? Editing: Post:21.body Save Delete Cancel
Content changed Sign & Publish new content

Ivanq's Blog

Posts about encryption, zite development and everything else you want

Follow in NewsfeedFollowing

Latest comments:

Add new post

Title

21 hours ago · 2 min read ·
3 comments
Body
Read more

Not found

Integrated Encryption Scheme and MAC

on Apr 29, 2019 · 6 min read

Today, we'll talk about MAC, DLIES and ECIES.

DLIES

The first topic is DLIES, or Discrete Logarithm Integrated Encryption Scheme.

Pretend Alice wants to send a message to Bob. Alice doesn't want others to read the message, so she's going to encrypt it. Let's help Alice!


Pretend we have the following:

m the message to encryptpZ finite field moduloGFp the generatorbFp Bob’s private keyBFp Bob’s public key
m - \space \text{the message to encrypt} \newline
p \in \Z - \space \text{finite field modulo} \newline
G \in \mathbb{F}_p - \space \text{the generator} \newline
b \in \mathbb{F}_p - \space \text{Bob's private key} \newline
B \in \mathbb{F}_p - \space \text{Bob's public key}

(of course, Alice doesn't have Bob's private key)

Here's what we're going to do now:

  1. Bob creates and shares the public key as B=GbB = G^b.

  2. Alice generates a random private key aFpa \in \mathbb{F}_p and derives public key as A=GaA = G^a.

  3. Alice derives a shared secret S=BaS = B^a (you can notice that S=GabS = G^ab).

  4. Alice uses a symmetric cipher (e.g. AES or 3DES) to make ciphertext c=ES(m)c = E_S(m), where Ek(m)E_k(m) means "encrypt message mm with key kk".

  5. Alice sends AcA \Vert c to Bob.

Then, when Bob wants to decrypt the message, that's what he does:

  1. Bob receives the ciphertext cc and Alice's public key AA.

  2. Bob derives a shared secret S=AbS = A^b (you can notice that S=GabS = G^ab).

  3. Bob decrypts the ciphertext: m=ES1(c)m = E^{-1}_S(c).

Increasing security

Notice something interesting:

Alice generates a random private key for every message. This means that the shared secret is always different, and there is no way to get several messages encrypted with one key which is safer.

This, however, only means that a message can't be decrypted — this does not mean that it can't be changed.

There are many symmetric encryption algorithms which allow you to change the message even if you don't have the private key: for example, flipping a bit in the ciphertext will also flip the same bit it in the message.

Here's what you could do: if you know that the message looks the following way:

Hello! You wanted to send me the payment for my work, do you remember this? Please send it to this bitcoin address: 1HeLLo4uzjaLetFx6NH3PMwFP3qbRbTf3D.

Here's what you could make it look like:

Hello! You wanted to send me the payment for my work, do you remember this? Please send it to this bitcoin address: 1FwH89xyniDgy3t6fCWrggLs22MnGPZ5K5.

Oops.

There's also another similar problem: Bob has no idea who sent him the message. If someone knows Alice's public key, he can send garbage to Bob, which could, however, do something bad.

Oops.

MAC

Some people, when confronted with a problem, think, “I know, I’ll use regular expressions.” Now they have two problems.

On the other side, MAC solves two problems, and that's exactly what we're looking for.

First of all, what's MAC? MAC stands for "Message Authentication Code".

Pretend you have a magic function MACk(m)MAC_k(m) that somehow returns a proof that you have the private key kk and the message mm hasn't been changed. What would you do then?

We can update DLIES with the following step:

  • When Alice wants to send a message to Bob, she does the following:

    1. Generate the encryption key and the MAC key via kEkMAC=Bak_E \Vert k_{MAC} = B^a.

    2. Get the ciphertext: c=EkE(m)c = E_{k_E}(m).

    3. Get the MAC: d=MACkMAC(c)d = MAC_{k_{MAC}}(c).

    4. Send AdcA \Vert d \Vert c.

  • When Bob wants to receive a message from Alice, he does the following:

    1. Generate the encryption key and the MAC key via kEkMAC=Abk_E \Vert k_{MAC} = A^b.

    2. Verify MAC: if dMACkMAC(c)d \neq MAC_{k_{MAC}}(c), stop.

    3. Decrypt the message: m=EkE1(c)m = E^{-1}_{k_E}(c).

ECIES

Elliptic curves are better than integers, right? Let's think how to use our knowledge to apply EC here!

First, we of course know how to generate the public key: A=aGA = aG. Second, we can use X coordinates everywhere where we need integers.

So, here's the algorithm for encryption:

  1. Generate random private key aFna \in \mathbb{F}_n.

  2. Generate public key A=aGA = aG.

  3. Derive encryption key and MAC key kEkMAC=xaBk_E \Vert k_{MAC} = x_{aB}.

  4. Generate ciphertext c=EkE(m)c = E_{k_E}(m).

  5. Generate MAC d=MACkMAC(c)d = MAC_{k_{MAC}}(c).

  6. Send xAyAdcx_A \Vert y_A \Vert d \Vert c.

The decryption algorithm is the following:

  1. Derive encryption key and MAC key kEkMAC=xbAk_E \Vert k_{MAC} = x_{bA}.

  2. Check MAC: if dMACkMAC(c)d \neq MAC_{k_{MAC}}(c), stop.

  3. Decrypt message m=EkE1(c)m = E^{-1}_{k_E}(c).

0 Comment:

user_name1 day ago
Reply
Body
This page is a snapshot of ZeroNet. Start your own ZeroNet for complete experience. Learn More