Public Key Cryptography
description
Transcript of Public Key Cryptography
![Page 1: Public Key Cryptography](https://reader036.fdocuments.in/reader036/viewer/2022062316/56816809550346895ddd8c3e/html5/thumbnails/1.jpg)
CSCI 172/283Fall 2010
Public Key Cryptography
![Page 2: Public Key Cryptography](https://reader036.fdocuments.in/reader036/viewer/2022062316/56816809550346895ddd8c3e/html5/thumbnails/2.jpg)
Public Key CryptographyNew paradigm introduced by Diffie and HellmanThe mailbox analogy:
Bob has a locked mailboxAlice can insert a letter into the box, but can’t
unlock it to take mail outBob has the key and can take mail out
Encrypt messages to Bob with Bob’s public keyCan freely distribute
Bob decrypts his messages with his private keyOnly Bob knows this
![Page 3: Public Key Cryptography](https://reader036.fdocuments.in/reader036/viewer/2022062316/56816809550346895ddd8c3e/html5/thumbnails/3.jpg)
RequirementsHow should a public key scheme work?Three main conditions
It must be computationally easy to encrypt or decrypt a message given the appropriate key
It must be computationally infeasible to derive the private key from the public key
It must be computationally infeasible to determine the private key from chosen plaintext attackAttacker can pick any message, have it encrypted,
and obtain the ciphertext
![Page 4: Public Key Cryptography](https://reader036.fdocuments.in/reader036/viewer/2022062316/56816809550346895ddd8c3e/html5/thumbnails/4.jpg)
Exchanging keysAlice and Bob want to communicate using a
block cipher to encrypt their messages, but don’t have shared key
How do Alice and Bob get a shared key?
![Page 5: Public Key Cryptography](https://reader036.fdocuments.in/reader036/viewer/2022062316/56816809550346895ddd8c3e/html5/thumbnails/5.jpg)
Solution 1Alice sends the key along with her
encrypted message
Eve sees encrypted message and keyUses key to decrypt message
FAIL!
![Page 6: Public Key Cryptography](https://reader036.fdocuments.in/reader036/viewer/2022062316/56816809550346895ddd8c3e/html5/thumbnails/6.jpg)
Solution 2Alice sends the key at some time prior to
sending Bob the encrypted message
Eve has to wait longerIf she saw the key transmission, she has the
keyUses key to decrypt message
FAIL!
![Page 7: Public Key Cryptography](https://reader036.fdocuments.in/reader036/viewer/2022062316/56816809550346895ddd8c3e/html5/thumbnails/7.jpg)
Solution 3 – Use public key cryptoDiffie Hellman Key ExchangeAll users share common modulus, p, and element g
g ≠ 0, g ≠ 1, and g ≠ p-1Alice chooses her private key, kA
Computes KA = gkA mod p and sends it to Bob in the clear
Bob chooses his private key, kBComputes KB = gkB mod p and sends it to Alice in the
clearWhen Alice and Bob want to agree on a shared key,
they compute a shared secret SSA,B = KB
kA mod pSB,A = KA
kB mod p
![Page 8: Public Key Cryptography](https://reader036.fdocuments.in/reader036/viewer/2022062316/56816809550346895ddd8c3e/html5/thumbnails/8.jpg)
Why does DH work?SA,B = SB,A (gkA) kB mod p = (gkB) kA mod p
Eve knowsg and pKA and KBWhy can’t Eve compute the secret?
This was the first public key cryptography schemeSA,B = KB
kA mod p SB,A = KA
kB mod p
![Page 9: Public Key Cryptography](https://reader036.fdocuments.in/reader036/viewer/2022062316/56816809550346895ddd8c3e/html5/thumbnails/9.jpg)
Hard problemsPublic key cryptosystems are based on hard
problemsDH is based on the Discrete Logarithm Problem
(DLP)
Given: Multiplicative group GElement a in GOutput b
Find:Unique solution to ax = b in G
x is loga b
No polynomial time algorithm exists to solve this**On classical computers
![Page 10: Public Key Cryptography](https://reader036.fdocuments.in/reader036/viewer/2022062316/56816809550346895ddd8c3e/html5/thumbnails/10.jpg)
Could it fail?Eve could fool Alice and Bob
Man in the middle / bucket brigade
Alice BobEve
My key is KA
My key is K’A
My key is KB
My key is K’B
Alice has no guarantee that the person she’s establishinga key with is actually Bob
![Page 11: Public Key Cryptography](https://reader036.fdocuments.in/reader036/viewer/2022062316/56816809550346895ddd8c3e/html5/thumbnails/11.jpg)
RSARivest-Shamir-AdlemanProbably the most well-known public key
schemeFirst, some background
![Page 12: Public Key Cryptography](https://reader036.fdocuments.in/reader036/viewer/2022062316/56816809550346895ddd8c3e/html5/thumbnails/12.jpg)
Euler’s TotientTotient function (n)
Number of positive numbers less than n that are relatively prime to nTwo numbers are relatively prime when their
greatest common divisor is 1
Example: (10) = 41, 3, 7, 9
Example: (7) = 61, 2, 3, 4, 5, 6If n is prime, (n) = n-1
![Page 13: Public Key Cryptography](https://reader036.fdocuments.in/reader036/viewer/2022062316/56816809550346895ddd8c3e/html5/thumbnails/13.jpg)
RSA keysChoose 2 large primes, p and qN = pq(N) = (p-1)(q-1) Choose e < N such that gcd(e, (N))=1d such that ed = 1 mod (N)
Public key: {N, e}Private key: {d}
p and q must also be kept secret
![Page 14: Public Key Cryptography](https://reader036.fdocuments.in/reader036/viewer/2022062316/56816809550346895ddd8c3e/html5/thumbnails/14.jpg)
RSA encryption/decryptionAlice wants to send Bob message m
She knows his public key, {N,e}
Alice Bob
c = me mod N
c
m = cd mod N
![Page 15: Public Key Cryptography](https://reader036.fdocuments.in/reader036/viewer/2022062316/56816809550346895ddd8c3e/html5/thumbnails/15.jpg)
Toy examplep=7, q=11
N=77(N) = (6)(10) = 60
Bob chooses e=17Uses extended Euclidean algorithm to find
inverse of e mod 60Finds d=53
Bob makes {N, e} public
![Page 16: Public Key Cryptography](https://reader036.fdocuments.in/reader036/viewer/2022062316/56816809550346895ddd8c3e/html5/thumbnails/16.jpg)
Toy example (continued)Alice wants to send Bob “HELLO WORLD”Represent each letter as a number 00(A) to
25(Z)26 is a space
Calculates:0717 mod 77 = 28, 0417 mod 77 = 16, …, 0317
mod 77 = 75Sends Bob 28 16 44 44 42 38 22 42 19 44 75 He decrypts each number with his private
key and gets “HELLO WORLD”
![Page 17: Public Key Cryptography](https://reader036.fdocuments.in/reader036/viewer/2022062316/56816809550346895ddd8c3e/html5/thumbnails/17.jpg)
What could go wrong?What was wrong with the toy example?
Eve can easily find the encryption of each letter and use that as a key to Alice’s message
Even without knowing the public key, can use statistics to find likely messagesLike cryptogram puzzles
![Page 18: Public Key Cryptography](https://reader036.fdocuments.in/reader036/viewer/2022062316/56816809550346895ddd8c3e/html5/thumbnails/18.jpg)
How it should really happenp and q should be at least 512 bits each
N at least 1024 bitsThe message “HELLO WORLD” would be
converted into one very large integerThat integer would be raised to the
public/private exponentFor short message, pad them with a
random string
![Page 19: Public Key Cryptography](https://reader036.fdocuments.in/reader036/viewer/2022062316/56816809550346895ddd8c3e/html5/thumbnails/19.jpg)
Is this key yours?How to bind a key to an identity?
![Page 20: Public Key Cryptography](https://reader036.fdocuments.in/reader036/viewer/2022062316/56816809550346895ddd8c3e/html5/thumbnails/20.jpg)
PK ParadigmGenkey(some info)
Creates Kpub and Kpriv
Encrypt with KpubDecrypt with Kpriv
Certificate binds key to individual
![Page 21: Public Key Cryptography](https://reader036.fdocuments.in/reader036/viewer/2022062316/56816809550346895ddd8c3e/html5/thumbnails/21.jpg)
IBEIdentity-Based EncryptionKpub is well-known
Known to be bound to ownerName, email, SSN, etc.
Owner requests a private key from CA
No certificates required
![Page 22: Public Key Cryptography](https://reader036.fdocuments.in/reader036/viewer/2022062316/56816809550346895ddd8c3e/html5/thumbnails/22.jpg)
Conclusion by xkcd
http://xkcd.com/538/