Public – Private Key Cryptography Solving the problem of exchanging keys while creating brand new problems!

Symmetric Cryptography Last time we talked about encryption algorithms that involve a key But… both sides the encipher-er and the decipher-er both had to have the same key How can we send that securely… basic answer is we can’t unless… we use another method that doesn’t rely on us having the same key

Public-Private Key The idea behind public private key cryptography is simple (the math is also pretty simple but it relies on prime numbers heavily) You generate two keys, a public key that you provide to everyone and a private key that you put under your pillow to guard with your life Anytime anyone wants to send you a message, they can encrypt their message to you with the public key and then only you can decrypt it Anytime you send a message to someone, you can encrypt with their public key and sign the message with your private key thus they know the message is from you because they can’t decrypt without verifying the sign with your public key

The Math!! This relies on prime numbers and modulo arithmetic The formulas are simple, but there are a lot of them Pair up and pull out a calculator (or python…)

Alice & Bob Alice and Bob want to communicate securely so they decide they generate public-private key pairs and exchange public keys Steps Pick two prime numbers p and q (i.e. 7 & 13) Multiply them to produce n (i.e. 91) Compute k, the “totient” function (p – 1) * (q – 1) (i.e. 72) Pick a random number, e, such that 1 < e < k and e is coprime with k, it shares no common factors (i.e. 23) [this is the hardest step] Compute the modular multiplicative inverse, d, such that e^-1 = d % k (i.e. 47) That’s it! Your public key is n and e and the private key is n and d

Generation Public Key (n = 91, e = 23) Private Key (n = 91, d = 47) Alice Bob Public Key (n = 91, e = 23) Private Key (n = 91, d = 47) Alice sends Bob the public key Public Key (n = 77, e = 17) Private Key (n = 77, d = 53) Bob sends Alice the public key

Sending Messages (Alice => Bob) Public Key (n = 91, e = 23) Private Key (n = 91, d = 47) Encrypt using Bob’s public key m = 44 c = m ^ e % n (44 ^ 77 % 17) c = 11 Sign the message with Alice’s private key b = c * 2654435761 % 2^32 s = b ^ d % n s = 47 Alice sends c and s Public Key (n = 77, e = 17) Private Key (n = 77, d = 53) First confirm its Alice by using her public key b = c * 2654435761 % 2^32 s = b^e % n s = 47 The signatures match so decrypt with Bob’s private key m = c^d % n (11 ^ 53 % 77) m = 44

Why is this Safe? First the prime numbers we use for this are huge, so large in fact it would take millennia to find the original numbers using the public key But this does have a problem… What if, during the exchange of public keys, someone stepped into the middle Bob sends Alice his key, but Mary intercepts the message Mary sends Alice her public key instead When Bob sends a message, Mary gets it, reads the contents and then forwards to Alice using her keys instead This is a man in the middle attack!

Enter Certificate Authorities All they really do is confirm that the public key you received truly came from the person you believe sent it because they generated and keep a copy of the public / private key pair