1 / 44

Chapter 9 Public-Key Cryptography and RSA

報告人:呂恩佑. Chapter 9 Public-Key Cryptography and RSA. Key Points. Asymmetric encryption is a form of cryptosystem in which encryption and decryption are performed using the different keystone a public key and one a private key. It is also known as public-key encryption.

gordy
Download Presentation

Chapter 9 Public-Key Cryptography and RSA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 報告人:呂恩佑 Chapter 9Public-Key Cryptography and RSA

  2. Key Points • Asymmetric encryption is a form of cryptosystem in which encryption and decryption are performed using the different keystone a public key and one a private key. It is also known as public-key encryption. • Asymmetric encryption transforms plaintext into ciphertext using a one of two keys and an encryption algorithm. Using the paired key and a decryption algorithm, the plaintext is recovered from the ciphertext.

  3. Key Points • Asymmetric encryption can be used for confidentiality, authentication, or both. • The most widely used public-key cryptosystem is RSA. The difficulty of attacking RSA is based on the difficulty of finding the prime factors of a composite number.

  4. Public-key encryption 的誤解 • That public-key encryption is more secure from cryptanalysis than is symmetric encryption. • That public-key encryption is a general-purpose technique that has made symmetric encryption obsolete. • That key distribution is trivial when using public-key encryption, compared to the rather cumbersome handshaking involved with key distribution centers for symmetric encryption.

  5. Symmetric encryption 的問題 • 如何能夠確保金鑰的安全???

  6. Diffie-Hellman Private Key Private Key Public Key Public Key Public Key Public Key Public Key Public Key Private Key Private Key + = +

  7. Public-Key Cryptosystem: Secrecy Public Key Public Key Public Key Public Key Private Key 今晚8點橢圓辦公室 小文上 今晚8點橢圓辦公室 小文上

  8. Public-Key Cryptosystem: Secrecy Y = E(PUb, X) X = D(PRb, Y)

  9. Think About …… Public Key Public Key Public Key Public Key Private Key 今晚8點橢圓辦公室 小文上 我想我們該分手吧小文上 我想我們該分手吧小文上 我想我們該分手吧小文上

  10. Public-Key Cryptosystem:Authentication Private Key Private Key Public Key Public Key 今晚8點橢圓辦公室 小文上 今晚8點橢圓辦公室 小文上

  11. Public-Key Cryptosystem:Authentication Private Key Private Key Private Key Public Key Public Key 今晚8點橢圓辦公室 小文上 我想我們該分手吧 小文上 我想我們該分手吧 小文上 今晚8點橢圓辦公室 小文上

  12. Public-Key Cryptosystem:Authentication Y = E(PRa, X) X = D(PUa, Y)

  13. Secrecy & Authentication Z = E(PUb, E(PRa, X)) X = D(PUa, D(PRb, Z))

  14. Applications for Public-Key Cryptosystems

  15. 公開金鑰加密的需求 • 金鑰容易產生 • 知道明文和 Public Key,容易計算出密文 • 知道密文和 Private Key,容易計算出明文 • 無法由 Public Key 計算出 Private Key • 無法只靠密文及 Public Key 來計算出明文

  16. Trap-Door One-Way Function • One-Way Function • Y = f(X) easy • X = f-1(Y) infeasible • Trap-Door One-Way Function • Y = fk(X) easy, if k and X are known • X = fk-1(Y) easy, if k and Y are known • X = fk-1(Y) infeasible, if Y is known but k is not known

  17. Public-Key Cryptanalysis • Brute-force attack • Find some way to compute the private key given the public key • Probable-message attack

  18. Conventional and Public-Key Encryption

  19. The RSA Algorithm • It was developed in 1977 by Ron Rivest, Adi Shamir, and Len Adleman at MIT and first published in 1978 • The RSA scheme is a block cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n

  20. Description of the RSA Algorithm • The scheme makes use of an expression with exponentials. • Plaintext is encrypted in blocks, with each block having a binary value less than some number n.

  21. Description of the RSA Algorithm • Keys • PU = { e , n } ,PR = { d , n } • Encryption • C = Me mod n • Decryption • M = Cd mod n = (Me)d mod n = Med mod n

  22. The Requiments for RSA…… • It is possible to find values of e, d, n such that Med mod n = M for all M < n. • It is relatively easy to calculate Me mod n andCd mod n for all values of M < n. • It is infeasible to determine d given e and n.

  23. Med mod n = M • The preceding relationship holds if e and d are multiplicative inverses modulo φ(n), where φ(n) is the Euler totient function.

  24. The RSA Algorithm

  25. Example • Select two prime numbers, p = 17 and q = 11. • Calculate n = pq = 17 x 11 = 187. • Calculate φ(n) = (p - 1)(q - 1) = 16 x 10 = 160. • Select e such that e is relatively prime to φ(n) = 160 and less than φ(n); we choose e = 7. • Determine d such that ed ≡ 1 ( mod φ(n) ) and d < 160. The correct value is d = 23.

  26. Example:Encryption • Public Key:{ 7 , 187 } ;Private key:{ 23 , 187 } • Plaintext:M = 88 • Ciphertext:C = Me mod n =887 mod 187 • 887 mod 187 = [(884 mod 187) x (882 mod 187) x (881 mod 187)] mod 187 • 881 mod 187 = 88 • 882 mod 187 = 7744 mod 187 = 77 • 884 mod 187 = 772 mod 187 = 5929 mod 187 = 132 • 887 mod 187 = (88 x 77 x 132) mod 187 = 894,432 mod 187 = 11 • Ciphertext = 11

  27. Example:Decryption • Public Key:{ 7 , 187 } ;Private key:{ 23 , 187 } • Ciphertext : C = 11 • Plaintext:M = Cd mod n =1123 mod 187 • 1123 mod 187 = 11( 1+2+4+16 ) mod 187 • Plaintext:M = 88

  28. Computational Aspects • suppose we wish to find the value ab with a and b positive integers. If we express b as a binary number bkbk1 ... b0 then we have • ab = a= • abmod n = mod n =(     )mod n

  29. Algorithm for Computing ab mod n f ← 1; for i ← k downto 0 do f ← ( f x f ) mod n if bi = 1 do f ← ( f x a ) mod n return f

  30. Efficient Operation Using the Public Key • To speed up the operation of the RSA algorithm using the public key, a specific choice of e is usually made. The most common choice is 65537 (216 + 1); two other popular choices are 3 and 17.

  31. Small Public Key • RSA becomes vulnerable to a simple attack if we use a very small public key.

  32. Key Generation • Determining two prime numbers, p and q. • Selecting either e or d and calculating the other.

  33. Prime numbers, p and q. • At present, there are no useful techniques that yield arbitrarily large primes. • States that the primes near N are spaced on the average one every ln(N/2) integers

  34. Calculate e and d. • We need to select an e such that gcd(φ(n) , e) = 1 and then calculate ed ≡ 1 ( mod φ(n) ) . • The probability that two random numbers are relatively prime is about 0.6

  35. The Security of RSA • Brute force • Mathematical attacks • Timing attacks • Chosen ciphertext attacks

  36. Mathematical attacks • Factor n into its two prime factors. This enables calculation of φ(n) = (p - 1) x (q - 1), which, in turn, enables determination of ed ≡ 1 ( mod φ(n) ). • Determine φ(n) directly, without first determining p and q. Again, this enables determination of d ed ≡ 1 ( mod φ(n) ). • Determine d directly, without first determining φ(n).

  37. Mathematical attacks

  38. MIPS-years Needed to Factor MIPS-years: a million-instructions-per-second processor running for one year

  39. Mathematical attacks • p and q should differ in length by only a few digits. Thus, for a 1024-bit key (309 decimal digits), both p and q should be on the order of magnitude of 1075 to 10100. • Both (p - 1) and (q - 1) should contain a large prime factor. • gcd(p - 1, q - 1) should be small.

  40. Timing attacks • Paul Kocher, a cryptographic consultant, demonstrated that a snooper can determine a private key by keeping track of how long a computer takes to decipher messages.

  41. Construct Timing attacks • Constant exponentiation time. • Random delay • Blinding

  42. Chosen Ciphertext Attack • The basic RSA algorithm is vulnerable to a chosen ciphertext attack. • The adversary could select a plaintext, encrypt it with the target's public key and then be able to get the plaintext back by having it decrypted with the private key.

  43. Example of a CCA against RSA • E(PU, M1) x E(PU, M2) = E(PU, [M1 x M2]) • C = Me mod n • X = ( C x 2e ) mod n • Submit X as a chosen ciphertext and receive back Y = Xd mod n.

  44. Example of a CCA against RSA • X = (C mod n) x (2e mod n) = (Me mod n) x (2e mod n) = (2M)e mod n • Therefore, Y = (2M) mod n

More Related