7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key...
-
Upload
sibyl-howard -
Category
Documents
-
view
229 -
download
0
Transcript of 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key...
![Page 1: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/1.jpg)
04/19/23 M. Chatterjee 1
Public Key Algorithms
![Page 2: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/2.jpg)
04/19/23 M. Chatterjee 2
Modular Arithmetic
Public key algorithms are based on modular arithmetic.
Modular addition. Modular multiplication. Modular exponentiation.
![Page 3: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/3.jpg)
04/19/23 M. Chatterjee 3
Modular Addition
Addition modulo (mod) K Poor cipher with (dk+dm) mod K, e.g.,
if K=10 and dk is the key.
Additive inverse: addition mod K yields 0.
“Decrypt” by adding inverse.
![Page 4: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/4.jpg)
04/19/23 M. Chatterjee 4
Modular Multiplication Multiplication modulo K Multiplicative inverse: multiplication
mod K yields 1 Only some numbers have inverse Use Euclid’s algorithm to find inverse
Given x, n, it finds y such that xy mod n = 1
All number relatively prime to n will have mod n multiplicative inverse
![Page 5: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/5.jpg)
04/19/23 M. Chatterjee 5
Totient Function x, m relative prime: no other
common factor than 1 Totient function ø(n): number of
integers less than n relatively prime to n if n is prime, ø(n)=n-1 if n=pq, and p, q are primes,
ø(n)=(p-1)(q-1)
![Page 6: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/6.jpg)
04/19/23 M. Chatterjee 6
Modular Exponentiation
xy mod n = xy mod ø(n) mod n
if y = 1 mod ø(n) then xy mod n = x mod n
![Page 7: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/7.jpg)
04/19/23 M. Chatterjee 7
RSA (Rivest, Shamir, Adleman)
The most popular one. Support both public key encryption and
digital signature. Assumption/theoretical basis:
Factoring a big number is hard. Variable key length (usually 512 bits). Variable plaintext block size.
Plaintext must be “smaller” than the key. Ciphertext block size is the same as the key
length.
![Page 8: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/8.jpg)
04/19/23 M. Chatterjee 8
What Is RSA? To generate key pair:
Pick large primes (>= 256 bits each) p and q
Let n = p*q, keep your p and q to yourself!
For public key, choose e that is relatively prime to ø(n) =(p-1)(q-1), let pub = <e,n>
For private key, find d that is the multiplicative inverse of e mod ø(n), i.e., e*d = 1 mod ø(n), let priv = <d,n>
![Page 9: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/9.jpg)
04/19/23 M. Chatterjee 9
How Does RSA Work?
Given pub = <e, n> and priv = <d, n> encryption: c = me mod n, m < n decryption: m = cd mod n signature: s = md mod n, m < n verification: m = se mod n
![Page 10: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/10.jpg)
04/19/23 M. Chatterjee 10
Why Does RSA Work?
Given pub = <e, n> and priv = <d, n> n =p*q, ø(n) =(p-1)(q-1) e*d = 1 mod ø(n) xed = x mod n encryption: c = me mod n decryption: m = cd mod n = med mod
n = m mod n = m Why????????
![Page 11: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/11.jpg)
04/19/23 M. Chatterjee 11
e*d = 1 mod ø(n) So e*d = 1 + kø(n)
…med mod n = m 1 + kø(n)
m (m kø(n) mod n) = m ????
What is Fermat’s theorem???
![Page 12: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/12.jpg)
04/19/23 M. Chatterjee 12
Why Is RSA Secure? Factoring 512-bit number is very
hard! But if you can factor big number n
then given public key <e,n>, you can find d, hence the private key by: Knowing factors p, q, such that, n =
p*q Then ø(n) =(p-1)(q-1) Then d such that e*d = 1 mod ø(n)
![Page 13: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/13.jpg)
04/19/23 M. Chatterjee 13
Attacks on RSA
• Brute force key search• Mathematical attacks• Timing attacks
![Page 14: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/14.jpg)
04/19/23 M. Chatterjee 14
Math-Based Attacks
Three possible approaches: – Factor n = pq – Determine F(n) – Find the private key d directly • All the above are equivalent to factoring n
![Page 15: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/15.jpg)
04/19/23 M. Chatterjee 15
Brute Force
An adversary just tries all possiblekeys and keeps his fingers crossed
thatthe right key is not the last key he
willtry !
![Page 16: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/16.jpg)
04/19/23 M. Chatterjee 16
Timing Attacks By measuring the time required to
perform decryption (exponentiation with the
private key as exponent), an attacker can figure out the private key
Possible countermeasures: – use constant exponentiation time – add random delays – blind values used in calculations
![Page 17: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/17.jpg)
04/19/23 M. Chatterjee 17
Other Attacks on RSA Small encryption exponent e E=3, Alice sends the message m to three people (public keys (e, n1), (e, n2), (e,n3)) An attacker can compute a solution to the
followingsystem x = c1 mod n1 x = c2 mod n2 x = c3 mod n3 Then, compute m from x = m3 Countermeasure: padding required
![Page 18: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/18.jpg)
04/19/23 M. Chatterjee 18
Forward Search Attack If message space is small, the attacker cancreate a dictionary of encrypted messages(public key known, encrypt all possiblemessages and store them) When the attacker ‘sees’ a message on thenetwork, compares the encryptedmessages,
so he finds out what particular message was encrypted
![Page 19: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/19.jpg)
04/19/23 M. Chatterjee 19
Small decryption exponent d
Choosing a small exponent helps efficiency BUT
If size of d is 1/4 size of n (in bits) and gcd(p-1,q-1) is small, there is a way to compute d only from e and n.
Countermeasure: d should be about the same size as n.
![Page 20: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/20.jpg)
04/19/23 M. Chatterjee 20
Common modulus attack Each entity must choose its own modulus Assume Alice and Bob generated keys
using the same modulus n, ((e1, n ), d1)) and ((e2, n), d2))
C1 = Me1 mod n, C2 = Me2 mod n (e1)a + (e2) b = 1 if gcd(e1,e2)=1 M = C1a C2 b mod n
![Page 21: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/21.jpg)
04/19/23 M. Chatterjee 21
Cycling attack Intercepted ciphertext: C C1 = Ce mod n C2 = C1
e mod n C3 = C2
e mod n
Ck = Ck-1e mod n
If Ck = C then stop P = Ck-1
![Page 22: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/22.jpg)
04/19/23 M. Chatterjee 22
Attacker Goals Total break: the attacker finds the key (thesymmetric key for ciphers or the private key for publickey cryptosystems); after that all ciphertexts can bedecrypted. Partial break: with some probability , the adversaryis able to decrypt previously unseen ciphertexts,without knowing the key. Or the adversary can findout info about the plaintext, just by looking at theciphertext. Distinguishability: with probability > 0.5, theadversary can distinguish between encryption of twodifferent plaintexts, or between an encryption and arandom string.
![Page 23: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/23.jpg)
04/19/23 M. Chatterjee 23
Diffie-Hellman Key Exchange
Shared key, public communication No authentication of partners What’s involved?
P is a prime (about 512 bits), and g < p
P and g are publicly known
![Page 24: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/24.jpg)
04/19/23 M. Chatterjee 24
![Page 25: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/25.jpg)
04/19/23 M. Chatterjee 25
Diffie-Hellman Key Exchange
ProcedureAlice Bobpick secret Sa randomly pick secret Sb
randomlycompute TA=gSa mod p compute TB=gSb
mod psend TA to Bob send TB to Alice
compute TBSa mod p compute TA
Sb mod p
Alice and Bob reached the same secret gSaSb
mod p, which is then used as the shared key.
![Page 26: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/26.jpg)
04/19/23 M. Chatterjee 26
DH Security - Discrete Logarithm Is Hard
T = gs mod p Conjecture: given T, g, p, it is
extremely hard to compute the value of s (discrete logarithm)
![Page 27: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/27.jpg)
04/19/23 M. Chatterjee 27
Diffie-Hellman Scheme
Security factors Discrete logarithm very difficult. Shared key (the secret) itself never
transmitted.
![Page 28: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/28.jpg)
04/19/23 M. Chatterjee 28
Disadvantages: Expensive exponential operation
DoS possible. The scheme itself cannot be used to
encrypt anything – it is for secret key establishment.
No authentication, so you can not sign anything …
![Page 29: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/29.jpg)
04/19/23 M. Chatterjee 29
Bucket Brigade Attack...Man In The Middle
Alice Trudy BobgSa=123 gSx =654 gSb =255 123 --> 654 -->
<--654 <--255 654Sa=123Sx 255Sx=654Sb
Trudy plays Bob to Alice and Alice to Bob
![Page 30: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/30.jpg)
04/19/23 M. Chatterjee 30
Diffie-Hellman in Phone Book Mode
DH was subject to active man-in-the-middle attack because their public key-component was intercepted and substituted
Phone book mode allows everyone to generate the public key-component in advance and publish them through other reliable means, e.g. <TB> for bob
All communicating parties agree on their common <g, p>
![Page 31: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/31.jpg)
04/19/23 M. Chatterjee 31
Encryption With Diffie-Hellman
Everyone computes and publishes <p, g, T> T=gS mod p
Alice communicates with Bob: Alice
Picks a random secret Sa
Computes gbSa mod pb
Use Kab = TbSa mod pb to encrypt message
Send encrypted message along with gbSa
mod pb
![Page 32: 7/2/2015M. Chatterjee1 Public Key Algorithms. 7/2/2015M. Chatterjee2 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular.](https://reader033.fdocuments.net/reader033/viewer/2022052414/56649d6f5503460f94a51797/html5/thumbnails/32.jpg)
04/19/23 M. Chatterjee 32
Bob (gb
Sa)Sb mod pb = (gbSb)Sa mod pb = Tb
Sa mod pb = Kab
Use Kab to decrypt