Previous lecture

1
Previous lecture

• Block ciphers
• Modes of operations
• First assignment
• Hash functions

2
This lecture

• More on hash functions
• Digital signatures
• Message Authentication Codes
• Padding

3
Homepage for the course

• Reminder there is a homepage for the course at
  http//www.nada.kth.se/marten/AC/2003 with a
  mirror at http//students.mii.lu.lv/user/AC/2003
• This page contains the latest information on the
  course
• All lectures can be downloaded from this page

4
Hash functions

• A hash function is a function f0,1 ? 0,1n.
• Example Check sums in communication protocols
• Indices in databases
• One-way
• Given x, unfeasible to compute an v such that
  H(v) x
• Collision-free
• Unfeasible to find v1 and v2 such that v1 ? v2
  and H(v1) H(v2)

5
Digital signatures

• Used to ensure authenticity.
• A digital signatures binds a document to a
  person.
• A person produces a digital signature using his
  private key
• The signature can be verified using the public
  key.

6
How to sign a document d

• Compute the hash of d, v H(d).
• Perform a private key operation on v.
• The result is a digital signature.
• What happens if the hash function is not
  collision free?

7
Use of a digital signature
Signer
Verifier
Document
Document
Signature generation
Signature
Signature verification
OK / not OK
Public key
Private key
8
Message Authentication Codes

• Digital signatures requires public/private keys
• The same functionality can be achived with
  symmetric keys
• Called MAC Message Authentication Code
• Signer and verifier uses the same key
• Question What are the advantages compared to
  digital signatures? What are the disadvantages?

9
Two simple MACs

• Let Ekey, Dkey be a symmetric cipher, and let H
  be a hash function. Let m be the message to MAC
  and let k be the symmetric key.
• First proposition Compute a hash of the document
  and encrypt it
• Ek(H(m))
• Second proposition Concatinate the message and
  the key and compute the hash
• H(m ? k)

10
Use of a MAC
Signer
Verifier
Document
Document
MAC generation
MAC
MAC verification
OK / not OK
Symmetric key
Symmetric key
11
Difference between MAC and digital signature

• If you can verify a MAC, you can also create it
• To prove the validity of a MAC to a third party,
  you need to reveal the key.
• Computing a MAC is (usually) must faster than
  computing a digital signature
• Important for devices with low computing power

12
Padding

• In public key cryptography, an adversary can try
  to encrypt until he finds the correct message
• This is a real problem when the number of
  possible messages is low. (Yes/no, four-digit PIN
  code, etc.)
• Often encrypting a low number is dangerous.
• Without padding, the same clear text encrypts
  into the same cipher text each time.
• Padding adds random data to the clear text before
  encryption

13
Padding, cont.

• (Artificial) example We want to encrypt yes or
  no using a system for n bits.
• Yes is encoded by 10
• No is encoded by 01
• Pad by adding (say) n 3 random bits
• Yes is encoded by 1b2b3bn 210
• No is encoded by 1b2b3bn 201
• To use test-encryption you need to try all 2n 3
  combinations.

14
Standards for padding

• Standards important for interchange
• RSA Laboratories has defined several standards
  for public key cryptography called PKCS
• PKCS1 describes how to encrypt and sign using RSA