public-key cryptography and rsa – chapter 9 public-key cryptography and rsa – chapter 9...
TRANSCRIPT
![Page 1: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/1.jpg)
PUBLIC-KEY CRYPTOGRAPHY PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9AND RSA – Chapter 9
• Principles Applications Requirements
• RSA Algorithm Description Security
![Page 2: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/2.jpg)
PUBLIC-KEY CRYPTOGRAPHY PUBLIC-KEY CRYPTOGRAPHY (PKC) – A New Idea(PKC) – A New Idea
Historically – Symmetric-Key (one key) substitution (confusion) permutation (diffusion)
More Recently – Asymmetric-Key (two keys)
![Page 3: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/3.jpg)
MISCONCEPTIONSMISCONCEPTIONS PKC vs Symmetric Encryption PKC vs Symmetric Encryption
• PKC more secure than symmetric encryp. WRONG!!
• PKC more useful than symmetric encryp. WRONG!! – PKC costly
• PKC doesn’t need complicated protocol WRONG!!
![Page 4: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/4.jpg)
PKC - USESPKC - USES
• Key Management
• Signature
![Page 5: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/5.jpg)
PKC – SIX INGREDIENTSPKC – SIX INGREDIENTS• Plaintext – input to encryp. algorithm output from decryp. algorithm• Encryp. Algorithm – acts on plaintext - controlled by public or private key• Public and Private Key - one for encryption - one for decryption• Ciphertext – output from encryp. algorithm input to decryp. algorithm• Decryp. Algorithm – acts on ciphertext - controlled by public or private key
![Page 6: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/6.jpg)
PKC – STEPSPKC – STEPS1. Each user generates two related keys - PUBLIC and PRIVATE
2. Each user makes: public key PUBLIC private key PRIVATE access ALL public keys
3. BOB: Encr(plaintext,PUBLICAlice) ciphertext ALICE
4. ALICE: Decr(ciphertext,PRIVATEAlice)
![Page 7: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/7.jpg)
PKC for a) ENCRYPTION b) AUTHENTICATION
P laintextinput
B ob s'spublic k ey
r ing
T r an smittedcipher text
P laintextou tputE n cryption algor ithm
(e.g., R SA )D ecryption algor ithm(r everse of encryption
algor ithm)
F igur e 9.1 P ublic-K ey C r yptogr aphy
J oy
M ike
M ike B ob
T ed
A lice
A lice's p ublick ey
A lice 's p r ivatek ey
(a) E ncryption
P laintextinput
T r an smittedcipher text
P laintextou tputE n cryption algor ithm
(e.g., R SA )D ecryption algor ithm(r everse of encryption
algor ithm)
B ob 's p r ivatek ey
B ob 's p ublickey
A lice'spublic k ey
r ing
J oyT ed
(b) A uthentication
![Page 8: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/8.jpg)
At ANY TIME,
ANY Private/Public key pair can be changed.
Public key should be made public IMMEDIATELY
KEYS EASILY UPDATEDKEYS EASILY UPDATED
![Page 9: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/9.jpg)
Symmetric-Key: One SECRET KEY
Asymmetric-Key (PKC): One PRIVATE KEY One PUBLIC KEY
CIPHER TERMINOLOGYCIPHER TERMINOLOGY
![Page 10: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/10.jpg)
CONFIDENTIALITY
M essageSour ce
C r yptanalyst
K ey P airSour ce
D estinationX X
^
Y
K R b
K U b
F igur e 9.2 P ublic-K ey C r yptosystem: Secr ecy
E ncryptionA lgor ithm
DecryptionA lgor ithm
K R b
^X
Sour ce A D estination B
![Page 11: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/11.jpg)
AUTHENTICATION (source)(Integrity/Signature)
M essageSour ce
C r yptanalyst
K ey P airSour ce
D estinationX X
^
Y
K R a
K R a
K U a
F igur e 9.3 P ublic-K ey C r yptosystem: A uthentication
E ncryptionA lgor ithm
DecryptionA lgor ithm
Sour ce A D estination B
![Page 12: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/12.jpg)
CONFIDENTIALITY and AUTHENTICATION
M essageSour ce
M essageDest.
X
F igur e 9.4 P ublic-K ey C r yptosystem: Secr ecy and A uthentication
E ncryptionA lgor ithm
K ey P airSour ce
K U b K R b
Sour ce A Destination B
K ey P airSour ce
K R a K U a
Y E ncryptionA lgor ithm
Z DecryptionA lgor ithm
Y DecryptionA lgor ithm
X
![Page 13: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/13.jpg)
• Encryp./Decryp. Sender encrypts with RECIPIENT’S PUBLIC key. Applied to ALL of message.• Digital Signature Sender signs with SENDER’S PRIVATE key. Applied to ALL or PART of message.• Key Exchange Uses one or more PRIVATE keys. Several approaches
APPLICATIONSAPPLICATIONS OF PKC OF PKC
![Page 14: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/14.jpg)
Table 9.2
APPLICATIONS OF PKCAPPLICATIONS OF PKC
![Page 15: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/15.jpg)
• Every value has an inverse
Y = F(X) X = F-1(Y)
• Y = F(X) - easy
• X = F-1(Y) - infeasible
easy – polynomial time (poly in message
length)
infeasible - > poly time (e.g. exp. in message
length)
ONE-WAY FUNCTIONONE-WAY FUNCTION
![Page 16: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/16.jpg)
Y = fk(X) - easy if k and X
known
X = fk-1(Y) - easy if k and Y
known
X = fk-1(Y) - infeasible if only Y
known
TRAP-DOOR ONE-WAY TRAP-DOOR ONE-WAY FUNCTION (e.g. PKC)FUNCTION (e.g. PKC)
![Page 17: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/17.jpg)
Brute-Force Attack Use LARGE keys
But,
PKC COMPLEXITY GROWS fast with
key size
So, PKC TOO COMPLEX encryp/decryp PKC only for key management and signature
PKC – THE PROBLEMPKC – THE PROBLEM OF KEY SIZE OF KEY SIZE
![Page 18: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/18.jpg)
PKC: 1960’s (NSA) 1970 Ellis – CESG 1976 Diffie and Hellman
RSA: 1973 Cocks – CESG 1977 Rivest, Shamir, Adleman - MIT
RSA ALGORITHMRSA ALGORITHM
![Page 19: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/19.jpg)
Plaintext and Ciphertext
integers between 0 and n-1
i.e. k bits, 2k < n <2k+1
Encryption: C = Me mod n
Decryption: M = Cd mod n = (Me)d mod
n
= Med
mod n
RSARSA
![Page 20: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/20.jpg)
Sender knows n,e
Receiver knows n,d
PUBLIC key, KU = {e,n}
PRIVATE key, KR = {d}
RSA (continued)RSA (continued)
![Page 21: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/21.jpg)
1. There exists e,d,n s.t. Med = M mod n
2. Easy to calculate Me and Cd given
{M,e} or {C,d}, resp.
3. Infeasible to find d given {e,n}
PKC REQUIREMENTSPKC REQUIREMENTS OF RSA OF RSA
![Page 22: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/22.jpg)
p = 17, q = 11 n = p.q = 187
mod p = 17,
{1,6,62,63,64,65,66,67,68,69,610,611,612,613,61
4,615}
=
{1,6,2,12,4,7,8,14,16,11,15,5,13,10,9,3}
Mod p = 11
{1,2,4,8,5,10,9,7,3,6}
EXAMPLEEXAMPLE
![Page 23: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/23.jpg)
57 = (6,2), 572 = (2,4), 573 = (12,8), 574
= (4,5)
EXAMPLE
![Page 24: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/24.jpg)
We want number, g, between 1 and 186
s.t.
g mod 17
= 6, g mod 11 = 2
Use CRT:
g = 154.6 + 34.2 mod 187 =
57
EXAMPLEEXAMPLE Chinese Remainder Chinese Remainder TheoremTheorem
![Page 25: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/25.jpg)
EXAMPLE RSA COMPUTATION
E ncr yption
plaintext88
plaintext88
cipher text1188 mod 187 = 11
K U = 7, 187
D ecr yption
F igur e 9.6 E xample of R SA A lgor ithm
711 mod 187 = 88
K R = 23, 187
23
![Page 26: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/26.jpg)
• Brute-Force Attacks
– try all possible private
keys.
• Mathematical Attacks
- all equivalent to
factoring n.
• Timing Attacks
- depend on running
time of
decryption algorithm.
SECURITY OF RSASECURITY OF RSA
![Page 27: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/27.jpg)
Table 9.3
Progress in FactorisationProgress in Factorisation
![Page 28: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/28.jpg)
MIPS-years NEEDED TO FACTOR
10 22
10 20
10 18
10 16
10 14
10 12
10 10
108
106
104
102
100
MIP
S-y
ea
rs N
ee
de
d t
o F
ac
to
r
200018001600140012001000800600
B its
F igur e 9.9 M I P S-year s N eeded to F actor
G eneral N umb er F ield S ieve
Special N umb er F ield S ieve
![Page 29: PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description](https://reader034.vdocuments.net/reader034/viewer/2022050721/5697bfba1a28abf838ca0865/html5/thumbnails/29.jpg)
For Decryption:
• Constant exponentiation time
• Random delay
• Blinding Generate random r C’ = Cre
M’ = C’d
M = M’r-1
TIMING ATTACKS ON RSATIMING ATTACKS ON RSA - countermeasures - countermeasures