 # Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

## Presentation on theme: "Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh."— Presentation transcript:

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh

What we have looked at so far 2 CRYPTOLOGY CRYPTOGRAPHYCRYPTANALYSIS Private Key (Secret Key) Public Key Block CipherStream CipherInteger Factorization Discrete Logarithm

Outline 3  Problems with secret key schemes  Public key cryptography  Integer factorization  Discrete logarithms  How to achieve confidentiality, authentication, or both

Conventional Encryption Model 4 EncryptDecrypt Key Source Insecure channel AliceBob y xx y = e k (x) : Ciphertext x = d k (y) : Plaintext k k Oscar Secure Channel

Secret Key Cryptosystems 5  Block ciphers and stream ciphers  Use the same secret key on both sides for encryption and decryption  Operations for e k and d k are identical  A separate key for each communication Alice Bob Carol K bob&Carol K Alice&Bob K Alice&Carol

Problems with Secret Key Schemes 6  Key distribution and management is a problem  If the key is disclosed, communications are compromised  How many secret keys do we need?  How to provide non-repudiation?  What if a receiver forges a message and claims that is sent by a sender! Both have access to the secret key!  Authentication, which secret key cryptosystems do not provide

Problems with Secret Key Schemes (cont.) 7  A secret key algorithm implies every pair of communicating entities share a secret key  Total number of keys is O(n 2 )  For n users, we need n(n – 1)/2 pairs of keys  It is like having a mailbox for EACH pair of communicating people Alice Bob Carol Dan

Solution 8  One mailbox for one person  Make a SLOT in the mailbox  Everyone (including Oscar) can deposit messages in the mailbox  Only the owner of the mailbox can recover the messages  So now for n users we only need n mailboxes and n keys

Why Public Key Cryptography? 9  Developed to address two key issues:  Key distribution – how to have secure communications in general without having to trust a KDC with your key (Confidentiality)  Digital signatures – how to verify a message comes intact from the claimed sender (non-repudiation)

Public Key Cryptography 10  Pioneered by Whitfield Diffie and Martin Hellman in 1976  Public-key / two-key / asymmetric cryptography involves the use of two keys:  Public-key (KU)  Is known to everyone, used to encrypt messages and verify signatures  (Slot in the mailbox)  Private-key (KR)  known only to the recipient, used to decrypt messages and sign (create signatures)  (Actual key to open the mailbox)  Public Key Cryptography is asymmetric because  Those who encrypt messages or verify signatures cannot decrypt messages or create signatures

Public Key Encryption Model 11 EncryptDecrypt Insecure channel Alice Bob y xx y = e ku (x) : Ciphertext x = d kr (y) : Plaintext ku bob kr bob Oscar knows ku bob

Requirements 12  It is easy to encrypt using the public key KU  It is easy to decrypt using the private key KR  It is computationally infeasible to determine the private key given the public key  It is computationally infeasible to determine the plaintext x given the ciphertext y and the public key KU  It should be easy to generate a public key-private key pair  Encryption and decryption should be inverse functions  d KR (e KU (x)) = x

What can satisfy these requirements? 13  There is a need for a mathematical function unlike secret key cryptosystems  One way functions:  Every function value has a unique inverse  Calculating y = f (x) is easy  Calculating x = f -1 (y) is not feasible  Examples:  Integer factorization  Discrete logarithms

Integer Factorization 14  Multiplication is easy  7  17  109  151 = 195821  Integer factorization is difficult  30616693 = ?  ?  ?  ?  Answer: 47  59  61  181  Used in RSA

Discrete Logarithm 15  EASY: Modular exponentiation  2 23 mod 109 = ?  2 23 = 8388608  77 mod 109  DIFFICULT: Discrete logarithm  2 x mod 109 = 68 : Find x  x = log 2 68 mod 109  One way to solve it: Brute Force  Answer: x = 15  Used in Diffie-Hellman Key Exchange, ElGamal Encryption Scheme, and Elliptic Curves

Trapdoor One-Way Functions 16  A special kind of one-way function that is hard to invert unless some secret information, called the trapdoor, is known  Every function value has a unique inverse  There are two related keys k 1 and k 2  Calculating y = f (k 1, x) is easy  Calculating x = f -1 (k 2, y) is easy if k 2 is known. It is infeasible if k 2 is not known and only k 1 is known  Finding k 2 given k 1 is very hard

Providing Confidentiality 17 plaintext message, m ciphertext encryption algorithm decryption algorithm Bob’s public key plaintext message e KU (m) KU B Bob’s private key KR B m = d KR ( e KU (m) ) B BB

Providing Authentication 18 plaintext message, m ciphertext encryption algorithm decryption algorithm plaintext message Alice’s public key KU A Alice’s private key KR A Bob’s public key KU B Bob’s private key KR B m = d KR ( e KU (m) ) BB e KR (m) B

Providing Authentication & Confidentiality 19 plaintext message, m encryption algorithm encryption algorithm decryption algorithm C decryption algorithm plaintext message C ’C e KR (m) A e KU ( e KR (m) ) BA d KR ( e KU ( e KR (m) ) ) BA B d KU ( e KR (m) ) AA

Remarks 20  Single most major advance in cryptography  Much slower than private key cryptosystems  Used primarily for signatures and key exchange rather than bulk data encryption  Vulnerable to brute force attacks  Vulnerable to mathematical analysis  Note that KU and KR are related  Key sizes are much larger than those in secret key algorithms  Probable message attack  KU is known  If the number of messages is small, Oscar can encrypt all possible messages to break the system

Public Key Algorithms and Security 21  Three different popular algorithms  RSA (integer factorization)  ElGamal (discrete logarithms on prime number fields)  Menezes-Vanstone (discrete logarithms on elliptic curves)  Keys sizes for security  1024 bits for RSA and ElGamal  160 bits for Menezes-Vanstone  80 bits for block ciphers