Key Exchange Methods Diffie-Hellman and RSA

Key Exchange MethodsDiffie-Hellman and RSA

CPE 701 Research Case StudyDerek Eiler | April 2012

OverviewToday’s discussion

• Background: “key” cryptography concepts• Diffie-Hellman key exchange• Public key infrastructure (PKI)• RSA key pair generation

BackgroundA few “key” concepts

• Encryption: plaintext -> ciphertext• Decryption: ciphertext -> plaintext• Cryptographic function: mathematical

function or algorithm used to encrypt/decrypt• Key: parameter for a cryptographic function• Symmetric vs. asymmetric keys

So four people walk into a bar…Alice, Bob, Eve, and Mallory

• Alice and Bob want to speak privately over a public channel

• Eve is always eavesdropping on Alice and Bob• Mallory has malicious plans to interfere with

Alice and Bob’s private conversation

Diffie-Hellman key exchangeThe concept

• Alice and Bob derive a shared secret key over a public channel (no prior arrangements)

• Publicly agree on two public values, and • Each choose a private value, and • Use clever math to compute a shared secret, • Eve and Mallory never overhear enough

information to derive the shared secret

Diffie-Hellman key exchangeThe math: discrete logarithm problem

Let be a large prime numberLet be an integer < For every number from , inclusive, must have a power such that:

• Solving the is considered (but not proven) hard to do in polynomial time

Diffie-Hellman key exchangeThe math: discrete logarithm in action

Solve for , given values , , , and knowing:

• Finding is easy if or are known• Quickly solved by brute force if and • What if and ?

Diffie-Hellman key exchangeExample using small numbers

Alice starts the exchange and tells Bob Privately, Alice chooses and Bob chooses Alice computes and tells Bob the result

Bob computes and tells Alice the result

Since , Alice can compute

Since , Bob can compute

Meanwhile, Eve doesn’t know or and can’t easily derive

RSA key generationThe concept

• Alice generates a pair of keys, publishing one and keeping the other private

• Anyone may use the published key to encrypt messages intended for Alice

• Only Alice can decrypt messages encrypted with the public key (unless the private key was compromised somehow)

• Alice may also use the key pair to prove her identity

RSA key generationThe math: factoring problem

• Computing the product of two prime numbers is easy (23*17 = 391)

• Factoring the product of two large prime numbers is “hard”

• Try factoring 123,018,668,453,011,775,513,049,495,838,496,272,077,285,356,959,533,479,219,732,245,215,172,640,050,726,365,751,874,520,219,978,646,938,995,647,494,277,406,384,592,519,255,732,630,345,373,154,826,850,791,702,612,214,291,346,167,042,921,431,160,222,124,047,927,473,779,408,066,535,141,959,745,986,902,143,413

RSA key generationThe math: public and private key pair

• Calculate the product where and are very large prime numbers (e.g. tens or even hundreds of digits long)

• Carefully choose exponents and such that we can publish the key and retain the corresponding private key

RSA key generationThe math: “exponential” difficulty

• Choose an such that and is coprime to • How? For each in , test whether until true.*• Choose a such that is divisible by • Now publish and retain the private key

*Euclid’s or Stein’s algorithm are typically used to compute the GCD.

ReferencesSome light reading on the web

RSA Laboratories: 3.6.1 What is Diffie-Hellman?

David A. Carts: A Review of the Diffie-Hellman Algorithm and its Use in Secure Internet Protocols.

RSA Laboratories: What is the RSA Cryptosystem?

RSA Laboratories: RSA Factoring Challenge.

BigPrimes.net: Prime Numbers Archive.