1、Computer-based Asymmetric Key Encryption 计算机非对称密钥加密,Overview of Asymmetric Key encryption 非对称密钥加密概述,probably most significant advance in the 3000 year history of cryptography在3000年密码学历史长河中是一个巨大的进步 uses two keys a public & a private key使用两个密钥一个公钥和一个私钥 asymmetric since parties are not equal 非对称是因为通信双方
2、使用的密钥不相同 complements rather than replaces private key crypto是对对称密钥加密的补充而不是取代,Overview of Asymmetric Key encryption 非对称密钥加密概述,Important to know who should know which key(s)重要的是收发双方应该知道哪些密钥而不需知道哪些密钥 In general:通常 Sender encrypts with recipients public key发送者用接收者的公钥加密 Recipient decrypts with its privat
3、e key接收者用自己的私钥解密,Matrix of Keys 密钥矩阵,Fig 4.1,Asymmetric Key Cryptography 非对称密钥加密,Fig 4.2,Asymmetric Key Example 非对称密钥举例,Consider a bank and its customers考虑一个银行和其客户之间的交易行为 Customers encrypt their messages with banks public key客户用银行的公钥加密消息 Bank decrypts messages with its private key银行用自己的私钥解密消息,Asymme
4、tric Key Cryptography Example 非对称密钥加密举例,Fig 4.3,RSA Algorithm RSA算法,By Rivest, Shamir & Adleman of MIT in 1977 Worlds most popular Asymmetric Key Encryption algorithm世界上最著名的非对称密钥加密算法 Based on exponentiationin a finite (Galois) field over integers modulo a prime 基于有限域中素数的幂模运算 nb. exponentiation takes
5、 O(log n)3) operations (easy) 幂运算时间复杂度为O(log n)3) (容易) security due to cost of factoring large numbers 安全保证在于大数的因式分解 nb. factorization takes O(e log n log log n) operations (hard) 因式分解时间复杂度为O(e log n log log n) (困难),RSA Algorithm RSA算法,Fig 4.4,1. Choose two large prime numbers P and Q.2. Calculate N
6、 = P x Q.3. Select the public key (i.e. the encryption key) E such that it is not a factor of (P 1) and (Q 1).4. Select the private key (i.e. the decryption key) D such that the following equation is true: (D x E) mod (P 1) x (Q 1) = 15. For encryption, calculate the cipher text CT from the plain te
7、xt PT as follows: CT = PTE mod N6. Send CT as the cipher text to the receiver.7. For decryption, calculate the plain text PT from the cipher text CT as follows: PT = CTD mod N,RSA Example RSA例子,Select primes: p=17 choose e=7 Determine d: d*e=1 mod 160 and d 160 Value is d=23 since 237=161= 10160+1 P
8、ublish public key E=7,187 Keep secret private key D=23,17,11,RSA Example RSA例子,Select primes: p=17 choose e=7 Determine d: de=1 mod 160 and d 160 Value is d=23 since 237=161= 10160+1 Publish public key KU=7,187 Keep secret private key KR=23,17,11,为什么不能公布p和q的值?,Example of RSA Algorithm RSA算法举例,Fig 4.
9、6,Symmetric v/s Asymmetric 对称和非对称的比较,Fig 4.7,The best of both worlds digital envelope 两全其美数字信封,A encrypts the plain text with symmetric key K1 Then encrypts K1 with Bs public key K2Key wrapping A puts the cipher text and encrypted symmetric key K1 inside a digital envelope and send to B B decrypts t
10、he encrypted symmetric key K1 with its private key K3 and gets K1 Finally decrypts the cipher text with symmetric key K1 and gets the plain text,Digital Signature Concept 数字签名概念,Sender encrypts message or its fingerprint with its private key发送方用自己的私钥加密消息或其指纹 Guarantees that only the sender could hav
11、e created this message保证了只有发送方才能产生这些消息 Basis for Non-repudiation是不可抵赖检查的基础,Basis for Digital Signatures 数字签名基础,Fig 4.16,Message Digest Concept 消息摘要概念,Also called as Hash也叫散列(哈希) Unique representation of a message是消息的唯一表示 Similar to finger print of a human类似于人的指印,Message Digest Idea 消息摘要思想,Fig 4.18,O
12、riginal number is 7391743Operation Result Multiply 7 by 3 21 Discard first digit 1 Multiply 1 by 9 9 Multiply 9 by 1 9 Multiply 9 by 7 63 Discard first digit 3 Multiply 3 by 4 12 Discard first digit 2 Multiply 2 by 3 6Message digest is 6,消息中的每一位都参加运算,Message Digest Concept 消息摘要概念,Fig 4.19,Message Di
13、gest Demands 1 消息摘要要求-1,Fig 4.20,可行且结果总是相同,Message Digest Demands 2 消息摘要要求-2,Fig 4.21,反向不可行,Message Digest Demands 3 消息摘要要求-3,Fig 4.22,这两个消息摘要必须不相同,Message Digest Differences 消息摘要差异,Even if the original messages differ minutely, message digests differ dramatically即使原始消息差别很小,但消息摘要的差别却很大 Basis for the
14、 guarantee of uniqueness是消息摘要唯一性保证的基础,Message Digest Example 消息摘要举例,Fig 4.23,Message Digest Algorithms 消息摘要算法,Basic principle: Take the original message, and reduce it to a smaller fingerprint基本原理:将原始消息处理成比其小的指印 Examples: MD5, SHA-1例如:MD5,SHA-1 SHA-1 is considered strongerSHA-1算法要强壮些,MD5 Overview MD
15、5概要,1 Pad message so its length is 448 mod 512 填充消息使其长度为448 mod 512 2 Append a 64-bit length value to message 在末尾附加一个64位的消息长度 3 Divide the input into 512-bit blocks将输入分成512位的块 4 initialise 4-word (128-bit) chaining variables (A,B,C,D) 初始4个字(128位)的链接变量(A,B,C,D),MD5 Overview MD5概要,5 process message in
16、 16-word (512-bit) blocks: 处理16个字(512位)的消息块 using 4 rounds of 16 steps operations on message block & chaining variables 对消息块和链接变量使用4轮16步运算 add output to chaining variables input to form new chaining variables value 将输出加到链接变量输入以形成新的链接变量值 6 output hash value is the final chaining variables value输出的散列值
17、是最后的链接变量值,MD5 Overview MD5概要,4轮16次迭代运算,MD5 Compression Function MD5压缩函数,each round has 16 steps of the form: 每一轮要进行16次如下形式的运算 a = b+(a+P(b,c,d)+Mi+Tk)s) a,b,c,d refer to the chaining variables, but used in varying permutations链接变量a,b,c,d 在每步迭代中要进行置换变化 where P(b,c,d) is a different nonlinear function
18、 in each round P(b,c,d)是非线性函数 Ti is a constant valueTi是常量值,One MD5 Operation,每一次迭代ABCD分别循环右移一位,Strength of MD5 MD5的强度,MD5 hash is dependent on all message bits Rivest claims security is good as can be known attacks are: Berson 92 attacked any 1 round using differential cryptanalysis (but cant extend
19、) Boer & Bosselaers 93 found a pseudo collision (again unable to extend) Dobbertin 96 created collisions on MD compression function (but initial constants prevent exploit) conclusion is that MD5 looks vulnerable soon,Secure Hash Algorithm (SHA-1) 安全Hash算法(SHA-1),SHA was designed by NIST & NSA in 199
20、3, revised 1995 as SHA-1SHA由NIST & NSA 在1993年设计,1995年修正为SHA-1 produces 160-bit hash values 产生160位的散列值 now the generally preferred hash algorithm 是目前首选的散列算法 based on design of MD4 with key differences 基于MD4的设计,但在密钥上有差别,Two characteristic of SHA-1 SHA-1的两个特征,It should be computationally infeasible: Ob
21、tain the original message,given its message digest根据消息摘要取得原消息不可行 Find two messages producting the same message digest找到两个消息产生相同消息摘要不可行,SHA Overview SHA概要,pad message so its length is 448 mod 512 append a 64-bit length value to message initialise 5-word (160-bit) buffer (A,B,C,D,E) to (67452301,efcda
22、b89,98badcfe,10325476,c3d2e1f0) process message in 16-word (512-bit) chunks: use 4 rounds of 20 steps operations on message block & chaining variables add output to input to form new chaining variables value output hash value is the final chaining variables value,SHA-1 Compression Function SHA-1压缩函数
23、,each round has 20 steps which replaces the 5 buffer words thus: (A,B,C,D,E) -(E+pt(B,C,D)+(A5)+Wt+Kt),A,(B30),C,D) a,b,c,d refer to the 4 words of the buffer t is the step number pt(B,C,D) is nonlinear function for round Wt is derived from the message sub-block Kt is a constant value derived from s
24、in,Single SHA-1 Iteration 单步SHA-1 迭代,Fig 4.39,有错误?,Single SHA-1 Iteration 单步SHA-1 迭代,Comparison of MD5 and SHA-1 MD5 与 SHA-1比较,Fig 4.42,Message Authentication Code (MAC)消息鉴别码,Similar to message digest与消息摘要相似 In addition, also involves encryption另外,涉及加密 Sender and receiver must know a shared secret k
25、ey发送方和接收方必须知道共享密钥,Message Authentication Code (MAC)消息鉴别码,Fig 4.43,Message Authentication Code (MAC)消息鉴别码,The important respect is that the MAC algorithm is not reversibleit is sufficient to be a one-way function重要的一点是MAC算法不需要可逆一个单向函数就可以了,HMAC Concept HMAC概念,Fig 4.44,Complete HMAC Operation 完整HMAC操作,Fig 4.52,
