Public Key Encryption Lecture 9

1
Public Key EncryptionLecture 9

• Terminology
• Modular arithmetic

2
Public-Key Encryption

• Two keys one is private one is public
• Solves the key distribution problem (but need
  reliable channel)
• Provides electronic signatures
• Slower than secret-key encryption

3
Public-Key Encryption

• Needed for security
• One of the keys must be kept secret
• Impossible (at least impractical) to decipher
  message if no other information is available
• Knowledge of algorithm, one of the keys, and
  samples of ciphertext must be insufficient to
  determine the other key

4
Arithmetic

• Identity i x op i x
• Inverse b is inverse of a under op if
• a op b i
• Prime numbers p is prime if 1 lt p and divisible
  by 1,p only
• Euclidean algorithm if x divides a and b then x
  also divides a-(kb)
• a-(kb)xa1-(kxb1)
• x(a1-(kb1))
• xd

5
Greatest common divisor

• Given a gt b, the greatest common divisor
  xgcd(a,b) can be calculated as follows
• Rewrite a as ambr, where ma/b and r is the
  remainder
• If x divides a and b, it also divides r,
  therefore xgcd(a,b)gcd(b,r) ? bmr r
• Continue until the remainder is zero

6
Modular Arithmetic

• Results stay in the underlying range of numbers
• ,-, can be applied before or after the modulus
  is taken with similar results
• Modulus remainder after division, that is if a
  mod nb then acnb
• Examples
• 9 mod 3 0
• 12 mod 5 2
• 12 mod 10 2

7
Modular Arithmetic

• Properties
• Associative
• a(bc) mod n (ab)c mod n
• a(bc) mod n (ab)c mod n
• Commutative
• ab mod n ba mod n
• ab mod n ba mod n
• Distributive
• (a(bc)) mod n ((ab) mod n) (ac) mod n))
  mod n
• Existence of identities
• a0 mod n 0a mod n a
• a1 mod n 1a mod n a

8
Modular Arithmetic

• Properties
• Existence of inverses
• a(-a) mod n 0
• a(a1) mod n 1 if a ? 0
• Reducibility
• (ab) mod n ((a mod n) (b mod n)) mod n
• (ab) mod n ((a mod n) (b mod n)) mod n
• ae mod n ?i1e (a mod n) mod n

9
Modular Arithmetic

• a1 x mod n
• has unique solution if a and n are
• relatively prime

10
Fermats and Euclids Theorem

• Fermats Theorem For any prime number p and any
  element altp
• ap mod p a or ap-1 mod p 1
• Inverse of a is x, such that
• ax mod p 1
• ax mod p 1 ap-1 mod p
• x ap-2 mod p
• Euclids theorem if a and n are relative primes,
  then
• a?(n) mod n 1 ax mod n
• x a?(n)-1 mod n
• Example inverse of 4 mod 5
• 4-1 mod 5 45-2 mod5 64 mod 5 4
• 44 mod 5 16 mod 5 1

11
Public Key Cryptosystem
Insecure channel
Plaintext
Ciphertext
Plaintext
Encryption Alg.
Decryption Alg.
B Recipient
A Sender
Bs private key
Bs public key
(need reliable channel)
12
Public Key Cryptosystem

• Concept conceived by Diffie and Hellman in 1976
• Rivest, Shamir, and Adleman (RSA) describe a
  public key system in 1978
• Many proposals have been broken
• e.g., Merkle-Hellman proposal broken by Shamir
• Serious candidates (public domain)
• RSA
• El Gamal

13
Notation

• C E(KE-B, M)
• M D(KD-B,C)
• KE-B public key of B
• KD-B private key of B
• E encryption alg.
• D decryption alg.
• M plaintext
• C ciphertext

14
RSA

• Public key (n,e)
• Secret key (n,d)
• n is a 200 digit number
• C Me mod n
• M Cd mod n

15
RSALecture 10
16
Reading Assignment

• Reading assignments for current lecture
• Required
• Pfleeger 2.7 and 10.3 - RSA

17
Notation

• C E(KE-B, M)
• M D(KD-B,C)
• KE-B public key of B
• KD-B private key of B
• E encryption alg.
• D decryption alg.
• M plaintext
• C ciphertext

18
RSA

• Public key (n,e)
• Secret key (n,d)
• n is a 200 digit number
• C Me mod n
• M Cd mod n

19
RSA

• Both sender and receiver know n
• Sender knows e
• Only receiver knows d
• Need
• Find values e,d,n s.t.
• Easy to calculate Me, Cd for all M lt n
• Infeasible to determine d give e

Med mod n M mod n
20
RSA Keys

• Generation of public and private keys
• Choose 2 large (100 digit) numbers p and q
• Compute n pq
• Choose e relatively prime to ?(n) (p-1)(q-1)
• Compute d such that ed 1 mod (p-1)(q-1)
• Publish (n,e)
• Secret (n,d), p, q

21
RSA Keys Example 1.

• Choose 2 large numbers
• p7, q17
• Compute npq
• 717119
• Choose relative prime to (p-1)(q-1)
• 61696, e5
• Compute d 51 mod 9677
• Publish (5,119)
• Keep (77,119), 7, 17

22
RSA Key Example 1

• Let M 19
• Encrypt
• 195 mod 119 2,476,099 mod 119 66
• Decrypt
• 6677 mod 119 19 mod 119

23
RSA Keys Example 2

• Choose 2 large numbers
• p47, q71
• Compute npq
• 47713337
• Choose relative prime to (p-1)(q-1)
• 46703220, e79
• Compute d 791 mod 32201019
• Publish (3337,79)
• Keep (3337,1019), 47, 71

24
RSA Keys

• Compute d such that ed 1 mod (p-1)(q-1)
• If factorization of n into pq is known Easy
• Otherwise Hard
• How hard is it to compute d given (n,e)?
• Dont know BUT not harder than factoring n into
  pq ? Security of RSA is no better than the
  complexity of the factoring problem

25
RSA versus DES

• RSA kilobits/second
• DES megabits/second
• ?
• DES is about 100 times faster than RSA
• RSA used for secure exchange of DES keys

26
RSA versus DES

• Key size
• RSA selected by user
• (usually n is 154 digit (512 bits) so key is
  1024 bits)
• DES 64 bits (56 effective)

27
Digital Signatures in RSA

• RSA Property encryption and decryption are
  commutative
• Encryption followed by decryption yields the
  original message
• (Me mod n)d mod n M
• Decryption followed by encryption yields the
  original message
• (Md mod n)e mod n M
• Cryptosystems that preserve message length have
  this property

28
Digital Signatures in RSA
Insecure channel
Sign
Verify
Plaintext
Signed plaintext
Plaintext
Encryption Alg.
Decryption Alg.
B
A
As public key
As private key
(need reliable channel)
29
Signature and Encryption
B
Encrypted Signed Plaintext
A
Signed Plaintext
Signed Plaintext
Plaintext
Plaintext
D
E
D
E
Bs public key
As public key
Bs private key
As private key
30
Signature and Encryption

• We could do the encryption first, followed by the
  signature.
• Adv. signature first parties, other than B can
  verify the signature
• DES can be used for encryption

31
Non-repudiation

• Requires notarized signature, involving a third
  party
• Large system hierarchies of notarization

32
Next class
Encryption protocols