Lecture 13: Public Key Cryptography Part 2

Question 1

Explain the Diffie-Hellman key exchange

Answer 1

See slide 5 in set 28

Question 2

Explain the protocol for the Diffie-Hellman key exchange

Answer 2

See slide 6 in set 28

Question 3

What can Z be used to compute and how i.t.o the Diffie-Hellman key exchange

Answer 3

Z can be used to compute a key (e.g. AES) by using a key derivation function based on a public hash function

Question 4

Explain the Diffie-Hellman key exchange example on slide 7 in set 13

Answer 4

See slide 13 in set 28

Question 5

Determine the shared key/common secrete i.t.o the Diffie-Hellman key exchange if:

p = 181
g = 2
a = 50
b = 33

Answer 5

See slide 13 in set 28

Question 6

Comment on the security of the Diffie-Hellman key exchange

Answer 6

An attacker who finds discrete logarithms breaks the protocol

• -> interception g^a mod p and taking the discrete log to get a
• -> computing (g^b)^a in the same way as Bob

No better way known for a passive adversary than by taking discrete logs
–> it is unknown if there is a better way

Question 7

What does the security of the Diffie-Hellman key exchange rely on?

Answer 7

Difficult log problem

Question 8

Are the messages between Bob and Alice authenticated in the basic Diffie-Hellman key exchange?

Answer 8

no, not authenticated

Question 9

I.t.o the Diffie-Hellman key exchange, what is required for Alice/Bob to know how Z (secrete) is shared?

Answer 9

authenticated messages

Question 10

What is the general idea of the MITM attack on the Diffie-Hellman key exchange?

Answer 10

The adversary sets up 2 keys, 1 with Alice and 1 with Bob, and relays messages between the 2

Question 11

What is the authentication feature of Diffie-Hellman key change?

Answer 11

Authentication can be added using digital signatures

Question 12

Explain the authenticated Diffie-Hellman key exchange

Answer 12

See slide 10 set 13

Question 13

What do both parties know in the authenticated Diffie-Hellman key exchange

Answer 13

Both parties know each other’s public signature verification key

Question 14

What is an ephemeral key?

Answer 14

key used once and then discarded

Question 15

Is the protocol on slide 10 in set 13 a static or ephemeral protocol?

Answer 15

ephemeral

Question 16

What are happens in the static Diffie-Hellman protocol?

Answer 16

See slide 11 in set 13

Question 17

What makes the static Diffie-Hellman protocol that makes it static?

Answer 17

Long term private keys are chosen by Alice and Bob an they find a shared secrete that is static.

This secrete stays the same until Alice and Bob change their public keys

Question 18

What is the Elgamal cryptosystem used for?

Answer 18

encryption and signature

Question 19

What is the key idea of the Elgamal cryptosystem

Answer 19

Alice combines her ephemeral private key with Bob’s long-term public key

Question 20

Explain the key generation process in the Elgamal cryptosystem

Answer 20

See slide 14 in set 13

Question 21

Give the encryption process in the Elgamal cryptosystem

Answer 21

See slide 15 in set 28

Question 22

Give the decryption process in the Elgamal cryptosystem

Answer 22

See slide 15 in set 28

Question 23

Explain what is used as mask for message M in the Elgamal cryptosystem

Answer 23

See slide 16 in set 28

Question 24

Explain the Elgamal cryptosystem example on slide 17 in set 13

Answer 24

TODO

Question 25

How could an attacker break the Elgamal cryptosystem?

Answer 25

An attacker who solves the discrete log problem breaks the Elgamal cryptosystem by determining the private key x from g^x mod p

Question 26

Is it possible for many uses to share the same p and g i.t.o the Elgamal cryptosystem?

Answer 26

yes

Question 27

Is padding required in the Elgamal cryptosystem?

Answer 27

No since in RSA –> each ciphertext is already randomised, thanks to the ephemeral key k

Question 28

What are elliptic curves?

Answer 28

Algebraic structures formed from cubic equations

Question 29

What are elliptic curves defined over?

Answer 29

Defined over any field

Question 30

Give an example of an elliptic curve

Answer 30

See slide 20 in set 13

Question 31

What is an elliptic curve group?

Answer 31

A group over elliptic curve points

Question 32

What is formed when we add an identity element, then define a binary operation on the point (.e.g multiplication) i.t.o elliptic curves?

Answer 32

Form a group over the elliptic curve points –> elliptic curve group (since 1 operation)

Question 33

How do we choose an elliptic curve?

Answer 33

Applications usually use standardised curves

Standarised curves generated in a verifiably random way –> difficult to generate curves with any special properties

Question 34

Explain the elliptic curve example on slide 22 in set 13

Answer 34

See slide 22 in set 13

Question 35

Which standard is generating new elliptic curves in?

Answer 35

FIPS 186-4 (NIST curves, 2013)

Question 36

What are discrete logs defined on?

Answer 36

elliptic curve groups

–> if elliptic curve operations denoted as multiplication, then definition same as in Z*p

Question 37

What are the best know algs for solving discrete log problem?

Answer 37

exponential in length of parameters

Question 38

IMPORTANT

Comment on the size of keys in elliptic curve implementations

Answer 38

use SMALLER keys

Question 39

Compare elliptic curve cryptography with RSA in general

Answer 39

relative advantage of elliptic curve cryptography increases at higher security levels

Question 40

Compare the security between symmetric ciphers, RSA and elliptic curves i.t.o their keys

Answer 40

See slide 24 in set 13

[TODO: need to draw conclusions myself]

Question 41

Comment on a common practice for elliptic curve cryptography

Answer 41

most cryptosystems based on discrete log construction with elliptic curves as well as Z*p

Question 42

Give two examples of cryptosystems that run on elliptic curves

Answer 42

1) Diffie-Hellman key exchange

2) Elgamal encryption

Question 43

Who proposed identity-based cryptography and when?

Answer 43

Shamir, 1982

Question 44

What are not needed in identify-cryptography and why?

Answer 44

Public keys and certificates not needed

• -> id of key owner replaces the public key
• -> message encryption using public parameters and recipient’s id

Question 45

What are the limitations of identity-based cryptography?

Answer 45

need of a trusted key generation process

Question 46

Comment on the generalisation with functional cryptography i.t.o identity-base cryptography

Answer 46

general access policies used to define who may decrypt the ciphertext

Question 47

Comment on the issues that quantum computers pose if they become available

Answer 47

most current public key cryptography will be broken

• -> Shor’s alg enabling factorisation
• -> Shor’s alg enabling to find discrete logs

Question 48

What is a concern about quantum cryptography?

Answer 48

building cryptographic primitives still secure if current public key cryptography broken

Question 49

If quantum computers become available, what must be used for symmetric key cryptography to remain secure?

Answer 49

used double-length keys

–> since Grover’s alg allowing searching

Question 50

What problems are post-quantum cryptosystems based on?

Answer 50

1) lattice problems
2) coding theory
3) multi-variable polynomial resolution