Chapter 9
1. Public-key cryptology
Based on Mathematics, rather than Substitution and Permutation.
Using two keys, rather than only one key.
2. Misconception about PKE(PKE的錯誤觀念)
a). PKE is more secure than conventional encryption
b). PKE made conventional encryption obsolete
c). Key distribution is trivial when using PKE
Security despends on
a). Length of the key
Key的長度。
b). The Computational work to break a cipher.
數學計算的複雜度。
3. Public-key cryptosystems(p. 262)
a). A key for encryption, a different key for decryption
b). It is computationally infeasible to determine the decryption key given
only the cryptographic algorithm and the encryption key
在只有演算法及加密key的情況下幾乎不可能算出解密key。
c).Either of the two related keys can be used for encryption, and the other
used for decryption
產生的key pair可隨意選定其一作為解密用,另一把則為加密用。
4. Public-Key cryptosystems: secrecy
Figure 9.2 (p. 263)
Y = Ekub(X)
X = Dkrb(Y)
source用destination的public key加密資料,destination用對應的private key
解密。
An opponent may have the knowledge of the algorithm.
5. Public-Key cryptosystems: Authentication
Figure 9.3 (p. 264)
Y = Ekra(X)
X = Dkua(Y)
source用本身的private key加密資料,destination用對應的public key解密。
Y is a Digital Signature:
a). Authentication(驗證)
b). Data integrity(資料完整性)
c). Non-repudiation(不可否認性)
Y needs much storage, and much time to compute => hash function
6. Public-Key cryptosystems: Authentication and secrecy
Figure 9.4 (p. 265)
Z = Ekub[Ekra(X)]
X = Dkua[Dkra(Y)]
source先用本身的private key加密,再用destination的public key加密一次,
destination先用本身的private key解密,再用source的ppublic key解密。
7. Applications for Public-Key Cryptosystems
a). Encryption / Decryption
The sender encrypts a message with the recipient's public key.
sender用recipient的public key加密訊息。
b). Digital Signature
The sender "signs" a meeeage with its private key.
sender用自己的private key加密訊息。
c). Key Exchange
To exchange session keys.
雙方交換同一把session key
8. Public-key cryptanalysis
PKE is vulnerable to brute-force attack
a). Key size must be large enough to make brute-force attack
impractical and small enough for practical encryption and
decryption.
b). It may be possible to compute the private key given the public
key.
c). Probable-message attack
Opponent could encrypt all possible keys using public key
and could decipher any message by matching the transmitted
ciphertext
用public key加密所有可能的session key,然後比對ciphertext。
The message is solely a 56-bit DES key
Try all possible keys using the public key, no matter how
large the public key size is.
9. The RSA algorithm
Public Key: KU = (e, n)
Private Key: KR = (d, n)
C: ciphertext
M: plaintext
C = M^e mod n
M = C^d mod n = (Me^)^d mod n = M^ed mod n
Steps of key generation: (p. 270, 271)
a). Select p, q.
p, q皆為質數且p≠q
b). Calculate n = p X q
c). Calcute ø(n) = (p-1)(n-1)
d). Select integer e.
gcd(ø(n), e) = 1; 1
e). Calculate d
e X d = 1 mod ø(n)
f). Public key KU = {e, n}
g). Private key KR = {d, n}
Example:
a). Select primes: p = 17 and q = 11
b). Compute n = pq = 17×11 = 187
c). Compute ø(n) = (p-1)(q-1) = 16×10 = 160
d). Select e : gcd(e, 160) = 1; choose e = 7
e). Determine d: de = 1 mod 160 and d Value is d=23 since 23 × 7 = 161 = 10×160+1
f). Publish public key KU = {7,187}
g). Keep secret private key KR={23,17,11}
留言列表
文章集錦 (3)