1 / 23

Integratining Diffie-Hellman Key Exchange into the Digital Signature Algorithm (DSA)

Integratining Diffie-Hellman Key Exchange into the Digital Signature Algorithm (DSA). Source: IEEE Communications Letters , Vol. 8, No. 3, March 2004 Authors: Lein Harn, Manish Mehta, Wen-Jung Hsin Speaker: Yu-Wei Su Date:. 2. Concept & Goal. Outline. 1. Introduction. 3. Proposed protocols.

usry
Download Presentation

Integratining Diffie-Hellman Key Exchange into the Digital Signature Algorithm (DSA)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Integratining Diffie-Hellman Key Exchange into the Digital Signature Algorithm (DSA) Source:IEEE Communications Letters, Vol. 8, No. 3, March 2004 Authors:Lein Harn, Manish Mehta, Wen-Jung Hsin Speaker:Yu-Wei Su Date:

  2. 2. Concept & Goal Outline • 1. Introduction • 3. Proposed protocols • 4. Conclusion

  3. 1. Introduction 1-1. Key Exchange 1-2. Diffie-Hellman Algorithm 1-3. Digital Signature 1-4. DSA

  4. Session Key; k 1-1. Key Exchange ●Symmetric Encryption ● Alice & Bob calculate a session key to communicate EK() DK() Alice Bob

  5. 1-2. Diffie-Hellman Algorithm Parameters (1/4) common parameters: g, n: two large primes private parameters: a: random number, choice by Alice b: random number, choice by Bob

  6. Operating Flow (2/4) ga mod n gb mod n Alice calculate ((gb mod n)a mod n), result is (gab mod n) Bob calculate ((ga mod n)b mod n), result is (gab mod n) Session key = gab mod n

  7. Example (3/4) n = 11, g = 2 a = 4 b = 8 ga mod n = 24 mod 11 = 5 gb mod n = 28 mod 11 = 3 => Alice : (gb mod n)a mod 11 = 34 mod 11 = 4 Bob: (ga mod n)b mod 11 = 58 mod 11 = 4 Session key = 4

  8. The Computational Diffie-Hellman Assumption(CDH assumption) (4/4) ● Eve receives (ga mod n) and (gb mod n) in the channel. ● It is very hard to calculate (gab mod n).

  9. 1-3. Digital Signature ● Non-repudiation ● Based on asymmetric scheme message message f(message) ps: f() is a digital signature algorithm.

  10. 1-4. Digital Signature Algorithm(DSA) 1-4-1. Preview • Used in Digital Signature Standard(DSS) • Proposed by NIST • Published in FIPS PUB 186-x • http://www.itl.nist.gov/fipspubs

  11. Parameters (1/3) • Global parameters: • p:a prime number, |p| = 512 ~ 1024 (bits), • multiple of 64 • q: a 160-bit prime factor of (p-1) • h: 1< h < p-1 • g = (h(p-1)/q) mod p • H(): a hash function, ex: SHA-1 Sender’s Private Parameter: x, random integer with 0 < x < q

  12. Parameters (2/3) Sender’s Public Parameter: y = gx mod p m: message Per-Message Secret Parameter: k: random integer with 0 < k < q

  13. Signing & Verifying (3/3) Signing (Sender) : r = (gk mod p) mod q s = [k-1(H(m) + xr)] mod q => signature = (r,s) Verifying (Receiver) : w = (s’)-1 mod q u1 = [H(m’)w] mod q u2 = (r’)w mod q v = [(gu1yu2) mod p] mod q Test v ?= r’ ps: s’ & r’ are received by receiver which corresponding s & r.

  14. 2.Concept & Goal 2-1. DH + DSA Diffie-Hellman Algorithm + Digital Signature Algorithm = Take (ga mod p) as message in DSA

  15. 2-2. Three Models • One-round protocol • Two-round protocol • Three-round protocol

  16. 3. Proposed protocol 3-1. Parameters User A, B: two users in protocol YA, XA: a key pair, public key & private key of user A in DSA, authenticated. YA = gXA mod p YB, XB: a key pair, public key & private key of user B in DSA, authenticated. YB = gXB mod p Other parameters are corresponding in DSA KAB: session key from A to B

  17. 3-2. One-round protocol (1/2) Step 1(User A): Select kA Let mA = gkA mod p Let KAB = (YB)kA mod p (= gxBkA mod p) Calculate rA = (gkA mod p) mod q Calculate sA = [kA-1(mA||KAB) + XArA] mod q Sent (mA,sA) to User B

  18. One-round protocol (2/2) Step 2(User B): Receive mA,sAfrom User A Imply rA = mA mod q Imply KAB = (mA)xB mod p (= gkAxB mod p) Verify (rA,sA) of (mA||KAB) After Step 2, A & B obtain a session key: KAB = gkAxB mod p

  19. 3-3. Two-round protocol (1/2) Step 1, Step 2 are the same as one-round protocol. Step 3(User B): (just take B as A) Select kB Let mB = gkB mod p Let KBA = (YA)kB mod p (= gxAkB mod p) Calculate rB = (gkB mod p) mod q Calculate sB = [kB-1(mB||KBA) + XBrB] mod q Sent (mB,sB) to User A

  20. Two-round protocol (2/2) Step 4(User A): (just take A as B) Receive mB,sBfrom User B Imply rB = mB mod q Imply KBA = (mB)xA mod p (= gkBxA mod p) Verify (rB,sB) of (mB||KBA) After Step 4, A & B obtain two session keys: KAB = gkAxB mod p KBA = gkBxA mod p

  21. 3-4. Three-round protocol (1/2) Step 1(User A): Select kA Let mA = gkA mod p Sent mAto User B Step 2(User B): Imply KAB = (mA)xB mod p (= gkAxB mod p) Select kB Let mB = gkB mod p Let KBA = (YA)kB mod p (= gxAkB mod p) Calculate rB = (gkB mod p) mod q Calculate sB = [kB-1(mB||KBA||KAB) + XBrB] mod q Sent (mB,sB) to User A

  22. Three-round protocol (2/2) Step 3(User A): Let KAB = (YB)kA mod p (= gxBkA mod p) Imply rB = mB mod q Imply KBA = (mB)xA mod p (= gkBxA mod p) Verify (rB,sB) of (mB||KBA||KAB) Calculate rA = (gkA mod p) mod q Calculate sA = [kA-1(H(mA||KAB||KBA) + xArA)] mod q Sent sAto User B Step 4(User B): Imply rA = mA mod q Verify (rA,sA) of (mA||KAB||KBA)

  23. 4. Conclusion • Authentication & Efficient

More Related