Public Key Encryption

1
Public Key Encryption

• Kyle Schmidt

2
A Brief History of Cryptography

• Ancient Greeks
• Scytale Cipher
• Julius Caesar
• Caesar Cipher
• Enigma
• Automated Cipher

3
What is Cryptography?

• Secure and private communication
• Encryption
• Rendering a message unintelligible

WEDNESDAY THE SIXTEENTH JRQARFQNL GUR FVKGRRAGU
4
Symmetric vs. Asymmetric

• Symmetric
• Single key
• Asymmetric (Public Key)
• Two keys
• Public key Private key
• Mailbox Concept
• Digital Signature

5
Branches of Cryptology
Cryptology
Cryptography
Cryptanalysis
Symmetric
Asymmetric
Encryption
Message Authentication
Encryption
6
Advantages of Asymmetric

• Secure Exchange of Keys
• Cant trust the middleman
• Nonrepudiation
• Keep track of your own key
• More Uses
• Encryption
• Message Authentication
• Digital Signatures

7
Modular Arithmetic

• Most cryptosystems based on finite, discrete sets

modulus 12
8
Modulus Operation

• Formal Definition

Given integers a, r, and m, we say a r mod m
if (r a) is divisible by m

• Note that there are infinitely many remainders

• Not to be confused with

a r mod m
9
The Ring Zm

• Ring of integers with properties
• Arithmetic operations always yield result in Zm
• e.g. ?a, b e Zm then (a b) e Zm
• Neutral elements 0 for addition, 1 for
  multiplication
• e.g. ?a e Zm, a 0 a mod m
• Additive inverse always exists
• i.e. ?a e Zm, ?b -a such that a b 0 mod m
• Multiplicative inverse only exists for some
  elements

10
Euclidean Algorithm

• Calculates Greatest Common Divisor (GCD)
• Simplify the problem
• GCD(a, b) GCD(a b, b)

11
Euclidean Algorithm
a bq r
a su b tu
b sv r tv
r a bq
a bq r
r (su) (qt)u
a (sv)q (tv)
r (s qt)u
a (sq t)v
12
Euclidean Algorithm
Procedure of Euclidean Algorithm
1 q1 a / b a bq1 r1 r1 a b q1
2 q2 b / r1 b q2 r1 r2 r2 b q2 r1
3 q3 r1 / r2 r1 q3 r2 r3 r3 r1 q3 r2
n qn rn-2 / rn-1 rn-2 qn rn-1 rn rn rn-2 qn rn-1
n1 qn1 rn-1 / rn rn-1 qn1 rn 0 ---
13
Extended Euclidean Algorithm

• Modular Division
• Multiplication by multiplicative inverse
• ba-1 instead of b/a
• Multiplicative Inverse
• aa-1 1 mod m
• Extended Euclidean Algorithm
• Fast, efficient way to find multiplicative inverse

14
Extended Euclidean Algorithm

• Perform regular Euclidean Algorithm
• GCD(a, b) must be 1
• Then for ax by 1,
• x is the multiplicative inverse of a, and
• y is the multiplicative inverse of b

15
Extended Euclidean Algorithm
a bq1 r1 b q2 r1 r2 r1 q3 r2 r3 rn-2
qn rn-1 1
r1 a bq1 r2 b q2 r1 r3 r1 q3 r2 1
rn-2 qn rn-1
1 rn-2 qn rn-1 1 rn-2 qn (r1 q3 r2) 1
rn-2 qn (r1 q3 (b q2 r1)) 1 rn-2 qn (r1
q3 (b q2 (a b q1))) 1 ax by
16
Extended Euclidean Algorithm

• Proof

ax by 1
ax by ? 1 mod a
by ? 1 mod a
aa-1 ? 1 mod a
17
Eulers Totient Function

• Essential for RSA Scheme
• and most likely others
• Totient ?(n)
• Number of totatives of an integer n
• Totative An integer m, 0 lt m lt n, GCD(m, n) 1
• Prime factorization of n must be known

18
Example ?(30)
5
25
C
(5)
1, 2, 3, , 30
S
10
15
2
20
30
3
4
8
14
A
9
B
6
12
21
16
(2)
22
(3)
24
27
18
26
28
13
17
19
1
7
11
23
29
19
Example ?(30)

• Calculate totients from frequency
• De Morgans Theorem
• Probability a number is in a subset is equal to
  Probability a number is not in all other subsets
• Probability a number is NOT in a set is equal to
  1 (Probability of being IN the set)
• Probability (1 1/2) (1 1/3) (1 1/5)
• Frequency (1 1/2) (1 1/3) (1 1/5) 30

20
Eulers Totient Function

• Formula

?(n) n(1 1/p1)(1 1/p2)(1 1/pm)
?(n) (p1 1)p1k11(p2 1)p2k21 (pm
1)pmkm1
21
RSA

• Ronald Rivest, Adi Shamir, Leonard Adleman
• 1977
• Most widely used asymmetric scheme today
• Two main uses
• Secure exchange of keys
• Digital signatures

22
How RSA Works

• Keys are pairs of integers
• Encrypting key (e, n)
• Decrypting key (d, n)
• Encryption/Decryption Exponentiation within Zn
• Encrypt message C Me
• Decrypt cyphertext M Cd
• Before encrypting
• Convert plaintext to integer with hash function

23
RSA Key Generation

• Choose two arbitrary prime numbers p and q
• Calculate n pq
• Calculate ?(n)
• (p 1)(q 1)
• Choose arbitrary integer e lt ?(n) 1 such that
  GCD(e, ?(n)) 1
• Calculate d multiplicative inverse of e mod
  ?(n) using Extended Euclidean Algorithm

24
RSA Key Generation

• Basic requirement
• After choosing p, q, choose e, d, k satisfying
• ed 1 k(p 1)(q 1)
• Extended Euclidean Algorithm requires two
  integers that are relatively prime
• Thus, requiring e and ?(n) to be relatively prime
  ensures that there will be a matching private key

25
How RSA Works

• Me C Cd M
• Prove Cd (Me)d Med M mod n
• Fermats Little Theorem
• M?(n) 1 mod n if M and n are relatively prime
• Mk?(n) 1 mod n
• MMk?(n) M mod n
• Mk?(n)1 M mod n

• ed 1 k(p 1)(q 1)
• ed k(p 1)(q 1) 1
• ed k ?(n) 1

Med M mod n
26
How RSA Works

• M Med
• M1?(n)k
• (M)M?(n)k
• (M)(M?(n))k
• (M)(1)k
• M
• M M

27
RSA Faster Encryption

• Square-and-Multiply Algorithm
• Quick and efficient, even with large numbers
• Based on binary representation of exponent
• Iterative through bits, left to right
• Consider y xh mod n
• Starting with 2nd bit from left
• Calculate y x
• Calculate y y2 mod n
• If current bit of h is 1, calculate y yx mod n
• Repeat steps 2 and 3 for each bit in exponent

28
RSA Faster Encryption

• Example y 226 mod 5

29
RSA Faster Encryption

• Square-and-Multiply has complexity O(log n),
  where n is the number of bits in the exponent
• Relatively efficient
• Although still intensive for small devices
• Speed up encryption more smaller public key
• No significant loss of security

30
RSA Faster Decryption

• Cant use smaller private key
• Major security loss
• Chinese Remainder Theorem
• Allows computation of y x mod (pq) given
• y1 x mod p and y2 x mod q
• Break down Cd mod n into smaller computations
• More computations, but less intensive
• Requires knowledge of p and q, thus cannot be
  used to speed up encryption

31
RSA Faster Decryption

• Variation of Fermats Little Theorem
• xp-1 1 mod p
• Using this, break down exponent d into d1 d
  mod (p 1) and d2 d mod (q 1)
• Decryption now requires two exponentiations

• Using Chinese Remainder Theorem, compute
• y y1q(q1 mod p) y2p(p1 mod q) mod n
• On average, four times faster

32
Practical Uses of RSA

• Even with these methods to speed up RSA,
  it is still much slower than symmetric systems
• Not typically used for large-scale encryption
• Encrypt smaller messages
• Passwords
• Symmetric keys
• Digital Signatures
• Used together with symmetric systems
• Secure key exchange fast, efficient encryption

33
Problem

• Modern computers becoming more efficient

• Factoring large numbers is becoming easier
• Larger keys required for RSA to remain secure
• RSA becoming slower and slower

34
Alternative

• Elliptic Curve Cryptography (ECC)
• 1985
• Neal Koblitz, Victor S. Miller
• Estimated to be widespread within next decade

35
Elliptic Curve Cryptography Premise

• Point Addition (addition of ordered pairs)
• Given a set E of points, and an operator
• Compute sum of two points as another point
• P Q R P, Q, R ? E
• NOT actual arithmetic addition
• Point Multiplication
• G P P Pk kP G, P ? E, k ? R

36
Elliptic Curve Cryptography Premise

• The set E is drawn from points of an elliptic
  curve
• y2 x3 ax b
• Security comes from difficulty of finding k
  if given G and P
• Elliptic Curve Discrete Logarithm Problem
• Cant just divide G by P
• Not arithmetic multiplication!
• More similar to finding k in a bk
• No efficient algorithm exists to solve this
  problem

37
Computing P Q

• Since elliptic curves are cubic, there are
  generally three points a line intersects the
  curve
• Use this fact to calculate P Q
• Draw line from P to Q
• Define the third point of intersection to be R
• Thus R is the mirror reflection of R

38
Computing P Q

• If there is no third point (the line is
  vertical), P Q is said to be
  infinity, denoted as O
• O is an additive identity (P O P)
• To compute P P, use Ps tangent line instead

39
Elliptic Curve Algebra

• Algebraic Formulae
• P Q
• xPQ ß2 xP xQ
• yPQ ß(xP xR) yP
• ß is the slope of the line
• P P (or 2P)
• x2P (3x2P a / 2yP)2 2xP
• y2P (3x2P a / 2yP) (xP xR) yP
• a is the same parameter from the cubic equation

40
How it is Applied to Cryptography

• To ensure security, some restrictions
• Curve must be smooth (no cusps, intersections,
  etc)
• Cant use all real numbers must be discrete
• In particular, prime numbers or binary numbers
• No longer a curve, but algebra still holds
• Why ECC is harder to crack than RSA
• Algebra is more complex than factoring numbers

41
Secure Key Exchange

• Variation of Diffie-Hellman Scheme
• Alice and Bob agree on parameters for curve
• a, b in y2 x3 ax b and a point G ? E
• Alice chooses a private integer XA and calculates
  a point YA XAG
• Bob does similar, calculating YB from integer XB
• Alice and Bob publicly exchange YA and YB
• The secret key K is computed by
• For Alice, K XAYB
• For Bob, K XBYA

42
Secure Key Exchange

• Alice and Bob get the same private key, because
• K XAYB
• XA(XBG)
• XBXAG
• XBYA
• K

43
The Bigger Picture

• ECC found to be 10x faster than RSA
• Requires less memory and computational power
• Equal security as RSA
• Ideal for use on
• Smart cards
• Wireless devices
• Other constrained devices RSA is unsuitable for

44
The Bigger Picture

• Security of RSA
• Increasingly more vulnerable
• Security of ECC
• No significant increase in vulnerability over 25
  years

NIST Recommended Key Sizes for Equal Security
45
References

• 1 Alayont, Feryâl. (2005). RSA A Public Key
  Cryptosystem. lthttp//faculty.gvsu.edu/alayontf/t
  alks/rsa.pdfgt
•  
• 2 Kak, Avi. (2011). Elliptic Curve
  Cryptography and Digital Rights Management.
  Lecture Notes on Computer and Network Security.
  lthttps//engineering.purdue.edu/kak/compsec/NewLec
  tures/Lecture14.pdfgt
•  
• 3 Kotas, William A. (2000). A Brief History of
  Cryptography. University of Tennessee Honors
  Thesis Projects. lthttp//trace.tennessee.edu/utk_c
  hanhonoproj/398gt
•  
• 4 National Security Agency. (2009). The Case
  for Elliptic Curve Cryptography.
  lthttp//www.nsa.gov/business/programs/elliptic_cur
  ve.shtmlgt
•  
• 5 Paar, Christof and Pelzl, Jan. (2010).
  Introduction to Cryptography. Understanding
  Cryptography A Textbook for Students and
  Practitioners (online slides).
• lthttp//www.crypto-textbook.comgt
•  
• 6 Paar, Christof and Pelzl, Jan. (2010). The
  RSA Cryptosystem. Understanding Cryptography A
  Textbook for Students and Practitioners (online
  slides).
• lthttp//www.crypto-textbook.comgt
•  
• 7 RSA Laboratories. (2000). RSA Laboratories
  Frequently Asked Questions About Todays
  Cryptography, Version 4.1. lthttp//www.rsasecurit
  y.com/rsalabs/faq/files/rsalabs_faq41.pdfgt
•  
• 8 Turner, Clay S. (2008). Eulers Totient
  Function and Public Key Cryptography.
  lthttp//web.cs.du.edu/ramki/courses/security/2011
  Winter/notes/RSAmath.pdfgt
•  
• 9 Vinck, A.J. Han. (2011). Introduction to
  Public Key Cryptography. lthttp//www.exp-math.uni
  -essen.de/vinck/crypto/script-crypto-pdf/add-to-3
  .pdfgt

46
References

• Additional images for this presentation retrieved
  from
• http//en.wikipedia.org/wiki/Enigma_machine
• http//en.wikipedia.org/wiki/Public-key_cryptograp
  hy
• http//www.usc.edu/dept/molecular-science/RSA-2003
  .htm
• http//en.wikipedia.org/wiki/Leonhard_Euler
• http//physicsworld.com/cws/article/news/47723
• http//en.wikipedia.org/wiki/Credit_card