How do Machines Keep Secrets II

https://slides.com/djjr/ct2025-secrets02

EN.501.152.FA25

Ryan: FYS Computational Reasoning Fall 2025

Lecture content licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Creative Commons Licence

Playlist

REFERENCES/RESOURCES

Google Drive

See Also

IMAGES

Google Drive

Outline

CH 3 Asymmetric encryption

What did we learn from Eddy Woo?

RSA starts by generating a "key pair" - one private or secret and one public.  So we sometimes write SK and PK

We can encrypt with either one.

We can decrypt with the "other" one only.

RSA (Rivest–Shamir–Adleman) is an asymmetric cryptographic algorithm algorithm used to encrypt and decrypt messages.

Asymmetric means one key is used to encrypt and another is used to decrypt.

Generate RSA Keys

(5,14) \\(11,14) \\\text{encrypt(b): }2^5 \text{ mod } 14 = 4\\ \text{decrypt(4): }4^{11} \text{ mod } 14 = 2
\text{Pick 2 primes: } p = 2, q = 7\\ N = pq = 14 \text{Compute number of coprimes N has with p and q}\\ \phi(N) = (p-1)(q-1) \text{Choose e (first encryption element) such that} \\ 0 \lt e \lt \phi(N) \text{ and } e { is coprime with } N, \phi(N) \\ e = 5 \\ \text{Find d for decription such that } d e \text{ mod } \phi(N) = 1\\

Why "public" and "private"?

Two kinds of "secret keeping"

I want to create something that only you can read

I want to create something that you can be certain came from me.

RSA DEMO

https://www.devglan.com/online-tools/rsa-encryption-decryption

ONLINE RSA

"Public Key Cryptography Standards"

4.2.1Electronic codebook (ECB)

CONFIDENTIALITY

  1. You generate public and private key


     
  2. You tell me your public key
  3. I encrypt message with your public key
  4. I send you the encrypted message
  5. You decrypt message with your private key

Sending a message for your eyes only

For your eyes only

AUTHENTICATION

  1. I generate public and private key


     
  2. I encrypt message with my private key
  3. I tell you my public key
  4. I send you the encrypted message
  5. You decrypt message with my public key

Sending a message you know comes from me

Anyone can read it and know it is from me

I'd like a secure session

Here is SPUBKEY

Here is ESPUBKEY(CPUBKEY)

ECPUBKEY("READY")

ESPUBKEY("REQUEST")

ECPUBKEY("RESPONSE")

DCPRIVKEY("READY")

process

DSPRIVKEY("REQUEST")

process

hacker

hacker

Server private key not available to hacker

Client private key not available to hacker

With What We Have So Far

Certificates

Start with information about yourself

Ask a trustee to validate and confirm

Trustee signs certificate with private key

Recipient  uses trustee's public key to decrypt

If result matches certificate then it's valid.

I am Dan.
This IS Dan.
45ab98de7ff7ced213198005adfe

Skey(trustee)

Web connection receives certificate

Secure Web Exchange

Browser generates keys and sends public as "session" key, encrypted with server's public key.

Server encrypts web page content with session key.

Browser encrypts content to send with private session key.

Browser decrypts content with private key.

Server decrypts content with session key.

Certificate includes server's public key.

Hashing

Quick Interlude: Hashing

Hashing

  1.  a hash function maps or converts arbitrary data (meaning data of any size) to a fixed sized piece of data in a more or less unique way
     
  2. that is, no two things will have the same hash
     
  3. in general it is a one way operation
     
  4. that is, you can't unhash the hash to find out what the original data was

HASHING REFERENCES

Google Drive

Example

Example

Example

1st letter of first name

3rd letter of first name

3rd letter of last name

1st letter of last name

length of first name

length of last name

dnracdgg

month of birth

date of birth mod 26*

* 1=a, 2=b, ..., 27=a, 28=b, 29=c, 30=d, 31=e

Cryptographic Hash

A cryptographic hash (sometimes called ‘digest’) is a kind of ‘signature’ for a text or a data file.

Cryptographic Hash

aa58b21b01d6b8a99c1a5856962dbac36c758a79dc0a77c2e013ce2c39ecdc8a

da

ec4f2dbb3b140095550c9afbbb69b5d6fd9e814b9da82fad0b34e9fcbe56f1cb

dan
Nam tristique hendrerit iaculis. Ut quis tortor velit. Proin posuere turpis ac mi tincidunt, id vulputate augue semper. Nulla finibus ex nisi, eget feugiat nisl sollicitudin sit amet. Suspendisse dui lorem, sollicitudin eget sodales vitae, gravida vel libero. Morbi elementum id mi non cursus. Proin hendrerit placerat sapien, ut placerat sapien tincidunt vel. Donec pellentesque justo neque, a faucibus odio rhoncus vitae. Quisque viverra aliquet pulvinar. Mauris porta urna vel porttitor rutrum. Quisque dictum finibus neque, ut convallis augue finibus ac. Suspendisse libero lorem, maximus ac tristique et, gravida eget diam. Donec semper dui metus. Pellentesque lobortis porta commodo.

Aenean eu augue ultricies, fringilla augue nec, blandit arcu. Nunc consectetur libero tristique, ornare felis consectetur, tincidunt dolor. Nulla facilisi. Sed et feugiat mauris, ac dapibus leo. Etiam eget accumsan lacus. Nam facilisis tortor vel odio sollicitudin auctor. Maecenas quis vulputate enim. Aliquam condimentum justo leo, in bibendum magna fringilla ac. Phasellus a facilisis lorem. Quisque facilisis leo eros, non ultrices tellus volutpat at. Nulla et leo vehicula tellus egestas luctus sed mollis mauris. Maecenas lobortis nec risus sed convallis. Vivamus sit amet imperdiet quam. Cras maximus dui et pellentesque dignissim.

30293f4f02f784c4166a3e17109f01625bd1bfe97de2e017eebf9d23a55d9caf

We just learned two things

  1. Different sized inputs produce same size output
  2. Similarity in input does not mean similarity in output

Cryptographic Hash

A cryptographic hash (aka ‘digest’) is a transformation of a text or a data file into an almost-unique fixed length block of data.

A hash is not ‘encryption’ insofar as it cannot be decrypted back to the original text.

As a ‘one-way’ cryptographic function it can be used on a copy of a document and then compared to a hashed version of an original to verify that the copy is accurate to the original.

SHA-256

 an algorithm that generates an almost-unique 256-bit (32-byte) signature for a text input.

Secure Hashing Algorithm 256 bit

SHA256 Pseudocode

SHA-256 Implemented in JS

DIGITAL SIGNATURE

  1. I generate public and private key


     
  2. I create a hash of my document.
  3. I encrypt the hash with my private key (the signature)
  4. I tell you my public key
  5. I send you the message and the encrypted hash
  6. You hash the message and decrypt the signature with my public key
  7. If the two hashes match then you have the same document that I signed

HOW do I guarantee that I signed THIS document?

only you can read it

Information Security

How to operate on lots of data? Break it up into blocks. Blocks always same size. Padding.