In the final discussion posting please describe what components of cryptography impacted you the most.? PFA few Cryptography course pdf chapters.? 500 words
In the final discussion posting please describe what components of cryptography impacted you the most.
PFA few Cryptography course pdf chapters.
500 words. APA forma
-
Stallings_8e_Accessible_fullppt_13.pdf
-
Stallings_8e_Accessible_fullppt_10.pdf
-
Stallings_8e_Accessible_fullppt_04.pdf
-
Stallings_8e_Accessible_fullppt_03.pdf
-
Stallings_8e_Accessible_fullppt_09.pdf
-
Stallings_8e_Accessible_fullppt_08.pdf
-
Stallings_8e_Accessible_fullppt_20.pdf
-
Stallings_8e_Accessible_fullppt_07.pdf
-
Stallings_8e_Accessible_fullppt_19.pdf
Cryptography and Network Security:
Principles and Practice Eighth Edition
Chapter 13
Digital Signatures
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 13.1 Simplified Depiction of
Essential Elements of Digital
Signature Process
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Digital Signature Properties
• It must verify the author and the date and time of the
signature
• It must authenticate the contents at the time of the
signature
• It must be verifiable by third parties to resolve disputes
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Attacks
• Key-only attack
– C only knows A’s public key
• Known message attack
– C is given access to a set of messages and their signatures
• Generic chosen message attack
– C chooses a list of messages before attempting to break A’s signature scheme, independent of A’s public key; C then obtains from A valid signatures for the chosen messages
• Directed chosen message attack
– Similar to the generic attack, except that the list of messages to be signed is chosen after C knows A’s public key but before any signatures are seen
• Adaptive chosen message attack
– C may request from A signatures of messages that depend on previously obtained message-signature pairs
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Forgeries
• Total break
– C determines A’s private key
• Universal forgery
– C finds an efficient signing algorithm that provides an
equivalent way of constructing signatures on arbitrary
messages
• Selective forgery
– C forges a signature for a particular message chosen
by C
• Existential forgery
– C forges a signature for at least one message; C has
no control over the message
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Digital Signature Requirements
• The signature must be a bit pattern that depends on the
message being signed
• The signature must use some information unique to the sender
to prevent both forgery and denial
• It must be relatively easy to produce the digital signature
• It must be relatively easy to recognize and verify the digital
signature
• It must be computationally infeasible to forge a digital signature,
either by constructing a new message for an existing digital
signature or by constructing a fraudulent digital signature for a
given message
• It must be practical to retain a copy of the digital signature in
storage
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Direct Digital Signature
• Refers to a digital signature scheme that involves only the communicating
parties
– It is assumed that the destination knows the public key of the source
• Confidentiality can be provided by encrypting the entire message plus
signature with a shared secret key
– It is important to perform the signature function first and then an outer
confidentiality function
– In case of dispute some third party must view the message and its
signature
• The validity of the scheme depends on the security of the sender’s private key
– If a sender later wishes to deny sending a particular message, the sender
can claim that the private key was lost or stolen and that someone else
forged his or her signature
– One way to thwart or at least weaken this ploy is to require every signed
message to include a timestamp and to require prompt reporting of
compromised keys to a central authority
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
ElGamal Digital Signature
• Scheme involves the use of the private key for encryption
and the public key for decryption
• Global elements are a prime number q and a, which is a
primitive root of q
• Use private key for encryption (signing)
• Uses public key for decryption (verification)
• Each user generates their key
– Chooses a secret key (number): 1 < xA < q-1
– Compute their public key: yA = a xA mod q
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Schnorr Digital Signature
• Scheme is based on discrete logarithms
• Minimizes the message-dependent amount of computation
required to generate a signature
– Multiplying a 2n-bit integer with an n-bit integer
• Main work can be done during the idle time of the
processor
• Based on using a prime modulus p, with p – 1 having a
prime factor q of appropriate size
– Typically p is a 1024-bit number, and q is a 160-bit
number
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
N I S T Digital Signature Algorithm
• Published by N I S T as Federal Information Processing
Standard F I P S 186
• Makes use of the Secure Hash Algorithm (S H A)
• The latest version, F I P S 186-3, also incorporates digital
signature algorithms based on R S A and on elliptic curve
cryptography
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 13.2 Two Approaches to
Digital Signatures
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 13.3 The Digital Signature
Algorithm (D S A)
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 13.4 D S A Signing and Verifying
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Elliptic Curve Digital Signature
Algorithm (E C D S A)
• Four elements are involved:
– All those participating in the digital signature scheme use
the same global domain parameters, which define an elliptic
curve and a point of origin on the curve
– A signer must first generate a public, private key pair
– A hash value is generated for the message to be signed;
using the private key, the domain parameters, and the hash
value, a signature is generated
– To verify the signature, the verifier uses as input the signer’s
public key, the domain parameters, and the integer s; the
output is a value v that is compared to r ; the signature is
verified if the v = r
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 13.5 E C D S A Signing and
Verifying
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
R S A-P S S
• R S A Probabilistic Signature Scheme
• Included in the 2009 version of F I P S 186
• Latest of the R S A schemes and the one that R S A Laboratories
recommends as the most secure of the R S A schemes
• For all schemes developed prior to P S S it has not been possible
to develop a mathematical proof that the signature scheme is as
secure as the underlying R S A encryption/decryption primitive
• The PSS approach was first proposed by Bellare and Rogaway
• This approach, unlike the other R S A-based schemes,
introduces a randomization process that enables the security of
the method to be shown to be closely related to the security of
the R S A algorithm itself
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Mask Generation Function (M G F)
• Typically based on a secure cryptographic hash function
such as S H A-1
– Is intended to be a cryptographically secure way of
generating a message digest, or hash, of variable
length based on an underlying cryptographic hash
function that produces a fixed-length output
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 13.6 R S A-P S S Encoding
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 13.7 R S A-P S S E M Verification
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Summary
• Present an overview of the digital signature process
• Understand the ElGamal digital signature scheme
• Understand the Schnorr digital signature scheme
• Understand the N I S T digital signature scheme
• Compare and contrast the N I S T digital signature scheme
with the ElGamal and Schnorr digital signature schemes
• Understand the elliptic curve digital signature scheme
• Understand the R S A-P S S digital signature scheme
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Copyright
This work is protected by United States copyright laws and is
provided solely for the use of instructors in teaching their
courses and assessing student learning. Dissemination or sale of
any part of this work (including on the World Wide Web) will
destroy the integrity of the work and is not permitted. The work
and materials from it should never be made available to students
except by instructors using the accompanying text in their
classes. All recipients of this work are expected to abide by these
restrictions and to honor the intended pedagogical purposes and
the needs of other instructors who rely on these materials.
,
Cryptography and Network Security:
Principles and Practice Eighth Edition
Chapter 10
Other Public-Key Cryptosystems
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Diffie-Hellman Key Exchange
• First published public-key algorithm
• A number of commercial products employ this key
exchange technique
• Purpose is to enable two users to securely exchange a key
that can then be used for subsequent symmetric
encryption of messages
• The algorithm itself is limited to the exchange of secret
values
• Its effectiveness depends on the difficulty of computing
discrete logarithms
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 10.1 The Diffie–Hellman Key
Exchange
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 10.2 Man-in-the-Middle Attack
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
ElGamal Cryptography
• Announced in 1984 by T. Elgamal
• Public-key scheme based on discrete logarithms closely
related to the Diffie-Hellman technique
• Used in the digital signature standard (DSS) and the
S/MIME e-mail standard
• Global elements are a prime number q and a which is a
primitive root of q
• Security is based on the difficulty of computing discrete
logarithms
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 10.3 The ElGamal
Cryptosystem
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Elliptic Curve Arithmetic
• Most of the products and standards that use public-key
cryptography for encryption and digital signatures use RSA
– The key length for secure RSA use has increased over
recent years and this has put a heavier processing load
on applications using RSA
• Elliptic curve cryptography (ECC) is showing up in
standardization efforts including the IEEE P1363 Standard
for Public-Key Cryptography
• Principal attraction of ECC is that it appears to offer equal
security for a far smaller key size
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Abelian Group
• A set of elements with a binary operation, denoted by •,
that associates to each ordered pair (a, b) of elements in G
an element (a • b) in G, such that the following axioms are
obeyed:
(A1) Closure: If a and b belong to G, then a • b is
also in G
(A2) Associative: a • (b • c) = (a • b) • c for all a, b, c
in G
(A3) Identity element: There is an element e in G such
that a • e = e • a = a for all a in G
(A4) Inverse element: For each a in G there is an element
a′ in G such that a • a′ = a′ • a = e
(A5) Commutative: a • b = b • a for all a, b in G
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 10.4 Example of Elliptic
Curves
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Elliptic Curves Over Zp
• Elliptic curve cryptography uses curves whose variables and
coefficients are finite
• Two families of elliptic curves are used in cryptographic
applications:
• Prime curves over Zp
– Use a cubic equation in which the variables and coefficients
all take on values in the set of integers from 0 through p-1
and in which calculations are performed modulo p
– Best for software applications
• Binary curves over GF(2m)
– Variables and coefficients all take on values in GF(2m) and
in calculations are performed over GF(2m)
– Best for hardware applications
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Table 10.1 Points (other than O) on the
Elliptic Curve E23(1, 1)
(0, 1) (6, 4) (12, 19)
(0, 22) (6, 19) (13, 7)
(1, 7) (7, 11) (13, 16)
(1, 16) (7, 12) (17, 3)
(3, 10) (9, 7) (17, 20)
(3, 13) (9, 16) (18, 3)
(4, 0) (11, 3) (18, 20)
(5, 4) (11, 20) (19, 5)
(5, 19) (12, 4) (19, 18)
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 10.5 The Elliptic Curve
E23(1, 1)
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Elliptic Curves Over GF(2m)
• Use a cubic equation in which the variables and
coefficients all take on values in GF(2m) for some number
m
• Calculations are performed using the rules of arithmetic in
GF(2m)
• The form of cubic equation appropriate for cryptographic
applications for elliptic curves is somewhat different for
GF(2m) than for Zp
– It is understood that the variables x and y and the
coefficients a and b are elements of GF(2m) and that
calculations are performed in GF(2m)
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Table 10.2 Points (other than O) on
the Elliptic Curve E2 4(g4, 1)
(0, 1) (g5, g3) (g9, g13)
(1, g6) (g5, g11) (g10, g)
(1, g13) (g6, g8) (g10, g8)
(g3, g8) (g6, g14) (g12, 0)
(g3, g13) (g9, g10) (g12, g12)
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 10.6 The Elliptic Curve
E2 4(g4, 1)
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Elliptic Curve Cryptography (ECC)
• Addition operation in ECC is the counterpart of modular
multiplication in RSA
• Multiple addition is the counterpart of modular
exponentiation
• To form a cryptographic system using elliptic curves, we
need to find a “hard problem” corresponding to factoring
the product of two primes or taking the discrete logarithm
– Q=kP, where Q, P belong to a prime curve
– Is “easy” to compute Q given k and P
– But “hard” to find k given Q, and P
– Known as the elliptic curve logarithm problem
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 10.7 ECC Diffie–Hellman Key
Exchange
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Security of Elliptic Curve
Cryptography
• Depends on the difficulty of the elliptic curve logarithm
problem
• Fastest known technique is “Pollard rho method”
• Compared to factoring, can use much smaller key sizes
than with RSA
• For equivalent key lengths computations are roughly
equivalent
• Hence, for similar security ECC offers significant
computational advantages
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Table 10.3 Comparable Key Sizes in
Terms of Computational Effort for
Cryptanalysis (NIST SP-800-57)
Symmetric Key
Algorithms
Diffie–Hellman, Digital
Signature Algorithm
RSA
(size of n in bits)
ECC (modulus size
in bits)
80 L = 1024
N = 160 1024 160–223
112 L = 2048
N = 224 2048 224–255
128 L = 3072
N = 256 3072 256–383
192 L = 7680
N = 384 7680 384–511
256 L = 15,360
N = 512 15,360 512 +
Note: L = size of public key, N = size of private key.
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Summary
• Define Diffie-Hellman Key Exchange
• Understand the Man-in-the-middle attack
• Present an overview of the Elgamal cryptographic system
• Understand Elliptic curve arithmetic
• Present an overview of elliptic curve cryptography
• Present two techniques for generating pseudorandom numbers using an asymmetric cipher
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Copyright
This work is protected by United States copyright laws and is
provided solely for the use of instructors in teaching their
courses and assessing student learning. Dissemination or sale of
any part of this work (including on the World Wide Web) will
destroy the integrity of the work and is not permitted. The work
and materials from it should never be made available to students
except by instructors using the accompanying text in their
classes. All recipients of this work are expected to abide by these
restrictions and to honor the intended pedagogical purposes and
the needs of other instructors who rely on these materials.
,
Cryptography and Network Security:
Principles and Practice Eighth Edition
Chapter 4
Block Ciphers and the Data
Encryption Standard
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Stream Cipher (1 of 2)
• Encrypts a digital data stream one bit or one byte at a time
– Examples:
▪ Autokeyed Vigenère cipher
▪ Vernam cipher
• In the ideal case, a one-time pad version of the Vernam cipher
would be used, in which the keystream is as long as the
plaintext bit stream
– If the cryptographic keystream is random, then this cipher is
unbreakable by any means other than acquiring the
keystream
▪ Keystream must be provided to both users in advance
via some independent and secure channel
▪ This introduces insurmountable logistical problems if the
intended data traffic is very large
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Stream Cipher (2 of 2)
• For practical reasons the bit-stream generator must be
implemented as an algorithmic procedure so that the
cryptographic bit stream can be produced by both users
– It must be computationally impractical to predict future
portions of the bit stream based on previous portions of
the bit stream
– The two users need only share the generating key and
each can produce the keystream
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Block Cipher
• A block of plaintext is treated as a whole and used to
produce a ciphertext block of equal length
• Typically a block size of 64 or 128 bits is used
• As with a stream cipher, the two users share a symmetric
encryption key
• The majority of network-based symmetric cryptographic
applications make use of block ciphers
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 4.1 Stream Cipher and Block Cipher
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 4.2 General n-bit-n-bit Block
Substitution (shown with n = 4)
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Table 4.1 Encryption and Decryption Tables for
Substitution Cipher of Figure 4.2
Plaintext Ciphertext
0000 1110
0001 0100
0010 1101
0011 0001
0100 0010
0101 1111
0110 1011
0111 1000
1000 0011
1001 1010
1010 0110
1011 1100
1100 0101
1101 1001
1110 0000
1111 0111
Ciphertext Plaintext
0000 1110
0001 0011
0010 0100
0011 1000
0100 0001
0101 1100
0110 1010
0111 1111
1000 0111
1001 1101
1010 1001
1011 0110
1100 1011
1101 0010
1110 0000
1111 0101
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Feistel Cipher
• Feistel proposed the use of a cipher that alternates substitutions and
permutations
• Substitutions
– Each plaintext element or group of elements is uniquely replaced
by a corresponding ciphertext element or group of elements
• Permutation
– No elements are added or deleted or replaced in the sequence,
rather the order in which the elements appear in the sequence is
changed
• Is a practical application of a proposal by Claude Shannon to develop
a product cipher that alternates confusion and diffusion functions
• Is the structure used by many significant symmetric block ciphers
currently in use
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Diffusion and Confusion • Terms introduced by Claude Shannon to capture the two basic building blocks
for any cryptographic system
– Shannon’s concern was to thwart cryptanalysis based on statistical
analysis
• Diffusion
– The statistical structure of the plaintext is dissipated into long-range
statistics of the ciphertext
– This is achieved by having each plaintext digit affect the value of many
ciphertext digits
• Confusion
– Seeks to make the relationship between the statistics of the ciphertext
and the value of the encryption key as complex as possible
– Even if the attacker can get some handle on the statistics of the
ciphertext, the way in which the key was used to produce that ciphertext is so complex as to make it difficult to deduce the key
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 4.3 Feistel Encryption and
Decryption (16 rounds)
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Feistel Cipher Design Features (1 of 2)
• Block size
– Larger block sizes mean greater security but reduced
encryption/decryption speed for a given algorithm
• Key size
– Larger key size means greater security but may
decrease encryption/decryption speeds
• Number of rounds
– The essence of the Feistel cipher is that a single round
offers inadequate security but that multiple rounds offer
increasing security
• Subkey generation algorithm
– Greater complexity in this algorithm should lead to
greater difficulty of cryptanalysis
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Feistel Cipher Design Features (2 of 2)
• Round function F
– Greater complexity generally means greater resistance
to cryptanalysis
• Fast software encryption/decryption
– In many cases, encrypting is embedded in applications
or utility functions in such a way as to preclude a
hardware implementation; accordingly, the speed of
execution of the algorithm becomes a concern
• Ease of analysis
– If the algorithm can be concisely and clearly explained,
it is easier to analyze that algorithm for cryptanalytic
vulnerabilities and therefore develop a higher level of
assurance as to its strength
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Feistel Example
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Data Encryption Standard (DES)
• Issued in 1977 by the National Bureau of Standards (now
NIST) as Federal Information Processing Standard 46
• Was the most widely used encryption scheme until the
introduction of the Advanced Encryption Standard (AES) in
2001
• Algorithm itself is referred to as the Data Encryption
Algorithm (DEA)
– Data are encrypted in 64-bit blocks using a 56-bit key
– The algorithm transforms 64-bit input in a series of
steps into a 64-bit output
– The same steps, with the same key, are used to
reverse the encryption
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 4.5 General Depiction of DES
Encryption Algorithm
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Table 4.2 DES Example
Note: DES subkeys are shown as eight 6-bit values in hex format
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Table 4.3 Avalanche Effect in DES: Change in Plaintext
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Table 4.4 Avalanche Effect in DES: Change in Key
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Table 4.5 Average Time Required for Exhaustive
Key Search
Key Size
(bits) Cipher
Number of
Alternative Keys
Time Required at 109
Decryptions/s
Time Required
at 1013
Decryptions/s
56 DES 256 ≈ 7.2 × 1016 255 ns = 1.125 years 1 hour
128 AES 2128 ≈ 3.4 × 1038 2127 ns = 5.3 × 1021 years 5.3 × 1017 years
168 Triple DES 2168 ≈ 3.7 × 1050 2167 ns = 5.8 × 1033 years 5.8 × 1029 years
192 AES 2192 ≈ 6.3 × 1057 2191 ns = 9.8 × 1040 years 9.8 × 1036 years
256 AES 2256 ≈ 1.2 × 1077 2255 ns = 1.8 × 1060 years 1.8 × 1056 years
26 characters
(permutation)
Monoalphabetic 2! = 4 × 1026 2 × 1026 ns = 6.3 × 109
years
6.3 × 106 years
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Strength of DES
• Timing attacks
– One in which information about the key or the plaintext is
obtained by observing how long it takes a given
implementation to perform decryptions on various
ciphertexts
– Exploits the fact that an encryption or decryption algorithm
often takes slightly different amounts of time on different
inputs
– So far it appears unlikely that this technique will ever be
successful against DES or more powerful symmetric ciphers
such as triple DES and AES
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Block Cipher Design Principles:
Number of Rounds • The greater the number of rounds, the more difficult it is to
perform cryptanalysis
• In general, the criterion should be that the number of
rounds is chosen so that known cryptanalytic efforts
require greater effort than a simple brute-force key search
attack
• If DES had 15 or fewer rounds, differential cryptanalysis
would require less effort than a brute-force key search
Copyright © 2020 Pearson Education, Inc. A
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.