PublicKey Encryption

1
Public-Key Encryption

• Handbook of Applied Cryptography by A. Menezes,
  P. van Oorschot and S. Vanstone

2
Introduction

• asymmetric encryption
• each entity A has a public key e and a
  corresponding private key d
• the task of computing d given e is
  computationally infeasible
• The public key defines an encryption
  transformation Ee
• the private key defines the associated decryption
  transformation Dd.
• c Ee(m), m Dd(c)

3
(No Transcript)
4
Publicity

• The public key need not be kept secret, and, in
  fact, may be widely available.
• The main objective of public-key encryption is to
  provide privacy or confidentiality.
• The data origin authentication or data integrity
  must be provided through use of additional
  techniques, including message authentication
  codes and digital signatures.

5
(No Transcript)
6
Properties of Public-key encryption

• slower than symmetric-key encryption algorithms
  such as DES
• Most commonly used in practice for the transport
  of keys subsequently
• encrypting small data items such as credit card
  numbers and PINs

7
The number-theoretic computational problems
8
Basic principles

• Objectives of adversary
• recover plaintext from ciphertext
• key recovery
• Types of attacks
• chosen-plaintext attack
• chosen-ciphertext attack
• Distributing public keys
• trusted channel, trusted public file, using an
  on-line trusted server, or an off-line server and
  certificates
• Message blocking
• Plaintext messages longer than some fixed size
  (bitlength) must be broken into blocks.

9
RSA public-key encryption

• 1977, R. Rivest, A. Shamir, and L. Adleman
• provide both secrecy and digital signatures
• security is based on the intractability of the
  integer factorization problem

10
(No Transcript)
11
(No Transcript)
12
(No Transcript)
13
(No Transcript)
14
Security of RSA

• Relation to factoring
• Small encryption exponent e
• Forward search attack
• Small decryption exponent d
• Multiplicative properties
• Common modulus attack
• Cycling attacks
• Message concealing

15
RSA problem (RSAP)

• recovering plaintext m from the corresponding
  ciphertext c given the public information (n, e)
• There is no efficient algorithm known for this
  problem.
• first factor n, and then compute ? and d
• If d known, then n will be factorized.

16
Cycling attacks
17
RSA encryption in practice

• fast modular multiplication, fast modular
  exponentiation
• the Chinese remainder theorem for faster
  decryption
• Even with these improvements, RSA
  encryption/decryption is substantially slower
  than the commonly used symmetric-key encryption
  algorithms such as DES.
• In practice, RSA encryption is most commonly used
  for the transport of symmetric-key encryption
  algorithm keys and for the encryption of small
  data items

18
Notes on RSA

• recommended size of modulus
• 1024-bit or larger
• selecting primes
• p and q should be about the same bitlength, and
  sufficiently large
• p - q should not be too small

• small encryption exponents

19
Other public-key encryptions
20
(No Transcript)