1 / 48

Big Numbers:

Big Numbers:. The Role Played by Mathematics in Internet Commerce. David Singer Dept. of Mathematics. Thank You! Any Questions ?. Hmm. Perhaps after you have heard more…. Public Key Cryptography. Bob (receiver). Alice (sender). Eve (eavesdropper).

lindsey
Download Presentation

Big Numbers:

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Big Numbers: The Role Played by Mathematics in Internet Commerce David Singer Dept. of Mathematics

  2. Thank You! Any Questions? Hmm. Perhaps after you have heard more…

  3. Public Key Cryptography Bob (receiver) Alice (sender) Eve (eavesdropper) Alice and Bob have never met before. Yet they are able to carry on a private conversation on an insecure communications channel and not worry about eavesdroppers. How is this possible?

  4. Carol and David are flipping a coin over the telephone, and each is confident the other is not cheating. How is this possible?

  5. Ethel has a secret. She wants to convince Fred that she knows the secret, but without revealing anything about the secret to him. How is this possible?

  6. Cryptography • Cryptography (secret writing), is the art and science of secure transmission of confidential information. • It also allows secure storage of data. • Only someone with the key can get access.

  7. “Classical” Cryptography • Dates back to antiquity • Alice and Bob agree on a method of encryptionand a shared secret key. • Alice uses the key to encrypt the message she sends. • Bob uses the same key to decrypt the message.

  8. Classical Cryptanalysis Oscar attempts to determine the contents of an encrypted message without the key. He may try all possible keys (Brute force) Or he may use more subtle techniques, such as analysis of statistical anomalies.

  9. Modern Cryptography New Directions in Cryptography, by Whitfield Diffie and Martin Hellman, 1976. (Also classified publication by James Ellis in 1970, declassified in 1997.) Introduced the essential idea: Public Keys and Private Keys.

  10. Bob has two keys: a public key, which is available to anyone, and a private key. Alice uses the public key to lock (encrypt); Bob uses the private key to unlock (decrypt).

  11. Advantages • Alice can communicate without having previously contacted Bob. • No one but Bob can decrypt the message. • Major reduction in the number of keys required for a large group.

  12. Public key v.s. Private key • Private key: 20 users need 190 key pairs • Public key: 20 users need 21 key pairs

  13. Disadvantages • Public-Key Cryptography tends to be slower • May be harder to implement in a secure way Big question: How can it be made To work?? Mathematics

  14. One-Way Functions • What is a function? • It is an “input-output” device.

  15. One-Way Functions • Going backwards may be harder. • Even if you know the rule.

  16. Properties of one-way functions • If y=f(x) is one-way, then: • Given x, it is ‘easy’ to get y. • Given y, it is (generally) ‘hard’ to recover x. • Given x, it is ‘hard’ to find another x’ with f(x)=f(x’).

  17. One-way trapdoor functions • Given x, easy to compute y=f(x) • Given y, hard to recover x • Trapdoor: Extra information k • Given k and y, it is easy to recover x =T(y,k)

  18. How public-key works • Bob publishes his public key B • Alice wants to send message m. She Encrypts m with Bob’s public key by one-way function: c=EB(m) Nobody can recover m from c. That is, nobody except Bob.

  19. How public-key works • Bob uses his secret key k to decrypt the message c: • m= DB(c,k) • The mathematical formula we need is • DB(EB(m),k)=m

  20. But can this be done?? • First proposed system was apparently developed by Clifford Cocks at GCHQ (British Intelligence Government Communications Headquarters) in 1973. Like Ellis, Cocks could not publish his results. The first published system, RSA, was developed in 1977 at MIT.

  21. Creating a mathematical secret • It is easy to multiply numbers. • There are usually many ways to get the same product: But if two primes are multiplied together there is only one way to ‘unmultiply’ (factor) them

  22. Creating a mathematical secret • Multiplying numbers is “easy” • But factoring numbers is “hard” Basis for RSA cryptosystem: L.M. Adleman, R.L. Rivest and A. Shamir, 1978

  23. The RSA Cryptosystem • Generate two large prime numbers p and q. Multiply them together to get very large number N. • Compute Euler Totient T=(p-1)(q-1) • Choose numbers e and d for which the product e times d leaves remainder 1 when divided by T. • Publish (N, e) (this is the public key). • Keep the rest secret.

  24. The Encryption algorithm • Turn message into a large number m (encoding) • Compute (this is the remainder left when th is divided by N). • The number c is the encryption of the message! (Don’t Panic!)

  25. The Decryption Algorithm • Compute • Decode m to get the message. • Mathematical principle: If you know the values of m, e, and N, you can compute c. • If you know the values of c, d, and N, you can compute m. • BUT if you know c, e, and N and can’t factor N, you (probably) can’t get m.

  26. A Small Example: N=33

  27. Big Primes

  28. Big Primes

  29. Factoring Into Big Primes

  30. Factoring into Big Numbers

  31. Digital Signatures RSA can also be used to allow Alice to sign a document. She decrypts the document with her secret key. Anyone else can use her public key to see that she signed it.

  32. Digital Signatures • Only Alice can use her key to sign a message:

  33. Secure Hash Function • In practice, Alice does not sign the message itself; she signs a hash (a compressed version). • This makes electronic forgery much more difficult.

  34. Mathematical tools • Number theory –for encryption algorithms. • Computational complexity – to know what is hard and what is easy to compute. • Probability theory – randomness is needed for implementing algorithms securely.

  35. Randomness • Randomness is like sincerity

  36. Mathematical Tools • Algebra – to generate pseudo-random sequences • Computational Mathematics – to know how to make calculations quickly and accurately. • Other mathematics: linear algebra, geometry,…

  37. Challenge-response • To prove identity, you possess a secret (password). • But you don’t want to give up the secret! (Remember Ethel and Fred) • So you must give a “proof of knowledge.”

  38. Ali Baba’s Cave

  39. Ali Baba’s Cave

  40. Ali Baba’s Cave

  41. Zero-Knowledge Proof • Using challenge-response techniques, Alice demonstrates she knows the password (with high probability) but does not reveal the password. • She may have to respond to many challenges in order to convince Bob. • Key idea for solving many problems (e.g., coin-flip over telephone)

  42. Why Use Cryptography? • We are protecting data and there is a lot of data to protect!

  43. What are we protecting against? • Well known stuff like • Laptop loss or theft • Data center compromise • Viruses • Hackers • Snooping of e-mail and personal data • And lesser known stuff like • Electronically modifying sensor data in a factory • My neighbor changing the temperature on my refrigerator

  44. Cryptographic Services • Privacy (encryption) – You can’t see it • Integrity (signing) – You can’t change it • Authentication (validation) – I wrote it • Freshness (challenge-response) – I am doing this now

  45. Common Security Goals • Protection of data (access control) • Secrecy of data (read access) • Creation of data (write access) • Authentication required to access resources • Networks, individual machines, etc. • Proof of authorization of an action • Signature on a contract, authorization of payment, etc.

  46. Security Goals: Authentication • Web sites – Am I at Amazon.com? • Users– Is this Alice trying to access the site? • Network devices – Is this the DNS server that really knows which machines host amazon.com?

  47. Example: Web Authentication

More Related