key management; other public-key cryptosystems - chapter 10 key management; other public-key...
TRANSCRIPT
![Page 1: KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT DIFFIE-HELLMAN KEY](https://reader036.vdocuments.mx/reader036/viewer/2022062408/56649f145503460f94c28e86/html5/thumbnails/1.jpg)
KEY MANAGEMENT; OTHER KEY MANAGEMENT; OTHER PUBLIC-KEY PUBLIC-KEY CRYPTOSYSTEMSCRYPTOSYSTEMS - Chapter 10 - Chapter 10
• KEY MANAGEMENT
• DIFFIE-HELLMAN KEY EXCHANGE
• ELLIPTIC CURVE ARITHMETIC
• ELLIPTIC CURVE CRYPTOGRAPHY
![Page 2: KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT DIFFIE-HELLMAN KEY](https://reader036.vdocuments.mx/reader036/viewer/2022062408/56649f145503460f94c28e86/html5/thumbnails/2.jpg)
KEY MANAGEMENTKEY MANAGEMENT
Two Aspects:
Distribution of,
• Public Keys
• Secret Keys using PKC encryption
![Page 3: KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT DIFFIE-HELLMAN KEY](https://reader036.vdocuments.mx/reader036/viewer/2022062408/56649f145503460f94c28e86/html5/thumbnails/3.jpg)
DISTRIBUTION OF PUBLIC KEYSDISTRIBUTION OF PUBLIC KEYS
• PUBLIC ANNOUNCEMENT - easy to forge (e.g. append public key to email)
• PUBLICLY AVAILABLE DIRECTORY - [name,public-key], secure registration/access
• PUBLIC-KEY AUTHORITY - shared public/private key pair with each user
• PUBLIC-KEY CERTIFICATES - exchange authentic keys without contacting authority
![Page 4: KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT DIFFIE-HELLMAN KEY](https://reader036.vdocuments.mx/reader036/viewer/2022062408/56649f145503460f94c28e86/html5/thumbnails/4.jpg)
UNCONTROLLEDPUBLIC-KEY DISTRIBUTION
F igur e 10.1 U ncontrolled P ublic K ey D istr ibution
¥¥¥
K U a
K U a
K U a
K U a
K U b
K U b
K U b
K U b
¥¥¥
A B
![Page 5: KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT DIFFIE-HELLMAN KEY](https://reader036.vdocuments.mx/reader036/viewer/2022062408/56649f145503460f94c28e86/html5/thumbnails/5.jpg)
PUBLIC-KEY PUBLICATION
F igur e 10.2 P ublic K ey P ublication
P ublic-K eyD irector y
K U a K U b
A B
![Page 6: KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT DIFFIE-HELLMAN KEY](https://reader036.vdocuments.mx/reader036/viewer/2022062408/56649f145503460f94c28e86/html5/thumbnails/6.jpg)
PUBLIC-KEY DISTRIBUTION SCENARIO
(1) R equest || T ime 1
(3) E K U b [ID A || N 1]
(7) E K U b [ N 2 ]
F igur e 10.3 P ublic-K ey D istr ibution Scenar io
(6) E K U a [N 1 || N 2]
(4) R equest || T ime 2
I nitiatorA
P ublic-k eyA uthor ity
R esponderB
(5) E K R auth [K U a || Request || T ime2]
(2) E K R auth [K U b || Request || T ime1]
![Page 7: KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT DIFFIE-HELLMAN KEY](https://reader036.vdocuments.mx/reader036/viewer/2022062408/56649f145503460f94c28e86/html5/thumbnails/7.jpg)
7
EXCHANGE OF PUBLIC-KEY CERTIFICATES
C A = E K R auth [ T ime 1, ID A , K U a ]
(1) C A
F igur e 10.4 E xchange of P ublic-K ey C er tificates
(2) C B
C B = E K Rauth [ T ime 2, ID B , K U b ]
KU a KU b
A B
C er tificateA uthor ity
![Page 8: KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT DIFFIE-HELLMAN KEY](https://reader036.vdocuments.mx/reader036/viewer/2022062408/56649f145503460f94c28e86/html5/thumbnails/8.jpg)
88
EXCHANGE OF PUBLIC-KEY EXCHANGE OF PUBLIC-KEY CERTIFICATES CERTIFICATES
Any participant can Any participant can readread certificate to certificate to
determine name and public key of cert. ownerdetermine name and public key of cert. owner Any participant can Any participant can verify verify that cert. is notthat cert. is not
counterfeit.counterfeit. Only the Only the certificate authoritycertificate authority can create can create
and update certs.and update certs. Any participant can Any participant can verify currencyverify currency of of
certificate.certificate.
![Page 9: KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT DIFFIE-HELLMAN KEY](https://reader036.vdocuments.mx/reader036/viewer/2022062408/56649f145503460f94c28e86/html5/thumbnails/9.jpg)
99
EXCHANGE OF PUBLIC-KEY EXCHANGE OF PUBLIC-KEY CERTIFICATES CERTIFICATES
To read and verify:To read and verify:
DDKUKUauthauth[C[CAA] = D] = DKUKUauthauth
[E[EKRKRauthauth[T,ID[T,IDAA,K,KUUaa
]] = (T,ID]] = (T,IDAA,K,KUUaa))
TimestampTimestamp counteracts: counteracts:
A’s private key learned by opponentA’s private key learned by opponent
A updates private/public key pairA updates private/public key pair
Opponent replays old cert. to BOpponent replays old cert. to B
B encrypts using old public keyB encrypts using old public key
![Page 10: KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT DIFFIE-HELLMAN KEY](https://reader036.vdocuments.mx/reader036/viewer/2022062408/56649f145503460f94c28e86/html5/thumbnails/10.jpg)
10
PKC TO ESTABLISH SESSION KEY
(1) K U a || ID A
(2) E K U a [K s ]
A B
F igur e 10.5 Simple U se of P ublic-K ey E ncr yption to E stablish a Session K ey
![Page 11: KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT DIFFIE-HELLMAN KEY](https://reader036.vdocuments.mx/reader036/viewer/2022062408/56649f145503460f94c28e86/html5/thumbnails/11.jpg)
11
PKC TO ESTABLISH SESSION KEY(1) K U a || ID A
(2) E KU a [K s ]
A B
F igur e 10.5 Simple U se of P ublic-K ey E ncr yption to E stablish a Session K ey
KUa and KRa discarded afterwardsAdvantage: No keys before or after protocolBut, A [KUa,IDa] E [KUe,IDe] B B EKUe
[Ks] E EKUa[Ks] A
E learns Ks
A and B unaware
![Page 12: KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT DIFFIE-HELLMAN KEY](https://reader036.vdocuments.mx/reader036/viewer/2022062408/56649f145503460f94c28e86/html5/thumbnails/12.jpg)
12
PUBLIC-KEY DISTRIBUTION OF SECRET KEYS
(2) EK U a [N 1 || N 2]
F igur e 10.6 P ublic-K ey D istr ibution of Secr et K eys
(1) EK U b
[N 1 || ID A ]
(3) EK U b
[N 2]
I nitiatorA
R esponderB
(4) E K U b[E K R a[K s]]
![Page 13: KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT DIFFIE-HELLMAN KEY](https://reader036.vdocuments.mx/reader036/viewer/2022062408/56649f145503460f94c28e86/html5/thumbnails/13.jpg)
13
PUBLIC-KEY DISTRIBUTION OF SECRET KEYS
(2) EK U a [N 1 || N 2]
F igur e 10.6 P ublic-K ey D istr ibution of Secr et K eys
(1) EK U b
[N 1 || ID A ]
(3) EK U b
[N 2]
I nitiatorA
R esponderB
(4) E K U b[E K R a[K s]]
• N1 || N2 prevent eavesdropping• Scheme ensures confidentiality and
authentication
![Page 14: KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT DIFFIE-HELLMAN KEY](https://reader036.vdocuments.mx/reader036/viewer/2022062408/56649f145503460f94c28e86/html5/thumbnails/14.jpg)
14
DIFFIE-HELLMAN KEY EXCHANGEG lobal P ublic E lem ents
q prim e num ber
a a < q and a a prim itive root of q
User A Key Generation
S elect private X A X A < q
C alculate public Y A Y A = a X A m od q
U s er B K ey G eneration
S elect private X B X B < q
C alculate public Y B Y B = a X B m od q
Generation of Secret Key by User A
K = ( Y B )X A m od q
Generation of Secret Key by User B
K = ( Y A )X B m od q
Figure 10.7 The Diffie-Hellman Key Exchange Algorithm
![Page 15: KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT DIFFIE-HELLMAN KEY](https://reader036.vdocuments.mx/reader036/viewer/2022062408/56649f145503460f94c28e86/html5/thumbnails/15.jpg)
15
DIFFIE-HELLMAN KEY EXCHANGE
YA
YB
F igur e 10.8 D iffie-H ellman K ey E xchange
U ser A U ser B
G enerate random X A < q;C alculate Y A = a X A mod q G enerate
random X B < q;C alculate Y B = a X B mod q;C alculate K = (Y A )X B mod q C alculate
K = (Y B )X A mod q
![Page 16: KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT DIFFIE-HELLMAN KEY](https://reader036.vdocuments.mx/reader036/viewer/2022062408/56649f145503460f94c28e86/html5/thumbnails/16.jpg)
1616
ELLIPTIC CURVES INSTEADELLIPTIC CURVES INSTEAD OF RSA OF RSA
ReplaceReplace multiplication with ’addition’ multiplication with ’addition’
(a x a x a ….x a) mod n(a x a x a ….x a) mod n
replaced byreplaced by
(a + a + a … + a) mod {elliptic curve}(a + a + a … + a) mod {elliptic curve}• Multiplicative order (size of ’circle’)Multiplicative order (size of ’circle’)
replaced byreplaced by
#points#points on elliptic curve on elliptic curve• Elliptic curve defined by cubic equation:Elliptic curve defined by cubic equation:
yy22 + xy = x + xy = x33 + ax + ax22 + b + b
![Page 17: KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT DIFFIE-HELLMAN KEY](https://reader036.vdocuments.mx/reader036/viewer/2022062408/56649f145503460f94c28e86/html5/thumbnails/17.jpg)
17
EXAMPLE OF ELLIPTIC CURVES
Ð4
Ð2
0
2
4
543210Ð1Ð2
Ð4
Ð2
0
2
4
543210Ð1Ð2
(a) y2 = x 3 Ð x
(b ) y2 = x3 + x + 1
F igur e 10.9 E xample of E ll iptic C ur ves
P
P
Q
Q
Ð(P + Q)
Ð(P + Q)
(P + Q)
(P + Q)
![Page 18: KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT DIFFIE-HELLMAN KEY](https://reader036.vdocuments.mx/reader036/viewer/2022062408/56649f145503460f94c28e86/html5/thumbnails/18.jpg)
18
ELLIPTIC CURVE E23(1,1)
Ð4
Ð2
0
2
4
543210Ð1Ð2
Ð4
Ð2
0
2
4
543210Ð1Ð2
(a) y2 = x 3 Ð x
(b ) y2 = x3 + x + 1
F igur e 10.9 E xample of E ll iptic C ur ves
P
P
Q
Q
Ð(P + Q)
Ð(P + Q)
(P + Q)
(P + Q)
![Page 19: KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT DIFFIE-HELLMAN KEY](https://reader036.vdocuments.mx/reader036/viewer/2022062408/56649f145503460f94c28e86/html5/thumbnails/19.jpg)
19
ECC KEY EXCHANGEG lobal P ublic E lem ents
E q(a , b ) elliptic curve with param eters a, b, and q, where q is a prim eor an integer of the form 2 m
G point on elliptic curve whos e order is large value n
User A Key Generation
S elect private nA nA < n
C alculate public P A P A = nA ´ G
U s er B K ey G eneration
S elect private nB nA < n
C alculate public P B P B = nB ´ G
Generation of Secret Key by User A
K = nA ´ P B
Generation of Secret Key by User B
K = nB ´ P A
F igure 10.11 EC C Key Exchange
![Page 20: KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT DIFFIE-HELLMAN KEY](https://reader036.vdocuments.mx/reader036/viewer/2022062408/56649f145503460f94c28e86/html5/thumbnails/20.jpg)
2020
ELLIPTIC CURVE vs RSAELLIPTIC CURVE vs RSA
TABLE 10.2TABLE 10.2