Title: Pretty Good Privacy
1Pretty Good Privacy
Application Presentation by J. Chu
4/17/2001
SC700 A2 Internet Information Protocols
2Background
Pretty Good Privacy J. Chu
Pretty Good Privacy (PGP) The first version of
PGP was programmed in 1991 by Phil R. Zimmerman,
who later founded PGP Security Consulting. PGP
is one of the most popular encryptionand
authentication algorithm world-wide. PGP is more
widely used in electronic mailsecurity than any
other areas.
Phil R. Zimmerman
4/17/2001
SC700 A2 Internet Information Protocols
3Background (continues)
Pretty Good Privacy J. Chu
Pretty Good Privacy (PGP) PGP is a hybrid
cryptosystem it is a combination of some of the
best known encryption algorithms in
existence. While PGP has the speediness of a
symmetric-key encryption algorithm, it maintains
the high level of security of a public-key
encryption algorithm.
4/17/2001
SC700 A2 Internet Information Protocols
4Background (continues)
Pretty Good Privacy J. Chu
Pretty Good Privacy (PGP) "If all the personal
computers in the world - 260 million - were put
to work on a single PGP-encrypted message, it
would still take an estimated 12 million times
the age of the universe, on average, to break a
single message. - Deputy Director William
CrowellNational Security Agency3/20/1997
4/17/2001
SC700 A2 Internet Information Protocols
5Introduction
Pretty Good Privacy J. Chu
Why choose PGP over RSA? RSA is very secured
given a large enough key. However, it is
definitely no fun having to compute 5672128 for
every single letter in order to encrypt or
decrypt a message. During the 80s and early
90s, not too many computer in the world can
handle such complex computations in a short
period of time. This is when PGP comes inIt is
fast, secured, and best of all, everyone can
use! (note by publishing the source code of
PGP on the Internet, Phil Zimmerman actually got
prosecuted by the United States Government for
exporting a weapon.)
4/17/2001
SC700 A2 Internet Information Protocols
6Introduction (continues)
Pretty Good Privacy J. Chu
- The following algorithms are employed by PGP
- IDEA Cipher
- - developed by James Massey Xuejia Lai in 1990
- RSA Public Key Encryption
- - developed by Rivest, Shamir, and Adelman in
1977 - GZIP
- - A combination of Lempel-Ziv and Huffman Encoding
4/17/2001
SC700 A2 Internet Information Protocols
7Algorithm
Pretty Good Privacy J. Chu
- About the IDEA cipher
- IDEA International Data Encryption Algorithm
- Message is encrypted with a 128-bit IDEA key via
different combinations of operationsa.
Additions (mod 216)b. Multiplication (mod 216
1)c. Additions (mod 2) (i.e. XOR) - There are currently no known effective attacks
against the IDEA cipher.
4/17/2001
SC700 A2 Internet Information Protocols
8Algorithm (continues)
Pretty Good Privacy J. Chu
- The IDEA cipher algorithm
- Original text is divided into 64-bit blocks.
- Each 64-bit block is further divided into four
16-bit sub-blocks X1, X2, X3, X4. - The 128-bit IDEA session key is divided into
eight 16-bit key-blocks Ki,1, Ki,2, Ki,3, Ki,4,
Ki,5, Ki,6, Ki,7, Ki,8. - Addition and Multiplication are perform on each
block of Xn and Ki,j. - The combination of operations are performed eight
times to get the final encryption.
4/17/2001
SC700 A2 Internet Information Protocols
9Algorithm (continues)
Pretty Good Privacy J. Chu
IDEA Algorithm
4/17/2001
SC700 A2 Internet Information Protocols
10Algorithm (continues)
Pretty Good Privacy J. Chu
- Problems with IDEA cipher
- IDEA is a symmetric-key cryptosystem. In order to
decrypt a cipher, one must know the very same key
that is used to encrypt the message. - Since the IDEA key is 128-bit long, it is not
easy to memorize and therefore it must be
recorded.
4/17/2001
SC700 A2 Internet Information Protocols
11Algorithm (continues)
Pretty Good Privacy J. Chu
- PGP Improvements
- Instead of using the the same key each time, PGP
randomly generated a new IDEA key for every
session. The same message sent at different times
will be totally different and remembering the key
will be useless and unnecessary. - The IDEA key is encrypted via RSA public key
encryption algorithm. Decryption can be achieved
only by those who knows the complementary key. - PGP compresses packages with GZIP.
4/17/2001
SC700 A2 Internet Information Protocols
12Algorithm (continues)
Pretty Good Privacy J. Chu
- How PGP Encrypts
- Original text is encrypted into IDEA cipher text
with a 128-bit random key via IDEA encryption. - The IDEA session key is encrypted with a large
public key via RSA encryption. - The encrypted IDEA session key is appended to the
IDEA cipher text. - GZIP is used to compress the data into a PGP
package.
4/17/2001
SC700 A2 Internet Information Protocols
13Algorithm (continues)
Pretty Good Privacy J. Chu
How PGP Encrypts
4/17/2001
SC700 A2 Internet Information Protocols
14Algorithm (continues)
Pretty Good Privacy J. Chu
- How PGP Decrypts
- PGP package is decompressed and is separated into
the encrypted IDEA session key and the encrypted
IDEA cipher text. - IDEA session key is decrypted with RSA private
key. - IDEA session key decrypts the IDEA cipher text
into the original plain text.
4/17/2001
SC700 A2 Internet Information Protocols
15Algorithm (continues)
Pretty Good Privacy J. Chu
How PGP Decrypts
4/17/2001
SC700 A2 Internet Information Protocols
16Conclusion
Pretty Good Privacy J. Chu
PGP over IDEA RSA Although IDEA and RSA are
very strong encrypting algorithms, they do have
their weaknesses IDEA uses a single and lengthy
key while RSA employs complex and lengthy
computations. By combining both IDEA and RSA,
PGP uses the strengths of one algorithm to
compensate for the weaknesses of the other. As
the result, PGP is one of the strongest and
fastest encrypting algorithm in existence.
4/17/2001
SC700 A2 Internet Information Protocols
17References
Pretty Good Privacy J. Chu
Back, Adam, PGP Timeline. http//www.cypherspa
ce.org/adam/timeline/, 1998. Brown, Lawrie,
Cryptography and Computer Security.http//www.
cs.adfa.oz.au/teaching/studinfo/csc/lectures/,
2001. Davie and Peterson, Larry L., Computer
Networks. 2nd ed. Boston Morgan Kaufmann, 2000.
Page 599-601. Feisthammel, Patrick, PGP Pretty
Good Privacy.http//www.rubin.ch/pgp/pgp.en.htm
l, 2000. Gimon, Charles A., The Phil Zimmerman
Case.http//www.skypoint.com/members/gimonca/ph
ilzima.html, 1996. PGP International
Homepage.http//www.pgpi.org, 2001. PGP
Security BIND vulnerability COVERT CyberCop
Gauntlet.www.pgp.com, 2001.
4/17/2001
SC700 A2 Internet Information Protocols