What are the limits of security - PowerPoint PPT Presentation

1 / 52
About This Presentation
Title:

What are the limits of security

Description:

If group order k is known. and gcd(e,k) = 1, then. computing eth ... Invented by John Pollard 1989. using old 8-bit computer. Improved by many mathematicians. ... – PowerPoint PPT presentation

Number of Views:72
Avg rating:3.0/5.0
Slides: 53
Provided by: johannes87
Category:

less

Transcript and Presenter's Notes

Title: What are the limits of security


1
What are the limits of security?
  • Johannes Buchmann
  • Informatik und Mathematik
  • TU Darmstadt

2
Crypto primitives
3
Encryption
4
Digital signature
?
5
Digital signature
?
6
RSA 1979

7
General RSA
  • G finite group

8
General RSA
  • G finite group
  • we can efficiently compute
  • product

9
General RSA
  • G finite group
  • we can efficiently compute
  • product
  • power

10
General RSA
  • If group order unknown
  • then extracting eth roots
  • is intractable

11
General RSA
  • If group order unknown
  • then extracting eth roots
  • is intractable

12
General RSA
  • If group order k is known
  • and gcd(e,k) 1, then
  • computing eth roots is easy

13
General RSA
  • If group order k is known
  • and gcd(e,k) 1, then
  • computing eth roots is easy

14
General RSA
  • Public key group G, exponent e

15
General RSA
  • Public key group G, exponent e
  • Private key order k of G
  • exponent d with
  • dek 1

16
General RSA
  • Public key group G, exponent e
  • Private key order k of G
  • exponent d with
  • dek 1
  • enables to extract eth roots

17
Encryption
Bob
Alice
Secret message m
18
Encryption
Bob
Alice
Plaintext m Bobs public key (G,e)
19
Encryption
Bob
Alice
Plaintext m Bobs public key (G,e) Ciphertext
c
20
Encryption
Bob
Alice
Plaintext m Bobs public key (G,e) Ciphertext
c
Bobs private key d
21
Encryption
Bob
Alice
Plaintext m Bobs public key (G,e) Ciphertext
c
Bobs private key d Plaintext
22
Digital signature
?
23
Digital signature
?
Message m Alicess secret key d
24
Digital signature
?
Message m Alicess secret key d Signature
25
Digital signature
?
Message m Alicess secret key d Signature
Alices public key (e,G)
26
Digital signature
?
Message m Alicess secret key d Signature
Alices public key (e,G) Verification
27
Find a group G
  • Finite.
  • Computing in G is possible for anybody.
  • Order of G can be kept secret.

28
Original RSAMultiplicative group of residues
29
RSA security based onfactoring problem
30
RSA-155, 512 Bitstill used
n 1094173864157052742180970732204035761 2003732
9454492059909138421314763499842 889347847179972578
91267332497625752899 78183379707653724402714674353
159335433 3897
31
RSA challenge numbers
  • Year n Algorithm
    MIPS Years
  • 1991 RSA-100 QS 7
  • 1992 RSA-110 QS 75
  • 1993 RSA-120 QS 830
  • 1994 RSA-129 QS 5000

32
Number Field Sieve NFS
  • Invented by John Pollard 1989
  • using old 8-bit computer
  • Improved by many mathematicians.

33
RSA challenge numbers
  • Year n Algorithm
    MIPS Years
  • 1991 RSA-100 QS 7
  • 1992 RSA-110 QS 75
  • 1993 RSA-120 QS 830
  • 1994 RSA-129 QS 5000
  • 1996 RSA-130 NFS 500
  • 1999 RSA-140 NFS 2000
  • 1999 RSA-155 NFS 8000

34
How difficult is factoring?How secure is RSA?
  • Lenstra Verheul 1999
  • 1024-bit RSA secure until 2002
  • 2048-bit RSA secure until 2023

35
How difficult is factoring?How secure is RSA?
  • Lenstra Verheul 1999
  • 1024-bit RSA secure until 2002
  • 2048-bit RSA secure until 2023
  • but
  • mathematical progress cannot be predicted
  • Quantum computers?

36
Why is this a problem?
  • Most public key products RSA based

37
RSA
38
If factoring becomes easy
39
If factoring becomes easy
  • How to maintain security infrastructures?

40
If factoring becomes easy
  • How to maintain security infrastructures?
  • What happens to long term encryptions?

41
If factoring becomes easy
  • How to maintain security infrastructures?
  • What happens to long term encryptions?
  • What happens to long term signatures?

42
We need alternatives
  • Develop new crypto primitives
  • Study their security
  • and efficiency

43
Alternative
  • Discrete logarithm problem in
  • Multiplicative group of finite fields
  • Point group of elliptic curve over finite field
  • Class group of number field

44
Alternative
  • Shortest vector problem
  • NTRU (Silverman)
  • Goldwasser-Kilian-Halevi

45
We need flexible security infrastructures
  • Security solutions are very complex
  • Security primitives must be easy to replace

46
FlexiPKIDFG SPP SicherheitBMWi Fairpay
47
FlexiPKI
Java Cryptography Architecture
48
FlexiPKI
CA
IS
FlexiTrust
RA
Java Cryptography Architecture
Provider
49
FlexiPKI
Exchange
File-encryption
CA
pine
SSL/TLS
IS
S/MIMEHandler
Netscape
FlexiClients
FlexiTrust
Outlook
RA
Java Cryptography Architecture
50
FlexiPKI
Exchange
File-encryption
CA
pine
SSL/TLS
IS
S/MIMEHandler
Netscape
FlexiClients
FlexiTrust
Outlook
RA
Java Cryptography Architecture
Provider
Random NumberGeneration
ECC
E2
NFC
AES
PKCS11
Mars
RSA/DSA
Safer
RC6
51
We needexchange strategies
  • What to do with PKI-software, certificates, and
    long term encryptions and signatures
  • if a key is broken?
  • if a crypto primitive becomes insecure?
  • if a protocol becomes insecure?

52
Today implementation at Badenia
Bausparkasse. www.castforum.de www.cdc.informatik.
tu-darmstadt.de
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "What are the limits of security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!