Upload
abrasaxeimi370
View
213
Download
0
Embed Size (px)
Citation preview
7/29/2019 Public+Key+Cryptography
1/7
S. Erfani, ECE Dept., University of Windsor 0688-558-01 Network Security
September, 2008 1
Public Key Cryptography
5.1 Introduction
Public-key encryption finds use in message authentication and keydistribution. In this chapter, we look at motivation for public-key encryptionand then examine the most important public-key algorithms, namely, RSAand DiffieHellman. We introduce applications such as digital signatures.
Note that if three users, Alice, Bob, and Casey want to exchangeinformation securely, three keys required; call these keys kAB, kAC, kBC. Ifwe add a fourth user, Dana, and establish channels with the other threeusers, another key is required, one to connect Dana to each of the existingthree users. Each time we add a new user to a system of n users , nadditional keys are needed.
In general, an n-user system requires n x (n-1) / 2 keys. Therefore:
a) As the number of users grows, the number of keys increasesvery rapidly.
b) Determining and distributing these keys is a problem.c) Maintaining security for the keys already distributed and
inventory them is a serious problem.
Definition 1: Asymmetric Encryption System
In this cryptosystem each user has two keys; a public key and aprivate key. The user publish the public key freely. The keys operate asinverse. Let kub be users public key, and let KRb be the correspondingprivate key. Then,
P = dkRb(ekUb (P))
That is, a user can decrypt with a private key what someone else hasencrypted with the corresponding public key. Futhermore,
P = dkUb (ekRb (P))
The public-key cryptosystem is shown in Figure1 (below). There is asource Alice, which produces a message in plaintext, X = [X1, X2, ---, Xn].
7/29/2019 Public+Key+Cryptography
2/7
S. Erfani, ECE Dept., University of Windsor 0688-558-01 Network Security
September, 2008 2
Source A Destination B
Figure1: Public Key Cryptosystem
The M elements of X are letters of alphabet. The message is intended fordestination Bob. Bob generates a related pair of keys: a public key and aprivate key, KRb. KRb is known only to Bob, whereas KUb is publiclyavailable and therefore accessible by Alice. With the message X and theencryption key KUb as input, Alice forms the ciphertext Y = [ Y1, Y2, -----,YM]
Y = eKUb (X)
The intended receiver, i.e., Bob, in procession of the matching private key,
is able to invert the transformation:
X = dKRb ( Y )
An opponent, Oscar, observing Y and having access to KUb but nothaving access to KRb or X, tries to recover X and/or KRb. It is alsoassumed that Oscar does have knowledge of the encryption and
Message Source
Key Pair Source
Encryption
AlgorithmDecryption
Algorithm
Destinatio
Cryptanalyst
X Y
KUb
^X
^KRb
KRb
X
7/29/2019 Public+Key+Cryptography
3/7
S. Erfani, ECE Dept., University of Windsor 0688-558-01 Network Security
September, 2008 3
decryption algorithms. Thus, Oscar attempts to recover X and KRb bygenerating estimates X and KRb.
5.2 Authentication Using Public-Key CryptoSystem
We mentioned earlier that either of the two related keys can be used forencryption, with the other being used for decryption. This enables aneffective authentication scheme to be implemented as shown in Fig 2 ( onthe next page ).
In this case Alice prepares a message to Bob and encrypt it using Alicesprivate key before transmitting it :
Y = eKRa (X)
Source A Destination B
Figure2: Authentication using Public-Key Cryptosystem
Message Source
Key Pair Source
Encryption
Algorithm
Decryption
Algorithm
Destinatio
Cryptanalyst
X Y
^KRa
KUa
X
KRa
7/29/2019 Public+Key+Cryptography
4/7
S. Erfani, ECE Dept., University of Windsor 0688-558-01 Network Security
September, 2008 4
Bob can decrypt the message using Alices public key. Because themessage was encrypted using Alices private key, only Alice could haveprepared the message. Therefore, the entire encrypted message servesas a digital signature. In addition, it is impossible to alter the messagewithout access to Alices private key, so the message is authenticated
both in terms of source and in terms of data integrity.
Note 1:A more efficient way of achieving the same results is to encrypt asmall block of hits that is a function of the plaintext. Such a block, calledan authentication, must have the property that it is infeasible to change theplaintext document without changing the authentication. If theauthentication is encrypted with the renders private key, it serves as asignature that verifies origin, content and sequencing.
Definition2 Digital Signature
The render signs a message with its private key. Signing is achieved by acryptographic algorithm applied to the message or to a small block of datathat is a function of the message.
Note 2: As noticed, the authentication process just described does notprovide confidentiality. That is, the message being sent is safe fromalteration but not from eavesdropping. It is, however, possible to provideboth the authentication and confidentiality by a double use of the public-key scheme, as described below.
5.3 Secrecy and Authentication Using Public Key Cryptosystem
As shown in figure 3, in this case, we begin as before by encrypting amessage, using the senders private key, KRa:
Source A Destination B
X Y Z Y X
Message
source
Encryption
Algorithm
Decryption
Algorithm
Decryption
Algorithm
Encryption
Algorithm
Message
Destination
Key Pair
Source
KRa
KRbKUb
7/29/2019 Public+Key+Cryptography
5/7
S. Erfani, ECE Dept., University of Windsor 0688-558-01 Network Security
September, 2008 5
Figure 3. Secrecy and Authentication
Y = eKRa (X)
This provides the digital signature. Next, we encrypt again, using thereceivers public key, KUb:
Z= eKUb (Y) = eKUb (eKRa (X))
The final ciphertext, Z, can be decrypted only by the intended receiver,
who has alone the matching private key KRb and public key of thereceiver, KUa:
X = dKUa (Y) = dKUa (dKRb (Z))Thus, confidentiality is provided. The disadvantage of this approach is thatthe public-key algorithm, which is complex, must be exercised four timesthan two in each communication.
5.4 Requirements for Public-Key cryptosystem
The cryptosystem shown in figs. 1-3 depends on a cryptographic algorithmbased on two related key, Driffine and Hellman postulated system without
demonstrating that such algorithms exist. However, they did lay out the
conditions that such algorithms must fulfill in their paper published in 1976as:
(1) It should be computationally easy for a party, Bob, to generate a pair(Public Key KUb, Private Key KRb).
Key Pair
Source
KUa
7/29/2019 Public+Key+Cryptography
6/7
S. Erfani, ECE Dept., University of Windsor 0688-558-01 Network Security
September, 2008 6
(2) It should be computationally easy for a sender Alice, knowing thepublic key and the message to be encrypted, M, to generate the
corresponding ciphertext:
C= eKUb
(M)
(3) It is computationally easy for the receiver Bob to decrypt the resultingciphertext using the private key to recover the original message:
M= dKRb(c) = dKRb (eKUb(M))
(4) it should be computationally infeasible for an opponent, Oscar,knowing the public key, KUb, to determine the private key, KRb.
(5) It should be computationally infeasible for an opponent, Oscar,
knowing the public key, KUb and a ciphertext, C, to recover the originalmessage, M.
We added a 6th requirement that, although useful, is not necessary for allpublic-key applications:
(6) The encryption and decryption function can be applied in either order:
M= eKUb(dKRb (M))
Note 1: The requirements boils down to the need for a trap-door one-way
function. A one-way function (not to be confused with one-way hashfunction!) is one that maps a domain into a range such that every functionvalue has a unique inverse, such that the calculation of the function isinfeasible:
Y = f (x) easy
X = f-1(Y) infeasible
Note 2: Generally, easy is defined to mean a problem that can be solvedin polynomial time as a function of input length. Such algorithms belong to
the class P.
Note 3: In general, we can say a problem is infeasible if the effort to solveit grows faster than polynomial time as s function of input size.
Note 4: A trap-door one-way function is a family of invertible function fk(.),such that:
7/29/2019 Public+Key+Cryptography
7/7
S. Erfani, ECE Dept., University of Windsor 0688-558-01 Network Security
September, 2008 7
Y = fk(X) easy, if k and X are known.
X = fk-1(X) easy, if k and Y are known.
X = fk-1(X) infeasible, if Y is known but k is not known.
Note 5: The development of a practical public-key scheme depends ondiscovery of a suitabletrap-door one-way function.