CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... ·...
Transcript of CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... ·...
![Page 1: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/1.jpg)
CSc 466/566
Computer Security
15 : Cryptography — Public KeyVersion: 2014/10/28 15:11:01
Department of Computer ScienceUniversity of Arizona
Copyright c© 2014 Christian Collberg
Christian Collberg
1/91
![Page 2: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/2.jpg)
Outline
1 Introduction2 RSA
AlgorithmExampleCorrectnessSecurityProblems
3 GPG4 Elgamal
Discrete LogarithmsAlgorithmExampleCorrectnessSecurityProblems
5 Diffie-Hellman Key ExchangeDiffie-Hellman Key ExchangeExampleCorrectnessSecurity
6 SummaryIntroduction 2/91
![Page 3: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/3.jpg)
History of Public Key Cryptography
RSA Conference 2011-Opening-Giants Among Us:http://www.youtube.com/watch?v=mvOsb9vNIWM&feature=related
Rivest, Shamir, Adleman - The RSA Algorithm Explained:http://www.youtube.com/watch?v=b57zGAkNKIc
Bruce Schneier - Who are Alice & Bob?:http://www.youtube.com/watch?v=BuUSi_QvFLY&feature=related
Bruce Schneier facts: http://www.schneierfacts.com
Adventures of Alice & Bob - Alice Gets Lost:http://www.youtube.com/watch?v=nULAC_g22So http://www.youtube.com/watch?v=nJB7a79ahGM
Introduction 3/91
![Page 4: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/4.jpg)
Public-key Algorithms
Definition (Public-key Algorithms)
Public-key cryptographic algorithms use different keys forencryption and decryption.
Bob’s public key: PB
Bob’s secret key: SB
EPB(M) = C
DSB (C ) = M
DSB (EPB(M)) = M
Introduction 4/91
![Page 5: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/5.jpg)
Public Key Protocol
Key-management is the main problem with symmetricalgorithms – Bob and Alice have to somehow agree on a keyto use.
In public key cryptosystems there are two keys, a public oneused for encryption and and private one for decryption.
Introduction 5/91
![Page 6: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/6.jpg)
Public Key Protocol
Key-management is the main problem with symmetricalgorithms – Bob and Alice have to somehow agree on a keyto use.
In public key cryptosystems there are two keys, a public oneused for encryption and and private one for decryption.
1 Alice and Bob agree on a public key cryptosystem.
Introduction 5/91
![Page 7: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/7.jpg)
Public Key Protocol
Key-management is the main problem with symmetricalgorithms – Bob and Alice have to somehow agree on a keyto use.
In public key cryptosystems there are two keys, a public oneused for encryption and and private one for decryption.
1 Alice and Bob agree on a public key cryptosystem.
2 Bob sends Alice his public key, or Alice gets it from a publicdatabase.
Introduction 5/91
![Page 8: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/8.jpg)
Public Key Protocol
Key-management is the main problem with symmetricalgorithms – Bob and Alice have to somehow agree on a keyto use.
In public key cryptosystems there are two keys, a public oneused for encryption and and private one for decryption.
1 Alice and Bob agree on a public key cryptosystem.
2 Bob sends Alice his public key, or Alice gets it from a publicdatabase.
3 Alice encrypts her plaintext using Bob’s public key and sendsit to Bob.
Introduction 5/91
![Page 9: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/9.jpg)
Public Key Protocol
Key-management is the main problem with symmetricalgorithms – Bob and Alice have to somehow agree on a keyto use.
In public key cryptosystems there are two keys, a public oneused for encryption and and private one for decryption.
1 Alice and Bob agree on a public key cryptosystem.
2 Bob sends Alice his public key, or Alice gets it from a publicdatabase.
3 Alice encrypts her plaintext using Bob’s public key and sendsit to Bob.
4 Bob decrypts the message using his private key.
Introduction 5/91
![Page 10: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/10.jpg)
Public Key Encryption Protocol. . .
Alice
plaintext
![Page 11: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/11.jpg)
Public Key Encryption Protocol. . .
Alice Bob
plaintext plaintext
![Page 12: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/12.jpg)
Public Key Encryption Protocol. . .
Alice Bob
plaintext encrypt ciphertext plaintext
PB
![Page 13: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/13.jpg)
Public Key Encryption Protocol. . .
Alice Bob
plaintext encrypt ciphertext decrypt plaintext
PB SB
![Page 14: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/14.jpg)
Public Key Encryption Protocol. . .
Alice Bob
plaintext encrypt ciphertext decrypt plaintext
PBEve
SB
Introduction 6/91
![Page 15: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/15.jpg)
Public Key Encryption: Key Distribution
Alice Bob
Carol Dave
SA,PA SB ,PB
SC ,PC SD ,PD
PA,PB
PA,PC PA,PD PB ,PDPB ,PC
PC ,PD
Advantages : n key pairs to communicate between n parties.
Disadvantages : Ciphers (RSA,. . . ) are slow; keys are large
Introduction 7/91
![Page 16: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/16.jpg)
A Hybrid Protocol
In practice, public key cryptosystems are not used to encryptmessages – they are simply too slow.
Instead, public key cryptosystems are used to encryptkeys for symmetric cryptosystems . These are calledsession keys , and are discarded once the communicationsession is over.
Introduction 8/91
![Page 17: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/17.jpg)
A Hybrid Protocol
In practice, public key cryptosystems are not used to encryptmessages – they are simply too slow.
Instead, public key cryptosystems are used to encryptkeys for symmetric cryptosystems . These are calledsession keys , and are discarded once the communicationsession is over.
1 Bob sends Alice his public key.
Introduction 8/91
![Page 18: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/18.jpg)
A Hybrid Protocol
In practice, public key cryptosystems are not used to encryptmessages – they are simply too slow.
Instead, public key cryptosystems are used to encryptkeys for symmetric cryptosystems . These are calledsession keys , and are discarded once the communicationsession is over.
1 Bob sends Alice his public key.
2 Alice generates a session key K , encrypts it with Bob’s publickey, and sends it to Bob.
Introduction 8/91
![Page 19: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/19.jpg)
A Hybrid Protocol
In practice, public key cryptosystems are not used to encryptmessages – they are simply too slow.
Instead, public key cryptosystems are used to encryptkeys for symmetric cryptosystems . These are calledsession keys , and are discarded once the communicationsession is over.
1 Bob sends Alice his public key.
2 Alice generates a session key K , encrypts it with Bob’s publickey, and sends it to Bob.
3 Bob decrypts the message using his private key to get thesession key K .
Introduction 8/91
![Page 20: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/20.jpg)
A Hybrid Protocol
In practice, public key cryptosystems are not used to encryptmessages – they are simply too slow.
Instead, public key cryptosystems are used to encryptkeys for symmetric cryptosystems . These are calledsession keys , and are discarded once the communicationsession is over.
1 Bob sends Alice his public key.
2 Alice generates a session key K , encrypts it with Bob’s publickey, and sends it to Bob.
3 Bob decrypts the message using his private key to get thesession key K .
4 Both Alice and Bob communicate by encrypting theirmessages using K .
Introduction 8/91
![Page 21: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/21.jpg)
Hybrid Encryption Protocol. . .
Alice Bob
K encrypt EPB(K ) decrypt K
![Page 22: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/22.jpg)
Hybrid Encryption Protocol. . .
Alice Bob
K encrypt EPB(K ) decrypt K
PB SB
![Page 23: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/23.jpg)
Hybrid Encryption Protocol. . .
Alice Bob
K encrypt EPB(K ) decrypt K
PB SB
M encrypt EK (M) decrypt M
![Page 24: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/24.jpg)
Hybrid Encryption Protocol. . .
Alice Bob
K encrypt EPB(K ) decrypt K
PB SB
M encrypt EK (M) decrypt M
K K
Introduction 9/91
![Page 25: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/25.jpg)
Outline
1 Introduction2 RSA
AlgorithmExampleCorrectnessSecurityProblems
3 GPG4 Elgamal
Discrete LogarithmsAlgorithmExampleCorrectnessSecurityProblems
5 Diffie-Hellman Key ExchangeDiffie-Hellman Key ExchangeExampleCorrectnessSecurity
6 SummaryRSA 10/91
![Page 26: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/26.jpg)
RSA
RSA is the best know public-key cryptosystem. Its security isbased on the (believed) difficulty of factoring large numbers.
Plaintexts and ciphertexts are large numbers (1000s of bits).
Encryption and decryption is done using modularexponentiation.
RSA 11/91
![Page 27: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/27.jpg)
RSA: Algorithm
Bob (Key generation):
RSA 12/91
![Page 28: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/28.jpg)
RSA: Algorithm
Bob (Key generation):1 Generate two large random primes p and q.
RSA 12/91
![Page 29: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/29.jpg)
RSA: Algorithm
Bob (Key generation):1 Generate two large random primes p and q.2 Compute n = pq.
RSA 12/91
![Page 30: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/30.jpg)
RSA: Algorithm
Bob (Key generation):1 Generate two large random primes p and q.2 Compute n = pq.3 Select a small odd integer e relatively prime with φ(n).
RSA 12/91
![Page 31: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/31.jpg)
RSA: Algorithm
Bob (Key generation):1 Generate two large random primes p and q.2 Compute n = pq.3 Select a small odd integer e relatively prime with φ(n).4 Compute φ(n) = (p − 1)(q − 1).
RSA 12/91
![Page 32: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/32.jpg)
RSA: Algorithm
Bob (Key generation):1 Generate two large random primes p and q.2 Compute n = pq.3 Select a small odd integer e relatively prime with φ(n).4 Compute φ(n) = (p − 1)(q − 1).5 Compute d = e−1 mod φ(n).
RSA 12/91
![Page 33: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/33.jpg)
RSA: Algorithm
Bob (Key generation):1 Generate two large random primes p and q.2 Compute n = pq.3 Select a small odd integer e relatively prime with φ(n).4 Compute φ(n) = (p − 1)(q − 1).5 Compute d = e−1 mod φ(n).
PB = (e, n) is Bob’s RSA public key.
RSA 12/91
![Page 34: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/34.jpg)
RSA: Algorithm
Bob (Key generation):1 Generate two large random primes p and q.2 Compute n = pq.3 Select a small odd integer e relatively prime with φ(n).4 Compute φ(n) = (p − 1)(q − 1).5 Compute d = e−1 mod φ(n).
PB = (e, n) is Bob’s RSA public key.SB = (d , n) is Bob’ RSA private key.
RSA 12/91
![Page 35: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/35.jpg)
RSA: Algorithm
Bob (Key generation):1 Generate two large random primes p and q.2 Compute n = pq.3 Select a small odd integer e relatively prime with φ(n).4 Compute φ(n) = (p − 1)(q − 1).5 Compute d = e−1 mod φ(n).
PB = (e, n) is Bob’s RSA public key.SB = (d , n) is Bob’ RSA private key.
Alice (encrypt and send a message M to Bob):
RSA 12/91
![Page 36: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/36.jpg)
RSA: Algorithm
Bob (Key generation):1 Generate two large random primes p and q.2 Compute n = pq.3 Select a small odd integer e relatively prime with φ(n).4 Compute φ(n) = (p − 1)(q − 1).5 Compute d = e−1 mod φ(n).
PB = (e, n) is Bob’s RSA public key.SB = (d , n) is Bob’ RSA private key.
Alice (encrypt and send a message M to Bob):1 Get Bob’s public key PB = (e, n).
RSA 12/91
![Page 37: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/37.jpg)
RSA: Algorithm
Bob (Key generation):1 Generate two large random primes p and q.2 Compute n = pq.3 Select a small odd integer e relatively prime with φ(n).4 Compute φ(n) = (p − 1)(q − 1).5 Compute d = e−1 mod φ(n).
PB = (e, n) is Bob’s RSA public key.SB = (d , n) is Bob’ RSA private key.
Alice (encrypt and send a message M to Bob):1 Get Bob’s public key PB = (e, n).2 Compute C = Me mod n.
RSA 12/91
![Page 38: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/38.jpg)
RSA: Algorithm
Bob (Key generation):1 Generate two large random primes p and q.2 Compute n = pq.3 Select a small odd integer e relatively prime with φ(n).4 Compute φ(n) = (p − 1)(q − 1).5 Compute d = e−1 mod φ(n).
PB = (e, n) is Bob’s RSA public key.SB = (d , n) is Bob’ RSA private key.
Alice (encrypt and send a message M to Bob):1 Get Bob’s public key PB = (e, n).2 Compute C = Me mod n.
Bob (decrypt a message C received from Alice):
RSA 12/91
![Page 39: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/39.jpg)
RSA: Algorithm
Bob (Key generation):1 Generate two large random primes p and q.2 Compute n = pq.3 Select a small odd integer e relatively prime with φ(n).4 Compute φ(n) = (p − 1)(q − 1).5 Compute d = e−1 mod φ(n).
PB = (e, n) is Bob’s RSA public key.SB = (d , n) is Bob’ RSA private key.
Alice (encrypt and send a message M to Bob):1 Get Bob’s public key PB = (e, n).2 Compute C = Me mod n.
Bob (decrypt a message C received from Alice):1 Compute M = C d mod n.
RSA 12/91
![Page 40: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/40.jpg)
RSA: Algorithm Notes
How should we choose e?
It doesn’t matter for security; everybody could use the same e.It matters for performance: 3, 17, or 65537 are good choices.
n is referred to as the modulus , since it’s the n of mod n.
You can only encrypt messages M < n. Thus, to encryptlarger messages you need to break them into pieces, each < n.
Throw away p, q, and φ(n) after the key generation stage.
Encrypting and decrypting requires a single modularexponentiation.
RSA 13/91
![Page 41: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/41.jpg)
RSA Example: Key Generations
1 Select two primes: p = 47 and q = 71.
RSA 14/91
![Page 42: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/42.jpg)
RSA Example: Key Generations
1 Select two primes: p = 47 and q = 71.
2 Compute n = pq = 3337.
RSA 14/91
![Page 43: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/43.jpg)
RSA Example: Key Generations
1 Select two primes: p = 47 and q = 71.
2 Compute n = pq = 3337.
3 Compute φ(n) = (p − 1)(q − 1) = 3220.
RSA 14/91
![Page 44: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/44.jpg)
RSA Example: Key Generations
1 Select two primes: p = 47 and q = 71.
2 Compute n = pq = 3337.
3 Compute φ(n) = (p − 1)(q − 1) = 3220.
4 Select e = 79.
RSA 14/91
![Page 45: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/45.jpg)
RSA Example: Key Generations
1 Select two primes: p = 47 and q = 71.
2 Compute n = pq = 3337.
3 Compute φ(n) = (p − 1)(q − 1) = 3220.
4 Select e = 79.
5 Compute
d = e−1 mod φ(n)
= 79−1 mod 3220
= 1019
RSA 14/91
![Page 46: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/46.jpg)
RSA Example: Key Generations
1 Select two primes: p = 47 and q = 71.
2 Compute n = pq = 3337.
3 Compute φ(n) = (p − 1)(q − 1) = 3220.
4 Select e = 79.
5 Compute
d = e−1 mod φ(n)
= 79−1 mod 3220
= 1019
6 P = (79, 3337) is the RSA public key.
RSA 14/91
![Page 47: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/47.jpg)
RSA Example: Key Generations
1 Select two primes: p = 47 and q = 71.
2 Compute n = pq = 3337.
3 Compute φ(n) = (p − 1)(q − 1) = 3220.
4 Select e = 79.
5 Compute
d = e−1 mod φ(n)
= 79−1 mod 3220
= 1019
6 P = (79, 3337) is the RSA public key.
7 S = (1019, 3337) is the RSA private key.
RSA 14/91
![Page 48: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/48.jpg)
RSA Example: Encryption
1 Encrypt M = 6882326879666683.
RSA 15/91
![Page 49: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/49.jpg)
RSA Example: Encryption
1 Encrypt M = 6882326879666683.
2 Break up M into 3-digit blocks:
m = 〈688, 232, 687, 966, 668, 003〉
Note the padding at the end.
RSA 15/91
![Page 50: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/50.jpg)
RSA Example: Encryption
1 Encrypt M = 6882326879666683.
2 Break up M into 3-digit blocks:
m = 〈688, 232, 687, 966, 668, 003〉
Note the padding at the end.
3 Encrypt each block:
c1 = me1 mod n
= 68879 mod 3337
= 1570
We get:
c = 〈1570, 2756, 2091, 2276, 2423, 158〉
RSA 15/91
![Page 51: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/51.jpg)
RSA Example: Decryption
1 Decrypt each block:
m1 = cd1 mod n
= 15701019 mod 3337
= 688
RSA 16/91
![Page 52: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/52.jpg)
In-Class Exercise: Goodrich & Tamassia R-8.18
Show the result of encrypting M = 4 using the public key(e, n) = (3, 77) in the RSA cryptosystem.
RSA 17/91
![Page 53: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/53.jpg)
In-Class Exercise: Goodrich & Tamassia R-8.20
Alice is telling Bob that he should use a pair of the form
(3, n)
or(16385, n)
as his RSA public key if he wants people to encrypt messagesfor him from their cell phones.
As usual, n = pq, for two large primes, p and q.
What is the justification for Alice’s advice?
RSA 18/91
![Page 54: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/54.jpg)
In-Class Exercise: Stallings pp. 270-271
1 Generate an RSA key-pair using p = 17, q = 11, e = 7.
2 Encrypt M = 88.
3 Decrypt the result from 2.
RSA 19/91
![Page 55: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/55.jpg)
RSA Correctness
We have
C = Me mod n
M = Cd mod n.
RSA 20/91
![Page 56: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/56.jpg)
RSA Correctness
We have
C = Me mod n
M = Cd mod n.
To show correctness we have to show that decryption of theciphertext actually gets the plaintext back, i.e that, for allM < n
Cd mod n = (Me)d mod n
= Med mod n
= M
RSA 20/91
![Page 57: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/57.jpg)
RSA Correctness: Case 1
From the key generation step we have
d = e−1 mod φ(n)
from which we can conclude that
ed mod φ(n) = 1
ed = kφ(n) + 1
RSA 21/91
![Page 58: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/58.jpg)
RSA Correctness: Case 1
From the key generation step we have
d = e−1 mod φ(n)
from which we can conclude that
ed mod φ(n) = 1
ed = kφ(n) + 1
Case 1, M is relatively prime to n:
Cd mod n = Med mod n
RSA 21/91
![Page 59: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/59.jpg)
RSA Correctness: Case 1
From the key generation step we have
d = e−1 mod φ(n)
from which we can conclude that
ed mod φ(n) = 1
ed = kφ(n) + 1
Case 1, M is relatively prime to n:
Cd mod n = Med mod n
RSA 21/91
![Page 60: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/60.jpg)
RSA Correctness: Case 1
From the key generation step we have
d = e−1 mod φ(n)
from which we can conclude that
ed mod φ(n) = 1
ed = kφ(n) + 1
Case 1, M is relatively prime to n:
Cd mod n = Med mod n
= Mkφ(n)+1 mod n
RSA 21/91
![Page 61: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/61.jpg)
RSA Correctness: Case 1
From the key generation step we have
d = e−1 mod φ(n)
from which we can conclude that
ed mod φ(n) = 1
ed = kφ(n) + 1
Case 1, M is relatively prime to n:
Cd mod n = Med mod n
= Mkφ(n)+1 mod n
= M · (Mφ(n))k mod n
RSA 21/91
![Page 62: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/62.jpg)
RSA Correctness: Case 1
From the key generation step we have
d = e−1 mod φ(n)
from which we can conclude that
ed mod φ(n) = 1
ed = kφ(n) + 1
Case 1, M is relatively prime to n:
Cd mod n = Med mod n
= Mkφ(n)+1 mod n
= M · (Mφ(n))k mod n
= M · 1k mod n
RSA 21/91
![Page 63: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/63.jpg)
RSA Correctness: Case 1
From the key generation step we have
d = e−1 mod φ(n)
from which we can conclude that
ed mod φ(n) = 1
ed = kφ(n) + 1
Case 1, M is relatively prime to n:
Cd mod n = Med mod n
= Mkφ(n)+1 mod n
= M · (Mφ(n))k mod n
= M · 1k mod n
= M mod n
RSA 21/91
![Page 64: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/64.jpg)
RSA Correctness: Case 1
From the key generation step we have
d = e−1 mod φ(n)
from which we can conclude that
ed mod φ(n) = 1
ed = kφ(n) + 1
Case 1, M is relatively prime to n:
Cd mod n = Med mod n
= Mkφ(n)+1 mod n
= M · (Mφ(n))k mod n
= M · 1k mod n
= M mod n
= M
RSA 21/91
![Page 65: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/65.jpg)
RSA Correctness: Case 1. . .
Mφ(n) mod n = 1 follows from Euler’s theorem.
Theorem (Euler)
Let x be any positive integer that’s relatively prime to the integern > 0, then
xφ(n) mod n = 1
RSA 22/91
![Page 66: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/66.jpg)
RSA Correctness: Case 2
Assume that M is not relatively prime to n, i.e. M has somefactor in common with n, since M < n.
RSA 23/91
![Page 67: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/67.jpg)
RSA Correctness: Case 2
Assume that M is not relatively prime to n, i.e. M has somefactor in common with n, since M < n.
There are two cases:
RSA 23/91
![Page 68: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/68.jpg)
RSA Correctness: Case 2
Assume that M is not relatively prime to n, i.e. M has somefactor in common with n, since M < n.
There are two cases:1 M is relatively prime with q and M = ip, or
RSA 23/91
![Page 69: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/69.jpg)
RSA Correctness: Case 2
Assume that M is not relatively prime to n, i.e. M has somefactor in common with n, since M < n.
There are two cases:1 M is relatively prime with q and M = ip, or2 M is relatively prime with p and M = iq.
RSA 23/91
![Page 70: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/70.jpg)
RSA Correctness: Case 2
Assume that M is not relatively prime to n, i.e. M has somefactor in common with n, since M < n.
There are two cases:1 M is relatively prime with q and M = ip, or2 M is relatively prime with p and M = iq.
We consider only the first case, the second is similar.
RSA 23/91
![Page 71: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/71.jpg)
RSA Correctness: Case 2. . .
We have that
φ(n) = φ(pq) = φ(p)φ(q)
RSA 24/91
![Page 72: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/72.jpg)
RSA Correctness: Case 2. . .
We have that
φ(n) = φ(pq) = φ(p)φ(q)
By Euler’s theorem we have that
Mkφ(n) mod q = Mkφ(p)φ(q) mod q
= (Mkφ(p))φ(q) mod q
= 1
RSA 24/91
![Page 73: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/73.jpg)
RSA Correctness: Case 2. . .
We have that
φ(n) = φ(pq) = φ(p)φ(q)
By Euler’s theorem we have that
Mkφ(n) mod q = Mkφ(p)φ(q) mod q
= (Mkφ(p))φ(q) mod q
= 1
Thus, for some integer h
Mkφ(n) = 1 + hq
RSA 24/91
![Page 74: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/74.jpg)
RSA Correctness: Case 2. . .
We have that
φ(n) = φ(pq) = φ(p)φ(q)
By Euler’s theorem we have that
Mkφ(n) mod q = Mkφ(p)φ(q) mod q
= (Mkφ(p))φ(q) mod q
= 1
Thus, for some integer h
Mkφ(n) = 1 + hq
Multiply both sides by M
M ·Mkφ(n) = M(1 + hq)
Mkφ(n)+1 = M +Mhq
RSA 24/91
![Page 75: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/75.jpg)
RSA Correctness: Case 2. . .
We can now prove Case 2, for M = ip:
Cd mod n = Med mod n
RSA 25/91
![Page 76: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/76.jpg)
RSA Correctness: Case 2. . .
We can now prove Case 2, for M = ip:
Cd mod n = Med mod n
RSA 25/91
![Page 77: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/77.jpg)
RSA Correctness: Case 2. . .
We can now prove Case 2, for M = ip:
Cd mod n = Med mod n
= Mkφ(n)+1 mod n
RSA 25/91
![Page 78: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/78.jpg)
RSA Correctness: Case 2. . .
We can now prove Case 2, for M = ip:
Cd mod n = Med mod n
= Mkφ(n)+1 mod n
= (M +Mhq) mod n
RSA 25/91
![Page 79: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/79.jpg)
RSA Correctness: Case 2. . .
We can now prove Case 2, for M = ip:
Cd mod n = Med mod n
= Mkφ(n)+1 mod n
= (M +Mhq) mod n
= (M + (ip)hq) mod n
RSA 25/91
![Page 80: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/80.jpg)
RSA Correctness: Case 2. . .
We can now prove Case 2, for M = ip:
Cd mod n = Med mod n
= Mkφ(n)+1 mod n
= (M +Mhq) mod n
= (M + (ip)hq) mod n
= (M + (ih)pq) mod n
RSA 25/91
![Page 81: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/81.jpg)
RSA Correctness: Case 2. . .
We can now prove Case 2, for M = ip:
Cd mod n = Med mod n
= Mkφ(n)+1 mod n
= (M +Mhq) mod n
= (M + (ip)hq) mod n
= (M + (ih)pq) mod n
= (M + (ih)n) mod n
RSA 25/91
![Page 82: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/82.jpg)
RSA Correctness: Case 2. . .
We can now prove Case 2, for M = ip:
Cd mod n = Med mod n
= Mkφ(n)+1 mod n
= (M +Mhq) mod n
= (M + (ip)hq) mod n
= (M + (ih)pq) mod n
= (M + (ih)n) mod n
= (M mod n) + ((ih)n mod n)
RSA 25/91
![Page 83: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/83.jpg)
RSA Correctness: Case 2. . .
We can now prove Case 2, for M = ip:
Cd mod n = Med mod n
= Mkφ(n)+1 mod n
= (M +Mhq) mod n
= (M + (ip)hq) mod n
= (M + (ih)pq) mod n
= (M + (ih)n) mod n
= (M mod n) + ((ih)n mod n)
= M mod n
RSA 25/91
![Page 84: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/84.jpg)
RSA Correctness: Case 2. . .
We can now prove Case 2, for M = ip:
Cd mod n = Med mod n
= Mkφ(n)+1 mod n
= (M +Mhq) mod n
= (M + (ip)hq) mod n
= (M + (ih)pq) mod n
= (M + (ih)n) mod n
= (M mod n) + ((ih)n mod n)
= M mod n
= M
RSA 25/91
![Page 85: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/85.jpg)
RSA Security
Summary:
RSA 26/91
![Page 86: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/86.jpg)
RSA Security
Summary:1 Compute n = pq, p and q prime.
RSA 26/91
![Page 87: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/87.jpg)
RSA Security
Summary:1 Compute n = pq, p and q prime.2 Select a small odd integer e relatively prime with φ(n).
RSA 26/91
![Page 88: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/88.jpg)
RSA Security
Summary:1 Compute n = pq, p and q prime.2 Select a small odd integer e relatively prime with φ(n).3 Compute φ(n) = (p − 1)(q − 1).
RSA 26/91
![Page 89: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/89.jpg)
RSA Security
Summary:1 Compute n = pq, p and q prime.2 Select a small odd integer e relatively prime with φ(n).3 Compute φ(n) = (p − 1)(q − 1).4 Compute d = e−1 mod φ(n).
RSA 26/91
![Page 90: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/90.jpg)
RSA Security
Summary:1 Compute n = pq, p and q prime.2 Select a small odd integer e relatively prime with φ(n).3 Compute φ(n) = (p − 1)(q − 1).4 Compute d = e−1 mod φ(n).5 PB = (e, n) is Bob’s RSA public key.
RSA 26/91
![Page 91: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/91.jpg)
RSA Security
Summary:1 Compute n = pq, p and q prime.2 Select a small odd integer e relatively prime with φ(n).3 Compute φ(n) = (p − 1)(q − 1).4 Compute d = e−1 mod φ(n).5 PB = (e, n) is Bob’s RSA public key.6 SB = (d , n) is Bob’ RSA private key.
RSA 26/91
![Page 92: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/92.jpg)
RSA Security
Summary:1 Compute n = pq, p and q prime.2 Select a small odd integer e relatively prime with φ(n).3 Compute φ(n) = (p − 1)(q − 1).4 Compute d = e−1 mod φ(n).5 PB = (e, n) is Bob’s RSA public key.6 SB = (d , n) is Bob’ RSA private key.
Since Alice knows Bob’s PB , she knows e and n.
RSA 26/91
![Page 93: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/93.jpg)
RSA Security
Summary:1 Compute n = pq, p and q prime.2 Select a small odd integer e relatively prime with φ(n).3 Compute φ(n) = (p − 1)(q − 1).4 Compute d = e−1 mod φ(n).5 PB = (e, n) is Bob’s RSA public key.6 SB = (d , n) is Bob’ RSA private key.
Since Alice knows Bob’s PB , she knows e and n.
If she can compute d from e and n, she has Bob’s private key.
RSA 26/91
![Page 94: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/94.jpg)
RSA Security
Summary:1 Compute n = pq, p and q prime.2 Select a small odd integer e relatively prime with φ(n).3 Compute φ(n) = (p − 1)(q − 1).4 Compute d = e−1 mod φ(n).5 PB = (e, n) is Bob’s RSA public key.6 SB = (d , n) is Bob’ RSA private key.
Since Alice knows Bob’s PB , she knows e and n.
If she can compute d from e and n, she has Bob’s private key.
If she knew φ(n) = (p − 1)(q − 1) she could computed = e−1 mod φ(n) using Euclid’s algorithm.
RSA 26/91
![Page 95: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/95.jpg)
RSA Security
Summary:1 Compute n = pq, p and q prime.2 Select a small odd integer e relatively prime with φ(n).3 Compute φ(n) = (p − 1)(q − 1).4 Compute d = e−1 mod φ(n).5 PB = (e, n) is Bob’s RSA public key.6 SB = (d , n) is Bob’ RSA private key.
Since Alice knows Bob’s PB , she knows e and n.
If she can compute d from e and n, she has Bob’s private key.
If she knew φ(n) = (p − 1)(q − 1) she could computed = e−1 mod φ(n) using Euclid’s algorithm.
If she could factor n, she’d get p and q!
RSA 26/91
![Page 96: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/96.jpg)
Security of Cryptosystems by Failed Cryptanalysis
1 Propose a cryptographic scheme.
RSA 27/91
![Page 97: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/97.jpg)
Security of Cryptosystems by Failed Cryptanalysis
1 Propose a cryptographic scheme.
2 If an attack is found, patch the scheme. GOTO 2.
RSA 27/91
![Page 98: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/98.jpg)
Security of Cryptosystems by Failed Cryptanalysis
1 Propose a cryptographic scheme.
2 If an attack is found, patch the scheme. GOTO 2.
3 If enough time has passed ⇒ The scheme is secure!
RSA 27/91
![Page 99: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/99.jpg)
Security of Cryptosystems by Failed Cryptanalysis
1 Propose a cryptographic scheme.
2 If an attack is found, patch the scheme. GOTO 2.
3 If enough time has passed ⇒ The scheme is secure!
RSA 27/91
![Page 100: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/100.jpg)
Security of Cryptosystems by Failed Cryptanalysis
1 Propose a cryptographic scheme.
2 If an attack is found, patch the scheme. GOTO 2.
3 If enough time has passed ⇒ The scheme is secure!
How long is enough?1 It took 5 years to break the Merkle-Hellman cryptosystem.2 It took 10 years to break the Chor-Rivest cryptosystem.
RSA 27/91
![Page 101: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/101.jpg)
RSA Security. . .
If we can factor n, we can find p and q and the scheme isbroken.
RSA 28/91
![Page 102: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/102.jpg)
RSA Security. . .
If we can factor n, we can find p and q and the scheme isbroken.
As far as we know, factoring is hard.
RSA 28/91
![Page 103: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/103.jpg)
RSA Security. . .
If we can factor n, we can find p and q and the scheme isbroken.
As far as we know, factoring is hard.
We need n to be large enough, 2,048 bits.
RSA 28/91
![Page 104: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/104.jpg)
RSA Factoring Challenge
http://www.rsa.com/rsalabs/node.asp?id=2093
✞ ☎Name : RSA−576D i g i t s : 174188198812920607963838697239461650439807163563379417382700763356422988859715234665485319060606504743045317388011303396716199692321205734031879550656996221305168759307650257059✝ ✆
On December 3, 2003, a team of researchers in Germany andseveral other countries reported a successful factorization ofthe challenge number RSA-576.
The factors are✞ ☎
398075086424064937397125500550386491199064362342526708406385189575946388957261768583317
472772146107435302536223071973048224632914695302097116459852171130520711256363590397527
✝ ✆
RSA 29/91
![Page 105: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/105.jpg)
RSA Factoring Challenge. . .
✞ ☎Name : RSA−640D i g i t s : 1933107418240490043721350750035888567930037346022842727545720161948823206440518081504556346829671723286782437916272838033415471073108501919548529007337724822783525742386454014691736602477652346609✝ ✆
The factoring research team of F. Bahr, M. Boehm, J. Franke,T. Kleinjung continued its productivity with a successfulfactorization of the challenge number RSA-640, reported onNovember 2, 2005.The factors are:✞ ☎1634733645809253848443133883865090859841783670033092312181110852389333100104508151212118167511579
1900871281664822113126851573935413975471896789968515493666638539088027103802104498957191261465571✝ ✆
The effort took approximately 30 2.2GHz-Opteron-CPU yearsaccording to the submitters, over five months of calendar time.
RSA 30/91
![Page 106: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/106.jpg)
RSA Factoring Challenge. . .
✞ ☎Name : RSA−704D i g i t s : 21274037563479561712828046796097429573142593188889231289084936232638972765034028266276891996419625117843995894330502127585370118968098286733173273108930900552505116877063299072396380786710086096962537934650563796359
Name : RSA−768D i g i t s : 2321230186684530117755130494958384962720772853569595334792197322452151726400507263657518745202199786469389956474942774063845925192557326303453731548268507917026122142913461670429214311602221240479274737794080665351419597459856902143413
Name : RSA−896D i g i t s : 270412023436986659543855531365332575948179811699844327982845455626433876445565248426198098870423161841879261420247188869492560931776375033421130982397485150944909106910269861031862704114880866970564902903653658867433731720813104105190864254793282601391257624033946373269391
Name : RSA−1024D i g i t s : 309135066410865995223349603216278805969938881475605667027524485143851526510604859533833940287150571909441798207282164471551373680419703964191743046496589274256239341020864383202110372958725762358509643110564073501508187510676594629205563685529475213500852879416377328533906109750544334999811150056977236890927563✝ ✆
RSA 31/91
![Page 107: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/107.jpg)
RSA Factoring Challenge. . .
✞ ☎Name : RSA−1536D i g i t s : 4631847699703211741474306835620200164403018549338663410171471785774910651696711161249859337684305435744585616061544571794052229717732524660960646946071249623720442022269756756687378427562389508764678440933285157496578843415088475528298186726451339863364931908084671990431874381283363502795470282653297802934916155811881049844908319545009848393775227257052578591944993870073695755688436933812779613089230392569695253261620823676490316036551371447913932347169566988069
Name : RSA−2048D i g i t s : 61725195908475657893494027183240048398571429282126204032027777137836043662020707595556264018525880784406918290641249515082189298559149176184502808489120072844992687392807287776735971418347270261896375014971824691165077613379859095700097330459748808428401797429100642458691817195118746121515172654632282216869987549182422433637259085141865462043576798423387184774447920739934236584823824281198163815010674810451660377306056201619676256133844143603833904414952634432190114657544454178424020924616515723350778707749817125772467962926386356373289912154831438167899885040445364023527381951378636564391212010397122822120720357✝ ✆
RSA 32/91
![Page 108: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/108.jpg)
RSA Security: How to use RSA
Two plaintexts M1 and M2 are encrypted into ciphertexts C1
and C2.
RSA 33/91
![Page 109: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/109.jpg)
RSA Security: How to use RSA
Two plaintexts M1 and M2 are encrypted into ciphertexts C1
and C2.
But, RSA is deterministic!
RSA 33/91
![Page 110: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/110.jpg)
RSA Security: How to use RSA
Two plaintexts M1 and M2 are encrypted into ciphertexts C1
and C2.
But, RSA is deterministic!
If C1 = C2 then we know that M1 = M2!
RSA 33/91
![Page 111: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/111.jpg)
RSA Security: How to use RSA
Two plaintexts M1 and M2 are encrypted into ciphertexts C1
and C2.
But, RSA is deterministic!
If C1 = C2 then we know that M1 = M2!
Also, side-channel attacks are possible against RSA, forexample by measuring the time taken to encrypt.
RSA 33/91
![Page 112: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/112.jpg)
In-class Exercise: 2012 Midterm Exam
Generate an RSA key-pair using p = 11, q = 13, e = 7. Showyour work!
RSA 34/91
![Page 113: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/113.jpg)
In-class Exercise: 2012 Midterm Exam
Given the RSA public key P = (7, 65) and secret keyS = (29, 65), encrypt M = 5. Make sure to use an efficientmethod of computation. Show your work!
RSA 35/91
![Page 114: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/114.jpg)
Outline
1 Introduction2 RSA
AlgorithmExampleCorrectnessSecurityProblems
3 GPG4 Elgamal
Discrete LogarithmsAlgorithmExampleCorrectnessSecurityProblems
5 Diffie-Hellman Key ExchangeDiffie-Hellman Key ExchangeExampleCorrectnessSecurity
6 SummaryGPG 36/91
![Page 115: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/115.jpg)
Software – GPG
gpg is a public domain implementation of pgp.
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSACipher: 3DES, CAST5, BLOWFISH, AES, AES192,
AES256, TWOFISH, CAMELLIA128,CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384,SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
http://www.gnupg.org.
GPG 37/91
![Page 116: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/116.jpg)
Key generation: Bob
> gpg --gen-key
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
What keysize do you want? (2048)
Key is valid for? (0)
Key does not expire at all
Real name: Bobby
Email address: [email protected]
Comment: recipient
You need a Passphrase to protect your secret key.
Enter passphrase: Bob rocks
Repeat passphrase: Bob rocks
GPG 38/91
![Page 117: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/117.jpg)
Key generation: Alice
> gpg --gen-key
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
What keysize do you want? (2048)
Key is valid for? (0)
Key does not expire at all
Real name: Alice
Email address: [email protected]
Comment: sender
You need a Passphrase to protect your secret key.
Enter passphrase: Alice is cute
Repeat passphrase: Alice is cute
GPG 39/91
![Page 118: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/118.jpg)
Exporting the Key
> gpg --armor --export Bobby
-----BEGIN GPG PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (Darwin)
mQENBE83U28BCADTVOkHpNjWzk7yEzMhiNJcmOtmUYfn4hzgYTDsP2otI0UhfJ4q
EZCuPoxECIZ479k3YpBvZM2JC48Ht9j1kVnDPLCrongyRdSko0AwG7OYAyHWa7/U
SeGwjZ+0MUuM3SwqHdo1/0XS3P8LABTQNXtrQf9kF8UNLIaHr1IvBcae1K44MPL6
................................................................
EBHmAM7iiWgWI6/6qEmN46ZQEmoR86vWhQL3LQ6p/FUaBA==
=FZ78
-----END GPG PUBLIC KEY BLOCK-----
GPG 40/91
![Page 119: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/119.jpg)
Encryption
We can encrypt a message using Bobby’s key:
> cat message
Attack at dawn
> gpg --recipient bobby --armor --encrypt message
> cat message.asc
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.11 (Darwin)
hQEMA97v9lbZUpHvAQf/a9QklXMiMzBWy5yyZBtNrg7FcrIqx+gXVVUXNN86tZtE
RF42elwU6QwamDzfcOHqp+3zeor4Y5xN+/pL91xti6uwFOhgGrCGJq//AfUKgQyk
MH2e4gR8Y1BuPm9b1c7uzXxRMMOUBBt75KquYGOBLybsP29ttD9iL/ZJl1zSPjSj
El7O0Gp7PqEBotStVOtuknYW/fX0zXndU8XNllKnsnZn21Xm0rMQcFMu8Do/tF5I
lRfTEcL4S9tV4vshgXhNSpTg9sZs1UZynvU2cJqyYkCtgT7TdtrK3fTa8UN+CYQv
U2QRnaNtFhYwBMonFqhefNzDqeZb+P0RqOuoDllYuNJRAViJ3CLjT7kwgBgRtNfY
RkGArQQmgrknW2jq/Y2GZTE8CC7pNXY8U3KYMl9hRA6U5fMp08ndFp8vowBbB2sw
zjxjSY7ZeIR2uwxdLYydtW4m
=B+JA
-----END PGP MESSAGE-----
GPG 41/91
![Page 120: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/120.jpg)
Decryption
Bobby can now decrypt the message using his private key:
> gpg --decrypt message.asc
You need a passphrase to unlock the secret key for
user: "Bobby (recipient) <[email protected]>"
2048-bit RSA key, ID D95291EF, created 2012-02-12
(main key ID 9974031B)
Enter passphrase: Bob rocks
gpg: encrypted with 2048-bit RSA key, ID D95291EF, created 2012-02-12
"Bobby (recipient) <[email protected]>"
Attack at dawn
GPG 42/91
![Page 121: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/121.jpg)
The keyring
> gpg --list-keys
/Users/collberg/.gnupg/pubring.gpg
----------------------------------
pub 2048R/9974031B 2012-02-12
uid Bobby (recipient) <[email protected]>
sub 2048R/D95291EF 2012-02-12
pub 2048R/4EC8A0CB 2012-02-12
uid Alice (sender) <[email protected]>
sub 2048R/B901E082 2012-02-12
GPG 43/91
![Page 122: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/122.jpg)
The keyring. . .
> gpg --list-secret-keys
/Users/collberg/.gnupg/secring.gpg
----------------------------------
sec 2048R/9974031B 2012-02-12
uid Bobby (recipient) <[email protected]>
ssb 2048R/D95291EF 2012-02-12
sec 2048R/4EC8A0CB 2012-02-12
uid Alice (sender) <[email protected]>
ssb 2048R/B901E082 2012-02-12
GPG 44/91
![Page 123: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/123.jpg)
Sign and Encrypt
Bob can sign his message before sending it to Alice:
> gpg -se --recipient alice --armor message
You need a passphrase to unlock the secret key for
user: "Bobby (recipient) <[email protected]>"
2048-bit RSA key, ID 9974031B, created 2012-02-12
Enter passphrase: Bob rocks
> cat message.asc
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.11 (Darwin)
hQEMA7osp1S5AeCCAQgAsSqSs+Urf0f3KHTtP7cqTwugpcJ9oUAGkw/KQ0DHIE0v
................................................................
8XEAaCwZ8aZK1lXhqBSd/9hCm9Mup2NECihO8crVyff7NTWFyaTBeGAm10q3y46o
QpIgPbcdYZqIt8e/8wPU6xlMZUStzxBKLB+Rj/Zg35ZVioYL
=oiv8
-----END PGP MESSAGE-----GPG 45/91
![Page 124: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/124.jpg)
Check Signature and Decrypt
Alice can now decrypt the message and check the signature:
> gpg --decrypt message.asc
You need a passphrase to unlock the secret key for
user: "Alice (sender) <[email protected]>"
2048-bit RSA key, ID B901E082,
created 2012-02-12 (main key ID 4EC8A0CB)
Enter passphrase: Alice is cute
gpg: encrypted with 2048-bit RSA key, ID B901E082, created 2012-02-12
"Alice (sender) <[email protected]>"
Attack at dawn
gpg: Signature made Sat Feb 11 23:10:59 2012 MST
using RSA key ID 9974031B
gpg: Good signature from "Bobby (recipient) <[email protected]>"
GPG 46/91
![Page 125: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/125.jpg)
Symmetric Encryption Only
> gpg --cipher-algo=AES --armor --symmetric message
Enter passphrase: sultana
Repeat passphrase: sultana
> cat message.asc
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.11 (Darwin)
jA0EBwMCgZ3PBfSZxJlg0ksBBooTMLEVQ2q9HkTR5y9FIoX9nbsyohrOXeQLFlcf
wtWcg+dZvlMS6D7OE3wZCeW2LX50kYcU17MUc8wnJLDAzAdRqPAgDma+sP4=
=UtI4
-----END PGP MESSAGE-----
> gpg message.asc
gpg: AES encrypted data
Enter passphrase: sultana
gpg: encrypted with 1 passphrase
> cat message
Attack at dawn
GPG 47/91
![Page 126: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/126.jpg)
Deleting Keys
> gpg --delete-secret-keys bobby
sec 2048R/9974031B 2012-02-12 Bobby (recipient) <[email protected]>
Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y
> gpg --delete-keys bobby
pub 2048R/9974031B 2012-02-12 Bobby (recipient) <[email protected]>
Delete this key from the keyring? (y/N) y
GPG 48/91
![Page 127: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/127.jpg)
Generating Primes
Generate a prime number of the given number of bits:
> gpg --gen-prime 1 16
C4B7
> gpg --gen-prime 1 1024
D34D4347ED013242EE06811BC561C6587D75ADE33D1BEC954D648E22
9D88B5E0AF1394459FB48B135B99C8BA8C50E5331C6226CBF6D70031
4A8CC84C7B363BE7DD7BBBB29E545D199339263F5FB2E9F1B84BA9D5
05B5B79858FC6149CF09E6C56D9730C3BD1E62B378C8DFAF4233B8DC
BA999A21EC9C4BF8C60AACDCBC607AC5
GPG 49/91
![Page 128: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/128.jpg)
Generating Random Numbers
Generate 100 (base64 encoded) random bytes:
> gpg --armour --gen-random 0 100
e0zAVl6jbe/Dma9VF20lMgZxE1RA4S8TwNwu6KP8+o1kjdtBm2
AjKFSVsj/d3zG/9KqmNj7j6symEUZ3e0fWZaWqLBxzJuSur5sK
C8omfPus2QtYJJNOgVbpJ7X9L4t1iNJtnw==
GPG 50/91
![Page 129: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/129.jpg)
Print Message Digests
> gpg --print-mds message
MD5 = 36 D1 A5 12 17 CD 34 FC 04 F5 6C C4 91 39 C7 59
SHA1 = 6DA4 473A 00CE 7AB6 7B6F 884D 1E75 6633 C21A 56DB
RMD160 = D1DE 4194 C0CD 3AED 30F3 38CD 68F3 800F CCF0 3B87
SHA224 = B4E94780 1AA1A9C3 418F72D8 651BA995 83284003
EBEE183A 589702EE
SHA256 = B83EF405 07696578 9D4BBDA7 D7932700 5F2AE6CB
A2696FDE 69694D12 AFE70E4A
SHA384 = 7AC39A0C 945844F1 1316BB46 C9FC7EEA E892A178
2D20E4CA E7BE686C 1A091C8C F1BBDFD1 3D42BEA2
88AF5A4F E3705474
SHA512 = 9CA1EB88 F064CB0D 536254B2 5755919F 45564276
96CA27A0 389E4817 53F81DC2 3222488D 7D11F3DD
C066B9E8 027F3870 395A2561 157DDC38 BD679D37
C2E361CC
GPG 51/91
![Page 130: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/130.jpg)
Goal: Read a message encrypted with gpg
1 Decrypt the message itself (OR)
http://www.schneier.com/paper-attacktrees-fig7.html
GPG 52/91
![Page 131: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/131.jpg)
Goal: Read a message encrypted with gpg
1 Decrypt the message itself (OR)
2 Determine symmetric key used to encrypt the message byother means (OR)
http://www.schneier.com/paper-attacktrees-fig7.html
GPG 52/91
![Page 132: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/132.jpg)
Goal: Read a message encrypted with gpg
1 Decrypt the message itself (OR)
2 Determine symmetric key used to encrypt the message byother means (OR)
3 Get recipient to help decrypt message (OR)
http://www.schneier.com/paper-attacktrees-fig7.html
GPG 52/91
![Page 133: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/133.jpg)
Goal: Read a message encrypted with gpg
1 Decrypt the message itself (OR)
2 Determine symmetric key used to encrypt the message byother means (OR)
3 Get recipient to help decrypt message (OR)
4 Obtain private key of recipient.
http://www.schneier.com/paper-attacktrees-fig7.html
GPG 52/91
![Page 134: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/134.jpg)
Goal: Read a message encrypted with gpg. . .
Decrypt the message itself:
1 Break asymmetric encryption (OR)
1 Brute force break asymmetric encryption (OR)2 Mathematically break asymmetric encryption (OR)
1 Break RSA (OR)
2 Factor RSA modulus/calculate Elgamal discrete log
3 Cryptanalyze asymmetric encryption (OR)
1 General cryptanalysis of RSA/Elgamal (OR)
2 Exploit weakness in RSA/Elgamal (OR)
3 Timing attack on RSA/Elgamal
2 Break symmetric-key encryption
1 Brute force break symmetric-key encryption2 Cryptanalysis of symmetric-key encryption
GPG 53/91
![Page 135: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/135.jpg)
Goal: Read a message encrypted with gpg. . .
Determine symmetric key by other means:1 Fool sender into encrypting message using public key whose
private key is known (OR)1 Convince sender that fake key (with known private key) is the
key of the intended recipient2 Convince sender to encrypt with more than one key—the real
key of the recipient and a key whose private key is known.3 Have the message encrypted with a different public key in the
background, unbeknownst to the sender.
2 Have the recipient sign the encrypted publc key (OR)3 Monitor the sender’s computer memory (OR)4 Monitor the receiver’s computer memory (OR)5 Determine key from pseudo-random number generator (OR)
1 Determine state of randseed during encryption (OR)2 Implant virus that alters the state of randseed. (OR)3 Implant software that affects the choice of symmetric key.
6 Implant virus that that exposes public key.GPG 54/91
![Page 136: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/136.jpg)
Goal: Read a message encrypted with gpg. . .
Get recipient to help decrypt message:
GPG 55/91
![Page 137: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/137.jpg)
Goal: Read a message encrypted with gpg. . .
Obtain private key of recipient:
GPG 56/91
![Page 138: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/138.jpg)
Goal: Read a message encrypted with PGP
What immediately becomes apparent from the attacktree is that breaking the RSA or IDEA encryptionalgorithms are not the most profitable attacks againstPGP. There are many ways to read someone’sPGP-encrypted messages without breaking thecryptography. You can capture their screen when theydecrypt and read the messages (using a Trojan horse likeBack Orifice, a TEMPEST receiver, or a secret camera),grab their private key after they enter a passphrase (BackOrifice again, or a dedicated computer virus), recovertheir passphrase (a keyboard sniffer, TEMPEST receiver,or Back Orifice), or simply try to brute force theirpassphrase (I can assure you that it will have much lessentropy than the 128-bit IDEA keys that it generates).
GPG 57/91
![Page 139: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/139.jpg)
Goal: Read a message encrypted with PGP. . .
In the scheme of things, the choice of algorithm and thekey length is probably the least important thing thataffects PGP’s overall security. PGP not only has to besecure, but it has to be used in an environment thatleverages that security without creating any newinsecurities.
http://www.schneier.com/paper-attacktrees-fig7.html
GPG 58/91
![Page 140: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/140.jpg)
Outline
1 Introduction2 RSA
AlgorithmExampleCorrectnessSecurityProblems
3 GPG4 Elgamal
Discrete LogarithmsAlgorithmExampleCorrectnessSecurityProblems
5 Diffie-Hellman Key ExchangeDiffie-Hellman Key ExchangeExampleCorrectnessSecurity
6 SummaryElgamal 59/91
![Page 141: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/141.jpg)
Elgamal
The Elgamal cryptosystem relies on the inherent difficulty ofcalculating discrete logarithms.
It is a probabilistic scheme:
a particular plaintext can be encrypted into multiple differentciphertexts;⇒ ciphertexts become twice the length of the plaintext.
RSA Conference 2009 Lifetime Achievement Award: TaherElgamal: http://www.youtube.com/watch?v=ZuXUeBiE2r0
Elgamal 60/91
![Page 142: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/142.jpg)
Review of Discrete Logarithms
All the powers of a, modulo 19.
The length of the sequence is highlighted.
a1 a2 a3 a4 a5 a6 a7 a8 a9 a10 a11 a12 a13 a14 a15 a16 a17 a18
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 12 4 8 16 13 7 14 9 18 17 15 11 3 6 12 5 10 13 9 8 5 15 7 2 6 18 16 10 11 14 4 12 17 13 14 16 7 9 17 11 6 5 1 4 16 7 9 17 11 6 5 15 6 11 17 9 7 16 4 1 5 6 11 17 9 7 16 4 16 17 7 4 5 11 9 16 1 6 17 7 4 5 11 9 16 17 11 1 7 11 1 7 11 1 7 11 1 7 11 1 7 11 18 7 18 11 12 1 8 7 18 11 12 1 8 7 18 11 12 19 5 7 6 16 11 4 17 1 9 5 7 6 16 11 4 17 110 5 12 6 3 11 15 17 18 9 14 7 13 16 8 4 2 111 7 1 11 7 1 11 7 1 11 7 1 11 7 1 11 7 112 11 18 7 8 1 12 11 18 7 8 1 12 11 18 7 8 113 17 12 4 14 11 10 16 18 6 2 7 15 5 8 9 3 114 6 8 17 10 7 3 4 18 5 13 11 2 9 12 16 15 115 16 12 9 2 11 13 5 18 4 3 7 10 17 8 6 14 116 9 11 5 4 7 17 6 1 16 9 11 5 4 7 17 6 117 4 11 16 6 7 5 9 1 17 4 11 16 6 7 5 9 118 1 18 1 18 1 18 1 18 1 18 1 18 1 18 1 18 1
Elgamal 61/91
![Page 143: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/143.jpg)
Primitive Roots
All sequences end with 1.
Elgamal 62/91
![Page 144: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/144.jpg)
Primitive Roots
All sequences end with 1.
Some sequences have length 18. Then we say
Elgamal 62/91
![Page 145: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/145.jpg)
Primitive Roots
All sequences end with 1.
Some sequences have length 18. Then we say
a generates the set of nonzero integers, modulo 19.
Elgamal 62/91
![Page 146: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/146.jpg)
Primitive Roots
All sequences end with 1.
Some sequences have length 18. Then we say
a generates the set of nonzero integers, modulo 19.a is a primitive root of the modulus 19.
Elgamal 62/91
![Page 147: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/147.jpg)
Primitive Roots
All sequences end with 1.
Some sequences have length 18. Then we say
a generates the set of nonzero integers, modulo 19.a is a primitive root of the modulus 19.
If a is a primitive root of n then all its powers
a, a2, . . . , aφ(n)
are distinct.
Elgamal 62/91
![Page 148: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/148.jpg)
Primitive Roots
All sequences end with 1.
Some sequences have length 18. Then we say
a generates the set of nonzero integers, modulo 19.a is a primitive root of the modulus 19.
If a is a primitive root of n then all its powers
a, a2, . . . , aφ(n)
are distinct.
If a is a primitive root of p, and p is prime, then
a, a2, . . . , ap
are distinct mod p.
Elgamal 62/91
![Page 149: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/149.jpg)
Primitive Roots. . .
For example, looking at the table above, we see that 2 is aprimitive root modulo 19:
21 22 23 24 25 26 27 28 29 210 211 212 213 214 215 216 217 218
2 4 8 16 13 7 14 9 18 17 15 11 3 6 12 5 10 1
because for each integer i ∈ Z19 = {1, 2, 3, . . . , 18} there’s aninteger k , such that i = 2k mod 19.
Elgamal 63/91
![Page 150: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/150.jpg)
Primitive Roots. . .
For example, looking at the table above, we see that 2 is aprimitive root modulo 19:
21 22 23 24 25 26 27 28 29 210 211 212 213 214 215 216 217 218
2 4 8 16 13 7 14 9 18 17 15 11 3 6 12 5 10 1
because for each integer i ∈ Z19 = {1, 2, 3, . . . , 18} there’s aninteger k , such that i = 2k mod 19.
There are φ(p − 1) generators for Zp.
Elgamal 63/91
![Page 151: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/151.jpg)
Computing Primitive Roots
Consider the equation
y = gx mod p
If we have g , x , and p it’s easy to calculate y .
Elgamal 64/91
![Page 152: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/152.jpg)
Computing Primitive Roots
Consider the equation
y = gx mod p
If we have g , x , and p it’s easy to calculate y .
What if, instead, we’re given y , g , and p?
Elgamal 64/91
![Page 153: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/153.jpg)
Computing Primitive Roots
Consider the equation
y = gx mod p
If we have g , x , and p it’s easy to calculate y .
What if, instead, we’re given y , g , and p?
it’s hard to take the discrete logarithm, i.e. to compute x .
Elgamal 64/91
![Page 154: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/154.jpg)
Computing Primitive Roots
Consider the equation
y = gx mod p
If we have g , x , and p it’s easy to calculate y .
What if, instead, we’re given y , g , and p?
it’s hard to take the discrete logarithm, i.e. to compute x .
The fastest known algorithm is
O(e((ln p)1/3(ln(ln p))2/3))
which is infeasible for large primes p.
Elgamal 64/91
![Page 155: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/155.jpg)
Elgamal: Algorithm
Bob (Key generation):
Elgamal 65/91
![Page 156: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/156.jpg)
Elgamal: Algorithm
Bob (Key generation):1 Pick a prime p.
Elgamal 65/91
![Page 157: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/157.jpg)
Elgamal: Algorithm
Bob (Key generation):1 Pick a prime p.2 Find a generator g for Zp .
Elgamal 65/91
![Page 158: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/158.jpg)
Elgamal: Algorithm
Bob (Key generation):1 Pick a prime p.2 Find a generator g for Zp .3 Pick a random number x between 1 and p − 2.
Elgamal 65/91
![Page 159: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/159.jpg)
Elgamal: Algorithm
Bob (Key generation):1 Pick a prime p.2 Find a generator g for Zp .3 Pick a random number x between 1 and p − 2.4 Compute y = g x mod p.
Elgamal 65/91
![Page 160: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/160.jpg)
Elgamal: Algorithm
Bob (Key generation):1 Pick a prime p.2 Find a generator g for Zp .3 Pick a random number x between 1 and p − 2.4 Compute y = g x mod p.
PB = (p, g , y) is Bob’s Elgamal public key.
Elgamal 65/91
![Page 161: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/161.jpg)
Elgamal: Algorithm
Bob (Key generation):1 Pick a prime p.2 Find a generator g for Zp .3 Pick a random number x between 1 and p − 2.4 Compute y = g x mod p.
PB = (p, g , y) is Bob’s Elgamal public key.SB = x is Bob’ Elgamal private key.
Elgamal 65/91
![Page 162: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/162.jpg)
Elgamal: Algorithm
Bob (Key generation):1 Pick a prime p.2 Find a generator g for Zp .3 Pick a random number x between 1 and p − 2.4 Compute y = g x mod p.
PB = (p, g , y) is Bob’s Elgamal public key.SB = x is Bob’ Elgamal private key.
Alice (encrypt and send a message M to Bob):
Elgamal 65/91
![Page 163: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/163.jpg)
Elgamal: Algorithm
Bob (Key generation):1 Pick a prime p.2 Find a generator g for Zp .3 Pick a random number x between 1 and p − 2.4 Compute y = g x mod p.
PB = (p, g , y) is Bob’s Elgamal public key.SB = x is Bob’ Elgamal private key.
Alice (encrypt and send a message M to Bob):1 Get Bob’s public key PB = (p, g , y).
Elgamal 65/91
![Page 164: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/164.jpg)
Elgamal: Algorithm
Bob (Key generation):1 Pick a prime p.2 Find a generator g for Zp .3 Pick a random number x between 1 and p − 2.4 Compute y = g x mod p.
PB = (p, g , y) is Bob’s Elgamal public key.SB = x is Bob’ Elgamal private key.
Alice (encrypt and send a message M to Bob):1 Get Bob’s public key PB = (p, g , y).2 Pick a random number k between 1 and p − 2.
Elgamal 65/91
![Page 165: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/165.jpg)
Elgamal: Algorithm
Bob (Key generation):1 Pick a prime p.2 Find a generator g for Zp .3 Pick a random number x between 1 and p − 2.4 Compute y = g x mod p.
PB = (p, g , y) is Bob’s Elgamal public key.SB = x is Bob’ Elgamal private key.
Alice (encrypt and send a message M to Bob):1 Get Bob’s public key PB = (p, g , y).2 Pick a random number k between 1 and p − 2.3 Compute the ciphertext C = (a, b):
a = g k mod p
b = Myk mod p
Elgamal 65/91
![Page 166: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/166.jpg)
Elgamal: Algorithm
Bob (Key generation):1 Pick a prime p.2 Find a generator g for Zp .3 Pick a random number x between 1 and p − 2.4 Compute y = g x mod p.
PB = (p, g , y) is Bob’s Elgamal public key.SB = x is Bob’ Elgamal private key.
Alice (encrypt and send a message M to Bob):1 Get Bob’s public key PB = (p, g , y).2 Pick a random number k between 1 and p − 2.3 Compute the ciphertext C = (a, b):
a = g k mod p
b = Myk mod p
Bob (decrypt a message C = (a, b) received from Alice):
Elgamal 65/91
![Page 167: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/167.jpg)
Elgamal: Algorithm
Bob (Key generation):1 Pick a prime p.2 Find a generator g for Zp .3 Pick a random number x between 1 and p − 2.4 Compute y = g x mod p.
PB = (p, g , y) is Bob’s Elgamal public key.SB = x is Bob’ Elgamal private key.
Alice (encrypt and send a message M to Bob):1 Get Bob’s public key PB = (p, g , y).2 Pick a random number k between 1 and p − 2.3 Compute the ciphertext C = (a, b):
a = g k mod p
b = Myk mod p
Bob (decrypt a message C = (a, b) received from Alice):1 Compute M = b(ax)−1 mod p.
Elgamal 65/91
![Page 168: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/168.jpg)
Elgamal: Algorithm Notes
Alice must choose a different random number k for everymessage, or she’ll leak information.
Bob doesn’t need to know the random value k to decrypt.
Each message has p − 1 possible different encryptions.
The division in the decryption can be avoided by use ofLagrange’s theorem :
M = b · (ax)−1 mod p
= b · ap−1−x mod p
Elgamal 66/91
![Page 169: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/169.jpg)
Elgamal: Finding the generator
Computing the generator is, in general, hard.
We can make it easier by choosing a prime number with theproperty that we can factor p − 1.
Then we can test that, for each prime factor pi of p − 1:
g (p−1)/pi mod p 6= 1
If g is not a generator, then one of these powers will 6= 1.
Elgamal 67/91
![Page 170: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/170.jpg)
Elgamal Example: Key generation
1 Pick a prime p = 13.
Elgamal 68/91
![Page 171: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/171.jpg)
Elgamal Example: Key generation
1 Pick a prime p = 13.
2 Find a generator g = 2 for Z13 (see next slide).
Elgamal 68/91
![Page 172: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/172.jpg)
Elgamal Example: Key generation
1 Pick a prime p = 13.
2 Find a generator g = 2 for Z13 (see next slide).
3 Pick a random number x = 7.
Elgamal 68/91
![Page 173: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/173.jpg)
Elgamal Example: Key generation
1 Pick a prime p = 13.
2 Find a generator g = 2 for Z13 (see next slide).
3 Pick a random number x = 7.
4 Computey = gx mod p = 27 mod 13 = 11.
Elgamal 68/91
![Page 174: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/174.jpg)
Elgamal Example: Key generation
1 Pick a prime p = 13.
2 Find a generator g = 2 for Z13 (see next slide).
3 Pick a random number x = 7.
4 Computey = gx mod p = 27 mod 13 = 11.
5 PB = (p, g , y) = (13, 2, 11) is Bob’s public key.
Elgamal 68/91
![Page 175: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/175.jpg)
Elgamal Example: Key generation
1 Pick a prime p = 13.
2 Find a generator g = 2 for Z13 (see next slide).
3 Pick a random number x = 7.
4 Computey = gx mod p = 27 mod 13 = 11.
5 PB = (p, g , y) = (13, 2, 11) is Bob’s public key.
6 SB = x = 7 is Bob’ private key.
Elgamal 68/91
![Page 176: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/176.jpg)
Powers of Integers, Modulo 13
2 is a primitive root modulo 13 because for each integeri ∈ Z13 = {1, 2, 3, . . . , 12} there’s an integer k , such thati = 2k mod 13:
a1 a2 a3 a4 a5 a6 a7 a8 a9 a10 a11 a12
1 1 1 1 1 1 1 1 1 1 1 12 4 8 3 6 12 11 9 5 10 7 13 9 1 3 9 1 3 9 1 3 9 14 3 12 9 10 1 4 3 12 9 10 15 12 8 1 5 12 8 1 5 12 8 16 10 8 9 2 12 7 3 5 4 11 17 10 5 9 11 12 6 3 8 4 2 18 12 5 1 8 12 5 1 8 12 5 19 3 1 9 3 1 9 3 1 9 3 110 9 12 3 4 1 10 9 12 3 4 111 4 5 3 7 12 2 9 8 10 6 112 1 12 1 12 1 12 1 12 1 12 1
Elgamal 69/91
![Page 177: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/177.jpg)
Elgamal Example: Encryption
Encrypt the plaintext message M = 3.
Alice gets Bob’s public key PB = (p, g , y) = (13, 2, 11).
Elgamal 70/91
![Page 178: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/178.jpg)
Elgamal Example: Encryption
Encrypt the plaintext message M = 3.
Alice gets Bob’s public key PB = (p, g , y) = (13, 2, 11).
To encrypt:
Elgamal 70/91
![Page 179: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/179.jpg)
Elgamal Example: Encryption
Encrypt the plaintext message M = 3.
Alice gets Bob’s public key PB = (p, g , y) = (13, 2, 11).
To encrypt:1 Pick a random number k = 5:
Elgamal 70/91
![Page 180: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/180.jpg)
Elgamal Example: Encryption
Encrypt the plaintext message M = 3.
Alice gets Bob’s public key PB = (p, g , y) = (13, 2, 11).
To encrypt:1 Pick a random number k = 5:2 Compute:
a = g k mod p = 25 mod 13 = 6
b = Myk mod p = 3 · 115 mod 13 = 8
Elgamal 70/91
![Page 181: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/181.jpg)
Elgamal Example: Encryption
Encrypt the plaintext message M = 3.
Alice gets Bob’s public key PB = (p, g , y) = (13, 2, 11).
To encrypt:1 Pick a random number k = 5:2 Compute:
a = g k mod p = 25 mod 13 = 6
b = Myk mod p = 3 · 115 mod 13 = 8
The ciphertext C = (a, b) = (6, 8).
Elgamal 70/91
![Page 182: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/182.jpg)
Elgamal Example: Decryption
Bob’s private key is SB = x = 7.
Elgamal 71/91
![Page 183: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/183.jpg)
Elgamal Example: Decryption
Bob’s private key is SB = x = 7.
Bob receives the ciphertext C = (a, b) = (6, 8) from Alice.
Elgamal 71/91
![Page 184: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/184.jpg)
Elgamal Example: Decryption
Bob’s private key is SB = x = 7.
Bob receives the ciphertext C = (a, b) = (6, 8) from Alice.
Bob computes the plaintext M:
M = b · (ax)−1 mod p
Elgamal 71/91
![Page 185: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/185.jpg)
Elgamal Example: Decryption
Bob’s private key is SB = x = 7.
Bob receives the ciphertext C = (a, b) = (6, 8) from Alice.
Bob computes the plaintext M:
M = b · (ax)−1 mod p
Elgamal 71/91
![Page 186: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/186.jpg)
Elgamal Example: Decryption
Bob’s private key is SB = x = 7.
Bob receives the ciphertext C = (a, b) = (6, 8) from Alice.
Bob computes the plaintext M:
M = b · (ax)−1 mod p
= b · ap−1−x mod p
Elgamal 71/91
![Page 187: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/187.jpg)
Elgamal Example: Decryption
Bob’s private key is SB = x = 7.
Bob receives the ciphertext C = (a, b) = (6, 8) from Alice.
Bob computes the plaintext M:
M = b · (ax)−1 mod p
= b · ap−1−x mod p
= 8 · 613−1−7 mod 13
Elgamal 71/91
![Page 188: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/188.jpg)
Elgamal Example: Decryption
Bob’s private key is SB = x = 7.
Bob receives the ciphertext C = (a, b) = (6, 8) from Alice.
Bob computes the plaintext M:
M = b · (ax)−1 mod p
= b · ap−1−x mod p
= 8 · 613−1−7 mod 13
= 8 · 65 mod 13
Elgamal 71/91
![Page 189: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/189.jpg)
Elgamal Example: Decryption
Bob’s private key is SB = x = 7.
Bob receives the ciphertext C = (a, b) = (6, 8) from Alice.
Bob computes the plaintext M:
M = b · (ax)−1 mod p
= b · ap−1−x mod p
= 8 · 613−1−7 mod 13
= 8 · 65 mod 13
= 3
Elgamal 71/91
![Page 190: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/190.jpg)
In-Class Exercise
Pick the prime p = 13.
Find the generator g = 2 for Z13.
Pick a random number x = 9.
Computey = gx mod p = 29 mod 13 = 5
PB = (p, g , y) = (13, 2, 5) is Bob’s public key.
SB = x = 9 is Bob’ private key.
1 Encrypt the message M = 11 using the random numberk = 10.
2 Decrypt the ciphertext from 1.
Elgamal 72/91
![Page 191: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/191.jpg)
Elgamal Correctness
Show that M = b · (ax)−1 mod p decrypts.
Elgamal 73/91
![Page 192: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/192.jpg)
Elgamal Correctness
Show that M = b · (ax)−1 mod p decrypts.We have that
a = gk mod p
b = Myk mod p
y = gx mod p
Elgamal 73/91
![Page 193: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/193.jpg)
Elgamal Correctness
Show that M = b · (ax)−1 mod p decrypts.We have that
a = gk mod p
b = Myk mod p
y = gx mod p
We get
b · (ax)−1 mod p = (Myk) · ((gk)x)−1 mod p
Elgamal 73/91
![Page 194: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/194.jpg)
Elgamal Correctness
Show that M = b · (ax)−1 mod p decrypts.We have that
a = gk mod p
b = Myk mod p
y = gx mod p
We get
b · (ax)−1 mod p = (Myk) · ((gk)x)−1 mod p
Elgamal 73/91
![Page 195: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/195.jpg)
Elgamal Correctness
Show that M = b · (ax)−1 mod p decrypts.We have that
a = gk mod p
b = Myk mod p
y = gx mod p
We get
b · (ax)−1 mod p = (Myk) · ((gk)x)−1 mod p
= (Myk) · (gkx )−1 mod p
Elgamal 73/91
![Page 196: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/196.jpg)
Elgamal Correctness
Show that M = b · (ax)−1 mod p decrypts.We have that
a = gk mod p
b = Myk mod p
y = gx mod p
We get
b · (ax)−1 mod p = (Myk) · ((gk)x)−1 mod p
= (Myk) · (gkx )−1 mod p
= (M((gx )k) · (gkx )−1 mod p
Elgamal 73/91
![Page 197: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/197.jpg)
Elgamal Correctness
Show that M = b · (ax)−1 mod p decrypts.We have that
a = gk mod p
b = Myk mod p
y = gx mod p
We get
b · (ax)−1 mod p = (Myk) · ((gk)x)−1 mod p
= (Myk) · (gkx )−1 mod p
= (M((gx )k) · (gkx )−1 mod p
= Mgkx · (gkx )−1 mod p
Elgamal 73/91
![Page 198: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/198.jpg)
Elgamal Correctness
Show that M = b · (ax)−1 mod p decrypts.We have that
a = gk mod p
b = Myk mod p
y = gx mod p
We get
b · (ax)−1 mod p = (Myk) · ((gk)x)−1 mod p
= (Myk) · (gkx )−1 mod p
= (M((gx )k) · (gkx )−1 mod p
= Mgkx · (gkx )−1 mod p
= Mgkx · g−kx mod p
Elgamal 73/91
![Page 199: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/199.jpg)
Elgamal Correctness
Show that M = b · (ax)−1 mod p decrypts.We have that
a = gk mod p
b = Myk mod p
y = gx mod p
We get
b · (ax)−1 mod p = (Myk) · ((gk)x)−1 mod p
= (Myk) · (gkx )−1 mod p
= (M((gx )k) · (gkx )−1 mod p
= Mgkx · (gkx )−1 mod p
= Mgkx · g−kx mod p
= M mod p
Elgamal 73/91
![Page 200: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/200.jpg)
Elgamal Correctness
Show that M = b · (ax)−1 mod p decrypts.We have that
a = gk mod p
b = Myk mod p
y = gx mod p
We get
b · (ax)−1 mod p = (Myk) · ((gk)x)−1 mod p
= (Myk) · (gkx )−1 mod p
= (M((gx )k) · (gkx )−1 mod p
= Mgkx · (gkx )−1 mod p
= Mgkx · g−kx mod p
= M mod p
= MElgamal 73/91
![Page 201: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/201.jpg)
Elgamal Security
The security of the scheme depends on the hardness of solvingthe discrete logarithm problem.
Elgamal 74/91
![Page 202: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/202.jpg)
Elgamal Security
The security of the scheme depends on the hardness of solvingthe discrete logarithm problem.
Generally believed to be hard.
Elgamal 74/91
![Page 203: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/203.jpg)
In-class Exercise: 2012 Midterm Exam
Show that the Elgamal cryptosystem ishomomorphic in multiplication , i.e. that for two messages M1
and M2, multiplying their ciphertexts is equivalent toencrypting the multiplication of their plaintexts:
E (M1) · E (M2) = E (M1 ·M2).
Elgamal 75/91
![Page 204: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/204.jpg)
Outline
1 Introduction2 RSA
AlgorithmExampleCorrectnessSecurityProblems
3 GPG4 Elgamal
Discrete LogarithmsAlgorithmExampleCorrectnessSecurityProblems
5 Diffie-Hellman Key ExchangeDiffie-Hellman Key ExchangeExampleCorrectnessSecurity
6 SummaryDiffie-Hellman Key Exchange 76/91
![Page 205: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/205.jpg)
Key Exchange
A key exchange protocol (or key agreement protocol ) is away for parties to share a secret (such as a symmetric key)over an insecure channel.
With an active adversary (who can modify messages) wecan’t reliably share a secret.
With a passive adversary (who can only eavesdrop onmessages) we can share a secret.
A passive adversary is said to be honest but curious .
Diffie-Hellman Key Exchange 77/91
![Page 206: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/206.jpg)
Key Exchange
2008 Royal Institution Christmas Lectures:http://www.youtube.com/watch?v=U62S8SchxX4
How internet security works (explained with tennis balls):http://www.youtube.com/watch?v=Ex_ObHVftDg
Diffie-Hellman Key Exchange 78/91
![Page 207: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/207.jpg)
Diffie-Hellman Key Exchange
A classic key exchange protocol.
Based on modular exponentiation .
The secret K1 = K2 shared by Alice and Bob at the end of theprotocol would typically be a shared symmetric key.
Diffie-Hellman Key Exchange 79/91
![Page 208: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/208.jpg)
Diffie-Hellman: Algorithm
1 All parties (set-up):
Diffie-Hellman Key Exchange 80/91
![Page 209: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/209.jpg)
Diffie-Hellman: Algorithm
1 All parties (set-up):1 Pick p, a prime number.
Diffie-Hellman Key Exchange 80/91
![Page 210: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/210.jpg)
Diffie-Hellman: Algorithm
1 All parties (set-up):1 Pick p, a prime number.2 Pick g , a generator for Zp.
Diffie-Hellman Key Exchange 80/91
![Page 211: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/211.jpg)
Diffie-Hellman: Algorithm
1 All parties (set-up):1 Pick p, a prime number.2 Pick g , a generator for Zp.
2 Alice :
Diffie-Hellman Key Exchange 80/91
![Page 212: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/212.jpg)
Diffie-Hellman: Algorithm
1 All parties (set-up):1 Pick p, a prime number.2 Pick g , a generator for Zp.
2 Alice :1 Pick a random x ∈ Zp, x > 0.
Diffie-Hellman Key Exchange 80/91
![Page 213: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/213.jpg)
Diffie-Hellman: Algorithm
1 All parties (set-up):1 Pick p, a prime number.2 Pick g , a generator for Zp.
2 Alice :1 Pick a random x ∈ Zp, x > 0.2 Compute
X = g x mod p.
Diffie-Hellman Key Exchange 80/91
![Page 214: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/214.jpg)
Diffie-Hellman: Algorithm
1 All parties (set-up):1 Pick p, a prime number.2 Pick g , a generator for Zp.
2 Alice :1 Pick a random x ∈ Zp, x > 0.2 Compute
X = g x mod p.
3 Send X to Bob.
Diffie-Hellman Key Exchange 80/91
![Page 215: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/215.jpg)
Diffie-Hellman: Algorithm
1 All parties (set-up):1 Pick p, a prime number.2 Pick g , a generator for Zp.
2 Alice :1 Pick a random x ∈ Zp, x > 0.2 Compute
X = g x mod p.
3 Send X to Bob.
3 Bob :
Diffie-Hellman Key Exchange 80/91
![Page 216: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/216.jpg)
Diffie-Hellman: Algorithm
1 All parties (set-up):1 Pick p, a prime number.2 Pick g , a generator for Zp.
2 Alice :1 Pick a random x ∈ Zp, x > 0.2 Compute
X = g x mod p.
3 Send X to Bob.
3 Bob :1 Pick a random y ∈ Zp , x > 0.
Diffie-Hellman Key Exchange 80/91
![Page 217: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/217.jpg)
Diffie-Hellman: Algorithm
1 All parties (set-up):1 Pick p, a prime number.2 Pick g , a generator for Zp.
2 Alice :1 Pick a random x ∈ Zp, x > 0.2 Compute
X = g x mod p.
3 Send X to Bob.
3 Bob :1 Pick a random y ∈ Zp , x > 0.2 Compute
Y = g y mod p.
Diffie-Hellman Key Exchange 80/91
![Page 218: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/218.jpg)
Diffie-Hellman: Algorithm
1 All parties (set-up):1 Pick p, a prime number.2 Pick g , a generator for Zp.
2 Alice :1 Pick a random x ∈ Zp, x > 0.2 Compute
X = g x mod p.
3 Send X to Bob.
3 Bob :1 Pick a random y ∈ Zp , x > 0.2 Compute
Y = g y mod p.
3 Send Y to Alice
Diffie-Hellman Key Exchange 80/91
![Page 219: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/219.jpg)
Diffie-Hellman: Algorithm
1 All parties (set-up):1 Pick p, a prime number.2 Pick g , a generator for Zp.
2 Alice :1 Pick a random x ∈ Zp, x > 0.2 Compute
X = g x mod p.
3 Send X to Bob.
3 Bob :1 Pick a random y ∈ Zp , x > 0.2 Compute
Y = g y mod p.
3 Send Y to Alice
4 Alice computes the secret: K1 = Y x mod p.
Diffie-Hellman Key Exchange 80/91
![Page 220: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/220.jpg)
Diffie-Hellman: Algorithm
1 All parties (set-up):1 Pick p, a prime number.2 Pick g , a generator for Zp.
2 Alice :1 Pick a random x ∈ Zp, x > 0.2 Compute
X = g x mod p.
3 Send X to Bob.
3 Bob :1 Pick a random y ∈ Zp , x > 0.2 Compute
Y = g y mod p.
3 Send Y to Alice
4 Alice computes the secret: K1 = Y x mod p.
5 Bob computes the secret: K2 = X y mod p.
Diffie-Hellman Key Exchange 80/91
![Page 221: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/221.jpg)
Example
1 Pick p = 13, a prime number.
Diffie-Hellman Key Exchange 81/91
![Page 222: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/222.jpg)
Example
1 Pick p = 13, a prime number.
2 Pick g = 2, a generator for Z13.
Diffie-Hellman Key Exchange 81/91
![Page 223: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/223.jpg)
Example
1 Pick p = 13, a prime number.
2 Pick g = 2, a generator for Z13.
3 Alice :
Diffie-Hellman Key Exchange 81/91
![Page 224: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/224.jpg)
Example
1 Pick p = 13, a prime number.
2 Pick g = 2, a generator for Z13.
3 Alice :
1 Pick a random x = 3.
Diffie-Hellman Key Exchange 81/91
![Page 225: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/225.jpg)
Example
1 Pick p = 13, a prime number.
2 Pick g = 2, a generator for Z13.
3 Alice :
1 Pick a random x = 3.2 Compute X = g x mod p = 23 mod 13 = 8.
Diffie-Hellman Key Exchange 81/91
![Page 226: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/226.jpg)
Example
1 Pick p = 13, a prime number.
2 Pick g = 2, a generator for Z13.
3 Alice :
1 Pick a random x = 3.2 Compute X = g x mod p = 23 mod 13 = 8.
4 Bob :
Diffie-Hellman Key Exchange 81/91
![Page 227: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/227.jpg)
Example
1 Pick p = 13, a prime number.
2 Pick g = 2, a generator for Z13.
3 Alice :
1 Pick a random x = 3.2 Compute X = g x mod p = 23 mod 13 = 8.
4 Bob :
1 Pick a random y = 7.
Diffie-Hellman Key Exchange 81/91
![Page 228: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/228.jpg)
Example
1 Pick p = 13, a prime number.
2 Pick g = 2, a generator for Z13.
3 Alice :
1 Pick a random x = 3.2 Compute X = g x mod p = 23 mod 13 = 8.
4 Bob :
1 Pick a random y = 7.2 Compute Y = g y mod p = 27 mod 13 = 11.
Diffie-Hellman Key Exchange 81/91
![Page 229: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/229.jpg)
Example
1 Pick p = 13, a prime number.
2 Pick g = 2, a generator for Z13.
3 Alice :
1 Pick a random x = 3.2 Compute X = g x mod p = 23 mod 13 = 8.
4 Bob :
1 Pick a random y = 7.2 Compute Y = g y mod p = 27 mod 13 = 11.
5 Alice computes: K1 = Y x mod p = 113 mod 13 = 5.
Diffie-Hellman Key Exchange 81/91
![Page 230: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/230.jpg)
Example
1 Pick p = 13, a prime number.
2 Pick g = 2, a generator for Z13.
3 Alice :
1 Pick a random x = 3.2 Compute X = g x mod p = 23 mod 13 = 8.
4 Bob :
1 Pick a random y = 7.2 Compute Y = g y mod p = 27 mod 13 = 11.
5 Alice computes: K1 = Y x mod p = 113 mod 13 = 5.
6 Bob computes: K2 = X y mod p = 87 mod 13 = 5.
Diffie-Hellman Key Exchange 81/91
![Page 231: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/231.jpg)
Example
1 Pick p = 13, a prime number.
2 Pick g = 2, a generator for Z13.
3 Alice :
1 Pick a random x = 3.2 Compute X = g x mod p = 23 mod 13 = 8.
4 Bob :
1 Pick a random y = 7.2 Compute Y = g y mod p = 27 mod 13 = 11.
5 Alice computes: K1 = Y x mod p = 113 mod 13 = 5.
6 Bob computes: K2 = X y mod p = 87 mod 13 = 5.
7 ⇒ K1 = K2 = 5.
Diffie-Hellman Key Exchange 81/91
![Page 232: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/232.jpg)
In-Class Exercise
Let p = 19.
Let g = 10.
Let Alice’s secret x = 7.
Let Bob’s secret y = 15.
1 Compute K1.
2 Compute K2.
Diffie-Hellman Key Exchange 82/91
![Page 233: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/233.jpg)
Diffie-Hellman Correctness
Alice has computed
X = gx mod p
K1 = Y x mod p.
Diffie-Hellman Key Exchange 83/91
![Page 234: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/234.jpg)
Diffie-Hellman Correctness
Alice has computed
X = gx mod p
K1 = Y x mod p.
Bob has computed
Y = gy mod p
K2 = X y mod p.
Diffie-Hellman Key Exchange 83/91
![Page 235: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/235.jpg)
Diffie-Hellman Correctness. . .
Alice has
K1 = Y x mod p
= (gy )x mod p
= (gx)y mod p
= X y mod p
Diffie-Hellman Key Exchange 84/91
![Page 236: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/236.jpg)
Diffie-Hellman Correctness. . .
Alice has
K1 = Y x mod p
= (gy )x mod p
= (gx)y mod p
= X y mod p
Bob has
K2 = X y mod p
= (gx)y mod p
= X y mod p
Diffie-Hellman Key Exchange 84/91
![Page 237: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/237.jpg)
Diffie-Hellman Correctness. . .
Alice has
K1 = Y x mod p
= (gy )x mod p
= (gx)y mod p
= X y mod p
Bob has
K2 = X y mod p
= (gx)y mod p
= X y mod p
⇒ K1 = K2.
Diffie-Hellman Key Exchange 84/91
![Page 238: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/238.jpg)
Diffie-Hellman Security
The security of the scheme depends on the hardness of solvingthe discrete logarithm problem.
Diffie-Hellman Key Exchange 85/91
![Page 239: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/239.jpg)
Diffie-Hellman Security
The security of the scheme depends on the hardness of solvingthe discrete logarithm problem.
Generally believed to be hard.
Diffie-Hellman Key Exchange 85/91
![Page 240: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/240.jpg)
Diffie-Hellman Security
The security of the scheme depends on the hardness of solvingthe discrete logarithm problem.
Generally believed to be hard.
Diffie-Hellman Property :
Diffie-Hellman Key Exchange 85/91
![Page 241: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/241.jpg)
Diffie-Hellman Security
The security of the scheme depends on the hardness of solvingthe discrete logarithm problem.
Generally believed to be hard.
Diffie-Hellman Property :
Givenp,X = g x ,Y = g y
Diffie-Hellman Key Exchange 85/91
![Page 242: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/242.jpg)
Diffie-Hellman Security
The security of the scheme depends on the hardness of solvingthe discrete logarithm problem.
Generally believed to be hard.
Diffie-Hellman Property :
Givenp,X = g x ,Y = g y
computingK = g xy mod p
is thought to be hard.
Diffie-Hellman Key Exchange 85/91
![Page 243: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/243.jpg)
Diffie-Hellman: Man-In-The-Middle attack
1 Alice :
Diffie-Hellman Key Exchange 86/91
![Page 244: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/244.jpg)
Diffie-Hellman: Man-In-The-Middle attack
1 Alice :
1 Send X = gX mod p to Bob.
Diffie-Hellman Key Exchange 86/91
![Page 245: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/245.jpg)
Diffie-Hellman: Man-In-The-Middle attack
1 Alice :
1 Send X = gX mod p to Bob.
2 Eve :
Diffie-Hellman Key Exchange 86/91
![Page 246: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/246.jpg)
Diffie-Hellman: Man-In-The-Middle attack
1 Alice :
1 Send X = gX mod p to Bob.
2 Eve :
1 Intercept X = g x mod p from Alice.
Diffie-Hellman Key Exchange 86/91
![Page 247: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/247.jpg)
Diffie-Hellman: Man-In-The-Middle attack
1 Alice :
1 Send X = gX mod p to Bob.
2 Eve :
1 Intercept X = g x mod p from Alice.2 Pick a number t in Zp .
Diffie-Hellman Key Exchange 86/91
![Page 248: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/248.jpg)
Diffie-Hellman: Man-In-The-Middle attack
1 Alice :
1 Send X = gX mod p to Bob.
2 Eve :
1 Intercept X = g x mod p from Alice.2 Pick a number t in Zp .3 Send T = g t mod p to Bob.
Diffie-Hellman Key Exchange 86/91
![Page 249: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/249.jpg)
Diffie-Hellman: Man-In-The-Middle attack
1 Alice :
1 Send X = gX mod p to Bob.
2 Eve :
1 Intercept X = g x mod p from Alice.2 Pick a number t in Zp .3 Send T = g t mod p to Bob.
3 Bob :
Diffie-Hellman Key Exchange 86/91
![Page 250: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/250.jpg)
Diffie-Hellman: Man-In-The-Middle attack
1 Alice :
1 Send X = gX mod p to Bob.
2 Eve :
1 Intercept X = g x mod p from Alice.2 Pick a number t in Zp .3 Send T = g t mod p to Bob.
3 Bob :
1 Send Y = g y mod p to Alice
Diffie-Hellman Key Exchange 86/91
![Page 251: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/251.jpg)
Diffie-Hellman: Man-In-The-Middle attack
1 Alice :
1 Send X = gX mod p to Bob.
2 Eve :
1 Intercept X = g x mod p from Alice.2 Pick a number t in Zp .3 Send T = g t mod p to Bob.
3 Bob :
1 Send Y = g y mod p to Alice
4 Eve :
Diffie-Hellman Key Exchange 86/91
![Page 252: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/252.jpg)
Diffie-Hellman: Man-In-The-Middle attack
1 Alice :
1 Send X = gX mod p to Bob.
2 Eve :
1 Intercept X = g x mod p from Alice.2 Pick a number t in Zp .3 Send T = g t mod p to Bob.
3 Bob :
1 Send Y = g y mod p to Alice
4 Eve :
1 Intercept Y = g y mod p from Bob.
Diffie-Hellman Key Exchange 86/91
![Page 253: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/253.jpg)
Diffie-Hellman: Man-In-The-Middle attack
1 Alice :
1 Send X = gX mod p to Bob.
2 Eve :
1 Intercept X = g x mod p from Alice.2 Pick a number t in Zp .3 Send T = g t mod p to Bob.
3 Bob :
1 Send Y = g y mod p to Alice
4 Eve :
1 Intercept Y = g y mod p from Bob.2 Pick a number s in Zp.
Diffie-Hellman Key Exchange 86/91
![Page 254: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/254.jpg)
Diffie-Hellman: Man-In-The-Middle attack
1 Alice :
1 Send X = gX mod p to Bob.
2 Eve :
1 Intercept X = g x mod p from Alice.2 Pick a number t in Zp .3 Send T = g t mod p to Bob.
3 Bob :
1 Send Y = g y mod p to Alice
4 Eve :
1 Intercept Y = g y mod p from Bob.2 Pick a number s in Zp.3 Send S = g s mod p to Alice.
Diffie-Hellman Key Exchange 86/91
![Page 255: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/255.jpg)
Diffie-Hellman: Man-In-The-Middle attack. . .
5 Alice and Eve :
Diffie-Hellman Key Exchange 87/91
![Page 256: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/256.jpg)
Diffie-Hellman: Man-In-The-Middle attack. . .
5 Alice and Eve :
1 Compute K1 = g xS mod p
Diffie-Hellman Key Exchange 87/91
![Page 257: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/257.jpg)
Diffie-Hellman: Man-In-The-Middle attack. . .
5 Alice and Eve :
1 Compute K1 = g xS mod p
6 Bob and Eve :
Diffie-Hellman Key Exchange 87/91
![Page 258: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/258.jpg)
Diffie-Hellman: Man-In-The-Middle attack. . .
5 Alice and Eve :
1 Compute K1 = g xS mod p
6 Bob and Eve :
1 Compute K2 = g yT mod p
Diffie-Hellman Key Exchange 87/91
![Page 259: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/259.jpg)
Diffie-Hellman: Man-In-The-Middle attack. . .
7 Alice : Send C = EK1(M) to Bob
Diffie-Hellman Key Exchange 88/91
![Page 260: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/260.jpg)
Diffie-Hellman: Man-In-The-Middle attack. . .
7 Alice : Send C = EK1(M) to Bob
8 Eve :
Diffie-Hellman Key Exchange 88/91
![Page 261: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/261.jpg)
Diffie-Hellman: Man-In-The-Middle attack. . .
7 Alice : Send C = EK1(M) to Bob
8 Eve :
1 Intercept C .
Diffie-Hellman Key Exchange 88/91
![Page 262: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/262.jpg)
Diffie-Hellman: Man-In-The-Middle attack. . .
7 Alice : Send C = EK1(M) to Bob
8 Eve :
1 Intercept C .2 Decrypt:M = DK1(C )
Diffie-Hellman Key Exchange 88/91
![Page 263: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/263.jpg)
Diffie-Hellman: Man-In-The-Middle attack. . .
7 Alice : Send C = EK1(M) to Bob
8 Eve :
1 Intercept C .2 Decrypt:M = DK1(C )3 Re-encrypt:C ′ = EK2(M)
Diffie-Hellman Key Exchange 88/91
![Page 264: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/264.jpg)
Diffie-Hellman: Man-In-The-Middle attack. . .
7 Alice : Send C = EK1(M) to Bob
8 Eve :
1 Intercept C .2 Decrypt:M = DK1(C )3 Re-encrypt:C ′ = EK2(M)4 Send C ′ to Bob
Diffie-Hellman Key Exchange 88/91
![Page 265: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/265.jpg)
Diffie-Hellman: Man-In-The-Middle attack. . .
7 Alice : Send C = EK1(M) to Bob
8 Eve :
1 Intercept C .2 Decrypt:M = DK1(C )3 Re-encrypt:C ′ = EK2(M)4 Send C ′ to Bob
9 Bob : Send C = EK2(M) to Alice
Diffie-Hellman Key Exchange 88/91
![Page 266: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/266.jpg)
Diffie-Hellman: Man-In-The-Middle attack. . .
7 Alice : Send C = EK1(M) to Bob
8 Eve :
1 Intercept C .2 Decrypt:M = DK1(C )3 Re-encrypt:C ′ = EK2(M)4 Send C ′ to Bob
9 Bob : Send C = EK2(M) to Alice
10 Eve :
Diffie-Hellman Key Exchange 88/91
![Page 267: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/267.jpg)
Diffie-Hellman: Man-In-The-Middle attack. . .
7 Alice : Send C = EK1(M) to Bob
8 Eve :
1 Intercept C .2 Decrypt:M = DK1(C )3 Re-encrypt:C ′ = EK2(M)4 Send C ′ to Bob
9 Bob : Send C = EK2(M) to Alice
10 Eve :
1 Intercept C .
Diffie-Hellman Key Exchange 88/91
![Page 268: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/268.jpg)
Diffie-Hellman: Man-In-The-Middle attack. . .
7 Alice : Send C = EK1(M) to Bob
8 Eve :
1 Intercept C .2 Decrypt:M = DK1(C )3 Re-encrypt:C ′ = EK2(M)4 Send C ′ to Bob
9 Bob : Send C = EK2(M) to Alice
10 Eve :
1 Intercept C .2 Decrypt:M = DK2(C )
Diffie-Hellman Key Exchange 88/91
![Page 269: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/269.jpg)
Diffie-Hellman: Man-In-The-Middle attack. . .
7 Alice : Send C = EK1(M) to Bob
8 Eve :
1 Intercept C .2 Decrypt:M = DK1(C )3 Re-encrypt:C ′ = EK2(M)4 Send C ′ to Bob
9 Bob : Send C = EK2(M) to Alice
10 Eve :
1 Intercept C .2 Decrypt:M = DK2(C )3 Re-encrypt:C ′ = EK1(M)
Diffie-Hellman Key Exchange 88/91
![Page 270: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/270.jpg)
Diffie-Hellman: Man-In-The-Middle attack. . .
7 Alice : Send C = EK1(M) to Bob
8 Eve :
1 Intercept C .2 Decrypt:M = DK1(C )3 Re-encrypt:C ′ = EK2(M)4 Send C ′ to Bob
9 Bob : Send C = EK2(M) to Alice
10 Eve :
1 Intercept C .2 Decrypt:M = DK2(C )3 Re-encrypt:C ′ = EK1(M)4 Send C ′ to Alice.
Diffie-Hellman Key Exchange 88/91
![Page 271: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/271.jpg)
Outline
1 Introduction2 RSA
AlgorithmExampleCorrectnessSecurityProblems
3 GPG4 Elgamal
Discrete LogarithmsAlgorithmExampleCorrectnessSecurityProblems
5 Diffie-Hellman Key ExchangeDiffie-Hellman Key ExchangeExampleCorrectnessSecurity
6 SummarySummary 89/91
![Page 272: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/272.jpg)
Readings and References
Chapter 8.1.1-8.1.5 in Introduction to Computer Security, byGoodrich and Tamassia.
Summary 90/91
![Page 273: CSc 466/566 Computer Security 15 : Cryptography — Public Keycollberg/Teaching/466-566/... · 2014-10-28 · RSA: Algorithm Bob (Key generation): 1 Generate two large random primes](https://reader034.fdocuments.in/reader034/viewer/2022050417/5f8ce96b0caa294df27b2e0d/html5/thumbnails/273.jpg)
Acknowledgments
Additional material and exercises have also been collected fromthese sources:
1 Igor Crk and Scott Baker, 620—Fall 2003—BasicCryptography.
2 Bruce Schneier, Applied Cryptography.
3 Pfleeger and Pfleeger, Security in Computing.
4 William Stallings, Cryptography and Network Security.
5 Bruce Schneier, Attack Trees, Dr. Dobb’s Journal December1999, http://www.schneier.com/paper-attacktrees-ddj-ft.html.
6 Barthe, Gregoire, Beguelin, Hedin, Heraud, Olmedo, VerifiableSecurity of Cryptographic Schemes,http://www.irisa.fr/celtique/blazy/seminar/20110204.pdf.
7 http://homes.cerias.purdue.edu/~crisn/courses/cs355_Fall_2008/lect18.pdf
Summary 91/91