Lecture 13: Public Key Cryptography Part 2 Flashcards
Explain the Diffie-Hellman key exchange
See slide 5 in set 28
Explain the protocol for the Diffie-Hellman key exchange
See slide 6 in set 28
What can Z be used to compute and how i.t.o the Diffie-Hellman key exchange
Z can be used to compute a key (e.g. AES) by using a key derivation function based on a public hash function
Explain the Diffie-Hellman key exchange example on slide 7 in set 13
See slide 13 in set 28
Determine the shared key/common secrete i.t.o the Diffie-Hellman key exchange if:
p = 181 g = 2 a = 50 b = 33
See slide 13 in set 28
Comment on the security of the Diffie-Hellman key exchange
An attacker who finds discrete logarithms breaks the protocol
- -> interception g^a mod p and taking the discrete log to get a
- -> computing (g^b)^a in the same way as Bob
No better way known for a passive adversary than by taking discrete logs
–> it is unknown if there is a better way
What does the security of the Diffie-Hellman key exchange rely on?
Difficult log problem
Are the messages between Bob and Alice authenticated in the basic Diffie-Hellman key exchange?
no, not authenticated
I.t.o the Diffie-Hellman key exchange, what is required for Alice/Bob to know how Z (secrete) is shared?
authenticated messages
What is the general idea of the MITM attack on the Diffie-Hellman key exchange?
The adversary sets up 2 keys, 1 with Alice and 1 with Bob, and relays messages between the 2
What is the authentication feature of Diffie-Hellman key change?
Authentication can be added using digital signatures
Explain the authenticated Diffie-Hellman key exchange
See slide 10 set 13
What do both parties know in the authenticated Diffie-Hellman key exchange
Both parties know each other’s public signature verification key
What is an ephemeral key?
key used once and then discarded
Is the protocol on slide 10 in set 13 a static or ephemeral protocol?
ephemeral
What are happens in the static Diffie-Hellman protocol?
See slide 11 in set 13
What makes the static Diffie-Hellman protocol that makes it static?
Long term private keys are chosen by Alice and Bob an they find a shared secrete that is static.
This secrete stays the same until Alice and Bob change their public keys
What is the Elgamal cryptosystem used for?
encryption and signature
What is the key idea of the Elgamal cryptosystem
Alice combines her ephemeral private key with Bob’s long-term public key
Explain the key generation process in the Elgamal cryptosystem
See slide 14 in set 13
Give the encryption process in the Elgamal cryptosystem
See slide 15 in set 28
Give the decryption process in the Elgamal cryptosystem
See slide 15 in set 28
Explain what is used as mask for message M in the Elgamal cryptosystem
See slide 16 in set 28
Explain the Elgamal cryptosystem example on slide 17 in set 13
TODO
How could an attacker break the Elgamal cryptosystem?
An attacker who solves the discrete log problem breaks the Elgamal cryptosystem by determining the private key x from g^x mod p
Is it possible for many uses to share the same p and g i.t.o the Elgamal cryptosystem?
yes
Is padding required in the Elgamal cryptosystem?
No since in RSA –> each ciphertext is already randomised, thanks to the ephemeral key k
What are elliptic curves?
Algebraic structures formed from cubic equations
What are elliptic curves defined over?
Defined over any field
Give an example of an elliptic curve
See slide 20 in set 13
What is an elliptic curve group?
A group over elliptic curve points
What is formed when we add an identity element, then define a binary operation on the point (.e.g multiplication) i.t.o elliptic curves?
Form a group over the elliptic curve points –> elliptic curve group (since 1 operation)
How do we choose an elliptic curve?
Applications usually use standardised curves
Standarised curves generated in a verifiably random way –> difficult to generate curves with any special properties
Explain the elliptic curve example on slide 22 in set 13
See slide 22 in set 13
Which standard is generating new elliptic curves in?
FIPS 186-4 (NIST curves, 2013)
What are discrete logs defined on?
elliptic curve groups
–> if elliptic curve operations denoted as multiplication, then definition same as in Z*p
What are the best know algs for solving discrete log problem?
exponential in length of parameters
IMPORTANT
Comment on the size of keys in elliptic curve implementations
use SMALLER keys
Compare elliptic curve cryptography with RSA in general
relative advantage of elliptic curve cryptography increases at higher security levels
Compare the security between symmetric ciphers, RSA and elliptic curves i.t.o their keys
See slide 24 in set 13
[TODO: need to draw conclusions myself]
Comment on a common practice for elliptic curve cryptography
most cryptosystems based on discrete log construction with elliptic curves as well as Z*p
Give two examples of cryptosystems that run on elliptic curves
1) Diffie-Hellman key exchange
2) Elgamal encryption
Who proposed identity-based cryptography and when?
Shamir, 1982
What are not needed in identify-cryptography and why?
Public keys and certificates not needed
- -> id of key owner replaces the public key
- -> message encryption using public parameters and recipient’s id
What are the limitations of identity-based cryptography?
need of a trusted key generation process
Comment on the generalisation with functional cryptography i.t.o identity-base cryptography
general access policies used to define who may decrypt the ciphertext
Comment on the issues that quantum computers pose if they become available
most current public key cryptography will be broken
- -> Shor’s alg enabling factorisation
- -> Shor’s alg enabling to find discrete logs
What is a concern about quantum cryptography?
building cryptographic primitives still secure if current public key cryptography broken
If quantum computers become available, what must be used for symmetric key cryptography to remain secure?
used double-length keys
–> since Grover’s alg allowing searching
What problems are post-quantum cryptosystems based on?
1) lattice problems
2) coding theory
3) multi-variable polynomial resolution
