1. PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9
Principles
Applications
Requirements
RSA Algorithm
Description
Security

2. PUBLIC-KEY CRYPTOGRAPHY (PKC) – A New Idea
Historically – Symmetric-Key (one key)
substitution (confusion)
permutation (diffusion)
More Recently – Asymmetric-Key (two keys)

3. MISCONCEPTIONS PKC vs Symmetric Encryption
PKC more secure than symmetric encryp WRONG!!
PKC more useful than symmetric encryp.
WRONG!! – PKC costly
PKC doesn’t need complicated protocol
WRONG!!

4. PKC - USES
Key Management
Signature

5. Plaintext – input to encryp. algorithm output from decryp. algorithm
PKC – SIX INGREDIENTS
Plaintext – input to encryp. algorithm
output from decryp. algorithm
Encryp. Algorithm – acts on plaintext
- controlled by public or private key
Public and Private Key
- one for encryption
- one for decryption
Ciphertext – output from encryp. algorithm
input to decryp. algorithm
Decryp. Algorithm – acts on ciphertext

6. Each user generates two related keys - PUBLIC and PRIVATE
PKC – STEPS
Each user generates two related keys
- PUBLIC and PRIVATE
2. Each user makes:
public key  PUBLIC
private key  PRIVATE
access  ALL public keys
3. BOB: Encr(plaintext,PUBLICAlice) ciphertext ALICE
4. ALICE: Decr(ciphertext,PRIVATEAlice)

7. PKC for a) ENCRYPTION b) AUTHENTICATION

8. KEYS EASILY UPDATED ANY Private/Public key pair can be changed.
At ANY TIME,
ANY Private/Public key pair can be changed.
Public key should be made public IMMEDIATELY

9. Asymmetric-Key (PKC): One PRIVATE KEY One PUBLIC KEY
CIPHER TERMINOLOGY
Symmetric-Key:
One SECRET KEY
Asymmetric-Key (PKC):
One PRIVATE KEY
One PUBLIC KEY

10. CONFIDENTIALITY

11. AUTHENTICATION (source) (Integrity/Signature)

12. CONFIDENTIALITY and AUTHENTICATION

13. APPLICATIONS OF PKC Encryp./Decryp.
Sender encrypts with RECIPIENT’S PUBLIC key.
Applied to ALL of message.
Digital Signature
Sender signs with SENDER’S PRIVATE key.
Applied to ALL or PART of message.
Key Exchange
Uses one or more PRIVATE keys.
Several approaches

14. APPLICATIONS OF PKC
Table 9.2

15. ONE-WAY FUNCTION Every value has an inverse Y = F(X)  X = F-1(Y)
Y = F(X) easy
X = F-1(Y) infeasible
easy – polynomial time (poly in message length)
infeasible - > poly time (e.g. exp. in message length)

16. TRAP-DOOR ONE-WAY FUNCTION (e.g. PKC)
Y = fk(X) easy if k and X known
X = fk-1(Y) - easy if k and Y known
X = fk-1(Y) - infeasible if only Y known

17. PKC – THE PROBLEM OF KEY SIZE
Brute-Force Attack  Use LARGE keys
But,
PKC COMPLEXITY GROWS fast with key size
So,
PKC TOO COMPLEX encryp/decryp
PKC only for key management
and signature

18. RSA ALGORITHM PKC: 1960’s (NSA) 1970 Ellis – CESG
Diffie and Hellman
RSA: Cocks – CESG
Rivest, Shamir, Adleman
- MIT

19. RSA Plaintext and Ciphertext integers between 0 and n-1
i.e. k bits, 2k < n <2k+1
Encryption: C = Me mod n
Decryption: M = Cd mod n = (Me)d mod n
= Med mod n

20. RSA (continued) Receiver knows n,d  PUBLIC key, KU = {e,n}
Sender knows n,e
Receiver knows n,d
 PUBLIC key, KU = {e,n}
 PRIVATE key, KR = {d}

21. PKC REQUIREMENTS OF RSA
1. There exists e,d,n s.t. Med = M mod n
2. Easy to calculate Me and Cd given {M,e} or {C,d}, resp.
3. Infeasible to find d given {e,n}

22. EXAMPLE p = 17, q = 11 n = p.q = 187 mod p = 17,
{1,6,62,63,64,65,66,67,68,69,610,611,612,613,614,615}
= {1,6,2,12,4,7,8,14,16,11,15,5,13,10,9,3}
Mod p = 11
{1,2,4,8,5,10,9,7,3,6}

23. EXAMPLE
57 = (6,2), 572 = (2,4), 573 = (12,8), 574 = (4,5)

24. EXAMPLE Chinese Remainder Theorem
We want number, g, between 1 and 186 s.t g mod 17 = 6, g mod 11 = 2
Use CRT:
g = mod 187 = 57

25. EXAMPLE RSA COMPUTATION

26. SECURITY OF RSA Brute-Force Attacks – try all possible private keys.
Mathematical Attacks
- all equivalent to factoring n.
Timing Attacks
- depend on running time of
decryption algorithm.

27. Progress in Factorisation
Table 9.3

28. MIPS-years NEEDED TO FACTOR

29. TIMING ATTACKS ON RSA - countermeasures
For Decryption:
Constant exponentiation time
Random delay
Blinding
Generate random r
C’ = Cre
M’ = C’d
M = M’r-1