1 / 0

The beauty of modulo math!

The beauty of modulo math!. Overview of Cryptography What is Cryptography?.

kailey
Download Presentation

The beauty of modulo math!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The beauty of modulo math!

  2. Overview of CryptographyWhat is Cryptography? Cryptography is an often misunderstood and misused security tool. Today more than ever, privacy is a necessary part of business communications. The following is an overview of public key cryptography and one of its more widely-used implementations, Pretty Good Privacy (PGP).
  3. Overview of Cryptography Terminology Cryptographic/Cipher System - A method of disguising a message so only authorized users may read it. Cryptology - The study of cryptography. Encryption - The process of converting plaintext into ciphertext. Decryption - The process of converting ciphertext back to its original plaintext. Cryptographic Algorithm - The computational procedure used to encrypt and decrypt messages. Cryptanalysis - The process of finding a weakness in, or actual breaking of, a cryptographic system.
  4. Overview of CryptographyWhat’s the point? Privacy - Would you be willing to send all of your correspondence through the U.S. Mail on the back of a postcard for all to read? Data Integrity - Provides assurance that a message or file has not been altered Source Authentication - Provides a method to identify the originator of a message or file
  5. Code Phrase True Meaning My coffee is cold Launch the missiles Pass the cream Don’t launch the missiles Types of Cryptographic SystemsSecret Codes The simplest and oldest way to send a secret message to someone. The code must be known to the sender or recipient. Unbreakable by mathematical means. “Unusual” methods used to extract codes used in the past. The Spanish Inquisition methodology comes to mind.
  6. What Is Cryptography? Cryptography -- from the Greek for “secret writing” -- is the mathematical “scrambling” of data so that only someone with the necessary key can “unscramble” it. Cryptography allows secure transmission of private information over insecure channels (for example packet-switched networks). Cryptography also allows secure storage of sensitive data on any computer. Without the key, coercion will not work
  7. Classical Cryptography:Secret-Key or Symmetric Cryptography Alice and Bob agree on an encryption method and a shared key. Alice uses the key and the encryption method to encrypt (or encipher) a message and sends it to Bob. Bob uses the same key and the related decryption method to decrypt (or decipher) the message.
  8. Types of Cryptographic SystemsCiphers Substitution ciphers are the simplest type of cipher system. Each letter of the alphabet is assigned to a number or different letter. ROT13 is a commonly used cipher. Shift each letter 13 places to the right. Advantage – the same encryption method will Un-encrypt. This is a test => Guvfvf n grfg => This is a test
  9. Types of Cryptographic SystemsOne-Time Pads One-Time Pads uses a different key for a specific time period. Truly secure, no patterns evolve. Most vulnerabilities due to human carelessness.
  10. Crypto Keys & AlgorithmsGeneral Concepts and Definitions As a password is used to access a computer system, a cryptographic key is a password or passphrase that is used to unlock an encrypted message. Different encryption systems offer different key lengths - Just as a longer password provides more security (WindowsNT excluded) the longer and more complex the key is, the more security an encryption system provides. A cryptographic algorithm is a mathematical function used for encryption and decryption. Most algorithms contain a certain number of “rounds.” This determines how many times the text will be run through the algorithm
  11. Secret Key Secret Key Encrypted Message Cryptographic MethodsSecret Key (symmetric) Cryptography A single key is used to both encrypt and decrypt a message. A secure channel must be in place for users to exchange this common key. Plaintext Message
  12. Crypto-Algorithm Message 5058f1af8388633f609cadb75a75dc9d 128 bit digital fingerprint Cryptographic MethodsOne-Way Functions One-way functions (the CODE is the key, not the message) : Used to generate a fixed-length hash (also known as a message-digest) of a file. This hash is essentially a ‘digital fingerprint’ of the file that would be sent along with a document. The recipient would use the same method to generate a hash. If the hashes do not match the file has been altered.
  13. Advantages of Classical Cryptography There are some very fast classical encryption (and decryption) algorithms Since the speed of a method varies with the length of the key, faster algorithms allow one to use longer key values. Larger key values make it harder to guess the key value-- and break the code -- by brute force.
  14. Examples of Symmetric Key Cryptography DES (Data Encryption Standard) – 56 bits AES (Advanced Encryption Standard) – 128 bit First one “easily” crackable, the second one probably easy, also
  15. Disadvantages of Classical Cryptography Requires secure transmission of key value Requires a separate key for each group of people that wishes to exchange encrypted messages (readable by any group member) For example, to have a separate key for each pair of people, 100 people would need 4950 different keys.
  16. Public-Key Cryptography: Asymmetric Cryptography Alice generates a key value (usually a number or pair of related numbers) which she makes public. Alice uses her public key (and some additional information) to determine a second key (her private key). Alice keeps her private key (and the additional information she used to construct it) secret.
  17. Jay’s Public Key Encrypted Message Frank Jay’s Private Key Clear Text Cryptographic MethodsPublic Key (asymmetric) Cryptography Two keys are used for this method, the public key is used to encrypt. The private key is used to decrypt. This is used when it isn’t feasible to securely exchange keys.
  18. Public-Key Cryptography (continued) Bob (or Carol, or anyone else) can use Alice’s public key to encrypt a message for Alice. Alice can use her private key to decrypt this message. No-one without access to Alice’s private key (or the information used to construct it) can easily decrypt the message. A publically encrypted message can only be decrypted with the corresponding private key. A privately encrypted message can only be decrypted with the corresponding public key.
  19. An Example: Internet Commerce Bob wants to use his credit card to buy some brownies from Alice over the Internet. Alice sends her public key to Bob. Bob uses this key to encrypt his credit-card number and sends the encrypted number to Alice. Alice uses her private key to decrypt this message (and get Bob’s credit-card number). This guarantees that only Alice can decrypt the message Bob cannot claim he did not send the message. This is called “nonrepudiation”
  20. Hybrid Encryption Systems All known public key encryption algorithms are much slower than the fastest secret-key algorithms. In a hybrid system, Alice uses Bob’s public key to send him a secret shared session key. Alice and Bob use the session key to exchange information.
  21. Internet Commerce (continued) Bob wants to order brownies from Alice and keep the entire transaction private. Bob sends Alice his public key. Alice generates a session key, encrypts it using Bob’s public key, and sends it to Bob. Bob uses the session key (and an agreed-upon symmetric encryption algorithm) to encrypt his order, and sends it to Alice.
  22. Netscape has a hybrid system built in. It uses RSA for public-key encryption (with -- I believe -- a 512-bit key) and DES for secret-key encryption. PGP also uses a hybrid system with RSA for the public-key part, and IDEA for secret-key encryption. They are not crackable “on the fly”
  23. IDEA In cryptography, the International Data Encryption Algorithm (IDEA) is a block cipher designed in 1991. The algorithm was intended as a replacement for the Data Encryption Standard. The cipher was designed under a research contract with the Hasler Foundation, which became part of Ascom-Tech AG. The cipher is patented in a number of countries but is freely available for non-commercial use. IDEA was used in Pretty Good Privacy (PGP) v2.0, and was incorporated after the original cipher used in v1.0, BassOmatic, was found to be insecure.[2] IDEA is an optional algorithm in the OpenPGP standard.
  24. For two-way encryption Alice has Bob’s public key. Bob has Alice’s public key. Bob encrypts his message to Alice with HER public and HIS private key Alice can decrypt it with Bob’s public (so the message MUST have come from Bob’s private key) and her public key (so the message MUST be meant for her)!
  25. Digital Signatures:Signing a Document Alice applies a (publicly known) hash function to a document that she wishes to “sign.” This function produces a digest of the document (usually a number). This is a “representative” sample of the document. Alice then uses her private key to “encrypt” the digest. She can then send, or even broadcast, the document with the encrypted digest.
  26. Digital Signature Verification Bob uses Alice’s public key to “decrypt” the digest that Alice “encrypted” with her private key. Bob applies the hash function to the document to obtain the digest directly. Bob compares these two values for the digest. If they match, it proves that Alice signed the document and that no one else has altered it.
  27. Secure Transmission of Digitally Signed Documents Alice uses her private key to digitally sign a document. She then uses Bob’s public key to encrypt this digitally signed document. Bob uses his private key to decrypt the document. The result is Alice’s digitally signed document. Bob uses Alice’s public key to verify Alice’s digital signature.
  28. Historical Background 1976: W. Diffie and M.E. Hellman proposed the first public-key encryption algorithms -- actually an algorithm for public exchange of a secret key. 1978: L.M Adleman, R.L. Rivest and A. Shamir propose the RSA encryption method Currently the most widely used
  29. The RSA Encryption Algorithm Use a random process to select two large prime numbers P and Q. Compute the product M = P*Q. This number is called the modulus, and is made publicly available. RSA currently recommends a modulus that’s at least 768 bits long. Also compute the Euler totientT = (P-1)*(Q-1). Keep this number (as well as P and Q) secret.
  30. RSA (continued) Randomly choose a public key E that has no factors in common with T = (P-1)*(Q-1). Compute a private key D so that E*D leaves a remainder of 1 when divided by T. We say E*D is congruent to1moduloT Note that D is easy to compute only if one knows the value of T. This is essentially the same as knowing the values of P and Q.
  31. RSA (continued) If N is any number that is not divisible by M, then dividing NE*Dby M and taking the remainder yields the original value N. This is a relatively deep mathematical theorem, which we can write as NE*D mod M = N.) If N is a numeric encoding of a block of plaintext, the cyphertext is C = NE mod M. Then CD mod M = (NE)D mod M = NE*D mod M = N. Thus, we can recover the plaintext N with the private key D.
  32. Why RSA Works Multiplying P by Q is easy: the number of operations depends on the number of bits (number of digits) in P and Q. For example, multiplying two 384-bit numbers takes approximately 3842 = 147,456 bit operations
  33. Why RSA Works (2) If one knows only M, finding P and Q is hard: in essence, the number of operations depends on the value of M. The simplest method for factoring a 768-bit number takes about 2384  3.94 x 10115trial divisions. A more sophisticated methods takes about 285  3.87 x 1025 trial divisions. A still more sophisticated method takes about 241  219,000,000,000 trial divisions Note that these numbers DOUBLE for each additional bit. There are 4,096 bit keys in use today
  34. At one trial division per nanosecond (very fast!), the slow factoring algorithm takes approximately 10^106 seconds, or about 30 x 10^97 years! The faster algorithm takes approximately 3.87 x 10^16 seconds, about 100 million years. The fastest known algorithm would take about 4 minutes (assuming one trial division per nanosecond). Increasing the modulus to 1024 bits would increase the number of trial divisions to 2^46 or 7 x 10^13, taking 70,000,000 seconds, a little over 2 years!
  35. IS IT CRACKABLE?? This is one of the first questions that people ask when they are first introduced to cryptography. They do not understand the size of the problem. For the IDEA encryption scheme, a 128 bit key is required. Any one of the 2128 possible combinations would be legal as a key, and only that one key would successfully decrypt the message.
  36. Yes, but….. Let's say that you had developed a special purpose chip that could try a billion keys per second. This is far beyond anything that could really be developed today. Let's also say that you could afford to throw a billion such chips at the problem at the same time. It would still require over 10,000,000,000,000 years to try all of the possible 128 bit keys. That is something like a thousand times the age of the known universe! While the speed of computers continues to increase and their cost decrease at a very rapid pace, it will probably never get to the point that IDEA could be broken by the brute force attack.
  37. Why RSA Works (3) No-one has found an really quick algorithm for factoring a large number M. No-one has proven that such a quick algorithm doesn’t exist (or even that one is unlikely to exist).
  38. History of Public Key CryptoIn the beginning... 1976 Whitfield Diffie and Martin Hellman publish “New Directions in Cryptography” which introduced the idea of public key crypto systems. They also introduce the idea of authentication by the use of a one way function. 1977 Ronald L. Rivest, Adi Shamir and Leonard M. Adleman develop a practical public key system (RSA). It was this cipher that could be used for both confidentiality and digital signatures.
  39. Pretty Good Privacy (PGP)Overview & History PGP is a personal high-security cryptographic software application that allows people to exchange messages or files with privacy, authentication, and convenience. PGP can be used to encrypt and digitally sign files and e-mail. Developed by Phil Zimmerman in the mid ‘80s. First version released on the Internet in 1991; got immediate NSA attention and encountered legal issues on its use of RSA and Merkle-Hellman cryptography patents. Purchased by ViaCrypt in 1993 (they had RSA license). Re-released in 1994 with RSAREF toolkit license. Purchased by Network Associates in 1998.
  40. Pretty Good Privacy (PGP) Versions PGP v2.6.2 (MIT PGP) is the current version for DOS/UNIX platforms for use within the U.S. (v2.6.3i is for use outside the U.S.) PGP v5.x freeware is also available for DOS/Windows/ UNIX platforms although it is generally regarded as not as secure as v2.x. Additionally, the v5.x freeware version is not backward compatible with PGP v2.x. PGP v6.x (NAI PGP) is the current commercial product which offers “PGP Desktop Security,” “PGP Personal Privacy,” and “PGP Freeware.” (The freeware version is not backward-compatible with MIT PGP.)
  41. Pretty Good Privacy (PGP) Why Use It? Privacy - Store and transmit your data so that only select people may view their contents. Integrity - Ensure your files, data, and applications have not been modified without your consent. Authentication - A way to verify that people actually are who they claim to be.
  42. RSA Encryption - 1 To find a key pair e, d: 1. Choose two large prime numbers, P and Q (each greater than 10100), and form: N = P x Q Z = (P–1) x (Q–1) 2. For d choose any number that is relatively prime with Z (that is, such that d has no common factors with Z). We illustrate the computations involved using small integer values for P and Q: P = 13, Q = 17 –> N = 221, Z = 192 d = 5 3. To find e solve the equation: e x d = 1 mod Z That is, e x d is the smallest element divisible by d in the series Z+1, 2Z+1, 3Z+1, ... . e x d = 1 mod 192 = 1, 193, 385, ... 385 is divisible by d e = 385/5 = 77
  43. RSA Encryption - 2 To encrypt text using the RSA method, the plaintext is divided into equal blocks of length k bits where 2k < N (that is, such that the numerical value of a block is always less than N; in practical applications, k is usually in the range 512 to 1024). k = 7, since 2 raised to the 7th= 128 , which is the largest power of 2 less than 221 The function for encrypting a single block of plaintext M is: E'(e,N,M) = Me mod N for a message M, the ciphertext is M77 mod 221 The function for decrypting a block of encrypted text c to produce the original plaintext block is: D'(d,N,c) = cd mod N Rivest, Shamir and Adelman proved that E' and D' are mutual inverses (that is, E'(D'(x)) = D'(E'(x)) = x) for all values of P in the range 0 ≤ P ≤ N. The two parameters e,N can be regarded as a key for the encryption function, and similarly d,N represent a key for the decryption function. So we can write Ke= <e,N> and Kd = <d,N>, and we get the encryption function: E(Ke, M) ={M}K (the notation here indicating that the encrypted message can be decrypted only by the holder of the private key Kd) and D(Kd, ={M}K ) = M.
  44. Thousands years use DES Fast Keys shared between usually only 2 people 128 bit No non-repudiation (need 3rd party as witness) Less than 50 years RSA Slow Private: concealed Public: widely shared 1,024 – 4096 bit Nonrepudiation: Can’t deny having sent a message Key attributes ofSecret keyvs. Public key
More Related