Public Key EncryptionPublic Key Encryption
CS432 – Security in Computing
Copyright © 2005, 2008 by Scott Orr and the Trustees of Indiana University
Section OverviewSection Overview
Symmetric Key distribution issuesSymmetric Key distribution issues
Public Key encryptionPublic Key encryption
Digital Signatures and HashesDigital Signatures and Hashes
Key ManagementKey Management
ReferencesReferences Security in Computing, 3Security in Computing, 3rdrd Ed. Ed.
Chapter 2 (pgs. 73-88)Chapter 2 (pgs. 73-88) Chapter 10 (pgs. 637-642; 666-682)Chapter 10 (pgs. 637-642; 666-682)
Online ResourcesOnline Resources Why Johnny Can't Encrypt: A Usability EvWhy Johnny Can't Encrypt: A Usability Ev
aluation of PGP 5.0aluation of PGP 5.0, Alma Whitten, Carnegie Mellon , Alma Whitten, Carnegie Mellon UniversityUniversity
Shared Secret Key Shared Secret Key EncryptionEncryption
AliceAlice BobBob
CharlieCharlie ScottScott
• How does Alice distribute the key?How does Alice distribute the key?
• What happens if Scott leaves?What happens if Scott leaves?
Secret Key PairsSecret Key PairsAliceAlice BobBob
CharlieCharlie ScottScott
# of Keys = n * (n – 1)/2# of Keys = n * (n – 1)/2Where n is the # of usersWhere n is the # of users
Public-Key EncryptionPublic-Key Encryption
------------------------------------------------------------------------------------
EncryptionEncryption
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
------------------------------------------------------------------------------------
DecryptionDecryption
Recipient’sRecipient’sPublic KeyPublic Key
Recipient’sRecipient’sPrivate KeyPrivate Key
PlaintextPlaintext PlaintextPlaintextCiphertextCiphertext
PKE Algorithm ComponentsPKE Algorithm Components
One or more Prime NumbersOne or more Prime Numbers Large integer factoringLarge integer factoring Modular arithmeticModular arithmetic Example AlgorithmsExample Algorithms
Merkle-Hellman KnapsacksMerkle-Hellman Knapsacks Rivest-Shivar-Adelman (RSA)Rivest-Shivar-Adelman (RSA) Diffie-Hellman Key ExchangeDiffie-Hellman Key Exchange
Knapsack ConceptKnapsack Concept
Using each block only once, Using each block only once, which blocks could be which blocks could be combined to completely fill combined to completely fill this space without leaving any this space without leaving any open squares inside or block open squares inside or block parts outside the highlighted parts outside the highlighted area?area?
00
11
11
00
11
Merkle-Hellman KnapsacksMerkle-Hellman Knapsacks
Use 1 knapsack for encoding a Use 1 knapsack for encoding a messagemessage
Use a 2Use a 2ndnd knapsack for decoding knapsack for decoding The knapsacks are mathematically The knapsacks are mathematically
related to each otherrelated to each other Modulus Modulus nn Multiplier Multiplier ww
Simple Knapsack Simple Knapsack GenerationGeneration
Create a simple (superincreasing) Create a simple (superincreasing) knapsackknapsack Select a (small) initial numberSelect a (small) initial number Each new number is greater than the sum of all Each new number is greater than the sum of all
previous numbers.previous numbers.
S = [ 1, 2, 4, 8 ]S = [ 1, 2, 4, 8 ] Pick Pick nn and and ww
n is greater than the sum of Sn is greater than the sum of S n and w have no common factors n and w have no common factors Easiest way: set n to a prime numberEasiest way: set n to a prime number
n > 15; set n = 17 / Pick w < n; w = 7n > 15; set n = 17 / Pick w < n; w = 7
Hard Knapsack GenerationHard Knapsack Generation Hard knapsack is a function of S, w, and nHard knapsack is a function of S, w, and n
hhii = s = sii * w mod n * w mod n
hh11 = 1 * 7 mod 17 = 7 = 1 * 7 mod 17 = 7
hh22 = 2 * 7 mod 17 = 14 = 2 * 7 mod 17 = 14
hh33 = 4 * 7 mod 17 = 11 = 4 * 7 mod 17 = 11
hh44 = 8 * 7 mod 17 = 5 = 8 * 7 mod 17 = 5
H = [ 7, 14, 11, 5 ]H = [ 7, 14, 11, 5 ]
H becomes the public keyH becomes the public key S, n, and w together become the private S, n, and w together become the private
keykey
Encrypting a MessageEncrypting a Message Message is broken down in binary blocksMessage is broken down in binary blocks Block size = number of elements in HBlock size = number of elements in H Calculate sum of PT * H for each blockCalculate sum of PT * H for each block This becomes the encrypted messageThis becomes the encrypted message
SumSum11 = 7 + 11 + = 7 + 11 + 55
= 23= 23
SumSum22 = 14 + 11= 14 + 11 = 25= 25
SumSum33 = 7 + 11= 7 + 11 = 18= 18
SumSum44 = 14 + 5= 14 + 5 = 19= 19
PT = 1011 0110 1010 0101 / H = [ 7, 14, 11, 5 ]PT = 1011 0110 1010 0101 / H = [ 7, 14, 11, 5 ]
Message M = [ 23, 25, 18, 19 ]Message M = [ 23, 25, 18, 19 ]
Decrypting a MessageDecrypting a Message Need to find inverse v of w:Need to find inverse v of w:
w * v mod n = 1w * v mod n = 1 Use Extended Euclidean Algorithm to find vUse Extended Euclidean Algorithm to find v
7 * v mod 17 = 1; v = 57 * v mod 17 = 1; v = 5
Calculate new sum totals: MCalculate new sum totals: Mii * v mod n * v mod n
SumSum
11
= 23 * 5 mod = 23 * 5 mod 1717
= 13= 13
SumSum
22
= 25 * 5 mod = 25 * 5 mod 1717
= 6= 6
SumSum
33
= 18 * 5 mod = 18 * 5 mod 1717
= 5= 5
SumSum
44
= 19 * 5 mod = 19 * 5 mod 1717
= 10= 10
M = [ 23, 25, 18, 16 ] / Sumi = Mi * 5 mod 17
Decrypting the Message Decrypting the Message (con’t.)(con’t.)
To get the plaintext, we now use STo get the plaintext, we now use SS * PTS * PTii = Sum = Sumii
SumSum11 = 13 = [ 1, 2, 4, 8 ] * PT = 13 = [ 1, 2, 4, 8 ] * PT11; PT; PT11 = [1011] = [1011]
SumSum22 = 6 = [ 1, 2, 4, 8 ] * PT = 6 = [ 1, 2, 4, 8 ] * PT22; PT; PT22 = [0110] = [0110]
SumSum33 = 5 = [ 1, 2, 4, 8 ] * PT = 5 = [ 1, 2, 4, 8 ] * PT33; PT; PT33 = [1010] = [1010]
SumSum44 = 10 = [ 1, 2, 4, 8 ] * PT = 10 = [ 1, 2, 4, 8 ] * PT44; PT; PT44 = [0101] = [0101]
PT = 1011 0110 1010 0101PT = 1011 0110 1010 0101
RSA Public Key EncryptionRSA Public Key Encryption
Developed by MIT professors Ron Rivest, Developed by MIT professors Ron Rivest, Adi Shamir and Len Adleman (1977)Adi Shamir and Len Adleman (1977)
Message blocks treated as a large number Message blocks treated as a large number less that some number less that some number nn
Block size 2Block size 2kk bits bits 2 2kk < n < 2 < n < 2k+1k+1
Relies on:Relies on: Large prime numbersLarge prime numbers Large number factoringLarge number factoring Modular arithmeticModular arithmetic
RSA Key GenerationRSA Key Generation
Select 2 prime numbers, p and qSelect 2 prime numbers, p and q Let n = p * qLet n = p * q Let Let (n) = (p – 1)(q – 1)(n) = (p – 1)(q – 1) Pick e that is Pick e that is relatively primerelatively prime to to (n)(n) Find d Find d d = e d = e-1-1 mod mod (n) (n) de = 1 mod de = 1 mod
(n)(n) Generated keys:Generated keys:
Public: e & nPublic: e & n Private: d & n Private: d & n
RSA Encryption & RSA Encryption & DecryptionDecryption
Encryption:Encryption: Break message into M sized blocks < nBreak message into M sized blocks < n Cipher C = MCipher C = Mee mod n mod n
Decryption:Decryption: Message M = CMessage M = Cdd mod n mod n
RSA ExampleRSA Example
Key Generation:Key Generation: Let p = 5 and q = 11Let p = 5 and q = 11 N = 5 * 11 = 55N = 5 * 11 = 55 (n) = (5 – 1)(11 – 1) = 40(n) = (5 – 1)(11 – 1) = 40 Let e = 3Let e = 3 Find d Find d 3d = 1 mod 40; d = 27 3d = 1 mod 40; d = 27
Encrypt M = 5 Encrypt M = 5 C = 5 C = 533 mod 55 = 15 mod 55 = 15 Decrypt C Decrypt C M = 15 M = 152727 mod 55 = 5 mod 55 = 5
Digital SignaturesDigital Signatures
------------------------------------------------------------------------------------
HashHashEncryptionEncryption
------------------------------------------------++++++++++++++++++++++++
------------------------------------------------------------------------------------
HashHashDecryptionDecryption
Sender’sSender’sPrivate KeyPrivate Key
Sender’sSender’sPublic KeyPublic Key
PlaintextPlaintext PlaintextPlaintextSignedSignedMessageMessage
Hash FunctionsHash Functions
Accept messages of Accept messages of anyany size and size and generated a small, fixed size outputgenerated a small, fixed size output
One way functionOne way function Easy and fast to calculateEasy and fast to calculate Collision ResistantCollision Resistant
XOR ExampleXOR Example
Break message into fixed length Break message into fixed length blocksblocks
XOR first element of all blocksXOR first element of all blocks Repeat for all elementsRepeat for all elements
GG 0 1 0 0 0 1 1 10 1 0 0 0 1 1 1oo 0 1 1 0 1 1 1 10 1 1 0 1 1 1 1nn 0 1 1 0 1 1 1 00 1 1 0 1 1 1 0oo 0 1 1 0 1 1 1 10 1 1 0 1 1 1 1ww 0 1 1 0 0 1 1 10 1 1 0 0 1 1 1
0 1 0 1 1 1 1 00 1 0 1 1 1 1 0 55 E E
Source: Source: Classical and Contemporary CryptologyClassical and Contemporary Cryptologyby Richard J. Spillmanby Richard J. Spillman
Not very collision resistant!!!Not very collision resistant!!!
MD5 HashMD5 Hash Developed by Ron RivestDeveloped by Ron Rivest Generates a 128-bit hashGenerates a 128-bit hash InitializationInitialization
Pad message (1 followed by Pad message (1 followed by nn 0s) such that the 0s) such that the message size is 448 mod 512message size is 448 mod 512
(message size) mod 2(message size) mod 26464 appended to message appended to message as 64-bit numberas 64-bit number
4 32-bit registers used store intermediate and 4 32-bit registers used store intermediate and final resultsfinal results
512-bit message block processed in 4 rounds, 512-bit message block processed in 4 rounds, each consisting of 16 stageseach consisting of 16 stages
BlockBlockii
DD
CC
BB
AA
MD5 RoundsMD5 Rounds
FFT[1..16]T[1..16]
++
++
++
++
DD
CC
BB
AA
GGT[17..32]T[17..32]
HHT[33..48]T[33..48]
IIT[49..64]T[49..64]
CVCVii CVCVi+1i+1
GG
MD5 StageMD5 Stage
DD
CC
BB
AA ++ ++ ++ RotRot ++
BlockBlockii[k][k] T[j]T[j]
DD
CC
BB
AA
Birthday ParadoxBirthday Paradox
El Gamal KeysEl Gamal Keys
Choose a large prime number, Choose a large prime number, pp, , such that (such that (pp – 1) has a large prime – 1) has a large prime factor, factor, qq
Select 2 integers, Select 2 integers, xx and and aa, such that , such that x < p and a < p.x < p and a < p.
Calculate y = aCalculate y = axx mod p mod p Private Key: xPrivate Key: x Public Key: y, p, aPublic Key: y, p, a
El Gamal SignaturesEl Gamal Signatures
Used to sign message, Used to sign message, mm Select an integer Select an integer kk such that: such that:
0 < k < p – 10 < k < p – 1 Not used previouslyNot used previously Relatively prime to (p – 1)Relatively prime to (p – 1)
Message signature is Message signature is r r and and ss r = ar = akk mod p mod p s = ks = k-1-1(m – xr) mod (p – 1)(m – xr) mod (p – 1)
El Gamal Signatures (Con’t)El Gamal Signatures (Con’t)
Checked:Checked: Calculate yCalculate yrrrrss mod p mod p Should be same as aShould be same as amm mod p mod p
Digital Signature Standard (DSS)Digital Signature Standard (DSS) Based on El GamalBased on El Gamal 22511511 < p < 2 < p < 2512512
22159159 < q < 2 < q < 2160160
Uses a hash (SHA-1) instead of mUses a hash (SHA-1) instead of m q, instead of (p – 1) is used to calculate r and sq, instead of (p – 1) is used to calculate r and s
Diffie-Hellman Key Diffie-Hellman Key ExchangeExchange
Bob and Alice together select a prime number, p, Bob and Alice together select a prime number, p, and a base, gand a base, g
Alice:Alice: Selects secret number aSelects secret number a Sends Bob gSends Bob gaa mod p mod p
Bob:Bob: Selects secret number bSelects secret number b Sends Alice gSends Alice gbb mod p mod p
Shared secret: kShared secret: k k = (gk = (gaa mod p) mod p)bb mod p = (g mod p = (gbb mod p) mod p)aa mod p mod p Used as key in symmetric cryptography algorithmUsed as key in symmetric cryptography algorithm
““Pretty Good Privacy”Pretty Good Privacy”
Freely available PKE systemFreely available PKE system Minimizes email forgingMinimizes email forging Promotes privacyPromotes privacy Requires a Requires a Circle of TrustCircle of Trust AlternativesAlternatives
MIME Object Security Services (MOSS)MIME Object Security Services (MOSS) Security Multiparts for MIME (S/MIME)Security Multiparts for MIME (S/MIME)
Public Key DistributionPublic Key Distribution
Sent via disk/emailSent via disk/email Downloaded from web pageDownloaded from web page Public Key ServerPublic Key Server Fingerprints and key signingFingerprints and key signing Public Key InfrastructurePublic Key Infrastructure
Certificate AuthoritiesCertificate Authorities Registration AuthoritiesRegistration Authorities Certificate Distribution SystemCertificate Distribution System Key EscrowKey Escrow