1 / 61

Session 4

Session 4. Asymmetric ciphers. Contents. Definition of asymmetric (public key) ciphers Applications of asymmetric ciphers The public key encipherment procedure The RSA public key cipher system. KEY. KEY. encipher. Ciphertext. decipher. Plaintext. Plaintext. A. B. Cryptanalysis.

allen-cooley
Download Presentation

Session 4

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Session 4 Asymmetric ciphers

  2. Contents • Definition of asymmetric (public key) ciphers • Applications of asymmetric ciphers • The public key encipherment procedure • The RSA public key cipher system

  3. KEY KEY encipher Ciphertext decipher Plaintext Plaintext A B Cryptanalysis decrypt Asymmetric cipher definition • The general cryptographic procedure:

  4. Asymmetric cipher definition • In a symmetric cipher system, the same key is delivered to both participants in advance, via a secure channel. • If there are n participants, the keys have to be distributed pairwise, i.e. • Each participant is given n -1 different keys • The total number of keys is n (n -1)/2. • Consequence: problems with distribution, storage and updating of keys.

  5. Asymmetric cipher definition • An alternative key distribution system is needed, or a different cipher system. • There is not much flexibility left within a symmetric cipher system to distribute the keys in a better way. • Then we need a cipher system that would NOT use the secure channel to distribute the keys.

  6. Asymmetric cipher definition • How can we define such a system? • Does such a system exist? • If such a system exists in theory, can we realize it in practice? • What is the security of such a system?

  7. Asymmetric cipher definition • Diffie-Hellman’s definition of a public key (or asymmetric) cipher system (1976) (1): • Let {K } be a finite key space and let {M } be a finite message space. • A public key cipher system is a pair of families of transformations and representing irreversible transformations:

  8. Asymmetric cipher definition • Diffie-Hellman’s definition of a public key (or asymmetric) cipher system (1976) (2): • In such a system, the following holds: • For every K{K }, EK is the inverse of DK • For every K{K } and M{M }, the algorithms EK and DK are easy to compute • For almost every K{K }, each easily computed algorithm equivalent to DK is computationally infeasible to derive from EK • For every K{K }, it is feasible to compute inverse pairs EK and DK from K.

  9. Asymmetric cipher definition • From the property 3, EK can be made public, without compromising DK • From the property 4, there is a guarantee that there is a feasible way of computing corresponding pairs of inverse transformations EK and DK.

  10. Asymmetric cipher definition • Given a system of this kind, the problem of key distribution is vastly simplified: • Each participant generates a pair of inverse transformations, E and D. • The deciphering transformation D must be kept secret but need not be transmitted by any channel – we do not need a secure channel. • The enciphering transformation E can be made public – placed in a public directory.

  11. Asymmetric cipher definition • But we still do not know whether such a cipher system is (theoretically) possible. • One of the possibilities to theoretically well define such a system is through so called one-way functions.

  12. Asymmetric cipher definition • A function y =f (x ) is a one-way function if • For any x, it is feasible to compute f (x ) • For almost all y in the range of f, it is computationally infeasible to solve the equation y =f -1(x ), for any x in the domain.

  13. Asymmetric cipher definition • The function f is not invertible from the computational point of view. • A special class of one-way functions is of interest in the public key context – trap-door one-way functions.

  14. Asymmetric cipher definition • A trap-door one-way function • A simply computed inverse exists • But given f, it is conditionally computationally infeasible to find a simply computed inverse • Only through knowledge of certain trap-door information can easily computed inverse be found.

  15. Asymmetric cipher definition • The problem • Strictly mathematically speaking, the existence of (trap-door) one-way functions has not been proved yet. • There are functions that have properties similar to these functions – we believe that they are candidates for (trap-door) one-way functions.

  16. Asymmetric cipher definition • Rivest-Shamir-Adleman’s (RSA’s) definition of an asymmetric (public key) cipher system (1977) (1): • Let E be an encipherment transformation and let D be the corresponding decipherment transformation.

  17. Asymmetric cipher definition • RSA’s definition of an asymmetric (public key) cipher system (1977) (2): • The properties of E and D • D (E (M ))=M • Both E and D are feasible to compute • Publicly revealing E does not reveal a feasible way to compute D • E (D (M ))=M

  18. Asymmetric cipher definition • A function E satisfying the properties 1-3 is a trap-door one-way function. • A function E satisfying the properties 1-4 is a trap-door one-way permutation (one-one and onto).

  19. Applications of asymmetric ciphers • Confidentiality • Integrity – digital signatures • Authentication – hash functions • Key exchange

  20. The public key encipherment procedure • The participants in the communication are usually given names, such as Alice and Bob. • Alice uses the transformation EA for encipherment and DA for decipherment • Bob uses the transformation EB for encipherment and DB for decipherment.

  21. The public key encipherment procedure • Illustration-confidentiality: Alice sends an enciphered message to Bob

  22. The public key encipherment procedure • Alice takes EB from a public directory • DB is kept secret by Bob. It is not transmitted by any means – no secure channel is needed.

  23. The public key encipherment procedure • The confidentiality protocol

  24. The RSA public key cipher system • The prerequisites: each participant does the following (1): • Generates two large distinct random primes p and q, approximately of the same size (if encoded in bits) • Computes n =pq and  (n )=(p -1)(q -1) • Selects a random integer e, 1<e < (n ), such that (e,  (n ))=1

  25. The RSA public key cipher system • The prerequisites: each participant does the following (2): • Computes the unique integer d, 1<d < (n ) such that ed1 (mod  (n )). This can be done by means of the extended Euclidean algorithm. • The public key is (n,e) and the private key is d.

  26. The RSA public key cipher system • Encipherment: Alice enciphers a message for Bob • Obtains Bob’s authentic public key (nB,eB) • Represents the message in a form of an integer m on the segment [0,nB-1] • Computes • Sends c to Bob.

  27. The RSA public key cipher system • Decipherment: Bob deciphers the message enciphered by Alice • Bob uses his private key dB to compute • m is converted to a meaningful text.

  28. The RSA public key cipher system • The security of the RSA cipher system lies in the hope that the encipherment function is a one-way function. • The trap-door is the knowledge of the factorization of n. This knowledge allows Bob to decipher.

  29. The RSA public key cipher system • To realize RSA in practice we need (1) • Random primes • Generating random numbers • Primality testing • Euler’s function  (n )

  30. The RSA public key cipher system • To realize RSA in practice we need (2) • Extended Euclidean algorithm • Multiplicative inverse • Modular exponentiation – to compute powers with large exponents

  31. Random primes • Random primes generation • Generate a random integer m • If m is even, replace m by m +1 • Test if m is prime • If m is not prime, test if m +2 is prime, etc.

  32. Random primes • Theorem (the prime number theorem) • If m is chosen at random, the probability that m is prime is approximately 1/lnm. • Consequence: we can expect to test lnm numbers for primality.

  33. Random primes • Example: if m can be represented with 512 bits, (i.e. the maximum representable integer is 2256-1) then lnm 177, which means that we have to test approximately 177 integers before we find a prime of that size.

  34. Random primes • Primality testing • In practice, probabilistic (Monte Carlo) algorithms for testing primality are used, e.g. • Solovay-Strassen • Miller-Rabin • These algorithms are fast, but they may give an integer that is not a prime at output, but the probability of this is small.

  35. The Euler’s function  (n ) • Let n be a positive integer. • The Euler’s function  (n ) is defined to be the number of positive integers b less than or equal to n, which are relatively prime to n, i.e.

  36. The Euler’s function  (n ) • Theorem - computing  (n ) • Given a positive integer n with the factorization • Then

  37. The Euler’s function  (n ) • Example – RSA • n =pq, where p and q are primes • Then  (n ) = (p1-p 0)(q1-q 0)=(p -1)(q -1)

  38. Extended Euclidean algorithm • Euclidean algorithm - computes (a,b), given integers a and b

  39. Extended Euclidean algorithm • Example: find (1180,482) • 1180 = 2482 + 216 • 482 = 2216 + 50 • 216 = 450 + 16 • 50 = 316 + 2 • 16 = 82 + 0 • So, (1180,482)=2

  40. Extended Euclidean algorithm • Theorem – extended Euclidean algorithm • Let d =(a,b), where a >b. • Then there exist integers u and v such that d =ua+vb.

  41. Extended Euclidean algorithm • 2=50-316= • =50-3(216-450)= • =1350-3216= • =13(482-2216)-3216= • =13482-29216= • =13482-29(1180-2482)= • =71482-291180 • Example 1180=2482+216 482=2216+50 216=450+16 50=316+2 16=82+0 So, u =-29, v =71

  42. Multiplicative inverse • Arithmetic modulo m • Zm is defined to be the set G = {0,...,m -1}, equipped with two operations, + and  , i.e. Zm is a structure (G,+,) • The results of addition and multiplication are reduced modulo m

  43. Multiplicative inverse • The structure (G,+) satisfies the axioms of the group – additive group: • Closure: • Associativity: • Existence of the identity (neutral) element • Existence of the inverse elements

  44. Multiplicative inverse • The structure (G,) satisfies closure, associativity and the existence of the neutral element, but does not satisfy the existence of inverse element for each element of G (in general). • Such a structure (G,+,) is called a ring.

  45. Multiplicative inverse • Multiplicative inverse – inverse of an element of the structure (G,) of the ring Zm • Theorem • An element a of Zm has a multiplicative inverse if and only if (a,m)=1

  46. Multiplicative inverse • Let a be an element of Zm and let (a,m)=1 (i.e. a and m are mutually prime). This can be shown by Euclidean algorithm. • Then by extended Euclidean algorithm we get 1=ua+vm

  47. Multiplicative inverse • Taking modulo m of the both sides of the expression 1=ua+vm we get 1ua (mod m ) • This means that u is the multiplicative inverse of a modulo m.

  48. Multiplicative inverse • Example • Find the multiplicative inverse of 2 in Z17. • The Euclidean algorithm gives • 17=82+1 • 2=21+0 • The extended Euclidean algorithm gives • 1=17-82 • Taking modulo 17 of both sides gives 1-82 (mod 17), or equivalently 192 (mod 17), i.e. 9=2-1

  49. Modular exponentiation • Modular exponentiation is computing bn (mod m ) • Let (n0,n1,...,nk-1) be the binary representation of n, i.e. n =n0+2n1+22n2+...+2k-1nk-1 • The binary representation of n is obtained by means of the “arrow algorithm”

  50. Modular exponentiation • The “arrow algorithm” – convert from base 10 to any base B • Get the last digit of the converted number by dividing n by B and taking the remainder • Replace n by the quotient • Repeat until the quotient is 0.

More Related