In Math We Trust:

Using Cryptography to Provide

Identity Assurance in the Digital
World
by Caleb Cooper
 Terms in Service
● Cryptography vs. Encryption
● Identity vs. Identification
● Authentication vs. Authorization
● Key vs. Password
● Assurance vs. Guarantee
● Anonymous vs. Pseudonymous
 Terms in Service
● Cryptography vs. Encryption
Cryptography is the set of principles used to create
reliable means of hiding, protecting, or
legitimizing information or providing assurance of
the information’s source.
Encryption is an aspect of cryptography concerned
with the reliably transformation of information
into incomprehensible nonsense and back again.
 Terms in Service
● Identity vs. Identification
Identity is the quality of a person, place, or thing
which provides for it’s uniqueness when compared
to similar people, places, or things.
Identification is the method through which
identity is conveyed to others, often through a
token provided either by the identifee or by a
trusted third party.
 Terms in Service
● Authentication vs. Authorization
Authentication is the method through which one is
proven to be who they claim to be. Often this is
performed through some third party provided
identification or a shared secret.
Authorization is the level of access one has been
granted to access information, things, or places by
their owner – often facilitated with a token to
prove this approval.
 Terms in Service
● Key vs. Password
A key is a physical or logical token which is used to
gain access to something (or prevent access to
that thing). Keys can be Private, Public, or Shared
(more on that later).
A password is a type of key that is easy for humans
to memorize like this: strongpassword1!.
BONUS: A pass phrase is a password with spaces in
it like this: this is a strong pass phrase!.
 Terms in Service
● Assurance vs. Guarantee
Assurance is a declaration intended to give
confidence. This is important, because it gives us a
means for conveying what should be trusted and
what should be doubted.
Guarantee is a pledge that provides some
collateral to a statement which will increase the
assurance of the statement. It is useful to provide
guarantees when the statement itself seems
doubtful.
 Terms in Service
● Anonymous vs. Pseudonymous
Anonymous comes from the greek word onoma
(name) and the greek prefix an- (without) and
means to be without name or identity. Acting
anonymously can provide protection for one’s
“real’ identity.
Pseudonymous means fake name or fake identity.
This has often been employed by writers who
either wants to say things which might be
dangerous or just to free themselves from their
old identities.
 A Brief History of Cryptography
● People used simple algorithms with simple keys
to scramble their messages.
● Algorithms and keys became more complex.
● Machines started performing the
encryption/decryption of messages to increase
speed and accuracy.
● A method was created to allow people who’ve
never met to create keys.
● Public/Private key cryptography was created
and changed everything.
 Understanding Public-key
● Public/Private (asymmetric) key cryptography is a
system by which all messages are encrypted, not by
a shared secret, but by either a public key or a private
key.
● Private key: A key controlled only by its creator. This
key should NEVER be shared with anyone.
● Public key: A key can be distributed publicly and
which can be used to “lock” messages intended for
the owner of the private key.
 Public-key Identities
● The Public/Private key pair provide a system for
defining an identity which can be used to
assure communications in ways a shared
secret never could.
● Since private keys are NEVER shared, one can
be sure* that anything signed (encrypted) with
one came from its owner.

* Nothing in life is sure, consult common sense for details.

 How Public Keys Are Made
1) Generate two primes:
43 (p) and 71 (q)
2) Multiply those primes to create n:
pxq=n
43 x 71 = 3127
3) Create an exponent (e):
3
4) Create Public Key:
3127 & 3 (NOT 3127 x 3)
Public Key
 How Private Keys Are Made
1) Calculate φ(n):
(p – 1) x (q – 1) =
(53 – 1) x (59 – 1) = 3016
2) Create Private Key (d):
d = (2*φ(n) + 1)/e
d = (2*3016 + 1)/3
d = 2011

Private Key
 Encrypting with Public Keys
1) Message: BUG
2) Convert message to numbers:
B=2, U=21,G=7
3) Combine numbers: 2217
4) Encrypt with Public Key (n and e):
2217^(e) mod n =
2217^(3) mod 3127 = 1603
 Decrypting with Private Keys
1) Place the encrypted message into the decryption
formula with n and d:
1603^d mod n =
1603^2011 mod 3127 = 2217
2) Convert message back to letters:
2, 21, 7
B, U, G
3) Combine to make the decrypted message:
BUG
 Public/Private Keys and Identity
Assurance
● Since no one shares a private key, any
message which has been encrypted with that
key is assured* to be from the creator of the
key.

* This assurance is not perfect. Use with caution.

 Signing a Message
1) Hash the message:
BUG = 2217 / #Letters = 739
2) Sign hash with private key:
739^d mod n =
739^2011 mod 3127 = 391
3) Add signed hash to message.
 Verifying a Signed Message
1) Hash the message:
BUG = 2217 / #Letters = 739
2) Confirm hash with public key:
391^e mod n =
391^3 mod 3127 = 739
3) Compare results:
739 = 739
 Levels of Identity Assurance
1) No proof of identity between sessions, but session IDs
provide some assurance that the recipient hasn’t
changed.
2) A single factor is used, often a password, which provides
some identity assurance.
3) First level of true multi-factor authentication, often
requires some external proof of identity before being
granted authentication factors.
4) Two factor authentication and requires cryptographic key
signed by trusted source who has performed rigorous
investigation of identity.
NIST – Electronic Authentication Guideline: http://csrc.nist.gov/publications/nistpubs/800-63-1/SP-800-63-1.pdf
 Web of Trust
● Web of Trust allows people to sign other
people’s public keys with their own private keys.
This allows for better assurance that the public
key really belongs to the person claiming to
own it and can help to form chains of trust.
 Web of Trust
Example:
– Alice knows Bob.
– Bob knows Ed.
– Ed does NOT know Alice.
– Ed wants to be sure that when Alice contacts him claiming
to know Bob, she is telling the truth.
– Alice asks Bob to sign her public key.
– Bob signs Alice’s public key.
– Alice gives her public key to Ed.
– Ed confirms, using Bob’s public key, Bob’s signature and
trusts Alice’s key.
 Certificate Authorities
● Certificate authorities (CAs) are companies
which provide key signing services.
● The public keys of these CAs are distributed
with operating systems and web browsers.
● When one connects to a new HTTPS (secure)
website, they are provided with a public key
which has been signed by a CA.
● The web browser confirms this signature with
the public keys they have on file and throw
warnings if there is no match.
 Smart Cards
● Smart Cards are a form of two factor
authentication which relies on the user to
employ a card embedded with a chip.
● This chip is powered by the reader into which it
is plugged and handles all of the signing itself.
● When a user logs into a smart card enabled
system, they are prompted for a pin which
unlocks the card.
● The card then signs a certificate used to assure
identity.
 Smart Cards, Continued
● Smart cards are often signed by third parties;
these third parties are required to check the
identity of the card owner before handing over
the signed card.
● This works much in the same way that Web of
Trust and Certificate Authorities do, but many
places require multiple forms of photo
identification and a background check before
they’ll sign a smart card.
 CJDNS: A Distributed Network
● Caleb James DeLisle’s Network Suite is a
protocol spec and implementation which takes
advantage of Public/Private key cryptography to
provide data confidentiality, integrity, and
identity assurance.
● All traffic is encrypted with the receiver's public
key as well as the public keys of the hops
between the sender and the receiver
● IPv6 addresses are also created as hashes of
the public key to allow for decentralized
address allocation.
 Bitcoin
● Bitcoin is a currency designed so that all
participants have a copy of all the transactions
throughout the economy. This ledger is called
the “blockchain”
● Transactions are signed so it can be confirmed
to whom they belong and to prevent bad
transactions.
● New additions (called “blocks”) to the
blockchain are signed by systems called
“miners” who perform a proof-of-work
calculation for a chance to sign transactions.
 BitMessage
● BitMessage is a messaging application based
off the blockchain concept from Bitcoin.
● However, not only are new additions to the
chain signed, they are also encrypted with the
recipient’s public key so that only the recipient
can open them.
● This means that while everyone has access to
all messages, only the people to whom the
messages are intended can view them.