80 likes | 216 Views
Public-key Crypto-system. Aki Nakao For Information Processing class at the University of Tokyo 2005 Summer. Eve the eavesdropper. Shared-key Crypto-system. Use the same key for encryption/decryption. decryption. encryption. Alice. Bob. Problem: Hard to securely distribute a key.
E N D
Public-key Crypto-system Aki Nakao For Information Processing class at the University of Tokyo 2005 Summer
Eve the eavesdropper Shared-key Crypto-system • Use the same key for encryption/decryption decryption encryption Alice Bob Problem: Hard to securely distribute a key
Eve the eavesdropper Public-key Crypto-system • Use differentkeys for encryption/decryption encryption (public key) decryption (private key) Alice Bob They (Alice, Eve, and others) can only encrypt a secret Only I can decrypt the secret
Email and Digital Signature • Email Email encryption (B’s public key) decryption (B’s private key) Alice Bob • Digital Signature Signature (MD: message digest) Encrypted MD (a) MD (a) encryption (A’s private key) decryption (A’s public key) MD (b) MD (a) Alice Bob Bob compares the decrypted MD (a) and an MD (b) generated from the received email
Message Digest • Message Digest: Small data crunched down from the data by a process called "hashing" • It is not possible to change an MD back into the original data • A slight change in the original data results in a significant change in its MD Hey guys, I have really a cool idea. Lets start up a company on Monday. My idea is blah …. “hashing” HNFmsEm6Un BejhhyCGKOK e.g. MD5 Signature Email
Man-In-the-Middle Attack • Eve the eavesdropper in the middle Eve’s public-key Bob’s public-key Eve’s secret-key Bob’s secret-key Alice Eve the eavesdropper Bob Eve intercepts Bob’s public key and pass her public key to Alice. Alice encrypts her message with Eve’s public key, thinking that it’s Bob’s. Eve decrypts Alice’s message and encrypts it with Bob’s public key. A fingerprint (a hash value generated from a public key) defeats this attack Bob’s public-key (fingerprint) 2628 487D F786 29C4 A368 Hash
RSA Pick (d, e) for given prime numbers (p, q) gcd(e,n’)=1, ed = 1 mod n’ n = pq , n’ = (p-1)(q-1), encryption: c = memod n public-key (e, n) decryption: c’ = cdmod n = m mod n private-key (d, n) xp-1 mod p = 1 (for all x < p)Fermat’s Little Theorem x = mq-1mod p mn’mod p =1 } mn’mod n =1 mn’mod q =1 cdmod n = (memod n)d mod n = med mod n = mkn’+1mod n = m mod n
Fermat’s Little Theorem If p is a prime number, xp-1 mod p = 1 , for a natural numer x < p Suppose p|xp-x (i.e., p divides xp-x), Binomial theorem: (x+1)p = xp +pC1 xp-1 +…+pCp-1 x+1 (x+1)p -(x+1) = xp -x+pC1 xp-1 +…+pCp-1 x pCi = p(p-1)…(p-i+1)/i ! and p is a prime number, so p|pCi (i < p) and by induction, p|xp-x. Therefore, p | (x+1)p -(x+1), When gcd(x,p)=1, xk+pm=1 for some k, m Euclid’s k(xp-x) = kx(xp-1-1) = (1-pm) (xp-1-1) Since p|k(xp-x), p|xp-1-1 follows.