1 / 18

Lecture 9

Lecture 9. Public Key Cryptography Public Key Algorithms CIS 4362 - CIS 5357 Network Security. Euler’s Totient function  (n) - again.  ( n ) is the number of positive integers less than n and relatively prime to n . Let p be a prime. Then  ( p ) = p – 1

kyria
Download Presentation

Lecture 9

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 9 Public Key Cryptography Public Key Algorithms CIS 4362 - CIS 5357 Network Security

  2. Euler’s Totient function (n) - again • (n) is the number of positive integers less than n and relatively prime to n. Let p be a prime. Then (p) = p – 1 Let n = pq for p and q prime. Then (n) = (pq) = (p)(q) Proof outline: look at numbers relatively prime to pq. Must take all the numbers less than pq but eliminate multiples of p and multiples of q. (pq – 1)–(q – 1)–(p – 1) = (p – 1)(q – 1) Example: let n = 15, Then (15) = (5) (3) = 8 Z15* = {1,2,4,7,8,11,13,14}

  3. Euler’s Theorem - extension • Euler’s theorem: for every a and n that are relatively prime, a(n) ≡ 1 mod n • Corollary: for every a and n that are relatively prime, ak(n)+1 ≡ a mod n • For n a product of two primes p and q, then for all a and k non-negative, ak(n)+1 ≡ a mod n Proof outline: consider case where a is a multiple of p, a = cp. Then gcd(a,q) = 1.

  4. Discrete Logarithms • Let y = gx mod p • x is said to be the (discrete) logarithm of y, with base g. • It is easy to compute y, given g,x, and p. • It is hard to find x, given g,p, and y. • It is believed to be as hard as factoring large primes.

  5. Table for exponentiation mod 10

  6. Looking at the mod 10 table • Note that (10) = 4. Also, 10 is the product of distinct primes so Euler’s theorem applies (for any x) • that is x1 + k(n) = x mod n where n = 10, for all x • thus (10) = 4 means that every 4th column will be the same (except starting at x0) • Note however that although exponentiating by 1, 3, and 4, are a permutation of the set 1-9, exponentiating by 2 does not result in a permutation. • this is because 2 is not a coprime of 4 = (10) • for all coprimes of 4, for example e= 3 we can find a d such that ed= 1 mod 4. • Thus, using mod 10 arithmetic, xed = x1+ (10) = x and thus x3 has an exponentiative inverse in the sense that for all x, (x3)d= x, for some d.

  7. RSA • Rivest, Shamir, Adleman, 1978, MIT • Variable key size, common to use 1024 bits • Generating RSA keys is based on finding multiplicative inverses of large numbers (modulo), which is not hard • Generating RSA ciphertext is based on modulo exponentiation, which is not hard • RSA's strength is based on difficulty of factoring large numbers and computing discrete logarithms, which is believed to be hard. • There may be other trap doors in RSA, but none have been found yet.

  8. The RSA AlgorithmChoosing public and private keys • Let k be the key length then choose two large prime numbers p and q of bit lengths k/2, for example 512 bits each. Let n = pq. • Choose e < nwith e relatively prime to (n). The public key is <e,n> • Find multiplicative inverse d of e mod (n). The private key is <d,n>

  9. RSA operationsencryption / decryption • Encryption – for a message m < n, c = me mod n (c is the ciphertext) • Decryption – given the ciphertext c,compute cd mod n • Note that cd mod n = med mod n = m since d was chosen so that ed = 1 + k (n) and we are simply using Euler’s (extension) theorem

  10. RSA operationssignature / verification • Signature – for a message m < n, s = mdmod n (s is the signature) • Signature verification – given the signature s,compute se modn • Note that se mod n = med mod n = m. Also anyone can verify the signature using the public key.

  11. RSA Example • Multiply them to get n = 6012707 • Select e = 3674911, relatively prime to (n)= 600780 • Select two large primes, 2357 and 2551. • d = 422191 is the multiplicative inverse of e mod (n) • Encrypt m = 5234673 < n as • c = me mod n • 52346733674911 mod 6012707 • 3650502 • Decrypt c as, m = cd mod n • = 3650502 422191 mod 6012707 • = 5234673

  12. Back to one way functions:an example of encryption / decryption • Let n be a large number • Let the plaintext be viewed as M < n • To get the ciphertext, we do the following: C = Me mod n • Example Let (e,n) be (7, 187) and M be 88 Then C = 887 mod 187 = 11 • (d,n)=(23,187)and 187 = 17  11 • Then M = 1123 mod 187 = 88

  13. An Attack on RSA • An intruder, X intercepts a message (m) intended for Alice encrypted under Alice's public key(e): (m)e mod n • The intruder generates a value x, computes: xeme mod n = (xm)e mod n and sends it to Alice • Alice decrypts the message to attain the value: xm mod n, which appears to be garbage • If Alice disposes of the "garbage" carelessly, the intruder can recover it and compute: (xmx-1) mod n = m

  14. Some aspects of RSA • It's strength is based on the difficulty of factoring large numbers and the difficulty of computing discrete logarithms • It is much more computationally intensive than DES, IDEA, AES, etc. • It has avoidable weaknesses • If there are a limited number of plaintext messages used in practice, can compute all the corresponding ciphertext messages and compare • Encrypting small messages (say the value of e used is 3. Then can recover using cube root • Smooth number threat – product of small primes • Need to pad properly

  15. Diffie Hellman • Oldest public key system in use • Allows Alice and Bob to agree on a shared key even though all messages are exchanged in the open • Limited functionality – the shared secret can subsequently be used for encrypting / decrypting using other systems • Weakness – no authentication as a basic element of DH

  16. Diffie Hellman Key Exchange • Choose a large prime p and g < p. These are publicly known to all. (some restrictions on g and p for additional security) • Alice and Bob “randomly” choose a and b respectively - these are their individual private keys. • Alice computes TA = ga mod p, Bob computes TB = gb mod p • Alice and Bob exchange the values TA and TB • Alice computes TBa mod p and Bob computes TAb mod p • They have both computed the same number, the shared secret key

  17. Intro to El Gamal • Alice and Bob agree on a large (512 bits) prime p and a generator g < p with some restrictions on g. (Operations are all mod p) • Alice chooses a random number a (herprivate key) and computes and publishes her public key TA = ga • To transmit a message M, Bob selects a random number r(private), and computes and sends to Alice: C =(gr,Mgar) • Alice computes gar , then g-ar, and finally M = M(gar)(g-ar)

  18. El Gamal Example g = 5 p = 11 a = 2 r = 7 M = 6 ga mod p = 3 gr mod p = 3 gar mod p = 9 Mgar mod p = 10 g-ar mod p = 5 Mgar * g-ar mod p = 6

More Related