Signatures January 29 2017 Classscharvey/Teaching/...ffffffff ffffffff ffffffff ffffffff fffffffe...

Digital SignaturesCampbell R. Harvey

Duke University, NBER andInvestment Strategy Advisor, Man Group, plc

January 30, 2017

Innovation and Cryptoventures

DefinitionCryptography is the science of communication in the presence of anadversary. Part of the field of cryptology.

2Campbell R. Harvey 2017

Goals of Adversary• Alice sends message to Bob• Eve is the adversary


Goals of Adversary

Eve’s goals could be:1. Eavesdrop2. Steal secret key so that all future messages can be intercepted3. Change Alice’s message to Bob4. Masquerade as Alice in communicating to Bob


Symmetric Keys

Early algorithms were based on symmetric keys.• This meant a common key encrypted and decrypted the message• You needed to share the common key and this proved difficult


Symmetric Keys

• Early methods relied on a shared key or code• A message would be encrypted and sent but the receiver needed todecode with a key or a special machine

• Example: The “Lektor” in James Bond, From Russia with Love.


Symmetric Keys• However, you needed to securely share the key or decoder.


Symmetric Keys• However, you needed to securely share the key or decoder.

8The “adversary”

Campbell R. Harvey 2017

Symmetric Keys• Nazi Enigma Machine is an earlier version of the “Lektor”

9

https://www.youtube.com/watch?v=G2_Q9FoD oQhttps://www.youtube.com/watch?v=V4V2bpZlqx8

Recommended videos!Campbell R. Harvey 2017

Secret Keys

Symmetric key• DES (Data Encryption Standard)was a popular symmetric keymethod, initially used in SET (firston line credit card protocol)

• DES has been replaced by AES(Advanced Encryption Standard)


Diffee Hellman Key Exchange

• Breakthrough in 1976 with Diffie Hellman Merkle key exchange• There is public information that everyone can see. Each person, say Alice andBob, have secret information.

• The public and secret information is combined in a way to reveal a singlesecret key that only they know

11https://www.youtube.com/watch?v=YEBfamv _do


Diffee Hellman Key Exchange

• Will use prime numbers and modulo arithmetic• We already encountered one example of modular arithmetic in the SHA 256which uses mod=232 or 4,294,967,296

12https://www.youtube.com/watch?v=YEBfamv _do


Key Exchange

Numerical example• “5 mod 2” = 1• Divide 5 by 2 the maximum number of times (2)• 2 is the modulus• The remainder is 1• Remainders never larger than (mod 1) so for mod 12 (clock) you wouldnever see remainders greater than 11.

• EXCEL function = mod(number, divisor) e.g., mod(329, 17) = 6

13

“mod”


Key Exchange

Alice and Bob decide on two public pieces for information• A modulus (say 17)• A generator (or the base for an exponent) (say 3)

• Alice has a private key (15)• Bob has a private key (13)

• Is it possible for them to share a common secret that is unlikely to beintercepted?

14https://www.khanacademy.org/computing/computer science/cryptography/modern crypt/v/diffie hellman key exchange part 2


Key Exchange

Alice:Calculates 315 mod 17 = 6 (i.e., =mod(3^(15), 17))

• Alice send the message “6” to Bob


Key Exchange

Alice:Calculates 315 mod 17 = 6 (i.e., =mod(3^(15), 17))

• Alice send the message “6” to Bob• Eve intercepts the message!


Key Exchange

Bob:Calculates 313 mod 17 = 12 (i.e., =mod(3^(13), 17))

• Bob send the message “12” to Alice


Key Exchange

Bob:Calculates 313 mod 17 = 12 (i.e., =mod(3^(13), 17))

• Bob send the message “12” to Alice• Eve intercepts the message! Now Eve has the 6 and the 12.


Key Exchange

Alice:Takes Bob’s message of 12 and raises it to the power of her private key.Calculates 1215 mod 17 = 10 (i.e., =mod(12^(15), 17))*

• This is their common secret

19*EXCEL only does 15 digits so this will not work Campbell R. Harvey 2017

Key Exchange

Bob:Takes Alice’s message of 12 and raises it to the power of his private key.Calculates 613 mod 17 = 10 (i.e., =mod(6^(13), 17))

• This is their common secret


Key Exchange

EveShe has intercepted their message. However, without the common secretkey, there is little chance she can recover the shared secret.

21

Key Exchange

Common secret• Alice can now encrypt a message with the common secret and Bob candecrypt it with the common secret.

• Notice this is a common secret.• Next we will talk private/public keys. That is, both and Alice have separatepublic keys and separate private keys.


Key Exchange (Optional slide)Why does this workThey are solving the same problem.

• Alice sent Bob 315 mod 17 = 6.• Bob raises the to power of 13.

This is the same as613 mod 17 = [315]^(13) mod 17 =10

23

Alice’s original calculation


Key Exchange (Optional slide)Why does this workThey are solving the same problem.

• Bob sent Alice 313 mod 17 = 12.• Alice raises the to power of 15.

This is the same as1215 mod 17 = [313]^(15) mod 17 =10

24

Bob’s original calculation


Key Exchange (Optional slide)

Why does this workThey are solving the same problem. The modular arithmetic is crucial.

• See![313]^(15) = [315]^(13)


Key Exchange

RSA and ECC• Now we will introduce key pairs.• The basic idea of modular arithmetic provides the foundation for RSAprivate/public key cryptography.

• The prime numbers that are used are huge. Private keys aremathematically linked to public keys.


RSA: High Level Overview

See my Cryptography 101 deck for much more detail.• Two prime numbers are chosen and they are secret (say 7 and 13, called p,q).• Multiply them together. The product (N=91) is public but people don’t knowthe prime numbers used to get it.

• A public key is chosen (say 5).• Given the two prime numbers, 7 and 13, and the public key, we can derive theprivate key, which is 29.


RSAIssues with RSA• RSA relies on factoring• N is public (our example was 91)• If you can guess the factors, p, q, then you can discover the private key


RSAIssues with RSA• Factoring algorithms have become very efficient• To make things worse, the algorithms become more efficient as the size ofthe N increases

• Hence, larger and larger numbers are needed for N• This creates issues for mobile and low power devices that lack thecomputational power

29http://www.slate.com/articles/health_and_science/science/2016/01/the_world_s_largest_prime_number_has_22_338_618_digits_here_s_why_you_should.html


Elliptic Curve Cryptography

Mathematics of elliptic curves• Do not rely on factoring• Curve takes the form of

y2 = x3 + ax + b

30

Note: 4a3 + 27b2 0


Bitcoin uses a=0 and b=7

Note that diagram is “continuous” but wewill be using discrete versions of this arithmetic


Properties• Symmetric in x axis• Any non vertical line intersects in three points• Algebraic representation



Properties

32

P Q

R

P+Q

Define a system of “addition”. To add “P” and“Q” pass a line through and intersect at third point“R”. Drop a vertical line down to symmetric part.This defines P+Q (usually denoted )

Denote Elliptic Curveas E Campbell R. Harvey 2017

Elliptic Curve CryptographyProperties

33

P

2P

Define a system of “addition”. To add “P” and“P” use a tangent line and intersect at third point.Drop a vertical line down to symmetric part.This definite 2P (usually denoted )


Elliptic Curve Cryptography (Optional slide)

Properties

34

(a) P + O = O + P = P for all P E.(existence of identity)

(b) P + ( P) = O for all P E.(existence of inverse)

(c) P + (Q + R) = (P + Q) + R for all P, Q, R E.(associative)

(d) P + Q = Q + P for all P, Q E(communativity)



Why use in cryptography?• Suggested by Koblitz and Miller in 1985• Implemented in 2005• Key insight:

• Adding and doubling on the elliptic curve is easy but undoing the adding is very difficult



Modulo arithmetic on EC• Example of modulo 67 (means onlypoints are between 0 and 66

• Notice the symmetry


http://www.coindesk.com/math behind bitcoin/#


Modulo arithmetic on EC• Notice the symmetry (reflection inthe red line)




Modulo arithmetic on EC• Example of modulo 67• Addition of (2,22) and (6,25)• Note (2,22) called the “base point”• The dashed blue line wraps aroundand intersects at (47,39) and thereflection is (47,28)




Modulo arithmetic on EC• Example of modulo 67• Addition of (2,22) and (6,25)• Note (2,22) called the “base point”• The dashed blue line wraps aroundand intersects at (47,39) and thereflection is (47,28)




Four choices:• Form of elliptic curve• Prime modulo• Base point• Order




Four choices:• Form of elliptic curve: y2 = x3 + 7• Prime modulo: 2256 – 232 – 29 – 28 – 27 – 26 – 24 1 = FFFFFFFF FFFFFFFFFFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F

• Base point: 04 79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB2DCE28D9 59F2815B 16F81798 483ADA77 26A3C465 5DA4FBFC 0E1108A8FD17B448 A6855419 9C47D08F FB10D4B8

• Order: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03BBFD25E8C D0364141




How it works:• Private key is a random number chosen between 1 and the order• Public key = private key*base point• Maximum number of private keys (and bitcoin addresses) is equal to theorder.

• It is straightforward to go from private key to a public key – but brutallydifficult to go from public key to private key.




How it works:1. Choose private key and derive public key• Let prime modulus = m• Let base point (x,y) = G• Let order = n• Let private key = d (which is just a number)

Public key Q(x,y) = d*G [operations on the elliptic curve with prime modulus m]




How it works:2. Sign• Let data = z (which could be a SHA 256 of the data you are signing)• Generate a random number k• Calculate k*G which leads to particular coordinates (x,y)*

• Calculate r = x mod n [Note n=order]• Calculate s = (z + r*d)/k mod n

Digital Signature (DS) = (r, s) is just a set of coordinates44Campbell R. Harvey 2017

http://www.coindesk.com/math behind bitcoin/# *I am not sure what modulus is used for this EC operation.

Private key


How it works:3. Verify• Calculate w = s 1 mod n• Calculate u = z*w mod n• Calculate v = r*w mod n• Calculate the point (x’, y’) = uG + vQ• Verify that r = x’mod n If yes, verified.

Remember DS = (r, s)45Campbell R. Harvey 2017


Public key

Base point


How it works:4. Intuition• Anyone can encrypt something with a public key• The digital signature algorithm uses the data, a random number, and boththe private and public keys

• Verification shows that only the owner of both the private and public keycould have signed. Verification is a “yes” or a “no”.



ECDSA

• Private key is a number called “signing key” (SK). It is secret.• Public key is the “verification key” and is mathematically linked tothe private key


SK EC VK

Private key:(number)

Elliptic curve operations:Need base point, modulus, order

Public key:coordinate (x, y)

Note: Easy to generate a public key with a private key. Not easy to go the other way.

ECDSA• Digital signature


SK

EC DS

Private key:(number)

Elliptic curve operations:Need base point, modulus, order (n)

Digital signature:coordinate (r, s)

Message

Nonce

Nonce:(random number)

ECDSA• Verification


VK

EC (x’, y’)

Public key:(x, y)

Elliptic curve operations:Need base point, order (n)

Derive new pointon elliptic curve

Message

r

DScoordinates

sr = x’ mod n ?

Yes(verified)

No(rejected)

Check x coordinateof new point and DS

How DSAs Work

Notice• Proves that the person with the private key (that generated thepublic key) signed the message.

• Interestingly, digital signature is different from a usual signature inthat it depends on the message, i.e., the signature is different foreach different message.

• In practice, we do not sign the message, we sign a cryptographichash of the message. This means that the size of the input is thesame no matter how long the message is.


ECDSA in Action

51Campbell R. Harvey 2017https://kjur.github.io/jsrsasign/sample ecdsa.html

ECDSA in Action


OP_CHECKSIG uses Public Key + Digital Signature + Hash of Transaction

Verifies whether this transaction has been signed by the owner of the Private Key

Application: PGP EmailMy public key for secureemail• You can encrypt an emailto me with my public keyand only I can decryptwith my private key.


Application: PGP Email

Steps1. Message compressed2. Random session key (based on mouse movements and

keystrokes) is generated.3. Message encrypted with session key4. Session key is encrypted with receiver’s public key5. Encrypted message + encrypted session key sent via email6. Recipient uses their private key to decrypt the session key7. Session key is used to decrypt the message8. Message decompressed

54Campbell R. Harvey 2017http://www.pgpi.org/doc/pgpintro/

References

• The Math Behind Bitcoin [recommended]

• Elliptic Curve Digital Signature Algorithm (Bitcoin)

• What does the curve used in Bitcoin, secp256k1, look like?

• Elliptic Curve Digital Signature Algorithm (Wikipedia)

• Elliptic Curve Cryptography (UCSB)

• Elliptic Curve Cryptography and Digital Rights Management (Purdue)

• Zero to ECC in 30 minutes (Entrust)

• The Elliptic Curve Cryptosystem

• Goldwasser, Shaffi and Mihir Bellare, 2008, Lecture Notes on Cryptography

• Dan Boneh, Stanford University, Introduction to Cryptography

• Dan Boneh, Stanford University, Cryptography II

• https://arstechnica.com/security/2013/10/a relatively easy to understand primer on elliptic curve cryptography/


Date post:	09-Jul-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

Signatures January 29 2017 Classscharvey/Teaching/...ffffffff ffffffff ffffffff ffffffff fffffffe...

Documents