Cryptography and Network Security Chapter 9

1
Cryptography and Network SecurityChapter 9

• Fifth Edition
• by William Stallings

2
Chapter 9 ???pt???af?a ??µ?s??? ??e?d??? ?a?
RSA

• Every Egyptian received two names, which were
  known respectively as the true name and the good
  name, or the great name and the little name and
  while the good or little name was made public,
  the true or great name appears to have been
  carefully concealed.
• The Golden Bough, Sir James George Frazer

3
K??pt???af?a ??st???? ??e?d??? (Private-Key
Cryptography)

• ? pa?ad?s?a?? ???pt???af?a ?d??t????/µ?st????/µ??a
  d???? ?e?d??? ???s?µ?p??e? e?a µ??? ??e?d?.
• ?? ??e?d? a?t? µ???a?eta? a?aµesa st?? ap?st??ea
  ?a? t?? pa?a??pt?
• ?? t? ??e?d? ap??a??f?e?, t?te p??tteta? ?
  asfa?e?a t?? ep????????a?
• ?p?s?? e??a? s?µµet?????, ta µe?? e??a? ?sa.
• ?e? p??state?e? t?? µetad?t? ap? t? e?de??µe?? ?a
  ?atas?e?ase? ? ap?de?t?? e?a µ???µa ?a? ?a
  ?s????ste? ?t? t? este??e ? µetad?t??.

4
???pt???af?a ??µ?s??? ??e?d??? (Public-Key
Cryptography)

• ???a? ?s?? ? µe?a??te?? a?a?a???? st? 3000 et??
  ?st???a t?? ???pt???af?a?
• ???s?µp??e? d?? ??e?d?a. ?? d?µ?s?? ?a? t?
  ?d??t??? (public key private key)
• E?a? as?µµe??? d??t? ta d?? µe?? de? e??a? ?sa.
• ???s?µ?p??e? e??p?a st???e?a ap? t? ?e???a
  a???µ?? ??a ?a ?e?t?????se?
• S?µp?????e? ?a? de? a?t??a??sta t?? ???pt???af?a
  ?d??t???? ??e?d???o

5
G?at? ??e?a??µaste t?? ???pt???af?a ??µ?s???
??e?d????

• ??apt?????e ??a ?a a?t?µet?p?se? d?? ßas??a
  ?eµata
• ??a??µ? ??e?d??? (key distribution)
• ??f?a?e? ?p???afe? (digital signatures)
• ??a?a??f???e ep?s?µa ap? t??? Whitfield Diffie
  Martin Hellman st? ?a?ep?st?µ?? Stanford t?1976
• ?ta? ???st?? ????te?a st?? ???pt???af??? ?????t?ta

6
???pt???af?a ??µ?s??? ??e?d??? (Public-Key
Cryptography)

• ? K??pt???af?a ??µ?s??? ??e?d??? (? ?s?µµet??
  ???pt???af?a) ???s?µ?p??e? d?? ??e?d?a
• ?? d?µ?s?? ??e?d? (public-key), p?? µp??e? ?a
  e??a? ???st? se ????? ?a? ???s?µ?p??e?ta? ??a t??
  ???pt???af?s? µ???µat?? ?a? t?? ep?ßeßa??s?
  ??f?a??? ?p???af??.
• ?? ?d??t??? ??e?d? p?? e??a? ???st? µ??? st??
  ?at??? t?? ?a? ???s?µ?p??e?ta? ??a t??
  ap????pt???af?s? µ???µat?? ?a? ??a ?a ?p???a?e? ?
  ?at???? t?? e?a ??f?a?? e???af?.
• ??epe? ?a e??a? ad??at? ?a p??sd????se? ?ap????
  t? ?d??t??? ??e?d? ????????ta? µ??? t? d?µ?s??.
• ???a? ?s?µµet?? ??at? a?t?? p?? µp??e? ?a
  ???pt???afe? µ???µata ?a? ?a ep?ßeßa???e?
  ??f?a?e? ?p???afe?, de? µp??e? ?a ap????pt???afe?
  ?a? ?a ßa?e? ??f?a?e? ?p???afe?.

7
???pt???af?a ??µ?s??? ??e?d???
8
S?µµet???? vs ??µ?s??? ??e?d???
9
???pt?s?st?µata ??µ?s??? ??e?d???
10
Efa?µ??e? ???pt???af?a? ??µ?s??? ??e?d???

• ???pt??af?s?/ap????pt???af?s?
• ??f?a?e? ?p???afe?
• ??ta??a?? ??e?d???
• ?ap???? a??????µ?? e???a? ?ata?????? ?a? ??a t??
  t?e?? ???se??, e?? a???? µ??? ??a ?ap??e? ap?
  a?te?

11
?pa?t?se?? ap? t??? ???pt???af????? ???????µ???
??µ?s??? ??e?d???

• ?? a??????µ?? ??µ?s??? ??e?d??? ßas????ta? se d??
  ??e?d?a ta ?p??a
• ???a? ?p?????st??a ad??at? ?a ß?e?e? t? ?d??t???
  ??e?d? ap? ?ap???? p?? ??????e? µ??? t? d?µ?s??
• ???a? ?p?????st??a e????? ?a ???pt???afe?/ap????pt
  ??afe? ?ap???? µ???µata ?ta? ??????e? t?
  a?t?st???? ??e?d?
• ?t? ???pt???fe?ta? µe t? e?a ??e?d?
  ap????pt???afe?ta? µe t? a???, ?a? t? a?t?st??f?.
  (de? ?s??e? ??a ????? t??? a??????µ??? d?µ?s???
  ??e?d???).
• ???a? e?a??et??a d?s???e? ?? pa?apa?? apa?t?se??
  ?a? e?a??st?? a??????µ?? t?? p??????.

12
?sfa?e?a s?st?µat?? d?µ?s??? ??e?d???

• ?p?? ?a? sta s?µµet???a s?st?µata, pa?ta µp??e?
  ?e???t??a ?a ???e? ep??es? brute force
• ???a ed? ta ??e?d?a e??a? p??? µe?a?a (gt512bits)
• ? asfa?e?a ßas??eta? st? µe?a?? d?af??a t??
  d?s????a? a?aµesa st?? e????? ???pt???af?s?/ap????
  pt???af?s? ?a? t? d?s???? ???pta?a??s?
• ???s?µ?p??e? p??? µe?a???? a???µ??? ?a? a?a e??a?
  p??? p?? a??? ap? t?? s?µµet???? ???pt???af?a

13
RSA

• ??µ??????? Rivest, Shamir Adleman of MIT in
  1977
• ? p?? ???st?? ?a? ? e???te?a ???s?µ?p????µe???
  a??????µ?? d?µ?s??? ??e?d???
• ?as??eta? st?? ???s? a?e?a??? se d??aµ? ?a? se
  a???µ?t??? modulo
• ???s?µ?p??e? p??? µe?a???? a?e?a????
• ? asfa?e?a t?? ßas??eta? st? d?s????a
  pa?a???t?p???s?? µe?a??? a???µ??

14
???pt???af?s? ?a? ?p????pt???af?s? µe t?? RSA

• ???pt???af?s? µ???µat?? ? (st? µetad?t?)
• ?aµßa?eta? t? d?µ?s?? ??e?d? t?? ap?de?t?
  PUe,n
• ?p??????eta? t? C Me mod n, ?p?? 0Mltn
• ?p????pt???af?s? t? ciphertext C (st?? appde?t?)
• ???s?µ?p??e?ta? t? ?d??t??? ??e?d? PRd,n
• ?p??????ta? t? M Cd mod n
• ?? µ???µa M p?epe? ?a e??a? µ????te?? ap? t? n
  (a????? p?epe? ?a ????ste? se tµ?µata)

15
??µ??????a ??e?d??? st?? RSA

• ?a?e ???st?? d?µ?????e? e?a ?e????
  d?µ?s???/?d??t???? ??e?d???
• ?p??e???ta? d?? µe?a???? p??t??? a???µ??? t??a?a
  p, q
• ?p??????e? t? modulus np.q
• ?ts? ?ste f(n)(p-1)(q-1)
• ?p??e?e? t??a?a t? ??e?d? ???pt???af?s?? (d?µ?s??
  ??e?d?) e
• ?ts? ?ste 1lteltf(n), ???(e,f(n))1
• ???e? t?? pa?a?at? e??s?s? ??a ?a ß?e? t? ??e?d?
  ap????pt???af?s?? (?d??t??? ??e?d?) d
• e.d1 mod f(n) and 0dn
• ??µ?s??p??e? t? ??e?d? ???pt???af?s?? PUe,n
• ??atae? µ?st??? t? ??e?d? ap????pt???af?s??
  PRd,n

16
G?at? ?e?t????e? ? RSA?

• ?p? t? ?e???µa t?? Euler ?s??e?
• af(n) mod n 1, ?p?? ???(a,n)1
• St?? RSA ????µe
• np.q
• f(n)(p-1)(q-1)
• ?p??e???µe p??se?t??a t??? e d ?ste ?a e??a?
  a?t?st??f?? mod f(n)
• O? e? t??t?? e.d1k.f(n) ??a ?ap??? k
• ?a? ep?µe???
• Cd Me.d M1k.f(n) M1.(Mf(n))k
• M1.(1)k M1 M mod n

17
?a?ade??µa RSA ???sµ?? t?? ??e?d???

• ?p??????µe p??t??? a???µ??? p17 q11
• ?p????????µe n pq 17 x 11187
• ?p????????µe f(n)(p1)(q-1)16x10160
• ?p??????µe t? e, tet??? ?ste ?a e??a? p??t?? ??
  p??? t? f(n)160 (???. ???(e,160)1) ?p??e???µe
  e7.
• ??????µe t? d, tet??? ?ste
• de mod 160 1 ?a? d lt 160
• ? s?st? t?µ? e??a? d23 epe?d?
  23x716110x161
• 6. ??µ?s?e???µe t? ??µ?s?? ??e?d? PU7,187
• 7. ??ataµe µ?st??? t? ?d??t??? ??e?d?
  PR23,187

18
?a?ade??µa ???pt???af?s? /?p????pt???af?s? RSA

• ????µa M 88 (?s??e? 88lt187)
• ???pt????f?s?
• C 887 mod 187 11
• ?p????pt????f?s?
• M 1123 mod 187 88

19
???s? se d??aµ?

• ?p????µe ?a ???s?µ?p???s??µe t?? a??????µ?
  Square and Multiply p?? e??a? ???????? ?a?
  ap?d?t????
• ?as??eta? st?? epa?e???µe?? ???s? st? tet?a????
  ?a? st??? p???ap?as?asµ??? p?? e??a? apa?a?t?t??
  ??a ?a ?p?????s??µe t? te???? ap?te?esµa
• ???se?te t? d?ad??? a?apa?astas? t?? e??et?.
• ?pa?t???ta? µ??? O(log2 n) p???ap?as?asµ?? ??a
  e?a? a???µ? n
• eg. 75 74.71 3.7 10 mod 11
• eg. 3129 3128.31 5.3 4 mod 11

20
???s? se d??aµ?

• c 0 f 1
• for i k downto 0
• do c 2 x c
• f (f x f) mod n
• if bi 1 then
• c c 1
• f (f x a) mod n
• return f

21
?p?te?esµat??? ???pt???af?s?

• ? ???pt???af?s? ???s?µ?p??e? ???s? se d??aµ? e
• ?pe?d? t? e e??a? µ????, a?t? ???eta? ??????a,
• S???a ep??e???µe e65537 (216-1)
• ???a a? e??a? ?pe?ß????a µ???? (p.?. e3)
  µe???eta? ? asfa?e?a
• ?? t? e e??a? sta?e??, p?epe? ?a e?µaste s???????
  ?t? ???(e,f(n))1
• ?p????pt??ta? ?p??ad?p?te p ? q p?? de? e??a?
  s?et??a p??t?? ?? p??? t? e

22
?p?te?esµat??? ?p????pt???af?s?

• ? ap????pt???af?s? ???s?µ?p??e? ???s? se d??aµ? d
• ?? d p?epe? ?a e??a? µe?a??, a????? e??a? µ?
  asfa?e?.
• ?p????µe ?a ???s?µ?p???s??µe t? Chinese Remainder
  Theorem (CRT) ??a ?a ?p?????s??µe ta mod p q
  ?e????sta. ??te ta s??d?a???µe ??a ?a pa???µe t??
  ep???µ?t? apa?t?s?
• ??t? e??a? pe??p?? 4 f??e? ???????te?? ap? t? ?a
  t? ?a???µe aµesa
• ???? ? ?at???? t?? ?d??t???? ??e?d??? p??
  ??????e? t?? t?µe? t?? t?µe? t?? p q µp??e? ?a
  efa?µ?se? a?t?? t?? te?????

23
??µ??????a ??e?d??? RSA

• ?? ???ste? t?? RSA p?epe?
• ?a ep??e???? st?? t??? d?? p??t??? a???µ??? p,q
• ?a ep??????? t? e?te t? e e?te t? d ?a? ?a
  ?p?????s??? t? a???.
• ?? p??t?? a???µ?? p,q p?epe? ?a e??a? a??eta
  µe?a??? ?ste ?a µ?? p????pt??? e????a ap? t?
  modulus np.q

24
?sfa?e?a t?? RSA

• ???a?e? ep??ese?? st?? RSA
• brute force key search ad??at? ???? t??
  te?ast??? a???µ?? p?? ???s?µ?p?????ta?
• ?s??µat??e? ep??ese?? ßas????ta? st? ds????a
  ?p?????sµ?? t?? f(n), pa?a???t?p????ta? t?
  modulus n
• ?p??ese?? ?????sµ??
• ?p??ese?? ep??e?µe??? ciphertext (Chosen
  ciphertext attacks)

25
?? p??ß??µa t?? pa?a???t?p???s??

• ? µa??µat??? p??se???s? e?e? t?e?? µ??fe?
• ?a?a???t?p???se t? np.q, ?a? st? s??e?e?a
  ?p?????se t? f(n) ?a? te??? t? d
• ??e? ape??e?a? t? f(n) ?a? ?p?????se t? d
• ??e? ape??e?a? t? d
• S?µe?a RSA µe ??e?d?a 1024-2048 bit ?e??e?ta?
  asfa???
• ?f?s?? ta p, q e??a? pa??µ???? µe?e???? ?a?
  p?????? ??a ta ???t???a p?? e???? te?e?.

26
Progress in Factoring
27
? p???d?? st?? pa?a???t?p???s?
28
?p??ese?? ?????sµ?? st?? RSA(Timing Attacks)

• ??apt?????a? ap? t?? Paul Kocher sta µesa t??
  de?aet?a? t?? 90.
• ??µeta??e???ta? t? d?af???p???s? st? ???????
  d?a??e?a t?? ?e?t???????
• p.?. ? p???ap?as?asµ?? µ????? a???µ?? e?a?t? t??
  p???ap?as?asµ?? µe?a??? a???µ??
• ? t? p??e? e?t??e? e?te????ta? µeta ap? e?a IF
• S?µpe?a??e? t? µe?e??? t?? ???sµat?? µe ßas? t?
  ????? p?? pa???e? ? e?t??? ??a ?a e?te?este?
• St?? pe??pt?s? t?? RSA e?µeta?e?eta? t? ????? p??
  pa???e? ? ???s? se d??aµ?.
• ??t?µet?a
• ???s? sta?e??? ?????? ???s?? se d??aµ?
• ???s???? t??a??? ?a??ste??se??
• ????ap?asµ?? t?? ciphertext µe e?a? t??a?? a???µ?
  p??? t?? ???s? t?? se d??aµ?.

29
?p??ese?? Ep??e?µe??? Ciphertext(Chosen
Ciphertext Attacks, CCA)

• O RSA e??a? e?pa??? se ep??ese?? ?p??e?µe???
  Ciphertext
• O ep?t??eµe??? e?e? t? d??at?t?ta ?a ep??e?e? t?
  ciphertext ?a? ?a pa???e? p?s? t?
  ap????pt???af?µe?? ?e?µe??
• ?p??e?e? t? ciphertext ets? ?ste ?a e?µeta?e?eta?
  t?? ?d??t?te? t?? RSA ?a? µe t?? t??p? a?t? ?a
  pa???e? p????f???e? p?? t?? ß?????? st??
  ???pta?a??s?
• O? a?t?µet?? ? RSA p??te??e? t?? t??p?p???s? t??
  plaintext µes? µ?a? d?ad??as?a? p?? ???µa?eta?
  Optimal Asymmetric Encryption Padding (OASP)

30
Optimal Asymmetric Encryption Padding (OASP)
31
S?????

• S???t?saµe
• ??? a??e? t?? ???pt???af?a? d?µ?s??? ??e?d???
• ??? a??????µ? RSA, t?? ???p???s? t?? ?a? t??
  asfa?e?a t??