PUBLIC-KEY CRYPTOGRAPHY AND RSA

1
PUBLIC-KEY CRYPTOGRAPHY AND RSA
Chapter 9

• Principles
• Applications
• Requirements
• RSA Algorithm
• Description
• Security

2
PUBLIC-KEY CRYPTOGRAPHY (PKC) A New Idea
Historically Symmetric-Key (one key)
substitution (confusion)
permutation (diffusion) More
Recently Asymmetric-Key (two keys)
3
MISCONCEPTIONS PKC vs Symmetric
Encryption

• PKC more secure than symmetric encryp.
  WRONG!!
• PKC more useful than symmetric encryp.
• WRONG!! PKC costly
• PKC doesnt need complicated protocol
• WRONG!!

4
PKC - USES

• Key Management
• Signature

5
PKC SIX INGREDIENTS

• Plaintext input to encryp. algorithm
• output from decryp.
  algorithm
• Encryp. Algorithm acts on plaintext
• - controlled by public or
  private key
• Public and Private Key
• - one for encryption
• - one for decryption
• Ciphertext output from encryp. algorithm
• input to decryp. algorithm
• Decryp. Algorithm acts on ciphertext
• - controlled by public or
  private key

6
PKC STEPS

• Each user generates two related keys
• - PUBLIC and
  PRIVATE
• 2. Each user makes
• public key ? PUBLIC
• private key ? PRIVATE
• access ? ALL public
  keys
• 3. BOB Encr(plaintext,PUBLICAlice)
  ?ciphertext ALICE
• 4. ALICE Decr(ciphertext,PRIVATEAlice)

7
PKC for a) ENCRYPTION b) AUTHENTICATION
8
KEYS EASILY UPDATED
At ANY TIME, ANY Private/Public key pair
can be changed. Public key should be made
public IMMEDIATELY
9
CIPHER TERMINOLOGY
Symmetric-Key
One SECRET KEY Asymmetric-Key (PKC)
One PRIVATE KEY
One PUBLIC KEY
10
CONFIDENTIALITY
11
AUTHENTICATION (source)(Integrity/Signature)
12
CONFIDENTIALITY and AUTHENTICATION
13
APPLICATIONS OF PKC

• Encryp./Decryp.
• Sender encrypts with RECIPIENTS PUBLIC
  key.
• Applied to ALL of message.
• Digital Signature
• Sender signs with SENDERS PRIVATE key.
• Applied to ALL or PART of message.
• Key Exchange
• Uses one or more PRIVATE keys.
• Several approaches

14
APPLICATIONS OF PKC
Table 9.2
15
ONE-WAY FUNCTION

• Every value has an inverse
• Y F(X) ?? X
  F-1(Y)
• Y F(X) - easy
• X F-1(Y) - infeasible
• easy polynomial time (poly in message length)
• infeasible - gt poly time (e.g. exp. in message
  length)

16
TRAP-DOOR ONE-WAY FUNCTION (e.g. PKC)
Y fk(X) - easy if k and X known
X fk-1(Y) - easy if k and Y known
X fk-1(Y) - infeasible if only Y known
17
PKC THE PROBLEM OF KEY SIZE
Brute-Force Attack ? Use LARGE
keys But, PKC COMPLEXITY GROWS fast with key
size So, PKC TOO COMPLEX encryp/decryp
PKC only for key management
and signature
18
RSA ALGORITHM
PKC 1960s (NSA)
1970 Ellis CESG
1976 Diffie and
Hellman RSA 1973 Cocks
CESG 1977 Rivest,
Shamir, Adleman
- MIT
19
RSA
Plaintext and Ciphertext
integers between 0 and n-1 i.e.
k bits, 2k lt n lt2k1 Encryption C Me
mod n Decryption M Cd mod n (Me)d mod n

Med mod n
20
RSA (continued)
Sender knows n,e Receiver knows
n,d ? PUBLIC key, KU e,n
? PRIVATE key, KR d
21
PKC REQUIREMENTS OF RSA
1. There exists e,d,n s.t. Med M mod n 2.
Easy to calculate Me and Cd given


M,e or C,d, resp. 3.
Infeasible to find d given e,n
22
EXAMPLE
p 17, q 11 n p.q 187 mod p
17, 1,6,62,63,64,65,66,67,68,69,610,611,612,613,6
14,615 1,6,2,12,4,7,8,14,16,11,15,5,13,10,9,3
Mod p 11 1,2,4,8,5,10,9,7,3,6
23
EXAMPLE
57 (6,2), 572 (2,4), 573 (12,8), 574
(4,5)
24
EXAMPLE Chinese Remainder
Theorem
We want number, g, between 1 and 186 s.t.



g mod 17 6, g
mod 11 2 Use CRT g 154.6
34.2 mod 187 57
25
EXAMPLE RSA COMPUTATION

26
SECURITY OF RSA

• Brute-Force Attacks
• try all possible
  private keys.
• Mathematical Attacks
• - all equivalent to
  factoring n.
• Timing Attacks
• - depend on running
  time of
• decryption
  algorithm.

27
Progress in Factorisation
Table 9.3
28
MIPS-years NEEDED TO FACTOR

29
TIMING ATTACKS ON RSA - countermeasures

• For Decryption
• Constant exponentiation time
• Random delay
• Blinding
• Generate random r
• C Cre
• M Cd
• M Mr-1