1 / 8

Discrete Logs, Diffie-Hellman, and ElGamal Cryptosystem Explained

Learn about the concepts of discrete logs, Diffie-Hellman key exchange, and the ElGamal cryptosystem. Understand the challenges and relationships between these cryptographic methods.

hpaul
Download Presentation

Discrete Logs, Diffie-Hellman, and ElGamal Cryptosystem Explained

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. DTTF/NB479: Dszquphsbqiz Day 26 • Pass in HW6 now • Can use up to 2 late days • But one incentive not to burn them all:teams will get to pick their presentation day in the order • Announcements: • HW7 posted. • Questions? • This week: • Discrete Logs, Diffie-Hellman, ElGamal • Hash Functions

  2. Plus-delta feedback • Thanks for some great feedback! My eyes are opened.

  3. Discrete Logs Given Find x We denote this as Why is this hard?

  4. Diffie-Hellman Key Exchange • Publish large prime p, primitive root a • Alice’s secret exponent: x • Bob’s secret exponent: y • 0 < x,y < p-1 • Alice sends ax (mod p) to Bob • Bob sends ay (mod p) to Alice • Each know key K=axy • Eve sees p, ax , ay ; why can’t she determine axy?

  5. Publish large prime p, primitive root a Alice’s secret exponent: x Bob’s secret exponent: y 0 < x,y < p-1 Alice sends ax (mod p) to Bob Bob sends ay (mod p) to Alice Each know key K=axy Eve sees a, p, ax , ay ; why can’t she determine axy? Computational Diffie-Hellman problem: “Given a, p, ax (mod p), ay (mod p), find axy (mod p)” Not harder than problem of finding discrete logs Is it easier? No one knows! Decision Diffie-Hellman problem: “Given a, p, ax (mod p), ay (mod p), and c != 0 (mod p). Verify that c=axy (mod p)” Diffie-Hellman Key Exchange What’s the relationship between the two? Which is harder?

  6. ElGamal Cryptosystem • Another public-key cryptosystem like RSA. • Bob publishes (a, p, b), where 1 < m < p and b=aa • Alice chooses secret k, computes and sends to Bob the pair (r,t) where • r=ak (mod p) • t = bkm (mod p) • Bob calculates: tr-a=m (mod p) • Why does this decrypt?

  7. Bob publishes (a, p, b), where 1 < m < p and b=aa Alice chooses secret k, computes and sends to Bob the pair (r,t) where r=ak (mod p) t = bkm (mod p) Bob finds: tr-a=m (mod p) Why does this work? Multiplying m by bk scrambles it. Eve sees a, p, b, r, t. If she only knew a or k! Knowing a allows decryption. Knowing k also allows decryption. Why? Can’t find k from r or t.Why? ElGamal Cryptosystem

  8. Bob publishes (a, p, b), where 1 < m < p and b=aa Alice chooses secret k, computes and sends to Bob the pair (r,t) where r=ak (mod p) t = bkm (mod p) Bob finds: tr-a=m (mod p) Show that Bob’s decryption works Eve would like to know k. Show that knowing k allows decrpytion. Why? Why can’t Eve compute k from r or t? Challenge: Alice should randomize k each time. If not, and Eve gets hold of a plaintext / ciphertext (m1, r1, t1), she can decrypt other ciphertexts (m2, r2, t2). Show how. If Eve says she found m from (r,t), can we verify that she really found it, using only m,r,t, and the public key (and not k or a)? Explain. If time allows, send a friend a public key (a, p, b), have him encrypt a message as (r,t), and decrypt it. Otherwise, you can run through the cycle on your own. Name: ______________________ ElGamal Notes:

More Related