1 / 9

Public Key Cryptography

Learn about RSA encryption and digital signatures, public key authentication, malleability issues, and redundancy for secure RSA implementation.

helenstrickland
Download Presentation

Public Key Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Public Key Cryptography RSA digital signatures & the security of RSA

  2. Public key authentication • You can use public key to authenticate messages, as well as to encrypt them. • In the case of the RSA algorithm, if the sender “decrypts a message” instead of encrypting, it has the effect of a signature, as we shall see. • Other public key algorithms have different mechanisms for encryption and authentication.

  3. RSA signatures • Bob’s RSA modulus is n, with public exponent e, and corresponding private exponent d. Remember: • n = pq, with p, q (private) primes; and • ed = 1 mod (p-1)(q-1). • To authenticate message m, Bob computes: • s = md mod n • Anybody may verify Bob’s signature s on m: • se mod n = mde mod n = m mod n.

  4. Valid or Invalid  Bob’s public key Bob’s private key (anybody’s) public key ring Public key authentication public key authentication public key verification

  5. RSA and active attacks • The algorithms we have described for public encryption and signatures using RSA are sometimes called “plain RSA.” • Plain RSA is never used in practice, because of its inability to resist active attacks.

  6. Malleability of plain RSA encryption • Plain RSA encryption is malleable, because it can be changed. • Suppose Alice sends ciphertext c to Bob, but it is intercepted and changed to c’ by Eve. • Bob decrypts: • m’ = c’d mod n • This is not the message sent by Alice. Unless m’ has special structure, Bob has no means of detecting the change.

  7. Malleability • Suppose Eve knows that Alice is reporting Eve’s salary to Bob’s payroll service firm. • c = (Eve_salary)e mod n • Mallory intercepts c and sends 2ec mod n instead. Bob decrypts: • (2ec)d = (2 Eve_salary)ed = 2 Eve_salary

  8. Redundancy • In order to make RSA encryption secure against active attacks, redundancy must be provided. • Example: If a 1024-bit RSA is used, one could force m to have 980 bis or fewer. • Put m’ = m*264 + p mod n, where p is a fixed 64-bit pattern. • If ciphertext is tempered with by a random modification, with probability 1 - 2-64 the modified ciphertext will NOT decrypt to a plaintext with the right bit pattern. • This provides only heuristic security, as attacker will not necessarily use random alterations.

  9. Malleability of RSA Signature • Suppose Alice sends Bob a signed message: • (m, s), where s = md mod n • Eve intercepts the transmission and substitutes it with: • (c m, a s), where c = ae mod n • Bob verifies that • (a s)e = c m mod n • and accepts it as signed message from Alice. • Redundancy is also need to for the security of RSA signatures against active attacks.

More Related