0% found this document useful (0 votes)
21 views28 pages

Ch10 Crypto7e

Uploaded by

nawalsharif403
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
21 views28 pages

Ch10 Crypto7e

Uploaded by

nawalsharif403
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 28

Cryptograph

y and
Network
Security
Seventh Edition, Global Edition
by William Stallings

© 2017 Pearson Education, Ltd., All rights reserved.


Chapter 10
Other Public-Key Cryptosystems

© 2017 Pearson Education, Ltd., All rights reserved.


Diffie-Hellman Key
Exchange
• First published public-key algorithm

• A number of commercial products employ this


key exchange technique

• Purpose is to enable two users to securely


exchange a key that can then be used for
subsequent symmetric encryption of messages

• The algorithm itself is limited to the exchange


of secret values

• Its effectiveness depends on the difficulty of


computing discrete logarithms
© 2017 Pearson Education, Ltd., All rights reserved.
More formally, let (p) be a prime number, and
(g) be an integer between 1 and (p-1). The
integer (g) is a primitive root modulo (p) if, for
every positive integer (k) from 1 to (p-1), there
exists a positive integer (m) such that:
(g^m) ≡the
Let's take k (mod p)
prime number (p) as 11. We want to find a
primitive root modulo 11, which is an integer (g) between 1
and 10 that satisfies the property:
(g^m) ≡ k (mod 11) for all k from 1 to 10.
We can try different values of (g) to see if they work:
For g = 2: (2^1) ≡ 2 (mod 11)
(2^2) ≡ 4 (mod 11)
(2^3) ≡ 8 (mod 11)
(2^4) ≡ 5 (mod 11)
(2^5) ≡ 10 (mod 11)
(2^6) ≡ 9 (mod 11)
(2^7) ≡ 7 (mod 11)
(2^8) ≡ 3 (mod 11)
(2^9) ≡ 6 (mod 11)
(2^10) ≡ 1 (mod 11)
© 2017 Pearson Education, Ltd., All
rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
Setup:
1. Alice and Bob agree on a public prime number (p) and a
primitive root modulo (g). These values are known to
both parties and are public.
2. Let's assume p = 23 and g = 5.
1.Private Keys:
1. Alice chooses a secret private key (a). Let's say Alice
chooses a = 6.
2. Bob chooses a secret private key (b). Let's say Bob
chooses b = 15.
2.Public Keys:
1. Alice calculates her public key (A) and shares it with
Bob. A = (g^a) mod p A = (5^6) mod 23 A = 8
2. Bob calculates his public key (B) and shares it with
Alice. B = (g^b) mod p B = (5^15) mod 23 B = 19
3.Shared Secret Key:
1. Alice and Bob exchange their public keys.
2. Alice calculates the shared secret key using Bob's public
key. Secret Key = (B^a) mod p Secret Key = (19^6) mod
23 Secret Key = 2
3. Bob
© 2017 Pearson calculates
Education, Ltd., All the shared secret key using Alice's public
key. Secret Key = (A^b) mod p Secret Key = (8^15) mod
rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
ElGamal
Cryptography
Public-key scheme
Used in the digital
based on discrete
signature standard
Announced in logarithms closely
(DSS) and the
1984 by T. Elgamal related to the
S/MIME e-mail
Diffie-Hellman
standard
technique

Global elements Security is based


are a prime on the difficulty of
number q and a computing
which is a discrete
primitive root of q logarithms

© 2017 Pearson Education, Ltd., All rights reserved.


© 2017 Pearson Education, Ltd., All rights reserved.
1.Setup:
•Choose a large prime number (p) and a primitive root modulo (g). These values
are known to everyone and are public.
•Let's assume p = 23 and g = 5.
2.Key Generation:
•Choose a secret private key (a). Let's say Alice chooses a = 6.
•Calculate the corresponding public key (A). A = (g^a) mod p A = (5^6) mod 23 A
=8
3.Encryption:
•Assume Bob wants to send a message to Alice.
•Convert the message to a numerical value. Let's say the message is "10", so m =
10.
•Choose a random secret key (k). Let's say k = 3.
•Calculate the first part of the ciphertext (c1). c1 = (g^k) mod p c1 = (5^3) mod
23 c1 = 10
•Calculate the second part of the ciphertext (c2). c2 = (m * (A^k)) mod p c2 = (10
* (8^3)) mod 23 c2 = 10 * 512 mod 23 c2 = 14
The ciphertext (c) sent by Bob to Alice is (c1, c2) = (10, 14).
4.Decryption:
•Alice receives the ciphertext (c1, c2) = (10, 15).
•She uses her private key (a) to decrypt the message. s = (c1^a) mod p s =
(10^6) mod 23 s = 19
•Calculate the inverse of s modulo p. s_inverse = 19^(-1) mod 23 s_inverse = 4
•Finally, Alice computes the original message (m) using the second part of the
ciphertext (c2) and the inverse of s. m = (c2 * s_inverse) mod p m = (14 * 4) mod
23 m = 60 mod 23 m = 10
© 2017 Pearson Education, Ltd., All
rights reserved.
Elliptic Curve Arithmetic
• Most of the products and standards that use
public-key cryptography for encryption and
digital signatures use RSA
• The key length for secure RSA use has increased
over recent years and this has put a heavier
processing load on applications using RSA

• Elliptic curve cryptography (ECC) is showing up in


standardization efforts including the IEEE P1363
Standard for Public-Key Cryptography
• Principal attraction of ECC is that it appears to
offer equal security for a far smaller key size

© 2017 Pearson Education, Ltd., All rights reserved.


Abelian Group
• A set of elements with a binary operation, denoted by
, that associates to each ordered pair (a, b) of
elements in G an element (a  b) in G, such that the
following axioms are obeyed:

(A1) Closure: If a and b belong to G, then a  b is also in


G

(A2) Associative: a  (b  c) = (a  b)  c for all a, b, c in G

(A3) Identity element: There is an element e in G such that a  e


=ea=a for all a in G

(A4) Inverse element: For each a in G there is an element a′ in G


such that a  a′ = a′ a = e

(A5) Commutative:
© 2017 Pearson Education, Ltd., All rights reserved. a  b = b  a for all a, b in G
© 2017 Pearson Education, Ltd., All rights reserved.
Elliptic Curves Over
Zp
• Elliptic curve cryptography uses curves whose variables and
coefficients are finite

• Two families of elliptic curves are used in cryptographic


applications:

Binary
curves Prime
over curves
GF(2m) over Zp

• Variables and coefficients all • Use a cubic equation in which the


take on values in GF(2m) and variables and coefficients all take
in calculations are performed on values in the set of integers
over GF(2m) from 0 through p-1 and in which
• Best for hardware applications calculations are performed modulo
p
© 2017 Pearson Education, Ltd., All rights reserved. • Best for software applications
Table 10.1
Points (other than O) on the Elliptic Curve
E23(1, 1)

© 2017 Pearson Education, Ltd., All rights reserved.


© 2017 Pearson Education, Ltd., All rights reserved.
Elliptic Curves Over
GF(2 )
m

• Use a cubic equation in which the variables


and coefficients all take on values in GF(2m)
for some number m
• Calculations are performed using the rules of
arithmetic in GF(2m)
• The form of cubic equation appropriate for
cryptographic applications for elliptic curves
is somewhat different for GF(2m) than for Zp
• It is understood that the variables x and y and
the coefficients a and b are elements of GF(2m)
and that calculations are performed in GF(2m)
© 2017 Pearson Education, Ltd., All rights reserved.
Table 10.2
Points (other than O) on the Elliptic Curve
E24(g4, 1)

© 2017 Pearson Education, Ltd., All rights reserved.


© 2017 Pearson Education, Ltd., All rights reserved.
Elliptic Curve
Cryptography (ECC)
• Addition operation in ECC is the
counterpart of modular multiplication
in RSA
• Multiple addition is the counterpart of
modular exponentiation
To form a
cryptographic system • Q=kP, where Q, P belong to a
using elliptic curves, prime curve
we need to find a • Is “easy” to compute Q given k
“hard problem” and P
corresponding to • But “hard” to find k given Q,
factoring the product and P
of two primes or taking • Known as the elliptic curve
the discrete logarithm logarithm problem
© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
ECC
Encryption/Decryption
• Several approaches using elliptic curves have been analyzed

• Must first encode any message m as a point on the elliptic curve Pm

• Select suitable curve and point G as in Diffie-Hellman

• Each user chooses a private key nA and generates a public key PA=nA
*G

• To encrypt and send message Pm to B, A chooses a random positive


integer k and produces the ciphertext Cm consisting of the pair of
points:

Cm = {kG, Pm+kPB}

• To decrypt the ciphertext, B multiplies the first point in the pair by B’s
secret key and subtracts the result from the second point:

Pm+kPB–nB(kG) = Pm+k(nBG)–nB(kG) = Pm

© 2017 Pearson Education, Ltd., All rights reserved.


Security of Elliptic Curve
Cryptography
• Depends on the difficulty of the elliptic curve
logarithm problem

• Fastest known technique is “Pollard rho


method”

• Compared to factoring, can use much smaller


key sizes than with RSA

• For equivalent key lengths computations are


roughly equivalent

• Hence, for similar security ECC offers


significant computational advantages
© 2017 Pearson Education, Ltd., All rights reserved.
Table 10.3
Comparable Key Sizes in Terms of Computational
Effort
for Cryptanalysis (NIST SP-800-57)

Note: L = size of public key, N = size of private key

© 2017 Pearson Education, Ltd., All rights reserved.


Pseudorandom Number
Generation (PRNG) Based on
Asymmetric Cipher
• An asymmetric encryption algorithm
produces apparently ransom output and
can be used to build a PRNG
• Much slower than symmetric algorithms
so they’re not used to generate open-
ended PRNG bit streams
• Useful for creating a pseudorandom
function (PRF) for generating a short
pseudorandom bit sequence
© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
PRNG Based on Elliptic
Curve Cryptography
• Developed by the U.S. National Security Agency (NSA)

• Known as dual elliptic curve PRNG (DEC PRNG)

• Recommended in NIST SP 800-90, the ANSI standard


X9.82, and the ISO standard 18031

• Has been some controversy regarding both the security


and efficiency of this algorithm compared to other
alternatives
• The only motivation for its use would be that it is used in
a system that already implements ECC but does not
implement any other symmetric, asymmetric, or hash
cryptographic algorithm that could be used to build a
PRNG
© 2017 Pearson Education, Ltd., All rights reserved.
Summary
• Diffie-Hellman Key
Exchange • Elliptic curve
• The algorithm arithmetic
• Key exchange protocols • Abelian groups
• Man-in-the-middle attack • Elliptic curves over
real numbers
• Elgamal cryptographic
system • Elliptic curves over Zp
• Elliptic curves over
• Elliptic curve GF(2m)
cryptography
• Analog of Diffie-Hellman • Pseudorandom number
key exchange
generation based on
• Elliptic curve
an asymmetric cipher
encryption/decryption
• Security of elliptic curve • PRNG based on RSA
cryptography • PRNG based on elliptic
© 2017 Pearson Education, Ltd., All rights reserved.
curve cryptography

You might also like