Public Key Cryptography July 2011

Topics  Symmetric and Asymmetric Cryptography  Public Key Cryptography  Digital Signatures  Digital Certificates

The briefcase example with shared key

Private-Key Cryptography  Traditional private/secret cryptography uses one key  Shared by both sender and receiver  If this key is disclosed, communications are compromised  Symmetric : keys used in parties are equal  No protection of sender from receiver forging a message & claiming is sent by sender

Symmetric Key Cryptography Encryption “ “ The quick brown fox jumps over the lazy dog” “ “ AxCv;5bmEseTfid3)fGsmW e#4^,sdgfMwir3:dkJeTsY8R “The quick brown fox jumps over the lazy dog” Decryption Plain-text input Plain-text output Cipher-text Same key (shared secret)

Symmetric Pros and Cons  Strength:  Simple and really very fast (order of 1000 to faster than asymmetric mechanisms)  Super-fast (and somewhat more secure) if done in hardware (3DES, Rijndael)  Weakness:  Must agree the key beforehand  Securely pass the key to the other party

Key Distribution Problem  In symmetric key cryptosystems  Over complete graph with n nodes, n C 2 = n(n-1)/2 pairs secret keys are required.  Example: n=100, 99 x 50 = 4,950 keys are required  Problem: Managing large number of keys and keeping them in a secure manner is difficult Secret keys are required between (a,b), (a,c), (a,d), (a,e), (b,c), (b,d), (b,e), (c,d), (c,e), (d,e) b a c d e

The briefcase example with unshared key The briefcase has to be sent back and forward three times, which seems pretty inefficient.

9 Desirable properties Use briefcase example to come up with a specification that are desirable for any cipher system that is to be used between two entities who do not already share a symmetric key.

Topics  Symmetric and Asymmetric Cryptography  Public Key Cryptography  Digital Signatures  Digital Certificates

Public-Key Cryptography  Probably most significant advance in the history of cryptography  Uses two keys – a public & a private key  One for encryption and another one for decryption  Knowledge of the encryption key doesn’t give knowledge of the decryption key  Asymmetric since parties are not equal  Uses number theoretic concepts to function  Complements rather than replaces private key crypto

Analogy

Public-Key Cryptography issues  Developed to address two key issues:  key distribution – how to have secure communications in general without having to trust a KDC with your key  digital signatures – how to verify a message comes intact from the claimed sender

The Two Keys  Each party has two keys Alice’s Private key Alice’s Public key Alice Bob’s Private key Bob’s Public key Charlie’s Private key Charlie’s Public key BobCharlie

Main uses of Each Key  A public-key  Public to anybody  used to encrypt messages and verify signatures  A private-key  known only to the owner  used to decrypt messages, and sign (create) signatures

How does 2 different keys work?  Just an very simple example:  Public Key = 4, Private Key = 1/4, message M = 5  Encryption:  Ciphertext C = M * Public Key  5 * 4 = 20  Decryption:  Plaintext M = C * Private Key  20 * ¼ = 5

An Example: Internet Commerce  Bob wants to use his credit card to buy some brownies from Alice over the Internet.  Alice sends her public key to Bob.  Bob uses this key to encrypt his credit-card number and sends the encrypted number to Alice.  Alice uses her private key to decrypt this message (and get Bob’s credit-card number).

Public Key Encryption Encryption “The quick brown fox jumps over the lazy dog” “Py75c%bn&*)9|fDe^bDFa Md’rkvegMs” “The quick brown fox jumps over the lazy dog” Decryption Clear-text Input Clear-text Output Cipher-text Different keys Recipient’s public key Recipient’s private key private public

Hybrid Encryption Systems  All known public key encryption algorithms are much slower than the fastest secret-key algorithms.  In a hybrid system, Alice uses Bob’s public key to send him a secret shared session key.  Alice and Bob use the session key to exchange information.

Topics  Symmetric and Asymmetric Cryptography  Public Key Cryptography  Digital Signatures  Digital Certificates

A Digital Signature  Digital data that carries the intent of a signature related to a digital document  Use to demonstrate the authenticity of a digital message or document  A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit

Sender: Creating a Digital Signature 3kJfgf*£$& Py75c%bn This is the document created by Charlotte Message or File Digital Signature Message Digest Calculate a short message digest from even a long input using a one-way message digest function (hash) Charlotte’s private key priv Generate Hash SHA, MD5 Asymmetric Encryption RSA This is the document created by Charlotte 3kJfgf*£$& Signed Document (Typically 128 bits)

Receiver: Verifying a Digital Signature RSA This is the document created by Charlotte 3kJfgf*£$& Signed Document Py75c%bn Message Digest Generate Hash Charlotte's public key (from certificate) Asymmetric Decryption pub Digital Signature Py75c%bn Equal??

Topics  Symmetric and Asymmetric Cryptography  Public Key Cryptography  Digital Signatures  Digital Certificates

25  The simplest certificate just contains:  A public key  Information about the entity that is being certified to own that public key  … and the whole is  Digitally signed by someone trusted (like your friend or a CA) 2wsR46%frd EWWrswe(*^ $G*^%#%# %DvtrsdFDfd 3%.6,7 What is a Certificate ? pub 3kJfgf*£$&4d *gd7dT Certificate This public key belongs to Charlotte Digital Signature Can be a person or a computer or a device..

26 X.509 Certificate Who is the owner, CN=Charlotte,O=CERN,C=CH The public key or info about it Who is signing, O=CERN,C=CH Serial Number X.500 Subject Extensions X.500 issuer Expiration date Public Key CA Digital Signature Certificate Info See later why expiration date is important Additional arbitrary information … of the issuer, of course

Elements of Digital Cert.  A Digital ID typically contains the following information:  Your public key, Your name and address  Expiration date of the public key, Name of the CA who issued your Digital ID

Certificate Validation  Essentially, this is just checking the digital signature  But you may have to “walk the path” of all subordinate authorities until you reach the root  Unless you explicitly trust a subordinate CA Check DS of Foobar “In BigRoot We Trust” (installed root CA certificate) Public key Certificate This public key belongs to Charlotte CERN Digital Signature Issued by: CERN Public key Certificate This public key belongs to CERN BigRoot Digital Signature` : Issued by: BigRoot Public key Certificate This public key belongs to BigRoot BigRoot Digital Signature Issued by: BigRoot Check DS of CERN

Q&A