250 likes | 573 Views
Public Key Model. Public Key Encryption. Public Key Signature. Public-Key Cryptanalysis. Brute-force attack (Try all possible keys) Derive private key from public key – Try to find the relationship between the public key and the private key and compute the private key from the public one.
E N D
Public Key Model 8. Cryptography part 2
Public Key Encryption 8. Cryptography part 2
Public Key Signature 8. Cryptography part 2
Public-Key Cryptanalysis Brute-force attack (Try all possible keys) Derive private key from public key – Try to find the relationship between the public key and the private key and compute the private key from the public one. Probable-message attack – The public key is known. – Encrypt all possible messages – Try to find a match between the ciphertext and one of the encrypted messages. – Example: Prof. sends encrypted of letter grades to his students based on their public key. 8. Cryptography part 2
History of Public-Key 1976 – Diffie & Hellman suggested public-key model for encryption and signatures 1976 – Diffie & Hellman developed public-key protocol for key-exchange based on Discrete Log Problem 1977- Rivest, Shamir, Adelman developed RSA public-key scheme for encryption and signatures based on the Number Factoring Problem 1980’s - El-Gamal developed public-key protocols for encryption and signatures based on Discrete Log Prob 8. Cryptography part 2
Revolution in Cryptography Diffie & Hellman sought to solve 2 problems – Find a secure way to distribute keys – Provide digital signature for document Public key cryptography is based on rigorous mathematical theory, rather than substitutions and permutations. • It is asymmetric – requires two different keys: private & public 8. Cryptography part 2
Diffie-Hellman Key Exchange (I) See: W. Diffie and ME Hellman, "New Directions in Cryptography", in IEEE Transactions on Information Theory, IT-22 no 6 (November 1976) p. 644-654 • The first public key algorithm • Allows two users to agree on a secret key over a public channel • No encryption, decryption, nor authentication • p is a large prime number (about 512 bits), g < p and g is a primitive root of p. • p and g are publicly known 8. Cryptography part 2
Diffie-Hellman Key Exchange (II) 8. Cryptography part 2
Diffie-Hellman Key Exchange (III) 8. Cryptography part 2
Diffie-Hellman Example Alice and Bob want to establish a shared secret key and have agree on n=353 (prime) and g=3 They select the random secret values: – Alice chooses Xa=97, Bob chooses Xb=233 They derive the public keys: – Ta= gXa mod n = 397 mod 353 = 40 (Alice’s) – Tb= gXb mod n = 3233 mod 353 = 248 (Bob’s) They derive the shared secret key K = Tb Xa mod n = 24897 mod 353 = 160 (Alice’s) K = Ta Xb mod n = 40233 mod 353 = 160 (Bob’s) 8. Cryptography part 2
Diffie-Hellman Man-in-the-middle 8. Cryptography part 2
Diffie-Hellman Scheme Security factors – Discrete logarithm very difficult. – Shared key (the secret) itself never transmitted. Disadvantages: – Expensive exponential operation – Cannot be used to encrypt anything. – No authentication, so you cannot sign anything 8. Cryptography part 2
RSA (Rivest, Shamir, Adleman) See: R. Rivest, A. Shamir, and L. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems", CACM 21, pp. 120--126, Feb. 1978 The first public key encryption and signature system Supports both public key encryption and digital signature. • Theoretical basis: Factorization of large numbers is hard. Variable key length (usually 1024 bits). Variable plaintext block size. Plaintext must be “smaller” than the key. Ciphertext block size is the same length as the key. 8. Cryptography part 2
The RSA Algorithm To generate a key pair: – Pick large primes p and q (do not disclose them) – Let n = p*q – For the public key, choose e that is relatively prime to ø(n)=(p-1)(q-1). public key = <e,n> – For private key, find d that is the multiplicative inverse of e mod ø(n), i.e., e*d 8. Cryptography part 2
Using RSA Given pubKey = <e, n> and privKey = <d, n> If Message = m Then: encryption: c = me mod n, m < n decryption: m = cd mod n signature: s = md mod n, m < n verification: m = se mod n 8. Cryptography part 2
Example of RSA (1) Choose p = 7 and q = 17. Compute n = p*q= 119. Compute f(n)=(p-1)(q-1)=96. Select e = 5, (a relatively prime to f(n).) Compute d = _77_such that e*d=1 mod f(n). • Public key: <5,119> • Private key: <77,119> • Message = 19 • Encryption: 195 mod 119 = 66 • Decryption: 6677 mod 119 = 19 8. Cryptography part 2
Example of RSA (2) p = 7, q = 11, n = 77 Alice chooses e = 17, making d = 53 Bob wants to send Alice secret message HELLO (07 04 11 11 14) – 0717 mod 77 = 28; 0417 mod 77 = 16 – 1117 mod 77 = 44; – 1117 mod 77 = 44 – 1417 mod 77 = 42 • Bob sends 28 16 44 44 42 8. Cryptography part 2
Example of RSA (3) Alice receives 28 16 44 44 42 Alice uses private key, d = 53, to decrypt message: – 2853 mod 77 = 07; 1653 mod 77 = 04 – 4453 mod 77 = 11; 4453 mod 77 = 11 – 4253 mod 77 = 14 • Alice translates 07 04 11 11 14 to HELLO No one else could read it, as only Alice knows her private key (needed for decryption) 8. Cryptography part 2
Digital Signatures in RSA RSA has an important property: Encryption and decryption are symmetric Encryption followed by decryption yields the original – (Me mod n)d mod n = M Decryption followed by encryption yields the original – (Md mod n)e mod n = M – Because e and d are symmetric in e*d = 1 mod (p-1)*(q-1) 8. Cryptography part 2
Signature example in RSA p = 7, q = 11, n = 77 Alice chooses e = 17, making d = 53 Alice wants to send message HELLO (07 04 11 11 14) so that Bob knows it is from Alice, and has not been modified in transit – 0753 mod 77 = 35, 0453 mod 77 = 09 – 1153 mod 77 = 44, 1153 mod 77 = 44 – 1453 mod 77 = 49 • Alice sends 35 09 44 44 49 8. Cryptography part 2
Verify sender Bob receives 35 09 44 44 49 He uses Alice’s public key, e = 17, n = 77, to decrypt it: – 3517 mod 77 = 07, 0917 mod 77 = 04 – 4417 mod 77 = 11,4417 mod 77 = 11 – 4917 mod 77 = 14 • Bob has 07 04 11 11 14 HELLO Only Alice has her private key, so no one else could have created a correct signature The (deciphered) signature matches the transmitted plaintext, so the plaintext was not altered 8. Cryptography part 2
The Security of RSA • Attacks against RSA – Brute force: Try all possible private keys • Can be defeated by using a large key space – Mathematical attacks • Factor n into n=p*q. • Determine. Determine ø (n) directly: equivalent to factoring n. Determine d directly: at least as difficult as factoring n. 8. Cryptography part 2
The Security of RSA (Cont’d) Factoring a large integer is very hard! If you can factor the number n then, given public key <e,n>, you can find d, and hence the private key by: – Knowing factors p, q, such that, n = p*q – Then ø(n) =(p-1)(q-1) – Then d such that e*d = 1 mod ø(n) • Ways to make n difficult to factor – p and q should differ in length by only a few digits – Both (p-1) and (q-1) should contain a large prime factor – gcd(p-1, q-1) should be small. – d > n1/4. 8. Cryptography part 2
RSA versus DES • Fastest implementations of RSA can encrypt kilobits/second • Fastest implementations of DES can encrypt megabits/second • RSA could be used for secure exchange of DES keys • This 1000-fold difference in speed is likely to remain independent of technology advances 8. Cryptography part 2