Dan Boneh Public Key Encryption from trapdoor permutations RSA in practice Online Cryptography Course Dan Boneh.

Slides:



Advertisements
Similar presentations
Side-Channel Attacks on RSA with CRT Weakness of RSA Alexander Kozak Jared Vanderbeck.
Advertisements

ElGamal Security Public key encryption from Diffie-Hellman
Trusted 3rd parties Basic key exchange
Dan Boneh Stream ciphers Real-world Stream Ciphers Online Cryptography Course Dan Boneh.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Dan Boneh Public key encryption from Diffie-Hellman ElGamal Variants With Better Security Online Cryptography Course Dan Boneh.
Public Key Encryption Algorithm
Notation Intro. Number Theory Online Cryptography Course Dan Boneh
Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.
7. Asymmetric encryption-
The RSA Cryptosystem Dan Boneh Stanford University.
Mid-term Review Network Security. Secure channel SSL SSL (and many others: incl. IPSEC) Shared key establishing Trusted party (Kerberos, etc. - to be.
RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem
The RSA Cryptosystem Dan Boneh Stanford University.
A Designer’s Guide to KEMs Alex Dent
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Mid-term Review Network Security. Secure channel SSL (and many others:incl. IPSEC) Shared key establishing Trusted party (Kerberos, etc. - to be covered)
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Dan Boneh Basic key exchange The Diffie-Hellman protocol Online Cryptography Course Dan Boneh.
Dan Boneh Public Key Encryption from trapdoor permutations The RSA trapdoor permutation Online Cryptography Course Dan Boneh.
 Introduction  Requirements for RSA  Ingredients for RSA  RSA Algorithm  RSA Example  Problems on RSA.
1 CIS 5371 Cryptography 8. Asymmetric encryption-.
Dan Boneh Authenticated Encryption Definitions Online Cryptography Course Dan Boneh.
Dan Boneh Intro. Number Theory Intractable problems Online Cryptography Course Dan Boneh.
Dan Boneh Public Key Encryption from trapdoor permutations Public key encryption: definitions and security Online Cryptography Course Dan Boneh.
Dan Boneh Authenticated Encryption Case study: TLS Online Cryptography Course Dan Boneh.
Dan Boneh Odds and ends Key Derivation Online Cryptography Course Dan Boneh.
Dan Boneh Stream ciphers The One Time Pad Online Cryptography Course Dan Boneh.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Lecture 3.2: Public Key Cryptography II CS 436/636/736 Spring 2014 Nitesh Saxena.
Dan Boneh Public key encryption from Diffie-Hellman The ElGamal Public-key System Online Cryptography Course Dan Boneh.
RSA Implementation. What is Encryption ? Encryption is the transformation of data into a form that is as close to impossible as possible to read without.
Cryptography: RSA & DES Marcia Noel Ken Roe Jaime Buccheri.
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
1 Lect. 13 : Public Key Encryption RSA ElGamal. 2 Shamir Rivest Adleman RSA Public Key Systems  RSA is the first public key cryptosystem  Proposed in.
Dan Boneh Block ciphers More attacks on block ciphers Online Cryptography Course Dan Boneh.
Lecture 3.4: Public Key Cryptography IV CS 436/636/736 Spring 2013 Nitesh Saxena.
Improving Encryption Algorithms Betty Huang Computer Systems Lab
Day 37 8: Network Security8-1. 8: Network Security8-2 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key:
Dan Boneh Public Key Encryption from trapdoor permutations Is RSA a one-way function? Online Cryptography Course Dan Boneh.
Private-Key Cryptography  traditional private/secret/single key cryptography uses one key  shared by both sender and receiver  if this key is disclosed.
PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 23/10/2015 | pag. 2.
1 Number Theory and Advanced Cryptography 5. Cryptanalysis of RSA Chih-Hung Wang Sept Part I: Introduction to Number Theory Part II: Advanced Cryptography.
Dan Boneh Public Key Encryption from trapdoor permutations PKCS 1 Online Cryptography Course Dan Boneh.
Some Number Theory Modulo Operation: Question: What is 12 mod 9?
Dan Boneh Using block ciphers Modes of operation: many time key (CBC) Online Cryptography Course Dan Boneh Example applications: 1. File systems: Same.
Dan Boneh Public key encryption from Diffie-Hellman The ElGamal Public-key System Online Cryptography Course Dan Boneh.
Attacking RSA Brian Winant Reference “Twenty Years of Attacks on the RSA Cryptosystem” By Dan Boneh In Notices of the American Mathematical.
PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description.
1 Hello World and Welcome to The simple crypt Key=23 {txzr7c x7Cr 7d~zg{r 7tengc Private-key Cryptography.
Template vertLeftWhite2 Authenticated Encryption Attacking non-atomic decryption Online Cryptography Course Dan Boneh.
Remote Timing Attacks are Practical David Brumley Dan Boneh [Modified by Somesh.
Tae-Joon Kim Jong yun Jun
Dan Boneh Basic key exchange Trusted 3 rd parties Online Cryptography Course Dan Boneh.
Dan Boneh Introduction Course Overview Online Cryptography Course Dan Boneh.
Understanding Cryptography – A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl Chapter 7 – The RSA Cryptosystem.
Computer Security Lecture 5 Ch.9 Public-Key Cryptography And RSA Prepared by Dr. Lamiaa Elshenawy.
DIGITAL SIGNATURE IMPLEMENTATION
Dan Boneh Intro. Number Theory Fermat and Euler Online Cryptography Course Dan Boneh.
Lecture 3 (Chapter 9) Public-Key Cryptography and RSA Prepared by Dr. Lamiaa M. Elshenawy 1.
Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption.
Dan Boneh Public Key Encryption from trapdoor permutations Constructions Online Cryptography Course Dan Boneh Goal: construct chosen-ciphertext secure.
RSA Pubic Key Encryption CSCI 5857: Encoding and Encryption.
Dan Boneh Authenticated Encryption CBC paddings attacks Online Cryptography Course Dan Boneh.
@Yuan Xue Announcement Project Release Team forming Homework 1 will be released next Tuesday.
RSA Algorithm Date: 96/10/17 Wun-Long Yang. Outline Introduction to RSA algorithm RSA efficient implementation & profiling.
Dan Boneh Public Key Encryption from trapdoor permutations Public key encryption: definitions and security Online Cryptography Course Dan Boneh.
1 Why Textbook ElGamal and RSA Encryption Are Insecure Dan Boneh, Antoine Joux, and Phong Q. Nguyen, ASIACRYPT 2000 Kim Pecina MMCI, Saarland University.
Attacks on Public Key Encryption Algorithms
Introduction to Cryptography
Presentation transcript:

Dan Boneh Public Key Encryption from trapdoor permutations RSA in practice Online Cryptography Course Dan Boneh

Dan Boneh RSA With Low public exponent To speed up RSA encryption use a small e: c = m e (mod N) Minimum value: e=3 ( gcd(e,  (N) ) = 1) Recommended value: e=65537= Encryption: 17 multiplications Asymmetry of RSA: fast enc. / slow dec. – ElGamal (next module) : approx. same time for both.

Dan Boneh Key lengths Security of public key system should be comparable to security of symmetric cipher: RSA Cipher key-sizeModulus size 80 bits 1024 bits 128 bits 3072 bits 256 bits (AES) bits

Dan Boneh Implementation attacks Timing attack: [Kocher et al. 1997], [BB’04] The time it takes to compute c d (mod N) can expose d Power attack: [Kocher et al. 1999) The power consumption of a smartcard while it is computing c d (mod N) can expose d. Faults attack: [BDL’97] A computer error during c d (mod N) can expose d. A common defense:: check output. 10% slowdown.

Dan Boneh An Example Fault Attack on RSA (CRT) A common implementation of RSA decryption: x = c d in Z N decrypt mod p: x p = c d in Z p decrypt mod q: x q = c d in Z q Suppose error occurs when computing x q, but no error in x p Then: output is x’ where x’ = c d in Z p but x’ ≠ c d in Z q ⇒ (x’) e = c in Z p but (x’) e ≠ c in Z q ⇒ gcd ( (x’) e - c, N ) = p combine to get x = c d in Z N

Dan Boneh RSA Key Generation Trouble [Heninger et al./Lenstra et al.] OpenSSL RSA key generation (abstract): Suppose poor entropy at startup: Same p will be generated by multiple devices, but different q N 1, N 2 : RSA keys from different devices ⇒ gcd(N 1,N 2 ) = p prng.seed(seed) p = prng.generate_random_prime() prng.add_randomness(bits) q = prng.generate_random_prime() N = p*q

Dan Boneh RSA Key Generation Trouble [Heninger et al./Lenstra et al.] Experiment: factors 0.4% of public HTTPS keys !! Lesson: – Make sure random number generator is properly seeded when generating keys

Dan Boneh Further reading Why chosen ciphertext security matters, V. Shoup, 1998 Twenty years of attacks on the RSA cryptosystem, D. Boneh, Notices of the AMS, 1999 OAEP reconsidered, V. Shoup, Crypto 2001 Key lengths, A. Lenstra, 2004

Dan Boneh End of Segment

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.