CPIS 312 Chapter Four: PUBLIC KEY CRYPTO

Index 2 A.Introduction A.1 Asymmetric Key Cryptography- Introduction A.2 General ideas about the Public Key Cryptography B. Mathematical Background Prime Co-Prime Euclidean Algorithms Congruence Relations C. Asymmetric Key Algorithms C.1 RSA Algorithms C.2 Example C3 Performance comparison with DES D. Diffie-Hellman Algorithm E. Public Key Infrastructure F. Hybrid Cryptosystem

Asymmetric Key Cryptography/ Public Key Cryptography public-key/two-key/asymmetric cryptography involves the use of two keys: a public-key, which may be known by anybody, and can be used to encrypt messages, and verify signatures a related private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures infeasible to determine private key from public based on mathematical functions rather than on substitution and permutation is asymmetric because those who encrypt messages or verify signatures cannot decrypt messages or create signatures

General Idea of Asymmetric Cryptography

Mathematical Background Prime Co-Prime Euclidean Algorithms Congruence Relations

The prime is a natural number which has exactly two distinct natural number divisors: 1 and itself The first 15 prime numbers are: 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47. Prime

The integers a and b are said to be coprime or relatively prime if they have no common factor other than 1 and −1 (if their Greatest Common Divisor is 1) For example: 6 and 35 are coprime 6 and 27 are not coprime because they are both divisible by 3 A fast way to determine whether two numbers are coprime is given by the Euclidean algorithm that determine the greatest common divisor (GCD) of two elements. Coprime

The Euclidean algorithm is an algorithm to determine the greatest common divisor (GCD) of two elements. Using recursion, the algorithm can be expressed: function gcd(a, b) { if b = 0 return a else return gcd(b, a mod b) } For example: gcd(35,6) = gcd(6,5) = gcd(5,1)=gcd(1,0)=1 (This means that 35 and 6 are coprime) gcd(27,6) = gcd(6,3) = gcd(3,0) = 3 Euclidean Algorithm

Two integers a and b are said to be “congruent modulo” n, if their difference a − b is an integer multiple of n. If this is the case, it is expressed as: a ≡ b (mod n)"a is congruent to b modulo n“ For example, 38 ≡ 14 (mod 12) 38 ≡ 2 (mod 12) -3 ≡ 2 (mod 5) Congruence Relation

C.2. Asymmetric Key Algorithms 3. RSA The algorithm was publicly described in 1977, however, was not revealed until 1997 due to its top- secret classification. Rivest, Shamir, and Adleman devised RSA independently of Cocks' work. RSA involves a public key and a private key. The public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted using the private key.

C.2. Asymmetric Key Algorithms 3. RSA 1.Choose two distinct large random prime numbers p and q 2.Compute n=p.q n is used as the modulus for both the public and private keys 3.Compute the totient: φ (n)=(p-1)(q-1) 4.Choose an integer e such that 1<e<φ(n), and e and φ(n) share no factors other than 1; (i.e. e and φ(n) are coprime) e is released as the public key exponent 5.Compute d to satisfy the congruence relation: d.e ≡ 1 (mod φ(n)); d is kept as the private key exponent Public Key: (n, e) Private Key: (n,d) To encrypt message: c = m e mod n To decrypt message: m = c d mod n

C.2. Asymmetric Key Algorithms 3. RSA - Example 1. Select primes: p=17 & q=11 2. Calculaten = pq =17 x 11= Calculateø(n)=(p–1)(q-1)=16x10= Select e: gcd(e,160)=1; choose e=7 5. Determine d: de=1 mod 160 and d < 160 Value is d=23 since 23x7=161= 10x Publish public key PU={7,187} 7. Keep secret private key PR={23,187}

RSA Example given message M = 88 encryption: C = 88 7 mod 187 = 11 decryption: M = mod 187 = 88

C.2. Asymmetric Key Algorithms 3. RSA - Some Facts Security of RSA relies on difficulty of finding d given n and e. – If one can factorise n, then he can find p and q, and hence calculated d. p and q should differ in length by only a few digits, and both should be on the order of digits or even larger. – n with 150 digits could be factored in about 1 year. – factoring n with 200 digits could take about 1000 years (assuming about 1012 operations per second).

C.2. Asymmetric Key Algorithms 3. RSA - Some Facts Performance comparison with DES – RSA is about 1000 times slower in hardware. – RSA is about 100 times slower in software. It is not suited for encrypting long messages. Typically used for – Encrypting session keys for conventional ciphers. – Non-repudiation - digital signatures (see a future lecture). Smart cards which are RSA-capable have become available.

RSA Example Here is a more realistic example. We choose a 512-bit p and q, calculate n and f(n), then choose e and test for relative primeness with f(n). We then calculate d. Finally, we show the results of encryption and decryption. The integer p is a 159-digit number. Here is a more realistic example. We choose a 512-bit p and q, calculate n and f(n), then choose e and test for relative primeness with f(n). We then calculate d. Finally, we show the results of encryption and decryption. The integer p is a 159-digit number.

RSA Example The modulus n = p × q. It has 309 digits. The modulus n = p × q. It has 309 digits. f(n) = (p − 1)(q − 1) has 309 digits. f(n) = (p − 1)(q − 1) has 309 digits.

RSA Example Bob chooses e = (the ideal is 65537) and tests it to make sure it is relatively prime with f(n). He then finds the inverse of e modulo f(n) and calls it d. Bob chooses e = (the ideal is 65537) and tests it to make sure it is relatively prime with f(n). He then finds the inverse of e modulo f(n) and calls it d.

RSA Example Alice wants to send the message “THIS IS A TEST”, which can be changed to a numeric value using the 00−26 encoding scheme (26 is the space character). Alice wants to send the message “THIS IS A TEST”, which can be changed to a numeric value using the 00−26 encoding scheme (26 is the space character). The ciphertext calculated by Alice is C = P e, which is The ciphertext calculated by Alice is C = P e, which is

RSA Example Bob can recover the plaintext from the ciphertext using P = C d, which is Bob can recover the plaintext from the ciphertext using P = C d, which is The recovered plaintext is “THIS IS A TEST” after decoding. The recovered plaintext is “THIS IS A TEST” after decoding.

Review Question Q1.You intercept a message encrypted using RSA with value C = 10. You know that the message is intended for a user whose public key is {e=5, n=35}. Find the plaintext M.

C.2. Asymmetric Key Algorithms 4. Diffie – Hellman “Key Exchange” Invented by Williamson (GCHQ) and, independently, by Diffie – Hellman (Stanford) A “key exchange” algorithm used to establish a shared symmetric key not for encrypting or signing The security of DH on the computational difficulty of the discrete log problem: given g, p, and g k mod p find k

C.2. Asymmetric Key Algorithms 4. Diffie - Hellman Let p be prime, let g be a generator – For any x  {1,2,…,p-1} there is n s.t. x = g n mod p Alice selects secret value a Bob selects secret value b Alice sends g a mod p to Bob Bob sends g b mod p to Alice Both compute shared secret g ab mod p Shared secret can be used as symmetric key

C.2. Asymmetric Key Algorithms 4. Diffie - Hellman Suppose that Bob and Alice use g ab mod p as a symmetric key Trudy can see g a mod p and g b mod p Note g a. g b mod p = g (a+b) mod p  g ab mod p If Trudy can find a or b, system is broken If Trudy can solve discrete log problem, then she can find a or b

C.2. Asymmetric Key Algorithms 4. Diffie - Hellman Public: g and p Secret: Alice’s exponent a, Bob’s exponent b Alice computes (g b ) a = g ab mod p Bob computes (g a ) b = g ab mod p Could use K = g ab mod p as symmetric key Alice, aBob, b g a mod p g b mod p

C.2. Asymmetric Key Algorithms 4. Diffie - Hellman Subject to man-in-the-middle (MiM) attack Trudy shares secret g at mod p with Alice Trudy shares secret g bt mod p with Bob Alice and Bob don’t know Trudy exists! Alice, a Bob, b g a mod p g b mod p Trudy, t g t mod p

C.2. Asymmetric Key Algorithms 4. Diffie - Hellman How to prevent man-in-the-middle attack (MiM) attack? – Encrypt DH exchange with symmetric key – Encrypt DH exchange with public key – Sign DH values with private key – Other? You MUST be aware of MiM attack on Diffie- Hellman

C.2. Asymmetric Key Algorithms 5. Public Key Infrastructure (PKI) PKI is showing everything required to securely use public key crypto: – A digital certificate, or public key certificate, that contains a user’s name along with the user’s public key. – A digital certificate needs to be signed by one of the Certificate Authorities (CAs) – trusted third party (TTP) - in order to verify the public key. – A digital certificate needs to be added to the Certificate Revocation Lists (CRLs) if the private key is compromised.

C.2. Asymmetric Key Algorithms 5. Public Key Infrastructure (PKI) Public Key Certificate Contains name of user and user’s public key (and possibly other info) Certificate is signed by the issuer (such as VeriSign) who vouches for it Signature on certificate is verified using signer’s public key

C.2. Asymmetric Key Algorithms 5. Public Key Infrastructure (PKI) Certificate Authority Certificate authority (CA) is a trusted 3rd party (TTP) that issues and signs cert’s – Verifying signature verifies the identity of the owner of corresponding private key – Verifying signature does not verify the identity of the source of certificate! – Certificates are public! – Big problem if CA makes a mistake (a CA once issued Microsoft certificate to someone else!) – Common format for certificates is X.509

C.2. Asymmetric Key Algorithms 5. Public Key Infrastructure (PKI) Public Key Infrastructure (PKI) consists of all pieces needed to securely use public key cryptography – Key generation and management – Certificate authorities – Certificate revocation (CRLs), etc.

C.2. Asymmetric Key Algorithms 6. Ways to use Anyone can encrypt using the public key, but only the holder of the private key can decrypt. Secrecy depends on the secrecy of the private key. Using a private key to encrypt (thus signing) a message; anyone can check the signature using the public key. Validity depends on private key security. By combining your own private key with the other user's public key, you can calculate a shared secret that only the two of you know. The shared secret can be used as the key for a symmetric cipher. 123

C.2. Asymmetric Key Algorithms 7. Advantages 1.Hybrid Cryptosystem: – The primary advantage of symmetric key cryptography is efficiency (because there is no infrastructure, such as PKI). – the primary advantage of public key cryptography is that no need to establish a shared key in advance. – To achieve both advantage, use a hybrid cryptosystem, where public key crypto is used to establish a symmetric key. C={M} Alice : encrypt message M with Alice’s public keyM=[C] Alice : decrypt ciphertext C with Alice’s private key

C.2. Asymmetric Key Algorithms 7. Advantages 2.Integrity and non repudiation: – With symmetric key crypto, a MAC provides for integrity. – With public key crypto, a digital signature provides for integrity and non-repudiation. Scenario? Hints: Using a MAC, anyone can repudiate a transaction because the key is shared between the two sides. However, using a digital signature, no one can repudiate a transaction because the private key can be owned by only one.

C.2. Asymmetric Key Algorithms 7. Advantages 3.Confidentiality and non repudiation: – For confidentiality only, Alice can encrypt M with Bob’s public key  Alice will {M} Bob – For integrity and non-repudiation only, Alice can sign M with her private key  Alice will [M] Alice – To achieve all: Alice can sign the message M and encrypt the result:{[M] Alice } Bob Alice can encrypt M first and then sign the result: [{M} Bob ] Alice C={M} Alice : encrypt message M with Alice’s public keyM=[C] Alice : decrypt ciphertext C with Alice’s private key

Terms and Concepts Symmetric Ciphers Asymmetric Ciphers GK & SIK RSA PKI Shared key Repudiation 36