Cryptography and Non-Repudiation

Introduction

• Importance of Verification in Data Transmission: Ensuring data received is truly from the sender.
• Analogy with Contracts: Similar to how a contract is signed and verified.
• Focus of Lecture: Non-repudiation in cryptography through proof of integrity and proof of origin.

Proof of Integrity

• Definition: Verifying received data is exactly as sent.
• Methods: Use of cryptographic hashes.

Hashing

• Purpose: Provides a fingerprint or message digest of data.
• Functionality:
  • A hash is a short string derived from the original data.
  • Any change in data results in a different hash.
  • Example: Changing a single character in a file results in a completely different hash.
• Use Case: Project Gutenberg example - demonstrating the creation and verification of hashes to check data integrity.

Proof of Origin

• Definition: Verifying the sender of the data.
• Methods: Use of digital signatures.

Digital Signature

• Purpose: Provides non-repudiation, ensuring the data came from the claimed sender.
• Mechanism:
  • A digital signature is created using a private key known only to the sender.
  • Verification is done using the public key associated with that private key.
• Practical Example:
  • Scenario: Alice sends a message "You're hired, Bob".
  • Process:
    1. Alice hashes the message.
    2. Encrypts the hash with her private key (creating a digital signature).
    3. Sends the message and digital signature to Bob.
    4. Bob receives the message, uses Alice’s public key to decrypt and verify the signature.
    5. Bob hashes the received message and compares it to validate the origin and integrity.
• Automation: Normally done automatically or by clicking a button.

Conclusion

• Importance of Digital Signatures: Provides assurance of data integrity and origin.
• Understanding Process: Vital for appreciating the security of transactions.