ECE 646 – Lecture 4

Pretty Good Privacy PGP Required Reading

Stallings, Cryptography and Network Security: Principles and Practice, 6/E or 7/E

Chapter 19.1 Pretty Good Privacy (PGP)

On-line Chapters (available after registration): Appendix O Data Compression Using Zip Appendix P More on PGP Short History of PGP based on the book Crypto by Steven Levy Phil Zimmermann – early years

• grew up in Florida, got interested in cryptography in teenage years • studied physics at Florida Atlantic University, 1972-1977 • learned about RSA shortly after its discovery, from the Mathematical Recreational column in Scientific American • became active in the antinuclear political movement of 1970s-1980s Collaboration with Charlie Merritt • in 1984, Zimmermann was contacted by Charlie Merritt, who implemented RSA on a microcomputer based on Z80 8-bit microprocessor • by 1986, Merritt passed to Zimmermann all his knowledge of multiprecision integer arithmetic required to implement RSA • In 1986, Merritt and Zimmermann met with Jim Bidzos, the new CEO of RSA Data Security Inc., who brought with him a copy of Mailsafe, a program written by Rivest and Adleman, implementing RSA. After the meeting: • Zimmermann claimed that Bidzos offered him a free license to RSA • Bidzos strongly denied such claims Early Work (1986-1991)

• in 1986, Zimmermann summarized his ideas in the paper published in IEEE Computer • As a secret key cipher he chose a cipher developed by Merritt for navy, with his own security improvements. He called this cipher Bass-O-Matic, see http://www.nbc.com/saturday-night-live/video/bassomatic/n8631?snl=1

• in 1990, he devoted his time completely to finishing the program he called Pretty Good Privacy • In 1990 he called Jim Bidzos to confirm his free RSA license. Bidzos strongly denied ever making such offer. Release of PGP 1.0 - 1991 • In 1991, out of the fear of the government making all encryption illegal (prompted by an antiterrorist Senate bill 266 co-sponsored by Joe Biden) he decided to release PGP as soon as possible, and changed its classification from "shareware" to "freeware" • In May 1991, Zimmermann passed the program to a fellow crypto enthusiast to spread it on the Internet "like dandelion seeds" Release of PGP 1.0 - 1991 • In the first weekend of June 1991, PGP 1.0 was uploaded to multiple servers (all located in the U.S.). Its documentation included a motto: "When crypto is outlawed, only outlaws will have crypto". • The very next day people were encrypting messages with PGP all over the world (in violation of the U.S. crypto export regulations) Legal Problems • RSA Data Security Inc. and Public Key Partners accused Zimmermann of violating their patents • PGP 2.0, released in September 1992 from Amsterdam and Auckland, replaced Bass-O-Matic by a much stronger Swiss cipher called IDEA with the 128-bit key • In February 1993 Zimmermann became the formal target of a criminal investigation by the US Government for "munitions export without a license”. In 1996, the investigation of Zimmermann was closed without filing criminal charges against him or anyone else. • PGP 5 released in 1997 introduced use of the CAST-128 symmetric key algorithm, and the ElGamal asymmetric key algorithm (referred in the documentation as Diffie- Hellman), mitigating patent dispute with RSA Data Security Inc. and PKP. Later Years

• In 1997, IETF (Internet Engineering Task Force) started the development of a standard called OpenPGP

• The Free Software Foundation has developed its own OpenPGP-compliant program called GNU Privacy Guard (abbreviated GnuPG or GPG)

• Most recently, several iOS and Android OpenPGP- compliant applications have been released, such as iPGMail for iOS and APG for Android Internal Operation of PGP: Implementation of Security Services PGP – Authentication Only

Notation: M - message H – hash function EP – public key encryption || - concatenation Z - compression using ZIP algorithm

KRa – private key of user A KUa – public key of user A Non-repudiation Alice Bob Message Signature Message Signature

Hash Hash function function

Hash value 1 Hash value yes no Hash value 2 Public key Public key cipher cipher

Alice’s private key Alice’s public key PGP – Confidentiality Only

Notation: M - message Z - compression using ZIP algorithm EC / DC – classical (secret-key) encryption / decryption EP / DP – public key encryption / decryption || - concatenation

Ks - session key KRb – private key of user B KUb – public key of user B Hybrid Systems - Sender’s Side (2)

Alice message session key 1 random Secret key cipher

2 Public key cipher Bob’s public 3 key

Session key Message encrypted encrypted using using session key Bob’s public key Hybrid Systems - Receiver’s Side (2)

Bob message session key 2 random Secret key cipher 1 Public key cipher Bob’s private key

Session key Message encrypted encrypted using using session key Bob’s public key PGP – Confidentiality and Authentication

Notation: M - message H – hash function Z - compression using ZIP algorithm EP / DP – public key encryption / decryption || - concatenation EC / DC – classical (secret-key) encryption / decryption

Ks - session key KRa / KRb – private key of user A / B KUa / KUb – public key of user A / B Transmission and Reception of PGP Messages

[Stallings, 2014] PGP Operation – Compression

• by default PGP compresses message after signing but before encrypting – so can store uncompressed message & signature for later verification – because compression is non deterministic • uses ZIP compression algorithm Major idea behind ZIP compression

[Stallings, 2014] Radix-64 Conversion

The '==' sequence indicates that the last group contained only one byte, and '=' indicates that it contained two bytes. [Stallings, 2014] Radix-64 Encoding

[Stallings, 2014] Radix-64 Conversion Example General Format of PGP Message

[Stallings, 2014] Summary of PGP functions

[Stallings, 2010] Private Key Ring

[Stallings, 2014] Public Key Ring

[Stallings, 2014] PGP Message Generation (without compression or radix-64 conversion)

[Stallings, 2014] PGP Message Reception (without compression or radix-64 conversion)

[Stallings, 2014] PGP: Flow of trust

Manual exchange of public keys:

Las Vegas Edinburgh Bob Û David David Û Betty

Bob David Betty (Washington) (New York) (London)

David, send me Betty’s public key

Betty’s public key signed by David

message encrypted using Betty’s public key PGP Trust Model

[Stallings, 2010]