Diffie-Hellman Key Exchange Digital Signature
Diffie-Hellman Key Exchange Digital Signature Md Morshedul Islam [email protected] March 23, 2015 . . . Md Morshedul Islam (UofC) Short title . . . . . . . . . . . . . . . . . . . . . . . . . . . . March 23, 2015 . . . . . . . . 1 / 22 . Overview 1 Diffie-Hellman Diffie-Hellman Setup Session Key Diffie-Hellman Example 2 Digital Signature Scheme Digital Signature Model Digital Signature Algorithm(DSA) . . . Md Morshedul Islam (UofC) Short title . . . . . . . . . . . . . . . . . . . . . . . . . . . . March 23, 2015 . . . . . . . . 2 / 22 . . . . Md Morshedul Islam (UofC) Short title . . . . . . . . . . . . . . . . . . . . . . . . . . . . March 23, 2015 . . . . . . . . 3 / 22 . Overview Proposed by Diffie and Hellman in 1976 First public-key algorithm It is a practical method for public exchange of a secret key It used in a number of commercial products . . . Md Morshedul Islam (UofC) Short title . . . . . . . . . . . . . . . . . . . . . . . . . . . . March 23, 2015 . . . . . . . . 4 / 22 . Diffie-Hellman Setup(cont.) All users agree on global parameters q : Prime number α : α < q and α a primitive root of q User A key generation Select private XA : XA < q Calculate public YA : YA = αXA mod q . . . Md Morshedul Islam (UofC) Short title . . . . . . . . . . . . . . . . . . . . . . . . . . . . March 23, 2015 . . . . . . . . 5 / 22 . Diffie-Hellman Setup User B key generation Select private XB : XB < q Calculate public YB : YB = αXB mod q Generation of Secret key by user A K = (YB )XA mod q Here, YB is the public key of B Generation of Secret key by user B K = (YA )XB mod q Here, YA is the public key of A . . . Md Morshedul Islam (UofC) Short title . . . . . . . . . . . . . . . . . . . . . . . . . . . . March 23, 2015 . . . . . . . . 6 / 22 . Session Key K is used as session key in private-key encryption scheme between Alice and Bob if Alice and Bob subsequently communicate, they will have the same key as before, unless they choose new public-keys attacker needs an x, must solve discrete log . . . Md Morshedul Islam (UofC) Short title . . . . . . . . . . . . . . . . . . . . . . . . . . . . March 23, 2015 . . . . . . . . 7 / 22 . Diffie-Hellman Example users Alice and Bob who wish to swap keys: agree on prime q = 353 and α = 3 select random secret keys: A chooses XA = 97, B chooses XB = 233 compute public keys: YA = 397 mod 353 = 40 (Alice) YB = 3233 mod 353 = 248 (Bob) compute shared session key as: K = YBXA mod 353 = 24897 = 160 (Alice) K = YAXB mod 353 = 40233 = 160 (Bob) . . . Md Morshedul Islam (UofC) Short title . . . . . . . . . . . . . . . . . . . . . . . . . . . . March 23, 2015 . . . . . . . . 8 / 22 . Deffi-Hellman Key Exchange . . . Md Morshedul Islam (UofC) Short title . . . . . . . . . . . . . . . . . . . . . . . . . . . . March 23, 2015 . . . . . . . . 9 / 22 . Digital Signature Digital signatures provide the ability to: verify author, date and time of signature authenticate message contents be verified by third parties to resolve disputes . . . Md Morshedul Islam (UofC) Short title . . . . . . . . . . . . . . . . . . . . . . . . . . . . March 23, 2015 . . . . . . . . 10 / 22 . Digital Signature Model . . . Md Morshedul Islam (UofC) Short title . . . . . . . . . . . . . . . . . . . . . . . . . . . . March 23, 2015 . . . . . . . . 11 / 22 . Digital Signature Model . . . Md Morshedul Islam (UofC) Short title . . . . . . . . . . . . . . . . . . . . . . . . . . . . March 23, 2015 . . . . . . . . 12 / 22 . Digital Signature Algorithm (DSA) creates a 320 bit signature with 512-1024 bit security smaller and faster than RSA a digital signature scheme only security depends on difficulty of computing discrete logarithms . . . Md Morshedul Islam (UofC) Short title . . . . . . . . . . . . . . . . . . . . . . . . . . . . March 23, 2015 . . . . . . . . 13 / 22 . DSA Key Generation have shared global public key values (p, q, g ): choose 160-bit prime number q choose a large prime p with 2L−1 < p < 2L where L= 512 to 1024 bits and is a multiple of 64 such that q is a 160 bit prime divisor of (p − 1) choose g = h(p−1)/q where 1 < h < p − 1 and h(p−1)/q mod p > 1 users choose private and compute public key: choose random private key: x < q compute public key: y = g x mod p . . . Md Morshedul Islam (UofC) Short title . . . . . . . . . . . . . . . . . . . . . . . . . . . . March 23, 2015 . . . . . . . . 14 / 22 . DSA Signature Creation to sign a message M the sender: generates a random signature key k, k < q k must be random, be destroyed after use, and never be reused then computes signature pair: r = (g k mod p) mod q s = [k −1 (H(M) + xr )] mod q sends signature (r,s) with message M . . . Md Morshedul Islam (UofC) Short title . . . . . . . . . . . . . . . . . . . . . . . . . . . . March 23, 2015 . . . . . . . . 15 / 22 . DSA Signature Verification having received M and signature (r,s) to verify a signature, recipient computes: w = s −1 mod q u1 = [H(M)w ] mod q u2 = (rw ) mod q v = [(g u1 y u2 )modp] mod q if v = r then signature is verified . . . Md Morshedul Islam (UofC) Short title . . . . . . . . . . . . . . . . . . . . . . . . . . . . March 23, 2015 . . . . . . . . 16 / 22 . DSA Overview . . . Md Morshedul Islam (UofC) Short title . . . . . . . . . . . . . . . . . . . . . . . . . . . . March 23, 2015 . . . . . . . . 17 / 22 . DSA Example DSA Key Generation Consider the public parameter p, q, g asq = 71 = a prime number p = 18 ∗ 71 + 1 = 1279 = a prime number (here q is a prime divisor of p-1) g = 318 mod 1279 = 1157 Consider a message(hash?) m = 123 and a private key of sender x = 15 So, public key of sender y = 115715 (mod 1279) = 851 . . . Md Morshedul Islam (UofC) Short title . . . . . . . . . . . . . . . . . . . . . . . . . . . . March 23, 2015 . . . . . . . . 18 / 22 . DSA Example DSA Signature Creation To sign a message m sender generate random key k = 10 and moreover 10−1 mod 71 = 64 Compute signature pair r = g k (mod p) mod q = 115710 (mod 1279) mod 71 = 32 s = [k −1 .(H(m) + x.r )]mod q = [64 ∗ (123 + 15 ∗ 32]mod 71 = 39 Now we obtain Alice’s signature on the message m = 123, the pair (r , s) = (32, 39) . . . Md Morshedul Islam (UofC) Short title . . . . . . . . . . . . . . . . . . . . . . . . . . . . March 23, 2015 . . . . . . . . 19 / 22 . DSA Example DSA Signature Verification Bob receive m and signature (r,s) to verify a signature Bob computes: w = s −1 mod q = 39−1 mod 71 = 51 u1 = [H(m)w ] mod q = [123 × 51] mod 71 = 25 u2 = (rw ) mod q = (32 × 51) mod 71 = 70 v = [(g u1 y u2 ) mod p] mod q = [(115725 ∗ 85170 ) mod 1279] mod 71 = 32 = r So, the signature is verified . . . Md Morshedul Islam (UofC) Short title . . . . . . . . . . . . . . . . . . . . . . . . . . . . March 23, 2015 . . . . . . . . 20 / 22 . References William Stallings Cryptography and Network Security http://williamstallings.com/Crypto/Crypto4e-inst.html . . . Md Morshedul Islam (UofC) Short title . . . . . . . . . . . . . . . . . . . . . . . . . . . . March 23, 2015 . . . . . . . . 21 / 22 . The End . . . Md Morshedul Islam (UofC) Short title . . . . . . . . . . . . . . . . . . . . . . . . . . . . March 23, 2015 . . . . . . . . 22 / 22 .
© Copyright 2024