170 likes | 377 Views
Lecture #10 Public Key Algorithms. HAIT Summer 2005 Shimrit Tzur-David. Motivation. Distributing the keys has always been the weakest link in most cryptosystems. No matter how strong a cryptosystem is, if an intruder can steal the key, the system was worthless.
E N D
Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David
Motivation • Distributing the keys has always been the weakest link in most cryptosystems. • No matter how strong a cryptosystem is, if an intruder can steal the key, the system was worthless. • The key had to be distributed to all users of the system. Thus, it seemed as if there was an inherent built-in problem. • Keys had to be protected from theft, but they also had to be distributed, so they could not just be locked up in a bank vault.
Public Key • Will we gain something if encryption and decryption keys will be different? • Actually, a lot! • There are three requirements: • D(E(P)) = P. • It is exceedingly difficult to deduce D from E. • E cannot be broken by a chosen plaintext attack.
Public Key – Cont. • The first requirement says that if we apply D to an encrypted message, E(P), we get the original plaintext message, P, back. • The second requirement says the knowing E can not help to decrypt the encrypted message. • The third requirement is needed because intruders may experiment with the algorithm. • Under these conditions, the encryption key can be made public.
The Method • If Alice wants to receive secret messages, she first devises two algorithms meeting the above requirements. • The encryption algorithm and Alice's key are then made public. Alice might put her public key on her home page. • EA - the encryption algorithm parameterized by Alice's public key. • DA - the (secret) decryption algorithm parameterized by Alice's private key. • Bob does the same thing, publicizing EB but keeping DB secret.
The Secure Channel • Alice and Bob have never had any previous contact. • Both Alice's encryption key, EA, and Bob's encryption key, EB, are public. • Alice takes her first message, P, computes EB(P), and sends it to Bob. • Bob then decrypts it by applying his secret key DB [computes DB(EB(P)) = P]. • No one else can read the encrypted message, EB(P), because the encryption system is assumed strong and because it is too difficult to derive DB from the publicly known EB. • To send a reply, R, Bob transmits EA(R). • Alice and Bob can now communicate securely.
Modular Arithmetic • Most public-key algorithms are based on modular arithmetic. • non-negative integers <= n • normal operations such as + and - • result is the reminder of the division by n • notation: x mod n
Examples • let’s consider some arithmetic mod 10 • 5 + 5 = 0 mod 10 • 2 + 9 = 1 mod 10 • 6 + 7 = 3 mod 10 • -3 = 7 mod 10 because 3 + 7 = 0 mod 10 • 3 * 5 = 5 mod 10 • 4 * 5 = 0 mod 10 • 7 * 3 = 1 mod 10 • the multiplicative inverse of x, x-1 mod 10 is such that x * x-1 = 1 mod 10.
The Totient Function • It is useful to know how many numbers less than n are relatively prime to n. • That count is so important in number theory that it has been given a special notation. It’s called the totient function and it is denoted by (n). • How do we compute the (n)? • (n) < n, because we said we are counting the numbers less than n. • If n is prime, then (n) = n - 1.
The Totient Function – Cont. • If n is the product of two primes n = pq, there are some numbers, less than n, that are not relatively prime to n. • Those are the multiples of p or q less than n = pq, plus 0 (which of course is not relatively prime to anything). • In practice, the non relatively primes are p, 2p, 3p, . . . (q-1)p and q, 2q, 3q, . . . (p-1)q and 0. • (n) = (pq) = pq – (q-1)-(p-1)-1=(p-1)(q-1)
Notation • Public-key cryptography requires each user to have two keys: • a public key, used by the entire world for encrypting messages to be sent to that user • a private key, which the user needs for decrypting messages. • We will refer to these keys as the public and private keys, respectively.
RSA • One good method was discovered by a group at M.I.T. (Rivest et al., 1978). It is known by the initials of the three discoverers (Rivest, Shamir, Adleman): RSA. • It has survived all attempts to break it for more than a quarter of a century and is considered very strong. • Much practical security is based on it. • Its major disadvantage is that it requires keys of at least 1024 bits for good security, which makes it quite slow.
Key Generation • Bob generates his keys as follows • Choose two large distinct random primes p, q • Set n = pq • Compute (n) = (pq) = (p-1)(q-1) • Choose some e 2 Z(n)* • Compute d = e-1 in Z(n)* • Set public key = (e,n) and private key = (d,n)
RSA Encryption • For any message M 2 Zn* • Alice has the public key = (e,n) • Alice computes C = Me mod n • That’s it • To decrypt • Bob has the secret key = (d,n) • He computes Cd mod n = M
RSA Proof • Need to show that for any M 2 Zn*, Med = M mod n • ed = 1 mod (n) [by def of d] • So ed = k(n) + 1 [by def of modulus] • So working in Zn*, Med = Mk(n) + 1 = Mk(n) M1 = (M(n))k M = 1k M = M • LaGrange’s Theorem: M(n) = 1 • This doesn’t say anything about the security of RSA, just that we can decrypt
Security of RSA • The security of the method is based on the difficulty of factoring large numbers. • If the cryptanalyst could factor the (publicly known) n, he could then find p and q, and from these (n). • By knowing (n) and e, d can be found. • Fortunately, mathematicians have been trying to factor large numbers for at least 300 years, and the accumulated evidence suggests that it is an exceedingly difficult problem.
Example P = SUSSANE p=3, q=11, n=33, (n) = 20 d=7, to find e, we need to solve the equation 7e = 1 (mod 20) e=3 C = P3 (mod 33) P = C7 (mod 33)