ fast
⇒ key exchange problem
![Page 36: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/36.jpg)
36
Digital signature
valid /invalid
plaintextplaintext
sign verify
plaintextplaintext
SignatureSignature
private public
![Page 37: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/37.jpg)
37
Digital signature
asymmetric scheme
⇒ slow
⇒ key exchange problem solved
![Page 38: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/38.jpg)
38
Asymmetric signature schemes
38 msecECDSA (160)
32 msecDSA (1024)
Performance*Scheme
35 msecRSA (1024)
*) Creation of a signature on a Pentium 2,8 GHz,using the FlexiProvider (Java)
![Page 39: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/39.jpg)
39
Reaching the security goals
Confidentiality
Integrity
Authenticity of data
Entity Authentication
Non-repudiation
→ sym. and asym. encryption
→ hash, MAC, digital signature
→ digital signature, MAC
→ digital signature, MAC
→ digital signature
![Page 40: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/40.jpg)
40
Problem Exposition
![Page 41: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/41.jpg)
41
Why PKI?
1) Keep the private key secret
2) How to know that the public key is correct
=> PKI is needed
![Page 42: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/42.jpg)
42
How do software vendors protect theirsignature key?
How does the PC know the correctverification key?
![Page 43: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/43.jpg)
43
Digitally signed updates:
![Page 44: Chapter 3 Public Key Cryptography · 30 One way datadata hash value hash value. 31 Collision resistant datadata hash function hash value hash value datadata. 32 Message Authentication](https://reader031.vdocuments.mx/reader031/viewer/2022022118/5cd03ea288c993924d8d9d67/html5/thumbnails/44.jpg)
44
How to authenticate public keys?