Asymmetric Key Signatures
-
Upload
david-evans -
Category
Engineering
-
view
609 -
download
0
Transcript of Asymmetric Key Signatures
![Page 1: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/1.jpg)
Asymmetric Key Signatures
David Evans and Samee ZahurCS4501, Fall 2015
![Page 2: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/2.jpg)
Please pay $1000 to my employee--TheBoss
You have money!
![Page 3: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/3.jpg)
Real-life SignaturesEasy to verify• Bank has your signatureForging unlikely• Legal consequences of forging• Checkbooks are well-guarded• Copying it requires physical accessHard to repudiate• Bank keeps a copy for few months
![Page 4: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/4.jpg)
Digital SignaturesEasy to verify• Everybody has your “verification key”, vkHard to forge• Nobody but you has the “signing key”, skHard to repudiate• Everybody knows only you have signing key
![Page 5: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/5.jpg)
Topics• Asymmetric cryptography• Digital signatures• Elliptic curve cryptography• Implementation pitfalls
![Page 6: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/6.jpg)
Ordinary (or symmetric) crypto
Message
key key
![Page 7: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/7.jpg)
Whitfield DiffieMartin Hellman
New Directions in Cryptography, 1976
![Page 8: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/8.jpg)
Diffie-Hellman Key Exchange
𝑔𝑎 mod 𝑝
𝑔𝑏 mod 𝑝Picks secret aComputes
Picks secret bComputesPublic values:
Shared secret:
![Page 9: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/9.jpg)
Discrete Logarithm Problem
Given find such that:
![Page 10: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/10.jpg)
Discrete Logarithm Problem
![Page 11: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/11.jpg)
Random element out of …?
𝑔𝑎 mod 𝑝
𝑔𝑏 mod 𝑝Picks random aComputes
Picks random bComputes
![Page 12: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/12.jpg)
Mod 5 Exponentiation0 1 2 3 4 5 6 …
0 - 0 0 0 0 0 0 …
1 1 1 1 1 1 1 1 …
2 1 2 4 3 1 2 4 …
3 1 3 4 2 1 3 4 …
4 1 4 1 4 1 4 1 …
Order 1
Order 2
In mod multiplication, multiplicative order is always a factor of
![Page 13: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/13.jpg)
Exponent Modulus• Multiplicative order is at most • Pick random such that
![Page 14: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/14.jpg)
![Page 15: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/15.jpg)
![Page 16: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/16.jpg)
Public-key Cryptography
Publicly announces
,
Picks secret aComputes
Picks random secret b. Computes
Encrypts message :
Public values: Shared secret:
![Page 17: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/17.jpg)
Man-in-the-Middle (MITM)
𝑔𝑎
, Picks secret aComputes
Picks secret b. Computes
Encrypts message :
𝑔𝑎 ′
,
Picks random , ,Reads everything
![Page 18: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/18.jpg)
Digital Signature
![Page 19: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/19.jpg)
RecallEasy to verify• Everybody has your “verification key”, vkHard to forge• Nobody but you has the “signing key”, skHard to repudiate• Everybody knows only you have signing key
![Page 20: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/20.jpg)
Discrete-log based signature
![Page 21: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/21.jpg)
ElGamal Signature Scheme
SigningInput: message 1. Pick random 2. Compute
3. Send with message
VerificationInput: message Check if
Fixed global parameters: Private key: Public key:
![Page 22: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/22.jpg)
Bitcoin PaymentSign it like a check!
![Page 23: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/23.jpg)
Recap1. We want to sign transactions digitally on the bitcoin network, such
that they are:a) Easy to verifyb) Hard to forgec) Hard to repudiate
2. Discrete exponentiation is easy, logarithm is hard3. We used it to make asymmetric (aka. public) key crypto4. Same principle used for digital signatures
![Page 24: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/24.jpg)
Avoiding (overly) long numbers
![Page 25: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/25.jpg)
![Page 26: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/26.jpg)
Informal RequirementsGiven and ,
should be hard to solve for
![Page 27: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/27.jpg)
GroupA group is a set of elements (denoted ) and an associated binary operation (denoted ) that satisfies the following:• Closure: is also a group element, or • Associativity: • Identity element: • Inverse: Not necessary, but okay to have:• Commutativity:
![Page 28: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/28.jpg)
Additional Cryptographic Properties• Discrete logarithm should be hard• Group operation should be efficient• Implies small key sizes
![Page 29: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/29.jpg)
Elliptic Curve Cryptography (ECC)
• Group elements: points on the curve, P, Q, and R• Point “addition”: using
“geometry”. P+Q=R
𝑦 2=𝑥3+7
P
Q
R
![Page 30: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/30.jpg)
Elliptic “Curve”
Image from: http://www.coindesk.com/math-behind-bitcoin/
![Page 31: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/31.jpg)
Elliptic Curve Digital Signature Algorithm (ECDSA)
ElGamal SignatureInputs: message , private key 1. Pick random 2. Compute
3. Send with message Verification
Check if
ECDSAInputs: message , private key 1. Pick random k2. Compute
a) , let
3. Send with message Verification
If , check
![Page 32: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/32.jpg)
![Page 33: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/33.jpg)
![Page 34: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/34.jpg)
Please pay $1000 to my employee--TheBoss
You have money!
Jason Benjamin
![Page 35: Asymmetric Key Signatures](https://reader035.fdocuments.us/reader035/viewer/2022062503/587d52971a28abee158b4e9d/html5/thumbnails/35.jpg)
Logistics• Next class: hash functions and Bitcoin consensus• Checkup 1 on Monday. Includes everything till today