Scribd
Upload
12 views

Final Public Key Cryptography

Uploaded by

Shaik Sohail
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
12 views

Final Public Key Cryptography

Uploaded by

Shaik Sohail
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 24

Public key cryptography

• The most important properties of public key


encryption scheme are −
• Different keys are used for encryption and decryption.
This is a property which set this scheme different than
symmetric encryption scheme.
• Each receiver possesses a unique decryption key,
generally referred to as his private key.
• Receiver needs to publish an encryption key, referred to
as his public key.
• Some assurance of the authenticity of a public key is
needed in this scheme to avoid spoofing by adversary as
the receiver.
Public-Key Cryptography
Symmetric vs Public-Key
 Public key Applications
 It can be classified into 3 categories:
 Encryption/decryption (provide secrecy)

 Digital signatures (provide authentication)

 Key exchange (of session keys)

 some algorithms are suitable for all uses,


others are specific to one
RSA
 By Rivest, Shamir & Adleman of MIT in 1977
 Best known & widely used public-key scheme
 Based on exponentiation in a finite (Galois) field over
integers modulo a prime
 nb. exponentiation takes O((log n)3) operations (easy)

 Uses large integers (eg. 1024 bits)


 Security due to cost of factoring large numbers
 nb. factorization takes O(e log n log log n) operations (hard)
RSA En/decryption
 To encrypt a message M the sender:
 Obtains public key of recipient PU={e,n}

 Computes: C = Me mod n, where 0≤M<n

 To decrypt the ciphertext C the owner:


 Uses their private key PR={d,n}

 Computes: M = Cd mod n

 Note that the message M must be smaller than


the modulus n (block if needed)
RSA Key Setup

 Each user generates a public/private key pair by:


 Selecting two large primes at random: p, q
 Computing their system modulus n=p.q
 ø(n)=(p-1)(q-1)

 Selecting at random the encryption key e


 where 1<e<ø(n), gcd(e,ø(n))=1

 Solve following equation to find decryption key d


 e.d=1 mod ø(n) and 0≤d≤n

 Publish their public encryption key: PU={e,n}


 Keep secret private decryption key: PR={d,n}
How RSA Works
 Because of Euler's Theorem:
 aø(n)mod n = 1 where gcd(a,n)=1

 In RSA have:
 n=p.q

 ø(n)=(p-1)(q-1)

 Carefully chose e & d to be inverses mod ø(n)

 Hence e.d=1+k.ø(n) for some k

 Hence :
Cd = Me.d = M1+k.ø(n) = M1.(Mø(n))k
• = M1.(1)k = M1 = M mod n
RSA Example - Key Setup
1. Select primes: p=17 & q=11
2. Calculate n = pq =17 x 11=187
3. Calculate ø(n)=(p–1)(q-1)=16x10=160
4. Select e: gcd(e,160)=1; choose e=7
5. Determine d: de=1 mod 160 and d < 160
Value is d=23 since 23x7=161= 10x160+1
6. Publish public key PU={7,187}
7. Keep secret private key PR={23,187}
RSA Example - En/Decryption
 Sample RSA encryption/decryption is:
 Given message M = 88 (nb. 88<187)
 Encryption:
C = 887 mod 187 = 11
 Decryption:
M = 1123 mod 187 = 88
Example
• An example of generating RSA Key pair is given below.
• For ease of understanding, the primes p & q taken here are small
values. Practically, these values are very high .
• Let two primes be p = 7 and q = 13.
• Thus, modulus n = pq = 7 x 13 = 91.
• Select e = 5, which is a valid choice since there is no number that is
common factor of 5 and p−1q−1 = 6 × 12 = 72, except for 1.
• The pair of numbers n,e = 91,5 forms the public key and can be
made available to anyone whom we wish to be able to send us
encrypted messages.
• Input p = 7, q = 13, and e = 5 to the Extended Euclidean Algorithm.
The output will be d = 29. Check that the d calculated is correct by
computing −
de = 29 × 5 = 145 = 1 mod 72
• Hence, public key is 91,5 and private keys is 91,29.
RSA Key Generation
 Users of RSA must:
 Determine two primes at random - p, q
 Select either e or d and compute the other
 Primes p,q must not be easily derived from
modulus n=p.q
 Means must be sufficiently large
 Typically guess and use probabilistic test
 Exponents e, d are inverses, so use Inverse
algorithm to compute the other
RSA Security
 Possible approaches to attacking RSA are:
 Brute force key search - infeasible given size of
numbers
 Mathematical attacks - based on difficulty of
computing ø(n), by factoring modulus n
 Timing attacks - on running of decryption
 Chosen cipher text attacks - given properties of
RSA
Timing Attacks
 Developed by Paul Kocher in mid-1990’s
 Exploit timing variations in operations
 eg. multiplying by small vs large number

 Infer operand size based on time taken


 RSA exploits time taken in exponentiation
 Counter measures
 Use constant exponentiation time

 Add random delays

 Blind values used in calculations


Chosen Ciphertext Attacks
• RSA is vulnerable to a Chosen Cipher text
Attack (CCA)
• Attackers chooses cipher texts & gets
decrypted plaintext back
• Choose cipher text to exploit properties of RSA
to provide info to help cryptanalysis
• Can counter with random pad of plaintext or
use Optimal Asymmetric Encryption Padding
(OASP)
Optimal Asymmetric Encryption Padding (OASP)
Diffie-Hellman Key Exchange
Diffie-Hellman Key Exchange

 First public-key type scheme proposed


 By Diffie & Hellman in 1976 along with the
exposition of public key concepts
 It is a practical method for public exchange of
a secret key
 It IS used in a number of commercial products
Diffie-Hellman Key Exchange

 A public-key distribution scheme


 cannot be used to exchange an arbitrary message

 it can establish a common key

 known only to the two participants

 Value of key depends on the participants (and their


private and public key information)
 Based on exponentiation in a finite field (modulo a
prime or a polynomial) - easy
 Security relies on the difficulty of computing discrete
logarithms (similar to factoring) – hard
Diffie-Hellman Setup

 All users agree on global parameters:


 Large prime integer or polynomial q
 A being a primitive root mod q
 Each user (eg. A) generates their key
 Chooses a secret key (number): xA < q
xA
 Compute their public key: yA = a mod q
 Each user makes public that key yA
Diffie-Hellman Key Exchange

 Shared session key for users A & B is KAB:


xA.xB

KAB = a mod q
xB

= y A mod q (which B can compute)
xA

= y B mod q (which A can compute)
 KAB is used as session key in private-key encryption
scheme between Alice and Bob
 If Alice and Bob subsequently communicate, they will
have the same key as before, unless they choose new
public-keys
 Attacker needs an x, must solve discrete log
Diffie-Hellman Example
 Users Alice & Bob who wish to swap keys:
 Agree on prime q=353 and a=3
 Select random secret keys:

A chooses xA=97, B chooses xB=233
 Compute respective public keys:
97

yA=3 mod 353 = 40 (Alice)
233

yB=3 mod 353 = 248 (Bob)
 Compute shared session key as:
xA 97

KAB= y B mod 353 = 248 = 160 (Alice)
xB 233

KAB= y A mod 353 = 40 = 160 (Bob)
Setup: p prime and g generator of Zp*, p and g public
Example: Let p=11, g=2, then

a 1 2 3 4 5 6 7 8 9 10 11
ga 2 4 8 16 32 64 128 256 512 1024 2048

ga mod p 2 4 8 5 10 9 7 3 6 1 2

A chooses 4, B chooses 3, then shared secret is (23)4 = (24)3 = 212


= 4 (mod 11)
Adversaries sees 23=8 and 24=5, needs to solve one of 2x=8 and 2y=5 to
figure out the shared secret.

You might also like