230 likes | 478 Views
Public-Key Cryptography. Public-Key Cryptography . Asymmetric encryption is a form of cryptosystem in which encryption and decryption are performed using the different keys. Each individual has two keys: private key (not revealed to anyone) public key (make it known to everyone )
E N D
Public-Key Cryptography • Asymmetric encryption is a form of cryptosystem in which encryption and decryption are performed using the different keys. • Each individual has two keys: • private key (not revealed to anyone) • public key (make it known to everyone) • The use of two keys has consequences in: key distribution, confidentialityandauthentication. • Public-key algorithms are based on mathematical functions rather than on substitution and permutation.
Encryption using Public-Key system • Asymmetric encryption transforms plaintext into ciphertext using a one of two keys and an encryption algorithm. Using the paired key and a decryption algorithm, the plaintext is recovered from the ciphertext. • The scheme has six ingredients • Plaintext • Encryption algorithm • Public and private key • Ciphertext • Decryption algorithm
Applications for Public-Key Cryptosystems • Three categories: • Encryption/decryption: The sender encrypts a message with the recipient’s public key. • Digital signature: The sender ”signs” a message with its private key. • Key echange: Two sides cooperate two exhange a session key
Requirements for Public-Key Cryptography • Computationally easy for a party B to generate a pair (public key KUb, private key KRb) • Easy for sender to generate ciphertext: • Easy for the receiver to decrypt ciphertect using private key:
Requirements for Public-Key Cryptography • Computationally infeasible to determineprivate key (KRb) knowing public key (KUb) • Computationally infeasible to recover message M, knowing KUband ciphertext C • Either of the two keys can be used for encryption, with the other used for decryption:
Public-Key Cryptographic Algorithms • RSA and Diffie-Hellman • RSA - Ron Rives, Adi Shamir and Leanord Adleman at MIT, in 1977. • RSA is a block cipher • The most widely implemented • Diffie-Hellman • Exchange a secret key securely • Compute discrete logarithms
The RSA Algorithm – Key Generation • Each user generates a public/private key pair by: • Select p,q p and q both prime • Calculate n = p x q • Calculate • Select integer e • Calculate d • Public Key KU = {e,n} • Private key KR = {d,n}
RSA Use • To encrypt a message M the sender: • obtains public key of recipient KU={e,n} • computes: C= Memod n, where 0≤M<n • To decrypt the ciphertext C the owner: • uses their private key KR={d,n} • computes: M=Cd mod n • Note that the message M must be smaller than the modulus n (block if needed)
Prime Factorisation • To factora number n is to write it as a product of other numbers: n=a × b × c • Note that factoring a number is relatively hard compared to multiplying the factors together to generate the number • Theprime factorisationof a number n is when its written as a product of primes • eg. 91=7×13
Public-Key Cryptography • Public-Key Cryptography based on integer factorization or discrete logarithm problems • Integer Factorization Problem • Discrete Logarithm Problem • In general: computing x from gx mod p. = very huge no. huge prime no. * huge prime no. Very difficult to factorize!
Relatively Prime Numbers & GCD • Two numbers a, b are relatively primeif have no common divisorsapart from 1 • eg. 8 & 15 are relatively prime since factors of 8 are 1,2,4,8 and of 15 are 1,3,5,15 and 1 is the only common factor • conversely can determine the greatest common divisor by comparing their prime factorizations and using least powers • eg. 300=21×31×52 18=21×32 , GCD(18,300)=21×31×50=6
Euler Totient Function ø(n) • when doing arithmetic modulo n • Complete set of residuesis: 0..n-1 • Reduced set of residuesis those numbers (residues) which are relatively prime to n • e.gfor n=10, • complete set of residues is {0,1,2,3,4,5,6,7,8,9} • reduced set of residues is {1,3,7,9} • Number of elements in reduced set of residues is called the Euler Totient Function ø(n)
Euler Totient Function ø(n) • To compute ø(n) need to count number of elements to be excluded • In general need prime factorization, but • for p (p prime) ø(p) = p-1 • for p.q (p,q prime)ø(p.q) = (p-1)(q-1) • eg. • ø(37) = 36 • ø(21) = (3–1)×(7–1) = 2×6 = 12
Euclidean algorithm Example: The following are the division steps for computing gcd(16457, 1638) 1. Divide the smaller into the larger: 16457 = 1638 x 10 + 77 (dividend)= (divisor) x (quotient) + (reminder) 2. Continue to divide remainders into previous divisors: 1638 = 77 x 21 + 21 77 = 21 x 3 + 14 21= 14 x1 + 7 14= 7 x 2 +0 3. The process stops when the remainder is 0. The greatest common divisor of 16457and 1638 is 7, gcd(16457, 1638)=7.
Extended Euclidean Algorithm • Now, do the "backward part" of the Euclidean algorithm(this is often called the “extended Euclidean algorithm)– expressing 7 as a combination of 16457 and1638. • 7= 21- 14x 1 • Replace 14 in our equation by (2) equation • 7= 21-(77-21x3)x1 • Rearrange this equation to be two terms • 7= 4 x 21- 77 • 7=4 x (1638- 77 x21) - 77 from (3) • 7= 4 x 1638 - 77 x 85 • 7=4 x 1638 – 85 ( 16457 – 1638 x 10) • 7 = 1638 x 854 – 85 x 16457 • (4) 16457 = 1638 x 10 + 77 • (3) 1638= 77 x 21 + 21 • (2) 77= 21 x 3 + 14 • (1)21= 14 x1 + 7
Finding Multiplicative Inverse • By using Extended Euclidean Algorithm: • 1= 7 – 6*1 • 1= 7- (160 – 7 * 22) * 1 • 1= 7 – 1* 160 + 1* 7*22 • 1= 7(1+1*22) - 160 • 1= 7 * 23 -160 x= 23. • For example: • d= e-1 mod ø(n) • d= 7-1mod 160 (0-159) • We have to find number x such that • 7 * x mod 160 = 1 • 7 * x =1 • So we start with Euclidean Algorithm: • 160= 7* 22 +6 • 7= 6 * 1 +1 • 6= 1* 6 + 0 160 mod 160 =0
RSA Example - Key Setup • For example, the keys were generated as follows. • Select two prime numbers, p = 17 and q = 11. • Calculate n = pq = 17 × 11 = 187. • Calculate ø(n) = (p - 1)(q - 1) = 16 × 10 = 160. • Select e such that e is relatively prime to ø(n) = 160 and less than ø(n); we choose e = 7. • Determine d such that de = 1 (mod 160) and d < 160.The correct value is d = 23, because 23 × 7 = 161 = (1 × 160) + 1 (from previous slide) • The resulting keys are public key PU = {7, 187} and private key PR = {23, 187}.
RSA Example - En/Decryption • sample RSA encryption/decryption is: • given message M = 88(88<187) • encryption: C = 887 mod 187 = 11 • decryption: M = 1123 mod 187 = 88
Reading • “Cryptography and Network Security Principles and Practices”, Fourth Edition by William Stallings • Chapter 9