- 1.8 Public-key cryptography. - The most complete non-technical account of the subject is Kahn’s The Codebreakers. - for key exchange, the security of which is based on the intractability of the discrete loga- rithm problem. - One of the most significant contributions provided by public-key cryptography is the digital signature. - The reader will be made aware of the basic issues and pointed to specific related research in the literature where more indepth discus- sions can be found. - This also serves the purpose of not obscuring the very applied nature of the subject. - It does not attempt to convey all of the details and subtleties inherent to the subject. - corroboration of the identity of an entity (e.g., a person, a computer terminal, a credit card, etc.).. - One of the fundamental tools used in information security is the signature. - it cannot simply be something unique to the signer and independent of the in- formation signed. - Analogues of the “paper protocols” currently in use are required. - There is, however, no guarantee that all of the information security ob- jectives deemed necessary can be adequately met. - Figure 1.1 provides a schematic listing of the primitives considered and how they relate. - Public-key Primitives. - Public-key ciphers Identification primitives. - Often it is given in terms of the number of operations required (using the best methods currently known) to defeat the intended objective. - Which primitives are most effective for a given objective will be determined by the basic properties of the primitives.. - A set consists of distinct objects which are called elements of the set. - For example, a set X might consist of the elements a, b, c, and this is denoted X. - The set X is called the domain of the function and Y the codomain. - If x is an element of X (usually written x ∈ X ) the image of x is the element in Y which the rule f associates with x. - Figure 1.2 shows a schematic of the sets X, Y and the function f . - The preimage of the element 2 is a. - Thinking of a function in terms of the schematic (sometimes called a functional dia- gram) given in Figure 1.2, each element in the domain X has precisely one arrowed line originating from it. - Y is 1 − 1 , and X and Y are finite sets of the same size, then f is a bijection.. - In Example 1.3 the element 3 is not the image of any element in the domain. - but for most of the elements in the codomain it is not that easy.. - Note that any alphabet can be encoded in terms of the binary alphabet. - The key space K has six elements in it, each specifying one of the transformations. - 1.23 Definition An encryption scheme is said to be breakable if a third party, without prior knowledge of the key pair ( e, d. - An appropriate time frame will be a function of the useful lifespan of the data being protected. - This is called an exhaustive search of the key space. - It follows then that the number of keys (i.e., the size of the key space) should be large enough to make this approach computationally infeasible. - compromise of the system details should not inconvenience the correspondents;. - Point 2 allows that the class of encryption transformations being used be publicly known and that the security of the system should reside only in the key chosen.. - Breaking an information security service (which often involves more than simply en- cryption) implies defeating the objective of the intended service.. - Public-key encryption is the topic of § 1.8.. - 1.24 Definition Consider an encryption scheme consisting of the sets of encryption and de- cryption transformations { E e : e ∈ K} and { D d : d ∈ K. - To decrypt, the inverse permutation d = e −1 is applied to each letter of the ciphertext. - A two-party communication using symmetric-key encryption can be described by the block diagram of Figure 1.7, which is Figure 1.6 with the addition of the secure (both con-. - One of the major issues with symmetric-key systems is to find an efficient method to agree upon and exchange keys securely. - In Figure 1.7 the encryption key e is transported from one entity to the other with the understanding that both can construct the decryption key d.. - The number of distinct substitution ciphers is q ! and is independent of the block size in the cipher. - If the alphabet is the English alphabet as in Exam- ple 1.25, then the size of the key space is 26. - The key for the cipher consists of the sets H ( a. - The plaintext message block ab encrypts to one of the following . - Observe that the codomain of the encryption function (for messages of length two) consists of the following pairwise disjoint sets of four-element bitstrings:. - (ii) encryption of the message m. - Figure 1.8: The composition g ◦ f of functions g and f. - E k 1 , the composition of the involutions in the reverse order.. - Figure 1.9: The composition g ◦ f of involutions g and f is not an involution.. - As will be seen in Chapter 7 some of the most practical and effective symmetric-key systems are product ciphers. - k t of the same length to produce a ciphertext string c 1 c 2. - It has been proven that to realize an unbreakable system requires a random key of the same length as the message. - This reduces the practicality of the system in all but a few specialized situations.. - Transport of the key was done by trusted courier.. - The size of the key space is the number of encryption/decryption key pairs that are available in the cipher system. - It is a great temptation to relate the security of the encryption scheme to the size of the key space. - Property (b) provides the security for the method – the signature uniquely binds A to the message which is signed.. - Authentication is one of the most important of all information security objectives. - Different techniques are now required to authenticate the originator of the message. - The banking machine uses the information on the card and the PIN to verify the identity of the card holder. - 1.8.1 Public-key encryption. - Public-key encryption, as described here, assumes that knowledge of the public key e does not allow computation of the private key d. - 1.50 Definition Consider an encryption scheme consisting of the sets of encryption and decryp-. - 1.8 Public-key cryptography 27. - Figure 1.12: Schematic use of public-key encryption.. - This highlights the necessity to authenticate public keys to achieve data origin authentication of the public keys themselves. - 1.8.3 Digital signatures from reversible public-key encryption. - 1.8 Public-key cryptography 29. - Let ( e, d ) be a key pair for the public-key encryption scheme.. - For digital signatures to be useful in practice, concrete realizations of the preceding con- cepts should have certain additional properties. - 1.8 Public-key cryptography 31. - public-key cryptography. - (iii) Advantages of public-key cryptography. - (iv) Disadvantages of public-key encryption. - In this scenario A and B can take advantage of the long term nature of the public/private keys of the public-key scheme and the performance efficiencies of the symmetric-key scheme. - Since data encryption is fre- quently the most time consuming part of the encryption process, the public-key scheme for key establishment is a small fraction of the total encryption process between A and B.. - One of the fundamental primitives in modern cryptography is the cryptographic hash func- tion, often informally called a one-way hash function. - The basic primitives are the symmetric-key and the public-key encryption schemes. - 1.60 Example (forward search attack) Suppose that in an electronic bank transaction the 32 - bit field which records the value of the transaction is to be encrypted using a public-key scheme. - 1.11 Key establishment, management, and certification 35 each of the 2 32 ciphertexts with the one which is actually encrypted in the transaction, the adversary can determine the plaintext. - The public key along with the identity of the entity is stored in a central repository called a public file. - Advantages of using a TTP to maintain the integrity of the public file include:. - If the signing key of the TTP is compromised, all communications become insecure.. - 1.11.2 uses a functionally trusted TTP to maintain the integrity of the public file. - Public-key certificates. - The data part con- sists of the name of an entity, the public key corresponding to that entity, possibly additional relevant information (e.g., the entity’s street or network address, a validity period for the public key, and various other attributes). - The signature part consists of the signature of a TTP over the data part.. - In order for an entity B to verify the authenticity of the public key of an entity A, B must have an authentic copy of the public signature verification function of the TTP. - Often in cryptographic applications, one of the following steps must be performed:. - What is the chance that the sequence occurs? Since each element in the sequence has probability 49 1 of occuring, the probability of the sequence occurring is. - It has no practical value other than to serve as an example of the idea of random. - Here an adversary assumes the identity of one of the legitimate par- ties in a network.. - Most of the best known public-key and symmetric- key schemes in current use are in this class. - 1.4 described how the designer of an encryption system tries to create a scheme for which the best approach to breaking it is through exhaustive search of the key space. - Mitchell, Piper, and Wild [882] give a good general treatment of the subject. - Another good source for the early history and development of the subject is Diffie [343]. - Much of the early work on cryptographic hash functions was done by Merkle [850]. - The most comprehensive current treatment of the subject is by Preneel [1004].
Xem thử không khả dụng, vui lòng xem tại trang nguồn hoặc xem
Tóm tắt