public key cryptography infsci 1075: network security – spring 2013 amir masoumzadeh
TRANSCRIPT
Public Key Cryptography
INFSCI 1075: Network Security – Spring 2013
Amir Masoumzadeh
2
What we have looked at so far
CRYPTOLOGY
CRYPTOGRAPHY CRYPTANALYSIS
Private Key(Secret Key)
Public Key
Block Cipher Stream Cipher Integer Factorization
Discrete Logarithm
3
Outline Problems with secret key schemes Public key cryptography
Integer factorization Discrete logarithms
How to achieve confidentiality, authentication, or both
4
Conventional Encryption Model
Encrypt Decrypt
Key Source
Insecure channel
Alice Bob
yx x
y = ek (x) : Ciphertextx = dk (y) : Plaintext
k k
Oscar
Secure Channel
5
Secret Key Cryptosystems Block ciphers and stream ciphers Use the same secret key on both sides for
encryption and decryption Operations for ek and dk are identical A separate key for each communication
Alice
Bob
Carol
Kbob&CarolKAlice&Bob
KAlice&Carol
6
Problems with Secret Key Schemes Key distribution and management is a
problem If the key is disclosed, communications are
compromised How many secret keys do we need?
How to provide non-repudiation? What if a receiver forges a message and claims
that is sent by a sender! Both have access to the secret key!
Authentication, which secret key cryptosystems do not provide
7
Problems with Secret Key Schemes (cont.) A secret key algorithm
implies every pair of communicating entities share a secret key
Total number of keys is O(n2) For n users, we need
n(n – 1)/2 pairs of keys
It is like having a mailbox for EACH pair of communicating people
Alice Bob
Carol Dan
8
Solution One mailbox for one person Make a SLOT in the mailbox Everyone (including Oscar) can deposit
messages in the mailbox Only the owner of the mailbox can recover the
messages So now for n users we only need n mailboxes
and n keys
9
Why Public Key Cryptography? Developed to address two key issues:
Key distribution – how to have secure communications in general without having to trust a KDC with your key (Confidentiality)
Digital signatures – how to verify a message comes intact from the claimed sender (non-repudiation)
10
Public Key Cryptography Pioneered by Whitfield Diffie and Martin Hellman in
1976 Public-key / two-key / asymmetric cryptography
involves the use of two keys: Public-key (KU)
Is known to everyone, used to encrypt messages and verify signatures
(Slot in the mailbox) Private-key (KR)
known only to the recipient, used to decrypt messages and sign (create signatures)
(Actual key to open the mailbox)
Public Key Cryptography is asymmetric because Those who encrypt messages or verify signatures cannot
decrypt messages or create signatures
11
Public Key Encryption Model
Encrypt Decrypt
Insecure channel
Alice Bobyx x
y = eku (x) : Ciphertextx = dkr (y) : Plaintext
kubobkrbob
Oscar knows kubob
12
Requirements It is easy to encrypt using the public key KU It is easy to decrypt using the private key KR It is computationally infeasible to determine
the private key given the public key It is computationally infeasible to determine
the plaintext x given the ciphertext y and the public key KU
It should be easy to generate a public key-private key pair
Encryption and decryption should be inverse functions dKR(eKU(x)) = x
13
What can satisfy these requirements? There is a need for a mathematical
function unlike secret key cryptosystems One way functions:
Every function value has a unique inverse Calculating y = f (x) is easy Calculating x = f -1(y) is not feasible
Examples: Integer factorization Discrete logarithms
14
Integer Factorization Multiplication is easy
7 17 109 151 = 195821 Integer factorization is difficult
30616693 = ? ? ? ? Answer: 47 59 61 181
Used in RSA
15
Discrete Logarithm EASY: Modular exponentiation
223 mod 109 = ? 223 = 8388608 77 mod 109
DIFFICULT: Discrete logarithm 2x mod 109 = 68 : Find x x = log2 68 mod 109 One way to solve it: Brute Force Answer: x = 15
Used in Diffie-Hellman Key Exchange, ElGamal Encryption Scheme, and Elliptic Curves
16
Trapdoor One-Way Functions A special kind of one-way function that is hard
to invert unless some secret information, called the trapdoor, is known
Every function value has a unique inverse There are two related keys k1 and k2
Calculating y = f (k1, x) is easy
Calculating x = f -1(k2, y) is easy if k2 is known. It is infeasible if k2 is not known and only k1 is known Finding k2 given k1 is very hard
17
Providing Confidentiality
plaintextmessage, m
ciphertextencryptionalgorithm
decryption algorithm
Bob’s public key
plaintextmessage
eKU (m)
KUB
Bob’s privatekey
KRB
m = dKR ( eKU (m) )BB B
18
Providing Authentication
plaintextmessage, m
ciphertextencryptionalgorithm
decryption algorithm
plaintextmessage
Alice’s public key KUA
Alice’s private key
KRA
Bob’s public key
KUB
Bob’s privatekey
KRB
m = dKR ( eKU (m) )B B
eKR (m)B
19
Providing Authentication & Confidentiality
plaintextmessage, m
encryptionalgorithm
encryptionalgorithm
decryption algorithm
C decryption algorithm
plaintextmessage
C ’C
eKR (m)A
eKU ( eKR (m) )B A
dKR ( eKU ( eKR (m) ) )B AB
dKU ( eKR (m) )A A
20
Remarks Single most major advance in cryptography Much slower than private key cryptosystems
Used primarily for signatures and key exchange rather than bulk data encryption
Vulnerable to brute force attacks Vulnerable to mathematical analysis
Note that KU and KR are related Key sizes are much larger than those in secret key
algorithms Probable message attack
KU is known If the number of messages is small, Oscar can encrypt
all possible messages to break the system
21
Public Key Algorithms and Security Three different popular algorithms
RSA (integer factorization) ElGamal (discrete logarithms on prime number
fields) Menezes-Vanstone (discrete logarithms on elliptic
curves) Keys sizes for security
1024 bits for RSA and ElGamal 160 bits for Menezes-Vanstone 80 bits for block ciphers