cryptographic techniques instructor: jerry gao ph.d. san jose state university email:...
Post on 20-Dec-2015
217 views
TRANSCRIPT
Cryptographic Techniques
Instructor: Jerry Gao Ph.D.
San Jose State Universityemail: [email protected]
URL: http://www.engr.sjsu.edu/gaojerry
May, 2000
Topic: Crytographic Techniques
- Encryption and decryption
- Symmetric encryption
- Asymmetric or public-key encryption
- Message digesting or hashing
- Digital signatures and enveloping- digital signatures, dual signatures, blind signatures
- Public key management- certificates and certification authorities
Jerry Gao Ph.D. 5/20000
Outline
All Rights Reserved
Jerry Gao Ph.D. 5/2000
Introduction to Crytographic Techniques
Topic: Crytographic Techniques
Jerry Gao Ph.D. 5/2000
In cryptographics, a message in human readable form is referred to plaintext or cleartext.
Encryption:
Encryption refers to a process which disguises a cleartext message to hide its substance and generates a message, known as ciphertext.
Plaintext is denoted by P, whereas ciphertext is denoted by C.The encryption function E operates on P to produce C based on a key value K:
E k (P) = C
Encryption and Decryption
Encryption
Key
Plaintext Ciphtext
Topic: Crytographic Techniques
Jerry Gao Ph.D. 5/2000
Encryption and Decryption
Decryption:
The reverse process of encryption is known as a decryptiondecryption, in which a cihhertext is converted back to its original cleartext form.
In the reverse process, the decryption function D operates on C to produce Pbased on a key value K:
D k (C) = P
Encryption
Key
Ciphertext Plaintext
Topic: Crytographic Techniques
Jerry Gao Ph.D. 5/2000
Symmetric Encryption
Topic: Crytographic Techniques
Symmetric encryption (secret-key encryption, or single-key encryption):
Secret-key encryption refers to the use of a shared key for both encryption bythe transmitter and decryption by the receiver.
Work step:- Sender sends a message after encryption with a secret-key.- Receiver decrypt the message with the same secret key after receiving it.
Internet
Anne sends a message
BobreceivesAnne’smessage
Encryptwith a secret key
Decryptwith a secret key
EncryptedMessage
EncryptedMessage
Jerry Gao Ph.D. 5/2000
Symmetric Encryption
Topic: Crytographic Techniques
Special features of symmetric encryption:- Two communication parties use and share the same key.- Encryption and decryption is carried out based on the same key.- Both parties must agree on the secret key before communications.
Advantages:- Useful in many cases which only involves two-party communications.
Problems and limitations:
- Complex in key distribution (key generation, transmission, and storage).- Not scalable.- Impractical to support large group of communications in networks.- Impossible to support exchanging messages with a large group of previouslyunknown parties over a public open network.
Example: DES (the Data Encryption Standard)
Jerry Gao Ph.D. 5/2000
Asymmetric Encryption
Topic: Crytographic Techniques
Asymmetric encryption (public-key encryption):
Public-key encryption (asymmetric encryption) use a pair of keys for each party.- One key is known as a “public key”, which is known to other parties.- One key is known as a “private key” or a “secret key”, which must be confidential, and is known only to its owner.
- The public key encrypts the message.- The private key decrypts the message.
Internet
Anne sends a message
BobreceivesAnne’smessage
Encryptwith a public keyPK(Bob)
Decryptwith Bob’ private keySK(Bob)
ScrambledMessage
ScrambledMessage
Jerry Gao Ph.D. 5/2000
Asymmetric Encryption
Topic: Crytographic Techniques
Special features of asymmetric encryption (public-key encryption):
SK(PK(M)) = MAdvantages:
- Easy to key distribution (key generation, maintain and storage)- Scalable to support large group of users in an public network- Easy to support unknown users since no previous consent is needed.- Better protection than symmetric encryption.
Problems and limitations:
- Slow performance
Applications: E-commerce, snoop-proof email system.
Standards: the best known public-key encryption algorithm --> RSA
Jerry Gao Ph.D. 5/2000
, Sh
RSA Algorithm
Topic: Crytographic Techniques
The RSA algorithm was developed by Rivest, Shamir, and Adleman at MIT in 1978.
The basic algorithm is outlined below:
1: Choose two large distinct primes, p and q.2: Compute the product (modulus) n = pq. 3: Randomly choose encryption key e, such that e and (p-1)(q-1) are relatively prime.4: Finally use Euclid’s algorithm to compute the decryption key, d such that
e . d = 1 (mod (p-1) . (q -1)).
Where, d and n are relatively prime. e and n are the public key. d is the secret key.
To encrypt a message M, eC = M mod n
To decrypt C, dM = C mod n
Jerry Gao Ph.D. 5/2000
Comparing Symmetric Encryption and Asymmetric Encryption
Topic: Crytographic Techniques
Features Secret-Key Encryption Public-Key Encryption
No. of keys Single Key Pair of Keys
Types of keys Secret Key only One Public Key andone Private Key
Key Management Simple but difficult to Need digital certificatesmanage and trusted third parties
Performance Very fast Slower
Usage Used for bulk data Used for less demandingencryption, such as applications such as a phone system, encryption small doc. or
to sign messages
Standards Data Encryption the RSA algorithmStandard (DES)
Jerry Gao Ph.D. 5/2000
Message Digesting or Hashing
Topic: Crytographic Techniques
Message digesting is a way to provide integrity without confidentiality.
The basic idea is to apply a digesting or hash algorithm to the (long) message to produce a (short) message digest.
Since the encryption is only applied to a very small quantity, and message digesting is very much faster than encryption. Checking==>When the message arrives, the receiver computes a hash of the message using the same algorithm. If this matches the decrypted MIC that came with the message, then the message has not been tampered with.
A good Hash function has two properties:- It must be difficult to invert.- It must be resistant to collision.
Two well-known Hash functions in payment protocols are MD5 and SHA.
Jerry Gao Ph.D. 5/2000
Computing a message integrity check (MIC)
Topic: Crytographic Techniques
Message
MIC MessageHash
DigestAlgorithm
BlockCipher
MessageIntegrity Check
Secret Key
Jerry Gao Ph.D. 5/2000
Digital Signatures
Topic: Crytographic Techniques
What is a digital signature?
- Digital signatures are implemented using public-key encryption.
- A digital signature is a cryptographic mechanism that performs a similar function to a written signature.
- Created using PPK cryptograph and message digests.
Encryption allows a messagesender the ability to digitally sign messages, thus creating a digital signature for themessage. When a message digest is computed and then encrypted using the sender’s private key, and later append to the message, the result is called the digital signatureof the message.
Jerry Gao Ph.D. 5/2000
Digital Signatures
Topic: Crytographic Techniques
Purposes: Digital signatures are used to ensure the integrity and authentication.-- To verify the origin and contents of a message.-- Digital signatures are used for sender authentication.
Why digital signatures?
- Public-key algorithms are computation-intensive. With large messages they may be too expensive or too slow for the application.
- Digital signatures based on digested message provide alternative solutions.
Application:Digital signatures can be used to endorse an electronic document in a way that can be later validated for authenticity.
Jerry Gao Ph.D. 5/2000
Digital Enveloping
Topic: Crytographic Techniques
What is a digital envelop?
- When a digitally signed message is further encrypted using the receiver’s publickey, and the message is said to be contained in a digital envelope.
Purposes: Digital signatures are used to ensure the integrity and authentication.-- To verify the origin and contents of a message.-- Digital signatures are used for sender authentication.-- To ensure the integrity of communication messages.
Why digital signatures?
- Public-key algorithms are computation-intensive. With large messages they may be too expensive or too slow for the application.
- Digital signatures based on digested message provide alternative solutions.????
Jerry Gao Ph.D. 5/2000
Generating A Digital Signature
Topic: Crytographic Techniques
Message
MessageSignature
Message Digest
Encrypt
HashingAlgorithm
Sender’sPrivate Key(SK sender)
To Receiver
Jerry Gao Ph.D. 5/2000
Receiving and Checking A Digital Signature
Topic: Fundamental Crytographic Concepts
Signature
Original Message Digest Message Digest
Decrypt HashingAlgorithm
Sender’sPublic Key(PK sender)
Message
Compare two values
Jerry Gao Ph.D. 5/2000
Enveloping a message for a recipient
Topic: Fundamental Cryptographic Concepts
Message
Encrypted MessageEncrypted Content
Encryption Key
Random ContentEncryption Key
Encryption
Symmetric KeyEncryption
Recipient’sPublic KeyPK recipient
Creating a Secure Digital Envelope
John’s letter
John’s letter
10100011
Encrypted Message
MessageDigest
Symmetricrandom key
Symmetricrandom key
DigestAlgorithm
Steve’s Public key
10100011
EncryptedDigest
John’s Public key
10100011
Encrypted Message
From: John:
To Steve:
Jerry Gao Ph.D. 5/2000
Topic: Fundamental Crytographic Concepts
Digital Certificates
Topic: Crytographic Techniques
Why digital certificate?
- To ensure all participants in a communication or an e-commerce transaction are authenticated.
What is a digital certificate?
- A digital message which is digitally signed by a trusted certificate authorityto a party in a communication or an e-commerce transaction to ensure its authenticity with a public key.
- A digital certificate includes: a) a party’s ID informationb) its public key issued by a CA
CA --> a certificate authority (a trusted third-party)
Applications:Through the use of a common third party, digital certificates provide an easy and convenient way to ensure that the participants in an electronic commercetransaction can trust each other.
Digital Certificates
WebSite’ssever information
MessageDigest
CA’sprivate key
Certificate Authority (CA)
DigestAlgorithm
WebSite’ssever information
X.509 Certificate
Creating a Server Certificate
Jerry Gao Ph.D. 5/2000
Topic: Fundamental Crytographic Concepts
Jerry Gao Ph.D. 5/2000
Topic: Fundamental Crytographic Concepts
WebSite’ssever information
X.509 CertificateMessageDigest
MessageDigest
Digest Algorithm
CA’s Public Key
Decryption
Compare?
Server Authentication by Client
Digital Certificates