Public-key encryption - PowerPoint PPT Presentation

1 / 33
About This Presentation
Title:

Public-key encryption

Description:

Public-key encryption Symmetric-key encryption Invertible function Security depends on the shared secret a particular key. Fast, highly secure Fine for repeated ... – PowerPoint PPT presentation

Number of Views:288
Avg rating:3.0/5.0
Slides: 34
Provided by: ChrisB286
Category:

less

Transcript and Presenter's Notes

Title: Public-key encryption


1
Public-key encryption
2
Symmetric-key encryption
  • Invertible function
  • Security depends on the shared secret a
    particular key.
  • Fast, highly secure
  • Fine for repeated communication
  • Poor fit for one-shot communication, signatures

3
Asymmetric-key(public key) encryption
  • The basic idea
  • A user has two keys a public key and a private
    key.
  • A message can be encrypted with the public key
    and decrypted with the private key to provide
    security.
  • A message can be encrypted with the private key
    and decrypted with the public key to provide
    signatures.

4
One-way functions
  • Most common functions are invertible for any
    F(x) y, there is an F-1(y) x.
  • Multiplication and division
  • DES
  • A function which is easy to compute in one
    direction, but hard to compute in the other, is
    known as a one-way function.
  • Hashing, modular arithmetic.
  • A one-way function that can be easily inverted
    with an additional piece of knowledge is called a
    trapdoor one-way function.

5
One-way functions
  • Public key encryption is based on the existence
    of trapdoor one-way functions.
  • Encryption with the public key is easy.
  • Decryption is computationally hard.
  • Knowledge of the private key opens the trapdoor,
    making inversion easy.
  • Password systems also use one-way functions.

6
Overview of RSA
  • RSA is the most common and well-known public key
    cryptosystem
  • Basic notation a key pair (e,d) contains two
    keys
  • e is the public key (used to encrypt documents)
  • d is the private key (used to decrypt documents)
  • M is the plaintext message.
  • Let R be the encryption function.
  • R(e,M) C. R(d,C) M. - encryption
  • R(d,M) C R(e,C) M - signing
  • R(e,R(d,M)) M R(d,R(e,M))
  • Same function is used for both operations.

7
Modular Arithmetic
  • RSAs security is based on modular arithmetic.
  • a b (mod n) lt-gt there is a q such that a-bqn
  • b is the remainder after dividing a by n
  • 23 3 (mod 5)
  • A set 0,1,,n-1 is closed under modular
    addition and multiplication.
  • (a(mod n) b(mod n))(mod n) (ab) (mod n)
  • (ab)(mod n) (a(mod n) b(mod n))(mod n)

8
Modular Arithmetic
  • Two numbers p and q are said to be relatively
    prime if their greatest common divisor is 1.
  • 5 and 17, 8 and 9, 10 and 21
  • To compute gcd
  • gcd(a,b) gcd(b, a mod b) (Euclid, 300BC)

9
Identities and Inverses
  • An identity is a number that maps a number to
    itself under some operation.
  • 0 in normal addition, 1 in multiplication.
  • An inverse is a number (within the input set) and
    maps a given number to the identity
  • X 1/X, X -X in integer math
  • We are particularly interested in multiplicative
    inverses for modular arithmetic.
  • (ab) 1 (mod n)

10
Multiplicative Inverses
  • 3 and 2 are multiplicative inverses mod 5.
  • 7 and 6 are multiplicative inverses mod 41.
  • 5 and 2 are multiplicative inverses mod 9.
  • For n gt 1, if a and n are relatively prime, there
    is a unique x such that
  • ax 1 (mod n)

11
More preliminaries
  • Fermats Little Theorem
  • If p is prime, then for all a
  • ap-1 1 (mod p)
  • Chinese Remainder Thm (corollary)
  • If p and q are prime, then for all x and a
  • x a(mod p) and x a(mod q) iff xa mod(pq)
  • These are needed to prove RSAs correctness.

12
The RSA Algorithm
  • Pick two large (100 digit) primes p and q.
  • Let n pq and ?(n)(p-1)(q-1)
  • Select a relatively small integer d that is prime
    to ?(n)
  • Find e, the multiplicative inverse of d mod ?(n)
  • (d,n) is the public key. To encrypt M, compute
  • En(M) Me(mod n)
  • (e,n) is the private key. To decrypt C, compute
  • De(C) Cd(mod n)

13
RSA example
  • Let p 11, q 13
  • n pq 143
  • (p-1)(q-1) 120 3 x 23 x 5
  • Possible d 7, 11, 13, 17, (lets use 7)
  • Find e e7 1(mod 120) 103
  • Public key (7, 143)
  • Private key (103, 143)
  • En(42) 427 (mod 143) 81
  • De(81) 81103(mod 143) 42

14
Correctness of RSA
  • To show RSA is correct, we must show that
    encryption and decryption are inverse functions
  • En(De(M)) De(En(M)) M Med (mod n)
  • Since d and e are multiplicative inverses, there
    is a k such that
  • ed1 k?(n) 1 k(p-1)(q-1)
  • Med M1k(p-1)(q-1) M(Mp-1)k(q-1)
  • By Fermat Mp-11(mod p)
  • Med M(1)k(q-1)(mod p) M(mod p)

15
Correctness of RSA
  • Med M(1)k(q-1)(mod p) M(mod p)
  • Med M(1)k(q-1)(mod q) M(mod q)
  • By Chinese Remainder Thm, we get
  • Med M (mod p) M (mod q)
  • M (mod pq) M (mod n)
  • Therefore, RSA reproduces the original message
    and is correct.

16
Strengths of RSA
  • No prior communication needed
  • Highly secure (for large enough keys)
  • Well-understood
  • Allows both encryption and signing

17
Weaknesses of RSA
  • Large keys needed (1024 bits is current standard)
  • Relatively slow
  • Not suitable for very large messages
  • Public keys must still be distributed safely.

18
Security of RSA
  • The security of RSA is dependent on the
    assumption that its difficult to generate the
    private key d from the public key e and the
    modulus n.
  • Equivalent to integer factorization problem.
  • This is how we got e and d in the first place.
  • Factoring is thought to be computationally hard.
  • No proof, though!

19
Difficulty of Factoring
  • The fastest known factoring algorithm is the
    generalized number field sieve.
  • Sub-exponential time
  • Greater than polynomial space.
  • Some statistics

Number Length Machines Memory/Machine
430 1 Trivial
760 215,000 4Gb
1020 342 million 170 Gb
1620 1.6x1015 120 Tb
20
Security and Problem Difficulty
  • Another way to think about the problem is to ask
    how long a keylength will be secure, given
    Moores law

From the RSA labs factoring FAQ
21
Security and Problem Difficulty
  • RSA-155 (512 bit asymmetric-key) broken in 1999.
  • Estimate capability grows by 4.25 digits per
    year. (approx.13-14 bits per year)
  • 1024-bit RSA should be secure until 2037.
  • Using Moores Law 1024-bit is 7 million times
    harder than 512-bit
  • So, we need a 7 millionX speedup to crack
    1024-bit RSA with the same relative computational
    power.
  • Also about 34 years.
  • Question How long does your data need to be
    secure?

22
Digital Signatures
  • Desirable properties of a digital signature
  • A receiver must be able to validate the signature
  • The signature must not be forgeable
  • The signer must not be able to repudiate the
    signature.
  • Encrypt with private key, validate with public
    key.
  • For security and authenticity, encrypt the signed
    message with the receivers public key.

23
Hash Functions
  • A hash function is a one-way function that maps a
    message M into a (typically smaller) hashed
    message H.
  • Sometimes this is called a fingerprint
  • Also sometimes a message digest.
  • Goals
  • Non-invertible
  • fast
  • low collision rate

24
Hash Functions
  • To sign a document, I compute its hash, encrypt
    that with my private key, and send the encrypted
    hash along with the original document as
    plaintext.
  • The receiver hashes the plaintext and then uses
    my public key to verify that I was the one who
    sent the document.
  • Can also detect tampering.

25
Combining Public and Secret Keys
  • Public-key encryption is often used to
    synchronize secret session keys.
  • SSL uses this.
  • A generates a secret key and sends it to B,
    encrypted with Bs public key.
  • For handshaking, include a random number.
  • B decrypts the message and has the secret key.
  • For handshaking, B encrypts the random number
    with As public key and returns it.

26
Authentication
  • A sends Please authenticate me to B
  • B creates a random message and signs it with As
    public key.
  • A decrypts the message with its private key,
    encrypts it with Bs public key, and returns it.
  • Only someone with As private key can do this.
  • Potential attack B gets to pick a string that A
    will encrypt
  • This could yield information about As private
    key.

27
Zero-knowledge Protocols
  • One application of public-key cryptography is
    zero-knowledge protocols.
  • Often, one party might want to prove something to
    another without revealing any information
  • Nuclear treaties
  • Bank balances
  • Sensitive information

28
Zero-knowledge protocols
  • Alice wants to prove to Bob that she is Alice.
  • If she sends identification, Bob (or an
    eavesdropper) can use it.
  • Example Authority chooses a number N77, known
    by all.
  • Alices public ID (58, 67)
  • Alices private ID (9,10)
  • These are multiplicative inverses mod 77

29
Zero-knowledge protocols
  • Alice chooses some random numbers and computes
    their square mod N.
  • 19, 24, 51 -gt 192(mod 77) 53,
    242(mod 77) 37, 512(mod 77) 60
  • Alice sends 53,37,60 to Bob.
  • Bob sends back a random 2x3 matrix of 1s and 0s.
  • 0 1
  • 1 0
  • 1 1

30
Zero-knowledge protocols
  • Alice uses this grid, plus her original random
    numbers and her secret numbers, to compute
  • 19 90 101 (mod 77) 36
  • 24 91 100 (mod 77) 62
  • 51 91 101 (mod 77) 47
  • She sends 36,62,47 to Bob.

31
Zero-knowledge protocols
  • Bob verifies Alices identity by computing
  • 58,67 are Alices public numbers
  • 362 580 671 (mod 77) 53
  • 622 581 670 (mod 77) 37
  • 472 581 671 (mod 77) 60
  • Alices original numbers reappear!
  • (Actually, an attacker would have a 1 in 64
    chance of guessing correctly )

32
Zero-knowledge protocols
  • In a real system, N would be very large
  • 160 digits.
  • Many more numbers would be generated.
  • This works because Alices secret numbers are
    multiplicative inverses of her public numbers mod
    N.
  • Also, Bob learns nothing that he didnt know
    before.

33
Summary
  • Public key encryption provides a flexible system
    for secure communication in open environments.
  • Based on one-way functions
  • Allows for both authentication and signing
  • Secure public key distribution remains a problem.
Write a Comment
User Comments (0)
About PowerShow.com