m.mogollon – 0 cryptography and security services: mechanisms and applications manuel mogollon...
TRANSCRIPT
M.Mogollon – 1
Cryptography and Security Services: Mechanisms and Applications
Manuel [email protected]
Chapter 3Chapter 3Number Theory, and Public Key Ciphers
M. Mogollon - 2
Number Theory Exponentiation and Public-Key Ciphers Key Management
Session 3 Contents
• Number Theory and Finite Arithmetic— Counting in modulo p Arithmetic— Congruence Arithmetic— Fermat’s Theorem— Euler’s Theorem
• Confidentiality using Public-Key Ciphers— Pohlig-Hellman Algorithm— The RSA Algorithm— ElGamal Algorithm
• Key Management Using Exponentiation Ciphers— The Diffie-Hellman Key Agreement— RSA Key Transport
M. Mogollon - 3
Number Theory Exponentiation and Public-Key Ciphers Key Management
Principle of Counting
• The number of possible outcomes from which several procedures can be performed together is the product of n1 . n2 x n3 . ... nn. Where n1 is the number of possible way procedure 1 can have, and so on.
• Suppose a password contains two distinct lower case letters and three numbers, but the first number can’t be zero.— Letters variations are 26, and 25, (distinct letters).— Number variations are 9, 10, 10. — Total number of passwords of possible passwords are 26 x 25 x 9 x 10 x 10
• At another company, the guidelines might be to use eight upper-case letters, lower case letters, or numbers, in any order. Now for each entry there are 26 + 26 + 10 possibilities and the total password space is 62 . 62 . 62 . 62 . 62 . 62 . 62 . 62 = 628.
• When talking about bits there are two possibilities, 0 and 1.— For four bits there are 2 x 2 x 2 x 2 possibilities— For 128 bits there are 2128 possibilities.
Exponentiation examples— 2 x 2 x 2 x 2 = 24
— (2 x 2 x 2 x 2 ) x (2 x 2 x 2 ) = 24 x 23 = 2(4+3) = 27 — (2 x 2 x 2 x 2 x 2) / (2 x 2 x 2 ) = 25 / 23 = 2(5-3) = 22
M. Mogollon - 4
Number Theory Exponentiation and Public-Key Ciphers Key Management
Number Theory and Finite Arithmetic
• Number Theory plays an important role in Public-Key crypto systems.
• It is necessary to understand only certain basic concepts of Number Theory, such as modular arithmetic and congruence as they are related to a Public-Key crypto system.
M. Mogollon - 5
Number Theory Exponentiation and Public-Key Ciphers Key Management
Counting in Modular Arithmetic
• Add 9h, 43m, 25s and 4h, 26m, 50s
Hours Minutes Seconds
9 43 25
4 26 50
---- ----- -----
13 69 75
(13 + 1 - 12) (69 + 1 - 60) (75 - 60)
2 10 15
• When we added the seconds and minutes in the example above, we used 60 as a modulo, so we can say that (25 + 50) = 15 (mod 60); 15 is the remainder left, after 75 is divided by 60.
• Calculation of modulo returns the remainder after a number is divided by a divisor.
M. Mogollon - 6
Number Theory Exponentiation and Public-Key Ciphers Key Management
Congruence Arithmetic
The notion of congruence arithmetic (modulo arithmetic) was introduced by Gauss; it is a form of arithmetic in which only the remainders after division by a specific integer, are used. If a is divided by p and has a remainder b, it can be said that a is congruent to b, modulo p. For example let’s say that:
a = (k . p) + b
If a = 32 is divided by p = 5, the result will be k = 6 with a remainder of b = 2.
This congruence is expressed as follows:
a b mod p 32 2 mod 5
and it is read,
a is congruent to b, modulo p 32 is congruent to 2 modulo 5
Congruences with the same modulo can be added, subtracted, or multiplied.
Another way to read the expression is to say that
a is equivalent to b, modulo p 32 is equivalent to 2, modulo 5
M. Mogollon - 7
Number Theory Exponentiation and Public-Key Ciphers Key Management
Congruence – Addition and Subtraction
Addition
If a b mod p and c d mod p, then (a + c) (b + d) mod p.
For example, 32 2 mod 5 and 49 4 mod 5,
then,
(32 + 49) (2 + 4) mod 5 or 81 6 mod 5 1 mod 5.
Subtraction
If a b mod p and c d mod p, then (a - c) (b - d) mod p.
For example, a = 49 4 mod 5 and c = 32 2 mod 5,
then, (49 - 32) (4 - 2) mod 5 or 17 2 mod 5.
Or for a = 32 2 mod 5 and c = 49 4 mod 5 and
then 32 – 49 (2 - 4) mod 5, or -17 -2 mod 5 = -2 mod 5 = 3 mod 5
M. Mogollon - 8
Number Theory Exponentiation and Public-Key Ciphers Key Management
Addition in Modulo p
(a + b + c) mod p = a (mod p) + b (mod p) + c (mod p).
Example: Add the following three large numbers, and then find the modulo 8191 of the result.
We can add them first and find the modulo:58,736,593,76515,345,786,365 1,763,785,786---------------------75,846,165,916 (mod 8191) = 4,171 (mod 8191)
Otherwise, we can find the modulo of each number and then add the results of each modulo-added number:
58,736,593,765 (mod 8191) = 5,786 (mod 8191)15,345,786,365 (mod 8191) = 5,202 (mod 8191)
--------------------------10,988 (mod 8191) = 2,797 (mod 8191)
2,797 (mod 8191)1,763,785,786 (mod 8191) = 1,374 (mod 8191)
---------------------------4,171 (mod 8191)
M. Mogollon - 9
Number Theory Exponentiation and Public-Key Ciphers Key Management
Congruence – Multiplication
Both sides of a congruence can be multiplied by the same number, just as both sides of an algebraic equation can be multiplied by the same number.
If a b mod p
then, for any value of c
(a . c ) (b . c) mod p
Example: For 32 2 (mod 5) and c = 11:
(32 . 11) (2 . 11) (mod 5)
352 22 (mod 5) 2 (mod 5)
Also, if a b mod p and c d mod p,
then, (a . c) (b . d) mod p.
Example: For 32 2 (mod 5) and 49 4 (mod 5),
then, (32 . 49) (2 . 4) (mod 5),
1568 8 (mod 5) 3 (mod 5).
M. Mogollon - 10
Number Theory Exponentiation and Public-Key Ciphers Key Management
Congruence – Exponentiation
Both sides of a congruence can be raised to the same exponent just as both sides of an equation can be raised to the same exponent.
For any value of r,
Example: For 32 2 mod 5 and r = 3:
323 23 mod 5
32,768 8 mod 5
3 mod 5
p b arr mod
M. Mogollon - 11
Number Theory Exponentiation and Public-Key Ciphers Key Management
Exponentiation in Modulo p
(an) mod p = am1 (mod p) x am2 (mod p) x am3 (mod p) x . . . . . Where, n = m1 + m2 + m3 + ….
Problem: Find 56118 mod 8191
Convert 118 decimal to 118 binary.
118 (decimal) = 1 1 1 0 1 1 0 (binary)
56118 = 5664 5632 5616 564 562
56118 mod 8191 = 5664 mod 8191 x 5632 mod 8191 5616 mod 8191 x
564 mod 8191 x 562 mod 8191
56118 mod 8191 = 7388 mod 8191
M. Mogollon - 12
Number Theory Exponentiation and Public-Key Ciphers Key Management
Congruence – Canceling
The rule for canceling a congruence by an integer is a little more complicated than multiplication.
If (a . c ) (b . c) mod p
then
where (c, p) is the greatest common divisor of c and p.
If c and p are relatively prime, then the gcd (c, p) = 1.
Example:
58 . 100 100 mod 380
gcd (100, 380) = 20
Then, 58 1 mod 380 / 20 1 mod 19
] p) (c,
p[ b a mod
M. Mogollon - 13
Number Theory Exponentiation and Public-Key Ciphers Key Management
Exponentiation Ciphers
b + p) * (k= a
p b a mod
p b a rr mod
1 + p) * (k= a
p 1 a mod
p 1 ar mod
1 + p) * (k= a 1-p p 1 a 1-p mod
1 p a 1-p modp 1 )a( k1-p mod
If b = 1, then
Fermat’s Theorem indicates that if p is prime and a is not divisible by p (a and p are relatively prime) then,
M. Mogollon - 14
Number Theory Exponentiation and Public-Key Ciphers Key Management
Fermat’s Theorem
• Fermat’s Theorem indicates that if p is prime and a is not divisible by p (a and p are relatively prime) then,
• These properties can be used to exponentiate a to a large number. Having the restriction on a and p, it is possible to write,
669 (mod 17) º (617 - 1)4 mod 17 . 65 (mod 17)
669 (mod 17) º 1 . 65 (mod 17) º 7 (mod 17)
• A faster way to do the exponentiation is to apply modulo (p - 1) to the exponent and say that if n º m mod (p - 1), then an º am mod p. In the example before:
a = 6, m = 69, p = 17, n = 69 mod (17-1) = 5; then,
65 = 669 mod (17 - 1) = 65 (mod 17) = 7 (mod 17)
1 + p) * (k= a 1-p p 1 a 1-p mod
1 p a 1-p modp 1 )a( k1-p mod 7 1 6
7 1 66
1-7
mod
mod
M. Mogollon - 15
Number Theory Exponentiation and Public-Key Ciphers Key Management
Euler’s Theorem
Euler's Theorem states that:
where
1. a and p are relatively prime, gcd (a, p) = 1.
2. (p) is the Euler totien function which is equal to the number of integers relatively prime to p in the range 1 ..... (p - 1). For example, for p = 15, the relative prime numbers are 1, 2, 4, 7, 8, 11, 13, 14; so (15) = 8. In general, a. If p is a prime, then (p) = (p - 1)b. If p is a prime, then (pk) = (pk - pk - 1)c. If p and q are primes, then (p . q) = (p - 1)(q - 1)d. If p is a prime, for p2, then (p2) = p(p - 1)
3. If g.c.d (p, q) = 1, the Euler totien function is multiplicative denoting (pq) = (p) * (q)
1 + p) * (k= a (p) p 1= a (p) mod
M. Mogollon - 16
Number Theory Exponentiation and Public-Key Ciphers Key Management
Euler’s Theorem Using the equation
it is possible to exponentiate a to a large number by reducing the exponent.
Example: For a = 2, p = 15, and (15) = 8:
222 (mod 15) º [28 (mod 15)] . [28 (mod 15)] . [26 (mod 15)]
222 (mod 15) º 1 . 1 . [26 (mod 15)]
222 (mod 15) º 4 (mod 15)
Even if a is not relatively prime with p, it is possible to reduce the exponent to modulo (p), except in the case of exponents reduced to 0. For example, for a = 3, p = 15, and (15) = 8:
322 (mod 15) º [38 (mod 15)] . [38 (mod 15)] . [36 (mod 15)]
322 (mod 15) º 1 . 1 . [36 (mod 15)]
322 (mod 15) º 9 (mod 15)
p 1= a (p) mod
M. Mogollon - 17
Number Theory Exponentiation and Public-Key Ciphers Key Management
Exponentiation Cipher
According to , equation
can be written as
and from equation
it follows that
or,
which can be written as
where,
which can be written as
or,
p a = a 1 + (p) k mod
p a = a D * E mod
1 + (p) k= D * E
p b arr mod p 1= a (p) mod
p 1= p 1= a k(p) k modmod
p c) * (b c) *(a mod
paaa (p k mod1..
]mod[ (p) 1= D * E
1= (p) D * E ]mod[
M. Mogollon - 18
Number Theory Exponentiation and Public-Key Ciphers Key Management
Exponentiation Cipher – Cont.
In
the reciprocal of the number E is the inverse or multiplicative inverse of D. Normally, E is selected first and then the corresponding D must be found.
By symmetry, the exponents E and D are commutative and
mutual inverses, so it is possible to say that
can be written as
Replacing “a” for “M” message, the equation can be written as
p a = a D * E mod
1= (p) D * E ]mod[
p p] a[= p a E DD * E modmodmod
M= p M D * E mod
M= p p] M[ E D modmod
a = p a D * E mod
M. Mogollon - 19
Number Theory Exponentiation and Public-Key Ciphers Key Management
Exponentiation Cipher – Cont.
In
The equation illustrates that if M the plaintext is enciphered with the following algorithm {(plaintext)E (mod p)} to produce a ciphertext, and that if at the receiver’s end, the ciphertext is deciphered using the algorithm [(Ciphertext)D] (mod p), the same plaintext M will be obtained.
In other words, by raising the ciphertext to the Dth power and reducing it modulo p, the plaintext will be recovered. This can be written as follows:
where M is the plaintext, C is the ciphertext, and E and D are the enciphering and deciphering keys.
Exponentiation ciphers encipher a message block by computing the exponential according to above equations.
M= p p] M[ E D modmod
p M= C E mod
p C= M D mod
M. Mogollon - 20
Number Theory Exponentiation and Public-Key Ciphers Key Management
The Set of Real Numbers
Symbol Number System
Description Examples
NNatural
NumbersCounting numbers (also called positive integers).
1, 2, 3, 4, 5, …..
Z IntegersSet of natural numbers, their negatives, and zero.
.., -2, -1, 0, 1, 2, …
Q Rational
Any number that can be represented as a/b, where and a and b are integers and b ≠ 0.
-7, -2/5, 0, ¾, 5.42
R RealSet of all rational and irrational numbers.
-7, -2/5, 0, 1, ¾, 5.42,
,5,2
M. Mogollon - 21
Number Theory Exponentiation and Public-Key Ciphers Key Management
Finite Fields
• Finite fields are fields that are finite.• A field is a set of numbers in which the usual mathematical
operations (addition, subtraction, multiplication, and division by nonzero quantities) are possible; these operations follow the usual commutative, associative, and distributive laws.
• Real numbers, rational numbers (fractions), and complex numbers are elements of infinite fields.
• A discrete logarithm (DL) and elliptic curve (EC) cryptography schemes are always based on computations in a finite field in which there are only a finite number of quantities.
• For cryptography applications, the finite fields that are usually used are the field of characteristic (congruences).
• The finite field used in DL and EC are the field of prime characteristic Fp and the field of characteristic two F2
m. The finite field is also denoted as GF(q)
M. Mogollon - 22
Number Theory Exponentiation and Public-Key Ciphers Key Management
Finite Fields
• Characteristic Prime Finite Fields—The finite field Fp is the prime finite field containing p elements. If
p is an odd prime number, then there is a unique field Fp that consists of the set of integers{0, 1, 2 ,..., p – 1}.
• Characteristic Two Finite Fields—A characteristic two finite field (also known as a binary finite field)
is a finite field whose number of elements is 2m. If m is a positive integer greater than 1, the binary finite field F2
m consists of the 2m possible bit strings of length m.
—For example, F23 = {000, 001, 010, 011, 100, 101, 110, 111}
M. Mogollon - 23
Number Theory Exponentiation and Public-Key Ciphers Key Management
What is Public-Key Cryptography ?
public-key cryptography / (1) An encryption method that uses a pair of keys, one public and one private. Messages encoded with either one can be decoded by the other. Also called asymmetric encryption. (2) Algorithms used to prove the authenticity of the message originator and to exchange keys.
M. Mogollon - 24
Number Theory Exponentiation and Public-Key Ciphers Key Management
Types of Public-key Cryptography
• Exponentiation ciphers—RSA.
• Discrete logarithm systems—ElGamal public-key encryption, Digital Signature Algorithm (DSA),
Diffie-Hellman key Agreement.
• Elliptic curve cryptography.
M. Mogollon - 25
Number Theory Exponentiation and Public-Key Ciphers Key Management
Exponentiation Algorithms
Exponential crypto algorithms encipher messages according to the following formula:
M being the plaintext and C the ciphertext.
pCM
pMC
Driv
Eub
P
P
mod
mod
Receiver
Initial CryptoVariable
DecipherMessageM Message M
Pub Key E
Sender
C = MPub E (mod p)Encipher
M = CPriv D (mod p)
Pair Key Generator
Priv Key D
M. Mogollon - 26
Number Theory Exponentiation and Public-Key Ciphers Key Management
Pohlig-Hellman Exponentiation Algorithm
M is the clear message, C is the crypto message; E and D are the crypto variables used to encipher and to decipher the message. Example: p = 73, E = 29, D = 5 y M = 2;
C = M E (mod p) = 229 (mod 73) = 4 (mod 73)M = C D (mod p) = 45 (mod 73) = 2
pCM
pMC
Driv
Eub
P
P
mod
mod
Recommendation: p should be a large prime.Keep E and D secret; Polig-Hellman is not a Public Key system.
Mathematical Requirements
172mod5*29
]mod[
1p = (p)
1 = (p) D * E
1) -(p 1= ] (p) [ 1= D * E modmod
M. Mogollon - 27
Number Theory Exponentiation and Public-Key Ciphers Key Management
RSA Algorithm
Where,M = Plaintext C = Ciphertext
Pub = Public-Key (Encipher) Priv = Private Key (Decipher) n = p . q
The public key, Pub , and the modulo n are made public and the private, Priv , is kept secret.
nCM
nMC
Driv
Dub
P
P
mod
mod
Example: p = 11, q = 31, n = 11 * 31 = 341Pub = 53, Priv = 17 and M=2.
C = 253 (mod 341) = 8 M = 817 (mod 341) = 2
Mathematical requirements:
1300mod17*53
)1(*)(
]mod[
q1p = (n)
1 = (n) P * P rivub
M. Mogollon - 28
Number Theory Exponentiation and Public-Key Ciphers Key Management
ElGamal Algorithm
• A modification of the ElGamal digital signature can be used to encipher messages. The public and private keys, or key pair, are generated as follows:1. Choose a prime p to be the modulo and choose two random numbers g
and PrivA = a that are less than p.2. Calculate
3. The public key consist of yA, g, and p.
• Suppose Alice wishes to send a message m to Bob. Alice first generates a random number k less than p, then she computes
• Alice sends Y1 and Y2 to Bob. Upon receiving the ciphertext, Bob deciphers the message by computing
and then m, the message, by calculating
) p ( g= y PrivA
A mod
) p ( y= y Aivp mod)Pr1(13
) p (y y= m mod23
) p ( ym= y
) p ( g= y
Ak
k
mod
mod
2
1
M. Mogollon - 29
Number Theory Exponentiation and Public-Key Ciphers Key Management
ElGamal Algorithm
• Example*1. Alice selects the prime p = 2357 to be the modulo, and two
random numbers g = 2, and PrivA = a = 1751.
2. Alice calculates
3. Alice’s message m = 2035 and random number k = 1520.
4. Alice computes
5. Alice sends (y1 and y2) to Bob.
6. Upon receiving the ciphertext, Bob deciphers the message by computing
7. And then m, the message, by calculating
Note: Values from (Menezes, Oorschot, Vanstone 1996). Applied Cryptography Handbook
11852357mod2mod 1751 ) ( ) p ( g= y PrivA
A
6972357mod1185.2035
14302357mod21520
2
15201
) ( = y
) ( = y
8722357mod1430mod )175112357()Pr1(13 ) ( ) p ( y= y Aivp
2035)2357mod(697.872mod23 ) p (y y= m
M. Mogollon - 30
Number Theory Exponentiation and Public-Key Ciphers Key Management
Public Key Encryption
Encipher
Decipher
Alice’s Private Key
Alice’s Public Key
Encipher
Decipher
Bob’s Public Key
Bob’s Private Key
Encipher
Decipher
Bob’s Private Key
Bob’s Public Key
Sender (Alice) Receiver (Bob)
Non-Repudiation of Origin (Authenticity) Anyone who has Alice’s public key will be able to decipher the message. Alice cannot deny that she sent the message.
Confidentiality ─ Bob will be the only one able to decipher the message because only he has his private key.
Enciphering is not possible because Alice doesn’t have Bob’s private key.
Encipher
Decipher
Alice’s Public Key
Alice’s Private Key
Bob will not be able to decipher the message because he doesn’t have Alice’s private key.
M. Mogollon - 31
Number Theory Exponentiation and Public-Key Ciphers Key Management
Key Management
• Conventional crypto networks using symmetric cryptosystems typically have a Key Distribution Center (KDC) to distribute or load the keys into each of the crypto units.
• There are three ways to send information about the secret key needed to decipher a message:— Pre-Shared Secret Keys – The secret keys are loaded into both parties’
crypto systems beforehand, and it is only necessary to define which of the secret keys was used to encipher the message.
— Transport and Wrapping Keys – A secret key can be sent by transporting the key using public key algorithms or by wrapping the key using symmetric key algorithms.
— Key Agreement – A key agreement algorithm allows a sender and a receiver to share a secret key computed from public-key algorithms.
M. Mogollon - 32
Number Theory Exponentiation and Public-Key Ciphers Key Management
Pre-Shared Secret Keys
The secret keys have been loaded in both servers, so only the name associated with the
key needs to be sent.
Web Service Requester
Web Service Provider
Secret Key Table
Secret Key
Key Name
Type of Encryption Algorithm
Key Name
Secret Key Table
Secret Key
Key Name
Type of Encryption Algorithm
M. Mogollon - 33
Number Theory Exponentiation and Public-Key Ciphers Key Management
Encrypted Key – Transporting the Key
Use a public key algorithm to transport the session key
Service Provider’s Public Key
Session Key
Session Key
RSAES-v1.5 or RSAES-OAEP
.Algorithm
Web Service Requester
Web Service Provider
Service Provider’s
Private Key
Enciphering Deciphering
RSAES-v1.5 or RSAES-OAEP
.Algorithm
M. Mogollon - 34
Number Theory Exponentiation and Public-Key Ciphers Key Management
Wrapping the Key
Shared key-encrypting key
Use shared key-encrypting-key to wrap (encipher) a session key
3DESor
AES
Session key Block 1
Enciphered Session key
Block 1
IVShared key-encrypting
keyIV
+
Use 3DES or AES to encipher and decipher a
session key
EncipherDecipher
Web Service Requester
Web Service Provider
Shared Key-Encrypting Key
Session key
Session key
Session key Block n
Enciphered Session key
Block n
3DESor
AES
+
+ +
Enciphered Session key
Block n
Enciphered Session key
Block 1
Session key Block 1
Session key Block n
3DESor
AES
3DESor
AES
Shared key-encrypting
key
M. Mogollon - 35
Number Theory Exponentiation and Public-Key Ciphers Key Management
Key Agreement
Diffie-Hellman Key Exchange
Diffie-Hellman Key Exchange
Pre Master Key(ZZ)
Pre Master Key(ZZ)
Key Material Generation
Session Key
Session Key
Key Material Generation
Use Diffie-Hellman to calculate ZZ and RFC-2631 Key
Agreement Method to generate key material, as required.
Web Service Requester
Web Service Provider
M. Mogollon - 36
Number Theory Exponentiation and Public-Key Ciphers Key Management
Diffie-Hellman Key Agreement System
1. Sender and receiver, Alice and Bob, agree on fixed constants, p and g, which do not need to be kept secret; p is a large prime number, and g is any integer between 0 and p - 1.(p - 1) / 2 should be a prime.
2. When communication between Alice and Bob is established, they randomly generate a secret number: PrivA and PrivB.
3. Alice and Bob generate their corresponding public numbers:
4. Alice and Bob exchange PubA and PubB over the non-secure channel.
5. Alice and Bob compute ZZ, the session key, by
6. Alice and Bob use ZZ as their secret key, and load it into their key generators to secure their communications.
) p ( g= Pub PrivAA mod ) p ( g= Pub Priv
BB mod
) p ( Pub= ZZ Priv B
A mod ) p ( Pub= ZZ Priv A
B mod
M. Mogollon - 37
Number Theory Exponentiation and Public-Key Ciphers Key Management
Diffie-Hellman Key Agreement System
Both units use ZZ as the Session Key to encipher the message.
g and p are large integers
Priv A = Random large integer
)(modPr pgP AivAub
PubBPubA
Alice’s ZZ = Bob’ZZ Bob’s ZZ = Alice’s ZZ
g and p do not need to be secret
)(modPr pgP BivBub
Alice Bob
g and p are large integers
Priv B = Random large integer
) p ( Pub= ZZ Priv A
B mod) p ( Pub= ZZ Priv B
A mod
M. Mogollon - 38
Number Theory Exponentiation and Public-Key Ciphers Key Management
Diffie-Hellman Key Agreement System
g=12 p= 47
PrivA= 3
g= 12 p= 47
PrivB=5
18 18
36 14
g and p do not need to be secret
Both units use 18 as the Session Key to encipher the message.
36)47(mod12 3 AubP 14)47(mod12 5 BubP
18)47(mod14 3 Z 18)47(mod36' 5 Z
Sender and receiver agree on the same group or pair of g and p.
M. Mogollon - 39
Number Theory Exponentiation and Public-Key Ciphers Key Management
Diffie-Hellman Key Agreement System
• No control over the generated session key.
• Subject to the Man-in-the-Middle attack.
• No information about the parties’ identities.
• Subject to a clogging attack. It is computationally intensive.
Spoofed by the Man-in-the-Middle
Solution to the Man-in-the-Middle attack
- Establish authenticity between parties with a certificate.
- Add a hash function (message digest).
- Authenticate the identity of a message with a digital signature.
- Add a random component to the agreed key.SA SB
Alice Bob
Man-in-the-MiddleAttack
M. Mogollon - 40
Number Theory Exponentiation and Public-Key Ciphers Key Management
Combining Symmetric and Asymmetric Ciphers
Exchange (wrap / transport ) or agree (Diffie-Hellman) on a pre-master key.
Symmetric Encryption
Ciphertext Block
IV + +
Secret Key
IV+ +
Secret KeyUse a symmetric algorithm to encipher
and decipher a secure transaction.
Encipher Decipher
Client Web Server
Symmetric Encryption
Symmetric Encryption
Symmetric Encryption
Master Key Generation
Pre-Master Key
Master Key Generation
Pre-Master Key
Integrity (HMAC)
Integrity (HMAC)
Cleartext Block
Cleartext Block
Ciphertext Block
Cleartext Block
Cleartext Block
Ciphertext Block
Ciphertext Block
M. Mogollon - 41
Number Theory Exponentiation and Public-Key Ciphers Key Management
RSA Key Transport
• The secret key is transported as a message.• Alice encrypts the secret key using Bob's public key and she
sends it to Bob as an encrypted message.• Bob uses his private key to decipher the message and gets the
secret key.
nCK
nKCBriv
Bub
P
P
mod
mod
Receiver (Bob)
Sender’s Private Key
DecipherSecret Key K Secret Key K
PubB
n = p . q
Sender (Alice)
Encipher
Receiver’s Public Key
C=KPubB mod nK=CPrivB mod n
M. Mogollon - 42
Number Theory Exponentiation and Public-Key Ciphers Key Management
RSA Problem
• The strength of the RSA algorithm is based on the fact that multiplying two large primes to get n is far easier than, given n, find the two primes; this is called a one-way property.
• One approach a cryptanalyst might use to break an RSA algorithm is to find p and q, the factors of n, calculate φ (n), and then calculate Priv from φ (n) and Pub, using Euclid's algorithm.
• The difficulty of computing Priv from the public information, φ (n) and Pub, depends on the difficulty of factoring n or of deriving p and q from n, because φ (n) = (p - 1) * (q - 1), φ (n) can only be found if p and q are known.
• When p and q are chosen so that n is a 200-digit number, it seems to be computationally infeasible for anyone, even using the fastest computer available today, to break the RSA algorithm.
• Today, RSA Data Security recommends using a 768-bit RSA modulo for personal use, 1024-bits for corporate use, and 2048-bits for protecting extremely valuable data (RSA bulleting 10, 1999).
M. Mogollon - 43
Number Theory Exponentiation and Public-Key Ciphers Key Management
RSA Challenges
Number Month Number Month
RSA-100 April 1991 RSA-110 April 1992
RSA-120 June 1993 RSA-129 April 1994
RSA-130 April 1996 RSA-140 February 1999
RSA-155 August 1999 RSA-160 April 2003
RSA-576 December 2003 RSA-640November
2005
RSA-704 Open RSA 768 Open
M. Mogollon - 44
Number Theory Exponentiation and Public-Key Ciphers Key Management
Discrete Logarithmic Problem
• In the multiplicative group Zp* discrete logarithm (Diffie-Hellman, ElGamal, DSS), the following is the discrete logarithm problem:—Given elements y and x of the group, and a prime p, find a number k
such that y = gk mod p.—For example, if y = 2, g = 8, and p = 341, then find k such that 2 ≡ 8k
mod 341.—In Diffie-Hellman, y is the public key, g is a random number, p is the
modulo, and k is the private key that the cryptanalyst is trying to find out.
Which one is the correct Private Key?
M. Mogollon - 45
Number Theory Exponentiation and Public-Key Ciphers Key Management
To Probe Further• Koblitz, N. (1987). A course in Number Theory and Cryptography. New York: Springer-
Verlag.• Ogilvy, C., Anderson, J. (1988). Excursion in Number Theory . New York: Dover Publications,
Inc.• Schneir, B. (1994). Applied Cryptography. New York: John Wiley & Sons.• Diffie, W. (May 1988). The first Ten Years of Public-Key Cryptography, (p. 560). Proceedings
of the IEEE, Vol.76, No.5.• Diffie W., Hellman M.E. (November 1976). New Directions in Cryptography. IEEE
Transactions on Information Theory, Vol. IT-22, No. 6• ElGamal, T.A. (July 1985). Public Key Cryptosystem and a Signature Scheme Based on
Discret Logarithms. IEEE Transactions on Information Theory, Vol. IT-31.• Newman, D. B., Omura, J K., Pickholtz, R. L. (April 1987). Public Key Management for
Network Security. IEEE Network Magazine, Vol. 1, No. 2.• Pohlig S. C., Hellman M. E. (January, 1978). An improved algorithm for computing
logarithms in GF(p) and its cryptographic significance (pp106-110). IEEE Transactions on Information Theory, Vol IT-24.
• Pomerance, C. (Jan 23, 1987). Toward a new Factoring Record, Science News.• Rivest, R., Shamir, A., Adleman L. (1978). A Method for Obtaining Digital Signatures and
Public-Key Cryptosystem. Communications ACM, Vol. 21.