240 likes | 330 Views
Computer Security Set of slides 4. Dr Alexei Vernitski. Public-key cipher. We consider a scenario when Alice wants to send a confidential message to Bob Alice and Bob use two different keys Alice’s key is the public key: it is publicly known
E N D
Computer SecuritySet of slides 4 Dr Alexei Vernitski
Public-key cipher • We consider a scenario when Alice wants to send a confidential message to Bob • Alice and Bob use two different keys • Alice’s key is the public key: it is publicly known • Bob’s key is the private key: only Bob knows it • Also called asymmetric cipher
Public-key cryptography • Public-key cryptography is called public-key cryptography because it uses two types of keys: • Public keys, which are known to everyone and used to encrypt messages • Private keys, which are known only to the person who has received the message and wants to decrypt it.
Public-key cryptography • Suppose Bob wants other people to send messages to him confidentially • He chooses (but does not tell anyone) a private key. This is the key he shall use for decrypting messages arriving to him. • At the same time, he chooses and published a public key. This is the key other people will use to encrypt messages to send them to Bob.
Keys and blocks • In ciphers like DES, keys are just arrays of bits. • In public-key cryptography, keys are parameters of some complicated calculations, and they are not necessarily arrays of bits. • In ciphers like DES, a message is treated as a long array of bits, and is split in blocks. • In public-key cryptography, blocks are not necessarily arrays of bits.
RSA • RSA is a public-key cipher invented in the 1970s. • It is still considered secure and is used in many applications
Modular arithmetic • This example is modulo 7 • The numbers allowed are 0 to 6 • After 6, numbers “wrap around” • 0 = 7 (mod 7) • 3+3 = 6 (mod 7)4+4 = 1 (mod 7)
Mock RSA • This is a simplified version of RSA • Bob finds three numbers e, d, n such that ed = 1 (mod n) • e is for encryption, d is for decryption • For example, e = 2, d = 3, n = 5 • Each block m in a message is a number between 0 and n-1
Mock RSA • For example, e = 2, d = 3, n = 5 • m is a number between 0 and n-1 • To encrypt, calculate c = em modulo n • To decrypt, calculate dc = dem = 1m = m modulo n • Alice’s (public) key is the pair e and n • Bob’s (private) key is the pair d and n • Both keys are prepared by Bob
RSA • For example, e = 3, d = 7, n = 33 • m is a number between 0 and n-1 • To encrypt, calculate c = me modulo n • To decrypt, calculate cd = med = m1 = m modulo n • Alice’s (public) key is the pair e and n • Bob’s (private) key is the pair d and n • Both keys are prepared by Bob
Now say we want to encrypt the message m = 7 • c = me (mod n) = 73 (mod 33) = 343 (mod 33) = 13. • Hence the ciphertext c = 13. • To decrypt, we computem = cd (mod n) = 137 (mod 33) = 7.
RSA • RSA is secure because it is difficult to find d when n and e are known • Of course, n, e and d should be larger than in our example (say, 21000)
Large integers • We need to perform arithmetic with large integers, say, numbers occupying 1000 bits in memory. • Is the standard implementation of integer suitable for this?
Raising into large powers • We need to raise into large powers • For the sake of an example, we can say that we need to calculate m100 • How can we do this efficiently? • Using the modular arithmetic • Re-using smaller powers, where possible
Encoding data • Blocks of RSA have an exotic format • How do you prepare data for being encrypted by RSA? • Homework: where can you find the standard describing the recommended scheme for data encryption and decryption with RSA?
Using RSA with other ciphers • How can RSA and, say, AES work together as parts of a cryptographic protocol of a software system? • We want to use the best of each of them
Recall how the RSA works: The public key is a pair e and n Bob’s private key is a pair d and n To encrypt, calculate c = me (mod n) To decrypt, calculate cd = med = m1 = m (mod n) Problem 1: Bob has published the public key e = 7, n = 247. Use this public key to encrypt a message m = 100. RSA – Problem 1
Problem 2: Bob has published the public key e = 317, n = 851. Alice has encrypted a message m = 111 using this key and obtained an encrypted message c = 148. Use this information to find the private key. Recall how the RSA works: The public key is a pair e and n Bob’s private key is a pair d and n To encrypt, calculate c = me (mod n) To decrypt, calculate cd = med = m1 = m (mod n) RSA – Problem 2
Stream ciphers • What is the simplest implementation of a cipher based on a key stream? • What is the difference between a one-time pad cipher and a stream cipher? • What are the ways of obtaining a random key stream for a one-time pad cipher? • What are the ways of obtaining a pseudorandom key stream for a stream cipher?
Linear feedback shift register • At each step, each bit is shifted by one position to the right • The new value of the leftmost bit is calculated as an XOR of the bits that stood at so-called tap positions XOR
Linear feedback shift register • For example, populate the register as follows: 0 0 0 1 0 1 1 0 0 1 1 0 1 0 1 1 1 • Use the rightmost bit (1) as the first bit of the key stream • Find the bits in the tap positions and XOR their values: 0 0 0 1 0 1 1 0 0 1 1 0 1 0 1 1 1 • Shift the register:? 0 0 0 1 0 1 1 0 0 1 1 0 1 0 1 1 • Provide a new value for the leftmost bit (as the XOR of the bits that were in tap positions): 0 0 0 0 1 0 1 1 0 0 1 1 0 1 0 1 1
Linear feedback shift register • LFSRs can be used to produce a pseudorandom key stream • The length of the register and the choice of the tap positions are important • If they are chosen correctly, the LFSR will get back to its original value only after it has taken all other possible values • Such an LFSR is called maximum-length
Sample exam questions • Explain the difference between symmetric and asymmetric ciphers. • What are the relative advantages of each of these types of cipher? • Give an example of a public key cipher • Show exactly (with formulas) how a message is encrypted and decrypted in RSA
Sample exam questions • Explain the difference between block ciphers and stream ciphers • Compare one-time pad ciphers and stream ciphers. What are the relative advantages of each of these types of cipher? • Explain briefly how a pseudorandom key stream can be produced for a stream cipher