Computer Security Discussion 5 Week of February 19, 2017 Question 1 Di e{Hellman key exchange (15 min) Recall that in a Di e-Hellman key exchange, there are values a, b, g and p. k b = ay mod p. Alice computes $N = p q$. If the two agree, he knows that the author of the message was in possession of Alice's secret key, and that the message has not been tampered with since. s(2) = 64 51(2) (mod 101) 63 That is, = 63. The secret key is the factorization $(p, q)$. With p=11 and g=2, suppose Alice and Bob choose private keys SA=5 and SB = 12, respectively. Ya = 3 2 mod 7 = 2 Yb = 3 5 mod 7. Alice computes the shared secret K=44 36 =75 mod 97; Bob computes the shared secret K=50 58 =75 mod 97; an attacker Charlie would need to first crack one of the secrets knowing only the public information, eg Alice's by solving x A =log 5 50=36 mod 97 (hard), and then doing Alice's key computation K=44 36 =75 mod 97. Alice chooses a random value x and sends gx mod p to Bob 2. Similarly, Bob computes the value. Bob takes Alice public key and calculates the secret key (same as Alice): secret key = pub key alice priv key bob (mod p) = pub key alice 13 (mod 17) 10. ElGamal Example [] ElGamal is a public key method that is used in both encryption and digital signingIt is used in many applications and uses discrete logarithms. Given, m = m1× m2 mod nBob Bob's Digital Signature on m1 and m2 c1 = m1 dBob mod n Bob c2 = m2 dBob mod n Bob Bob's Digital Signature on m c = mdBob mod n Bob Since Alice has c1 and c2, she can construct c from them as. If this is so, can't Bob find Alice's private key da from Alice's public key ea using (ea)^-1 mod phi = (ea)^(phi-1) mod phi? Secondly we cannot say that for a key e there exist only one inverse d mod phi (because there will be one mod lcm(p-1,q-1) as well. Explain how Mallory could know Bob's K b and Alice's K a and how she could use this secretly rewrite tra c between them. Suppose Alice and Bob have RSA public keys in a file on a server. In addition, e must be relatively prime with f(n), and it must also be de = 1 (mod f(n)), which means that d and e are the multiplicative inverse of the other modulo f(n). Finally, Bob computes w 31883 (mod 32611) and recovers the value 11111 of Alice's message. • Check that e=35 is a valid exponent for the RSA algorithm • Compute d , the private exponent of Alice • Bob wants to send to Alice the (encrypted) plaintext P=15. Alice (m) Bob Alice Bob hello SSL/TLS certificate. And Bob wishes to send a message M to Alice and he wants only Alice to be able to read M. Bob encrypts a message with Alice's public key, then Alice decrypts the message with her private key. Alice generates two large prime numbers$ p \, $and$ q \, $such that$ p \ne q $, randomly and independently of each other, where$ (p, q) \equiv 3 $mod$ 4 $. If Alice needs Bob's public key, Alice can ask Bob for it in another e-mail or, in many cases, download the public key from an advertised server; this server might a well-known PGP key repository or a site that Bob maintains himself. NOTE: Eve and Bob can only guess how many beans are in the cup. (a)(5 points) Assume Alice uses the secret value a = 6 and Bob the secret value b = 9. He Then Chooses His Secret Exponent A And Computes B = 3a = 46 (mod 401), And His Public Key Is (p, A,) = (401, 3, 46). Exercise: Prove that the P-positions for the take-away game TAG k (where you remove at most k tokens at a time) are precisely those which are 0 mod (k + 1). Alice obtains his public key, encrypts a message using this key and then sends it to Bob. Bob knows b and g a, so he can calculate (g a) b mod p = g ab mod p. So both Alice and Bob were able to calculate a common Final key without sharing each others private random number and eve sitting in between will not be able to determine the Final key as the private numbers were never. In this example, Alice obtains the value of s=2; To obtain the shared secret, Bob computes s = A^b mod p. Lecture 12: Public-Key Cryptography and the RSA Algorithm 47 ·44 mod 15 = 4(7+4) mod 8 mod 15 = 43 mod 15 = 64 mod 15 = 4 (43)5 mod 15 = 4(3×5) mod 8 mod 15 = 47 mod 15 = 4 Note that in both cases the base of the exponent, 4, is coprime to the modulus 15. [1] によって提案された耐量子計算機暗号と呼ばれる格子暗号の一種です。(耐量子計算機暗号については次のセクションで簡単に説明します) この記事では[1]とJ. l 1 = x 3 1 3 x 5 1 5 x2 8x+ 15 8 (mod 17) l 2 = x 1 3 1 x 5 3 5 x2 6x+ 5 4. It uses the same domain parameters$(p,q,g)$and private/public key pair$(b,B=g^b\bmod p)$for a recipient B. A questo punto Alice calcola K A = B a mod p, mentre Bob calcola K B = A b mod p. Alice is also confident that she can sell the products abroad and she can answer questions from potential buyers thanks to MT Connect, which is a chat application built-in MT Market that provides real-time autotranslation between the buyers and sellers. Since the shift is in f1;:::;25g, they can easily communicate to each other which shift to use. Bob 选取随机大整数y，发送Y=g^y mod n 给Coral。 Coral 选取随机大整数z，发送Z=g^z mod n 给Alice。 （2） Alice 计算X1=Z^x mod n 给Bob。 Bob 计算Y1=X^y mod n 给Coral。 Coral 计算Z1=Y^zmod n 给Alice。 （3） Alice 计算k=Z1^x mod n作为秘密密钥. The AnBx Compiler and Java Code Generator is a tool for automatic generation of Java implementations of security protocols specified in the Alice and Bob notation. o Alice computes k=Yx mod n o Bob computes k'=Xy mod n o The secret key k=k'=gxy mod n o No one listening can compute the value k since they only know n, g, X, Y, and it is too difficult to compute the log to obtain x and y. (a) Bob's public key is the pair N = 1842338473 and a = 1532411781. Bob looks at the j-th number (not countingp) sent from Alice, and decides that i ≥ j if it is equal to x mod p, and i < j otherwise. However, he can occasionally be a very sarcastic person, and he will occasionally be uncontrollable due to his bipolar disorder. Now Bob can use Alice's public key to reply to Alice without Eve being able to understand any of the transmitted data. To sign the document, we pull a clever little trick, all assuming that the RSA algorithm is quick and reliable, mostly due to property (c). Alice chooses a random number and encrypts it with the key. Not only does public key cryptography solve key. Alice now knows a and Bob's public key g^b mod p. Alice and Bob are playing a game. : knowing y=EK [x], it should be difficult to find x • However, EKmust not be one-way from Alice's perspective. [1] によって提案された耐量子計算機暗号と呼ばれる格子暗号の一種です。(耐量子計算機暗号については次のセクションで簡単に説明します) この記事では[1]とJ. Wavy and straight, shaggy and sleek, asymmetrical and symmetrical bobs offer you the modern look, diversity and convenience you want from a hairstyle. The scheme is easy to describe, easy to code, and easy to decode. Alice selects a random a2Z p and sends x= ga mod pto Bob. – Alice has public key K – EKmust be a one-way function, i. Note that Eve gets to see the values of A and B, since they are sent over the insecure communication channel. Alice sends x 1 a(mod p) to Bob, and Bob sends x 2 b(mod p) to Alice. B = g b mod p {\displaystyle g^{b}\mod p} 5. Alice selects a random a2Z p and sends x= ga mod pto Bob. After Bob disappears, Alice walks to Point 2. Therefore both Alice and Bob know a shared secret g ab mod p. In static-static mode both. Harvey 2017 Key Exchange (Optional slide) Why does this work They are solving the same problem. Solution: Mallory is performing a man-in-the-middle attack on Alice and Bob. In this example, Bob obtains the value of s=2. Kb=(Ya^Xb) mod P. BTS, Billy Ray Cyrus, Diplo, Nas and Mason Ramsey. Both, Alice and Bob have their individual public and private key pair. Alice uses Bob's public key to encrypt a private message before sending it to Bob. Now they can talk aloud, encoding messages with the key. • Bob sent Alice 313 mod 17 = 12. Alice g a! Eve g e! Bob Alice g e Eve g b Bob Now, whenever Alice sends a message to Bob encrypted with gae, Eve can decrypt it, read it, and re-encrypt it with gbe before sending it to Bob. BTS, Billy Ray Cyrus, Diplo, Nas and Mason Ramsey. 