Presentation is loading. Please wait.

Presentation is loading. Please wait.

Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.

Published byLorraine Owens Modified over 8 years ago

Similar presentations

Presentation on theme: "Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications."— Presentation transcript:

1 Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 4 Public Key Cryptography

2 Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 2 Cryptographical Building Blocks Block Ciphers Stream Ciphers Symmetric Key Cryptography AuthenticationConfidentiality Encryption Hash Functions Challenge Response IVs MACs MICs Message Digests Nonces Pseudo Random Random Sources Secret Keys Smart Cards DH RSA Public Key Cryptography Elliptic Curves Digital Signatures Data Integrity Secure Network Protocols Non- Repudiation

3 Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 3 The Secure Key Distribution Problem Alice Bob Carol Dave Edna Fred K AB, K AC, K AD, K AE, K AF K AC, K BC, K CD, K CE, K CF K AB, K BC, K BD, K BE, K BF K AF, K BF, K CF, K DF, K EF K AE, K BE, K CE, K DE, K EF K AD, K BD, K CD, K DE, K DF secure distribution of n 2 /2 keys

4 Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 4 Public Key Distribution System Alice Bob Carol Dave Edna Fred KAKA KBKB KCKC KDKD KEKE KEKE public distribution of n keys Public Directory Alice : K A Bob : K B Carol : K C Dave : K D Edna : K E Fred : K F

5 Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 5 Public Key Cryptography The Inventors Whitfield Diffie and Martin Hellman 1976 Ralph Merkle 1978 C = f K B (P) Encryption with one-way function P = f -1 K B (C,T B ) Joe P = f -1 K B (C) AliceBob KBKB Computation of inverse function is extremely expensive Trap Door One-way functions are often based on well- known hard problems

6 Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 6 Internet Security 1 (IntSi1) 4.1 RSA Public Key Cryptosystem

7 Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 7 RSA Public Key Cryptosystem The Inventors R - Ron Rivest S - Adi Shamir A - Leonard Adleman The One-Way Function The exponentiation function y = f(x) = x e mod n can be computed with reasonable effort. Its inverse x = f -1 (y) is extremely difficult to compute. The Hard Problem Securing the Trap Door The RSA public key algorithm is based on the well-known hard problem of factoring a large number into its prime factors that has been studied over many centuries.

8 Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 8 RSA Public Key Cryptosystem Key Generation Algorithm Step 1: Choose two random large prime numbers p and q For maximum security, choose p and q of about equal length, e.g. 1024 … 1536 bits each. Step 2: Compute the product n = p·q Step 3: Choose a random integer e < (p-1)(q-1) The numbers e and (p-1)(q-1) must be relatively prime, i.e. they should not share common prime factors. Step 4: Compute the unique inverse d = e -1 mod (p-1)(q-1) The equation d·e mod (p-1)(q-1) = 1 can be solved using the Euclidian algorithm.

9 Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 9 RSA Public Key Cryptosystem How to find large random prime numbers There are 10 305 primes 1024 bits in length or less. There are only 10 77 atoms in the universe. The chance that two people choose the same prime factors for key generation is therefore near to nil ! To prove that a randomly chosen number is really prime you would have to factor it. Try small factors (3, 5, 7, 11,...) Probabilistic Primality Tests (e.g. Miller–Rabin) After passing 5 tests, assume a random number to be prime is prime composite number 0 % 100 % 0.1 % not prime prime number99.9 % random number is a Result of Primality Test

10 Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 10 (p-1)·(q-1) = 2 · 10 = 2 · 2 · 5 = 20 RSA Public Key Cryptosystem Key Generation Example p = 3, q = 11: n = p·q = 33 the public exponent e must be relatively prime to (p-1)·(q-1), i.e. it cannot contain any factors of 2 and 5 e d e·d e·d mod 20 3 7 21 1 7 3 21 1 9 9 81 1 11 11 121 1 13 17 221 1 17 13 221 1 19 19 361 1 all possible choices for the exponents e and d

11 Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 11 RSA Public Key Cryptosystem Public and Private Keys Public Key: modulus n and public exponent e Publish n and e in a public directory, so that anybody wanting to send you a confidential message can retrieve it. Private Key: modulus n and private exponent d The private exponent d is your secret. It should be protected either by storing it in a tamper-proof smart card or when stored on a disk by encrypting it with a symmetric cipher secured by a secret passphrase of your choice. The primes p and q that were used for key generation are often kept as part of the private key, because their smaller size (i.e. half the length of the modulus n) allow an efficient implementation of the private key operations (Montgomery multiplication).

12 Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 12 RSA Public Key Cryptosystem Encryption and Decryption Encryption of a plaintext block x: y = x e mod n The sender uses the public key of the recipient to encrypt x < n. Decryption of a ciphertext block y: x = y d mod n The recipient uses her private key to recover the plaintext block x y d = (x e ) d = x e·d = x m·(p-1)·(q-1) + 1 = x 1 = x (mod n) Without proof: Encryption and Decryption are symmetric operations The order of the exponentiation with the public exponent e and the private exponent d can be exchanged.

13 Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 13 e = 1·2 3 + 1· 2 2 + 0·2 1 + 1·2 0 e = 1·8 + 1·4 + 0·2 + 1·1 y = x e =(x 8 ) 1 ·(x 4 ) 1 ·(x 2 ) 0 ·(x) 1 mod n y = x 8 ·x 4 ·x mod n x 2 = x·x mod n, x 4 = x 2 ·x 2 mod n, x 8 = x 4 ·x 4 mod n d = 1·2 4 + 0·2 3 + 0· 2 2 + 0·2 1 + 1·2 0 d = 1·16 + 0·8 + 0·4 + 0·2 + 1·1 x = y d =(y 16 ) 1 ·(y 8 ) 0 ·(y 4 ) 0 ·(y 2 ) 0 ·(y) 1 mod n x = y 16 ·y mod n y 2 = y·y mod n, y 4 = y 2 ·y 2 mod n, y 8 = y 4 ·y 4 mod n, y 16 = y 8 ·y 8 mod n RSA Public Key Cryptosystem Fast Exponentiation Example Encryption with Public Key n = 33, e = 13 Decryption with Private Key n = 33, d = 17

14 Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 14 RSA Public Key Cryptosystem Plaintext to Ciphertext Mapping n = 33, e = 13, d = 17 y = x e mod n x y x y x y x y x y 0 0 8 17 16 4 24 30 32 32 1 1 9 3 17 29 25 16 2 8 10 10 18 24 26 20 3 27 11 11 19 28 27 15 4 31 12 12 20 14 28 7 5 26 13 19 21 21 29 2 6 18 14 5 22 22 30 6 7 13 15 9 23 23 31 25

15 Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 15 The RSA–768 Challenge The Effort 768 bit number (232 digits) factored in December 2009 Sieving step took 2 years on a cluster of several hundred computers. Sieving on a single core 2.2 GHz Opteron processor with 2 GB of RAM would have taken 1500 years. 1024 modulus is about 1000 times harder to factor. 1230186684530117755130494958384962720772853569595334792197 3224521517264005072636575187452021997864693899564749427740 6384592519255732630345373154826850791702612214291346167042 9214311602221240479274737794080665351419597459856902143413 = ? = 3347807169895689878604416984821269081770479498371376856891 2431388982883793878002287614711652531743087737814467999489 * 3674604366679959042824463379962795263227915816434308764267 6032283815739666511279233373417143396810270092798736308917

16 Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 16 Assumed effort: 40 million dollardays = 40M x 1 day = 100k x 400 days 56 bits in 1982 RSA: 366 … 527 bits 64 bits in 1994 RSA: 639 … 746 bits 72 bits in 2006 RSA: 1007 … 1012 bits 76 bits in 2012 RSA: 1164 … 1229 bits 80 bits in 2018 RSA: 1329 … 1478 bits 88 bits in 2030 RSA: 1698 … 2063 bits 96 bits in 2042 RSA: 2124 … 2770 bits 104 bits in 2054 RSA: 2608 … 3607 bits 112 bits in 2066 RSA: 3154 … 4582 bits 120 bits in 2078 RSA: 3764 … 5701 bits 128 bits in 2090 RSA: 4440 … 6974 bits Cryptographics Strength of RSA Keys www.keylength.com

17 Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 17 Internet Security 1 (IntSi1) 4.2 Diffie Hellman Key Exchange Algorithm

18 Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 18 The Diffie–Hellman Key-Exchange Algorithm Generating a Common Secret Key Alice and Bob agree on a large prime modulus n, a primitive element g and the one-way function y = f(x) = g x mod n. The integers n and g are not secret and can be published. Alice chooses a large random integer a and sends Bob A = g a mod n Bob chooses a large random integer b and sends Alice B = g b mod n Alice computes s = B a mod n = g ba mod n Bob computes s = A b mod n = g ab mod n Alice and Bob share now the secret key s = g ab mod n Since computing the inverse x = f -1 (y) is extremely difficult, no one listening to the key-exchange can compute the secret key s from the values A, B, n and g.

19 Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 19 The Diffie–Hellman Key-Exchange Algorithm Practical Example y = g x mod n Prime modulus: n = 31 Primitive element: g = 3 y 1 3 9 27 19 26 16 17 20 29 25 13 8 24 10 30 x 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 y 28 22 4 12 5 15 14 11 2 6 18 23 7 21 1 x 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 A: a = 8  A = 3 8 mod 31 = 20 B: b = 6  B = 3 6 mod 31 = 16 s = 20 6 mod 31 = 4 s = 16 8 mod 31 = 4

Download ppt "Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications."

Similar presentations

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:

Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:
Public Key Cryptography

Public Key Cryptography
Public Encryption: RSA

Public Encryption: RSA
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.

Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Topic 5 Essential Public Key Crypto Methods.

The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Topic 5 Essential Public Key Crypto Methods.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.

Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 6 Epayment Security II.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.
Lecture 6: Public Key Cryptography

Lecture 6: Public Key Cryptography
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.

Similar presentations

Ads by Google