Modern Cryptography
—Secure Key Establishment
CIS Honours Minor Thesis Presentation by
Ang Yang
110061059
[email protected]
Supervisor: Dr Kim-Kwang Raymond Choo
Information Assurance Research Group
School of Information Technology and Mathematical Science
University of South Australia
Presentation Outline
•
•
•
•
•
•
•
•
•
•
•
Introduction
Research Questions, Aims and Field of Thesis
Background Materials
Research Methodology
Literature Review
Content of Minor Thesis
Contributions
Draft Thesis Table of Contents
Conclusion
Acknowledge
References
1
Introduction
Key establishment (Key exchange protocol) is to keep the security of
message which will transfer in unsecure public channel.
In 1970, the asymmetric key theory based on computing number theory
improving modern cryptography.
Adversary wants to break the cryptographic protocol for getting the
private key depending on developments of hardware and mathematics
via special method such as undetected dictionary attack.
To design the security and efficient key exchange protocol is very
significant.
This minor thesis is focus on analyzing effective and secure key
exchange protocol using elliptic curve cryptography (ECC).
2
Research Questions, Aims and Field of Thesis
Research Aims:
1.To analyze published protocols in the literature, including protocols that
carry heuristic security arguments and protocols that carry proofs of security.
2.To design new provably secure key establishment protocols, which need to
be as efficient in performance as the existing protocols.
Research Questions:
How we design and prove secure key exchange protocols？
Field of Thesis:
Cryptography Protocol.
3
Background Materials
1. Number Theory for Computing
2. Cryptography Background Materials
4
Background Material
• 3 Oracle Random Model
1.




BP model using to authentication key exchange protocol proof (Bellare
and Rogaway 1995).
Send
Reveal
Corrupt
Test
2. Abdalla RoR model using to prove Gateway-based Password based
Authentication Key Exchange protocol (Abdalla et al. 2005).
 Execute
 Send
 Test
 TestPair
5
Literature Review
1. Mathematics and cryptography literature
- Modern cryptography develops based on mathematics theory which is the
number theory for computing (Yan 2000, Katz & Lindell 2008).
- ID-based assumption is a strong assumption related to Elliptic Curve
Cryptography (ECC) theory (Yan 2011).
- ECC is based on elliptic discrete logarithm problem (ECDLP) and much more
effective than RSA which based on integer factorization problem (Yan 2011, Katz &
Lindell 2008).
length of key ECC
Security level
RSA
Same
256
3072
Same
348
7680
Same
512
15360
6
Background Materials
1.1 Number theory of computing associated with ( x mod n = a equal to x ≡ a
mod n) operation （Yan 2000）
x mod n : stand for remainder operation.
e.g. 7 mod 2 = 1
9 mod 4 = 1
14 mod 3 =2
7 ≡ 2 mod 1,
9 ≡ 4 mod 1,
14 ≡ 2 mod 3
2. There are myriad number results equal ( x ≡ a mod n) operation （Yan
2000）
e.g. Because : 9 mod 2 = 1
7 mod 2 = 1
5 mod 2 = 1
3 mod 2 =1
So
… ≡ 9 ≡ 7 ≡ 5 ≡ 3 ≡ 2mod 1
7
Background Materials
1.2 Modern Cryptography process：
sk: private key for decryption
pk: public key for encryption
Dec ()
Enc ()
Plaintext
Plaintext
Ciphertext
pkB
Client A
skB
Client B
8
Background Materials
1.3 Elliptic Curve Cryptography theory (Yan, 2011):
Elliptic curve function G()：y2=x3+ax+b
1. ECC theory :
P+Q+R’=O
pk1=[sk1]G = (x1,y1)
pk2=[sk2]G = (x2, y2)
Session key:
sk1 pk2 = sk2 pk1
2. ECDLP assumption: sk private key is hard
to calculate from pk in polynomial time
9
Literature Review
2. SM2 Algorithm key exchange protocol
- In 2010, Chinese state cryptography administration publish the new
cryptography algorithm and protocol, named SM2 depending on ID-based, to
instead of RSA .
- In 2011, Xu and Feng attacked SM2 protocol and presented in conferences .
3. Gateway-based password based authentication key exchange protocol (GPAKE)
- In 2005, Abdalla published gateway-based password based authentication
key exchange protocol (GPAKE).
- In 2006, Byun attacked this protocol via undetected dictionary attack and
improved it.
- In 2008, Abdalla improved GPAKE protocol and proof security.
- In 2011 and 2012, Wei designed the RSA and Diffie-Hellman GPAKE protocol,
they proofed it via oracle random model.
10
Research Methodology
• 1 Critical Analysis of Published Protocols
Comparing and analyzing the protocols .
• 2 Design Protocols
The algorithm or protocol design based on Computing number theory to
keep the veracity of key exchange protocol.
• 3 Mathematical Proofs
Proof the security in current oracle random model such as BP95 model
and Abdalla RoR model via mathematical probability theory.
11
Content of Minor Thesis
• SM2 protocol proving and comments on
attacking
• Enhance SM2 protocol
• GPAKE protocol using SM2 algorithm
• An ID-based GPAKE protocol
12
Research Content
SM2 Protocol ‘s mistake of attacking , proving and enhanced
1.
.
13
Contributions
1.
2.
Comment on Xu and Feng’s (2011) attacking mistakes.
Proving security of SM2 protocol in BP model.
SK: private key
PK: public key
OAB：session key’s private information that
14
Research Content
2. A provably Enhanced SM2 Protocol
.
15
Contributions
1. Enhanced SM2 Protocol ‘s security proving via
BP model.
2. Enhanced the SM2 protocol more effective and
proving the security.
Comparison:
a: addition, p:pairing, e: exponentiation, h: hash operation
Protocol
Computing
Assumption
SM2
10p+4e+6a+8h
ECDLP
Ours
8P+2e+8h
ECDLP
16
Research Content
2. A provably GPAKE Protocol using SM2 algorithm.
Research Content
3. A provably ID-based GPAKE Protocol using ECC.
Contributions
1.
First GPAKE protocol using SM2 algorithm which can be widely used in
China about cloud network, mobile network.
2.
First ID-Based GPAKE protocol using ECC which is more effective than RSA
GPAKE protocol.
3.
These two protocols can own strong anonymity and password security
which is about the client’s privacy information security.
4.
These two protocols can against online dictionary attack and undetected
off-line dictionary attack.
5.
These two protocols are proved security via Abdalla ROR model.
19
Draft Thesis Table of Contents
20
Conclusion:
•
•
•
•
•
Key establishment is significant.
Literature review.
Contents of minor thesis.
Contributions of different protocols.
Draft of minor thesis
21
Acknowledge
•
•
•
•
•
Dr. Raymond Choo
Dr. Gaye Deegan
Dr. Lin Liu
Dr. Jan Stanek
Dr. Stewart Von Itzstein
22
Thank You
23
Question？
24
References
•
•
•
•
•
•
•
•
•
•
•
Abdalla, M., et al. 2005. A simple threshold authenticated key exchange from short secrets. Advances in
Cryptology-Asiacrypt 2005, Springer: 566-584.
Abdalla, M., et al. 2008. Anonymous and transparent gateway-based password-authenticated key exchange.
Cryptology and Network Security, Springer: 133-148.
Bellare, M. and Rogaway, P. 1995: ‘Provably Secure Session Key Distribution: The Three Party Case’, ACM STOC 1995:
57–66
Byun, J. W., et al. 2006. ”Security analysis and improvement of a gateway-oriented password-based authenticated
key exchange protocol.” Communications Letters, IEEE 10(9): 683-685.
Chinese Government State Cryptography Administration: ‘Public Key Cryptographic Algorithm SM2 Based on Elliptic
Curves, Part 3: Key Exchange Protocol’, 2010 (http://www.oscca.gov.cn/UpFile/2010122214822692.pdf, in Chinese)
Katz, J. and Lindell Y. 2008 :’Introduction to modern cryptography’ Chapman & Hall/CRC
Wei, F., et al. 2011. Gateway-oriented password-authenticated key exchange protocol with stronger security.
Provable Security, Springer: 366-379.
Wei, F., et al. 2012. ”Gateway-oriented password-authenticated key exchange protocol in the standard model.”
Journal of Systems and Software 85(3): 760-768.
Xu, J. and D. Feng 2011: ’Comments on the SM2 key exchange protocol’. CANS 2011, LNCS 7092: 160–171
Yan, S. Y. 2011 : ‘Elliptic Curve’, Dalian Polytechnic University (in Chinese).
Yan, S. Y. 2000 : ‘Number theory for computing’, Springer
25