Information Security and Management 9' Publickey Cryptography and RSA

1
Information Security and Management 9.
Public-key Cryptography and RSA

• Chih-Hung Wang
• Sep. 2007

2
Public Key Cryptography

• Problems of symmetric key
• Key Distribution
• Need a secure channel

?
Key
Secure Channel
3
Public Key Cryptography

• KDC (Key Distribution Center)

4
Public Key Cryptography

• Key Storage
• n users in the system. Each one needs n-1 keys.
  There are n(n-1)/2 keys in the system.
• 1000 users in the system. Each one needs 999
  keys. There are 499500 keys in the system.

5
Public Key Cryptosystem
6
Public Key Cryptosystem
7
Public Key Cryptosystem

• Encryption

8
Public Key Cryptosystem

• Authentication

9
PKC vs. SKC
10
PKC for Secrecy
11
PKC for Secrecy

• Secrecy
• Ciphertext Y EKUb(X)
• Receiver B can recover the plaintext using his
  private key KRb
• DKRb(Y) DKRb(EKUb(X)) X

12
Application for Public-key Cryptosystem
13
Requirements for PKC (1)

• It is computationally easy for a party B to
  generate a public-key (KUb) and private-key (KRb)
  pair.
• Encryption CEKUb(M)
• Decryption MDKRb(C)DKRb(EKUb(M))
• It is computationally infeasible for an opponent,
  knowing the public key KUb to determine the
  private key KRb.
• It is computationally infeasible for an opponent,
  knowing the public key KUb and a cipher C to
  recover the original message M.
• M EKUb(DKRb(M)) DKUb(EKRb(M))

14
Requirements for PKC (2)

• One-way function
• Yf(X) easy
• Xf-1(Y) infeasible
• Trapdoor (one-way) function
• Yfk(X) easy if k and X are known
• Xfk-1(Y) easy if k and Y are known
• Xfk-1(Y) infeasible if Y is known but k is not
  known

15
RSA Cryptosystem

• 1977 by Ron Rivest, Adi Shamir, and Len Adleman
  (MIT)
• The first secure practical public key
  cryptosystem
• A block cipher in which the plaintext and
  ciphertext are integers between 0 and n-1 for
  some n

16
The RSA Algorithm (1/2)
17
The RSA Algorithm (2/2)
18
RSA Example
19
RSA Example
N119 pq 717 e5 ed 1 mod 616 d77
20
Security of RSA

• Three possible approaches to attacking the RSA
  algorithm
• Brute force
• Trying all possible private keys
• Mathematical attacks
• Timing attacks

21
Factoring Problem

• Factor n into its two prime factos. This enable
  calculation of ?(n) (p-1)(q-1), which enables
  determination of d e 1 mod ?(n) .
• Determine ?(n) directly, without first
  determining p and q.
• Determine d directly, without first determining
  ?(n)

22
Factoring Problem

• For a large n with large prime factors, factoring
  is a hard problem, but not as hard as it used to
  be.
• Example factorize 48770428682337401 gt hard
  problem
• Easy problem
• Is 223092871 a factor of 48770428682337401?
• 1977 three inventors of RSA issue Mathematical
  Games
• 100 reward
• 1994 RSA-129 (428 bits) breaking

23
Progress of Factorization (1)
24
Progress of Factorization (2)
25
Progress of Factorization (3)
26
Constraints of RSA

• Key Requirement
• Key size in the range of 1024 to 2018 bits
• p and q should differ in length by only a few
  digits. Thus, both p and q should be on the order
  of 1075 to 10100.
• Both (p-1) and (q-1) should contain a large
  prime factor
• gcd(p-1,q-1) should be small

27
Timing Attacks

• Proceeds bit by bit
• Modular exponentiation method
• bi1 slow for a few values of d and a bi0
  fast

c0 d1 for ik to 0 do c2c d(dd)
mod n if bi1 then cc1 d(da)
mod n return d
a13 a(1101)(((12?a)2 ?a)2 )2 ? a
28
Timing Attacks

• Countermeasures
• Constant exponentiation time
• Degrade performance
• Random delay
• Blinding
• Multiply the ciphertext by a random number before
  performing exponentiation.

29
Blinding

• Generate a secret random r between 0 and n-1
• Compute CC(re) mod n
• Compute M(C)d mod n
• Compute MMr-1 mod n where r-1 is the
  multiplicative inverse of r mod n.
• RSA Data Security reports a 2 to 10 performance
  penalty for blinding.

30
Exercise

• Other constraints of RSA?
• Strong Prime
• Selecting e
• Common modulus protocol