1 / 22

Public Key Cryptography

Public Key Cryptography. CSCI 172/283 Fall 2010. Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can insert a letter into the box, but can’t unlock it to take mail out Bob has the key and can take mail out

caine
Download Presentation

Public Key Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Public Key Cryptography CSCI 172/283 Fall 2010

  2. Public Key Cryptography • New paradigm introduced by Diffie and Hellman • The mailbox analogy: • Bob has a locked mailbox • Alice can insert a letter into the box, but can’t unlock it to take mail out • Bob has the key and can take mail out • Encrypt messages to Bob with Bob’s public key • Can freely distribute • Bob decrypts his messages with his private key • Only Bob knows this

  3. Requirements • How should a public key scheme work? • Three main conditions • It must be computationally easy to encrypt or decrypt a message given the appropriate key • It must be computationally infeasible to derive the private key from the public key • It must be computationally infeasible to determine the private key from chosen plaintext attack • Attacker can pick any message, have it encrypted, and obtain the ciphertext

  4. Exchanging keys • Alice and Bob want to communicate using a block cipher to encrypt their messages, but don’t have shared key • How do Alice and Bob get a shared key?

  5. Solution 1 • Alice sends the key along with her encrypted message • Eve sees encrypted message and key • Uses key to decrypt message FAIL!

  6. Solution 2 • Alice sends the key at some time prior to sending Bob the encrypted message • Eve has to wait longer • If she saw the key transmission, she has the key • Uses key to decrypt message FAIL!

  7. Solution 3 – Use public key crypto • Diffie Hellman Key Exchange • All users share common modulus, p, and element g • g ≠ 0, g ≠ 1, and g ≠ p-1 • Alice chooses her private key, kA • Computes KA = gkA mod p and sends it to Bob in the clear • Bob chooses his private key, kB • Computes KB = gkB mod p and sends it to Alice in the clear • When Alice and Bob want to agree on a shared key, they compute a shared secret S • SA,B = KBkA mod p • SB,A = KAkB mod p

  8. Why does DH work? • SA,B = SB,A • (gkA) kB mod p = (gkB) kA mod p • Eve knows • g and p • KA and KB • Why can’t Eve compute the secret? • This was the first public key cryptography scheme • SA,B = KBkA mod p • SB,A = KAkB mod p

  9. Hard problems • Public key cryptosystems are based on hard problems • DH is based on the Discrete Logarithm Problem (DLP) • Given: • Multiplicative group G • Element a in G • Output b • Find: • Unique solution to ax = b in G • x is loga b • No polynomial time algorithm exists to solve this* *On classical computers

  10. Could it fail? • Eve could fool Alice and Bob • Man in the middle / bucket brigade My key is KA My key is K’B My key is K’A My key is KB Bob Eve Alice Alice has no guarantee that the person she’s establishing a key with is actually Bob

  11. RSA • Rivest-Shamir-Adleman • Probably the most well-known public key scheme • First, some background

  12. Euler’s Totient • Totient function (n) • Number of positive numbers less than n that are relatively prime to n • Two numbers are relatively prime when their greatest common divisor is 1 • Example: (10) = 4 • 1, 3, 7, 9 • Example: (7) = 6 • 1, 2, 3, 4, 5, 6 • If n is prime, (n) = n-1

  13. RSA keys • Choose 2 large primes, p and q • N = pq • (N) = (p-1)(q-1) • Choose e < N such that gcd(e, (N))=1 • d such that ed = 1 mod (N) • Public key: {N, e} • Private key: {d} • p and q must also be kept secret

  14. RSA encryption/decryption • Alice wants to send Bob message m • She knows his public key, {N,e} c = me mod N m = cd mod N c Bob Alice

  15. Toy example • p=7, q=11 • N=77 • (N) = (6)(10) = 60 • Bob chooses e=17 • Uses extended Euclidean algorithm to find inverse of e mod 60 • Finds d=53 • Bob makes {N, e} public

  16. Toy example (continued) • Alice wants to send Bob “HELLO WORLD” • Represent each letter as a number 00(A) to 25(Z) • 26 is a space • Calculates: • 0717 mod 77 = 28, 0417 mod 77 = 16, …, 0317 mod 77 = 75 • Sends Bob 28 16 44 44 42 38 22 42 19 44 75 • He decrypts each number with his private key and gets “HELLO WORLD”

  17. What could go wrong? • What was wrong with the toy example? • Eve can easily find the encryption of each letter and use that as a key to Alice’s message • Even without knowing the public key, can use statistics to find likely messages • Like cryptogram puzzles

  18. How it should really happen • p and q should be at least 512 bits each • N at least 1024 bits • The message “HELLO WORLD” would be converted into one very large integer • That integer would be raised to the public/private exponent • For short message, pad them with a random string

  19. Is this key yours? • How to bind a key to an identity?

  20. PK Paradigm • Genkey(some info) • Creates Kpub and Kpriv • Encrypt with Kpub • Decrypt with Kpriv • Certificate binds key to individual

  21. IBE • Identity-Based Encryption • Kpub is well-known • Known to be bound to owner • Name, email, SSN, etc. • Owner requests a private key from CA • No certificates required

  22. Conclusion by xkcd http://xkcd.com/538/

More Related