Chapter 9 Public-Key Cryptography and RSA

1
Chapter 9Public-Key Cryptography and RSA
2
Contents

• Principles of Public-Key Cryptosystems
• Public-Key Cryptosystems
• Applications for Public-Key Cryptosystems
• Requirements for Public-Key Cryptography
• Public-Key Cryptanalysis
• The RSA Algorithm
• Description of the Algorithm
• The Security of RSA

3
Principles of public-key cryptosystems

• Symmetric encryption has two difficult problems.
• Key distribution problem
• Symmetric encryption requires either
• that two communicants already share a key or
• the use of key distribution center (KDC).
• If the KDC is compromised,
• Hard to be used for digital signatures

4
Public-Key Cryptosystems

• Public-key algorithms use two separate key.
• Public key and private key
• It is computationally infeasible to determine the
  private key given only knowledge of the
  cryptographic algorithm and the public key.
• Normally, public key is used for encryption and
  private key is used for decryption.
• In some algorithms such as RSA, either of the two
  keys can be used for encryption, with the other
  used for decryption.

5
Public-Key Cryptosystems

• A public-key encryption scheme has six
  ingredients.
• Plaintext
• Encryption algorithm
• Ciphertext
• Decryption algorithm
• Public and private key
• One is for encryption and the other is for
  decryption.

6
Public-Key Cryptosystems

• The use of public-key encryption
• Each user generate his/her public and private
  keys.
• Each user places the public key in a public
  register and keeps the private key secret.
• If Bob wants to send a message to Alice, Bog
  encrypts the message using Alices public key.
• Alice decrypts the ciphertext using her private
  key.

7
Public-Key Cryptosystems

• The use of public-key encryption. (Bob sends a
  message to Alice.)

8
Public-Key Cryptosystems

• A public-key encryption scheme Secrecy

9
Public-Key Cryptosystems

• The use of public-key encryption to provide
  authentication.

10
Public-Key Cryptosystems

• A public-key encryption scheme Authentication

11
Public-Key Cryptosystems

• A public-key encryption scheme Secrecy and
  authentication

12
Applications for Public-Key Cryptosystems

• The use of public-key cryptosystems
• Encryption/decryption (provide secrecy)
• Digital signatures (provide authentication)
• Key exchange (of session keys)
• Some algorithms are suitable for all
  applications, others can be used only for one or
  two.

13
Requirements for Public-Key Cryptography

• Diffie and Hellman did lay out the conditions
  that such algorithms must fulfill when A sends a
  message to B.
• It is easy for B to generate his/her public and
  private key.
• It is easy for A to encrypt a message M using Bs
  public key.
• It is easy for B to decrypt the ciphertext using
  Bs private key.

14
Requirements for Public-Key Cryptography

• It is infeasible for an opponent, knowing the
  public key, KUb , to determine the private key,
  KRb .
• It is infeasible for an opponent, knowing the
  public key, KUb , and a ciphertext, C, to recover
  the original message, M.
• (Optional) The encryption and decryption
  functions can be applied in either order.

15
Requirements for Public-Key Cryptography

• These requirements are hard to achieve so only
  two algorithms (RSA, elliptic curve cryptography)
  have received widespread acceptance.
• Why the requirements are so formidable?
• The requirements needs a trap-door one-way
  function.

16
Requirements for Public-Key Cryptography

• One-way function
• A one-to-one function such that
• The calculation of the function is easy
• but the calculation of the inverse is infeasible.
• Easy
• A problem can be solved in polynomial time.
• Infeasible
• It is hard to invert a function for virtually all
  inputs, not for the worst case or even average
  case.

Y f(X) easy
X f-1(Y) infeasible
17
Requirements for Public-Key Cryptography

• Trap-door one-way function
• Easy to calculate in one direction and infeasible
  to calculate in the other direction unless
  certain additional information is known.
• Thus, the development of a practical public-key
  scheme depends on discovery of a suitable
  trap-door one-way function.

Y fk(X) easy, if k and X are known
X fk-1(Y) easy, if k and Y are known
X fk-1(Y) infeasible, if Y is known but k is not known
18
Public-Key Cryptanalysis

• Brute-force attacks for private keys
• Countermeasure use large keys
• The key size must be large enough to make
  brute-force attack impractical but small enough
  for practical encryption and decryption.
• Computing the private key given the public key
• No algorithms are proven safe from this attack.

19
Public-Key Cryptanalysis

• A probable-message attack
• Suppose that a message were a 56-bit DES key.
• An opponent could encrypt all possible keys using
  the public key.
• He could decipher any message by matching the
  transmitted ciphertext.
• Countermeasure
• Large key size (?)
• Append some random bits to messages.

20
The RSA Algorithm

• Developed in 1977 by Rivest, Shamir, and Adleman
  at MIT.
• The RSA scheme is a block cipher in which the
  plaintext / ciphertext are integers between 0 and
  n 1 for some n.
• A typical size for n is 1024 bits, or 309 decimal
  digits.
• n pq

21
Description of the RSA Algorithm

• Plaintext is encrypted in blocks.
• Each block have a binary value less than some
  number n.
• That is, the block size must be less than or
  equal to log2(n).
• The block size is k bits, where 2k lt n 2k1.

22
Description of the RSA Algorithm

• Encryption/Decryption
• M plaintext block
• C ciphertext block
• public key e, n
• private key d, n.

23
Requirements for Public-Key Cryptography

• Diffie and Hellmans requirements
• It is easy for B to generate his/her public and
  private key.
• It should be easy for B to find values of e, d,
  and n.
• It is easy for A to encrypt a message M using Bs
  public key.
• It should be easy to calculate Me.
• It is easy for B to decrypt the ciphertext using
  Bs private key.
• It should be easy to calculate Cd.
• It is infeasible for an opponent, knowing the
  public key, KUb , to determine the private key,
  KRb .
• It is infeasible to determine d given e and n.
• It is infeasible for an opponent, knowing the
  public key, KUb , and a ciphertext, C, to recover
  the original message, M.
• (Optional) The encryption and decryption
  functions can be applied in either order.

24
Description of the RSA Algorithm

• First requirement
• It should be easy to find values of e, d, n such
  that
• for all M lt n.

25
Description of the RSA Algorithm

• A corollary to Eulers theorem
• Given two prime numbers, p and q, and two
  integer, n and m, such that n pq and 0 lt m lt n,
  and arbitrary integer k,

where F(n) is the Euler totient function, which
is the number of positive integers less than n
and relatively prime to n.
26
Description of the RSA Algorithm

• If we select e and d such that
• they satisfy .
• is equivalent to saying
• According to the rules of modular arithmetic,
  this is true only if e (and therefore d) is
  relatively prime to F(n).

27
Description of the RSA Algorithm

• RSAs ingredient.
• Public key consist of e, n and a private key
  consist of d, n

p, q, two prime numbers (private, chosen)
n pq (public, calculated)
e, with gcd(F(n), e) 1 1 lt e lt F(n) (public, chosen)
(private, calculated)
28
Description of the RSA Algorithm

• RSAs scheme
• Suppose user B wishes to send the message M to A.
• User A has published its public key, KUe, n.
• B calculates C Me (mod n) and transmits C.
• Then, user A decrypts by calculating M Cd (mod
  n). (use KRd, n)

29
Description of the RSA Algorithm

• RSA algorithm (example) the keys generating
• Select two prime number, p 17 and q 11.
• Calculate n pq 17 X 11 187.
• Calculate F(n) (p 1)(q 1) 16 X 10 160.
• Select e 7 (e is relatively prime to F(n)).
• Determine d, de 1 mod 160 (Using extended
  Euclids algorithm).
• d 23

30
Description of the RSA Algorithm

• Encryption
• Decryption

31
The Security of RSA

• Three possible approaches to attacking the RSA.
• Brute force
• Mathematical attacks
• Timing attacks
• Brute force
• trying all possible private keys
• Countermeasures Use a large key space.

32
The Security of RSA

• Mathematical attacks
• Factor n into its two prime factors. This enables
  calculation of F(n) and determination of d.
• Determine F(n) directly, without first
  determining p and q. This enable determination of
  d.
• This is equivalent to factoring n.
• Determine d directly, without first determining
  F(n).
• With presently known algorithms, this appears to
  be at least as time-consuming as the factoring
  problem.

33
The Security of RSA

• Focused on the task of factoring n into its two
  prime factors.

34
The Security of RSA

• To avoid values of n that may be factored more
  easily, the algorithms inventors suggest
  constraints on p and q.
• p and q should differ in length by only a few
  digits.
• Both (p 1) and (q 1) should contain a large
  prime factor.
• gcd (p 1, q 1) should be small.
• In addition, it has been demonstrated that if e lt
  n and d lt n1/4, then d can be easily determined.