Presentation is loading. Please wait.

Presentation is loading. Please wait.

Attacks on Public Key Encryption Algorithms

Published byDiana McLaughlin Modified over 6 years ago

Similar presentations

Presentation on theme: "Attacks on Public Key Encryption Algorithms"— Presentation transcript:

1 Attacks on Public Key Encryption Algorithms
CSCI 5857: Encoding and Encryption

2 Outline Short message attacks Timing attacks
Optimal Asymmetric Encryption Padding Timing attacks Blinding against timing attacks

3 Short Message Attacks Typical use of public key algorithm: Generating short messages Symmetric keys (used then to send rest of message) Social security numbers, etc. Idea: Adversary acquires public key E, n Uses them to encrypt all possible messages that may be sent (plausible if messages are short enough!) and stores in table Intercepts encrypted message C and searches for match in the table Adversary can recover plaintext without decryption key!

4 Short Message Attack Example (1)
Example: Darth knows that Bob will use Alice’s public key to send her a Social Security Number (9 digits)

5 Short Message Attack Example (2)
Darth uses Alice’s public key KPU to encrypt all possible Social Security Numbers (only a billion)

6 Short Message Attack Example (3)
Darth intercepts Bob’s SSN encrypted with Alice’s public key Searches for match in table of encrypted values

7 Short Message Attack Solutions
Solution: Pad message to M bits M large enough so adversary can’t generate all 2M possible messages (extra bits must be randomly chosen) Can’t just add extra bits to end – still possibly vulnerable Optimal Asymmetric Encryption Padding (OAEP) Additional bits used as “mask” to conceal plaintext Mask generated randomly Mask data sent as part of encrypted message for decryption Based on cryptographic hash (more later)

8 Optimal Asymmetric Encryption Padding
Message padded to m bits Random bits r mask padded message Run through hash function G XOR’d with padded message to give P1 Masked message mask random bits Masked message run through hash function H XOR’d with random bits to give P2 Masked message and random bits (P1 and P2) encrypted and sent

9 OAEP Decryption Decryption:
Ciphertext decrypted to get masked message and random bits (P1 and P2) Masked message P1 run through hash function H and XOR’d with P2 to recover r r run through hash function G and XOR’d with P1 to recover original padded plaintext

10 Timing Attacks Encryption/decryption times may not be constant for all algorithms Times may be function of: Plaintext, Ciphertext Keys Adversary can observe timing in different ways Overall time Processor cycles Power consumption…

11 Fast Modular Exponentiation
Fast modular exponentiation algorithm used for decryption to compute CD mod n: result = 1 for (i = 0 to number of bits in D - 1) { if (ith bit of D = 1) result = (result * C) mod n C = C2 mod n } Speed of decryption depends on number of 1’s in binary key D Each 1 requires additional multiplication operation Each 0 skips that step

12 Timing Attacks to Recover Key
If adversary knows the following: Ciphertext C Can compute how long it takes to multiply ciphertext and compute mods That is, how long a 1 or a 0 takes to decrypt Total time decryption takes They could compute number of 1’s in private D Given enough known plaintexts, can reliably guess D completely

13 Timing Attacks on RSA Darth infiltrates organization
Requests secure data from database Observes ciphertext Times processor cycles required by decryption Guesses properties of key

14 Timing Attack Solutions
“Pad” algorithm so all decryptions take same time for (i = 0 to number of bits in D - 1) { if (ith bit of D = 1) result = (result * C) mod n else garbageVariable = (result * C) mod n C = C2 mod n } Disadvantage: All decryptions now run no faster than the worst possible case

15 Blinding Solution Attacker cannot reliably perform timing attack unless they know the C value being decrypted Remove attacker’s ability to know the C used in the fast modular exponentiation Compute fast exponentiation on a value other than C Use that value to recover the plaintext Used by commercial versions of RSA

16 Blinding Timing Attacks
Algorithm: Select random r < modulus n Compute C1 = C  r E mod n Compute P1 = C1D mod n = (C  r E )D mod n = (CD mod n  r ED mod n ) mod n = (P  r ) mod n Compute P = (P1  r -1 ) mod n

17 Timing Attacks on Other Ciphers
Based on implementation of algorithm, not underlying mathematics Any cryptosystem that has a component that takes different time for different keys may be vulnerable Current research: AES MixColumns stage uses matrix multiplication More 0’s in state  Faster matrix multiplication May be able to recover intermediate states based on run time

18 What’s Next Let me know if you have any questions
Continue on to the next lecture on Elgamal Public Key Encryption

Download ppt "Attacks on Public Key Encryption Algorithms"

Similar presentations

CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.

CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.
Public Key Encryption Algorithm

Public Key Encryption Algorithm
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)

Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
Public Encryption: RSA

Public Encryption: RSA
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Database Key Management CSCI 5857: Encoding and Encryption.

Database Key Management CSCI 5857: Encoding and Encryption.
Public Key Model 8. Cryptography part 2.

Public Key Model 8. Cryptography part 2.
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.

Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
History and Background Part 1: Basic Concepts and Monoalphabetic Substitution CSCI 5857: Encoding and Encryption.

History and Background Part 1: Basic Concepts and Monoalphabetic Substitution CSCI 5857: Encoding and Encryption.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.

Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Elgamal Public Key Encryption CSCI 5857: Encoding and Encryption.

Elgamal Public Key Encryption CSCI 5857: Encoding and Encryption.
Cryptography: RSA & DES Marcia Noel Ken Roe Jaime Buccheri.

Cryptography: RSA & DES Marcia Noel Ken Roe Jaime Buccheri.

Similar presentations

Ads by Google