KEY MANAGEMENT; OTHER KEY MANAGEMENT; OTHER PUBLIC-KEY PUBLIC-KEY CRYPTOSYSTEMSCRYPTOSYSTEMS - Chapter 10 - Chapter 10
• KEY MANAGEMENT
• DIFFIE-HELLMAN KEY EXCHANGE
• ELLIPTIC CURVE ARITHMETIC
• ELLIPTIC CURVE CRYPTOGRAPHY
KEY MANAGEMENTKEY MANAGEMENT
Two Aspects:
Distribution of,
• Public Keys
• Secret Keys using PKC encryption
DISTRIBUTION OF PUBLIC KEYSDISTRIBUTION OF PUBLIC KEYS
• PUBLIC ANNOUNCEMENT - easy to forge (e.g. append public key to email)
• PUBLICLY AVAILABLE DIRECTORY - [name,public-key], secure registration/access
• PUBLIC-KEY AUTHORITY - shared public/private key pair with each user
• PUBLIC-KEY CERTIFICATES - exchange authentic keys without contacting authority
UNCONTROLLEDPUBLIC-KEY DISTRIBUTION
F igur e 10.1 U ncontrolled P ublic K ey D istr ibution
¥¥¥
K U a
K U a
K U a
K U a
K U b
K U b
K U b
K U b
¥¥¥
A B
PUBLIC-KEY PUBLICATION
F igur e 10.2 P ublic K ey P ublication
P ublic-K eyD irector y
K U a K U b
A B
PUBLIC-KEY DISTRIBUTION SCENARIO
(1) R equest || T ime 1
(3) E K U b [ID A || N 1]
(7) E K U b [ N 2 ]
F igur e 10.3 P ublic-K ey D istr ibution Scenar io
(6) E K U a [N 1 || N 2]
(4) R equest || T ime 2
I nitiatorA
P ublic-k eyA uthor ity
R esponderB
(5) E K R auth [K U a || Request || T ime2]
(2) E K R auth [K U b || Request || T ime1]
7
EXCHANGE OF PUBLIC-KEY CERTIFICATES
C A = E K R auth [ T ime 1, ID A , K U a ]
(1) C A
F igur e 10.4 E xchange of P ublic-K ey C er tificates
(2) C B
C B = E K Rauth [ T ime 2, ID B , K U b ]
KU a KU b
A B
C er tificateA uthor ity
88
EXCHANGE OF PUBLIC-KEY EXCHANGE OF PUBLIC-KEY CERTIFICATES CERTIFICATES
Any participant can Any participant can readread certificate to certificate to
determine name and public key of cert. ownerdetermine name and public key of cert. owner Any participant can Any participant can verify verify that cert. is notthat cert. is not
counterfeit.counterfeit. Only the Only the certificate authoritycertificate authority can create can create
and update certs.and update certs. Any participant can Any participant can verify currencyverify currency of of
certificate.certificate.
99
EXCHANGE OF PUBLIC-KEY EXCHANGE OF PUBLIC-KEY CERTIFICATES CERTIFICATES
To read and verify:To read and verify:
DDKUKUauthauth[C[CAA] = D] = DKUKUauthauth
[E[EKRKRauthauth[T,ID[T,IDAA,K,KUUaa
]] = (T,ID]] = (T,IDAA,K,KUUaa))
TimestampTimestamp counteracts: counteracts:
A’s private key learned by opponentA’s private key learned by opponent
A updates private/public key pairA updates private/public key pair
Opponent replays old cert. to BOpponent replays old cert. to B
B encrypts using old public keyB encrypts using old public key
10
PKC TO ESTABLISH SESSION KEY
(1) K U a || ID A
(2) E K U a [K s ]
A B
F igur e 10.5 Simple U se of P ublic-K ey E ncr yption to E stablish a Session K ey
11
PKC TO ESTABLISH SESSION KEY(1) K U a || ID A
(2) E KU a [K s ]
A B
F igur e 10.5 Simple U se of P ublic-K ey E ncr yption to E stablish a Session K ey
KUa and KRa discarded afterwardsAdvantage: No keys before or after protocolBut, A [KUa,IDa] E [KUe,IDe] B B EKUe
[Ks] E EKUa[Ks] A
E learns Ks
A and B unaware
12
PUBLIC-KEY DISTRIBUTION OF SECRET KEYS
(2) EK U a [N 1 || N 2]
F igur e 10.6 P ublic-K ey D istr ibution of Secr et K eys
(1) EK U b
[N 1 || ID A ]
(3) EK U b
[N 2]
I nitiatorA
R esponderB
(4) E K U b[E K R a[K s]]
13
PUBLIC-KEY DISTRIBUTION OF SECRET KEYS
(2) EK U a [N 1 || N 2]
F igur e 10.6 P ublic-K ey D istr ibution of Secr et K eys
(1) EK U b
[N 1 || ID A ]
(3) EK U b
[N 2]
I nitiatorA
R esponderB
(4) E K U b[E K R a[K s]]
• N1 || N2 prevent eavesdropping• Scheme ensures confidentiality and
authentication
14
DIFFIE-HELLMAN KEY EXCHANGEG lobal P ublic E lem ents
q prim e num ber
a a < q and a a prim itive root of q
User A Key Generation
S elect private X A X A < q
C alculate public Y A Y A = a X A m od q
U s er B K ey G eneration
S elect private X B X B < q
C alculate public Y B Y B = a X B m od q
Generation of Secret Key by User A
K = ( Y B )X A m od q
Generation of Secret Key by User B
K = ( Y A )X B m od q
Figure 10.7 The Diffie-Hellman Key Exchange Algorithm
15
DIFFIE-HELLMAN KEY EXCHANGE
YA
YB
F igur e 10.8 D iffie-H ellman K ey E xchange
U ser A U ser B
G enerate random X A < q;C alculate Y A = a X A mod q G enerate
random X B < q;C alculate Y B = a X B mod q;C alculate K = (Y A )X B mod q C alculate
K = (Y B )X A mod q
1616
ELLIPTIC CURVES INSTEADELLIPTIC CURVES INSTEAD OF RSA OF RSA
ReplaceReplace multiplication with ’addition’ multiplication with ’addition’
(a x a x a ….x a) mod n(a x a x a ….x a) mod n
replaced byreplaced by
(a + a + a … + a) mod {elliptic curve}(a + a + a … + a) mod {elliptic curve}• Multiplicative order (size of ’circle’)Multiplicative order (size of ’circle’)
replaced byreplaced by
#points#points on elliptic curve on elliptic curve• Elliptic curve defined by cubic equation:Elliptic curve defined by cubic equation:
yy22 + xy = x + xy = x33 + ax + ax22 + b + b
17
EXAMPLE OF ELLIPTIC CURVES
Ð4
Ð2
0
2
4
543210Ð1Ð2
Ð4
Ð2
0
2
4
543210Ð1Ð2
(a) y2 = x 3 Ð x
(b ) y2 = x3 + x + 1
F igur e 10.9 E xample of E ll iptic C ur ves
P
P
Q
Q
Ð(P + Q)
Ð(P + Q)
(P + Q)
(P + Q)
18
ELLIPTIC CURVE E23(1,1)
Ð4
Ð2
0
2
4
543210Ð1Ð2
Ð4
Ð2
0
2
4
543210Ð1Ð2
(a) y2 = x 3 Ð x
(b ) y2 = x3 + x + 1
F igur e 10.9 E xample of E ll iptic C ur ves
P
P
Q
Q
Ð(P + Q)
Ð(P + Q)
(P + Q)
(P + Q)
19
ECC KEY EXCHANGEG lobal P ublic E lem ents
E q(a , b ) elliptic curve with param eters a, b, and q, where q is a prim eor an integer of the form 2 m
G point on elliptic curve whos e order is large value n
User A Key Generation
S elect private nA nA < n
C alculate public P A P A = nA ´ G
U s er B K ey G eneration
S elect private nB nA < n
C alculate public P B P B = nB ´ G
Generation of Secret Key by User A
K = nA ´ P B
Generation of Secret Key by User B
K = nB ´ P A
F igure 10.11 EC C Key Exchange
2020
ELLIPTIC CURVE vs RSAELLIPTIC CURVE vs RSA
TABLE 10.2TABLE 10.2