Cryptography Reference
In-Depth Information
As noted in [253], several SKC schemes were delineated, all with problems
concerningauthentication that the followingPKC scheme solves.
How is the treaty enforced?
Suppose that two countries,
A
and
B
, sign a treaty to terminate all un-
derground nuclear weapons testing. Both
A
and
B
need to verify that the
other is not engaging in underground testing. To do this, country
A
, say, will
put seismic monitors in country
B
, since one of the most reliable methods of
detecting underground tests is the measurement of ground motion from such
mechanisms. Also, we need a
monitor
, whom we will call
Monty
, from, say, the
United Nations, in country
B
to relay messages to country
A
from the sensors.
(We assume that both
A
and
B
agree on the construction and placement of
these devices.) In this scenario, both countries have issues.
Country
A
wants to ensure that country
B
does not alter the data, and
country
B
needs to ensure that there is no unauthorized data beingtransmitted
to
A
. Here is how both of these issues can be resolved.
The seismic device, which we will call HAL, secretly generates primes
p
and
q
for an RSA modulus
n
=
pq
, as well as the encipheringkey
e
. Moreover,
we assume that all the security issues discussed on pages 174-179 have been
addressed and programmed into HAL, together with a CSRNG (see page 151).
Thus, after the random process of generating
p
,
q
, and
e
, the Euclidean algo-
rithm would be used to calculate the decryption key
d
. Then
n
=
pq
, and
d
would be provided to Monty, country
A
and country
B
. However,
p
,
q
, and
e
are kept secret within HAL, which is assumed to be deeply buried and tamper-
proof. HAL gathers data
m
and uses
e
to form the information
c
m
e
(mod
n
).
Both
c
and
m
must first pass muster with country
B
, which verifies that
≡
c
d
≡
m
(mod
n
)
(9.1)
so they know that
m
indeed is the data that corresponds to the encrypted data
c
. They then forward
m
and
c
to country
A
, who also verify (9.1). Then country
A
is certain that
m
could not have been altered. They know this since if
B
were
to choose
c
d
(mod
n
)
,
then this is the same effort as decrypting
c
, which the RSA conjecture presumes
is computationally infeasible (see page 175).
m
1
=
m
so that
m
1
≡
Summary of Treaty features
(1) None of
A
,
B
, or Monty can forge messages that would be accepted as
authentic.
(2) Since
n
and
d
are public, both countries
A
, and
B
, as well as Monty may
verify the authenticity of messages.
(3) Since
e
is kept secret from all entities, no unilateral actions are possible
by any entity that would be capable of lesseningthe confidence in the
authentication of the message.
Search WWH ::
Custom Search