Key Exchange Methods Diffie-Hellman and RSA
description
Transcript of Key Exchange Methods Diffie-Hellman and RSA
Key Exchange MethodsDiffie-Hellman and RSA
CPE 701 Research Case StudyDerek Eiler | April 2012
OverviewToday’s discussion
• Background: “key” cryptography concepts• Diffie-Hellman key exchange• Public key infrastructure (PKI)• RSA key pair generation
BackgroundA few “key” concepts
• Encryption: plaintext -> ciphertext• Decryption: ciphertext -> plaintext• Cryptographic function: mathematical
function or algorithm used to encrypt/decrypt• Key: parameter for a cryptographic function• Symmetric vs. asymmetric keys
So four people walk into a bar…Alice, Bob, Eve, and Mallory
• Alice and Bob want to speak privately over a public channel
• Eve is always eavesdropping on Alice and Bob• Mallory has malicious plans to interfere with
Alice and Bob’s private conversation
Diffie-Hellman key exchangeThe concept
• Alice and Bob derive a shared secret key over a public channel (no prior arrangements)
• Publicly agree on two public values, and • Each choose a private value, and • Use clever math to compute a shared secret, • Eve and Mallory never overhear enough
information to derive the shared secret
Diffie-Hellman key exchangeThe math: discrete logarithm problem
Let be a large prime numberLet be an integer < For every number from , inclusive, must have a power such that:
• Solving the is considered (but not proven) hard to do in polynomial time
Diffie-Hellman key exchangeThe math: discrete logarithm in action
Solve for , given values , , , and knowing:
• Finding is easy if or are known• Quickly solved by brute force if and • What if and ?
Diffie-Hellman key exchangeExample using small numbers
Alice starts the exchange and tells Bob Privately, Alice chooses and Bob chooses Alice computes and tells Bob the result
Bob computes and tells Alice the result
Since , Alice can compute
Since , Bob can compute
Meanwhile, Eve doesn’t know or and can’t easily derive
RSA key generationThe concept
• Alice generates a pair of keys, publishing one and keeping the other private
• Anyone may use the published key to encrypt messages intended for Alice
• Only Alice can decrypt messages encrypted with the public key (unless the private key was compromised somehow)
• Alice may also use the key pair to prove her identity
RSA key generationThe math: factoring problem
• Computing the product of two prime numbers is easy (23*17 = 391)
• Factoring the product of two large prime numbers is “hard”
• Try factoring 123,018,668,453,011,775,513,049,495,838,496,272,077,285,356,959,533,479,219,732,245,215,172,640,050,726,365,751,874,520,219,978,646,938,995,647,494,277,406,384,592,519,255,732,630,345,373,154,826,850,791,702,612,214,291,346,167,042,921,431,160,222,124,047,927,473,779,408,066,535,141,959,745,986,902,143,413
RSA key generationThe math: public and private key pair
• Calculate the product where and are very large prime numbers (e.g. tens or even hundreds of digits long)
• Carefully choose exponents and such that we can publish the key and retain the corresponding private key
RSA key generationThe math: “exponential” difficulty
• Choose an such that and is coprime to • How? For each in , test whether until true.*• Choose a such that is divisible by • Now publish and retain the private key
*Euclid’s or Stein’s algorithm are typically used to compute the GCD.
ReferencesSome light reading on the web
RSA Laboratories: 3.6.1 What is Diffie-Hellman?
David A. Carts: A Review of the Diffie-Hellman Algorithm and its Use in Secure Internet Protocols.
RSA Laboratories: What is the RSA Cryptosystem?
RSA Laboratories: RSA Factoring Challenge.
BigPrimes.net: Prime Numbers Archive.