Title: PUBLIC-KEY CRYPTOGRAPHY AND RSA
1 PUBLIC-KEY CRYPTOGRAPHY AND RSA
Chapter 9
- Principles
- Applications
- Requirements
- RSA Algorithm
- Description
- Security
2PUBLIC-KEY CRYPTOGRAPHY (PKC) A New Idea
Historically Symmetric-Key (one key)
substitution (confusion)
permutation (diffusion) More
Recently Asymmetric-Key (two keys)
3 MISCONCEPTIONS PKC vs Symmetric
Encryption
- PKC more secure than symmetric encryp.
WRONG!! - PKC more useful than symmetric encryp.
- WRONG!! PKC costly
- PKC doesnt need complicated protocol
- WRONG!!
4 PKC - USES
5 PKC SIX INGREDIENTS
- Plaintext input to encryp. algorithm
- output from decryp.
algorithm - Encryp. Algorithm acts on plaintext
- - controlled by public or
private key - Public and Private Key
- - one for encryption
- - one for decryption
- Ciphertext output from encryp. algorithm
- input to decryp. algorithm
- Decryp. Algorithm acts on ciphertext
- - controlled by public or
private key
6 PKC STEPS
- Each user generates two related keys
- - PUBLIC and
PRIVATE - 2. Each user makes
- public key ? PUBLIC
- private key ? PRIVATE
- access ? ALL public
keys - 3. BOB Encr(plaintext,PUBLICAlice)
?ciphertext ALICE - 4. ALICE Decr(ciphertext,PRIVATEAlice)
7PKC for a) ENCRYPTION b) AUTHENTICATION
8KEYS EASILY UPDATED
At ANY TIME, ANY Private/Public key pair
can be changed. Public key should be made
public IMMEDIATELY
9 CIPHER TERMINOLOGY
Symmetric-Key
One SECRET KEY Asymmetric-Key (PKC)
One PRIVATE KEY
One PUBLIC KEY
10CONFIDENTIALITY
11AUTHENTICATION (source)(Integrity/Signature)
12CONFIDENTIALITY and AUTHENTICATION
13APPLICATIONS OF PKC
- Encryp./Decryp.
- Sender encrypts with RECIPIENTS PUBLIC
key. - Applied to ALL of message.
- Digital Signature
- Sender signs with SENDERS PRIVATE key.
- Applied to ALL or PART of message.
- Key Exchange
- Uses one or more PRIVATE keys.
- Several approaches
14 APPLICATIONS OF PKC
Table 9.2
15 ONE-WAY FUNCTION
- Every value has an inverse
- Y F(X) ?? X
F-1(Y) - Y F(X) - easy
- X F-1(Y) - infeasible
- easy polynomial time (poly in message length)
- infeasible - gt poly time (e.g. exp. in message
length)
16 TRAP-DOOR ONE-WAY FUNCTION (e.g. PKC)
Y fk(X) - easy if k and X known
X fk-1(Y) - easy if k and Y known
X fk-1(Y) - infeasible if only Y known
17 PKC THE PROBLEM OF KEY SIZE
Brute-Force Attack ? Use LARGE
keys But, PKC COMPLEXITY GROWS fast with key
size So, PKC TOO COMPLEX encryp/decryp
PKC only for key management
and signature
18 RSA ALGORITHM
PKC 1960s (NSA)
1970 Ellis CESG
1976 Diffie and
Hellman RSA 1973 Cocks
CESG 1977 Rivest,
Shamir, Adleman
- MIT
19 RSA
Plaintext and Ciphertext
integers between 0 and n-1 i.e.
k bits, 2k lt n lt2k1 Encryption C Me
mod n Decryption M Cd mod n (Me)d mod n
Med mod n
20 RSA (continued)
Sender knows n,e Receiver knows
n,d ? PUBLIC key, KU e,n
? PRIVATE key, KR d
21 PKC REQUIREMENTS OF RSA
1. There exists e,d,n s.t. Med M mod n 2.
Easy to calculate Me and Cd given
M,e or C,d, resp. 3.
Infeasible to find d given e,n
22 EXAMPLE
p 17, q 11 n p.q 187 mod p
17, 1,6,62,63,64,65,66,67,68,69,610,611,612,613,6
14,615 1,6,2,12,4,7,8,14,16,11,15,5,13,10,9,3
Mod p 11 1,2,4,8,5,10,9,7,3,6
23 EXAMPLE
57 (6,2), 572 (2,4), 573 (12,8), 574
(4,5)
24 EXAMPLE Chinese Remainder Theorem
We want number, g, between 1 and 186 s.t.
g mod 17 6, g
mod 11 2 Use CRT g 154.6
34.2 mod 187 57
25 EXAMPLE RSA COMPUTATION
26 SECURITY OF RSA
- Brute-Force Attacks
- try all possible
private keys. - Mathematical Attacks
- - all equivalent to
factoring n. - Timing Attacks
- - depend on running
time of - decryption
algorithm.
27 Progress in Factorisation
Table 9.3
28MIPS-years NEEDED TO FACTOR
29TIMING ATTACKS ON RSA - countermeasures
- For Decryption
- Constant exponentiation time
- Random delay
- Blinding
- Generate random r
- C Cre
- M Cd
- M Mr-1