How secure is Public Key Cryptography - PowerPoint PPT Presentation

1 / 82
About This Presentation
Title:

How secure is Public Key Cryptography

Description:

8 78 1980 Brent & Pollard. 9 155 1990 Lenstra, Manasse & a larger team. 10 309 1953 Selfridge ... (1990, Pollard) NFS (1990, Pollard) NFS (1990, Pollard) How ... – PowerPoint PPT presentation

Number of Views:147
Avg rating:3.0/5.0
Slides: 83
Provided by: johannes87
Category:

less

Transcript and Presenter's Notes

Title: How secure is Public Key Cryptography


1
How secure is Public Key Cryptography ?
  • Johannes Buchmann
  • Informatik und Mathematik
  • TU Darmstadt

2
Security goals

3
Security goals
  • Confidentiality

4
Security goals
  • Confidentiality
  • Authentication

5
Security goals
  • Confidentiality
  • Authentication
  • Integrity

6
Security goals
  • Confidentiality
  • Authentication
  • Integrity
  • Non-repudiation

7
Encryption
8
Digital signature
?
9
Digital signature
?
10
General RSA

11
General RSA
  • G group

12
General RSA
  • G group
  • we can efficiently compute
  • product

13
General RSA
  • G group
  • we can efficiently compute
  • product
  • power

14
General RSA
  • If group order unknown
  • then extracting eth roots
  • is intractable

15
General RSA
  • If group order unknown
  • then extracting eth roots
  • is intractable

16
General RSA
  • If group order k is known
  • and gcd(e,k) 1, then
  • computing eth roots is easy

17
General RSA
  • If group order k is known
  • and gcd(e,k) 1, then
  • computing eth roots is easy

18
General RSA
  • Public key group G, exponent e

19
General RSA
  • Public key group G, exponent e
  • Private key order k of G
  • exponent d with
  • dek 1

20
General RSA
  • Public key group G, exponent e
  • Private key order k of G
  • exponent d with
  • dek 1
  • enables to extract eth roots

21
Encryption
Bob
Alice
Secret message m
22
Encryption
Bob
Alice
Plaintext m Bobs public key (G,e)
23
Encryption
Bob
Alice
Plaintext m Bobs public key (G,e) Ciphertext
c
24
Encryption
Bob
Alice
Plaintext m Bobs public key (G,e) Ciphertext
c
Bobs private key d
25
Encryption
Bob
Alice
Plaintext m Bobs public key (G,e) Ciphertext
c
Bobs private key d Plaintext
26
Digital signature
?
27
Digital signature
?
Message m Alicess secret key d
28
Digital signature
?
Message m Alicess secret key d Signature
29
Digital signature
?
Message m Alicess secret key d Signature
Alices public key (e,G)
30
Digital signature
?
Message m Alicess secret key d Signature
Alices public key (e,G) Verification
31
Multiplicative group of residues
32
RSA security based onfactoring problem
33
Fermat numbers
  • Fermat (1601-1665)

34
Fermat numbers
  • Fermat (1601-1665)

F0 3,   F1 5,   F2 17,   F3 257,   F4
65537 prime numbers
35
Factorizations of m   Digits     Year  
Discoverer 5 10 1732 Euler
6 20 1880 Landry Le
Lasseur 7 39 1970 Morrison
Brillhart 8 78 1980 Brent
Pollard 9 155 1990 Lenstra,
Manasse a larger team 10 309 1953
Selfridge 1962
Brillhart 1995
Brent 11 617 1899 Cunningham
1988 Brent Morain
36
RSA-155, 512 Bitstill used
n 1094173864157052742180970732204035761 2003732
9454492059909138421314763499842 889347847179972578
91267332497625752899 78183379707653724402714674353
159335433 3897
37
RSA challenge numbers
  • Year n Algorithm
    MIPS Years
  • 1991 RSA-100 QS 7
  • 1992 RSA-110 QS 75
  • 1993 RSA-120 QS 830
  • 1994 RSA-129 QS 5000

38
RSA challenge numbers
  • Year n Algorithm
    MIPS Years
  • 1991 RSA-100 QS 7
  • 1992 RSA-110 QS 75
  • 1993 RSA-120 QS 830
  • 1994 RSA-129 QS 5000
  • 1996 RSA-130 NFS 500

39
RSA challenge numbers
  • Year n Algorithm
    MIPS Years
  • 1991 RSA-100 QS 7
  • 1992 RSA-110 QS 75
  • 1993 RSA-120 QS 830
  • 1994 RSA-129 QS 5000
  • 1996 RSA-130 NFS 500
  • 1999 RSA-140 NFS 2000
  • 1999 RSA-155 NFS 8000

40
Complexity
41
Complexity
42
Complexity
43
Complexity
u1 exponential time
u0 polynomial time
44
MPQS (1985, Silverman)
45
MPQS (1985, Silverman)
46
ECM (Lenstra 1985)
47
ECM (Lenstra 1985)
48
NFS (1990, Pollard)
49
NFS (1990, Pollard)
50
NFS (1990, Pollard)
51
How difficult is factoring?How secure is RSA?
  • Lenstra Verheul 1999
  • 1024-bit RSA secure until 2002
  • 2048-bit RSA secure until 2023

52
How difficult is factoring?How secure is RSA?
  • Lenstra Verheul 1999
  • 1024-bit RSA secure until 2002
  • 2048-bit RSA secure until 2023
  • but
  • mathematical progress cannot be predicted

53
Why is this a problem?
  • Most public key products RSA based

54
RSA
55
If factoring becomes easy
56
If factoring becomes easy
  • How to maintain security infrastructures?

57
If factoring becomes easy
  • How to maintain security infrastructures?
  • What happens to long term encryptions?

58
If factoring becomes easy
  • How to maintain security infrastructures?
  • What happens to long term encryptions?
  • What happens to long term signatures?

59
We need alternatives
  • Develop new crypto primitives
  • Study their security
  • and efficiency

60
Alternative
  • Discrete logarithm problem

61
Groups
62
Groups
  • Multiplicative group of finite fields

63
Groups
  • Multiplicative group of finite fields
  • Point group of elliptic curve over finite field

64
Groups
  • Multiplicative group of finite fields
  • Point group of elliptic curve over finite field
  • Class group of number field

65
Alternative
  • Shortest vector problem
  • NTRU (Silverman)
  • Goldwasser-Kilian-Halevi

Given an n-dimensional lattice Find a shortest
non-zero lattice vector
66
We need alternative
  • symmetric cryptosystems
  • hash functions
  • pseudorandom number generators
  • ...

67
We need provably secure protocols
  • Even if factoring is hard,
  • original RSA is insecure

68
Do you want to marry me?
69
Do you want to marry me?
c RSA(Answer)
70
Do you want to marry me?
c RSA(Answer)
Oscar computes y RSA(yes) and n RSA(no)
71
Do you want to marry me?
c RSA(Answer)
Oscar computes y RSA(yes) and n RSA(no) If c
y, then Answer yes. If c n, then Answer no.
72
We need flexible security infrastructures
  • Security solutuions are very complex
  • Security primitives must be easily replacable

73
FlexiPKI
74
FlexiPKI
Java Cryptography Architecture
75
FlexiPKI
CA
IS
FlexiTrust
RA
Java Cryptography Architecture
Provider
76
FlexiPKI
Exchange
File-encryption
CA
pine
SSL/TLS
IS
S/MIMEHandler
Netscape
FlexiClients
FlexiTrust
Outlook
RA
Java Cryptography Architecture
77
FlexiPKI
Exchange
File-encryption
CA
pine
SSL/TLS
IS
S/MIMEHandler
Netscape
FlexiClients
FlexiTrust
Outlook
RA
Java Cryptography Architecture
Provider
Random NumberGeneration
ECC
E2
NFC
AES
PKCS11
Mars
RSA/DSA
Safer
RC6
78
We needexchange strategies
  • What to do with PKI-software, certificates, and
    long term encryptions and signatures

79
We needexchange strategies
  • What to do with PKI-software, certificates, and
    long term encryptions and signatures
  • if a key is broken?

80
We needexchange strategies
  • What to do with PKI-software, certificates, and
    long term encryptions and signatures
  • if a key is broken?
  • if a crypto primitive becomes insecure?

81
We needexchange strategies
  • What to do with PKI-software, certificates, and
    long term encryptions and signatures
  • if a key is broken?
  • if a crypto primitive becomes insecure?
  • if a protocol becomes insecure?

82
Information www.cdc.informatik.tu-darmstadt.de
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "How secure is Public Key Cryptography" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!