際際滷

際際滷Share a Scribd company logo

Digital signatures

Kannan Ravindran
Kannan Ravindran

This is a paper prepared by me. its about the various techniques of digital signatures which plays a vital role in the modern cryptography!

1 of 23
Digital Signatures -Kannan Ravindran
Who am I ? I am Kannan Ravindran, A Student of Velammal Engineering College, Ambattur undertaking Bachelor of Engineering concentration on Computer Science and Engineering. I am a member of NullCon - International security conference(Chennai Chapter). I am serving H4CK3R.in as a Moderator.
Contents Introduction Symmetric Key Encryption Message Digest Birthday Attack MD5, SHA and Other Techniques Conclusion
Introduction What is it? Cryptography is primarily used as a tool to protect national secrets and strategies. It is extensively used by the military, the diplomatic services and the banking sector. One of the landmark developments in the history of cryptography was the introduction of the revolutionary concept of public-key. A cryptographic algorithm or cipher, is a mathematical function used in the encryption and decryption process. This mathematical function works in combination with a key to encrypt the plaintext (the original message)
Introduction How it works? A cryptographic algorithm, plus all possible keys and the protocols that make it work comprise a Cryptosystem.
Introduction - Objective Confidentiality is used to keep the content of information secret from unauthorized Persons This is achieved through symmetric and asymmetric encryption. Data integrity addresses the unauthorized alteration of data. This is addressed by hash functions. Authentication is related to identification. This applies to both entity and information itself. This is achieved through digital signature certificates and digital signatures.
Symmetric Cryptography In conventional Cryptography, also called secret-key or symmetric-key encryption , the same key is used for both encryption and decryption. Caesar's Cipher: Julius Caesar didnt trust his messengers. So when he sent a message to his generals, he replaced every A with D, every B with E and so on. Only the Caesar generals knew the shift by 3 rule. So if we want to and the encrypt the word NULLCON then the cipher will be QXOOFRQ. While decrypting it we follow the same shift by 3 rule, but we shift in the opposite side.
Message Digest The original text: 7391743 Operation Result Multiply 7 by 3 21 Discard first digit 1 Multiply 1 by 9 9 Multiply 9 by 1 9 Multiply 9 by 7 63 Discard first digit 3 Multiply 3 by 4 12 Discard first digit 2 Multiply 2 by 3 6 The Message Digest is 6
Message Digest Requirements: The given message should be very easy to find its corresponding message digest. Also the message digest should always be same every time.
Message Digest Requirements: The message digest should be in such a way that, it must be very difficult to find the original message by just the reverse algorithm
Birthday Attack How many people do you need so that the probability of having two of them share the same birthday is > 50% ? Random sample of n birthdays (input) taken from k (365, output) kn total number of possibilities (k)n=k(k-1)(k-n+1) possibilities without duplicate birthday Probability of no repetition: p = (k)n/kn 1 - n(n-1)/2k For k=366, minimum n = 23 n(n-1)/2 pairs, each pair has a probability 1/k of having the same output n(n-1)/2k > 50% n>k1/2
Birthday Attack Thus the birthday attack creates a problem in which more than one message can yield the same message digest. And this probability of this type of collision is more than 50% to prevent these birthday attacks algorithms like MD5 and SHA are used.
How many bits for hash? m bits, takes 2m/2 to find two with the same hash 64 bits, takes 232 messages to search (doable) Need at least 128 bits
Hash for authentication Alice to Bob: challenge rA Bob to Alice: MD(KAB|rA) Bob to Alice: rB Alice to Bob: MD(KAB|rB) Only need to compare MD results
MD5 input Message Output 128 bits Digest Until recently the most widely used hash algorithm in recent times have both brute-force & cryptanalytic concerns Specified as Internet standard RFC1321
MD5 1. Pad message so its length is 448 mod 512 2. Append a 64-bit original length value to message 3. Initialise 4-word (128-bit) MD buffer (A,B,C,D) Process message in 16-word (512-bit) blocks: Using 4 rounds of 16 bit operations on message block & buffer Add output to buffer input to form new buffer value 4. Output hash value is the final buffer value
SHA Developed by NIST, specified in the Secure Hash Standard (SHS, FIPS Pub 180), 1993 SHA is specified as the hash algorithm in the Digital Signature Standard (DSS), NIST
SHA Input message must be < 264 bits not really a problem Message is processed in 512-bit blocks sequentially Message digest is 160 bits SHA design is similar to MD5, but a lot stronger
MD5 Vs SHA Brute force attack is harder (160 vs 128 bits for MD5) Not vulnerable to any known cryptanalytic attacks (compared to MD4/5) A little slower than MD5 (80 vs 64 steps) Both work well on a 32-bit architecture Both designed as simple and compact for implementation
Revised Secure Hash Standards NIST have issued a revision FIPS 180-2 adds 3 additional hash algorithms SHA-256, SHA-384, SHA-512 designed for compatibility with increased security provided by the AES cipher structure & detail is similar to SHA-1 hence analysis should be similar
Conclusion Thus different concepts of Digital signatures are discussed and a overview of the various algorithms used are discussed
Questions??
Digital signatures

More Related Content

Digital signatures

  • 1. Digital Signatures -Kannan Ravindran
  • 2. Who am I ? I am Kannan Ravindran, A Student of Velammal Engineering College, Ambattur undertaking Bachelor of Engineering concentration on Computer Science and Engineering. I am a member of NullCon - International security conference(Chennai Chapter). I am serving H4CK3R.in as a Moderator.
  • 3. Contents Introduction Symmetric Key Encryption Message Digest Birthday Attack MD5, SHA and Other Techniques Conclusion
  • 4. Introduction What is it? Cryptography is primarily used as a tool to protect national secrets and strategies. It is extensively used by the military, the diplomatic services and the banking sector. One of the landmark developments in the history of cryptography was the introduction of the revolutionary concept of public-key. A cryptographic algorithm or cipher, is a mathematical function used in the encryption and decryption process. This mathematical function works in combination with a key to encrypt the plaintext (the original message)
  • 5. Introduction How it works? A cryptographic algorithm, plus all possible keys and the protocols that make it work comprise a Cryptosystem.
  • 6. Introduction - Objective Confidentiality is used to keep the content of information secret from unauthorized Persons This is achieved through symmetric and asymmetric encryption. Data integrity addresses the unauthorized alteration of data. This is addressed by hash functions. Authentication is related to identification. This applies to both entity and information itself. This is achieved through digital signature certificates and digital signatures.
  • 7. Symmetric Cryptography In conventional Cryptography, also called secret-key or symmetric-key encryption , the same key is used for both encryption and decryption. Caesar's Cipher: Julius Caesar didnt trust his messengers. So when he sent a message to his generals, he replaced every A with D, every B with E and so on. Only the Caesar generals knew the shift by 3 rule. So if we want to and the encrypt the word NULLCON then the cipher will be QXOOFRQ. While decrypting it we follow the same shift by 3 rule, but we shift in the opposite side.
  • 8. Message Digest The original text: 7391743 Operation Result Multiply 7 by 3 21 Discard first digit 1 Multiply 1 by 9 9 Multiply 9 by 1 9 Multiply 9 by 7 63 Discard first digit 3 Multiply 3 by 4 12 Discard first digit 2 Multiply 2 by 3 6 The Message Digest is 6
  • 9. Message Digest Requirements: The given message should be very easy to find its corresponding message digest. Also the message digest should always be same every time.
  • 10. Message Digest Requirements: The message digest should be in such a way that, it must be very difficult to find the original message by just the reverse algorithm
  • 11. Birthday Attack How many people do you need so that the probability of having two of them share the same birthday is > 50% ? Random sample of n birthdays (input) taken from k (365, output) kn total number of possibilities (k)n=k(k-1)(k-n+1) possibilities without duplicate birthday Probability of no repetition: p = (k)n/kn 1 - n(n-1)/2k For k=366, minimum n = 23 n(n-1)/2 pairs, each pair has a probability 1/k of having the same output n(n-1)/2k > 50% n>k1/2
  • 12. Birthday Attack Thus the birthday attack creates a problem in which more than one message can yield the same message digest. And this probability of this type of collision is more than 50% to prevent these birthday attacks algorithms like MD5 and SHA are used.
  • 13. How many bits for hash? m bits, takes 2m/2 to find two with the same hash 64 bits, takes 232 messages to search (doable) Need at least 128 bits
  • 14. Hash for authentication Alice to Bob: challenge rA Bob to Alice: MD(KAB|rA) Bob to Alice: rB Alice to Bob: MD(KAB|rB) Only need to compare MD results
  • 15. MD5 input Message Output 128 bits Digest Until recently the most widely used hash algorithm in recent times have both brute-force & cryptanalytic concerns Specified as Internet standard RFC1321
  • 16. MD5 1. Pad message so its length is 448 mod 512 2. Append a 64-bit original length value to message 3. Initialise 4-word (128-bit) MD buffer (A,B,C,D) Process message in 16-word (512-bit) blocks: Using 4 rounds of 16 bit operations on message block & buffer Add output to buffer input to form new buffer value 4. Output hash value is the final buffer value
  • 17. SHA Developed by NIST, specified in the Secure Hash Standard (SHS, FIPS Pub 180), 1993 SHA is specified as the hash algorithm in the Digital Signature Standard (DSS), NIST
  • 18. SHA Input message must be < 264 bits not really a problem Message is processed in 512-bit blocks sequentially Message digest is 160 bits SHA design is similar to MD5, but a lot stronger
  • 19. MD5 Vs SHA Brute force attack is harder (160 vs 128 bits for MD5) Not vulnerable to any known cryptanalytic attacks (compared to MD4/5) A little slower than MD5 (80 vs 64 steps) Both work well on a 32-bit architecture Both designed as simple and compact for implementation
  • 20. Revised Secure Hash Standards NIST have issued a revision FIPS 180-2 adds 3 additional hash algorithms SHA-256, SHA-384, SHA-512 designed for compatibility with increased security provided by the AES cipher structure & detail is similar to SHA-1 hence analysis should be similar
  • 21. Conclusion Thus different concepts of Digital signatures are discussed and a overview of the various algorithms used are discussed