Public key cryptography RSA Algorithm Diffie-Hellman key exchange
Jan 04, 2016
Public key cryptography
RSA AlgorithmDiffie-Hellman key exchange
Public-Key Cryptography• traditional private/secret/single key
cryptography uses one key • Key is shared by both sender and
receiver • if the key is disclosed communications
are compromised • also known as symmetric, both parties
are equal – hence does not protect sender from receiver
forging a message & claiming is sent by sender
Disadvantages of Classical Cryptography
• Requires secure transmission of key value
• Requires a separate key for each group of people that wishes to exchange encrypted messages (readable by any group member)• For example, to have a separate key for
each pair of people, 100 people would need 4950 different keys.
• Cumbersome Handshaking involved in KDC
• probably most significant advance in the 3000 year history of cryptography
• uses two keys – a public key and a private key
• asymmetric since parties are not equal • uses clever application of number theory
concepts to function• complements rather than replaces
private key cryptography
Public-Key Cryptography
Why Public-Key Cryptography?
• developed to address two key issues:– key distribution – how to have secure
communications in general without having to trust a KDC with your key
– digital signatures – how to verify a message comes intact from the claimed sender
• public invention due to Whitfield Diffie & Martin Hellman at Stanford U. in 1976
• Key Distribution requires that– Two communicants already share a
key,which somehow has been distributed to them
– Use of a key distribution center
• Electronic messages and documents would need the equivalent of signatures used in paper documents.
• public-key/two-key/asymmetric cryptography involves the use of two keys: – a public-key, which may be known by
anybody, and can be used to encrypt messages, and verify signatures
– a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures
• is asymmetric because– those who encrypt messages or verify
signatures cannot decrypt messages or create signatures
Public-Key Cryptography
Public-Key CryptographyEncryption
• Alice generates a key value (usually a number or pair of related numbers) which she makes public.
• Alice uses her public key (and some additional information) to determine a second key (her private key).
• Alice keeps her private key (and the additional information she used to construct it) secret.
• Bob (or Carol, or anyone else) can use Alice’s public key to encrypt a message for Alice.
• Alice can use her private key to decrypt this message.
• No-one without access to Alice’s private key (or the information used to construct it) can easily decrypt the message
An Example: Internet Commerce
• Bob wants to use his credit card to buy some books from Alice over the Internet.
• Alice sends her public key to Bob.• Bob uses this key to encrypt his
credit-card number and sends the encrypted number to Alice.
• Alice uses her private key to decrypt this message (and get Bob’s credit-card number).
Authentication
Public-Key Cryptosystems
Public-Key Applications
• can classify uses into 3 categories:– encryption/decryption (provide
secrecy)– digital signatures (provide
authentication)– key exchange (of session keys)
• some algorithms are suitable for all uses, others are specific to one
Algorithm
Encryption / Decryption
Digital Signature
Key Exchange
RSA Y Y Y
Elliptic curve
Y Y Y
Diffie-Hellman
N N Y
DSS N Y N
THE RSA ALGORITHM
• Public key algorithm invented in 1977 by Ron Rivest, Adi Shamir & Leonard Adleman of MIT
• Best known & widely used public-key scheme
• Supports Encryption & Digital signatures
• Gets its security from integer factorization problem
Key Generation1. Generate two large random primes, p and q, of
approximately equal size such that their product n = pq is of the required bit length, e.g. 1024 bits.
2. Compute n = pq and phi φ(n) = (p-1)(q-1).3. Choose an integer e, 1 < e < φ(n), such that
gcd(e, φ) = 1. 4. Compute the secret exponent d, 1 < d < φ(n),
such that ed ≡ 1 mod φ(n). 5. The public key is (n, e) and the private key is (n,
d). Keep all the values d, p, q and φ(n) secret.• n is known as the modulus.• e is known as the public exponent or encryption exponent
or just the exponent.• d is known as the secret exponent or decryption
exponent.
Key Generation -detail
1. Use a random process to select two large prime numbers p and q. Compute the product n = p*q. This number is called the modulus, and is made publicly available.– RSA currently recommends a modulus
that’s at least 768 bits long.
2. Also compute the Euler totient φ(n) = φ(pq)= (p-1)*(q-1). Keep this number (as well as p and q) secret.
GCD & Relatively prime• Two numbers a and b which have no
common factors other than one are said to be coprime or relatively prime. For example, 4 and 9 are coprime but 15 and 25 are not.
• The greatest common divisor of two integers a and b is the largest integer that divides both numbers and is denoted by ‘gcd(a, b)’. For example, gcd(25, 15) = 5 and gcd(4, 9) = 1.
• a and b are coprime if and only if gcd(a, b) = 1.
Euler Totient
φ(n) is the no. of positive integers less than n and relatively prime to n.
e.g. φ(12)=4 as the four integers {1,5,7,11} are coprime to 12.
φ(7)=6 as the 6 integers {1,2,3,4,5,6} are coprime to 7.
i.e. for any prime p, φ(p) = p-1
Key Generation -detail3. Randomly choose a public key e that
has no factors in common with φ(n)= (p-1)*(q-1). so that gcd(e, φ(n)) = 1, 1 < e < φ(n);[Euclid’s algorithm: gcd(a,b)=gcd(b,r) where r=a mod b e.g. gcd(18,12)=gcd(12,6)=gcd(6,0)=6 i.e. a = qb + r]
4. Solve following equation to find decryption key d ,e.d ≡ 1 mod φ(n) and d < n; where d is the multiplicative inverse of e in mod φ(n);d ≡ e-1mod φ(n)
• ‘mod’ as a congruence relation: The notation ‘a ≡ b (mod n)’ means a and b have the same remainder when divided by n, or, equivalently,
• (a) n|a − b, or• (b) a − b = nk for some integer k .• We say that a is congruent to b modulo n,
where n is the modulus of the congruence. The two ways of using ‘mod’ are related:
• a ≡ b (mod n) <==> a mod n = b mod n.
• Compute a private key d so that e*d leaves a remainder of 1 when divided by φ(n) . Find a value for d such that φ(n) divides (ed-1).Note that d is easy to compute only if one knows the value of φ(n). This is essentially the same as knowing the values of p and q.
Using RSA• publish their public encryption key:
KU={e,n} • keep secret private decryption key:
KR={d,p,q} • to encrypt a message M the sender:
– obtains public key of recipient KU={e,n}
– computes: C=Me mod n, where 0≤M<n• to decrypt the ciphertext C the
owner:– uses their private key KR={d,p,q} – computes: M=Cd mod n
RSA Example1. Select primes: p =17 & q =112. Compute n = pq =17×11=1873. Compute ø(n)=(p–1)(q-
1)=16×10=1604. Select e : gcd(e,160)=1; choose e =75. Determine d: de=1 mod 160 and d <
160 Value is d=23 since 23×7=161= 1×160+1
6. Publish public key KU={7,187}7. Keep secret private key KR={23,17,11}
• Use a property of modular arithmetic:(a x b) mod n = [ (a mod n) x (b mod n) ]
mod n
• modulo of a product = modulo of the product of its multipliers’ modulos
• Strategy - reduce xy into xaxbxc where y=abc using powers of 2 for a, b, c . Then apply above property
• given message M = 88 (nb. 88<187)
• Encryption:• C = 887 mod 187 = [(884 mod 187)( 882
mod 187)( 881 mod 187)] mod 187881 mod 187 =88882 mod 187 = 7744 mod 187 = 77884 mod 187 = 59,969,536 mod 187=132
= (88 x 77 x 132) mod 187 = 894,432 mod 187 = 11•
• Decryption:• M = 1123 mod(187) = [(111
mod 187)( 112 mod 187)( 114 mod 187)( 118 mod 187)( 118 mod 187)] mod (187)
= (11 x 121 x 55 x 33 x 33) mod(187) = 88
• Q. p=11,q=3 M=7
Comparison
DES RSA
Symmetric Key Encryption algorithm
Block size – 64 bits
Contains complex operations(S-boxes)
Bit wise operations used (Shift and
XOR)
There are some operations on key
16 rounds of same operations
Calculations are based on permutation
Public Key Encryption algorithm
Block size – 1024 bits
Only mathematical calculations used
No bit wise operations
No operations on key.
Consists a single round operation
Calculations are based on ‘primitive
logarithm’.
Diffie-Hellman Key Exchange
• Whittfield Diffie and Martin Hellman are called the inventors of Public Key Cryptography.
• Diffie-Hellman Key Exchange is the first Public Key Algorithm published in 1976.
Discrete Logarithms• What is a logarithm?
• log10100 = 2 because 102 = 100
• In general if logmb = a then ma = b
• Where m is called the base of the logarithm
• A discrete logarithm can be defined for integers only
• In fact we can define discrete logarithms mod p also where p is any prime number
Primitive Roots
• If x n = a then a is called the n-th root of x
• For any prime number p, if we have a number a such that powers of a mod p generate all the numbers between 1 to p-1 then a is called a Primitive Root of p.
• Then for any integer b and a primitive root a of prime number p we can find a unique exponent i such that
b = a i mod p• The exponent i is referred to as the
discrete logarithm or index, of b for the base a.
• 2 as primitive root
m 1 2 3 4 5 6 7 8 9 10
2m mod 11 2 4 8 5 10 9 7 3 6 1
m 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
2m mod 19 2 4 8 16 13 7 14 3 6 17 15 11 3 6 12 5 10 1
3m mod 19 3 9 8 5 15 7 2 6 18 16 10 11 14 4 12 17 13 1
Diffie-Hellman Algorithm
• Five Parts1. Global Public Elements2. User A Key Generation3. User B Key Generation4. Generation of Secret Key by User A5. Generation of Secret Key by User B
Global Public Elements
• p Prime number• g g < p and g is a
primitive root of p• The global public elements are also
sometimes called the domain parameters
User A Key Generation
• Select private XA XA < p
• Calculate public YA YA = g XA mod p
User B Key Generation
• Select private XB XB < p
• Calculate public YB YB = g XB mod p
Generation of Secret Key by User A
• K = (YB)XA mod p
Generation of Secret Key by User B
• K = (YA)XB mod p
Diffie-Hellman Key Exchange
• Alice and Bob agree upon and make public two• numbers g and p, where p is a prime and g is a
primitive root mod p. Note: Anyone has access to these numbers.
• The Exchange:1. Alice chooses a random number a (secret)and
computes u =g a (mod p), and sends u to Bob.2. Bob chooses a random number b (secret) and
computes v= g b (mod p), and sends v to Alice.3. Bob computes the key kb using secret b= u b mod
p4. Alice computes the key ka using secret a=v a mod p
Now, both Alice and Bob have the same key,namely ka = kb = gab (mod p).
• kb = u b mod p
=(g a mod p)b mod p =(g a)b mod p by modular
arithmetic
= g ab mod p =(g b)a mod p =(g b mod p)a mod p = v a mod p = ka
Example• Suppose Alice and Bob agree to• use p = 47 and g = 5.• Alice chooses a number between
0 and 46,• say a = 18.• Bob chooses a number between 0
and 46,• say b = 22.
Example• Alice publishes ga (mod p), i.e.• u = 518 (mod 47) = 2.• Bob publishes gb (mod p), i.e.• v = 522 (mod 47) = 28.• If Alice wants to know the secret
key k, she takes Bob’s public number,v =28 and raises it to her private number, a = 18 (taking the result mod 47).
• This gives her: 2818 (mod 47) = 24.
Example
• If Bob wants to know the secret key, he takes Alice’s public number, u = 2, and raises it to his private number, b = 22 (taking the result mod 47).
• This gives him: 222 (mod 47) = 24.• Thus, Alice and Bob have agreed
upon a secret key, k = 24.
Security of DH exchange• Opponent Eve has the following
ingredients p,g,u,v to work with• If Eve wants to compute k, then she
would need either a or b.• Otherwise, Eve would need to solve a Discrete Logarithm Problem.
– There is no known algorithm to accomplish this in a reasonable amount of time.
– E.g. for attacking user B’s secret key,the opponent must compute b=indg,p(v)
Man in the middle attack• Susceptibility: If Eve can intercept u
and v, it is possible for her to substitute her own u’ and v’.
• If she can intercept all communication• between Alice and Bob, then she can
substitute her own messages.• In 1992, the exchange was modified
to prevent the man-in-the-middle attack described above.
Example for m-i-t-m-a
• Alice wants to talk to Bob, sends her public key to Bob.
• But Eve intercepts it, and replaces Alice’s public key with hers. She sends this to Bob.
• Bob thinks Alice wants to talk to him. He sends his public key to her.
• But Eve intercepts and replaces!• Then Eve sets up shared keys with
both!
What to do?
• If the public keys are certified (e.g., VeriSign) then Alice and Bob verifies that they got the right public keys!
• User Authentication: Alice encrypts the message, m, with her private key a, call it ma. ma = Ea (m)
• Alice encrypts ma with Bob’s public key, v, and sends the message to Bob. ma v = Ev (ma)
• Bob recovers ma using his private key b and recovers m by using Alice’s public key u. m = Du(Db(mav))
• Thus, Bob is sure that only Alice could have sent the message.