Public Key Cryptography

INFSCI 1075: Network Security – Spring 2013

Amir Masoumzadeh

2

What we have looked at so far

CRYPTOLOGY

CRYPTOGRAPHY CRYPTANALYSIS

Private Key(Secret Key)

Public Key

Block Cipher Stream Cipher Integer Factorization

Discrete Logarithm

3

Outline Problems with secret key schemes Public key cryptography

Integer factorization Discrete logarithms

How to achieve confidentiality, authentication, or both

4

Conventional Encryption Model

Encrypt Decrypt

Key Source

Insecure channel

Alice Bob

yx x

y = ek (x) : Ciphertextx = dk (y) : Plaintext

k k

Oscar

Secure Channel

5

Secret Key Cryptosystems Block ciphers and stream ciphers Use the same secret key on both sides for

encryption and decryption Operations for ek and dk are identical A separate key for each communication

Alice

Bob

Carol

Kbob&CarolKAlice&Bob

KAlice&Carol

6

Problems with Secret Key Schemes Key distribution and management is a

problem If the key is disclosed, communications are

compromised How many secret keys do we need?

How to provide non-repudiation? What if a receiver forges a message and claims

that is sent by a sender! Both have access to the secret key!

Authentication, which secret key cryptosystems do not provide

7

Problems with Secret Key Schemes (cont.) A secret key algorithm

implies every pair of communicating entities share a secret key

Total number of keys is O(n2) For n users, we need

n(n – 1)/2 pairs of keys

It is like having a mailbox for EACH pair of communicating people

Alice Bob

Carol Dan

8

Solution One mailbox for one person Make a SLOT in the mailbox Everyone (including Oscar) can deposit

messages in the mailbox Only the owner of the mailbox can recover the

messages So now for n users we only need n mailboxes

and n keys

9

Why Public Key Cryptography? Developed to address two key issues:

Key distribution – how to have secure communications in general without having to trust a KDC with your key (Confidentiality)

Digital signatures – how to verify a message comes intact from the claimed sender (non-repudiation)

10

Public Key Cryptography Pioneered by Whitfield Diffie and Martin Hellman in

1976 Public-key / two-key / asymmetric cryptography

involves the use of two keys: Public-key (KU)

Is known to everyone, used to encrypt messages and verify signatures

(Slot in the mailbox) Private-key (KR)

known only to the recipient, used to decrypt messages and sign (create signatures)

(Actual key to open the mailbox)

Public Key Cryptography is asymmetric because Those who encrypt messages or verify signatures cannot

decrypt messages or create signatures

11

Public Key Encryption Model

Encrypt Decrypt

Insecure channel

Alice Bobyx x

y = eku (x) : Ciphertextx = dkr (y) : Plaintext

kubobkrbob

Oscar knows kubob

12

Requirements It is easy to encrypt using the public key KU It is easy to decrypt using the private key KR It is computationally infeasible to determine

the private key given the public key It is computationally infeasible to determine

the plaintext x given the ciphertext y and the public key KU

It should be easy to generate a public key-private key pair

Encryption and decryption should be inverse functions dKR(eKU(x)) = x

13

What can satisfy these requirements? There is a need for a mathematical

function unlike secret key cryptosystems One way functions:

Every function value has a unique inverse Calculating y = f (x) is easy Calculating x = f -1(y) is not feasible

Examples: Integer factorization Discrete logarithms

14

Integer Factorization Multiplication is easy

7 17 109 151 = 195821 Integer factorization is difficult

30616693 = ? ? ? ? Answer: 47 59 61 181

Used in RSA

15

Discrete Logarithm EASY: Modular exponentiation

223 mod 109 = ? 223 = 8388608 77 mod 109

DIFFICULT: Discrete logarithm 2x mod 109 = 68 : Find x x = log2 68 mod 109 One way to solve it: Brute Force Answer: x = 15

Used in Diffie-Hellman Key Exchange, ElGamal Encryption Scheme, and Elliptic Curves

16

Trapdoor One-Way Functions A special kind of one-way function that is hard

to invert unless some secret information, called the trapdoor, is known

Every function value has a unique inverse There are two related keys k1 and k2

Calculating y = f (k1, x) is easy

Calculating x = f -1(k2, y) is easy if k2 is known. It is infeasible if k2 is not known and only k1 is known Finding k2 given k1 is very hard

17

Providing Confidentiality

plaintextmessage, m

ciphertextencryptionalgorithm

decryption algorithm

Bob’s public key

plaintextmessage

eKU (m)

KUB

Bob’s privatekey

KRB

m = dKR ( eKU (m) )BB B

18

Providing Authentication

plaintextmessage, m

ciphertextencryptionalgorithm

decryption algorithm

plaintextmessage

Alice’s public key KUA

Alice’s private key

KRA

Bob’s public key

KUB

Bob’s privatekey

KRB

m = dKR ( eKU (m) )B B

eKR (m)B

19

Providing Authentication & Confidentiality

plaintextmessage, m

encryptionalgorithm

encryptionalgorithm

decryption algorithm

C decryption algorithm

plaintextmessage

C ’C

eKR (m)A

eKU ( eKR (m) )B A

dKR ( eKU ( eKR (m) ) )B AB

dKU ( eKR (m) )A A

20

Remarks Single most major advance in cryptography Much slower than private key cryptosystems

Used primarily for signatures and key exchange rather than bulk data encryption

Vulnerable to brute force attacks Vulnerable to mathematical analysis

Note that KU and KR are related Key sizes are much larger than those in secret key

algorithms Probable message attack

KU is known If the number of messages is small, Oscar can encrypt

all possible messages to break the system

21

Public Key Algorithms and Security Three different popular algorithms

RSA (integer factorization) ElGamal (discrete logarithms on prime number

fields) Menezes-Vanstone (discrete logarithms on elliptic

curves) Keys sizes for security

1024 bits for RSA and ElGamal 160 bits for Menezes-Vanstone 80 bits for block ciphers