To view this presentation, you'll need to enable Flash.

Show me how

After you enable Flash, refresh this webpage and the presentation should play.

Loading...

PPT – Public Key Cryptography PowerPoint presentation | free to view - id: 1234a7-NDVlN

The Adobe Flash plugin is needed to view this content

View by Category

Presentations

Products
Sold on our sister site CrystalGraphics.com

About This Presentation

Write a Comment

User Comments (0)

Transcript and Presenter's Notes

Public Key Cryptography

- Principles of Public-Key Cryptosystems
- The RSA Algorithm
- Key Management
- Diffie-Hellman Key Exchange
- Elliptic Curve Cryptography

Public Key Cryptography

- Radical departure from conventional cryptography
- Asymmetric, or two key, cipher
- Public key for encryption
- Private key for decryption
- Based on mathematics
- Not necessarily stronger than symmetric

cryptography - Typically used in conjunction with symmetric

cryptography - Generally restricted to key management and

digital signatures - Does not solve the general key management problem

Public-Key Cryptosystems

Principles of PKC

- Concept of public-key cryptography evolved from

an attempt to attack two of the most difficult

problems associated with the conventional

encryption - Key distribution
- Digital signature
- Diffie and Hellman first publicly introduced the

concepts of public-key cryptography in 1976 - Public-key algorithm rely on one key for

encryption and a different but related key for

decryption - Requirement
- It is computationally infeasible to determine the

decryption key given the encryption key - Optional feature
- Either key can be used for encryption with the

other serving as the decryption key

Public Key Encryption Process

Principles of PKC

- Confidentiality C E(pubkey, M)
- Authentication D E(privkey, M)
- Digital signature

Conventional and Public-Key Encryption

Principles of PKC

- Conventional (Symmetric)
- Same algorithm and key used
- for encryption and decryption
- Parties share algorithm and key
- Key must be kept secret
- Cipher must be strong
- Plaintext/ciphertext pairs must
- not weaken the security of the key

- Public-Key (Asymmetric)
- Same algorithm but different keys
- used for encryption and decryption
- Parties share algorithm but each has
- one key from a matched pair
- One key must be kept secret
- Cipher must be strong
- Plaintext/ciphertext pairs plus one of
- the keys must not weaken the other
- key

Principles of PKC

Public-Key Cryptosystem Secrecy

Y EKUb(X) X DKRb(Y)

KUb Bs public key KRb Bs private key

Principles of PKC

PKC Authentication

Y EKRa(X) X DKUa(Y)

No protection of confidentiality

Principles of PKC

PKC Secrecy and Authentication

Z EKUbEKRa(X) X DKUaDKRb(Z)

PKC Algorithm Requirements

Principles of PKC

- By Diffie and Hellman, in 1976
- Key pair generation is computationally easy
- Encryption is computationally easy
- Decryption is computationally easy
- Computationally infeasible to determine private

key given public key - Computationally infeasible to recover plaintext

given public key and ciphertext - Encryption and decryption functions can be

applied in either order - M DKRbEKUb(M) EKRbDKUb(M)

One-way and Trap-door Functions

Principles of PKC

- One-way function
- Y f(X) easy (polynomial time)
- X f-1(Y) infeasible (non-polynomial time)
- Trap-door one-way functions
- Family of invertible functions, one for each k
- Y fk(X) easy, given k and X
- X fk-1(Y) easy, given k and Y
- X fk-1(Y) infeasible if Y is known but k is

unknown

RSA Algorithm

RSA Algorithm

- Developed in 1977, by Ron Rivest, Adi Shamir, and

Len Adleman - Block cipher block size is log2(n), for some

integer n - Encryption C Me mod n
- Decryption M Cd mod n Med mod n
- Requirements
- Find values of e, d, and n s.t. Med M mod n for

all M lt n - Relatively easy to compute Me and Cd
- Infeasible to determine d given n and e

RSA

RSA Algorithm

- Need to find a relationship of the form
- Med M mod n
- Can use the corollary of Eulers theorem
- Given two primes p and q, and two integers, n and

m, s.t. n pq and 0 lt m lt n. and an

arbitrary integer k, the following relationship

holds - mk?(n)1 ? m mod n
- where ?(n) is the Eulers totient function
- ?(n) ?(pq) (p-1)(q-1)
- Can achieve the desired relationship if ed

k?(n)1 - Equivalent to saying that ed ? 1 mod ?(n) or d ?

e-1 mod ?(n) - That is, e and d are multiplicative inverses

modulo ?(n) - This is true only if d (and therefore e) is

relatively to prime to ?(n)

RSA Algorithm

RSA Algorithm

RSA Algorithm

RSA Example

- Select two primes, p 7 and q 17
- Calculate n pq 7 ? 17 119
- Calculate ?(n) (p-1)(q-1) 96
- Select e s.t. e is relatively prime to ?(n) and

less than ?(n) in this case, e 5 - Determine d s.t. de mod 96 1 and d lt 96. The

correct value is d 77 (77 ? 5 385 4 ? 96

1) - KU 5, 119, KR 77, 119

RSA Algorithm

RSA Computational Aspects

- Encryption and Decryption
- Both require modular exponentiation
- Can use the following efficient algorithm to

compute ab mod n - Repeated squaring

- Modular-Exponentiation(a, b, n)
- c ? 0
- d ? 1
- let bkbk-1b0 be the binary representation of b
- for i ? k downto 0
- do c ? 2c
- d ? (d ? d) mod n
- if bi 1
- then c ? c 1
- d ? (d ? a) mod n
- return d

RSA Algorithm

RSA Computational Aspects - 2

- Key Generation
- Selecting two prime numbers, p and q
- Selecting either e or d and calculating the other
- Selecting a prime number

1. Pick an odd integer n at random (e.g. using

PRNG) 2. Pick an integer a lt n at random 3.

Perform the probabilistic primality test, such as

Miller-Ravin. If n fails the test, reject the

value n and goto step 1 4. If n has passed a

sufficient number of tests, accept n otherwise

goto step 2

RSA Computational Aspects - 3

RSA Algorithm

- How many numbers are likely to be rejected before

a prime number is found? - Prime number theorem
- ?(x) x/ln(x)
- In other words, primes near x are spaced on the

average one every (ln x) integers - Thus, on average, ln(x) tests are required to

find a prime - (Actually ln(x)/2 because all even numbers can

be immediately rejected) - Example
- If a prime on the order of magnitude of 2100 were

thought, then about ln(2200)/2 70 trials would

be needed to find a prime

RSA Computational Aspects - 4

RSA Algorithm

- Selecting e and calculating d (or alternatively

selecting d and calculating e) - Need to select an e s.t. gcd(?(n), e) 1 and

then calculate d e-1 mod ?(n) - Extended Euclids Algorithm can do this
- Generate e randomly. Then using the EEA, test if

gcd((?(n), e) 1, and then get d. Otherwise do

again - Need very few tests

- Extended Euclid(e, ?(n))
- (X1, X2, X3) ? (1, 0, ?(n)) (Y1, Y2, Y3) ? (0,

1, e) - If Y3 0 return X3 gcd(e, ?(n)) no inverse
- If Y3 1 return Y3 gcd(e, ?(n)) Y2 e-1

mod ?(n) - Q ?X3/Y3?
- (T1, T2, T3) ? (X1 ? QY1, X2 ? QY2, X3 ? QY3)
- (X1, X2, X3) ? (Y1, Y2, Y3)
- (Y1, Y2, Y3) ? (T1, T2, T3)
- goto 2

Attacks on RSA Algorithm

RSA Algorithm

- Brute force (Key space search)
- Try all possible private keys
- Use large keys
- Attacks on mathematical foundation
- Several approaches, all equivalent to factoring
- Timing attacks
- Based on the running time of the decryption

algorithm

Mathematical Attacks on RSA

RSA Algorithm

- Factor n into p and q
- Allows calculation of ?(n), which allows

determination of d e-1 (mod ?(n)) - Determine ?(n) directly from n
- Equivalent to factoring
- Determine d e-1 (mod ?(n)) directly
- Seems to be as hard as factoring

Factoring

RSA Algorithm

- For a large n with large prime factors, factoring

is a hard problem - - RSA factoring challenge
- Sponsored by RSA Labs.
- To encourage research into computational number

theory and the practical difficulty factoring

large integers - A cash prize is awarded to the first person to

factor each challenge number

Progress in Factorization

RSA Factoring Challenge

RSA Algorithm

- Latest result is RSA 155 (512 bits)
- Reported Aug 22, 1999
- Factored with General Number Field Sieve
- 35.7 CPU-years in total on
- 160 175-400 MHz SGI and Sun workstations
- 8 250 MHz SGI Origin 2000 processors
- 120 300-450 MHz Pentium II PCs
- 4 500 MHz Digital/Compaq boxes
- This CPU-effort is estimated to be equivalent to

approximately 8000 MIPS years calendar time for

the sieving was 3.7 months.

RSA Factoring Challenge Numbers

RSA Algorithm

Numbers are designated RSA-XXXX, where XXXX is

the numbers length in bits Challenge Number

Prize (US) Status RSA-576 (174

Digits) 10,000 Not Factored RSA-640 (193

Digits) 20,000 Not Factored RSA-704 (212

Digits) 30,000 Not Factored RSA-768 (232

Digits) 50,000 Not Factored RSA-896 (270

Digits) 75,000 Not Factored RSA-1024 (309

Digits) 100,000 Not Factored RSA-1536 (463

Digits) 150,000 Not Factored RSA-2048 (617

Digits) 200,000 Not Factored RSA-576 Decimal

Digits 174 18819881292060796383869723946165043

980716356337941 738270076335642298885971523466548

53190606065047430 4531738801130339671619969232120

5734031879550656996 221305168759307650257059

Constraints on p and q

RSA Algorithm

- Suggested constraints on p and q (by RSA

inventors and researchers) - Length of p and q should differ by only a few

digits - Both p-1 and q-1 should contain a large prime

factor - gcd(p-1, q-1) should be small
- d gt n¼

Timing Attacks

RSA Algorithm

- Big integer multiplication take a long time
- Assume that the target system uses the following

modular exponentiation algorithm for decryption - By observing the time taken for modular

multiplication, it is possible to infer bits in b - If bi is set, d ? (d ? a) mod n will be executed

(Will be much slower than the case of bi 0) - By varying values of a (ciphertext), and

observing the execution (decryption) times

carefully, values of bkbk-1b0 (private key) can

be inferred

- Modular-Exponentiation(a, b, n) / Compute ab

mod n / - d ? 1 / let bkbk-1b0 be the binary

representation of b / - for i ? k downto 0
- do d ? (d ? d) mod n
- if bi 1
- then d ? (d ? a) mod n
- return d

Timing Attack Countermeasures

RSA Algorithm

- Constant exponentiation time
- Ensure that all exponentiations take the same

amount of time - Simple fix, but degrade the performance
- Random delay
- Add a random delay to the exponentiation

algorithm to confuse the timing attack - Blinding
- Multiply the ciphertext by a random number before

performing the exponentiation - RSA Data Securitys blinding method
- Generate a secret random r, 0 lt r lt n-1
- Compute C Cre mod n, where e is the public

exponent - Compute M (C)d mod n with the ordinary RSA
- Compute M M r-1 mod n (Cre)dr-1 mod n

Cdredr-1 mod n - Cd mod n ? (red mod n r mod n)
- 2 to 10 performance penalty

Public Key Distribution

Key Management

- Public announcement
- Public available directory
- Public key authority
- Public key certificates

Public Announcement of Public Keys

Key Management

- Attach to email
- Publish on web page,
- Convenient, but has obvious weakness (forgery)

Public Key Directory

Key Management

- Trusted entity maintains a public directory
- Name public key
- Individuals register with the authority
- In person or using authenticated communication
- Must allow replacement
- To update compromised or lost keys
- Trusted entity publishes the directory
- Phone book, newspaper ads, etc
- Via (authenticated) network communication

Public Key Directory Weaknesses

Key Management

- More secure than individual announcements
- Vulnerable to compromise of trusted entity
- Network communication
- Database contents

Public Key Authority

Key Management

- Trusted entity maintains a public directory
- Name public key
- Trusted entity distributes its own public key
- Alice requests Bobs public key
- Include nonce to prevent replay
- Authority response is encrypted under private key
- i.e., digitally signed
- Response contains Bobs public key, Alices

original request and nonce - Alice requests communication with Bob
- Encrypted under Bobs public key
- Request contains Alices identity and a nonce
- Bob retrieves Alices public key from the

authority

Public Key Authority

Key Management

Public Key Authority

Key Management

- Alice and Bob mutually authenticate and assure

freshness - Bob responds to Alice
- Encrypted under Alices public key
- Contains Alices nonce and a new nonce
- Alice returns Bobs nonce
- Encrypted under Bobs public key
- Seven messages in total
- First four can be avoided in the future if the

responses are cached, but that comes with some

risk, so the cache should be periodically updated - Public key authority could be a performance

bottleneck - Subject to tampering, as above

Public Key Certificates

Key Management

- Goal is to provide a mechanism as secure and

reliable as the public key authority without

requiring direct contact - Public key certificate
- Each user possesses her own
- Used to convey public key
- Distributed on request (or any means)
- Public key certificate requirement
- Anyone can read a certificate and determine the

name and public key of the owner - Anyone can verify that the certificate originated

from the public key certification authority - Only the public key certification authority can

issue or update certificates - Anyone can tell whether a certificate is current

Public Key Certificates

Key Management

- Each principal applies to the CA with her public

key and a request for a certificate - Application must be in person or authenticated
- Certificate contents
- Identity of principal
- Public key of principal
- Timestamp (expiration date)
- Certificate is signed by CA
- Verifying a certificate
- Check the CA signature
- Using certificates
- Alice and Bob exchange certificates
- Alice and Bob validate the certificates they

receive

Public Key Certificates

Key Management

Public-Key Distribution of Secret Key

Key Management

- Because of its huge computational cost,

Public-Key cryptosystem usage tends to be

restricted - Digital signatures
- Secret key distribution

Secret Key Distribution(Merkles Algorithm)

Key Management

- Alice creates a public/private key pair, sends

her public key to Bob - Bob creates a secret key, sends it to Alice

encrypted in her public key - Simple but vulnerable to MITM (Man-in-the-Middle)

active attack

Secret Key Distribution (Needham-Schroeders)

Key Management

- Provides a protection against both active and

passive attacks - Assume Alice and Bob have exchanged public keys

(by any scheme described early) - Alice encrypts and sends a nonce to Bob
- Bob encrypts and sends Alices nonce and his own

nonce - Alice encrypts and sends Bobs nonce back to Bob
- Alice selects, signs, encrypts and sends a secret

key to Bob

Secret Key Distribution (Needham-Schroeders)

Key Management

Diffie-Hellman Key Exchange

- Relies on difficulty of computing discrete

logarithm

K (YB)XA mod q (?XB mod q)XA mod q

(?XB)XA mod q ?XBXA mod q (?XA)XB mod

q (?XA mod q)XB mod q (YA)XB mod q

Diffie-Hellman Key Exchange

EXAMPLE Q 97, primitive root of q, in this

case, ? 5 A and B selects secret keys XA 36

and XB 58 Each computes public key YA 536

50 mod 97, YB 558 44 mod 97 After exchanging

public keys, each compute the common secret

key K (YB)XA mod 97 4436 75 mod 97 K

(YA)XB mod 97 5058 75 mod 97

Chapter 6 HW

- Prob. 6.2
- Prob. 6.3
- Prob. 6.4
- Prob. 6.7
- Prob. 6.14

About PowerShow.com

PowerShow.com is a leading presentation/slideshow sharing website. Whether your application is business, how-to, education, medicine, school, church, sales, marketing, online training or just for fun, PowerShow.com is a great resource. And, best of all, most of its cool features are free and easy to use.

You can use PowerShow.com to find and download example online PowerPoint ppt presentations on just about any topic you can imagine so you can learn how to improve your own slides and presentations for free. Or use it to find and download high-quality how-to PowerPoint ppt presentations with illustrated or animated slides that will teach you how to do something new, also for free. Or use it to upload your own PowerPoint slides so you can share them with your teachers, class, students, bosses, employees, customers, potential investors or the world. Or use it to create really cool photo slideshows - with 2D and 3D transitions, animation, and your choice of music - that you can share with your Facebook friends or Google+ circles. That's all free as well!

For a small fee you can get the industry's best online privacy or publicly promote your presentations and slide shows with top rankings. But aside from that it's free. We'll even convert your presentations and slide shows into the universal Flash format with all their original multimedia glory, including animation, 2D and 3D transition effects, embedded music or other audio, or even video embedded in slides. All for free. Most of the presentations and slideshows on PowerShow.com are free to view, many are even free to download. (You can choose whether to allow people to download your original PowerPoint presentations and photo slideshows for a fee or free or not at all.) Check out PowerShow.com today - for FREE. There is truly something for everyone!

You can use PowerShow.com to find and download example online PowerPoint ppt presentations on just about any topic you can imagine so you can learn how to improve your own slides and presentations for free. Or use it to find and download high-quality how-to PowerPoint ppt presentations with illustrated or animated slides that will teach you how to do something new, also for free. Or use it to upload your own PowerPoint slides so you can share them with your teachers, class, students, bosses, employees, customers, potential investors or the world. Or use it to create really cool photo slideshows - with 2D and 3D transitions, animation, and your choice of music - that you can share with your Facebook friends or Google+ circles. That's all free as well!

For a small fee you can get the industry's best online privacy or publicly promote your presentations and slide shows with top rankings. But aside from that it's free. We'll even convert your presentations and slide shows into the universal Flash format with all their original multimedia glory, including animation, 2D and 3D transition effects, embedded music or other audio, or even video embedded in slides. All for free. Most of the presentations and slideshows on PowerShow.com are free to view, many are even free to download. (You can choose whether to allow people to download your original PowerPoint presentations and photo slideshows for a fee or free or not at all.) Check out PowerShow.com today - for FREE. There is truly something for everyone!

presentations for free. Or use it to find and download high-quality how-to PowerPoint ppt presentations with illustrated or animated slides that will teach you how to do something new, also for free. Or use it to upload your own PowerPoint slides so you can share them with your teachers, class, students, bosses, employees, customers, potential investors or the world. Or use it to create really cool photo slideshows - with 2D and 3D transitions, animation, and your choice of music - that you can share with your Facebook friends or Google+ circles. That's all free as well!

For a small fee you can get the industry's best online privacy or publicly promote your presentations and slide shows with top rankings. But aside from that it's free. We'll even convert your presentations and slide shows into the universal Flash format with all their original multimedia glory, including animation, 2D and 3D transition effects, embedded music or other audio, or even video embedded in slides. All for free. Most of the presentations and slideshows on PowerShow.com are free to view, many are even free to download. (You can choose whether to allow people to download your original PowerPoint presentations and photo slideshows for a fee or free or not at all.) Check out PowerShow.com today - for FREE. There is truly something for everyone!

For a small fee you can get the industry's best online privacy or publicly promote your presentations and slide shows with top rankings. But aside from that it's free. We'll even convert your presentations and slide shows into the universal Flash format with all their original multimedia glory, including animation, 2D and 3D transition effects, embedded music or other audio, or even video embedded in slides. All for free. Most of the presentations and slideshows on PowerShow.com are free to view, many are even free to download. (You can choose whether to allow people to download your original PowerPoint presentations and photo slideshows for a fee or free or not at all.) Check out PowerShow.com today - for FREE. There is truly something for everyone!

Recommended

«

/ »

Page of

«

/ »

Promoted Presentations

Related Presentations

Page of

Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us Send Us Feedback

Copyright 2018 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.

Copyright 2018 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.

The PowerPoint PPT presentation: "Public Key Cryptography" is the property of its rightful owner.

Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!