300 likes | 449 Views
Public Key Cryptography. Public Key Cryptography. public key cryptography radically different approach [Diffie-Hellman76, RSA78] sender, receiver do not share secret key public encryption key known to all private decryption key known only to receiver. symmetric key crypto
E N D
Public Key Cryptography public key cryptography • radically different approach [Diffie-Hellman76, RSA78] • sender, receiver do not share secret key • public encryption key known to all • private decryption key known only to receiver symmetric key crypto • requires sender, receiver know shared secret key • Q: how to agree on key in first place (particularly if never “met”)?
+ K (m) B - + m = K (K (m)) B B Public key cryptography + Bob’s public key K B - Bob’s private key K B encryption algorithm decryption algorithm plaintext message plaintext message, m ciphertext
K (K (m)) = m B B - + 1 2 Public key encryption algorithms Requirements: need K ( ) and K ( ) such that . . - + B B + given public key K , it should be impossible to compute private key K B - B RSA: Rivest, Shamir, Adelson algorithm
+ - K K B B RSA: Choosing keys 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5.Public key is (n,e).Private key is (n,d).
1. To encrypt bit pattern, m, compute d e m = c mod n c = m mod n e (i.e., remainder when m is divided by n) d e m = (m mod n) mod n RSA: Encryption, decryption 0. Given (n,e) and (n,d) as computed above 2. To decrypt received bit pattern, c, compute d (i.e., remainder when c is divided by n) Magic happens! c
e d ed (m mod n) mod n = m mod n ed mod (p-1)(q-1) 1 = m mod n = m = m mod n y y mod (p-1)(q-1) d e x mod n = x mod n m = (m mod n) mod n RSA: Why is that Useful number theory result: If p,q prime and n = pq, then: (using number theory result above) (since we choseed to be divisible by (p-1)(q-1) with remainder 1 )
K (K (m)) = m - B B + K (K (m)) - + = B B RSA: another important property The following property will be very useful later: use private key first, followed by public key use public key first, followed by private key Result is the same!
Public-Key Cryptography Principles • The use of two keys has consequences in: key distribution, confidentiality and authentication. • The scheme has six ingredients (see Figure 3.7) • Plaintext • Encryption algorithm • Public and private key • Ciphertext • Decryption algorithm
Applications for Public-Key Cryptosystems • Three categories: • Encryption/decryption: The sender encrypts a message with the recipient’s public key. • Digital signature: The sender ”signs” a message with its private key. • Key exchange: Two sides cooperate to exhange a session key.
Requirements for Public-Key Cryptography • Computationally easy for a party B to generate a pair (public key KUb, private key KRb) • Easy for the sender to generate ciphertext: • Easy for the receiver to decrypt ciphertect using private key:
Requirements for Public-Key Cryptography • Computationally infeasible to determineprivate key (KRb) knowing public key (KUb) • Computationally infeasible to recover message M, knowing KUb and ciphertext C • Either of the two keys can be used for encryption, with the other used for decryption:
Public-Key Cryptographic Algorithms • RSA and Diffie-Hellman • RSA - Ron Rives, Adi Shamir and Len Adleman at MIT, in 1977. • RSA is a block cipher • The most widely implemented • Diffie-Hellman • To exchange securely a secret key • Compute discrete logarithms
The RSA Algorithm – Key Generation • Select p,q p and q both prime • Calculate n = p x q • Calculate • Select integer e • Calculate d • Public Key KU = {e,n} • Private key KR = {d,n}
The RSA Algorithm - Encryption • Plaintext: M<n • Ciphertext: C = Me (mod n)
The RSA Algorithm - Decryption • Ciphertext: C • Plaintext: M = Cd (mod n)
RSA Example • Select primes: p=17 & q=11 • Computen = pq =17×11=187 • Compute ø(n)=(p–1)(q-1)=16×10=160 • Select e : gcd(e,160)=1; choose e=7 • Determine d: de mod160=1 and d < 160 Value is d=23 since 23×7=161= 10×160+1 • Publish public key KU={7,187} • Keep secret private key KR={23,187}
RSA Example cont • sample RSA encryption/decryption is: • given message M = 88 (nb. 88<187) • encryption: C = 887 mod 187 = 11 • decryption: M = 1123 mod 187 = 88
RSA Key Generation • users of RSA must: • determine two primes at random - p, q • select either e or d and compute the other • primes p,qmust not be easily derived from modulus N=p.q • means must be sufficiently large • typically guess and use probabilistic test • exponents e, d are inverses, so use Inverse algorithm to compute the other
RSA Security • three approaches to attacking RSA: • brute force key search (infeasible given size of numbers) • mathematical attacks (based on difficulty of computing ø(N), by factoring modulus N) • timing attacks (on running of decryption)
Diffie-Hellman Key Exchange • first public-key type scheme proposed • by Diffie & Hellman in 1976 along with the exposition of public key concepts • note: now is known that James Ellis (UK CESG) secretly proposed the concept in 1970 • is a practical method for public exchange of a secret key • used in a number of commercial products
Diffie-Hellman Key Exchange • a public-key distribution scheme • cannot be used to exchange an arbitrary message • rather it can establish a common key • known only to the two participants • value of key depends on the participants (and their private and public key information) • based on exponentiation in a finite (Galois) field (modulo a prime or a polynomial) - easy • security relies on the difficulty of computing discrete logarithms (similar to factoring) – hard
Diffie-Hellman Setup • all users agree on global parameters: • large prime integer or polynomial q • α a primitive root mod q • each user (eg. A) generates their key • chooses a secret key (number): xA < q • compute their public key: yA = αxA mod q • each user makes public that key yA
Diffie-Hellman Key Exchange • shared session key for users A & B is KAB: KAB = αxA.xB mod q = yAxB mod q (which B can compute) = yBxA mod q (which A can compute) • KAB is used as session key in private-key encryption scheme between Alice and Bob • if Alice and Bob subsequently communicate, they will have the same key as before, unless they choose new public-keys • attacker needs an x, must solve discrete log
Diffie-Hellman Example • users Alice & Bob who wish to swap keys: • agree on prime q=353 and α=3 • select random secret keys: • A chooses xA=97, B chooses xB=233 • compute public keys: • yA=397 mod 353 = 40 (Alice) • yB=3233 mod 353 = 248 (Bob) • compute shared session key as: KAB= yBxA mod 353 = 24897 = 160 (Alice) KAB= yAxB mod 353 = 40233 = 160 (Bob)
Other Public-Key Cryptographic Algorithms • Digital Signature Standard (DSS) • Makes use of the SHA-1 • Not for encryption or key echange • Elliptic-Curve Cryptography (ECC) • Good for smaller bit size • Low confidence level, compared with RSA • Very complex