PUBLIC-KEY CRYPTOGRAPHY AND RSA - PowerPoint PPT Presentation

About This Presentation
Title:

PUBLIC-KEY CRYPTOGRAPHY AND RSA

Description:

Title: Chapter 1 Subject: Lecture Notes, I248 Author: Matthew G. Parker Last modified by: nmimp Created Date: 11/12/2000 7:32:50 PM Document presentation format – PowerPoint PPT presentation

Number of Views:163
Avg rating:3.0/5.0
Slides: 30
Provided by: Matth502
Category:

less

Transcript and Presenter's Notes

Title: PUBLIC-KEY CRYPTOGRAPHY AND RSA


1
PUBLIC-KEY CRYPTOGRAPHY AND RSA
Chapter 9
  • Principles
  • Applications
  • Requirements
  • RSA Algorithm
  • Description
  • Security

2
PUBLIC-KEY CRYPTOGRAPHY (PKC) A New Idea
Historically Symmetric-Key (one key)
substitution (confusion)
permutation (diffusion) More
Recently Asymmetric-Key (two keys)
3
MISCONCEPTIONS PKC vs Symmetric
Encryption
  • PKC more secure than symmetric encryp.
    WRONG!!
  • PKC more useful than symmetric encryp.
  • WRONG!! PKC costly
  • PKC doesnt need complicated protocol
  • WRONG!!

4
PKC - USES
  • Key Management
  • Signature

5
PKC SIX INGREDIENTS
  • Plaintext input to encryp. algorithm
  • output from decryp.
    algorithm
  • Encryp. Algorithm acts on plaintext
  • - controlled by public or
    private key
  • Public and Private Key
  • - one for encryption
  • - one for decryption
  • Ciphertext output from encryp. algorithm
  • input to decryp. algorithm
  • Decryp. Algorithm acts on ciphertext
  • - controlled by public or
    private key

6
PKC STEPS
  • Each user generates two related keys
  • - PUBLIC and
    PRIVATE
  • 2. Each user makes
  • public key ? PUBLIC
  • private key ? PRIVATE
  • access ? ALL public
    keys
  • 3. BOB Encr(plaintext,PUBLICAlice)
    ?ciphertext ALICE
  • 4. ALICE Decr(ciphertext,PRIVATEAlice)

7
PKC for a) ENCRYPTION b) AUTHENTICATION
8
KEYS EASILY UPDATED
At ANY TIME, ANY Private/Public key pair
can be changed. Public key should be made
public IMMEDIATELY
9
CIPHER TERMINOLOGY
Symmetric-Key
One SECRET KEY Asymmetric-Key (PKC)
One PRIVATE KEY
One PUBLIC KEY
10
CONFIDENTIALITY
11
AUTHENTICATION (source)(Integrity/Signature)
12
CONFIDENTIALITY and AUTHENTICATION
13
APPLICATIONS OF PKC
  • Encryp./Decryp.
  • Sender encrypts with RECIPIENTS PUBLIC
    key.
  • Applied to ALL of message.
  • Digital Signature
  • Sender signs with SENDERS PRIVATE key.
  • Applied to ALL or PART of message.
  • Key Exchange
  • Uses one or more PRIVATE keys.
  • Several approaches

14
APPLICATIONS OF PKC
Table 9.2
15
ONE-WAY FUNCTION
  • Every value has an inverse
  • Y F(X) ?? X
    F-1(Y)
  • Y F(X) - easy
  • X F-1(Y) - infeasible
  • easy polynomial time (poly in message length)
  • infeasible - gt poly time (e.g. exp. in message
    length)

16
TRAP-DOOR ONE-WAY FUNCTION (e.g. PKC)
Y fk(X) - easy if k and X known
X fk-1(Y) - easy if k and Y known
X fk-1(Y) - infeasible if only Y known
17
PKC THE PROBLEM OF KEY SIZE
Brute-Force Attack ? Use LARGE
keys But, PKC COMPLEXITY GROWS fast with key
size So, PKC TOO COMPLEX encryp/decryp
PKC only for key management
and signature
18
RSA ALGORITHM
PKC 1960s (NSA)
1970 Ellis CESG
1976 Diffie and
Hellman RSA 1973 Cocks
CESG 1977 Rivest,
Shamir, Adleman
- MIT
19
RSA
Plaintext and Ciphertext
integers between 0 and n-1 i.e.
k bits, 2k lt n lt2k1 Encryption C Me
mod n Decryption M Cd mod n (Me)d mod n

Med mod n
20
RSA (continued)
Sender knows n,e Receiver knows
n,d ? PUBLIC key, KU e,n
? PRIVATE key, KR d
21
PKC REQUIREMENTS OF RSA
1. There exists e,d,n s.t. Med M mod n 2.
Easy to calculate Me and Cd given


M,e or C,d, resp. 3.
Infeasible to find d given e,n
22
EXAMPLE
p 17, q 11 n p.q 187 mod p
17, 1,6,62,63,64,65,66,67,68,69,610,611,612,613,6
14,615 1,6,2,12,4,7,8,14,16,11,15,5,13,10,9,3
Mod p 11 1,2,4,8,5,10,9,7,3,6
23
EXAMPLE
57 (6,2), 572 (2,4), 573 (12,8), 574
(4,5)
24
EXAMPLE Chinese Remainder Theorem
We want number, g, between 1 and 186 s.t.



g mod 17 6, g
mod 11 2 Use CRT g 154.6
34.2 mod 187 57
25
EXAMPLE RSA COMPUTATION

26
SECURITY OF RSA
  • Brute-Force Attacks
  • try all possible
    private keys.
  • Mathematical Attacks
  • - all equivalent to
    factoring n.
  • Timing Attacks
  • - depend on running
    time of
  • decryption
    algorithm.

27
Progress in Factorisation
Table 9.3
28
MIPS-years NEEDED TO FACTOR

29
TIMING ATTACKS ON RSA - countermeasures
  • For Decryption
  • Constant exponentiation time
  • Random delay
  • Blinding
  • Generate random r
  • C Cre
  • M Cd
  • M Mr-1
Write a Comment
User Comments (0)
About PowerShow.com