In the Name of the Most High
Public-Key Cryptography and
Message Authentication
Behzad Akbari
Fall 2010
1
OUTLINE
Approaches to Message Authentication
Secure Hash Functions and HMAC
Public-Key Cryptography Principles
Public-Key Cryptography Algorithms
Digital Signatures
Key Management
2
Authentication
Requirements: must be able to verify that:
1. Message came from apparent source or
author,
2. Contents have not been altered,
3. Sometimes, it was sent at a certain time or
sequence.
Protection against active attack (falsification of
data and transactions)
3
Approaches to Message Authentication
Authentication Using Conventional Encryption
Message Authentication without Message
Encryption
Only the sender and receiver should share a key
An authentication tag is generated and appended to
each message
Message Authentication Code
Calculate the MAC as a function of the message and
the key. MAC = F(K, M)
4
5
One-way HASH function
6
One Way Hash Function
Ideally we would like to avoid encryption,
because:
Encryption software is slow
Encryption hardware costs aren’t cheap
Hardware optimized toward large data sizes
Algorithms covered by patents
Algorithms subject to export control
7
One-way HASH function
Secret value is added before the hash and
removed before transmission.
8
Secure HASH Functions
Purpose of the HASH function is to produce
a ”fingerprint.
Properties of a HASH function H :
1.
2.
3.
4.
5.
6.
H can be applied to a block of data at any size
H produces a fixed length output
H(x) is easy to compute for any given x.
For any given value h, it is computationally
infeasible to find x such that H(x) = h
For any given block x, it is computationally
infeasible to find with H(y) = H(x).
It is computationally infeasible to find any pair (x,
y) such that H(x) = H(y) y x
9
Simple Hash Function
One-bit circular shift on the hash value after
each block is processed would improve
10
Message Digest Generation Using SHA-1
11
SHA-1 Processing of single 512-Bit Block
12
Other Secure HASH functions
SHA-1
MD5
RIPEMD-160
Digest length
160 bits
128 bits
160 bits
Basic unit of
processing
512 bits
512 bits
512 bits
64 (4
rounds of
16)
160 (5
paired
rounds of
16)
Number of steps 80 (4 rounds
of 20)
Maximum
message size
264-1 bits
13
HMAC(Hash-based MAC)
Use a MAC derived from a cryptographic hash
code, such as SHA-1.
Motivations:
Cryptographic hash functions executes faster in
software than encryptoin algorithms such as DES
Library code for cryptographic hash functions is widely
available
No export restrictions from the US
14
HMAC Structure
15
Public-Key Cryptography Principles
The use of two keys has consequences in: key
distribution, confidentiality and authentication.
The scheme has six ingredients (see Figure 3.7)
Plaintext
Encryption algorithm
Public and private key
Ciphertext
Decryption algorithm
16
Encryption using Public-Key system
17
Authentication using Public-Key System
18
Applications for Public-Key Cryptosystems
Three categories:
Encryption/decryption: The sender encrypts a
message with the recipient’s public key.
Digital signature: The sender ”signs” a message
with its private key.
Key echange: Two sides cooperate exhange a
session key.
19
Requirements for Public-Key Cryptography
1.
2.
3.
Computationally easy for a party B to
generate a pair (public key KUb, private key
KRb)
Easy for sender to generate ciphertext:
C EKUb (M )
Easy for the receiver to decrypt ciphertect
using private key:
M DKRb (C ) DKRb [ EKUb (M )]
20
Requirements for Public-Key Cryptography
4.
5.
6.
Computationally infeasible to determine private
key (KRb) knowing public key (KUb)
Computationally infeasible to recover message
M, knowing KUb and ciphertext C
Either of the two keys can be used for
encryption, with the other used for decryption:
M DKRb [ EKUb (M )] DKUb [ EKRb ( M )]
21
Public-Key Cryptographic Algorithms
RSA - Ron Rives, Adi Shamir and Len Adleman
at MIT, in 1977.
RSA is a block cipher
The most widely implemented
22
The RSA Algorithm–Key Generation
1.
2.
3.
4.
5.
6.
7.
Select p,q
p and q both prime
Calculate n = p x q
Calculate (n) ( p 1)( q 1)
Select integer e
Calculate d
Public Key
Private key
gcd( (n), e) 1; 1 e (n)
de mod (n) 1
KU = {e,n}
KR = {d,n}
23
The RSA Algorithm - Encryption
Plaintext:
M<n
Ciphertext:
C = Me (mod n)
24
The RSA Algorithm - Decryption
Ciphertext:
Plaintext:
C
M = Cd (mod n)
25
RSA example:
Bob chooses p=5, q=7. Then n=35, z=(p-1) (q-1)=24.
e=5 (so e, z relatively prime).
d=29 (so ed-1 exactly divisible by z.(
encrypt:
decrypt:
m
letter
l
c
17
12
c
e
e
c = m mod n
1524832
17
m
d
481968572106750915091411825223071697
d
m = c mod n
12
letter
l
26
Example of RSA Algorithm
27
Diffie-Hellman Key Echange
28
Diffie-Hellman
29
Diffie-Hellman
Alice and Bob agree to use a prime number p=23 and base
g=5.
Alice chooses a secret integer a=6, then sends Bob (ga mod p)
56 mod 23 = 8.
Bob chooses a secret integer b=15, then sends Alice (gb mod
p)
515 mod 23 = 19.
Alice computes (gb mod p)a mod p
196 mod 23 = 2.
Bob computes (ga mod p)b mod p
815 mod 23 = 2.
base g : primitive root of p
A primitive root of p is a number r such that any integer a between 1 and p-1 can be
expressed by a=r^k mod p, with k a nonnegative integer smaller that p-1.
30
Message Authentication Code
(shared secret)
s
H(.)
(message)
m
append
H(.)
m
H(m+s)
public
Internet
H(m+s)
m
compare
H(m+s)
H(m+s)
s
(shared secret)
31
Digital Signatures
cryptographic technique analogous to handwritten signatures.
sender (Bob) digitally signs document, establishing
he is document owner/creator.
verifiable, nonforgeable: recipient (Alice) can prove
to someone that Bob, and no one else (including
Alice), must have signed document
32
Digital Signatures
simple digital signature for message m:
Bob “signs” m by encrypting with his private key
KB, creating “signed” message, KB(m)
Bob’s message, m
Dear Alice
Oh, how I have missed
you. I think of you all the
time! …(blah blah blah)
Bob
K B Bob’s private
key
public key
encryption
algorithm
-
K B (m)
Bob’s message,
m, signed
(encrypted) with
his private key
33
Digital Signatures (more)
-
suppose Alice receives msg m, digital signature KB(m)
Alice verifies m signed by Bob by applying Bob’s public
+
- +
key KB to KB(m) then checks KB(KB(m) ) = m.
+
-
if KB(KB(m) ) = m, whoever signed m must have used
Bob’s private key.
Alice thus verifies that:
Bob signed m.
No one else signed m.
Bob signed m and not m’.
non-repudiation:
Alice can take m, and signature KB(m) to court and
prove that Bob signed m.
34
Digital signature = signed MAC
Alice verifies signature and
integrity of digitally signed
message:
Bob sends digitally signed
message:
large
message
m
H: hash
function
Bob’s
private
key
+
-
KB
encrypted
msg digest
H(m)
digital
signature
(encrypt)
encrypted
msg digest
KB(H(m))
KB(H(m))
large
message
Bob’s
m
H: hash
function
public
key
+
KB
digital
signature
(decrypt)
H(m)
H(m)
equal
?
35
Public Key Certification
public key problem:
When Alice obtains Bob’s public key (from web site, email, diskette), how does she know it is Bob’s public
key, not Trudy’s?
solution:
trusted certification authority (CA)
36
Certification Authorities
Certification Authority (CA): binds public key to
particular entity, E.
E registers its public key with CA.
E provides “proof of identity” to CA.
CA creates certificate binding E to its public key.
certificate containing E’s public key digitally signed by CA: CA
says “This is E’s public key.”
-
Bob’s
public
key
Bob’s
identifying
information
+
KB
digital
signature
(encrypt)
CA
private
key
-
K CA
+
K CA(KB )
+
KB
certificate for
Bob’s public key,
signed by CA
37
Certification Authorities
when Alice wants Bob’s public key:
gets Bob’s certificate (Bob or elsewhere).
apply CA’s public key to Bob’s certificate, get
Bob’s public key
+
KB
-
+
K CA(KB )
digital
signature
(decrypt)
CA
public
key
Bob’s
public
+
K B key
+
K CA
38
Key ManagementPublic-Key Certificate Use
39
© Copyright 2026 Paperzz