1 / 38

Cryptography Public Key Cryptosystems

Cryptography Public Key Cryptosystems. Anita Jones CS451 Information Security. Copyright(C) Anita Jones. Public key encryption. The two problems to be solved: Key distribution Digital signature Revolutionary new approach Based on math functions, not simple operations on bit patterns.

parson
Download Presentation

Cryptography Public Key Cryptosystems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CryptographyPublic Key Cryptosystems Anita Jones CS451 Information Security Copyright(C) Anita Jones

  2. Public key encryption • The two problems to be solved: • Key distribution • Digital signature • Revolutionary new approach • Based on math functions, not simple operations on bit patterns

  3. Asymmetric (Public Key) Encryption Ralph Merkle, Martin Hellman, Whitfield Diffie (1977) Ronald Rivest Adi Shamir Len Adleman

  4. Contributions • Diffie & Hellman showed that encryption with pairs of keys was possible • Rivest, Shamir & Adleman created a cost-effective method, and then commercialized it which make it readily accessible to users

  5. A revolution of sorts • Diffie & Hellman (1976) sought to solve 2 problems: • better way to distributekeys • provide for a digital document signature • public key encryption is based on mathematical functions, not on substitution & permutation • asymmetric – two different keys • it does not displace block ciphers (symmetric keys) • Why not? Because it costs too much

  6. Basics • Each user generates a pair of keys • Each user places one key in a publicly accessible place • Each user keeps the other key secret EKR(M) = C EKU(C) = M Where, M = plaintext (message); C = ciphertext KR = restricted (private) key KU = unrestricted (public) key

  7. Requirements for Public Key • Computationally EASY to • generate a pair of keys (public KU, private KR) • encrypt, given key KU & message M • decrypt, given key KR & encrypted message, C • Computationally INFEASIBLE to • determine private key KR, knowing public key KU • recover original message (M), given public key KU & ciphertext, C, for message M

  8. First of two uses • Confidentiality • A wants to send message to B • A encrypts message with B’s public key • A sends encrypted message to B • B decrypts message with its private key • (and by the way, B’s public key will not “decrypt” the encrypted message)

  9. Second of two uses • Authentication, or digital signature • A wants to send message to B in a way that B can be assured that A (and no one else) sent it • A encrypts message with A’s private key (sign!) • A sends encrypted/signed message to B • B decrypts message with A’s public key • B then knows that • only A could have sent it • data integrity assured, once encrypted (if whole message is encrypted)

  10. How do you distribute the Public Key?

  11. Digression • What does the receiver know about a message once it is “correctly” decrypted? • Plaintext is readable, i.e. understandable • If a “bit flipped”, then resulting plaintext is unintelligible; remember “avalanche” property • Both the cryptanalyst and a legitimate receiver know when they decrypt and read plaintext

  12. Comparisons – Preview * Symmetric Asymmetric • 1 2 • Must be kept secret One secret; One public • Crypto “workhorse”; Key distribution, authentication secrecy & integrity of data– single characters to blocks of data, messages, files • Must be “out-of-band” Public key can be used to distribute other keys • Fast - based on addition, Slow; complex mathematics (e.g. masks, and shifts exponentiation); typically 10,000 times slower than symmetric keys • 40, 128, 256, 512 512, 1024, 2048 • DES, 3DES, AES, RSA, El Gamal, Merkle-Hellman, Blowfish, Twofish, IDEA Elliptic Curve • # of Keys • Protection of key • Best Uses • Key Distribution • Speed • Key Lengths • Examples Primary Source: Security in Computing, Pfleeger&Pfleeger, p. 75

  13. Some Misconceptions about Symmetric vs Asymmetric encryption • One is superior to the other • Public key encryption replaces symmetric encryption • Public key encryption makes key distribution trivially easy

  14. RSA (Rivest, Shamir, Adelman) Algorithm • plaintext and ciphertext are (considered) integers between 0 and n-1, some n • public KU = {e, n} and public KR = {d, n} • for plaintext M and ciphertext C • C = Me mod n • M = Cd mod n = (Me)d mod n = Med mod n Why so prevalent? Because RSA Inc. commercialized it

  15. RSA Important properties • There exists e, d, n such that Med = M mod n for all M < n • Easy to calculate Me and Cd for all values of M < n • Infeasible to determine d, given e and n

  16. Modulo arithmetic – review a mod n is the remainder of a divided by n So, values of a mod n are all between 0 and n-1 24 mod 7 = 3 5 mod 7 = 5 a = b mod n means a mod n = b mod n i.e. give the same remainder a=b mod n means a = b + kn (k negative or positive) a and b are congruentmod n 24 mod 7 = 10 mod 7 = 3, so 24 =10 = 3 mod 7

  17. RSA: computing e, n, and d • select 2 prime numbers p, q (p not = q) • calculate n = p * q (n is the modulus) • calculate ø(n) = (p-1) * (q-1) • select e such that • e is relatively prime to ø(n) and 1 < e < ø(n) • determine d such that • d * e = 1 mod ø(n)

  18. RSA: computing e, n, and d • select prime numbers p = 7, q = 17 • calculate n = p * q = 119 • calculate ø(n) = (p-1) * (q-1) = 6 * 16 = 96 • select e = 5 such that • e is relative prime to ø(n) and e < ø(n) • determine d = 77 such that • d * e = 1 mod ø(n) and d < ø(n) • 5 * 77 = 385 = 4 * 96 + 1

  19. RSA: applying e, n, and d • KU = {5, 119} and KR = {77, 119} • let plaintext M = 19 • Encryption C = Me mod n • C = EKU(19) = 195 mod 119 = 2,476,099 mod 119 • = 66 • Decryption M = Cd mod n • M = DKR(66) = 6677 mod 119 • = <big number> mod 119 • = 19 mod 119 • = 19

  20. RSA -- getting parameters “right” • need to choose suitably large p, q • e is usually chosen to be small • typically e may be the same for all users • originally a value of 3 was suggested, but it is regarded as too small currently • 216 -1 = 65535 is typical used • the decryption exponent d will be large

  21. Practical aspects of RSA • So why is RSA so much slower than DES? • today’s computer’s can't directly handle numbers larger than 32- or 64-bits • need multiple precision arithmetic requiring libraries to handle large numbers

  22. Is Public Key Crypto Secure? • A 128 bit key would be a number between 1 and 340,282,366,920,938,000,000,000,000,000,000,000,000 • How many prime numbers are between 1 and this number? • approximately n / ln(n) which is about 2^128 / ln( 2^128 ) = 3,835,341,275,459,350,000,000,000,000,000,000,000 • How long would it take to find all of these prime numbers if you could calculate one trillion of these numbers per second? • More than 121,617,874,031,562,000 years (i.e., about 10 million times longer than the universe has existed so far.) • Reference: http://www.livinginternet.com/?i/is_crypt_pkc_inv.htm • Answer – Yes, but know its limitations (e.g. plaintext attacks, block sizes, etc.)

  23. Speeding up RSA • modulo arithmetic permits reducing intermediate results, because(a*b) mod n = [(a mod n)*(b mod n)]mod n • 195 mod 119 = 2,476,099 mod 119 = ? • = [(191 mod 119) * ( 192 mod 119) * • (192 mod 119)] mod 119 • Note: 192 mod 119 = 361 mod 119 = 4 • 195 mod 119 = [19 * 4 * 4] mod 119 • = 304 mod 119 = 66

  24. Speeding up RSA • usual multiplication takes O(n2) bit ops • faster technique: Schonhage-Strassen Integer Multiplication Algorithm: • breaks each integer into blocks, & uses them as coefficients of a polynomial • evaluates these polynomials at suitable points, & multiplies the resultant values • interpolates these values to form the coefficients of the product polynomial • combines the coefficients to form the product of the original integer

  25. Brute force – try all possible private keys Depends on length of the key Mathematical attack – factor n into its two primes Timing attack – use measurement of the decryption time to guess values Attacks on RSA

  26. RSA security rests on factoring • security of RSA is assumed to rest on the difficulty of computing ø(n), i.e. finding (p-1), (q-1) • best known theoretical factoring algorithms take years (assume 1 binary op per nanosec) when number of decimal digits in n exceed 100 • so, 1024 + bits looks secure for now

  27. RSA inventors offered $100 reward for finding a plaintext sentence enciphered via RSA public key had 129 decimal digits (~ 428 bits) RSA predicted 40 quadrillion years was needed 1994 -- a group claimed the prize after 8 months of work (1600 computers used) Breaking RSA

  28. Elliptic Curve Cryptography • RSA challenger – uses fewer bits than RSA, so is computationally cheaper • Based on cubic equations of form: y2 + axy + by = x3 +cx2 + dx + e … real a, b, c, d, e • Define a form of addition on points on curve - multiple additions are the counterpart of modular exponentiation in RSA • Less experience, so it is not as trusted as RSA

  29. Applications

  30. Digital Signature • Construct that authenticates both the origin & content of a message • In a manner that is provable to a third party • E.g. A sends EA-R [M]; B has EA-U [M], M where M = EA-U [EA-R [M]] Repudiation problem: A says “My key was stolen”

  31. Key Distribution • A sends/posts A’s public key • All others can see it • Forgery problem: Z posts a key and says that it is A’s public key • Z can read what others send to A • Until A alerts others to the forged key

  32. Public Key Certificate • Create a trusted third party • Key distribution center (KDC) or certificate authority (CA) • Maintains a registry of user keys • Creates certificates: [ID of A, A’s public key] • Certificate signed by CA • Encrypted with KDC’s private key • Use: user gives CA the user’s public key • User obtains certificate; publishes certificate • Assumed valid until user informs CA that key is invalid

  33. Key distribution -- using certificates A and B register with the CA A and B exchange certificates A creates secret (shared) session key A encrypts session key with A’s private key A then encrypts with B’s public key A sends to B

  34. We need a more formal way of describing these exchanges!Let’s talk about security protocols!

  35. Backups

  36. Why? Why should it be the case that if M is plaintext & C is ciphertext & if C = Me mod n, that M = Cd mod n = (Me)d mod n = Med mod n, I.e. what makes us think that there even exists an e and d such that Med mod n = M?

  37. Theory behind RSA if n = pq where p, q are primes, then: xø(n) = 1 mod n for all x not divisible by p or q, ie gcd(x,ø(n))=1 where ø(n)=(p-1)(q-1) RSA chooses e & d to be inverses mod ø(n) ie e*d=1+q*ø(n) therefore M = Cd = Med = M1+q*ø(n) = M1 *(M ø(n) )q = M1*(1)q = M1 mod N

  38. Speeding up RSA (cont) • Discrete Fourier Transform, & the Convolution Theorem are used to speed up the interpolation stage • results in multiplying in O(n log n) bit ops (versus O(n2) • special hardware is a possibility

More Related