Title: VI. PublicKey Cryptography
1VI. Public-Key Cryptography
- This chapter provides an overview of public-key
21. Principles of Public-Key Cryptosystems
- History of Cryptography
- Conventional Cryptography
- Single Key
- By hand
- Rotor encryption/decryption machine
- Lucifer effort at IBM DES
- Substitution and permutation for confusion and
31. Principles of Public-Key Cryptosystems
- Principles of Public-Key Cryptosystems
- the most difficult problems associated with
conventional encryption - Key Distribution
- KDC or already share a key
- Digital Signatures
- For commercial and private purposes
- Public-Key WILL SOLVE IT!
41. Principles of Public-Key Cryptosystems
- Public-Key Cryptosystems
- Rely on
- one key for encryption and
- a different but related key for decryption
- Important Characteristic
- Computationally infeasible to determine the KD
given only knowledge of the algorithm and the KE - Any of keys can used for Encryption(some cases)
51. Principles of Public-Key Cryptosystems
61. Principles of Public-Key Cryptosystems
71. Principles of Public-Key Cryptosystems
- Conventional Public-Key Encryption
81. Principles of Public-Key Cryptosystems
- Public-Key Cryptosystem Secrecy
91. Principles of Public-Key Cryptosystems
- Public-Key Cryptosystem Authentication
101. Principles of Public-Key Cryptosystems
- Public-Key Cryptosystem Secrecy and
111. Principles of Public-Key Cryptosystems
- Application for Public-Key Cryptosystems
- Encryption/Decryption
- Digital Signature
- Key Exchange
- To exchange a Session key
121. Principles of Public-Key Cryptosystems
- Application for Public-Key Cryptosystems
- Requirements for Public-Key Cryptography(1/2)
- 1.It is computationally easy for party B to
generate a pair(KUb,KRb). - 2.It is computationally easy for a sender A,
knowing KUb and M to generate C C EKUb(M)
131. Principles of Public-Key Cryptosystems
- Requirements for Public-Key Cryptography(2/2)
- 3.It is computationally easy for the receiver B
to decrypt C using KRb to recover M - M DKRb(C) DKRbEKUb(M)
- 4.It is computationally infeasible for an
opponent, knowing KUb to determine KRb. - 5.It is computationally infeasible for an
opponent, knowing KUb and C to recover M. - 6.The encryption and decryption functions can be
applied in either order.
141. Principles of Public-Key Cryptosystems
- One-Way Functions
- One-Way Function
- Y f(X) easy
- X f-1(Y) infeasible
- Trapdoor One-Way Function
- Y fk(X) easy
- X fk-1(Y) easy with k
- X fk-1(Y) infeasible without k
- One-Way Hash Function
- h H(M)
- M is a variable-length, h is the fixed-length
hash value.
151. Principles of Public-Key Cryptosystems
- Public-Key Cryptanalysis
- Countermeasure
- Brute-force Attack
- Key size must be large enough
- Some way to compute the KR given KU
- Not proven that this is infeasible
- Probable-Message Attack
- Appending some random bits to such simple
162. The RSA Algorithm
- In 1977 by Ron Rivest, Adi Shamir, Len Adleman at
MIT - A block cipher
- the plaintext and ciphertext are integers between
0 and n-1 for some n - I will do
- Explanation of the algorithm
- Examine some of the computational and
cryptanalytical implications of RSA
172. The RSA Algorithm
- Description of the Algorithm (1/6)
- Block Size
- k bits, where 2k lt n 2k1
- Encryption/Decryption
- C Me mod n
- M Cd mod n (Me)d mod n Med mod n
- Keys
- KU e,n, KR d,n
182. The RSA Algorithm
- Description of the Algorithm (2/6)
- Requirements to meet
- It is possible to find values of e,d,n such that
Med M mod n for all M lt n. - It is relatively easy to calculate Me and Cd for
all values of M lt n. - It is infeasible to determine d given e and n
192. The RSA Algorithm
- Description of the Algorithm (3/6)
- Med M mod n
- Eulers Theorem
- where is the Euler totient function
- n pq, p,q is prime
- RSA scheme
- p,q, 2 prime numbers (prv, chosen)
- n pq (pub, calculated)
- e, with gcd( ,e) 1 (pub, chosen)
- (prv, calculated)
202. The RSA Algorithm
- Description of the Algorithm (4/6)
212. The RSA Algorithm
- Description of the Algorithm (5/6)
222. The RSA Algorithm
- Description of the Algorithm (6/6)
- p 7, q17
- n pq 717 119
- (p-1)(q-1) 96
- e 5 chosen
- d 77 775 385 496 1
232. The RSA Algorithm
- Computational Aspects Encryption and Decryption
242. The RSA Algorithm
- Computational Aspects Encryption and Decryption
252. The RSA Algorithm
- Computational Aspects Key Generation
- Determining two prime number p,q
- Pick an odd integer n at random
- Pick an integer a lt n at random
- Perform probabilistic primality test
- If n fails the test, reject n and go to step1.
- If n has passed a sufficient of tests
- Accept n otherwise go to step 2
- Selecting ed and calculating de
- The extended Euclids algorithm
262. The RSA Algorithm
- The Security of RSA
- Brute force
- Trying all possible private keys
- Mathematical attacks
- Factoring the product of two primes
- Timing attacks
- Depend on the running time of the decryption
272. The RSA Algorithm
- Factoring Problem
- n ?pq
- Enables calculation of (p-1)(q-1)
- d e-1(mod ).
- Determine directly
- d e-1(mod ).
- Determine d directly
282. The RSA Algorithm
- Factoring Algorithms
- The p-1 factoring algorithm
- Quadratic Sieve
- Elliptic curve
- Number Field Sieve
292. The RSA Algorithm
- Factoring Algorithmp-1 factoring algorithm
302. The RSA Algorithm
- Factoring AlgorithmQuadratic Sieve(1/2)
312. The RSA Algorithm
- Factoring AlgorithmQuadratic Sieve(2/2)
322. The RSA Algorithm
- Factoring Algorithmsin Practice
- Running Times of Factoring Algorithms
332. The RSA Algorithm
- Progress in Factorization
342. The RSA Algorithm
- MIPS-year Needed to Factor
352. The RSA Algorithm
- For the good n
- p and q should differ in length by only a few
digits. 1075 lt p,q lt10100. - Both (p-1) and (q-1) should contain a large prime
factor - gcd(p-1,q-1) should be small.
362. The RSA Algorithm
- Timing AttackCountermeasures
- Constant exponentiation time
- Simple fix but degrade performance
- Random delay
- To confuse the timing attack
- Blinding
- Before performing exponentiation
- Multiply the ciphertext by a random number
- RSA Data Security incorporates Blinding
373. Key Management
- Distribution of Public Keys
- Public Announcement
- Public Available directory
- Public-Key Authority
- Public-Key Certificates
- Public-Key Distribution of Secret Keys
- Simple Secret Key Distribution
- Secret Key Distribution with Confidentiality and
Authentication - A Hybrid Scheme
383. Key Management
- Distribution of Public Keys -Public Announcement
- USENET newsgroup, Internet mailing lists
- Forgery is possible!
393. Key Management
- Distribution of Public Keys -Public Available
403. Key Management
- Distribution of Public Keys Public-Key Authority
413. Key Management
- Distribution of Public Keys Public-Key
Certificates - Timestamp serves as an expiration date
423. Key Management
- Public-Key Distribution of Secret Keys- Simple
Secret Key Distribution - Vulnerable to an active attack
- A generate a KUa,KRa and transmits a message
intended for B consisting of KUa and an IDA. - E intercepts the message, creates its own
KUe,KRe and transmits KUe IDA to B. - B generates Ks and transmits EKUeKs.
- E intercepts the message and learns Ks, by
DKReEKUeKs. - E transmits EKUaKsto A.
433. Key Management
- Public-Key Distribution of Secret KeysSecret Key
Distribution with Confidentiality and
Authentication - Confidentiality and Authentication
443. Key Management
- Public-Key Distribution of Secret KeysA Hybrid
Scheme - KDC(Key Distribution Center) shares a secret
master key with each user - Session key is encrypted with master key
- Public-key scheme is used to distribute the
master key
454. Diffie-Hellman Key Exchange
464. Diffie-Hellman Key Exchange
474. Diffie-Hellman Key Exchange
484. Diffie-Hellman Key Exchange
494. Diffie-Hellman Key Exchange
504. Diffie-Hellman Key Exchange
514. Diffie-Hellman Key Exchange
524. Diffie-Hellman Key Exchange
534. Diffie-Hellman Key Exchange
544. Diffie-Hellman Key Exchange
554. Diffie-Hellman Key Exchange
564. Diffie-Hellman Key Exchange
575. Elliptic Curve Cryptography
585. Elliptic Curve Cryptography
595. Elliptic Curve Cryptography
605. Elliptic Curve Cryptography
615. Elliptic Curve Cryptography
625. Elliptic Curve Cryptography
635. Elliptic Curve Cryptography
645. Elliptic Curve Cryptography