cryptography - cs3sr3/se3ra3se3ra3/2016/ln28-2016.pdf · classical cryptosystems public key...
TRANSCRIPT
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Cryptography
CS3SR3/SE3RA3
Ryszard Janicki
Acknowledgments: Material based on Computer Security: Art and Science by Matt Bishop (Chapter 9)
Ryszard Janicki Cryptography 1 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Cryptography and Cryptosystems
Cryptography ≡ Secret Writing in Greek
De�nition (Cryptosystem)
A cryptosystem is a 5-tuple (E ,D,M,K ,C ), where:
M is the set of plaintexts,
K is the set of keys,
E = {Ek | k ∈ K}, where each Ek : M → C , is the set ofenciphering functions,
D = {Dk | k ∈ K}, where each Dk : C → M, is the set ofdeciphering functions.
Ryszard Janicki Cryptography 2 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Caesar Cipher
Example (Caesar Cipher)
Idea: letters are shifted and key=shift. If k = 3 theA→ D,B → E , . . . ,Z → C , and �HELLO� → �KHOOR�.
M = all sequences in Roman letters = {A,B,C , . . . ,Z}∗,K = {i | 0 ≤ i ≤ 25}, or K = {i | 1 ≤ i ≤ 26},E = {Ek | k ∈ K}, where for each m ∈ M,Ek(m) = mk , andmk is derived from m by shifting each letter by k ,
D = {Dk | k ∈ K}, where for each c ∈ C ,Dk(c) = ck , and ckis derived from c by shifting back each letter by k
C = M.
Ryszard Janicki Cryptography 3 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Goals and Adversaries
The goal of cryptography is to keep enciphered informationsecret.
An adversary wants to break a cipher-text.
Adversary knows D and E .Three types of attacks:
1 Ciphertext only - Adversary has only the ciphertext.Goal: plaintext and, if possible, the key.
2 Known Plaintext - Adversary has the ciphertext and theplaintext that was enciphered.Goal: the key
3 Chosen Plaintext - Adversary may ask that speci�c plaintextsbe enciphered, and is given the corresponding ciphetexts.Goal: the key
A good cryptosystem protects against all three types ofattacks.
Ryszard Janicki Cryptography 4 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Classical Cryptosystems
De�nition
Classical cryptosystems (also called single-key or symmetric
cryptosystems) are cryptosystems that use the same key forencipherement and decipherement. In these systems, for all Ek ∈ C
and k ∈ K , there is a Dk ∈ D such that Dk = E−1k
.
Example
The Caesar cipher discussed earlier had a key of 3, so theenciphering function was E3. To decipher �KHOOR�, we used thesame key in decipherment function D3. Hence, the Caesar cipher isa classical cipher.
There are two basic types of classical ciphers:transposition ciphers, andsubstitution ciphers.
Ryszard Janicki Cryptography 5 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Transposition Ciphers
De�nition
A transposition cipher rearranges the characters in the plaintext toform the ciptertext. The letters are not changed.
Example (Rail-Fence Cipher)
The rail-fence cipher is composed by writing the plaintext in tworows, proceeding down, then across, and reading the ciphertextacross.
1 2 3 4 5 6 7 8 =⇒ 1 3 5 7
2 4 6 8=⇒
1 3 5 7
2 4 6 8=⇒ 1 3 5 7 2 4 6 8
For example: HELLOWORLD =⇒ H L O O LE L W R D
=⇒
HLOOLELWRD
Ryszard Janicki Cryptography 6 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Transposition Ciphers
Example (Rail-Fence Cipher. Version 2)
1 2 3 4 5 6 7 8 9 =⇒1 4 7
2 5 8
3 6 9=⇒
1 4 7
2 5 8
3 6 9
=⇒ 1 4 7 2 5 8 3 6 9
For example: HELLO WORLD =⇒H L W LE O O DL R
=⇒
HLWLEOODL R
Ryszard Janicki Cryptography 7 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Transposition Ciphers
Mathematically, the key to a transposition cipher is apermutation function.Permutations does not change the frequency of plaintextcharacters, which provides means of attack.
Example
For instance because �HE� has frequency 3.05% in English, onemay assume that in �HLOOLELWRD�, �E� should follow �H�, soone may try:
H EL LO WO RL D
Reading the letters across and down produces � HELLOWORLD�.
Ryszard Janicki Cryptography 8 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Substitution Ciphers
De�nition
A substitution cipher changes characters in the plaintext toproduce the ciphertexts.
Example
Consider Caesar cipher with the key k = 3 or D, i.e.A→ D,B → E , . . . ,X → A,Y → B,Z → C .
HELLOWORLD → KHOORZRUOG
A Caesar cipher is susceptible to a statistical ciphertext-onlyattack.
Ryszard Janicki Cryptography 9 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Substitution Ciphers
Example
Ciphertext: KHOORZRUOG (length is 10 characters).
Numbering of letters: A→ 0,B → 1, . . . ,Z → 25.
STATISTICAL ATTACK:
Frequencies of letters in �KHOORZRUOG�:6 7 10 14 17 20 25
c = G H K O R U Z
f (c) = 0.1 0.1 0.1 0.3 0.2 0.1 0.1
Correlation with average English text:
Φ(i) =25∑c=0
f (c)p(c − i),
where p(x) are character frequencies in English (see Table 9-1on page 11).
Ryszard Janicki Cryptography 10 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Character Frequencies in English
• p(0) = p(a) = 0.080, p(1) = p(b) = 0.015, . . . , p(25) = p(z) = 0.002
Ryszard Janicki Cryptography 11 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Substitution Ciphers
Example (continuation)
Ciphertext: KHOORZRUOG.
Numbering of letters: A→ 0,B → 1, . . . ,Z → 25.
STATISTICAL ATTACK:
For �KHOORZRUOG�, we have
Φ(i) = 0.1p(6− i) + 0.1p(7− i) + 0.1p(10− i) +0.3p(14− i) + 0.1p(20− i) + 0.1p(25− i)
We are looking to the biggest Φ(i), i = 0, . . . , 25.
Ryszard Janicki Cryptography 12 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Values of Φ(i) for `KHOORZROOG`� in English
Φ(6) = 0.0660 =⇒ KHOORZROOG → EBIILTLOIA,
Φ(10) = 0.0635 =⇒ KHOORZROOG → AXEEHPHKEW ,
Φ(3) = 0.0575 =⇒ KHOORZROOG → HELLOWORLD,
Φ(14) = 0.0535 =⇒ KHOORZROOG →WTAADLDGAS ,
Ryszard Janicki Cryptography 13 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Vigenère Cipher
Invented by Blaise de Vigenère in 1586.
De�nition
The Vigenère cipher chooses a sequence of keys, represented by astring. The key letters are applied to successive plaintextcharacters, and when the end of the key is reached, the key startsover. The length of the key is called the period of the cipher.
In other words, like Caesar cipher, but we use a phrase.
Figure 9-3 on page 15 shows a tableau to implement thiscipher e�ciently.
Because this requires several di�erent key letters, this type ofcipher is called polyalphabetic.
Ryszard Janicki Cryptography 14 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Ryszard Janicki Cryptography 15 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Vigenère Cipher
Example
Letters enumeration:A→ 0, . . . ,G → 6, . . . , I → 8, . . . ,V → 21, . . . ,Z → 25.
Message: THE BOY HAS THE BALLKey: VIG or 21-8-6.
We encipher using Caesar cipher for each letter:
Plaintext T H E B O Y H A S T H E B A L L
Keys V I G V I G V I G V I G V I G V
Ciphertext O P K W W E C I Y O P K W I M G,
since (T + V ) mod 26 = O, (H + I ) mod 26 = P,(E + G ) mod 26 = K , etc.
Ryszard Janicki Cryptography 16 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Vigenère Cipher
Breaking is not easy but possible (Friedrich Kasiski in 1863).Breaking is based on the observation, that repetitions occurwhen characters of the key appear over the same characters inthe ciphertext.
Example
Plaintext T H E B O Y H A S T H E B A L L
Keys V I G V I G V I G V I G V I G V
Ciphertext O P K W W E C I Y O P K W I M G,
The string OPK appears twice. The ciphertext repetitions arenine character apart. Hence 9 is a multiple of the period, i.e.period must be either 3 or 9.
We can then use some statistical analysis to break the cipher,however it is not easy.
Ryszard Janicki Cryptography 17 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Example (Vigenère Cipher)
The following message was enciphered with a Vigenère cipher.Find the key and decipher it:
2
7. A noted computer security expert has said that without integrity, no system can provideconfidentiality.
a. Do you agree? Justify your answer.b. Can a system provide integrity without confidentiality? Again, justify your answer.
8. A cryptographer once claimed that security mechanism other than cryptography wereunnecessary because cryptography could provide any desired level of confidentiality andintegrity. Ignoring availability, either justify or refute the cryptographer claim.
9. Given the security levels TOP SECRET, SECRET, CONFIDENTIAL, andUNCLASSIFIED (ordered from highest to lowest), and the categories A, B and C, specifywhat type of access (read, write, both, or neither) is allowed in each of the followingsituations. Assume that discretionary access controls allow anyone access unlessotherwise specified.
a. Paul, cleared for (TOP SECRET, {A, C}), wants to access a document classified(SECRET, {B, C}).
b. Anna, cleared for (CONFIDENTIAL, {C}), wants to access a document classified(CONFIDENTIAL, {B}).
c. Jesse, cleared for (SECRET, {C}), wants to access a document classified(CONFIDENTIAL, {C}).
d. Sammi, cleared for (TOP SECRET, {A, C}), wants to access a documentclassified (CONFIDENTIAL, {A}).
e. Robin, who has no clearances (and so works at the UNCLASSIFIED level), wantsto access a document classified (CONFIDENTIAL, {B}).
10. Give an example that demonstrates that the integrity level of subjects decreases in Biba’slow-water-mark policy. Under what conditions will the integrity level remainunchanged?
11. Decipher the following ciphertext, which was enciphered using the Caesar cipher:TEBKFKQEBZLROPBLCERJXKBSBKQP
12. Exercise 8 from page 242 of Bishop’s textbook. See below:
SOLUTION
We begin by looking for repetitions in the ciphertext.
�IYO� appears twice 25 spaces apart.
�KRG� also appears twice, 20 spaces apart.
�LVF� is also repeated 55 spaces apart.
This leads us to the likelihood that the key is a commondivisor of these, so (as a �rst guess) we take the key length tobe 5.
This means we should try breaking the message into 5sequences:
Ryszard Janicki Cryptography 18 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Example
This means we should try breaking the message into 5 sequences:
T S M V MM P P C WC Z U G XH P E C PR F A U EI O B Q WP P I M SF X I P CT S Q P KS Z N U LO P A C RD D P K TS L V F WE L T K RG H I Z SF N I D FA R M U EN O S K RG D I P HW S G V LE D M C MS M W K PI Y O J ST L V F AH P B J IR A Q I WH L D G AI Y O U X
Counting characters in each column (alphabet) yields:
Column #1 #2 #3 # 4 #5A 1 1 2 0 2B 0 0 2 0 0C 1 0 0 4 1D 1 3 1 1 0E 2 0 1 0 2F 2 1 0 2 1G 2 0 1 2 0H 3 1 0 0 1I 3 0 5 1 1J 0 0 0 2 0K 0 0 0 4 1L 0 4 0 0 2M 1 1 3 1 2N 1 1 1 0 0O 1 2 2 0 0P 0 4 2 3 2Q 0 0 2 1 0R 2 1 0 0 2S 3 3 1 0 3T 3 0 1 0 1U 0 0 1 4 0V 0 0 2 2 0W 1 0 1 0 4X 0 1 0 0 2Y 0 2 0 0 0Z 0 2 0 1 0
16
Ryszard Janicki Cryptography 19 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Example
Observe that the highest frequency character in column 3 (`i')seems to correspond to the letter `a' due to the gap followingit, according to the frequencies of characters on right side ofpage 219 of the textbook and page 11 of this Lecture Notes.
We decrypt the 3rd character, and then every 5th, accordingto this, and from the Vignère tableau we guess that the 3rdcharacter in the key is `i'.
TSeNM MPhCW CZmGX HPwCP RFsUE IOtQW PPaMSFXaPC TSiPK SZfUL OPsCR DDhKT SLnFW ELlKR GHaZSFNaDF AReUE NOkKR GDaPH WSyVL EDeCM SMoKPIYgJS TLnFA HPuJI RAiIW HLvGA IYgUX
Next we guess that column 1 does not appear shifted sincethe frequencies are about the same as the standard, so the�rst character could be `a'.
tSeNM mPhCW cZmGX hPwCP rFsUE iOtQW pPaMSfXaPC tSiPK sZfUL oPsCR dDhKT sLnFW eLlKR gHaZSfNaDF aReUE nOkKR gDaPH wSyVL eDeCM sMoKP iYgJStLnFA hPuJI rAiIW hLvGA iYgUX
Ryszard Janicki Cryptography 20 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Example
tSeNM mPhCW cZmGX hPwCP rFsUE iOtQW pPaMS fXaPCtSiPK sZfUL oPsCR dDhKT sLnFW eLlKR gHaZS fNaDF aReUEnOkKR gDaPH wSyVL eDeCM sMoKP iYgJS tLnFA hPuJI rAiIWhLvGA iYgUX
The �rst word may be `the' and the frequencies of the secondcolumn �t in the right places, so assume S maps to h in the 2ndcolumn, making the frst three letters of the key: `ali'.
theNM mehCW comGX hewCP rusUE idtQW peaMS fmaPC thiPKsofUL oesCR dshKT sanFW ealKR gwaZS fcaDF ageUE ndkKRgsaPH whyVL eseCM sboKP ingJS tanFA heuJI rpiIW havGA ingUX
Now we can look for parts of words to give us a clue. `com' couldbe `come', `thi' could be `this', or `hav' could be `have'. Since the�rst and third of these examples use the same mapping but thesecond uses a di�erent one, we �rst try the letter `C' as the key forthe column 4 since that maps `G' to `e'.
thetM mehaW comeX hewaP russE idtoW peakS fmanC thinKsofsL oesaR dshiT sandW ealiR gwaxS fcabF agesE ndkiR gsanHwhytL eseaM sboiP inghS tandA heuhI rpigW haveA ingsX
Ryszard Janicki Cryptography 21 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Example
thetM mehaW comeX hewaP russE idtoW peakS fmanCthinK sofsL oesaR dshiT sandW ealiR gwaxS fcabF agesEndkiR gsanH whytL eseaM sboiP inghS tandA heuhI rpigWhaveA ingsX
Now we can begin to read parts of the text. the second groupof characters seems to be `has'. To map the plain text s tocipher text w, we would have had to use the key letter `e',which makes sense as we now have a full keyword: `Alice' andwe can now decrypt the full text:
theti mehas comet hewal russa idtos peako fmany thing sofshoesan dship sands ealin gwaxo fcabb agesa ndkin gsand whytheseai sboil ingho tandw heuhe rpigs havew ingst
with punctuation:The time as come the walrus said to speak of many things ofshoes and ships and sealing wax of cabbages and kings andwhy the sea is boiling hot and whether pigs have wingst.
Ryszard Janicki Cryptography 22 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
One-Time Pad
A Vigenère cipher with a random key at least as long as themessage.
Proven unbreakable.
Why? Look at ciphertext DXQR. Equally likely to correspondto plaintext DOIT (Key AJIY) and to DONT (key AJDY) andany other 4 letters.
Warning: keys must be random, or you can attack the cipherby trying to regenerate the key.
Approximations, such as using pseudo-random numbergenerators to generate keys, are not random.
Ryszard Janicki Cryptography 23 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Hybrid Ciphers
We can (and often do) use more than one technique, forexample use both transposition ciphers and substitutionciphers.
We will show later how Vigenère cipher (substitution cipher)composed with rail-fence (transposition cipher) can be used toencrypt passwords.
Ryszard Janicki Cryptography 24 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Public Key Cryptography
Two keys:
PRIVITE KEY known only to individualPUBLIC KEY available to anyone
A has private key kA and public key KA, while B has privatekey kB and public key KB . A message send by A andencrypted using kA and KB practically can only be decryptedwhen B will use kB and KA. How is it possible?
The private key k and the public key K are not random.
The public key K is a function of the private key k , i.e.K = f (k) for some function f (hence KA = f (kA) andKB = f (kB)).
The function f must have the property that for any K , �ndingf −1(K ) is practically impossible.
Ryszard Janicki Cryptography 25 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Public Key Cryptography
Conditions:1 It must be computationally easy to encipher or decipher a
message given the appropriate key.2 It must be computationally infeasible to derive the private key
from the public key.3 It must be computationally infeasible to determine the private
key from a chosen plaintext attack.
Ryszard Janicki Cryptography 26 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Di�e-Hellman Scheme
First proposed by James Ellis in 1970, but classi�ed until 1997.
Reinvented by W. Di�e and M. Hellman in 1976.
It is based on the Discrete Logarithm Problem.
De�nition (Discrete Logarithm Problem)
Find k such thatn = gk mod p
for a given natural numbers n, g and a prime number p.
The Discrete Logarithm Problem is infeasible for big p.
Ryszard Janicki Cryptography 27 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Algorithm (Di�e-Hellman Protocol)
Shared Knowledge: p and g, where g 6= 0, 1, p − 1.
Each user chooses a private key ka and computes a public key
Ka = gka mod p.
If A and B want to communicate, they encipher the other's
public key using they own public key using the formulas:
SA,B = K kA
Bmod p (used by A), and
SB,A = K kB
Amod p (used by B).
The protocol is based on the following theorem:
Theorem
SA,B = SB,A
The key SA,B = SB,A is used for communication between A
and B.
Ryszard Janicki Cryptography 28 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Di�e-Hellman Scheme
The Di�e-Hellman Protocol is a symmetric key exchange
protocol.
Example
Let p = 53, g = 17 and kA = 5, kB = 7. HenceKA = gkA mod p = 175 mod 53 = 40KB = gkB mod p = 177 mod 53 = 6
Now we have:SA,B = K kA
Bmod p = 65 mod 53 = 38
SB,A = K kB
Amod p = 407 mod 53 = 38
The prime number p must be large, hundreds or eventhousands of bits!!!
Ryszard Janicki Cryptography 29 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
RSA Protocol
Invented by R. Rivest, A. Shamir and L. Adleman in 1978.It is based on the properties of the totient function Φ(n).
De�nition
A number k is relatively prime to a number n if k has no factors incommon with n.
De�nition
The totient function Φ(n) is the number of positive integers lessthan n and relatively prime to n.
Example
Φ(10) = 4, as 1, 3, 7, 9 are relatively prime to 10.
Φ(21) = 12, as 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20 arerelatively prime to 21.
Ryszard Janicki Cryptography 30 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Theorem
If p and q are two distinct primes, then Φ(pq) = (p − 1)(q − 1).
Algorithm (RSA Protocol)
Choose two large prime numbers p and q.
Compute n = pq. Then Φ(n) = (p − 1)(q − 1).
Choose e < n such that e is relatively prime to Φ(n).
Compute d such that ed mod Φ(n) = 1.
PUBLIC KEY: (e, n)
PRIVITE KEY: d
ENCIPHER: c = me mod n (uses PUBLIC KEY (e, n))
DECIPHER: m = cd mod n (uses PRIVATE KEY d)
Actual RSA primes p and q should be at least 512 bits long,giving a modulus, i.e. n = pq, of at least 1024 bits.
Ryszard Janicki Cryptography 31 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Example (Con�dentiality)
p = 7, q = 11, n = pq = 77,Φ(n) = (p − 1)(q − 1) = 60.
A chooses e = 17 (e < n and e must be relatively prime to Φ(n),making d = 53 (ed mod Φ(n) = 1, and here 17 · 53 mod 60 = 1).
B wants to send A secret message HELLO.
We assume each character in plaintext is represented by a numberbetween 00(A) and 25(Z ); 26 representing blank.
Hence HELLO ≡ 07 04 11 11 14.
ENCIPHER: c = me mod n (uses PUBLIC KEY (e, n))0717 mod 77 = 280417 mod 77 = 161117 mod 77 = 441117 mod 77 = 441417 mod 77 = 42
B sends 28 16 44 44 42
Ryszard Janicki Cryptography 32 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Example (Con�dentiality - Continuation)
B sends 28 16 44 44 42
A receives B sends 28 16 44 44 42
A uses private key: d = 53.
DECIPHER: m = cd mod n (uses PRIVATE KEY d)2853 mod 77 = 07 → H1653 mod 77 = 04 → E4453 mod 77 = 11 → L4453 mod 77 = 11 → L4253 mod 77 = 14 → O
No one else could read it, as only A knows her private key andthat is needed for decryption.
However A cannot be sure it it was B who sent it!
Ryszard Janicki Cryptography 33 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Example (Con�dentiality & Authentication)
p = 7, q = 11, n = pq = 77,Φ(n) = (p − 1)(q − 1) = 60.
A chooses e = 17, making d = 53.
B chooses e = 37, making d = 13.
A wants to send B secret message HELLO in con�dence andauthenticated.
ENCIPHER: c = (mdA mod n)eB mod n (it uses PUBLICKEY (eB , n) and PRIVATE KEY dA).
HELLO ≡ 07 04 11 11 14(0753 mod 77)37 mod 77 = 07(0453 mod 77)37 mod 77 = 37(1153 mod 77)37 mod 77 = 44(1153 mod 77)37 mod 77 = 44(1453 mod 77)37 mod 77 = 14
B receives 07 37 44 44 14Ryszard Janicki Cryptography 34 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Example (Con�dentiality & Authentication - Continuation)
B receives 07 37 44 44 14
DECIPHER: m = (cdB mod n)eA mod n (it uses PUBLICKEY (eA, n) and PRIVATE KEY dB).
(0753 mod 77)17 mod 77 = 07 → H(3753 mod 77)17 mod 77 = 04 → E(4453 mod 77)17 mod 77 = 11 → L(4453 mod 77)17 mod 77 = 11 → L(4253 mod 77)17 mod 77 = 14 → O
Ryszard Janicki Cryptography 35 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Cryptographic Checksums - Motivation
Alice wants to send Bob a message of n bits, and she wantsBob to be able to verify that the message he receives is thesame one that was sent.
Alice applies a checksum function to generate a much smallerset of k bits (called the checksum of message digest) from theoriginal n bits.
Alice then sends Bob both the message and the checksum.
When Bob gets the message, he recomputes the checksumand compares it with the one Alice sent.
If they match, Bob assumes that message has not beenchanged.
Every transmission of data is a subject to some errors. Thelonger message the greater probability of error. Hence k-longchecksum is more reliable than n-long message.
Ryszard Janicki Cryptography 36 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Cryptographic Checksums
Example (Parity Bit)
The parity bit is a single-bit checksum.
Odd Parity: the sum of the 1-bits in the character or numberrepresentation and the parity bit is odd.In ASCII: A → 0111101, hence p0111101 = 00111101,where p is the parity bit (and p = 0 in this case).
the message 00111101 means A and a con�rmation that themessage has arrived unchanged.
Ryszard Janicki Cryptography 37 / 38
CryptographyClassical Cryptosystems
Public Key CryptographyCryptographic Checksums
Cryptographic Checksums
De�nition (Cryptographic Checksum Function)
A cryptographic checksum function (or strong hash function)h : A→ B is a function that has the following properties.
1 For any x ∈ A, h(x) is easy to compute.
2 For any y ∈ B, it is computationally infeasible to �nd x ∈ A
such that h(x) = y .
3 Given any x ∈ A, it is computationally infeasible to �ndanother x ′ ∈ A such that x 6= x ′ and h(x ′) = h(x).
Checksums are mainly used to detect transmission errors.
However they can also indicate attacks during transmissions.
Ryszard Janicki Cryptography 38 / 38