Seminar Report On SIGNCRYPTION
Computer Science Clay Active In SP Posts: 712 Joined: Jan 2009 
14062009, 12:56 AM
Seminar Report On SIGNCRYPTION SUBMITTED BY ANIL C.B. IN PARTIAL FULFILLMENT OF THE REQUIREMENT FOR THE AWARD OF DEGREE OF MASTER OF TECHNOLOGY (M.TECH.) IN SOFTWARE ENGINEERING DEPARTMENT OF COMPUTER SCIENCE COCHIN UNIVERSITY OF SCIENCE AND TECHNOLOGY COCHIN  682022 2005Page 2 Signcryption Department of Computer Science CUSAT 2 DEPARTMENT OF COMPUTER SCIENCE COCHIN UNIVERSITY OF SCIENCE AND TECHNOLOGY COCHIN â€œ 682022 Certificate This is to certify that the Seminar report entitled ? Signcryption ? , submitted by Anil C.B., Semester I, in the partial fulfillment of the requirement for the award of M.Tech. Degree in Software Engineering is a bonafide record of the Seminar presented by him in the academic year 2005. Dr. Sumam Mary Idicula Dr. K Paulose Jacob Seminar Guide Head of the DepartmentPage 3 Signcryption Department of Computer Science CUSAT 3 ACKNOWLEDGEMENT I express our profound gratitude to the Head of Department Dr. K Paulose Jacob for allowing me to proceed with the seminar and presentation and also for giving me full freedom to access the lab facilities. My heartfelt thanks to my guide Dr. Sumam Mary Idicula for taking time and helping me through my seminar and presentation. She has been a constant source of encouragement without which the seminar and presentation might not have been completed on time. I am very grateful for her guidance. I am also thankful to Mr. G Santhosh Kumar, Lecturer, Department of Computer Science, for helping me with my seminar and presentation. His ideas and thoughts have been of great importance .Page 4 Signcryption Department of Computer Science CUSAT 4 ABSTRACT Signcryption is a new cryptographic primitive, which simultaneously provides both confidentiality and authenticity. Previously, these two goals had been considered separately, with encryption scheme provide confidentiality and digital signature provides authenticity. In cases where both required, the encryption operations and digital signature operations were simply sequentially composed. In 1998, Zheng demonstrated that by combining both goals into a single primitive it is possible to achieve significant savings both in computational and communication overhead. Since a wide variety of signcryption schemes have been proposed. In this seminar and presentation we discuss one algorithm for signcryption and advantages and disadvantages of signcryption. Compares signcryption with signature then encryption and application of signcryption.Page 5 Signcryption Department of Computer Science CUSAT 5 CONENTS 1. INTRODUCTIONÂ¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦..3 1. 1) Why SigncryptionÂ¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦.Â¦Â¦Â¦.4 2. SIGNCRYPTION how its worksÂ¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦..4 2. 1) Steps involved in signcrypting a messageÂ¦Â¦Â¦Â¦Â¦Â¦.5 2. 2) Steps involved in unsigncrypting a messageÂ¦Â¦Â¦Â¦Â¦.8 3. FEATURES AND SECURITY OF SIGNCRYPTIONÂ¦Â¦Â¦Â¦Â¦.10 3.1) FeaturesÂ¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦..10 3.2) SecurityÂ¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦..11 3.3) ComparisonsÂ¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦...11 4. ADVANTAGES AND DISADVANTAGESÂ¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦12 4.1) AdvantagesÂ¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦..12 4.2) DisadvantagesÂ¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦..15 5. POSSIBLE APPLICATION OF SIGNCRYPTIONÂ¦Â¦Â¦Â¦Â¦..16 5.1) Handshake protocolÂ¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦..16 5.2) ATM networksÂ¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦..17 6. CONCLUSIONÂ¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦.18 7. BIBILOGRAOHY AND INTERNET RESOURCESÂ¦Â¦Â¦Â¦..19 Appendix (A) Cryptography basicsÂ¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦..20 Appendix (B) Encryption and digital signaturesÂ¦Â¦Â¦Â¦Â¦Â¦Â¦Â¦..23Page 6 Signcryption Department of Computer Science CUSAT 6 1. Introduction In order to send a confidential letter in a way that it cannot be forged, it has been a common practice for the sender of the letter to sign it, put it in an envelope and then seal it before handing it over to be delivered. Discovering Public key cryptography has made communication between people who have never met before over an open and insecure network, in a secure and authenticated way possible. Before sending a message, the sender has to do the following: 1. Sign it using a Digital Signature (DS) scheme 2. Encrypt the message and the signature using a private key encryption algorithm under randomly chosen message encryption key 3. Encrypt the random message encryption key using the receiverâ„¢s public key 4. Send the message following steps 1 to 3. This approach is knows as signaturethenencryption. The main disadvantage of this approach is that, digitally signing a message and then encrypting it, consumes more machine cycles and bloats the message by introducing extended bits to it. Hence, decrypting and verifying the message at the receiverâ„¢s end, a lot of computational power is used up. Thus you can say that the cost of delivering a message using signingthenencryption is in effect the sum of the costs of both digital signatures and public key encryption. Is it possible to send a message of arbitrary length with cost less than that required by signaturethenencryption? Signcryption is a new paradigm in public key cryptography that simultaneously fulfils both the functions of digital signature and public key encryption in a logically single step, and with a cost significantly lower than that required by the traditional signature followed by encryption.Page 7 Signcryption Department of Computer Science CUSAT 7 1.1. Why Signcryption? 1.1.1 Based on discrete algorithm problem, Signcryption costs 58% less in average computation time and 70% less in message expansion than does signaturethen encryption. 1.1.2 Using RSA cryptosystem, it costs on average 50% less in computation time and 91% less in message expansion than signaturethenencryption does. 2. Signcryption â€œ How it works Signcryption can be defined as a combination of two schemes; one of digital signatures and the other of public key encryption. One can implement Signcryption by using ElGamalâ„¢s shortened digital signature scheme, Schnorrâ„¢s signature scheme or any other digital signature schemes in conjunction with a public key encryption scheme like DES, 3DES or SPEED. This choice would be made based on the level of security desired by the users. Here we present the implementation of Signcryption using ElGamalâ„¢s shortened signature scheme and a public key encryption algorithm denoted by E and D (Encryption and Decryption algorithms). Compared with DSS, SDSS1 and SDSS2 have the following advantages: 1. Their signatures are shorter 2. No modular inversion or division is required in signature verification. 3. They both admit provable security, albeit in the random oracle modelPage 8 Signcryption Department of Computer Science CUSAT 8 These are the parameters involved in the Signcryption algorithm:  Parameters public to all p â€œ a large prime number q â€œ a large prime factor of p1 g â€œ an integer with order q modulo p chosen randomly from [1,Â¦,p1] Hash â€œ a oneway hash function whose output has, say, at least 128 bits KH â€œ a keyed oneway hash function (E, D) â€œ the encryption and decryption algorithms of a private key cipher Aliceâ„¢s keys x a â€œ Aliceâ„¢s private key, chosen uniformly at random from [1,Â¦,q1] y a â€œ Aliceâ„¢s public key (y a = g x a mod p) Bobâ„¢s keys x b â€œ Bobâ„¢s private key, chosen uniformly at random from [1,Â¦,q1] y b â€œ Bobâ„¢s public key (y b = g xb mod p) 2.1 Steps involved in Signcrypting a message We are taking an example in which Alice is sender and bob is receiver. So Alice is having a message m, which wants to send to bob in an unsecured channel, hence he uses signcryption mechanism to send the message to bob so tat message would remain safe. So below steps are discussed which are involved in Signcrypting the message.Page 9 Signcryption Department of Computer Science CUSAT 9 1. Alice chooses a value x from the large range 1,Â¦,q1 2. She then uses Bobâ„¢s public key and the value x and computes the hash of it. This will give her a 128bit string. K = hash (y b x mod p) 3. She then splits this 128bit value K into two 64bit halves. We can name them as k 1 and k 2 and refer to them as the key pair. Figure 2.1 Signcryption  generating k 1 and k 2 4. Next, Alice encrypts the message m using a public key encryption scheme E with the key k 1 . This will give her the cipher text c. c = E k 1 (m) 5. Then, she uses the key k 2 in the oneway keyed hash function KH to get a hash of the message m. This will give her a 128bit hash, which we will call r. This process uses the SDSS Algorithm. r = KH k 2 (m) 6. Just like in SDSS, Alice then computes the value of s. She does this using the value of x, her private key x a , the large prime number q and the value of r. s = x / (r + x a ) mod qPage 10 Signcryption Department of Computer Science CUSAT 10 Figure 2.2 Signcryption  generating components c and r Figure 2.3 Signcryption  generating component s 7. Alice now has three different values, c, r and s. She then has to get these three values to Bob in order to complete the transaction. She can do this in a couple of ways. She can send them all at one time. She can also send them at separately using secure transmission channels, which would increase security. Thus on her part, Signcryption of the message is done.Page 11 Signcryption Department of Computer Science CUSAT 11 2.2 Steps involved in Unsigncrypting a message 1. Bob receives the 3 values that Alice has sent him, c, r and s. He uses the values of r and s, his private key x b , Aliceâ„¢s public key y a and p and g to compute a hash which would give him 128bit result. K = hash ((y a * g r ) s X x b mod p) Figure 2.4 Unsigncryption  generating component k This 128bit hash result is then split into two 64bit halves which would give him a key pair (k 1 ,k 2 ). This key pair would be identical to the key pair that was generated while Signcrypting the message. 2 . Bob then uses the key, k 1 , to decrypt the cipher text c, which will give him the message m. m = Dk 1 ©Page 12 Signcryption Department of Computer Science CUSAT 12 Figure 2.5 Unsigncryption â€œ obtaining the message m 3. Now Bob does a oneway keyed hash function on m using the key k 2 and compares the result with the value r he received from Alice. If they match, it means that the message m was indeed signed and sent by Alice, if not Bob will know that the message was either not signed by Alice or was intercepted and modified by an intruder. Thus Bob accepts the message only if KHk 2 (m) = r. Figure 3.3.2 © Unsigncryption â€œ verification of the message mPage 13 Signcryption Department of Computer Science CUSAT 13 3. Features and Security Aspects of Signcryption 3.1 Features Digital Signcryption strives to do digital signature and public key encryption in one logical step, with a cost less than that required by each of those steps done separately. Let us assume that S is the Signcryption algorithm and U is the Unsigncryption algorithm. The following three aspects define the features of Signcryption:  3.1.1 Unique unsigncryptability:  A message m of arbitrary length is Signcrypted using the algorithm S. This will give a Signcrypted output c. The receiver can apply Unsigncryption U on c to verify the message m. This Unsigncryption is unique to the message m and the sender. 3.1.2 Security:  Since Signcryption is a combination of two security schemes, digital signatures as well as public key encryption, it is likely to be more secure and would ensure that the message sent couldnâ„¢t be forged, the contents of which are confidential and ensures nonrepudiation. 3.1.3 Efficiency:  The cost of computation involved when applying the Signcryption and Unsigncryption algorithms as well as the communication overhead is much smaller than with signaturethenencryption schemes.Page 14 Signcryption Department of Computer Science CUSAT 14 3.2 Security 3.2.1 Unforgeability:  Bob is in the best position to be able to forge any Signcrypted message from Alice as only he is in possession of his private key, x b , which is required to directly verify Aliceâ„¢s message. Given the Signcrypted text of c, r and s, Bob can only obtain the message m by decrypting it using his private key x b . Any changes he then makes to the message m will reflect in the next step of Signcryption, which will ensure that the oneway keyed hash function on the message m, will not match the value r. Thus Bob, the prime candidate for this kind of attack, is prevented from forging Aliceâ„¢s Signcrypted message. 3.2.2 Confidentiality:  Given that an attacker has obtained all three components of the Signcrypted message, c, r and s, he still would not be able to get any partial information of the message m because he would have to also know Bobâ„¢s private key as well as the two large prime number p and its factorial q, known only to Alice and Bob. This is not feasible, as we know that deriving a factorial from a large prime number is not practical. 3.3 Comparisons:  The advantage of signcryption over signaturethenencryption lies in the dramatic reduction of computational cost and communication overhead, which can be symbolized by the following inequality: Cost (Signcryption)< Cost (signature)+Cost (encryption)Page 15 Signcryption Department of Computer Science CUSAT 15 4. Advantages and Disadvantages of Digital Signcryption 4.1 Advantages 4.1.1 Low computational cost Signcryption is an efficient scheme as it does two steps at once during Signcryption and Unsigncryption. When you think of this in terms of one person sending a Signcrypted message to another person using a mobile device, computation cost does not really matter much. Computational power of processors has developed vastly these days, so if you were to consider Signcrypting network traffic between two stations or all of the traffic on a certain network, then computational power as well as savings in bandwidth are major factors. 4.1.2higher security One can argue the fact that whether the bringing together of two security schemes would increase or decrease security. In our groupâ„¢s view, it would only increase security. We base this on the fact that when you combine two security schemes, which by themselves are complex enough to withstand attacks, it can only lead to added security. Consider the following:  X â€œAny Digital Signature Algorithm Y â€œ Any Encryption Algorithm Xâ„¢ â€œ Total Number of Signature Algorithms known Yâ„¢ â€œ Total Number of Encryption Algorithms known Therefore the combination of the schemes X and Y would give you the Signcryption scheme S. S = X U YPage 16 Signcryption Department of Computer Science CUSAT 16 Figure 4.1 Security of Combination of Algorithms If you consider the fact that both X and Y involve complex mathematical functions, it is only logical to assume that S, which is a combination of both X and Y will involve the combination of the complexities of both X and Y and thus be more complex. More the complexity, more the harder it is for cryptanalysis. Another point to be noted here is that X, the digital signature algorithm, can be chosen from a large range of existing digital signature algorithms, Xâ„¢. Similarly the encryption algorithm for Y can be chosen from any encryption algorithm like 3DES, DES, etc from the range Yâ„¢. Thus the Signcryption algorithm can be implemented using any of the values in Xâ„¢ and Yâ„¢. This would make it very difficult for a cryptanalyst to figure out which implementation was used in the Signcrypting algorithm. Basically he would have Xâ„¢ x Yâ„¢ >= Xâ„¢ V Yâ„¢ i.e. the cryptanalyst would have to decide between the number of total digital signature algorithms times the number of encryption algorithms, which is greater or equal to either the number of Xâ„¢ or Yâ„¢.Page 17 Signcryption Department of Computer Science CUSAT 17 4.1.3 Message Recovery Consider the following scenario: Alice signs and encrypts a message and sends it to Bob. A while later, she wants to use the contents of the message again. To satisfy Alice's requirement, her electronic mail system has to store some data related to the message sent. And depending on cryptographic algorithms used, Alice's electronic mail system may either keep a copy of the signed and encrypted message as evidence of transmission, or in addition to the above copy, keep a copy of the original message, either in clear or encrypted form. A cryptographic algorithm or protocol is said to provide a past recovery ability if Alice can recover the message from the signed and encrypted message using only her private key. While both Signcryption and signaturethenencryptionwitha statickey" provide past recovery, signaturethenencryption" does not. One may view signaturethenencryption" as an information black hole" with respect to Alice the sender: whatsoever Alice drops in the black hole" will never be retrievable to her, unless a separate copy is kept properly.Page 18 Signcryption Department of Computer Science CUSAT 18 4.2 Disadvantages Figure 4. 2 Disadvantage of Signcryption The way Signcryption algorithm works currently, Alice has to use Bobâ„¢s public key to signcrypt a message. This has a disadvantage when you consider the need to broadcast a Signcrypted text. Imagine a bank needs to send a Signcrypted message to a number of share traders. With the current algorithm, it needs to signcrypt the message with each of itâ„¢s intended recipientâ„¢s public keys and send them separately to each one of them. This approach is redundant in terms of bandwidth consumption and computational resource usage. There is a research going on to solve this by introducing a group key between the bank and the clients that it intends to send Signcrypted text and use that to broadcast Signcrypted messages.Page 19 Signcryption Department of Computer Science CUSAT 19 5. Possible Applications of Digital Signcryption 5.1 LM Signcryption and its application in WTLS handshake protocol The mobile telecommunications business is booming. Tiny digital telephones and sleek pocketsize PDAs (personal digital assistants) are now more than just fashion accessories. The ability to connect to the Internet is a major feature that attracts people to them. It means that mobile communication devices and client mobile devices are now ready to access the Web. This scenario has given rise to a big question in the minds of users, is it secure? Accordingly, operators and manufactures have responded by establishing the WAP (Wireless Application Protocol) forum. The WAP forum has already developed WTLS (Wireless Transport Layer Security) layer for secured communication in the WAP environment. The primary goal of WTLS is to provide privacy, data integrity and AKA (Authentication and Key Agreement) between communication entities. Authenticity and confidentiality must be provided by a suitable encryption scheme in case of mobile communication. One way to implement this is to first digitally sign the message and encrypt it. This is commonly known as Signaturethen encryption. The other is viceversa, called encryptionthensignature. Currently, the WTLS handshake protocol is used for secure communication through mobile devices. This handshake uses AKA protocol with an endtoend connection. In handshake message flow, user certificate is sent to the recipient without encryption or another cryptographic scheme. In this scenario an attacker can get the certificate by eavesdropping on the transmission interface and can figure out user information from the certificate. This can provide the attacker with the user's location and activity. If Signcryption is used to send messages with mobile devices it will rectify this gap by providing stronger security. By the use of Signcryption, bandwidth use can be reduced and computational load can be decreased without compromising on the security of the message.Page 20 Signcryption Department of Computer Science CUSAT 20 5.2 Using Signcryption in unforgeable key establishment over ATM Networks The asynchronous transfer mode (ATM) is a high speed networking technique for public networks capable of supporting many classes of traffic. It is essentially a packetswitching technique that uses short fixed length packets called cells. Fixed length cells simplify the design of an ATM switch at the high switching speeds involved. The selection of a short fixed length cell reduces the delay. ATM is capable of supporting a wide range of traffic types such as voice, video, image and various data traffic. In ATM networks data packets are typically 53 bytes. Only 48 bytes out of 53 bytes in an ATM cell can be used for transmitting data, as the remaining 5 bytes are reserved for storing control information. Thus transmitting encryption key materials of more than 384 bits (48 bytes) over an ATM network would require two or more ATM cells. In a fast network such as ATM, if data packets are divided then there could be considerable delay due to packetization, buffering and re assembling data units. So, the need of the hour is to design an authenticated key establishment protocol that does not rely on a key distribution system, has low resource requirements, message is as short as possible and offers unforgeability and nonrepudiation. In such a scenario, Signcryption or a modified usage of Signcryption can solve the problem by minimizing message size as well as ensuring unforgeability and non repudiation. Extensive research is going on in use of Signcryption in key establishment over ATM networks. It is expected that within a few years it will actually be implemented.Page 21 Signcryption Department of Computer Science CUSAT 21 6. Conclusion Signcryption is a very novel idea that, if implemented in the right way, can be very useful. Figure 6 Future Scenario of Signcryption In life, it is human nature to try and do two things at once, or to Ëœkill two birds in one stoneâ„¢. Humans do this to make shortcuts, save on time and resources. Is this best approach to do things? In terms of computer security, like we explained before, we believe that by combining two complex mathematical functions, you will increase the complexity and in turn increase security. Signcryption still has a long way to go before it can be implemented effectively and research is still going on in various parts of the world to try to come up with a much more effective way of implementing this.Page 22 Signcryption Department of Computer Science CUSAT 22 7 . Bibliography and Internet Resources cs.bham.ac.uk/mdr/teaching/modules04/security/letures/public_k ey.html sis.uncc.edu/yzheng/papers/ cs.bham.ac.uk/mdr/teaching/modules04/security/students/ss3/intr oduction%20to%20signcryption.htm bamboowebarticles Computer networks By TanenbaumPage 23 Signcryption Department of Computer Science CUSAT 23 Appendix A Cryptography basics Suppose that someone wants to send a message to a receiver, and wants to be sure tat noone else can read the message. However, there is the possibility that someone else opens the letter or hears the electronic communication. In cryptographic terminology, the message is called a Plaintext or clear text. Encoding the contents of the message in such a way that hides its content from outsiders is called encryption. The encrypted message is called ciphertext. The process of retrieving the plaintext from the ciphertext is called decryption. Encryption and decryption usually makes use of a key, and the coding method is such that only knowing the proper key can perform decryption. Cryptography is the art or science of mathematical techniques related to such aspects of data security as Â¢ Confidentiality, or keeping secret the content of information from unauthorized parties. Â¢ Data integrity, or detecting the unauthorized alteration of data. Â¢ Authentication, or identifying either entities or data origins. Â¢ Nonrepudiation, or preventing an entity from denying previous commitments or actions. Â¢ Cryptanalysis is the study of mathematical methods, which are used in attempting to defeat cryptographic techniques. Cryptology means the study of cryptography and crypt analysis. The method of encryption and decryption is called a cipher. Some cryptographic methods rely on the secrecy of the encryption algorithms; such algorithms are only of historical interest and are not adequate for real world needs. Instead of the secrecy of the methods itself, all modern algorithms base their security on the usage of aPage 24 Signcryption Department of Computer Science CUSAT 24 key; a message can be decrypted only if the key used for decryption matches the key used for encryption. There are two classes of keybased algorithms, symmetric (or secretkey) and asymmetric (or publickey) algorithms. The difference is that symmetric algorithms use the same key for encryption and decryption, where as asymmetric algorithms use a different key for encryption and decryption, and the decryption key cannot be derived from the encryption key. Symmetric algorithms can e derived into stream ciphers and block ciphers. Sream ciphers encrypt a single bit of plaintext at a time , whereas block ciphers take a number of bits, and encrypt them as a single unit. Many symmetric ciphers are described on algorithms page. Asymmetric ciphers (also called public key algorithms) permit the encryption key to be public ( if it can be published to a website), allowing anyone to encrypt with the key, whereas only the proper recipient ( who knows the decryption key) can decrypt the message. The encryption key is also called the public key and the decryption key the private key. The security provided by the ciphers is based on keeping the private key secret. Modern cryptographic algorithms are no longer pencilandpaper ciphers. Strong cryptographic algorithms are designed to be executed by the computers or specialized hardware devices. In most applications, cryptography is done in computer software. Generally, symmetric algorithms are much faster to execute on a computer than symmetric ones. In practice they are often used together, so that the public key algorithm is used to encrypt a randomly generated encryption key, and random key is used to encrypt the actual message using a symmetric algorithm. This is sometimes called hybrid encryption. Description of many good cryptographic algorithms are widely and publicly available from any major bookstore, scientific library or on the internet. The most studied and probably the most widely spread symmetric cipher is DES (DataPage 25 Signcryption Department of Computer Science CUSAT 25 encryption standard). Because of the increase in the computing power of computers, the basic version of DES cannot be considered sufficiently safe any more. Therefore a new, more powerful cipher called AES (Advanced encryption standards) was standardized in 2000. It will likely replace DES as the most widely used symmetric encryption algorithm. RSA is probably the best known asymmetric encryption key algorithm.Page 26 Signcryption Department of Computer Science CUSAT 26 Appendix B RSA Algorithm used for encryption and digital signatures RSA is a cipher algorithm. It is an asymmetric algorithm and plays a key role in public key cryptography. It is widely used in electronic commerce protocols. The algorithm was described in 1977 by Ron Rivest, Adi Shamir and Len Adleman who were all at MIT at the time; the letters RSA are the initials of their surnames. Clifford Cocks, a British mathematician working for GCHQ, described an equivalent system in an internal document in 1973. His discovery, however, was not revealed until 1997 due to its topsecret classification. The security of the RSA system relies on the difficulty of factoring very large numbers; were such factorization to be quick, cryptanalysis of RSA messages would be quick as well. New fast algorithms in this field could render the RSA algorithm insecure, but this is generally considered unlikely. At the moment, just as for all ciphers, inadequately long RSA keys are vulnerable to a brute force search approach. The likely effect of an improvement in factoring technique will be to increase the size of adequately long RSA keys. As of 2004, there is no known method of attack which is feasible against the basic algorithm, and sufficiently long RSA keys make brute force attacks infeasible  that is, effectively impossible. Here's the relatively easy to understand math behind RSA public key encryption. 1. Find P and Q, two large (e.g., 1024bit) prime numbers. 2. Choose E such that E is greater than 1, E is less than PQ, and E and (P 1)(Q1) are relatively prime, which means they have no prime factors in common. E does not have to be prime, but it must be odd. (P1)(Q1) can't be prime because it's an even number. 3. Compute D such that (DE  1) is evenly divisible by (P1)(Q1). Mathematicians write this as DE = 1 (mod (P1)(Q1)), and they call D the multiplicative inverse of E. This is easy to do  simply find anPage 27 Signcryption Department of Computer Science CUSAT 27 integer X which causes D = (X(P1)(Q1) + 1)/E to be an integer, then use that value of D. 4. The encryption function is C = (T^E) mod PQ, where C is the ciphertext (a positive integer), T is the plaintext (a positive integer), and ^ indicates exponentiation. The message being encrypted, T, must be less than the modulus, PQ. 5. The decryption function is T = (C^D) mod PQ, where C is the ciphertext (a positive integer), T is the plaintext (a positive integer), and ^ indicates exponentiation. Your public key is the pair (PQ, E). Your private key is the number D (reveal it to no one). The product PQ is the modulus (often called N in the literature). E is the public exponent. D is the secret exponent. You can publish your public key freely, because there are no known easy methods of calculating D, P, or Q given only (PQ, E) (your public key). If P and Q are each 1024 bits long, the sun will burn out before the most powerful computers presently in existence can factor your modulus into P and Q. Shortened Digital Signature Scheme (SDSS proposed by ElGamal) the signature algorithm used is the SDSS scheme proposed by ElGamal. This scheme enables one person to send a digitally signed message to another person and the receiver can verify the authenticity of this message. This scheme uses the private key of the sender to sign the message and the receiver uses the senderâ„¢s public key to verify the signature. The parameters involved are:  m â€œ the message p â€œ a large prime number q â€œ a large prime factor of p. g â€œ an integer with order q modulo p chosen randomly from the range 1,..,p1Page 28 Signcryption Department of Computer Science CUSAT 28 x â€œ a number chosen uniformly at random from the range 1,Â¦,q1 x a â€œ Aliceâ„¢s private key chosen randomly from the range 1,..,p1 y a â€œ Aliceâ„¢s public key y a = g Xa mod p The first step is to compute the component, r, which is essentially a hash of the message m with additional parameters involved. Figure B.1 Computing r in SDSS Next we compute the component, s, using Aliceâ„¢s private key. We do this as follows:  Figure B.2 Computing s in SDSS Next these two components, (r and s) are sent to Bob, along with the message m. On receiving this, Bob uses r, s and Aliceâ„¢s public key to obtain the value k. Then he does a hash of the message using k and verifies that it is equal to r.Page 29 Signcryption Department of Computer Science CUSAT 29 Figure 3.1 © SDSS Verification Bob accepts the message only if the hash of m and k gives him the same message, m that he received from Alice. This will ensure that Alice indeed did digitally sign the message Use Search at http://topicideas.net/search.php wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion



biranchi Active In SP Posts: 1 Joined: Sep 2010 
21092010, 09:20 PM
please send me seminar and presentation ppt with doc file




Important Note..!
If you are not satisfied with above reply ,..PleaseASK HERE
So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this pagePossibly Related Threads...  
Thread  Author  Replies  Views  Last Post  
REDTACTON A SEMINAR REPORT  project girl  2  565 
25042016, 03:58 PM Last Post: mkaasees 

seminar report on cyber terrorism pdf  jaseelati  0  330 
23022015, 01:49 PM Last Post: jaseelati 

seminar report on internet of things  jaseelati  0  378 
29012015, 04:51 PM Last Post: jaseelati 

nano ic engine seminar report  jaseelati  0  321 
21012015, 01:43 PM Last Post: jaseelati 

google glass seminar report pdf  jaseelati  0  344 
21012015, 01:41 PM Last Post: jaseelati 

rolltop laptop seminar report  jaseelati  0  287 
17012015, 03:15 PM Last Post: jaseelati 

bicmos technology seminar report  jaseelati  0  335 
09012015, 02:58 PM Last Post: jaseelati 

3d optical data storage technology seminar report  jaseelati  0  424 
06012015, 04:47 PM Last Post: jaseelati 

icloud seminar report  jaseelati  0  254 
05012015, 03:28 PM Last Post: jaseelati 

3d optical data storage technology seminar report  jaseelati  0  338 
30122014, 03:23 PM Last Post: jaseelati 