Embed Size (px)
Citation preview
1
CSCD 434Spring 2012
Lecture 12 Cryptography – Asymmetric or Public
Key
S
A
R
RSA Inventors• The algorithm was publicly described in 1977– Ron Rivest, Adi Shamir, and Leonard
Adleman
from MIT– Letters RSA are the initials of their
surnames
Adi Shamir Ron Rivest Leonard Adleman 2
3
Introduction
• Traditional Encryption Algorithms– Symmetric Key encryption and popular
algorithms– Based on a secret shared key– DES, AES – Block Ciphers– Talk about these later …
• Today– Public key cryptography– Uses two keys, public and private keys– RSA, Diffie Hellman
Cryptographic Properties
• What do crypto properties dependent on?– The strength of the cryptographic
algorithms• Key length• Key strength–Ability to resist analysis
– Correctness of algorithm implementation• Based on following randomness
requirements
Random Number Generation
• Most crypto systems depend on Random Number Generation– Facts• No computer can generate true random
numbers in software• Pseudorandom generators create bit
strings for keys • Keys or parts of keys are used in nearly all
cryptography– Stream ciphers, block ciphers,
asymmetric methods
Random Number Generation
• Strength of cryptographic method depends on– Randomness of its keys,– Randomness of output cipher code
• Two main methods to generate randomness –What are they?
1. Algorithm or software - Pseudorandom Number Generators (PRNG)
2. Hardware devices - True Random Number Generators (TRN)
Next slides from Handbook of Applied Cryptography
http://www.cacr.math.uwaterloo.ca/hac/
Psedorandom Number Generation
A pseudorandom bit generator is said to pass all polynomial-time statistical tests if no polynomial-time algorithm can correctly distinguish between a generator output sequence and a truly random sequence of same length with probability significantly greater than 1/2
A pseudorandom bit generator is said to pass the next-bit test if there is no polynomial-time algorithm which, on input of the first L bits of an output sequence s, can predict the (L + 1) bit of s with probability significantly greater than 1/2
True Random Bit Generator
• Next Step up in Random Generation• A (true) random bit generator requires a
naturally occurring source of randomness• Designing hardware device or software
program to exploit this randomness and produce a bit sequence that is free of biases and correlations is a difficult task
True Random Bit Generator• Hardware-based random bit generators exploits
randomness which occurs in some physical phenomena
Examples of physical phenomena include
1. Elapsed time between emission of particles during radioactive decay
2. Thermal noise from a semiconductor diode or resistor
3. Frequency instability of a free running oscillator
4. Amount a metal insulator semiconductor capacitor is charged during a fixed period of time
5. Air turbulence within a sealed disk drive which causes random fluctuations in disk drive sector read latency times, and
6. Sound from a microphone or video input from a camera
True Random Bit Generator• Designing random bit generator in software is even
more difficult than in hardware.• Processes upon which software random bit generators
may be based include:
1. System clock
2. Elapsed time between keystrokes or mouse movement
3. Content of input/output buffers
4. User input, and
5. Operating system values like system load and network statistics
Behavior varies considerably depending on computer platform
May also be difficult to prevent an adversary from observing or manipulating these processes
Cryptographically Secure Pseudorandom Bit Generation
• A PRBG that passes next-bit test is called a cryptographically secure pseudorandom bit generator (CSPRBG)
• Which algorithms qualify as CSPRBG types of algorithms?– RSA– Blum-Blum-Shub pseudorandom–Micali-Schnorr pseudorandom bit
generator
Public Key Cryptographyor
Asymmetric Cryptography
Basis of Public Key Cryptography• Public Key Cryptography– Radical departure from traditional
symmetric crypto systems
• Strategy of Symmetric– Just make them more and more
complicated• Substitution and permutation• Substitute numbers, permute them, do this
many times in a serious of rounds– Public Key based on mathematical functions and number theory– Creates two separate keys
14
Symmetric Key Cryptography• Main Challenge • Get sender and receiver to agree on secret
key without anyone else finding out– Intercept key in transit, can later read, modify,
and forge all messages encrypted or authenticated using that key
– Problem - Generation, transmission and storage of keys• Key Management
– All keys in secret-key cryptosystem must remain secret
– Secret-key cryptography often has problems with secure key management
• Open systems with large number of users
15
Public Key Cryptography
• Public-key cryptosystems are networks of users rather than a single pair of users
• Each user has pair of keys associated with him/her– Public key• Published under the users name in a public directory accessible to anyone
– Private-key• Known only to the user
• Pair of keys generated by running key-generation algorithm
Public Key System
Bob
Alice
Carol
Denise
Public Directory
Public Key Treasure Chest
• Public key = Chest with open lock• Private key = Key to chest• Treasure = Message
• Encrypting with public key– Find chest with open lock– Put a message in it– Lock the chest
• Decrypting with private key– Unlock lock with key – Take contents out of the chest
18
Public Key Cryptography
• To solve key management problem• Whitfield Diffie and Martin Hellman introduced
concept of public-key cryptography in 1976•They were not the first to discover this ...
http://www.absoluteastronomy.com/topics/Cryptography
• Public-key cryptosystems have two primary uses, encryption and digital signatures
• Each person gets a pair of keys, a public key and a private key • Public key is published, while private key is kept secret• All communications involve only public keys,
no private key is ever transmitted or shared
19
Message Passing
• Only requirement is public keys be associated with their users in a trusted (authenticated) manner
• Anyone can send a confidential message by using public information,
• Message can only be decrypted with a private key, which is in sole possession of the intended recipient
• First, an article linked to Alice and Bobhttp://www.networkworld.com/news/2005/020705widernetaliceandbob.html
20
Message Passing
• For Alice to send a secret message to Bob:1. Alice passes secret message and Bob's
public key to encryption algorithm to construct encrypted message
2. Alice transmits encrypted message (perhaps via e-mail) to Bob
3. Bob decrypts transmitted, encrypted message with his private key and decryption algorithm
21
Alice and Bob Communicate• Alice wishes to communicate securely with Bob• She writes a message to Bob and encrypts it with
Bob’s public key
• She sends this message to Bob, who decrypts it with his private key
• If message intercepted while in transit, it cannot be read
22
Digital Signatures
• Want privacy of communications, also important to know with whom you are communicating
• Plus, important to know message content has not been altered in transmission
• Asymmetric encryption also used to provide confirmation of both– Source, who sent the message and– Integrity of message, message has not been
tampered with
• Accomplish this through use of digital signatures
23
Digital Signatures
• What is a digital signature?• A digital signature is digest, or hash, of
message encrypted with sender’s private key
• If Alice wishes to digitally sign message sent to Bob– She first creates hash of message– Then, encrypts it with her private key – This is the digital signature, which is attached
to message
• Message with signature attached is sent to Bob.
24
Alice Digitally Signs Message
Hash of Message
How does Bob prove its Alice?
25
Bob Authenticates Message• When Bob gets message, he decrypts digital
signature with Alice’s public key, recalculates hash of message itself, and compares two
• If results match, Bob knows that message is from Alice not from impostor, AND knows message has not been tampered with in transit
Requirements for Public-Key Cryptography
1.Easy for sender to generate ciphertext
2.Computationally easy to generate
key pair
3.Easy for receiver to decrypt ciphertext using
private key
Requirements for Public-Key Cryptography
4. Computationally infeasible to recover message
M, knowing it and ciphertext, C
5. Either of two keys can be used for encryption,
with other used for decryption
6. Computationally infeasible to determine private
key, knowing public key
28
Public Key Cryptography
• Technology Maturity• Public key cryptography has been in use for more
than 30 years– Whats it used for today?– SSH – Secure Sockets Layer (SSL) from Netscape– Pretty Good Privacy (or PGP) another popular
application of public key cryptography• Used to send confidential electronic mail and
digitally signing electronic documents• Plus number of commercial companies have become
third party providers of public key cryptography software including:– RSA Security, Inc, Sun Microsystems, Microsoft,
Entrust, Inc., and VeriSign, Inc.
29
Modulo Arithmetic• Before getting into Algorithms, Review
Basics– Modulo arithmetic is important– Most public key algorithms based on
modulo arithmetic• x mod n = remainder of x when divided by
n• Example: mod 10 addition
3 + 7 = 03 + 9 = 22 + 2 = 4
• Example: mod 10 multiplication 8 * 2 = 6 8 * 3 = 4
30
Modulo Arithmetic
– For crypto purposes interested in multiplicative inverses of mod arithmetic• Multiplicative inverse of a number is the number
you multiply to get 1x * 1/x = 1, another notation , x * x -1 = 1• Modulo arithmetic – no fractions• So, x -1 of number are primes with respect to a
given mod n• Example: mod 10, look for smallest m makes this
true7m mod 10 ≡ 1 3 is multiplicative inverse of 7, 9 is its own inverseWhat’s another one for 7?
• No obvious way to find multiplicative inverse mod n if n is large
31
Modulo Arithmetic
• Euclid’s Algorithm– Look up on your own if interested
http://en.wikipedia.org/wiki/Euclidean_algorithm
• Efficiently finds inverse mod n uses gcd gcd – greatest common devisor
– Given x and n it finds y such that x*y mod n = 1– First, find out ... How many numbers < n are relatively
prime to n?– Turns out all numbers relatively prime to n
will have multiplicative inverses and none of other numbers will, What is relatively prime?
Relatively Prime
• Definition– Describes two numbers for which only
common factor is 1. Relatively prime numbers have a greatest common factor (gcf) of 1– For example,• 6 and 35 are relatively prime (gcf = 1) while• 6 and 8 are not relatively prime (gcf = 2)
33
Modulo Arithmetic
• Turns out, Euler's totient function φ(n)
• Number of positive integers not larger than n that are coprime or relatively prime to n
• Useful for determining number of prime numbers – If n is prime, then all integers {1,2,3 ...
n-1} are relatively prime to n, so φ(n) = n-1
– If n is product of two primes, then n = pq,
and φ(n) = (p-1)(q-1)
34
Modulo Arithmetic
• Example:φ(10) = 4 {1,3,7,9}φ(21) = 12
{1,2,4,5,8,10,11,13,16,17,19,20}
• Also, exponentiation inverses are also special interest to public key cryptography
• Special case where y = 1 mod φ(n)
• if y = 1 mod φ(n) then for any number x,x y = x mod n
Modulo Arithmetic
• Used in Public Key Encryption!!
• There is a reason for this
35
36
RSA
• The RSA Public Key Cryptography was invented by Ronald Rivest, Adi Shamir, and Leonard Adelman in 1977
• Security based on difficulty of factoring
• Large prime numbers
• Public key, can be safely published for all to know, is used to encrypt the message
• Private key, which is held by owner, and which is never shown to anybody, is used to decrypt the message.
37
RSA
– 1024, 2048, 4096-bit keys common• Longer keys mean more security• Data must be < key length– But data size can vary too
• Ciphertext will be size of the key• Relatively Slow Algorithm–Many times ... used for encryption of the
secret key of a symmetric algorithm– Symmetric algorithm then used for
encryption
38
RSA
• Overview– Choose an integer e < n relatively prime
to n– Find second integer d, such that
ed mod φ(n) = 1– Public key is (e,n) and private key is d–m is message. So,
c = me mod n and m = cd mod n encryption decryption
Why Does RSA Work?
• Decoding is easy if you know d, but hard if you don't: – You have to figure out p-1 and q-1 – Which means you have to figure out p
and q – So you have to factor N and that's too hard!
40
RSA AlgorithmExample• First, generate a public Key and a Private key
Choose, two large prime numbers, p and q (they remain secret)To make example easy to follow small numbers are used
To find random primes, we start at a random number and go up ascending odd numbers until we find a prime
Lets have: p = 7 q = 19
2) Let n = pqn = 7 * 19 = 133 n is part of public key
3) Let m = (p - 1)(q - 1) = φ(n) m = (7 - 1)(19 - 1) = 6 * 18 = 108 m is used in calculation and is φ(n)
41
RSA Algorithm4) Choose a small number, e coprime to m
e coprime to m, means that the largest number that can exactly divide both e and m (their greatest common divisor, or gcd) is 1. Euclid's algorithm is used to find the gcd of two numbers, but the details are omitted here.– e = 2 => gcd(e, 108) = 2 (no)
e = 3 => gcd(e, 108) = 3 (no)e = 4 => gcd(e, 108) = 4 (no)e = 5 => gcd(e, 108) = 1 (yes!) e is part of public key
5) Find d, such that de mod m = 1This is equivalent to finding d which satisfies de = 1 + nm where n is any integer. We can rewrite this as d = (1 + nm) / e. Now we work through values of n until an integer solution for e is found:– n = 0 => d = 1 / 5 (no) d is private key
n = 1 => d = 109 / 5 (no)n = 2 => d = 217 / 5 (no)n = 3 => d = 325 / 5 = 65 (yes!)
42
RSA Algorithm
• Encryption Example– For this example, lets use the message
"6", P
C = Pe mod n = 65 mod 133 = 7776 mod 133 = 62
Public Keyn = 133e = 5
Secret Keyn = 133d = 65
43
RSA Algorithm
• Decryption• This works very much like encryption, but
involves a larger exponentiation, which is broken down into several steps.
• P = Cd % n = 6265 % 133 = 62 * 6264 % 133 = 62 * (622)32 % 133 = 62 * 384432 % 133 = 62 * (3844 % 133)32 % 133 = 62 * 12032 % 133
Public Keyn = 133e = 5
Secret Keyn = 133d = 65
44
RSA Algorithm
• We now repeat the sequence of operations that reduced 6265 to 12032 to reduce the exponent down to 1
• = 62 * 3616 % 133 = 62 * 998 % 133 = 62 * 924 % 133 = 62 * 852 % 133 = 62 * 43 % 133 = 2666 % 133 = 6
• And that matches the plaintext we put in at the beginning, so the algorithm worked!
Public Keyn = 133e = 5
Secret Keyn = 133d = 65
45
Security and Other Issued of Public Key Cryptography
46
Problems with Public Key
• Problems: – If a key is lost, all messages and signatures are
lost – If a key is compromised, all messages and
signatures are compromised – It's hard to revoke a key – It's hard to repudiate a key• Authentication – How do you know who you are talking to? Is that really Alice's public key? – Public key infrastructure, web of trust, digital
certificates Have to do with how Public Key algorithms
implemented
47
The RSA Algorithm (cont’d)
• The security of RSA– Brute force: This involves trying all
possible private keys.–Mathematical attacks: There are
several approaches, all equivalent to factoring product of two primes– Timing attacks: These depend on
running time of the decryption algorithm
48
The RSA Algorithm (cont’d)
• To avoid brute force attacks, use a large key
• To make n difficult to factor– p and q should differ in length by only a
few digits (both in the range of 1075 to 10100)– both (p-1) and (q-1) should contain a
large prime factor– gcd(p-1,q-1) should be small– should avoid e < n and d < n1/4
49
Timing Attacks
• Timing attacks are “side channel attack”– Attacker gains information from implementation
of cryptosystem, not from weakness mathematical properties of the system– Unintended channels of information arise due to• Way an operation is performed or the media used• Side channel attacks exploit information about
timing, power consumption, electromagnetic emanations or even sound to recover secret information about a cryptosystem
50
Timing Attacks
• Because of performance optimizations,– Computations of cryptographic algorithm
often take different amounts of time• Depends on input and value of secret parameter• If RSA private key operations can be timed
reasonably accurately• Some cases statistical analysis can be applied to
recover the secret key involved in the computations
Ref: P.Kocher, "Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems",
at www.cryptography.com/resources/whitepapers/
TimingAttacks.pdf
51
Next TimeSymmetric EncryptionEncryption ApplicationsReading: Course RelevantLinks page
Williams Stallings DESWikipedia AES PageWikipedia DES PageWikipedia PKI Page
Assignment: On Cryptography!
