cryptography 101
DESCRIPTION
Cryptography 101. EECS710: Info Security and Assurance Professor Hossein Saiedian Resources: Terry Ritter’s Learning About Cryptography , Network Associates’ An Introduction to Cryptography, course textbooks. What is cryptography. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/1.jpg)
Cryptography 101
EECS710: Info Security and AssuranceProfessor Hossein Saiedian
Resources: Terry Ritter’s Learning About Cryptography, Network Associates’ An Introduction to Cryptography, course textbooks
![Page 2: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/2.jpg)
2
What is cryptography• Cryptography: transforming (enciphering)
plaintext into a form where the original info is present but hidden Plaintext: data that can be read w/o any
special tool Ciphertext: result of encryption; unreadable
data• Given a plaintext, many transformations
are possible; to expose the info one may have to try all (on average, half) of possible transformations
![Page 3: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/3.jpg)
3
An elementary school approach• On a sheet of paper, write the alphabets in
order in one column; write the same alphabets randomly (but uniquely) in the second columnA WB JC R… …
• To encipher a plaintext, substitute each letter with the associated letter from the second column
![Page 4: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/4.jpg)
4
An elementary school example• Suppose we have the following substitutionABCDEFGHIJKLMNOPQRSTUVWXYZQAZWSXEDCRFVTGBYHNUJMIKOLP
• Plaintext message: MEET ME AT SIX• Enciphered message: TSSJ TS QJ UCO• The Caesar cipher
En(x) = (x + n) mod 26Dn(x) = (x - n) mod 26For Caesar cipher: n = 3
![Page 5: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/5.jpg)
5
A middle school approach• Singe (simple) substitution: the key is one
particular permutation (arrangement) of the alphabet; once the sheet revealed, it is no longer good
• But one can create a notebook of different permutations for the second column, each on a page; the key will be the page number
• If the notebook is exposed, one must try all (or at least half) transformations
![Page 6: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/6.jpg)
6
Weak vs. strong transformation
• Simple substitution is weak: the more often a particular letter is used, the more often the ciphertext letter appears Languages use some letters (or letter
combinations) more than others, and thus possible to guess
• One solution: increase the size of the cipher alphabet Instead of single letters, use pairs of letters For example, replace A with WK At least 26 × 26 = 676 transformations
![Page 7: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/7.jpg)
7
Weak vs. strong transformation [2]• How about expanding: instead of a pair of
letters, select triplets, four quadruples, …• Soon a computer will be needed to do the
operations• A conventional (block) cipher: A much larger
alphabet• A 64-bit (eight character) block cipher:
instead of using 26 letters, views each 2^64 values as a separate letter 18,000,000,000,000,000 “letters”!
![Page 8: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/8.jpg)
8
Keyspace for an 8-bit key• A notebook with 256 pages: 256 different
keys• Decimal 256 = Binary 100000000 = 2^8
= 8 bit• Thus an “8 bit” keyspace gives 256 unique
key values• If we choose one of the keys, one would
have to try 256 (or probably only 128) keys to break
• Thus a low design strength
![Page 9: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/9.jpg)
9
Keyspace for longer than 8-bit keys• A 65,536 page notebook offers a “16 bit”
keyspace• That is 256 times that of an “8 bit” while
the key has 8 bits more• A “56 bit” keyspace: 7 × 10^16 different
keys Broken via brute force in 56 hours!
• A “128 bit” (16 characters): 3.40282367 × 1038
Strong enough
![Page 10: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/10.jpg)
10
What cryptography can and cannot do• It can hide to facilitate confidentiality and
authentication• It cannot hide contraband, a luxury
lifestyle with no visible means of support, informants, or undercover spying
• Keys can be lost, forgotten, stolen, or revealed for payment or under duress
![Page 11: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/11.jpg)
11
Encryption/decryption process• Encryption: the process of disguising
plaintext• Decryption: the process of reverting
ciphertext to its original plaintext
![Page 12: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/12.jpg)
12
Other related terms• Cryptanalysis: the science of analyzing
and breaking secure communications Analytical reasoning/math Pattern matching Patience, determination, good luck
• Cryptography: the science of information security
• Cryptology: cryptography + cryptanalysis
![Page 13: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/13.jpg)
13
Strong vs. weak cryptography• Strength is measured in the time and
resources required to recover a plaintext• Strong cryptography: very difficult to
decipher A billion computers doing a billion checks a
second, it is not possible to decipher the result of strong cryptography in a billion year
![Page 14: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/14.jpg)
14
How does it work• A mathematical function
• Strength: (1) algorithm, (2) secrecy of the key
![Page 15: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/15.jpg)
15
Conventional cryptography• AKA symmetric key• One key is used for encryption/decryption• Example: the Data Encryption Std (DES)
used by the fed government
![Page 16: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/16.jpg)
16
Conventional cryptography approaches• Substitution: changes (substitutes) characters
in plaintext to produce ciphertext Example: Caesar cipher where the letters are offset
by 3 (or in general n) positions SECRET VHFUHW
• Transposition: rearranges the characters in the plaintext to produce ciphertext Example: the “rail fence” cipher where plaintext is
written in two rows preceding down, then across SECRET SCE SCEERT ERT
![Page 17: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/17.jpg)
17
A longer example of transposition encipher• The number of rows is explicitly defined; pad
with dummy characters to fill• An example of 3-row fence MTSPNRIE EAIMDBDX ETXUERGY• Read off/send : MTSPNRIEEAIMDBDXETXUERGY• May send in 4-char groups to avoid errors (also
for better management and to confuse intruders)
MTSP NRIE EAIM DBDX ETXU ERGY
![Page 18: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/18.jpg)
18
A longer example of transposition encipher [2]• To decipher MTSP NRIE EAIM DBDX ETXU ERGY
1. Run the letters into a long string MTSPNRIEEAIMDBDXETXUERGY
2. Since there are 3 rails, divide into 3 groups of 8 MTSPNRIE EAIMDBDX ETXUERGY
3. Write the first letter of group 1, group 2, and group 3 followed by the second letter of group 1, etc.
MEETATSIXPMUNDERBRIDGEXY MEET AT SIX PM UNDER BRIDGE XY
![Page 19: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/19.jpg)
19
Benefits of conventional encryption• Very fast• Useful for encrypting local data that is not
going anywhere• Expensive for data transmission
How to distribute the key
![Page 20: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/20.jpg)
20
Public key encryption• Addresses key distribution• Asymmetric scheme• Uses a pair of keys
Public key: used to encrypt data Private key: used to decrypt data Public key is public and publically advertised Private key is kept secret Computationally infeasible to deduce the
private key from the public key• An example: PGP
![Page 21: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/21.jpg)
21
Public key encryption illustrated
![Page 22: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/22.jpg)
22
Benefits of the public key approach• No need for sender and receiver to share a
key• All communications involve public keys;
private keys are never transmitted• Examples of public key cryptosystems
Elgamal (named for its inventor, Taher Elgamal) RSA (named for its inventors, Ron Rivest, Adi
Shamir, and Leonard Adleman) Diffie-Hellman (named for its inventors), and DSA, the Digital Signature Algorithm (invented by
David Kravitz)
![Page 23: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/23.jpg)
23
How PGP works• Combines the best features of conventional
and public cryptography1. PGP compresses the plaintext: saves
modem transmission and disk space and strengthens security (complicates patterns)
2. PGP creates a session key: a one-time-only secret key (generated from the random movement of the mouse/keyboard strokes)
3. The plaintext is encrypted via a fast algorithm and the session key
![Page 24: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/24.jpg)
24
How PGP works [2]4. The session key is encrypted using the
recipient's public key and transmitted
![Page 25: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/25.jpg)
25
How PGP works [3]4. Decryption works in reverse: the session
key is recovered (by the recipient's private key) and is used to decrypt the ciphertext
![Page 26: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/26.jpg)
26
The benefits of the PGP• A combination of two methods
Convenience of the public key: no key-distribution concerns
Speed of conventional encryption: about 1,000 faster than the public key encryption
![Page 27: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/27.jpg)
27
The key issues• A value that works with encryption algorithms
to produce a ciphertext• Big, big numbers: measures in bits: 1,024 bits• The bigger the key, the more secure ciphertext• Public key size and conventional cryptography
secret key sizes are unrelated A conventional 80-bit key has the same strengths of
a 1,024-bit public key The bigger the key, the more secure but the
algorithms used for each is different (a comparison is like comparing apple and oranges)
![Page 28: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/28.jpg)
28
The key issues [2]• Public and private keys are mathematically
related but difficult to derive a private key from its public key
• Pick large keys to be secure; small enough to be applied quickly
• Large keys are good for a longer periods of time• Keys are stored in encrypted form; PGP stores
on the hard-drive as keyrings one for public and one for private uses If the private key is lost, one will be unable to recover
decrypted data
![Page 29: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/29.jpg)
29
Digital signatures• A benefit of public key• Enable the recipient to verify the
authenticity of the information’s origin, and also verify that the information is intact Provides for authentication and data integrity
• Also provides non-repudiation: prevents the sender from claiming that he/she did not send the information
![Page 30: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/30.jpg)
30
Digital signatures [2]• Authentication
Similar to a handwritten signature but superior in that it is nearly impossible to counterfeit
You may not care if anyone learns that you just deposited $500 in an account, but you do want to be sure it was the bank teller you were communicating with
• Integrity To verify and ensure that the information was
not altered
![Page 31: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/31.jpg)
31
How digital signature works
![Page 32: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/32.jpg)
32
How digital signature works [2]• Problem with the above approach? SLOW• Data size to communicate too large (at least
double the original)• Alternative to expedite?
Use hash functions “A hash function is any well-defined procedure or
mathematical function that converts a large, possibly variable-sized amount of data into a small datum, usually a single integer”
• Create a message digest to sign the message
![Page 33: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/33.jpg)
33
Message digests• Objective: to verify that the message received
is the same as the message sent• How: hash function (checksum function)
-- h: A B-- A: a message of any length (millions of bits)-- B: A fixed length output, e.g., 160 bit-- h: ensures that if A is changed in anyway (even one bit), an entirely different output is produced
• PGP calls B a message digest (used for creating signatures); one cannot alter the signature or attach to another document
![Page 34: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/34.jpg)
34
Hash function (h: A B) properties• Easy to compute• For any y in B, infeasible to find x in A such
that h(x) = y• For any x, x’ in A, x ≠ x’, infeasible to have h(x) = h(x’)• Given any x in A, infeasible to find x’ in A
and x ≠ x’ and h(x’) = h(x)
![Page 35: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/35.jpg)
35
Side note: pigeonhole principle• If there are n containers and n+1 objects,
at least one container will have to hold two objects
• So what? If a hash function produces 3-bit hashes and we have a set of 5-bit messages, it implies: a^3 = 8 hashes 2^5 = 32 messages Thus large hash sizes are better
![Page 36: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/36.jpg)
36
How a hash function is used
![Page 37: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/37.jpg)
37
Digital envelopes• Creating a digital envelop (an encrypted
message; no digital signature attached)
![Page 38: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/38.jpg)
38
Digital envelopes [2]• Opening a digital envelop
![Page 39: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/39.jpg)
39
Diffie-Hellam public key agreement• A relatively fast public key agreement• Relies on two functions, p (prime) and g
(generator), and two random numbers x and y
• Everything exchanged in clear text• Six step process• Works like magic!
![Page 40: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/40.jpg)
40
Diffie-Hellam public key agreement [2]• Party X and Party Y agree on Diffie-Hellman p and g;
exchange these in clear• Party X generates random number x Party Y generates random number y• Party X computes x’ = g^x mod p Party Y computes y’ = g^y mod p• The two parties exchange x’ and y’ in clear• Party X computes kx = y’^x mod p Party Y computes ky = x’^y mod p kx = y’^x mod p = g^(xy) mod p = x’^y mod p = ky
• Subsequent encryption with kx or ky
![Page 41: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/41.jpg)
41
Diffie-Hellam public key agreement [3]
![Page 42: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/42.jpg)
42
Digital certificates• One concern with the public key approach:
must ensure that you are encrypting to the correct person’s public key Otherwise, you can only encrypt/decrypt to
those key handed to you• A solution: digital certificates (or certs)• A form of credentials (like a physical
passport)• Included with a person’s public key to
verify that a key is valid
![Page 43: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/43.jpg)
43
Components of a digital certificate• A digital certificate
A public key Certificate info (identifying information such as
name, ID) One (or more) digital signatures A stamp of approval from a trusted entity
• Certificates are used when it is necessary to exchange public keys with someone (when you cannot manually exchange via a diskette or USB drive)
![Page 44: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/44.jpg)
44
Components of a digital certificate [2]
![Page 45: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/45.jpg)
45
Digital certificate distribution• Digital servers: a networked database that
allows users to submit and receive digital certs Example: PGP Keyserver
• Public Key Infrastructures (PKIs) Storage facilities like the certificate servers More structured Provide additional key management services Issue revoke, store, and trust certificates Certificate authority: a group of human beings
authorized to issue certs (like a passport office)
![Page 46: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/46.jpg)
46
Common certificate format• The certificate holder’s public key: the public
portion of key pair and key algorithm, e.g., RSA• The certificate holder’s information: identity
information about the user (e.g., name, user ID, email address, photograph, and so on)
• The digital signature of the certificate owner: the signature using the corresponding private key of the public key of the certificate
• The certificate’s validity period: the certificate’s start date/time and expiration date/time; The preferred symmetric encryption algorithm for the key: e.g., AES, Triple-DES, Twofish
![Page 47: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/47.jpg)
47
Common certificate format [2]
![Page 48: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/48.jpg)
48
Other substitution techniques• Choose a keyword, e.g., Jayhawk, drop
repeated letters, thus jayhwk• The keyword defines the permutation of
English letters: ABCDEFGHIJKLMNOPQRSTUVWXYZ
jayhwkbcdefgilmnopqrstuvxz • Another keyword: Professional ABCDEFGHIJKLMNOPQRSTUVWXYZ
profesinalbcdghjkmqtuvwxyz
![Page 49: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/49.jpg)
49
Other substitution techniques [2]• Use every third letter (apply mod 26)
adgjmpsvybehknqtwzcfilorux• Consider any possible permutation of the
English letters How many? 26! Even applying decryption at 1 microsecond, still
takes over 1,000 years The primary issue: the knowledge of letter patterns
in a text Solution: Avoid using the same substitution for a
letter
![Page 50: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/50.jpg)
50
One-time pads (using Vigenere tableau)• Assume a set of large, non-repeating keys written
on sheets of paper, glued into a pad• Assume keys are 20 characters• Assume a text that is 300 characters• Sender tears off 15 pages from the pad• Sender writes the keys one at a time above the
text letters and enciphers in a prearranged chart• Receiver must have the same pad• Concerns: (1) key distribution, (2) sender/receiver
must synchronize (3) need unlimited keys
![Page 51: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/51.jpg)
51
One-time pads [2]• A toy example• Assume keys are 5 letters each; assume
these two keys XYSWD and DHJTU• Assume you have a text that is eight
characters, e.g., “fly today”• Need two keys XYSWDDHJTU flytoday• Ciphertext: XYSWDDHJ
![Page 52: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/52.jpg)
52
One-time pads [3]• Using computers, random numbers can be
generated for the keys• To send a 300-letter message
Generate the next 300 random numbers Scale to be between 1-26 Use a number to decipher each letter
![Page 53: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/53.jpg)
53
One-time pads [4]• Pictorially
![Page 54: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/54.jpg)
54
The Vernam cipher (a one-time pad)• Devised by Gilbert Vernam for AT&T• Non-repeating random numbers• How? Consider plaintext Vernam Cipher V E R N A M C I P H E Rord# 21 4 17 13 0 12 2 8 15 7 4 17+rnd 76 48 16 82 44 3 58 11 60 5 48 88= 97 52 33 95 44 15 60 19 75 12 52 105%26 19 0 7 17 18 15 8 19 23 12 0 1cipher T A H R S P I T X M A B
![Page 55: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/55.jpg)
55
An example of combining substitution and transposition• The Soviet encryption during the WWII• Handout
![Page 56: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/56.jpg)
56
How is a key used?• Suppose we have a key, computer• How is it used to encrypt a plaintext?• A toy approach• The key, computer, in ASCII is
Dec: 097 111 109 112 117 116 101 114 Binary: 01100011 01101111 01101101 …
• A plaintext, “secretly” in binary: 01110011 01100101 01100011 …
• XOR the two!
![Page 57: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/57.jpg)
57
How is a key used? [2]• Much more complex in
real algorithms• F is a round function• Ki, for i in 2..16, are new
keys generated from the original key by a complex algorithm
• is the xor operation
![Page 58: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/58.jpg)
58
The key application in DES
![Page 59: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/59.jpg)
59
The key application in AES
![Page 60: Cryptography 101](https://reader036.vdocuments.us/reader036/viewer/2022062301/56815b66550346895dc95727/html5/thumbnails/60.jpg)
60
Key distribution revisited• Five persons need to communicate securely• How many keys should the system maintain?• How many lines of communication? n * (n -1)/2
Two people: 1 line of communication Three people: 3 lines of communication Four people: 6 lines of communication Five people: 10 lines of communication
• Concerns: Maintaining the distributed the keys