Leksion 8 Public Key Algorithms
-
Upload
ganidemiraj -
Category
Documents
-
view
229 -
download
0
Transcript of Leksion 8 Public Key Algorithms
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 1/49
Public Key Algorithms I
MsC, Ing. Ezmerina [email protected]
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 2/49
Overview
Why Public Key Cryptography?
Public Key Cryptography Applications
Modular arithmetic RSA
Diffie-Hellman Key Exchange
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 3/49
Private-KeyCryptography
Traditional private/secret/single key cryptography
uses one key Shared by both sender and receiver
If this key is disclosed communications are
compromised
Also is symmetric, parties are equal Hence does not protect sender from receiver forging a
message & claiming is sent by sender
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 4/49
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 5/49
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 6/49
Encryption
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 7/49
Authentication
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 8/49
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 9/49
Why Public-KeyCryptography?
Developed to address two key issues:
o key distribution – how to have securecommunications in general without having to trust
a KDC with your key
o digital signatures – how to verify a message
comes intact from the claimed sender Public invention due to Whitfield Diffie & Martin
Hellman at Stanford Uni in 1976
o known earlier in classified community
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 10/49
Public-KeyCharacteristics
Public-Key algorithms rely on two keys with the
characteristics that it is:
o computationally infeasible to find decryption keyknowing only algorithm & encryption key
o computationally easy to en/decrypt messages
when the relevant (en/decrypt) key is knowno either of the two related keys can be used for
encryption, with the other used for decryption (in
some schemes)
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 11/49
Private vs. Public KeyEncryption
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 12/49
Public-Key Applications
Can classify uses into 3 categories:
o encryption/decryption (provide secrecy)
o digital signatures (provide authentication)
o key exchange (of session keys) Some algorithms are suitable for all uses, others are
specific to one
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 13/49
Algorithms’ use
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 14/49
Security of Public KeySchemes
Like private key schemes brute force exhaustive search
attack is always theoretically possible But keys used are too large (>512bits)
Security relies on a large enough difference in difficulty
between easy (en/decrypt) and hard (cryptanalyse)
problemsMore generally the hard problem is known, its just
made too hard to do in practise
Requires the use of very large numbers
Hence is slow compared to private key schemes
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 15/49
Modular Arithmetic
Public key algorithms are based on modular
arithmetic.
Modular addition.
Modular multiplication.
Modular exponentiation.
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 16/49
Modular Addition
Addition modulo (mod) K
o Poor cipher with (dk +dm) mod K , e.g., if K =10 and
dk is the key.
o Examples: 5+5=0, 9+9=8Additive inverse: addition mod K yields 0.
“Decrypt” by adding inverse.
o 7+4 =1 1+6 =7
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 17/49
Modular Multiplication
Multiplication modulo K
Multiplicative inverse: multiplication mod K yields 1
Only some numbers have inverse for example 3 - 7
Use Euclid ’s algorithm to find inverseo Given x, n, it finds y such that x∗y mod n = 1
All number relatively prime to n will have mod n
multiplicative inverse
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 18/49
Prime Numbers
Prime numbers only have divisors of 1 and self
o they cannot be written as a product of other
numbers
o note: 1 is prime, but is generally not of interest eg. 2,3,5,7 are prime, 4,6,8,9,10 are not
Prime numbers are central to number theory
List of prime number less than 200 is:
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 19/49
Prime Factorisation
to factor a number n is to write it as a product of
other numbers: n=a × b × c
note that factoring a number is relatively hard
compared to multiplying the factors together togenerate the number
the prime factorisation of a number n is when its
written as a product of primes
eg. 91=7×13 ; 3600=24×32×52
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 20/49
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 21/49
Fermat's Theorem
a p-1 mod p = 1
o where p is prime and gcd(a,p)=1
Also known as Fermat’s Little Theorem
Useful in public key and primality testing
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 22/49
Totient Function
x, m relative prime: no other common factor than 1 Totient function ø(n): number of integers less than n
relatively prime to n
o if n is prime, ø(n)=n-1o if n=p∗q, and p, q are primes, ø(n)=(p-1)(q-1)
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 23/49
Euler Totient Functionø(n)
When doing arithmetic modulo n
complete set of residues is: 0..n-1 reduced set of residues is those numbers (residues)
which are relatively prime to n
o eg for n=10,
o complete set of residues is {0,1,2,3,4,5,6,7,8,9}o reduced set of residues is {1,3,7,9}
Number of elements in reduced set of residues is called
the Euler Totient Function ø(n)
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 24/49
Euler Totient Functionø(n)
To compute ø(n) need to count number of elements to
be excluded in general need prime factorization, but
o for p (p prime) ø(p) = p-1
o for p.q (p,q prime) ø(p.q) = (p-1)(q-1)
eg.o ø(37) = 36
o ø(21) = (3–1)×(7–1) = 2×6 = 12
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 25/49
Euler's Theorem
A generalisation of Fermat's Theorem aø(n)mod N = 1
where gcd(a,N)=1
eg.a=3; n=10; ø(10)=4;
hence 34 = 81 = 1 mod 10
a 2 n 11 ø(11) 10
a=2;n=11; 11)=10;hence 210 = 1024 = 1 mod 11
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 26/49
Modular Exponentiation
x y mod n = x y mod ø(n) mod n for n prime and for square free
if y = 1 mod ø(n) then x y mod n = x mod n
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 27/49
RSA (Rivest, Shamir,Adleman)
The most popular one.
Support both public key encryption and digital signature.
Assumption/theoretical basis:o Factoring a big number is hard.
Variable key length (usually 512 bits).
Variable plaintext block size.
o Plaintext must be “smaller” than the key.
o Ciphertext block size is the same as the key length.
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 28/49
What Is RSA?
To generate key pair:o Pick large primes (>= 256 bits each) p and q
o Let n = p*q, keep your p and q to yourself!
o For public key, choose e that is relatively prime to
ø(n) =(p-1)(q-1), let pub = <e,n>o For private key, find d that is the multiplicative
inverse of e mod ø(n), i.e., e*d = 1 mod ø(n), let priv
= <d,n>
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 29/49
How Does RSA Work?
Given pub = <e, n> and priv = <d, n>o encryption: c = me mod n, m < n
o decryption: m = cd mod n
o signature: s = md mod n, m < n
o verification: m = se mod n
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 30/49
Why Does RSA Work?
Given pub = <e, n> and priv = <d, n>o n =p*q, ø(n) =(p-1)(q-1)
o e*d = 1 mod ø(n)
o xe∗d = x mod n
o encryption: c = me mod no decryption: m = cd mod n = me∗ d mod n = m mod n = m
(since m < n)
o digital signature (similar)
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 31/49
Why Is RSA Secure?
Factoring 512-bit number is very hard!
But if you can factor big number n then given public
key <e,n>, you can find d , hence the private key by:
o Knowing factors p, q, such that, n = p*q
o Then ø(n) =(p-1)(q-1)o Then d such that e*d = 1 mod ø(n)
Factoring n might not be the only way to break RSA
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 32/49
RSA Example
1. Select primes: p=17 & q=112. Compute n = pq =17×11=187
3. Compute ø(n)=( p– 1)(q-1)=16×10=160
4. Select e : gcd(e,160)=1; choose e=7
5. Determine d: de=1 mod 160 and d < 160 Value isd=23 since 23×7=161= 10×160+1
6. Publish public key KU={7,187}
7. Keep secret private key KR={23,187}
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 33/49
RSA Example cont
sample RSA encryption/decryption is:
given message M = 88 (nb. 88<187)
encryption:
C = 887 mod 187 = 11
decryption:M = 1123 mod 187 = 88
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 34/49
Example 2
Communication between Alice and Bob
Alice chooses:
o p=7, q=11. So n=77 and ø(n)=60
o gcd(e, 60)=1; choose e = 17
o de=1 mod 60 and d < 60 Value is d=53 since53×17=901= 15×60+1
Plaintext: HELLO WORLD
A – 00, …, Z -25, blank – 26
Plaintext: 07 04 11 11 14 26 22 14 17
11 03
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 35/49
Example 2 (cont.)
07
17
mod 77 =28, …, 0317
mod 77 = 75 Ciphertext : 28 16 44 44 42 38 22 42 19 44 75
No one would use RSA on blocks of small size
Open to rearrangements of blocks and language analysis
The plaintext is padded with random data to make up a block Include information about the order of blocks. If
rearranged the receiver will be aware
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 36/49
Example 3
RSA used for authenticationAlice encrypts HELLO WORLD with her private key:
o 0753 mod 77 =35, …, 0353 mod 77 = 75
o 35 09 44 93 12 24 94 04 05
Providing both confidentiality and authentication. Bob’s public key is 37 and private key is 13
The ciphertext is:
o (0753 mod 77)37 mod 77 = 07 … (0353 mod 77)37 mod 77
= 47
Bob decrypts: (0713 mod 77)17 mod 77 = 07 …
(4713 mod 77)17 mod 77 = 03
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 37/49
How Efficient are theRSA Operations?
Encryption and decryption should be very efficient,
because they will be routinely performed
Finding RSA keys (n,d,e) not very critical – it is doneless frequently.
Encryption and decryption:
o Raising a large number to a large power for example
12354 mod 678
o For RSA to be secure number with 150 digits raised in
power of 150 – it will take more than the life of the
universe
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 38/49
RSA Key Generation
Users of RSA must:o determine two primes at random - p, q
o select either e or d and compute the other
primes p,q must not be easily derived from modulus
N=p.qo means must be sufficiently large
o typically guess and use probabilistic test
exponents e, d are inverses, so use Inverse algorithm
to compute the other (Euclid’s algorithm)
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 39/49
RSA Security
Three approaches to attacking RSA:o brute force key search (infeasible given size of numbers)
o mathematical attacks (based on difficulty of computing
ø(N), by factoring modulus N)
o timing attacks (on running of decryption)
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 40/49
Factoring Problem
Mathematical approach takes 3 forms:o factor N=p.q, hence find ø(N) and then d
o determine ø(N) directly and find d
o find d directly
Currently believe all equivalent to factoringo have seen slow improvements over the years
• as of Aug-99 best is 130 decimal digits (512) bit with GNFS
o biggest improvement comes from improved algorithm
• cf “Quadratic Sieve” to “Generalized Number Field Sieve”
o barring dramatic breakthrough 1024+ bit RSA secure• ensure p, q of similar size and matching other constraints
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 41/49
Timing Attacks
Developed in mid-1990’s Exploit timing variations in operations
o eg. multiplying by small vs large number
o or time varying which instructions executed
Infer operand size based on time taken RSA exploits time taken in exponentiation
Countermeasures
o use constant exponentiation time
o add random delays
o blind values used in calculations
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 42/49
Diffie-Hellman KeyExchange
Shared key, public communication
No authentication of partners
What’s involved?o p is a prime (about 512 bits), and g < p
o p and g are publicly known
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 43/49
Diffie-Hellman KeyExchange
Procedure
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 44/49
DH Security - DiscreteLogarithm Is Hard
T = gs mod p
Conjecture: given T, g, p, it is extremely hard to
compute the value of s (discrete logarithm)
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 45/49
Diffie-Hellman Scheme Security factors
o Discrete logarithm very difficult.
o Shared key (the secret) itself never transmitted.
Disadvantages:
o Expensive exponential operation• DoS possible.
o The scheme itself cannot be used to encrypt anything – it
is for secret key establishment.
o No authentication, so you can not sign anything …
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 46/49
Diffie-Hellman in PhoneBook Mode
DH was subject to active man-in-the-middle attack
because their public key-component was intercepted
and substituted Phone book mode allows everyone to generate the
public key-component in advance and publish them
through other reliable means, e.g. <T B> for bob
All communicating parties agree on their common <g, p>
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 47/49
Encryption With Diffie-Hellman
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 48/49
Example
8/12/2019 Leksion 8 Public Key Algorithms
http://slidepdf.com/reader/full/leksion-8-public-key-algorithms 49/49
Summary
Public Key Cryptography?
Public Key Cryptography Applications
Modular arithmetic
RSA
Diffie-Hellman Key Exchange