VI. PublicKey Cryptography

1
VI. Public-Key Cryptography

• This chapter provides an overview of public-key
  encryption.

2
1. Principles of Public-Key Cryptosystems

• History of Cryptography
• Conventional Cryptography
• Single Key
• By hand
• Rotor encryption/decryption machine
• Lucifer effort at IBM DES
• Substitution and permutation for confusion and
  diffusion.

3
1. Principles of Public-Key Cryptosystems

• Principles of Public-Key Cryptosystems
• the most difficult problems associated with
  conventional encryption
• Key Distribution
• KDC or already share a key
• Digital Signatures
• For commercial and private purposes
• Public-Key WILL SOLVE IT!

4
1. Principles of Public-Key Cryptosystems

• Public-Key Cryptosystems
• Rely on
• one key for encryption and
• a different but related key for decryption
• Important Characteristic
• Computationally infeasible to determine the KD
  given only knowledge of the algorithm and the KE
• Any of keys can used for Encryption(some cases)

5
1. Principles of Public-Key Cryptosystems

• Public-Key Encryption

6
1. Principles of Public-Key Cryptosystems

• Public-Key Encryption

7
1. Principles of Public-Key Cryptosystems

• Conventional Public-Key Encryption

8
1. Principles of Public-Key Cryptosystems

• Public-Key Cryptosystem Secrecy

9
1. Principles of Public-Key Cryptosystems

• Public-Key Cryptosystem Authentication

10
1. Principles of Public-Key Cryptosystems

• Public-Key Cryptosystem Secrecy and
  Authentication

11
1. Principles of Public-Key Cryptosystems

• Application for Public-Key Cryptosystems
• Encryption/Decryption
• A C EKUbP B P DKPbC
• Digital Signature
• A C EKPaP B P DKUaC
• Key Exchange
• To exchange a Session key

12
1. Principles of Public-Key Cryptosystems

• Application for Public-Key Cryptosystems
• Requirements for Public-Key Cryptography(1/2)
• 1.It is computationally easy for party B to
  generate a pair(KUb,KRb).
• 2.It is computationally easy for a sender A,
  knowing KUb and M to generate C C EKUb(M)

13
1. Principles of Public-Key Cryptosystems

• Requirements for Public-Key Cryptography(2/2)
• 3.It is computationally easy for the receiver B
  to decrypt C using KRb to recover M
• M DKRb(C) DKRbEKUb(M)
• 4.It is computationally infeasible for an
  opponent, knowing KUb to determine KRb.
• 5.It is computationally infeasible for an
  opponent, knowing KUb and C to recover M.
• 6.The encryption and decryption functions can be
  applied in either order.

14
1. Principles of Public-Key Cryptosystems

• One-Way Functions
• One-Way Function
• Y f(X) easy
• X f-1(Y) infeasible
• Trapdoor One-Way Function
• Y fk(X) easy
• X fk-1(Y) easy with k
• X fk-1(Y) infeasible without k
• One-Way Hash Function
• h H(M)
• M is a variable-length, h is the fixed-length
  hash value.

15
1. Principles of Public-Key Cryptosystems

• Public-Key Cryptanalysis
• Countermeasure
• Brute-force Attack
• Key size must be large enough
• Some way to compute the KR given KU
• Not proven that this is infeasible
• Probable-Message Attack
• Appending some random bits to such simple
  messages

16
2. The RSA Algorithm

• In 1977 by Ron Rivest, Adi Shamir, Len Adleman at
  MIT
• A block cipher
• the plaintext and ciphertext are integers between
  0 and n-1 for some n
• I will do
• Explanation of the algorithm
• Examine some of the computational and
  cryptanalytical implications of RSA

17
2. The RSA Algorithm

• Description of the Algorithm (1/6)
• Block Size
• k bits, where 2k lt n 2k1
• Encryption/Decryption
• C Me mod n
• M Cd mod n (Me)d mod n Med mod n
• Keys
• KU e,n, KR d,n

18
2. The RSA Algorithm

• Description of the Algorithm (2/6)
• Requirements to meet
• It is possible to find values of e,d,n such that
  Med M mod n for all M lt n.
• It is relatively easy to calculate Me and Cd for
  all values of M lt n.
• It is infeasible to determine d given e and n

19
2. The RSA Algorithm

• Description of the Algorithm (3/6)
• Med M mod n
• Eulers Theorem
• where is the Euler totient function
• n pq, p,q is prime
• RSA scheme
• p,q, 2 prime numbers (prv, chosen)
• n pq (pub, calculated)
• e, with gcd( ,e) 1 (pub, chosen)
• (prv, calculated)

20
2. The RSA Algorithm

• Description of the Algorithm (4/6)

21
2. The RSA Algorithm

• Description of the Algorithm (5/6)

22
2. The RSA Algorithm

• Description of the Algorithm (6/6)
• p 7, q17
• n pq 717 119
• (p-1)(q-1) 96
• e 5 chosen
• d 77 775 385 496 1

23
2. The RSA Algorithm

• Computational Aspects Encryption and Decryption

24
2. The RSA Algorithm

• Computational Aspects Encryption and Decryption

25
2. The RSA Algorithm

• Computational Aspects Key Generation
• Determining two prime number p,q
• Pick an odd integer n at random
• Pick an integer a lt n at random
• Perform probabilistic primality test
• If n fails the test, reject n and go to step1.
• If n has passed a sufficient of tests
• Accept n otherwise go to step 2
• Selecting ed and calculating de
• The extended Euclids algorithm

26
2. The RSA Algorithm

• The Security of RSA
• Brute force
• Trying all possible private keys
• Mathematical attacks
• Factoring the product of two primes
• Timing attacks
• Depend on the running time of the decryption
  algorithm

27
2. The RSA Algorithm

• Factoring Problem
• n ?pq
• Enables calculation of (p-1)(q-1)
• d e-1(mod ).
• Determine directly
• d e-1(mod ).
• Determine d directly

28
2. The RSA Algorithm

• Factoring Algorithms
• The p-1 factoring algorithm
• Quadratic Sieve
• Elliptic curve
• Number Field Sieve

29
2. The RSA Algorithm

• Factoring Algorithmp-1 factoring algorithm

30
2. The RSA Algorithm

• Factoring AlgorithmQuadratic Sieve(1/2)

31
2. The RSA Algorithm

• Factoring AlgorithmQuadratic Sieve(2/2)

32
2. The RSA Algorithm

• Factoring Algorithmsin Practice
• Running Times of Factoring Algorithms

33
2. The RSA Algorithm

• Progress in Factorization

34
2. The RSA Algorithm

• MIPS-year Needed to Factor

35
2. The RSA Algorithm

• For the good n
• p and q should differ in length by only a few
  digits. 1075 lt p,q lt10100.
• Both (p-1) and (q-1) should contain a large prime
  factor
• gcd(p-1,q-1) should be small.

36
2. The RSA Algorithm

• Timing AttackCountermeasures
• Constant exponentiation time
• Simple fix but degrade performance
• Random delay
• To confuse the timing attack
• Blinding
• Before performing exponentiation
• Multiply the ciphertext by a random number
• RSA Data Security incorporates Blinding

37
3. Key Management

• Distribution of Public Keys
• Public Announcement
• Public Available directory
• Public-Key Authority
• Public-Key Certificates
• Public-Key Distribution of Secret Keys
• Simple Secret Key Distribution
• Secret Key Distribution with Confidentiality and
  Authentication
• A Hybrid Scheme

38
3. Key Management

• Distribution of Public Keys -Public Announcement
• USENET newsgroup, Internet mailing lists
• Forgery is possible!

39
3. Key Management

• Distribution of Public Keys -Public Available
  directory

40
3. Key Management

• Distribution of Public Keys Public-Key Authority

41
3. Key Management

• Distribution of Public Keys Public-Key
  Certificates
• Timestamp serves as an expiration date

42
3. Key Management

• Public-Key Distribution of Secret Keys- Simple
  Secret Key Distribution
• Vulnerable to an active attack
• A generate a KUa,KRa and transmits a message
  intended for B consisting of KUa and an IDA.
• E intercepts the message, creates its own
  KUe,KRe and transmits KUe IDA to B.
• B generates Ks and transmits EKUeKs.
• E intercepts the message and learns Ks, by
  DKReEKUeKs.
• E transmits EKUaKsto A.

43
3. Key Management

• Public-Key Distribution of Secret KeysSecret Key
  Distribution with Confidentiality and
  Authentication
• Confidentiality and Authentication

44
3. Key Management

• Public-Key Distribution of Secret KeysA Hybrid
  Scheme
• KDC(Key Distribution Center) shares a secret
  master key with each user
• Session key is encrypted with master key
• Public-key scheme is used to distribute the
  master key

45
4. Diffie-Hellman Key Exchange
46
4. Diffie-Hellman Key Exchange
47
4. Diffie-Hellman Key Exchange
48
4. Diffie-Hellman Key Exchange
49
4. Diffie-Hellman Key Exchange
50
4. Diffie-Hellman Key Exchange
51
4. Diffie-Hellman Key Exchange
52
4. Diffie-Hellman Key Exchange
53
4. Diffie-Hellman Key Exchange
54
4. Diffie-Hellman Key Exchange
55
4. Diffie-Hellman Key Exchange
56
4. Diffie-Hellman Key Exchange
57
5. Elliptic Curve Cryptography
58
5. Elliptic Curve Cryptography
59
5. Elliptic Curve Cryptography
60
5. Elliptic Curve Cryptography
61
5. Elliptic Curve Cryptography
62
5. Elliptic Curve Cryptography
63
5. Elliptic Curve Cryptography
64
5. Elliptic Curve Cryptography