Public Key Cryptosystems and RSA

PUBLIC KEY

CRYPTOSYSTEMS

AND RSA

Christopher Theisen

http://theisencr.github.io/whitewater_pkc/

AGENDA

◦ Encryption

◦ Private Key Cryptosystems

◦ Public Key Cryptosystems

◦ Introduction to RSA

◦ Simple RSA Example

◦ Exercise: Key Generation and Message

◦ Attacks against RSA

ENCRYPTION

◦ Definition: “The process of converting

information or data into a code, with the

goal of preventing unauthorized access.”

◦ Important for protecting data you want to

keep private

◦ Credit cards, personal information, etc.

PRIVATE KEY CRYPTOSYSTEMS

◦ Use of a single, shared key that can

encrypt and decrypt information

◦ Messages are encrypted using the shared

key, then the encrypted message is sent to

the other party

◦ Use Case: sustained messages between

two known parties

PRIVATE KEY CRYPTOSYSTEMS

Public Key Cryptography | RSA | Example | Exercise | Attacks

PUBLIC KEY CRYPTOSYSTEMS


Distinguished from private key:

◦ Private Key: A secret, exclusive key for

encryption and decryption

◦ Public Key: Separate, public key for encryption

and decryption.

◦ Use Case: authentication step and exchange of

shared secret key for further communication

PUBLIC KEY CRYPTOSYSTEMS


PUBLIC KEY - CONFIDENTIALITY


PUBLIC KEY - AUTHENTICATION


PUBLIC KEY – CONFIDENTIALITY AND

AUTHENTICATION


Bob Private Key -> Alice Public Key -----> Alice Private Key -> Bob Public Key

RIVEST-SHAMIR-ADLEMAN (RSA)

◦ Developed by Ron Rivest, Adi Shamir, and

Leonard Adleman

◦ Based on the difficulty of factoring large

prime numbers

◦ Someone with the product of two primes

can encrypt, but only someone who knows

both primes can decrypt.


TRAPDOOR FUNCTION

◦ Easy to compute in one direction,

hard to compute in the other without

special information (the trapdoor)


RSA – KEY GENERATION

1. Pick two large primes, p and q

p = 11

q = 3

2. Calculate n = pq

n = 11 * 3

n = 33



3. Calculate λ(n) = (p-1)(q-1)

λ(n) = (11-1)(3-1)

λ(n) = 10*2

λ(n) = 20

4. Choose a small number e, coprime to λ(n)

e = 3

Alternate: Fix e first (e=3, e=17, e=65,537)



5. Find d, satisfying de mod λ(n) = 1

Isolating d:

d = (1 + x* λ(n)) / e, where x is any integer.

x = 0 => d = (1 + 0) / 3 (no)

x = 1 => d = (1 + 20) / 3 = 7 (yes!)

d = 7



p = 11

q = 3

n = 33

λ(n) = 20

e = 3

d = 7

Private Key = (n, d) (33, 7)

Public Key = (n, e) (33, 3)


RSA – MESSAGES

Private Key = <n, d> <33, 7>

Public Key = <n, e> <33, 3>

We want to send the integer “m” as a message.

Sending Messages:

Encryption: c = me mod n

Decryption: m = cd mod n


RSA – ENCRYPTION



Encryption: c = me mod n

m = 4

c = 43 mod 33

c = 64 mod 33

c = 31


RSA – DECRYPTION



Decryption: m = cd mod n

c = 31

m = 317 mod 33

m = 27,512,614,111 mod 33

m = 4


RSA - ALGORITHM

Key Generation

1. Pick two large primes, p and q

2. n = pq

3. λ(n) = (p-1)(q-1)

4. Choose a small number e, coprime to λ(n)

5. Find d, satisfying d*e mod λ(n) = 1

Public Key: <n, e> Encryption: c = me mod n

Secret Key: <n, d> Decryption: m = cd mod n


EXERCISE: RSA KEY SIZE

Links to tools for RSA Demo (work in pairs or more):

theisencr.github.io/whitewater_pkc/

Pink generates a public key – “Packed public key” field

Blue copies public key, unpacks, encodes message

“OpenPGP Multi Precision Integer (MPI) of Public Key

(base64)”

Pink copies encoded message, decrypts.

Spend time checking out performance of each step.


EXERCISE: ATTACKS

Imagine Eve wanted to intercept communications that

Bob (Blue) sends to Alice (Pink).

Open an additional Pink tab.

Experiment with “tricking” Bob (Blue) into

communicating with Eve (new Pink).

What’s the key step?


AUTHENTICATING PUBLIC KEYS

◦ You need to trust that Alice’s public key is *really* her

key!

◦ Three approaches:

▫ Certificate Authorities – central repository of

validated keys

▫ Web of Trust – get people to “vote” that your key

is accurate (Distributed Ledger)

▫ Meet in real life and exchange keys


ATTACKING RSA


ATTACKING RSA: FACTORING CHALLENGE

◦ Brute forcing RSA requires prime factorization

◦ Monetary reward for cracking large RSA values

◦ RSA-XXX: XXX = number of bits

◦ RSA-768: Factored in December 2009 – 2 ½ years

◦ “On a single core 2.2 GHz AMD Opteron processor

with 2 GB RAM, sieving would have taken about

fifteen hundred years”


ATTACKING RSA - RANDOMNESS

p = Randomly Chosen

q = Randomly Chosen

n = p and q

λ(n) = p and q

e = chosen from p, q

d = found from e, λ(n)



◦ “Random numbers” are actually pseudo-random

◦ Ways to generate “random” numbers

▫ Seed by time

▫ Seed by execution history - /dev/random

▫ Seed by atmospheric noise




◦ 2012 paper by Heninger et al. at USENIX

▫ “Mining your P’s and Q’s: Detection of

Widespread Weak Keys in Network Devices”

◦ Plain terms: if the P/Q of two keys are the same, you

can determine the other factor of both.

◦ How rare is this?



◦ If you use poor randomness, common factors

(somewhat) common!

◦ Heninger et al. harvested 5 million SSL keys

◦ Found high common factors in 0.5% of the keys

(25,000 keys)

◦ Result: can compute the private keys of those 25,000!



◦ /dev/urandom: supplies random bytes based on disk

activity, non-blocking

◦ Why would disk activity be not-so-random on devices

like these?


SUMMARY SLIDE


◦ Differences between Private and Public

Key Cryptosystems

◦ Introduction to RSA

◦ Walkthrough of RSA at scale

◦ Attacks against RSA

Class Materials:

theisencr.github.io/whitewater_pkc

[email protected]

theisencr.github.io

Public Key Cryptosystems and RSA

Education