Public Key Model
description
Transcript of Public Key Model
![Page 1: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/1.jpg)
8. Cryptography part 2 1
Public Key Model
![Page 2: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/2.jpg)
8. Cryptography part 2 2
Public Key Encryption
![Page 3: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/3.jpg)
8. Cryptography part 2 3
Public Key Signature
![Page 4: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/4.jpg)
8. Cryptography part 2 4
Public-Key CryptanalysisBrute-force attack (Try all possible keys)Derive private key from public key
– Try to find the relationship between the public key and the private key and compute the private key from the public one.
Probable-message attack– The public key is known.– Encrypt all possible messages– Try to find a match between the ciphertext and one of the
encrypted messages.– Example: Prof. sends encrypted of letter grades to his students based
on their public key.
![Page 5: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/5.jpg)
8. Cryptography part 2 5
History of Public-Key
1976 – Diffie & Hellman suggested public-key model for encryption and signatures
1976 – Diffie & Hellman developed public-key protocol for key-exchange based on Discrete Log Problem
1977- Rivest, Shamir, Adelman developed RSA public-key scheme for encryption and signatures based on the Number Factoring Problem
1980’s - El-Gamal developed public-key protocols forencryption and signatures based on Discrete Log Prob
![Page 6: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/6.jpg)
8. Cryptography part 2 6
Revolution in Cryptography
Diffie & Hellman sought to solve 2 problems– Find a secure way to distribute keys– Provide digital signature for documentPublic key cryptography is based on rigorous
mathematical theory, rather than substitutions and permutations.
• It is asymmetric – requires two different keys: private & public
![Page 7: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/7.jpg)
8. Cryptography part 2 7
Diffie-Hellman Key Exchange (I)
See: W. Diffie and ME Hellman, "New Directions in Cryptography", in IEEE Transactions on Information Theory, IT-22 no 6 (November 1976) p. 644-654– The first public key algorithm– Allows two users to agree on a secret key over a public
channel – No encryption, decryption, nor authentication– p is a large prime number (about 512 bits), g < p and g is a
primitive root of p.– p and g are publicly known
![Page 8: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/8.jpg)
8. Cryptography part 2 8
Diffie-Hellman Key Exchange (II)
![Page 9: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/9.jpg)
8. Cryptography part 2 9
Diffie-Hellman Key Exchange (III)
![Page 10: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/10.jpg)
8. Cryptography part 2 10
Diffie-Hellman ExampleAlice and Bob want to establish a shared secret key and
have agree on n=353 (prime) and g=3They select the random secret values:
– Alice chooses Xa=97, Bob chooses Xb=233They derive the public keys:
– Ta= gXa mod n = 397 mod 353 = 40 (Alice’s)– Tb= gXb mod n = 3233 mod 353 = 248 (Bob’s)
They derive the shared secret keyK = Tb
Xa mod n = 24897 mod 353 = 160 (Alice’s)K = Ta
Xb mod n = 40233 mod 353 = 160 (Bob’s)
![Page 11: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/11.jpg)
8. Cryptography part 2 11
Diffie-Hellman Man-in-the-middle
![Page 12: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/12.jpg)
8. Cryptography part 2 12
Diffie-Hellman Scheme
Security factors– Discrete logarithm very difficult.– Shared key (the secret) itself never transmitted.Disadvantages:– Expensive exponential operation– Cannot be used to encrypt anything.– No authentication, so you cannot sign anything
![Page 13: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/13.jpg)
8. Cryptography part 2 13
RSA (Rivest, Shamir, Adleman)See: R. Rivest, A. Shamir, and L. Adleman, "A Method
for Obtaining Digital Signatures and Public-Key Cryptosystems", CACM 21, pp. 120--126, Feb. 1978The first public key encryption and signature systemSupports both public key encryption and digital signature.
• Theoretical basis:Factorization of large numbers is hard.Variable key length (usually 1024 bits).Variable plaintext block size.Plaintext must be “smaller” than the key.Ciphertext block size is the same length as the key.
![Page 14: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/14.jpg)
8. Cryptography part 2 14
The RSA Algorithm
To generate a key pair:– Pick large primes p and q (do not disclose
them)– Let n = p*q – For the public key, choose e that is relatively
prime to ø(n)=(p-1)(q-1).public key = <e,n>– For private key, find d that is the multiplicative
inverse of e mod ø(n), i.e., e*d
![Page 15: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/15.jpg)
8. Cryptography part 2 15
Using RSA
Given pubKey = <e, n> and privKey = <d, n>If Message = mThen: encryption: c = me mod n, m < ndecryption: m = cd mod nsignature: s = md mod n, m < nverification: m = se mod n
![Page 16: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/16.jpg)
8. Cryptography part 2 16
Example of RSA (1)Choose p = 7 and q = 17.Compute n = p*q= 119.Compute (n)=(p-1)(q-1)=96.Select e = 5, (a relatively prime to (n).)Compute d = _77_such that e*d=1 mod (n).• Public key: <5,119>• Private key: <77,119>• Message = 19• Encryption: 195 mod 119 = 66• Decryption: 6677 mod 119 = 19
![Page 17: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/17.jpg)
8. Cryptography part 2 17
Example of RSA (2)
p = 7, q = 11, n = 77Alice chooses e = 17, making d = 53Bob wants to send Alice secret message HELLO (07 04 11 11 14)– 0717 mod 77 = 28; 0417 mod 77 = 16– 1117 mod 77 = 44; – 1117 mod 77 = 44– 1417 mod 77 = 42• Bob sends 28 16 44 44 42
![Page 18: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/18.jpg)
8. Cryptography part 2 18
Example of RSA (3)
Alice receives 28 16 44 44 42Alice uses private key, d = 53, to decrypt message:– 2853 mod 77 = 07; 1653 mod 77 = 04– 4453 mod 77 = 11; 4453 mod 77 = 11– 4253 mod 77 = 14• Alice translates 07 04 11 11 14 to HELLONo one else could read it, as only Alice knows herprivate key (needed for decryption)
![Page 19: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/19.jpg)
8. Cryptography part 2 19
Digital Signatures in RSA
RSA has an important property: Encryption and decryption are symmetric
Encryption followed by decryption yields the original– (Me mod n)d mod n = MDecryption followed by encryption yields the original– (Md mod n)e mod n = M– Because e and d are symmetric ine*d = 1 mod (p-1)*(q-1)
![Page 20: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/20.jpg)
8. Cryptography part 2 20
Signature example in RSA
p = 7, q = 11, n = 77Alice chooses e = 17, making d = 53Alice wants to send message HELLO (07 04 11 11 14)
so that Bob knows it is from Alice, and has not been modified in transit
– 0753 mod 77 = 35, 0453 mod 77 = 09– 1153 mod 77 = 44, 1153 mod 77 = 44– 1453 mod 77 = 49• Alice sends 35 09 44 44 49
![Page 21: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/21.jpg)
8. Cryptography part 2 21
Verify senderBob receives 35 09 44 44 49He uses Alice’s public key, e = 17, n = 77, to decrypt it:– 3517 mod 77 = 07, 0917 mod 77 = 04– 4417 mod 77 = 11,4417 mod 77 = 11– 4917 mod 77 = 14• Bob has 07 04 11 11 14 HELLO
Only Alice has her private key, so no one else could have created a correct signature
The (deciphered) signature matches the transmitted plaintext, so the plaintext was not altered
![Page 22: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/22.jpg)
8. Cryptography part 2 22
The Security of RSA
• Attacks against RSA– Brute force: Try all possible private keys• Can be defeated by using a large key space– Mathematical attacks• Factor n into n=p*q.• Determine.Determine ø (n) directly: equivalent to factoring n. Determine d directly: at least as difficult as factoring n.
![Page 23: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/23.jpg)
8. Cryptography part 2 23
The Security of RSA (Cont’d)Factoring a large integer is very hard!If you can factor the number n then, given public key
<e,n>, you can find d, and hence the private key by:– Knowing factors p, q, such that, n = p*q– Then ø(n) =(p-1)(q-1)– Then d such that e*d = 1 mod ø(n)• Ways to make n difficult to factor– p and q should differ in length by only a few digits– Both (p-1) and (q-1) should contain a large prime factor– gcd(p-1, q-1) should be small.
– d > n1/4.
![Page 24: Public Key Model](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815ac8550346895dc89850/html5/thumbnails/24.jpg)
8. Cryptography part 2 24
RSA versusversus DES
• Fastest implementations of RSA can encryptkilobits/second• Fastest implementations of DES can encryptmegabits/second• RSA could be used for secure exchange of DES keys• This 1000-fold difference in speed is likely to remainindependent of technology advances