Publickey Encryption

1
Public-key Encryption
Problems with symmetric (private-key) encryption
1) secure distribution of keys
2) large number of keys
Solution to both problems Public-key
(asymmetric) encryption
keypub
keypriv
D( E(message, kpub), kpriv) message
2
Data transmission via public-key encryption
Every user maintains a unique pair of keys one
private and one public.
Public keys are available for anyone to use.
For Lena to send a message to Ole, she first
encrypts using Oles public key. This
ensures that only Ole will be able to read the
message.
Note that this preserves data confidentiality,
but does not ensure authenticity.
3
Public-key Encryption - the Concept
Proposed in 1976 by Witfield Diffie Martin
Hellman
Necessary Properties
Computationally easy to generate a pair of keys
-- (Kpub, Kpriv)
Computationally easy to encrypt --
E(plaintext, Kpub) ? ciphertext
Computationally easy to decrypt --
D(ciphertext, Kpriv) ? plaintext
Computationally infeasible to determine Kpriv,
even knowing E, D, and Kpub
Computationally infeasible to decrypt without
Kpriv, even knowing E, D, and Kpub
An Additional Useful Property
Keys can be used in the opposite order for
encryption/decryption -- D( E(plaintext, Kpriv),
Kpub) ? plaintext
4
RSA Algorithm
Rivest-Shamir-Adelman (1978) is the best known of
current public-key encryption methods.
Begin with two large primes (p and q).
n pq (Note that n should be more
than 200 digits - roughly 512 bits.)
Select e relatively prime to (p-1)(q-1).
Select d so that (ed) mod ((p-1)(q-1)) 1.
public key (e, n) private key (d, n)
Encryption Algorithm (apply to each part of the
transmission)
E(message, e, n) (messagee) mod n
Decryption Algorithm (apply to each part of the
transmission)
D(message, d, n) (messaged) mod n
Side note (p-1)(q-1) comes from Eulers
definition of totient ?(n) number of positive
integers less than n that are relatively prime to
n.
more theory www. di-mgt.com.au/rsa_theory.html
5
Example (note that numbers are artificially
small.)
p 2
q 17
Therefore, n pq 34
Select e 3
Note that (p-1)(q-1) 16. (3 and 16 are
relatively prime.)
d 11 because ed 311 33 and 33 mod 16
1
Treat alphabet as integers from zero, and include
blank
HI MOM SEND
3 2 32 28 24 28 32 18 30 21 27
3 2 32 28 24 28 32 18 30 21 27
7 8 26 12 14 12 26 18 4 13 3
6
RSA Cryptanalysis
Issues 1) The values of p, q, and ?(n) are not
divulged. 2) Cryptanalysis of RSA accomplished
by finding the prime factors of a large
number. 3) Factoring is not known to be an NP
problem, but the best known algorithms are
exponential. 4) To date no serious security
flaws have been discovered.
Finding p and q Verifying that p and q are
prime requires testing potential factors. A
practical alternative (Solovay Strassen
algorithm) tests a number to any
desired probability of being prime.
Crack History
7
Another factoring method (Special Number Field
Sieve) is faster.
Key sizes of 1024 to 2048 appear to be safe
for the near future.
8
Cryptanalysis Can be Tricky
Generally, the strength of a public-key algorithm
depends upon key size.
Suppose Lena sends a very short message - say one
byte
E( LenasByte, KOlePub ) ? encipheredByte
Suppose the man in the middle (Hagar) intercepts
encipheredByte
How can Hagar discover LenasByte ?
Note This particular vulnerability is unique to
public-key cryptosystems.
Solution Append random bits to otherwise short
messages, making them longer.
9
More About Public-key Encryption
Efficient? RSA can be as much as 10,00 times
slower than symmetric algorithms
(Multiplication used in place of bit manipulation
and table lookup/indexing). to improve
computation (a b) mod n (a mod n) (b
mod n) mod n
Other Public-key Cryptosystems
Elliptic Curve Cryptography (ECC) several
different ciphers based upon cubic equations
of the form y2 axy by x3 cx2 dx e
appears to have computational speed
advantages over RSA test of time?
Diffie-Hellman Key Exchange not a full system,
but a key-exchange technique built on public key
concept
Digital Signature Standard (DSS) not a full
system, but a technique for implementing digital
signatures built on public key concept
10
Public-key Authenticity
The additional property of RSA elliptic curve
ciphers D(E(plaintext, kpub), kpriv)
plaintext D(E(plaintext, kpriv), kpub)
plaintext
Confidential transmission 1) Lena encrypts the
message using Oles public key. 2) The message
from (1) is transmitted. 3) Ole decrypts message
using his private key.
Confidential Authenticated transmission 1)
Lena encrypts the message (or part of it) using
her private key. 2) Lena uses Oles public key
to encrypt the result of (1). 3) The message
from (2) is transmitted. 4) Ole decrypts the
message with his private key. 5) Ole decrypts
the result of (4) (or appropriate part) with
Lenas public key.