L03_publickeycrypto

because alice does but not know for sure if its

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: subjected to Man-in-the-Middle Attack !! Because Alice does But not know for sure if it’s actually Bob who is sending her the YB not Remedy: Published those public numbers, i.e. a, q and YA , YB in Remedy: a “Trusted, publicly accessible directory for each person” “Trusted, This also allows Alice to send Bob an encrypted message This even when he is currently offline. even But how can you be sure that you are looking at the directory hosted by the “true trusted directory server” ? hosted Man-in-the-middle (MITM) Attack DH protocol: 1. Alice -> Bob: αx (mod q) 1. (mod 2. Bob -> Alice: αy (mod q) 2. (mod Attack scenario Vulnerability: lack of what? Other Public Key Algorithms 1978: Merkle/Hellman (Knapsack), subsequently found to be insecure 1985: El Gamal (Discrete logarithm Problem) 1985: Miller/Koblitz (Elliptic curves) 1991: Digital Signature Standard (DSS) (Discrete logarithm Problem) And many others, too El Gamal El Gamal can be considered to be a generalization of Diffie-Hellman key-exchange El algorithm => still relies on the difficulty of doing discrete logarithm: algorithm y = αx mod q mod q iis prime ; s α and x are +ve integers < q and α is a primitive root of q and 0 < x < q-1 Public key = (y, α, q) ; Private key = x Public Private Encryption of plaintext message M (< q ): Select k: 1 ≤ k ≤ q-2 Select q-2 C1 = αk mod q C1 C2 = (ykM) mod q Ciphertext = (C1,C2) Decryption: 1 M = [C2 * (C1x )--1 ] mod q where where 1 b--1 (mod q) is the “multiplicative inverse” of b (mod q), i.e. [b*b--1 ] mod q = 1 mod q ; [b*b 1 mod El Gamal Encryption of plaintext message M (< q ): Select k: 0< k < q, relatively prime to (q-1) C1 = αk mod q C1 C2 = (ykM) mod q Ciphertext = (C1,C2) Decryption: 1 M = [C2 * (C1x )--1 ] mod q 1 1 Proof: [C2 * (C1x )--1 ]mod q = [yk M * (C1x )--1 ]mod q Proof:mod 1 1 = [αkx M * (C1x )--1 ]mod q = [C1x * M * (C1x )--1 ] mod q = M mod q = Mmod mod because yk mod q = αkx mod q = C1x because where...
View Full Document

This note was uploaded on 12/05/2013 for the course IERG 4130 taught by Professor Chowsze-ming,sherman during the Fall '13 term at CUHK.

Ask a homework question - tutors are online