Author : Prof Bill Buchanan · Author : Prof Bill Buchanan RC 2 . RC 2 . RC 2 (" Rivest Cipher ") is a block cipher , and is seen as a replacement for DES . It was created by Ron

Author: Prof Bill Buchanan

Advanced

CryptoAlice

Eve

Trent

Bob

2. Public key, private key and key exchange.

http://asecuritysite.com/crypto

Key Entropy. Key generators. Private key (AES, Twofish, CAST, IDEA, Blowfish, DES, 3DES, RC2, RC4/RC5, Skipjack, Camellia, Affine). Stream or block? ECB/CBC/OFB. Salting. Public key (RSA, DSA, ElGamal). Elliptic curve. Diffie-Hellman. FIPS.

Intr

oduc

tion

Enc

rypt

ion Trusted third party

Intruder


Bob

Trent

Alice

Eve

Privacy (Private Key)

Identity (Public Key)

Integrity (Public/Private Key)

John

John

Enc

rypt

ion


Encryption/

Decryption

Public key

Private key Public key

Private keyUsed to authenticate (RSA)

Key exchange (Diffie-Hellman)

Secret key used to encrypt/decrypt

(DES/3DES/AES)

Con

clus

ion

Enc

rypt

ion


Communications

Channel

Encryption/

Decryption

Encryption/

Decryption

BobAlice

Eve

Public key

Private key Public key

Private key

Typical application:

Diffie-Hellman used to generate private-key.

Public-key used for authentication.

Private-key used for encryption.

Used to authenticate (RSA)

Key exchange (Diffie-Hellman)

Secret key used to encrypt/decrypt

(DES/3DES/AES)

John

John

John

John

RSA 2048 bits

Replace by:

ElGamal 160bits


Advanced

CryptoAlice

Eve

Trent

Bob



Block or stream?

Priv

ate-

key

met

hods

Enc

rypt

ion


RC4. This is a stream encryption algorithm, and is used in wireless

communications (such as in WEP) and SSL (Secure Sockets).

RC4IV and

Key

+

Data stream

(eg 0101010 …. 010)

Pseudo infinite stream

(eg 1110000 … 100)

The IV (Initiation Vector)

gives variation in the

output for the same key

Cipher stream

(eg 1010110 … 110)

Data stream 0101010 … 010

Pseudo infinite stream 1110000 … 100

Cipher stream 1010110 … 110

+

Ex-OR operator


Advanced

CryptoAlice

Eve

Trent

Bob



Private Key

Priv

ate

key

Enc

rypt

ion


RC2. RC2. RC2 ("Rivest Cipher") is

a block cipher, and is seen as a

replacement for DES. It was created

by Ron Rivest in 1987, and is a 64-

bit block code and can have a key

size from 40 bits to 128-bits (in

increments of 8 bits). The 40-bit key

version is seen as weak, as the

encryption key is so small, but is

favoured by governments for export

purposes, as it can be easily

cracked. In this case the key is

created from a Key and an IV

(Initialisation Vector). The key has

12 characters (96 bits), and the IV

has 8 characters (64 bits), which go

to make the overall key.

DES. DES encryption algorithm is

block cipher and uses a 64-bit block

and a 64-bit encryption key.

3DES. DES encryption algorithm is

block cipher and uses a 64-bit block

and a 64-bit encryption key (of which

only 56 bits are actively used in the

encryption process). Unfortunately

DES has been around for a long

time, and the 56-bit version is now

easily crackable (in less than a day,

on fairly modest equipment). An

enhancement, and one which is still

fairly compatible with DES, is the 3-

DES algorithm. It has three phases,

and splits the key into two. Overall

the key size is typically 112 bits

(2x54 bits - with a combination of the

three keys - of which two of the keys

are typically the same). The

algorithm is EncryptK3( DecryptK2(

EncryptK1(message), where K1 and

K3 are typically the same (to keep

compatibility).

DES

Bruce Schneier created Twofish with

a general-purpose private key block

cipher encryption algorithm.

RC2

AES

AES. AES (or Rijndael) is a new

block cipher, and is the new

replacement for DES, and uses 128-

bit blocks with 128, 192 and 256 bit

encryption keys. It was selected by

NIST in 2001 (after a five year

standardisation process). The name

Rijndael comes from its Belgium

creators: Joan Daemen and Vincent

Rijmen.

Blowfish

Blowfish. Bruce Schneier created

Blowfish with a general-purpose

private key block cipher encryption

algorithm.

Blowfish (with CBC). Blowfishcbc.

With CBC we split the message into

blocks and encrypt each block. The

input from the first stage is the IV

(Initialisation Vector), and the input

to the following stages is the output

from the previous stage. In this

example we will use Blowfish to

encrypt, using CBC.

Twofish

Skipjack. Skip jack. Skipjack is a

block cipher, using private-key

encryption algorithm, and

designed by NSA.

Camellia. Camillia is a block

cipher created by Mitsubishi and

NTT.

RC4. RC4 is a stream cipher

used in WEP (in wireless

encryption).

Affine. Affine is a stream cipher

which uses an equation to

encrypt.

Others

DES

(Enc)

DES

(Dec)

DES

(Enc)

K1

K2

K1


Advanced

CryptoAlice

Eve

Trent

Bob



Key Exchange

Logs

Enc

rypt

ion


BobAlice

Eve

AxAy

(Ax)y Axy

A(x+y)

John

John

Logs

Enc

rypt

ion


BobAlice

Eve

Private key

Ax AY

yx AAgreed number

Random value Random value

AxAY

Logs

Enc

rypt

ion


BobAlice

Eve

Ax AY

yx AAgreed number

Random value Random value

AxAY

(AY)x (Ax)y


Advanced

CryptoAlice

Eve

Trent

Bob



Public Key

RS

AE

ncry

ptio

n


Select two primes (p,q)

Next, the n value is calculated. Thus:

n = p x q = 11 x 3 = 33

Next PHI is calculated by:

PHI = (p-1)(q-1) = 20

e selected so that GCD(e,PHI)=1

Public key: (n,e)

Pub

lic-k

ey e

ncry

ptio

nE

ncry

ptio

n


Bob Select two prime numbers: a and b

n = a x b

e is chosen so that e and (a-1)x(b-1)

are relatively prime (no common

factor greater than 1)

Public key is now: <e,n>

d = e-1 mod [(a-1)x(b-1)]

Private key is now: <d,n>

Generating public and private keys

http://buchananweb.co.uk/rsa.zip

Pub

lic-k

ey e

ncry

ptio

nE

ncry

ptio

n


Public key are keys which

relate to extremely large prime

numbers (as it is difficult to

factorise large prime

numbers). It is extremely

difficult to determine a private

key from a public key.

Public-key

Communications

ChannelEncryption Decryption

BobAlice

Eve

Public key

Private key

Public key

Private key

Public key generates two keys: A

public key and a private one. These are

special in that if one is applied to encrypt,

the other can be used to decrypt

Pu

blic

-ke

y e

ncry

ptio

nE

ncry

ptio

n


Once Bob encrypts the

message, the only key

which can decrypt it is

Alice’s private key.

Bob and Alice keep their

private keys secret.

Public-key

Communications

ChannelEncryption Decryption

BobAlice

Eve

Public key

Private key

Public key

Private key

Hello

H&$d.

Hello

B

C

D

A

A. Bob creates the message.

B. Bob encrypts with Alice’s public key

and sends Alice the encrypted message

C. Alice decrypts with her private key

D. Alice receives the message

The

mag

ic p

rivat

e ke

yA

uthe

ntic

atio

n


Using Bob’s private key to authenticate himself

Bob

Message

MD5

Message

Encrypted

MD5

Bob’s

private

key

Bob’s

public

key

The

mag

ic p

rivat

e ke

yA

uthe

ntic

atio

n


Bob encrypts the message/hash with Alice’s public key

Bob

Message

MD5

Message

Encrypted

MD5

Bob’s

private

key

Bob’s

public

key

Alice’s

private

key

Alice’s

public

key

Encrypted

Content

Alice

The

mag

ic p

rivat

e ke

yA

uthe

ntic

atio

n


Bob encrypts the message/hash with Alice’s public key

Bob

Message

MD5

Message

Encrypted

MD5

Bob’s

private

key

Bob’s

public

key

Alice’s

private

key

Alice’s

public

key

Encrypted

Content

Alice

Encrypted

Content

The

mag

ic p

rivat

e ke

yA

uthe

ntic

atio

n


Alice decrypts the message

Bob

Message

MD5

Message

Encrypted

MD5

Bob’s

private

key

Bob’s

public

key

Alice’s

private

key

Alice’s

public

key

Encrypted

Content

Alice

Encrypted

Content

Message

Encrypted

MD5

The

mag

ic p

rivat

e ke

yA

uthe

ntic

atio

n


Alice decrypts the message

Bob

Message

MD5

Message

Encrypted

MD5

Bob’s

private

key

Bob’s

public

key

Encrypted

Content

Alice

Encrypted

Content

Message

Encrypted

MD5

MD5 (message)

MD5 (result)Alice compares the MD5

values. If they are the

same … Bob sent the

message


Advanced

CryptoAlice

Eve

Trent

Bob



Key Entropy. Key generators. Private key (AES, Twofish, CAST, IDEA, Blowfish, DES, 3DES, RC2, RC4/RC5, Skipjack, Camellia, Affine). Stream or block? ECB/CBC/OFB. Salting. Public key (RSA, DSA, ElGamal). Elliptic curve. Diffie-Hellman. FIPS.


Discrete logarithms

within computer and

network securityProf Bill Buchanan, Edinburgh Napier

http://asecuritysite.com @billatnapier

Introduction.

Encryption:

Public/Private Key.

Key Exchange.

Authentication.

Signatures.

ElGamal.

Bob

Eve

AliceTrent

John

John

ElGamal

Nap

ier’s

logs

Enc

rypt

ion

`


John

John

g = a.b

log(g) = log(a)+log(b)

g = Inverse Log (log(a)+log(b))

g = a/b

log(g) = log(a)-log(b)

g = Inverse Log (log(a)-log(b))

g = ax

log(g) = x.log(a)

g = Inverse Log (x.log(a))

Eg

g = 103

log10(g) = 3.log10(10)

g = 10(3x1)

= 1,000

Dis

cret

e Lo

gsE

ncry

ptio

n

`


John

John

g = ax mod P

For example:

a=5, x=3, P=7

g = 53 mod 7

= 125 mod 7

= 6

ax

ay

(ay)x

(ax)y

Alice

Bob

xy

axy

axy

ElG

amal

Enc

rypt

ion

Bob

Y = gx mod p

Alice

John

John


Eve

Extremely difficult to the value

of x, and there can be many

solutions

Y = 34 mod 17 -> 13

Eve

ElG

amal

Enc

rypt

ion

Bob

Y = gx mod p

g

p

First Bob generates a prime number (p) and a number (g) which

is between 1 and (p-1):

P:

G:

Bob select a random number (x) which will be his private key:

Bob selects a random number(x):

He then calculates Y:

Bob sends g, p and Y to Alice. x

AliceJohn

John



Bob

ygp

Alice

M (message)

K (random)

a=gk mod P

b=yk M mod P

a,b

John

John

Documents

Author : Prof Bill Buchanan · Author : Prof Bill Buchanan RC 2 . RC 2 . RC 2 (" Rivest Cipher ") is a block cipher , and is seen as a replacement for DES . It was created by Ron