PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description Security
PUBLIC-KEY CRYPTOGRAPHY (PKC) – A New Idea Historically – Symmetric-Key (one key) substitution (confusion) permutation (diffusion) More Recently – Asymmetric-Key (two keys)
MISCONCEPTIONS PKC vs Symmetric Encryption PKC more secure than symmetric encryp. WRONG!! PKC more useful than symmetric encryp. WRONG!! – PKC costly PKC doesn’t need complicated protocol WRONG!!
PKC - USES Key Management Signature
Plaintext – input to encryp. algorithm output from decryp. algorithm PKC – SIX INGREDIENTS Plaintext – input to encryp. algorithm output from decryp. algorithm Encryp. Algorithm – acts on plaintext - controlled by public or private key Public and Private Key - one for encryption - one for decryption Ciphertext – output from encryp. algorithm input to decryp. algorithm Decryp. Algorithm – acts on ciphertext
Each user generates two related keys - PUBLIC and PRIVATE PKC – STEPS Each user generates two related keys - PUBLIC and PRIVATE 2. Each user makes: public key PUBLIC private key PRIVATE access ALL public keys 3. BOB: Encr(plaintext,PUBLICAlice) ciphertext ALICE 4. ALICE: Decr(ciphertext,PRIVATEAlice)
PKC for a) ENCRYPTION b) AUTHENTICATION
KEYS EASILY UPDATED ANY Private/Public key pair can be changed. At ANY TIME, ANY Private/Public key pair can be changed. Public key should be made public IMMEDIATELY
Asymmetric-Key (PKC): One PRIVATE KEY One PUBLIC KEY CIPHER TERMINOLOGY Symmetric-Key: One SECRET KEY Asymmetric-Key (PKC): One PRIVATE KEY One PUBLIC KEY
CONFIDENTIALITY
AUTHENTICATION (source) (Integrity/Signature)
CONFIDENTIALITY and AUTHENTICATION
APPLICATIONS OF PKC Encryp./Decryp. Sender encrypts with RECIPIENT’S PUBLIC key. Applied to ALL of message. Digital Signature Sender signs with SENDER’S PRIVATE key. Applied to ALL or PART of message. Key Exchange Uses one or more PRIVATE keys. Several approaches
APPLICATIONS OF PKC Table 9.2
ONE-WAY FUNCTION Every value has an inverse Y = F(X) X = F-1(Y) Y = F(X) - easy X = F-1(Y) - infeasible easy – polynomial time (poly in message length) infeasible - > poly time (e.g. exp. in message length)
TRAP-DOOR ONE-WAY FUNCTION (e.g. PKC) Y = fk(X) - easy if k and X known X = fk-1(Y) - easy if k and Y known X = fk-1(Y) - infeasible if only Y known
PKC – THE PROBLEM OF KEY SIZE Brute-Force Attack Use LARGE keys But, PKC COMPLEXITY GROWS fast with key size So, PKC TOO COMPLEX encryp/decryp PKC only for key management and signature
RSA ALGORITHM PKC: 1960’s (NSA) 1970 Ellis – CESG 1976 Diffie and Hellman RSA: 1973 Cocks – CESG 1977 Rivest, Shamir, Adleman - MIT
RSA Plaintext and Ciphertext integers between 0 and n-1 i.e. k bits, 2k < n <2k+1 Encryption: C = Me mod n Decryption: M = Cd mod n = (Me)d mod n = Med mod n
RSA (continued) Receiver knows n,d PUBLIC key, KU = {e,n} Sender knows n,e Receiver knows n,d PUBLIC key, KU = {e,n} PRIVATE key, KR = {d}
PKC REQUIREMENTS OF RSA 1. There exists e,d,n s.t. Med = M mod n 2. Easy to calculate Me and Cd given {M,e} or {C,d}, resp. 3. Infeasible to find d given {e,n}
EXAMPLE p = 17, q = 11 n = p.q = 187 mod p = 17, {1,6,62,63,64,65,66,67,68,69,610,611,612,613,614,615} = {1,6,2,12,4,7,8,14,16,11,15,5,13,10,9,3} Mod p = 11 {1,2,4,8,5,10,9,7,3,6}
EXAMPLE 57 = (6,2), 572 = (2,4), 573 = (12,8), 574 = (4,5)
EXAMPLE Chinese Remainder Theorem We want number, g, between 1 and 186 s.t. g mod 17 = 6, g mod 11 = 2 Use CRT: g = 154.6 + 34.2 mod 187 = 57
EXAMPLE RSA COMPUTATION
SECURITY OF RSA Brute-Force Attacks – try all possible private keys. Mathematical Attacks - all equivalent to factoring n. Timing Attacks - depend on running time of decryption algorithm.
Progress in Factorisation Table 9.3
MIPS-years NEEDED TO FACTOR
TIMING ATTACKS ON RSA - countermeasures For Decryption: Constant exponentiation time Random delay Blinding Generate random r C’ = Cre M’ = C’d M = M’r-1