P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
Pgp
1. 1SC700 A2 Internet Information Protocols
4/17/2001
Application Presentation by J. Chu
Pretty Good Privacy
2. 2SC700 A2 Internet Information Protocols
4/17/2001
Pretty Good Privacy (PGP)
The first version of PGP was programmed
in 1991 by Phil R. Zimmerman, who later
founded PGP Security Consulting.
PGP is one of the most popular encryption
and authentication algorithm world-wide.
PGP is more widely used in electronic mail
security than any other areas.
Pretty Good Privacy – J. Chu
Phil R. Zimmerman
Background
3. 3SC700 A2 Internet Information Protocols
4/17/2001
Pretty Good Privacy (PGP)
PGP is a hybrid cryptosystem; it is a combination of
some of the best known encryption algorithms in
existence.
While PGP has the speediness of a symmetric-key
encryption algorithm, it maintains the high level of
security of a public-key encryption algorithm.
Pretty Good Privacy – J. Chu
Background (continues)
4. 4SC700 A2 Internet Information Protocols
4/17/2001
Pretty Good Privacy (PGP)
"If all the personal computers in the world - 260 million -
were put to work on a single PGP-encrypted message, it
would still take an estimated 12 million times the age of
the universe, on average, to break a single message.”
- Deputy Director William Crowell
National Security Agency
3/20/1997
Pretty Good Privacy – J. Chu
Background (continues)
5. 5SC700 A2 Internet Information Protocols
4/17/2001
Why choose PGP over RSA?
RSA is very secured given a large enough key. However,
it is definitely no fun having to compute 567^2128
for
every single letter in order to encrypt or decrypt a
message. During the 80’s and early 90’s, not too many
computer in the world can handle such complex
computations in a short period of time.
This is when PGP comes in…It is fast, secured, and best
of all, everyone** can use!
(**note: by publishing the source code of PGP on the Internet, Phil Zimmerman actually got
prosecuted by the United States Government for exporting a weapon.)
Pretty Good Privacy – J. Chu
Introduction
6. 6SC700 A2 Internet Information Protocols
4/17/2001
The following algorithms are employed by PGP:
1. IDEA Cipher
- developed by James Massey & Xuejia Lai in 1990
2. RSA Public Key Encryption
- developed by Rivest, Shamir, and Adelman in 1977
3. GZIP
- A combination of Lempel-Ziv and Huffman Encoding
Pretty Good Privacy – J. Chu
Introduction (continues)
7. 7SC700 A2 Internet Information Protocols
4/17/2001
About the IDEA cipher:
1. IDEA: International Data Encryption Algorithm
2. Message is encrypted with a 128-bit IDEA key via
different combinations of operations:
a. Additions (mod 216
)
b. Multiplication (mod 216
+ 1)
c. Additions (mod 2) (i.e. XOR)
3. There are currently no known effective attacks against
the IDEA cipher.
Pretty Good Privacy – J. Chu
Algorithm
8. 8SC700 A2 Internet Information Protocols
4/17/2001
The IDEA cipher algorithm:
1. Original text is divided into 64-bit blocks.
2. Each 64-bit block is further divided into four 16-bit sub-
blocks: X1, X2, X3, X4.
3. The 128-bit IDEA session key is divided into eight 16-bit
key-blocks: Ki,1, Ki,2, Ki,3, Ki,4, Ki,5, Ki,6, Ki,7, Ki,8.
4. Addition and Multiplication are perform on each block of Xn
and Ki,j.
5. The combination of operations are performed eight times to
get the final encryption.
Pretty Good Privacy – J. Chu
Algorithm (continues)
9. 9SC700 A2 Internet Information Protocols
4/17/2001
IDEA
Algorithm:
Pretty Good Privacy – J. Chu
Algorithm (continues)
10. 10SC700 A2 Internet Information Protocols
4/17/2001
Problems with IDEA cipher:
1. IDEA is a symmetric-key cryptosystem. In order to
decrypt a cipher, one must know the very same key that
is used to encrypt the message.
2. Since the IDEA key is 128-bit long, it is not easy to
memorize and therefore it must be recorded.
Pretty Good Privacy – J. Chu
Algorithm (continues)
11. 11SC700 A2 Internet Information Protocols
4/17/2001
PGP Improvements:
1. Instead of using the the same key each time, PGP
randomly generated a new IDEA key for every session.
The same message sent at different times will be totally
different and remembering the key will be useless and
unnecessary.
2. The IDEA key is encrypted via RSA public key
encryption algorithm. Decryption can be achieved only
by those who knows the complementary key.
3. PGP compresses packages with GZIP.
Pretty Good Privacy – J. Chu
Algorithm (continues)
12. 12SC700 A2 Internet Information Protocols
4/17/2001
How PGP Encrypts:
1. Original text is encrypted into IDEA cipher text with a
128-bit random key via IDEA encryption.
2. The IDEA session key is encrypted with a large public
key via RSA encryption.
3. The encrypted IDEA session key is appended to the
IDEA cipher text.
4. GZIP is used to compress the data into a PGP package.
Pretty Good Privacy – J. Chu
Algorithm (continues)
13. 13SC700 A2 Internet Information Protocols
4/17/2001
How PGP Encrypts:
Pretty Good Privacy – J. Chu
Algorithm (continues)
14. 14SC700 A2 Internet Information Protocols
4/17/2001
How PGP Decrypts:
1. PGP package is decompressed and is separated into the
encrypted IDEA session key and the encrypted IDEA
cipher text.
2. IDEA session key is decrypted with RSA private key.
3. IDEA session key decrypts the IDEA cipher text into the
original plain text.
Pretty Good Privacy – J. Chu
Algorithm (continues)
15. 15SC700 A2 Internet Information Protocols
4/17/2001
How PGP Decrypts:
Pretty Good Privacy – J. Chu
Algorithm (continues)
16. 16SC700 A2 Internet Information Protocols
4/17/2001
PGP over IDEA & RSA:
Although IDEA and RSA are very strong encrypting
algorithms, they do have their weaknesses: IDEA uses a
single and lengthy key while RSA employs complex and
lengthy computations.
By combining both IDEA and RSA, PGP uses the
strengths of one algorithm to compensate for the
weaknesses of the other. As the result, PGP is one of the
strongest and fastest encrypting algorithm in existence.
Pretty Good Privacy – J. Chu
Conclusion
17. 17SC700 A2 Internet Information Protocols
4/17/2001
Back, Adam, “PGP Timeline.”
“http://www.cypherspace.org/~adam/timeline/”, 1998.
Brown, Lawrie, “Cryptography and Computer Security.”
“http://www.cs.adfa.oz.au/teaching/studinfo/csc/lectures/”, 2001.
Davie and Peterson, Larry L., Computer Networks. 2nd
ed. Boston: Morgan Kaufmann, 2000.
Page 599-601.
Feisthammel, Patrick, “PGP – Pretty Good Privacy.”
“http://www.rubin.ch/pgp/pgp.en.html”, 2000.
Gimon, Charles A., “The Phil Zimmerman Case.”
“http://www.skypoint.com/members/gimonca/philzima.html”, 1996.
“PGP International Homepage.”
“http://www.pgpi.org”, 2001.
“PGP Security BIND vulnerability COVERT CyberCop Gauntlet.”
“www.pgp.com”, 2001.
Pretty Good Privacy – J. Chu
References