a a e e d d c c b b # symmetric keys = n*(n-1)/2 # public/private keys = 2 n
TRANSCRIPT
AA
EE DD
CC
BB
# Symmetric Keys = n*(n-1)/2
# Public/Private Keys = 2n
RSA
• Chose two random large prime numbers p & q (of equal length is best)
• Compute their product n = pq
• Randomly choose an encryption key e :e and (p-1)(q-1) are relatively prime (gcd=1)
• Calculate the decryption key d :d = e-1 mod ((p-1)(q-1))
2
RSA encryption
Split up the message into blocks less than n
ci = mie mod n
Decryption is similar
di = cid mod n
3
RSA Example
p=47 , q=71, n=pq=3337
Choose e : no factors common with (p-1)(q-1) = 46*70 = 3220
Randomly choose e to be 79
Then d=79-1 mod 3220 = 1019
4
RSA Example (cont)
• Encrypt m=6882326879666683• Break it up into blocks688 232 687 966 668 003 m1 m2 m3 m4 m5 m6
• Encrypt:68879 mod 3337 = 1570 = c1
• Decrypt:15701019 mod 3337 = 688 = m1
5
Symmetric Key Signatures1 Alice uses kA to encrypt the document going to Bob and sends it to Trent
2 Trent decrypts the document with kA
3 Trent appends a statement that he received it from Alice
4 Trent encrypts the bundle with kB
5 Trent sends the encrypted bundle to Bob
6 Bob decrypts the bundle with kB , and can read the message and Trent’s certification
6
Public Key Signatures
7
1 Alice encrypts the document with her private key2 Alice sends the encrypted (signed) document to Bob3 Bob decrypts the document with Alice’s public key
Cryptographic Hashes
8
Public Key Signature w/ Timestamp
9
1 Alice adds a timestamp to the document2 Alice encrypts the document with her private key3 Alice sends the encrypted (signed) document to Bob4 Bob takes the check to the bank5 Bank decrypts the document with Alice’s public key6 Bank stores the check information and the timestamp in a database7 If Bob tries to deposit the check again, its information will match the database
Multiple Signatures
10
1 Alice signs a hash of the document2 Bob signs a hash of the document3 Bob sends his signature to Alice4 Alice sends the document, her signature, and Bob’s signature to Carol5 Carol can verify both signatures
Digital Signatures and Encryption
11
1 Alice signs the message with her private key2 Alice encrypts the signed message with Bob’s public key and sends it to Bob3 Bob decrypts the message with his private key4 Bob verifies with Alice’s public key and recovers the message
Digital Signatures and Encryptiontypical notation
12
Alice Bob
SA (M)
EB (SA (M) )
DB (EB (SA (M))) = SA(M)
VA (SA (M)) = M
Needham-Schroeder Protocol
13
MITM Attack on N-S
14
The Fix
15
16
SSL
17
18
Xkcd http://xkcd.com/221/
Netscape 1.1 Seeding Process
19
RNG_CreateContext() {
(seconds, microseconds) = time of day; /* Time elapsed since 1970 */
pid = process ID; ppid = parent process ID;
a = mklcpr(microseconds);
b = mklcpr(pid + seconds + (ppid << 12));
seed = MD5(a, b); /* seed is a global variable */}
mklcpr(x) { /* not cryptographically significant; shown for completeness */ return ((0xDEECE66D * x + 0x2BBB62DC) >> 1);}
From Goldberg and Wagner, “Randomness and the Netscape Browser”, Dr. Dobb’s, January 1996.
Netscape 1.1 Key Generation
20
From Goldberg and Wagner, “Randomness and the Netscape Browser”, Dr. Dobb’s, January 1996.
RNG_GenerateRandomBytes() {x = MD5(seed);seed = seed + 1;return x;
}global variable challenge, secret_key;create_key() {
RNG_CreateContext();tmp = RNG_GenerateRandomBytes();tmp = RNG_GenerateRandomBytes();challenge = RNG_GenerateRandomBytes();secret_key = RNG_GenerateRandomBytes();
}
Jone’s RNG Rules
1. Don’t use system generators
2. Use a known good RNG you implemented
3. Properly seed the RNG
21
KISS Generator (G. Marsaglia)static unsigned int /* Seed variables */
x = 123456789,y = 362436000,z = 521288629,c = 7654321;
unsigned int KISS()
{ unsigned long long t, a = 698769069ULL;
x = 69069*x+12345; // y never == 0! */ y ^= (y<<13); y ^= (y>>17); y ^= (y<<5); t = a*z+c; c = (t>>32); // Also avoid setting z=c=0!
return x+y+(z=t); }
22