• Uses public and private key
• Public key decripts a message encrypted by the private key and vice-versa

• Public Key known by everyone
• Private key kept secret
• To send information, encrypt with public key and then it is decrypted by user at the other end with the private key
• Authentication: Encrypt something with your private key, we can be sure its coming from a specific person, then it can be decripted using the public key

• The public key is e,N
• The private key is d,N
• Getting the numbers
1. Pick 2 large prime numbers called p and q
2. N = P*Q
3. Z = (P-1)*(Q-1)
4. e = any number relatively prime to Z
5. e.d. mod Z = 1
• Encryption using public key
• Plaintext^e mod N
• Encryption with private key
• Plaintext^d mod N

• Allows 2 parties to agree on a shared session key on an unsecured line
• Both parties do not give up their a and b values so it can't be evaesdropped

1. Agree on 2 numbers, a large prime number m and an integer g
2. Alice generates a large, random number a, and keeps it secret
3. Alice computes X = g^a mod m sends X to Bob
4. Bob generates a large, random number b, and keeps it secret
5. Bob computes Y = g^b mod m and sends it to Alice
6. Alice makes her session key = Y^a mod m
7. Bob makes his session key = X^b mod m

• These keys are both equal

• Not the same as meet in the middle attack
• A person sits in the middle and intercepts all information before sending it on the other side
• Middle person negotiates 2 different secret keys with both sides

• Digests are useful as the message can be 'signed' by your private key without having to encrypt the entire message
• A sender gets the digest of a message
• They can then encrypt the digest with their private key
• The message is then sent with the digest
• The receiver will take a digest of the message they receive
• They will then decrypt the received message with the sender's public key
• If the two digests are the same then the message was sent by the correct person and the message hasn't been changed

1. Split the message into 512-bit chunks
2. 5 variables H0-H4 are predefined with a 32-bit number
3. Repeat steps 4-17 for each 512-bit chunk
4. We take the 16 32-bit words and make an 80-word array 'w'
5. We initialize variables A-E with what's in H0-H4
6. Repeat steps 6-12 for each word in the array
7. temp = (A left rotate 5) + fi(B, C< D) + E + ki + w[i]
1. Every 20 words fi is made a different combination of B, C  & D
2. Every 20 words ki is a different constant
8. E = D
9. D = C
10. C = (B left rotate 30)
11. B = A
12. A = temp
13. H0 = H0 + A
14. H1 = H1 + B
15. H2 = H2 + C
16. H3 = H3 + D
17. H4 = H4 + E
18. Final hash = H0+H1+H2+H3+H4
    
    

• Shared Secret Key Process
• Public Key Process
• Key Distribution Centre
• X.509

1. A and B share a key
2. A unique nonce is used for each message
3. A takes the hash of the message, the nonce and the secret key combined
4. A sends the message, the hash and the nonce to B
5. B takes the hash of the received message, the nonce and the secret key combined
6. B compares it with the hash sent for validation

The nonce ensures the attacker cannot resend the same "Signaled" message because the nonce may only be used once

1. A hashes their message
2. A encrypts the hash with their private key to make a signature
3. A sends their message and signature to B
4. B decrypts the hash using A's public key
5. B hashes the message from A
6. B compares the two hashes for validation

• Usually if N people need to communicate, N² passwords are needed
• KDC allows for only N passwords to be needed
• A KDC is trusted if each user has a single secret shared with the KDC
• A passes a on sender(A), receiver(B) and the session key encrypted in A's secret key to the KDC
• The KDC then sends the message on to the receiver(B) with the sender(A) and the session key encrypted in B's secret key
• The sender and receiver can then communicate without the KDC
• This is vulnerable to replay attacks, but nonces or timestamps can be used to avoid this problem

• Allows you to be sure that the public key is form the person you think it is
• A trusted certification authority certifies the public key for someone
• Public keys are distributed with certificates
• You append the message digest with the CA's private key
• This uses chain of trust, a CA can be signed by a parent CA etc
• You will eventually need to know the public key of a root CA
• There are multiple root CAs and these are preloaded into computers and browsers
• Root certificates sign themselves

• Agreeing on a contract and a hash function
• A and B both have a public and private key and a copy of the contract
• Signing
• Validating

1. hash A is made of the contract
2. A signs the contract
3. B signs the contract
4. A signs B's signature
5. B signs A's signature
6. The contract is stored with the doubly signed message digests

1. Decrypt the two doubly signed message digests
2. Compare to see if they are equal