Introduction to PublicKey Cryptography

1
IntroductiontoPublic-Key Cryptography
by GAnn Adamov
CS 4140 UMSL Fall 2005
2
Overview

• Introduction and History
• Modern Cryptography
• Number Theory
• Public Key Encryption
• The RSA Cryptosystems
• RSA Vulnerabilities
• Conclusion

3
Introduction and History

• Cryptography - from the Greek words kryptos
  (secret) and graphos (writing)- has been a
  solution for secure communication over an
  insecure channel.
• Two parties wish to communicate a secret message,
  but the communication line may not be secure. So,
  the parties agree on a pair of encryption and
  decryption algorithms, and a common secret key.
  Sender encodes a plain message using the
  encryption algorithm and transmits it over an
  insecure line. Receiver decrypts it using the
  decryption algorithm and the secret key. Any
  other party monitoring the line is unable to
  encrypt the message because of lack of the key.

4
Introduction and History

• Encryption algorithms are very important for
  cryptography, because cryptography uses
  encryption algorithms to provide security and
  privacy.
• There are two main classes of encryption
  algorithms.
• Symmetric ? Private Key encryption
• Asymmetric ? Public Key Encryption

5
Introduction and HistorySymmetric-key
cryptosystems

• In 1943 Claude E. Shannon developed a rigorous
  theory of perfect secrecy, based on information
  theory, which required the encryption key to be
  as large as the encrypted message. A message
  would be encrypted by applying bitwise ? with the
  one time use portion of a secret key. Repeated
  use of a portion can easily reveal it by bitwise
  ? of two transmitted messages. When decoded by
  the receiver, by applying the same mathematical
  function and key portion, the original message
  will be produced.
• The total length of the key must exceed the total
  length of all messages to be communicated, and no
  portion of a key should be used more than once to
  avoid the code break.

6
Modern CryptographyAsymmetric-key cryptosystems

• The major drawback in classical cryptography is
  the need of the prior communication of the key
  over a secure channel, which is not always
  possible.
• The idea of public-key cryptosystem was
  introduced by Diffie and Hellman in 1976.They
  proposed the concept of a trapdoor function
  for implementation of PKC. A trapdoor function is
  a one way function that can only be inverted by
  knowing specific secret information available
  only to the receiver.
• Modern cryptography is based on a gap between
  efficient algorithms for encryption for the
  legitimate users versus the computational
  infeasibility of decryption for the adversary.

7
Modern CryptographyAsymmetric-key cryptosystems

• In public-key encryption methodology, it is
  highly infeasible to compute a private key based
  on the knowledge of the public key.
• The advantage of key separation is in two parties
  not having to secretly agree on the keys. The
  encrypting key is published freely, and the
  recipient uses its corresponding private
  decrypting key to decode the cipher text.
• A special software generates a pair of such
  encryption and decryption keys.

8
Modern CryptographyAsymmetric-key cryptosystems
MyGateway service provides secure access to
various UMSL resources
9
Modern CryptographyDigital Signatures

• One of the most fundamental and useful inventions
  of modern cryptography.
• A signature scheme provides a way for each user
  to sign messages, so that the signatures can
  later be verified by anyone else.
• Each user creates matching pair of private and
  public keys, so he can sign the message using the
  private key, and recipient to verify it using
  the signers public key.
• Mathematically, signing and authentication are
  very similar to message encryption and decryption
  with the role of public and private keys
  reversed.
• Encryption and digital signing can be used in
  combination by applying keys from both methods.
  

10
Modern CryptographyDigital Signatures Example
Microsoft PowerPoint 2003
11
Number TheoryPrime Number Properties

• This example demonstrates that sequential
  application of mathematical functions results in
  a value equal to the original argument.
• Select primes p11, q3.
• n pq 113 33phi (p-1)(q-1) 102 20
• Choose e3, a number relatively prime to 2 and
  10, and therefore to phi20
• Compute d such that ed 1 (mod phi)i.e.
  compute d e-1 mod phi 3-1 mod 20i.e. find a
  value for d such that phi divides (ed-1)i.e.
  find d such that 20 divides 3d-1.Simple testing
  (d 1, 2, ...) gives d 7Check ed-1 37 -
  1 20, which is divisible by phi.

12
Number TheoryPrime Number Properties (continued)

• Now lets consider the following application of
  modular arithmetic
• Show that me mod (pq) d mod (pq) m, for any
  m, and for p, q, e, d chosen as described above.
  First, pick m7, and compute cme mod (pq).73
  mod (311) 343 mod 33 13.Then, 137 mod
  (311) 62748517 mod 33 7.
• Calculating me mod pq is easy, but calculating
  the inverse c-e mod n is very difficult for
  large ns. However, if we can factor n into its
  prime factors p and q, the solution becomes easy
  again, even for large n's. Obviously, if we can
  get hold of the secret exponent d, the solution
  becomes easy.

13
Public Key Encryption

• In PKC there is a network of users u1..un unlike
  a pair of users in other encryptions.
• Each user ui has a pair of keys ltPu, Su gt
  generated by algorithm G
• To send a message m to ui, it is necessary to
  look up that users Pu in a public directory and
  encode m using publicly available algorithm E.
  The encrypted result CE(Pu, m) is then sent to
  ui over the open channel.
• Upon receipt of C, the ui calculates D(Su, C)
  using Su, where D is public decryption algorithm.
• The implementation of PKC provides that D(Su,
  E(Pu, m)) m (i.e. D and E act as invert math
  functions), and is defined by three public
  algorithms (G, E, D).

14
Public Key Encryption Algorithms

• Formal definition of public-key encryption
  scheme
• Key-generating polynomial-time algorithm G that
  produces a pair of encryption/decryption keys (e,
  d) based on a certain security input (1k).(e, d)
  ? G(1k)
• Polynomial time encryption algorithm E, that
  takes security input (1k), public key e, from
  range of G(1k) and message string m ? 0, 1k ,
  and produces cipher text c ? 0,1c ? E(1k ,e,
  m)
• Polynomial time decryption algorithm D that takes
  security input (1k), private key d from the range
  of G(1k) and a cipher text c from the range of
  E(1k ,e, m), and produces output string m' ?
  0,1.prob(D(1k ,d, c) ? m' ) is negligible.

15
The RSA Cryptosystem

• In 1977, Rivest, Shamir, and Adleman invented the
  first trapdoor function, the RSA.
• The RSA algorithm can be used for both public key
  encryption and digital signatures. Its security
  is based on the difficulty of factoring large
  integers.

16
The RSA Cryptosystem

• RSA cryptosystem uses computation in the finite
  set of natural numbers, where n is a product of
  two very large distinct primes p and q. For such
  an integer n a function is defined f(n)(p-1)(q-
  1)
• Let K (n, p, q, a, b) ab 1(mod(f(n))For
  any K (n, p, q, a, b) define encryption and
  decryption keys eK (x)xb mod n dK(y)ya mod
  n, where x and y are natural numbers
• The public key is comprised of n and b, and the
  private key of p, q and a

17
The RSA CryptosystemImplementation

• To start using RSA encryption, one must generate
  parameters first.
• Generate two large prime numbers, p and q
• N?pq and f(n)?(p-1)(q-1)
• Choose a random b(1ltbltf(n)) such that gcd(b,
  f(n))1
• a ?b-1mod f(n)
• The public key is (n,b) and the private key is
  (p,q,a).
• One way to break RSA is to compute factors of n.
• Then finding f(n) becomes trivial, and
  computation of exponents a and b comes straight
  out of simple algorithm. The most computationally
  intensive step, however, is the factoring of n,
  and for that very reason pq must be large enough
  to make such computation infeasible. Generally,
  it is recommended for p and q to be 512-bit
  numbers, making n a 1024-bit number.

18
The RSA CryptosystemPrimality testing

• Instead of generating large prime numbers, in
  reality large random numbers are generated which
  then tested for primality using randomized
  polynomial time Monte Carlo Algorithms such as
  Solovay-Strassen or Miller-Rabin.
• These algorithms are fast (O(log2n) for n-bit
  number), but may possibly yield a false positive
  result.
• Multiple consecutive applications of algorithms
  reduce probability of error.
• According to the Prime number theorem, for
  randomly chosen p from 1..N, the probability of
  it being a prime is 1/ln(N).Therefore,a random
  512-bit odd integer will be prime with
  probability 2/ln(2512) 2/355.

19
The RSA CryptosystemPrimality testing
Solovay-Strassen Algorithm

• The Solovay-Strassen primality test runs as
  follows on input an odd integer n and an integer
  k, indicating the desired reliability.
• 1. Test if n be for integers b, e gt 1 if so,
  output composite and terminate.
• 2. Randomly choose a1, a2,ak ? 1, 2, n -1.
• 3. If gcd(ai, n)?1 for any 1 i k then output
  composite and terminate.
• 4. Calculate ?i ai (n-1)/2 mod n and ßi
  Jn(ai). Where J is a Jacobi symbol
• 5. If for any 1 i k, ?i ? ßi mod n then
  output composite. If for all 1 i k ?i ßi
  mod n then output probably prime.
• Every step runs in polynomial time, therefore
  algorithms complexity is polynomial in log(n)
  and k. If n is composite then Prai ßi mod n
  1/2 and thus Prai ßi mod n for 1 i k
  (1/2)k

20
The RSA CryptosystemPrimality testing
Miller-Rabin Algorithm

• Another algorithm for determining if the number
  is prime.
• It runs as follows on input of an odd integer n
  and an integer k, indicating the desired
  reliability.
• Randomly choose b1, b2, bk? 1, 2,..,n-1.
• Let n-12lm where m is odd
• For 1 i k compute bim mod n by repeated
  squaring
• Compute bi2jm mod n for j1,2,,l. If for some
  j,b2j-1m ? 1 mod n but bi2jm1 mod n then
  witness condition Wn(bi) holds
• If bin-1 1 mod n then Wn(bi) holds
• If for any 1 i k, Wn(bi) then output
  composite. If for all 1 i k, Wn(bi) does not
  hold then output probably prime.
• The algorithm runs correctly with high
  probability.
• PrMiller-Rabin outputs probably prime n is
  composite (1/4) k
• PrMiller-Rabin outputs probably prime n is
  prime 1

21
RSA VulnerabilitiesFactoring Algorithms

• The most obvious way to attack the RSA
  Cryptosystem is to attempt to factor the public
  modulus.
• The most effective three algorithms are Quadratic
  Sieve, Elliptic Curve and Number Field Sieve.
• The other well known are Pollards rho-method and
  p-1 algorithm, Williams p1 algorithm, the
  continued fractional algorithm and trial
  division.

22
RSA VulnerabilitiesFactoring Pollards p-1
method

• Lets consider a relatively simple algorithm for
  factoring large integers which is based on
  modular arithmetic.
• Let n be the composite number that we want to
  factor. Pollards algorithm assumes if there
  exists integers e and a such that ae 1 mod p
  and ae ? 1 mod q for some prime factors p and q
  of n.
• Choose an integer e that is a multiple of all
  integers less than some bound B.
• Choose a random integer a between 2 and n-2
• Compute ae mod n by repeated squaring.
• Compute d gcd (ae-1, n) by Euclidian algorithm.
  If 1 lt d lt n output the nontrivial factor d.
  Otherwise, repeat from step 2 with a new choice
  for a.

23
RSA VulnerabilitiesFactoring Pollards p-1
method

• Example
• Suppose n15770708441.Select B180 then a2180!
  mod 15770708441, so d135979In fact 15770708441
  / 135979115979 So 15770708441 135979115979
  and 13597823131173 1159782103563
• Therefore by taking B173, it will guarantee that
  B! is divisible by 135978.

24
Conclusion

• The idea behind public-key cryptosystem is that
  it might be possible to find one where it is
  computationally infeasible to determine
  decryption key given the encryption key. The
  advantage of public-key system is that one user
  can send an encrypted message to another user, by
  using recipients public key. The recipient will
  be the only one able to decrypt cipher text using
  its private key.
• Modern cryptography is very important issue for
  providing security and privacy for e-commerce,
  which is conducted electronically. In addition to
  that, it is very important where personal
  information is stored on computers and
  transmitted over computer networks. Cryptography
  has a tremendous potential to enrich mathematics
  education and some encryption algorithms used in
  cryptography have basic mathematical concepts.

25
Bibliography

• Douglas R. Stinson. Cryptography Theory and
  Practice. Second Edition.
• Lecture notes on cryptography
• http//www-cse.ucsd.edu/mihir/papers/gb.pdf
• Cryptography Education for Students
• http//www.umsl.edu2263/iel5/9391/29802/01358246.
  pdf?tparnumber1358246isnumber29802
• RSA Algorithm
• http//www.di-mgt.com.au/rsa_alg.html