Chapter 9

1. Public-key cryptology
        Based on Mathematics, rather than Substitution and Permutation.
        Using two keys, rather than only one key.

2. Misconception about PKE(PKE的錯誤觀念)
        a). PKE is more secure than conventional encryption
        b). PKE made conventional encryption obsolete
        c). Key distribution is trivial when using PKE

        Security despends on
                a). Length of the key
                     Key的長度。
                b). The Computational work to break a cipher.
                     數學計算的複雜度。

3. Public-key cryptosystems(p. 262)
        a). A key for encryption, a different key for decryption
            
        b). It is computationally infeasible to determine the decryption key given
            only the cryptographic algorithm and the encryption key
            在只有演算法及加密key的情況下幾乎不可能算出解密key。

        c).Either of the two related keys can be used for encryption, and the other
            used for decryption
            產生的key pair可隨意選定其一作為解密用,另一把則為加密用。

4. Public-Key cryptosystems: secrecy
        Figure 9.2 (p. 263)
        Y = Ekub(X)
        X = Dkrb(Y)
        source用destination的public key加密資料,destination用對應的private key
        解密。

        An opponent may have the knowledge of the algorithm.

5. Public-Key cryptosystems: Authentication
        Figure 9.3 (p. 264)
        Y = Ekra(X)
        X = Dkua(Y)
        source用本身的private key加密資料,destination用對應的public key解密。

        Y is a Digital Signature:
                a). Authentication(驗證)
                b). Data integrity(資料完整性)
                c). Non-repudiation(不可否認性)

        Y needs much storage, and much time to compute => hash function

6. Public-Key cryptosystems: Authentication and secrecy
        Figure 9.4 (p. 265)
        Z = Ekub[Ekra(X)]
        X = Dkua[Dkra(Y)]
        source先用本身的private key加密,再用destination的public key加密一次,
        destination先用本身的private key解密,再用source的ppublic key解密。

7. Applications for Public-Key Cryptosystems
        a). Encryption / Decryption
                The sender encrypts a message with the recipient's public key.
                sender用recipient的public key加密訊息。               

        b). Digital Signature
                The sender "signs" a meeeage with its private key.
                sender用自己的private key加密訊息。

        c). Key Exchange
                To exchange session keys.
                雙方交換同一把session key

8. Public-key cryptanalysis
        PKE is vulnerable to brute-force attack
                a). Key size must be large enough to make brute-force attack
                     impractical and small enough for practical encryption and
                     decryption.

                b). It may be possible to compute the private key given the public
                     key.

                c). Probable-message attack
                        Opponent could encrypt all possible keys using public key
                        and could decipher any message by matching the transmitted
                        ciphertext
                        用public key加密所有可能的session key,然後比對ciphertext。

                        The message is solely a 56-bit DES key
                        Try all possible keys using the public key, no matter how
                        large the public key size is.

9. The RSA algorithm
        Public Key:  KU = (e, n)
        Private Key:  KR = (d, n)
        C: ciphertext
        M: plaintext
        C = M^e  mod  n
        M = C^d   mod  n  = (Me^)^d  mod n = M^ed  mod n

        Steps of key generation: (p. 270, 271)
                a). Select p, q.
                     p, q皆為質數且p≠q

                b). Calculate n = p X q

                c). Calcute ø(n) = (p-1)(n-1)

                d). Select integer e.
                     gcd(ø(n), e) = 1; 1< e < ø(n)

                e). Calculate d
                     e X d = 1 mod ø(n)

                f).  Public key KU = {e, n}

                g). Private key KR = {d, n}

        Example:
                a). Select primes: p = 17 and q = 11
                b). Compute n = pq = 17×11 = 187
                c). Compute ø(n) = (p-1)(q-1) = 16×10 = 160
                d). Select e : gcd(e, 160) = 1;  choose e = 7
                e). Determine d: de = 1 mod 160 and d < 160
                                        Value is d=23 since 23 × 7 = 161 = 10×160+1
                f).  Publish public key KU = {7,187}
                g). Keep secret private key KR={23,17,11}


arrow
arrow
    全站熱搜

    Graffine 發表在 痞客邦 留言(0) 人氣()