Upload
calvin-maxwell
View
228
Download
0
Embed Size (px)
Citation preview
Public Key Cryptography
symmetric key crypto• requires sender,
receiver know shared secret key
• Q: how to agree on key in first place (particularly if never “met”)?
public key cryptography• radically different
approach [Diffie-Hellman76, RSA78]
• sender, receiver do not share secret key
• public encryption key known to all
• private decryption key known only to receiver
Public key cryptography
plaintextmessage, m
ciphertextencryptionalgorithm
decryption algorithm
Bob’s public key
plaintextmessageK (m)
B+
K B+
Bob’s privatekey
K B-
m = K (K (m))B+
B-
Public key encryption algorithms
need K ( ) and K ( ) such thatB B
. .
given public key K , it should be impossible to compute private key K
B
B
Requirements:
1
2
RSA: Rivest, Shamir, Adelson algorithm
+ -
K (K (m)) = m BB- +
+
-
RSA: Choosing keys1. Choose two large prime numbers p, q. (e.g., 1024 bits each)
2. Compute n = pq, z = (p-1)(q-1)
3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”).
4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ).
5. Public key is (n,e). Private key is (n,d).
K B+ K B
-
RSA: Encryption, decryption0. Given (n,e) and (n,d) as computed above
1. To encrypt bit pattern, m, compute
c = m mod n
e (i.e., remainder when m is divided by n)e
2. To decrypt received bit pattern, c, compute
m = c mod n
d (i.e., remainder when c is divided by n)d
m = (m mod n)
e mod n
dMagichappens!
c
RSA: Why is that m = (m mod
n)
e mod n
d
(m mod n)
e mod n = m mod n
d ed
Useful number theory result: If p,q prime and n = pq, then:
x mod n = x mod ny y mod (p-1)(q-1)
= m mod n
ed mod (p-1)(q-1)
= m mod n1
= m
(using number theory result above)
(since we chose ed to be divisible by(p-1)(q-1) with remainder 1 )
RSA: another important property
The following property will be very useful later:
K (K (m)) = m BB
- +K (K (m))
BB+ -
=
use public key first, followed
by private key
use private key first,
followed by public key
Result is the same!
Public-Key Cryptography Principles
• The use of two keys has consequences in: key distribution, confidentiality and authentication.
• The scheme has six ingredients (see Figure 3.7)
– Plaintext
– Encryption algorithm
– Public and private key
– Ciphertext
– Decryption algorithm
Applications for Public-Key Cryptosystems
• Three categories:– Encryption/decryption: The sender encrypts a
message with the recipient’s public key.– Digital signature: The sender ”signs” a
message with its private key.– Key exchange: Two sides cooperate to
exhange a session key.
Requirements for Public-Key Cryptography
1. Computationally easy for a party B to generate a pair (public key KUb, private key KRb)
2. Easy for the sender to generate ciphertext:
3. Easy for the receiver to decrypt ciphertect using private key:
)(MEC KUb
)]([)( MEDCDM KUbKRbKRb
Requirements for Public-Key Cryptography
4. Computationally infeasible to determine private key (KRb) knowing public key (KUb)
5. Computationally infeasible to recover message M, knowing KUb and ciphertext C
6. Either of the two keys can be used for encryption, with the other used for decryption:
)]([)]([ MEDMEDM KRbKUbKUbKRb
Public-Key Cryptographic Algorithms
• RSA and Diffie-Hellman • RSA - Ron Rives, Adi Shamir and Len Adleman
at MIT, in 1977.– RSA is a block cipher– The most widely implemented
• Diffie-Hellman – To exchange securely a secret key– Compute discrete logarithms
The RSA Algorithm – Key Generation
1. Select p,q p and q both prime2. Calculate n = p x q3. Calculate 4. Select integer e5. Calculate d6. Public Key KU = {e,n}7. Private key KR = {d,n}
)1)(1()( qpn)(1;1)),(gcd( neen
)(mod1 ned
RSA Example
1. Select primes: p=17 & q=11
2. Compute n = pq =17×11=187
3. Compute ø(n)=(p–1)(q-1)=16×10=160
4. Select e : gcd(e,160)=1; choose e=7
5. Determine d: de mod160=1 and d < 160 Value is d=23 since 23×7=161= 10×160+1
6. Publish public key KU={7,187}
7. Keep secret private key KR={23,187}
RSA Example cont
• sample RSA encryption/decryption is:
• given message M = 88 (nb. 88<187)
• encryption:C = 887 mod 187 = 11
• decryption:M = 1123 mod 187 = 88
RSA Key Generation
• users of RSA must:– determine two primes at random - p, q – select either e or d and compute the other
• primes p,q must not be easily derived from modulus N=p.q– means must be sufficiently large– typically guess and use probabilistic test
• exponents e, d are inverses, so use Inverse algorithm to compute the other
RSA Security
• three approaches to attacking RSA:– brute force key search (infeasible given size of
numbers)– mathematical attacks (based on difficulty of
computing ø(N), by factoring modulus N)– timing attacks (on running of decryption)
Diffie-Hellman Key Exchange
• first public-key type scheme proposed • by Diffie & Hellman in 1976 along with the
exposition of public key concepts– note: now is known that James Ellis (UK
CESG) secretly proposed the concept in 1970
• is a practical method for public exchange of a secret key
• used in a number of commercial products
Diffie-Hellman Key Exchange
• a public-key distribution scheme – cannot be used to exchange an arbitrary message – rather it can establish a common key – known only to the two participants
• value of key depends on the participants (and their private and public key information)
• based on exponentiation in a finite (Galois) field (modulo a prime or a polynomial) - easy
• security relies on the difficulty of computing discrete logarithms (similar to factoring) – hard
Diffie-Hellman Setup
• all users agree on global parameters:– large prime integer or polynomial q– α a primitive root mod q
• each user (eg. A) generates their key– chooses a secret key (number): xA < q
– compute their public key: yA = αxA mod q
• each user makes public that key yA
Diffie-Hellman Key Exchange
• shared session key for users A & B is KAB:
KAB = αxA.xB mod q
= yA
xB mod q (which B can compute)
= yB
xA mod q (which A can compute)
• KAB is used as session key in private-key encryption scheme between Alice and Bob
• if Alice and Bob subsequently communicate, they will have the same key as before, unless they choose new public-keys
• attacker needs an x, must solve discrete log
Diffie-Hellman Example
• users Alice & Bob who wish to swap keys:• agree on prime q=353 and α=3• select random secret keys:
– A chooses xA=97, B chooses xB=233
• compute public keys:– yA=3
97 mod 353 = 40 (Alice)
– yB=3233 mod 353 = 248 (Bob)
• compute shared session key as:
KAB= yB
xA mod 353 = 24897 = 160 (Alice)
KAB= yA
xB mod 353 = 40233 = 160 (Bob)