Presentation is loading. Please wait.

Presentation is loading. Please wait.

Public-key encryption. Symmetric-key encryption Invertible function Security depends on the shared secret – a particular key. Fast, highly secure Fine.

Published byBaylee Shed Modified over 9 years ago

Similar presentations

Presentation on theme: "Public-key encryption. Symmetric-key encryption Invertible function Security depends on the shared secret – a particular key. Fast, highly secure Fine."— Presentation transcript:

1 Public-key encryption

2 Symmetric-key encryption Invertible function Security depends on the shared secret – a particular key. Fast, highly secure Fine for repeated communication Poor fit for one-shot communication, signatures

3 Asymmetric-key (public key) encryption The basic idea: A user has two keys: a public key and a private key. A message can be encrypted with the public key and decrypted with the private key to provide security. A message can be encrypted with the private key and decrypted with the public key to provide signatures.

4 One-way functions Most common functions are invertible; for any F(x) = y, there is an F -1 (y) = x. –Multiplication and division –DES A function which is easy to compute in one direction, but hard to compute in the other, is known as a one-way function. –Hashing, modular arithmetic. A one-way function that can be easily inverted with an additional piece of knowledge is called a trapdoor one-way function.

5 One-way functions Public key encryption is based on the existence of trapdoor one-way functions. –Encryption with the public key is easy. –Decryption is computationally hard. –Knowledge of the private key opens the trapdoor, making inversion easy. Password systems also use one-way functions.

6 Overview of RSA RSA is the most common and well-known public key cryptosystem Basic notation: a key pair (e,d) contains two keys: –e is the public key (used to encrypt documents) –d is the private key (used to decrypt documents) M is the plaintext message. Let R be the encryption function. R(e,M) = C. R(d,C) = M. - encryption R(d,M) = C’ R(e,C’) = M - signing R(e,R(d,M)) = M = R(d,R(e,M)) –Same function is used for both operations.

7 Modular Arithmetic RSA’s security is based on modular arithmetic. –a = b (mod n) there is a q such that a-b=qn –b is the remainder after dividing a by n –23 = 3 (mod 5) A set {0,1,…,n-1} is closed under modular addition and multiplication. (a(mod n) + b(mod n))(mod n) = (a+b) (mod n) (ab)(mod n) = (a(mod n) b(mod n))(mod n)

8 Modular Arithmetic Two numbers p and q are said to be relatively prime if their greatest common divisor is 1. –5 and 17, 8 and 9, 10 and 21 To compute gcd: –gcd(a,b) = gcd(b, a mod b) (Euclid, 300BC)

9 Identities and Inverses An identity is a number that maps a number to itself under some operation. –0 in normal addition, 1 in multiplication. An inverse is a number (within the input set) and maps a given number to the identity –X * 1/X, X + -X in integer math We are particularly interested in multiplicative inverses for modular arithmetic. –(ab) = 1 (mod n)

10 Multiplicative Inverses 3 and 2 are multiplicative inverses mod 5. 7 and 6 are multiplicative inverses mod 41. 5 and 2 are multiplicative inverses mod 9. For n > 1, if a and n are relatively prime, there is a unique x such that –ax = 1 (mod n)

11 More preliminaries Fermat’s Little Theorem: –If p is prime, then for all a: a p-1 = 1 (mod p) Chinese Remainder Thm (corollary) –If p and q are prime, then for all x and a: –x = a(mod p) and x = a(mod q) iff x=a mod(pq) These are needed to prove RSA’s correctness.

12 The RSA Algorithm Pick two large (100 digit) primes p and q. Let n = pq Select a relatively small integer d that is prime to (p-1)(q-1) Find e, the multiplicative inverse of d mod (p-1)(q-1) (d,n) is the public key. To encrypt M, compute –En(M) = M e (mod n) (e,n) is the private key. To decrypt C, compute –De(C) = C d (mod n)

13 RSA example Let p = 11, q = 13 n = pq = 143 (p-1)(q-1) = 120 = 3 x 2 3 x 5 Possible d: 7, 11, 13, 17, … (let’s use 7) Find e: e*7 = 1(mod 120) = 103 Public key: (7, 143) Private key: (103, 143) En(42) = 42 7 (mod 143) = 81 De(81) = 81 103 (mod 143) = 42

14 Correctness of RSA To show RSA is correct, we must show that encryption and decryption are inverse functions: –En(De(M)) = De(En(M)) = M = M ed (mod n) –Since d and e are multiplicative inverses, there is a k such that: ed=1+ kn = 1 + k(p-1)(q-1) M ed = M 1+k(p-1)(q-1) = M*(M p-1 ) k(q-1) By Fermat: M p-1 =1(mod p) M ed = M(1) k(q-1) (mod p) = M(mod p)

15 Correctness of RSA M ed = M(1) k(q-1) (mod p) = M(mod p) M ed = M(1) k(q-1) (mod q) = M(mod q) By Chinese Remainder Thm, we get: M^{ed} = M (mod p) M (mod q) = M (mod pq) = M (mod n) Therefore, RSA reproduces the original message and is correct.

16 Strengths of RSA No prior communication needed Highly secure (for large enough keys) Well-understood Allows both encryption and signing

17 Weaknesses of RSA Large keys needed (1024 bits is current standard) Relatively slow –Not suitable for very large messages Public keys must still be distributed safely.

18 Security of RSA The security of RSA is dependent on the assumption that it’s difficult to generate the private key d from the public key e and the modulus n. Equivalent to integer factorization problem. –This is how we got e and d in the first place. Factoring is thought to be computationally hard. –No proof, though!

19 Difficulty of Factoring The fastest known factoring algorithm is the generalized number field sieve. –Sub-exponential time –Greater than polynomial space. Some statistics: Number LengthMachinesMemory/Machine 4301Trivial 760215,0004Gb 1020342 million170 Gb 16201.6x10^15120 Tb

20 Security and Problem Difficulty Another way to think about the problem is to ask how long a keylength will be secure, given Moore’s law: From the RSA labs factoring FAQ

21 Security and Problem Difficulty RSA-155 (512 bit asymmetric-key) broken in 1999. Estimate: capability grows by ~4.25 digits per year. (approx.13-14 bits per year) 1024-bit RSA should be “secure” until 2037. Using Moore’s Law – 1024-bit is 7 million times harder than 512-bit –So, we need a 7 millionX speedup to crack 1024-bit RSA with the same relative computational power. –Also about 34 years. Question: How long does your data need to be secure?

22 Digital Signatures Desirable properties of a digital signature: –A receiver must be able to validate the signature –The signature must not be forgeable –The signer must not be able to repudiate the signature. Encrypt with private key, validate with public key. –For security and authenticity, encrypt the signed message with the receiver’s public key.

23 Hash Functions A hash function is a one-way function that maps a message M into a (typically smaller) hashed message H. Sometimes this is called a fingerprint Also sometimes a message digest. –Goals: Non-invertible fast low collision rate

24 Hash Functions To sign a document, I compute its hash, encrypt that with my private key, and send the encrypted hash along with the original document as plaintext. The receiver hashes the plaintext and then uses my public key to verify that I was the one who sent the document. Can also detect tampering.

25 Combining Public and Secret Keys Public-key encryption is often used to synchronize secret session keys. –SSL uses this. A generates a secret key and sends it to B, encrypted with B’s public key. –For handshaking, include a random number. B decrypts the message and has the secret key. –For handshaking, B encrypts the random number with A’s public key and returns it.

26 Authentication A sends “Please authenticate me” to B B creates a random message and signs it with A’s public key. A decrypts the message with its private key, encrypts it with B’s public key, and returns it. –Only someone with A’s private key can do this. Potential attack: B gets to pick a string that A will encrypt –This could yield information about A’s private key.

27 Zero-knowledge Protocols One application of public-key cryptography is zero-knowledge protocols. Often, one party might want to prove something to another without revealing any information –Nuclear treaties –Bank balances –Sensitive information

28 Zero-knowledge protocols Alice wants to prove to Bob that she is Alice. –If she sends identification, Bob (or an eavesdropper) can use it. Example: Authority chooses a number N=77, known by all. Alice’s public ID: (58, 67) Alice’s private ID: (9,10) –These are multiplicative inverses mod 77

29 Zero-knowledge protocols Alice chooses some random numbers and computes their square mod N. –{19, 24, 51} -> 19 2 (mod 77) = 53, 24 2 (mod 77) = 37, 51 2 (mod 77) = 60 –Alice sends {53,37,60} to Bob. –Bob sends back a random 2x3 matrix of 1s and 0s. –0 1 –1 0 –1 1

30 Zero-knowledge protocols Alice uses this grid, plus her original random numbers and her secret numbers, to compute: 19 * 9 0 * 10 1 (mod 77) = 36 24 * 9 1 * 10 0 (mod 77) = 62 51 * 9 1 * 10 1 (mod 77) = 47 She sends {36,62,47} to Bob.

31 Zero-knowledge protocols Bob verifies Alice’s identity by computing: –{58,67} are Alice’s public numbers 36^2 *58^0 *67^1 (mod 77)= 53 62^2 *58^1 * 67^0 (mod 77) = 37 47^2 * 58^1 * 67^1 (mod 77) = 60 Alice’s original numbers reappear! –(Actually, an attacker would have a 1 in 64 chance of guessing correctly …)

32 Zero-knowledge protocols In a real system, N would be very large –160 digits. Many more numbers would be generated. This works because Alice’s secret numbers are multiplicative inverses of her public numbers mod N. Also, Bob learns nothing that he didn’t know before.

33 Summary Public key encryption provides a flexible system for secure communication in open environments. Based on one-way functions Allows for both authentication and signing Secure public key distribution remains a problem.

Download ppt "Public-key encryption. Symmetric-key encryption Invertible function Security depends on the shared secret – a particular key. Fast, highly secure Fine."

Similar presentations

RSA.

RSA.
Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
Public Key Cryptosystem

Public Key Cryptosystem
PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.

PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.
Security in Open Environments

Security in Open Environments
ONE WAY FUNCTIONS SECURITY PROTOCOLS CLASS PRESENTATION.

ONE WAY FUNCTIONS SECURITY PROTOCOLS CLASS PRESENTATION.
RSA and Public Key Cryptography Oct. 2002 Nathanael Paul.

RSA and Public Key Cryptography Oct Nathanael Paul.
Public Key Encryptions CS461/ECE422 Fall 2011. Reading Material Text Chapters 2 and 20 Handbook of Applied Cryptography, Chapter 8 –

Public Key Encryptions CS461/ECE422 Fall Reading Material Text Chapters 2 and 20 Handbook of Applied Cryptography, Chapter 8 –
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
1 Complexity ©D.Moshkovitz Cryptography Where Complexity Finally Comes In Handy…

1 Complexity ©D.Moshkovitz Cryptography Where Complexity Finally Comes In Handy…
CS555Spring 2012/Topic 171 Cryptography CS 555 Topic 17: Textbook RSA encryption.

CS555Spring 2012/Topic 171 Cryptography CS 555 Topic 17: Textbook RSA encryption.
Cryptography and Network Security Chapter 9

Cryptography and Network Security Chapter 9
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
CSE331: Introduction to Networks and Security Lecture 19 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 19 Fall 2002.
22C:19 Discrete Structures Integers and Modular Arithmetic

22C:19 Discrete Structures Integers and Modular Arithmetic
22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.

22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 6 Epayment Security II.

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
Attacks on Digital Signature Algorithm: RSA

Attacks on Digital Signature Algorithm: RSA

Similar presentations

Ads by Google