Presentation is loading. Please wait.

Presentation is loading. Please wait.

Outline Review of RSA Discrete logarithms Testing for primality Key management in public-key cryptosystem Diffie-Hellman Key exchange.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Outline Review of RSA Discrete logarithms Testing for primality Key management in public-key cryptosystem Diffie-Hellman Key exchange."— Presentation transcript:

1 Outline Review of RSA Discrete logarithms Testing for primality Key management in public-key cryptosystem Diffie-Hellman Key exchange

2 Revisit proof of RSA If (a×b) ≡ (a×c) mod n then b ≡ c mod n True if a is relatively prime to n Suppose b > c ab – ac = kn a(b-c) = kn   b-c = kn a b-c = qn gcd(a,n)=1 Ex. 2x1 mod 8 = 2 2x5 mod 8 = 2 1 ≡ 5 mod 8

3 Proof of Fermat ’ s law Recall: p is a prime, Z p is a Galois Field Any a multiplied by {1,2,…,p-1} will span {1,2, …,p-1} in some order {a mod p, 2a mod p,…, (p-1)a mod p} 等於 {1,2,…,p-1} 的重排 1 左邊集合內元素都與 p 互質 2 ax ≡ ay mod p => x ≡ y mod p  左邊集合內的元素都不同

4 Proof for Euler ’ s theorem a ø(n) ≡ 1 mod n, gcd(a,n)=1 n is a prime => Fermat ’ s theorem Arbitrary n: ø(n) means the number of integers that is relatively prime to n, denote the set of integers as Multiply each by a, modulo n: S is a permutation of R !!! * a is relatively prime to n, and x i is relative prime to n => so does ax i * There is no duplicate in S

5 RSA concept n=pq, p and q are primes 1 2 3 4. pq-2 pq-1 a 1111...111111...11 a  n) Euler’s formula: a2a2 a3a3 a  n)-1 1. 2. a  n) … a 3. a  n) … a a aeae a k  n)+1 (a e ) d

6 RSA algorithm : key generation and encryption/decryption 1. Select primes p and q (p  q). 2. Calculate n=pq. 3. Calculate  (n)=(p-1)(q-1) 4. Select e that is relative prime to and less than  (n) 5. Determine d such that de ≡ 1 mod  (n), and d<  (n) (d is the multiplicative inverse of e, find it using Extended Euclid ’ s algorithm) Example: p=17, q=11 n= 17x11 = 187  (n)= 16x10 = 160 e = 7 d = 23

7 RSA encryption/decryption example Public key: KU={e,n}={7,187} Private key: KR={d,n}={23,187}

8 Computational issues in RSA Select primes p and q (p  q) How to select a large prime? (Chap. 8.3) Calculate d such that d ≡ e -1 mod  (n) How to compute multiplicative inverse? => Extended Euclid ’ s algorithm (Chap. 4.4) Encryption: M = C d mod n How to compute exponentiation fast?

9 Computation issues – encryption/decryption Modular exponentiation: Fast algorithm use the property: Write exponential d as binary number: b k b k-1 …b 1 b 0 ex. 23 10 = 10111 2 = 2 4 +2 2 +2 1 +2 0 M = C d mod n (a x b) mod n = (a mod n) x (b mod n) mod n 11 23 mod 187 =(11 16 ×11 4 ×11 2 ×11 1 ) mod 187 =[(11 16 mod 187)×(11 4 mod 187)×(11 2 mod 187)×(11 1 mod 187)] mod 187 =…=88

10 Pseudo-code for fast exponentiation: a b mod n c=0; /* c will be the exponent at last */ d=1; /* d will be the a b mod n at last */ for(i=k; i>=0; i--){ /* k+1 bits for b */ c = 2*c; d = (d*d) mod n; if ( b i == 1 ){ c = c+1; d = (d*a) mod n } Timing attacks If this bit is 1, exec. time will be slower

11 Resist to timing attacks Constant exponentiation time return the results of exponentiation after a fixed time Random delay Add random delay to the exp. execution time Blinding Multiply ciphertext by a random number

12 Outline Review of RSA Discrete logarithms Testing for primality Key management in public-key cryptosystem Diffie-Hellman Key exchange

13 The power of an integer, modulo n Euler ’ s formula (1): a ø(n) ≡ 1 mod n, gcd(a,n)=1 General form (2): a m ≡ 1 mod n, gcd(a,n)=1 There is at least one m (m  n)) satisfies (2) For any 0<a<n, the least positive m satisfies (2) is referred as The order of a (mod n) The exponent to which a belongs (mod n) The length of the period generated by a

14 Example: modulo 19 Euler’s formula period = 9 period = 3 4 ? ≡ 17 mod 19 Primitive root of 19: 1.period = 18 2.Span {1,…,18}

15 Discrete logarithms For real numbers: y = x r For prime integer p, and its primitive root a There is a unique i such that => log x y = r b ≡ a i mod p where 0 ≤ i ≤ (p-1) Given b, a, and p, we can find a unique i => ind a,p (b) = i Unique discrete logarithm mod m to some base a exist only if a is a primitive root of m

16 Example: discrete log, mod 19

17 Calculation of discrete log Equation: b = a i mod p Calculation of power is straightforward Calculation of discrete log (if exists) is hard !!! => The same complexity of factoring primes Not feasible for large primes

18 Outline Review of RSA Discrete logarithms Testing for primality Key management in public-key cryptosystem Diffie-Hellman Key exchange

19 How to select a large prime? In RSA, we have to select two primes p and q (p  q) select e or d (that is relatively prime to  (n)) p, q, e, d must be sufficiently large to avoid exhaustive search attack However, no useful method to generate arbitrarily large primes Sol: pick at random an odd number of the desired order of magnitude, and test whether it is a prime

20 Test for primality Miller-Rabin algorithm: decide whether a number is a prime with a bounded error probability Given an odd integer n for test Factor (n-1) as Choose an integer a, 1<a<n-1 Ex. n = 29 n-1 = 2 k q, k > 0, q odd 28 = 2 2 (7) Recall Fermat’s theorem: a n-1 ≡ 1 mod n if n is a prime a = 10 generate a q,a 2q, …,a 2 q,a 2 q mod n k-1 k 10 7,10 2x7,10 4x7 mod 29 =17, 28, 1 See next page

21 Test for primality (cont.) For a given integer a generate a q,a 2q, …,a 2 q,a 2 q mod n k-1 k … square If n is a prime, a 2 q =a n-1 ≡ 1 mod n k However, we don’t have to test until a 2 q k If this number a q mod n = 1 or -1 Then (a q ) 2 mod n = 1 (a q ) 4 mod n = 1 … (a q ) 2 mod n = 1 k If this number a 2q mod n = -1=(n-1) Then (a q ) 2 mod n = 1 k

22 Repeated use of Miller-Rabin Algorithm Fermat ’ s theorem: a n-1 ≡ 1 mod n, for all 0<a<n, if n is a prime It has been shown that, for one random chosen integer a, the probability of false positive is less than 1/4 Run M-R test 2 times with different a => Prob = (1/4) 2 (n 非質數,但是偵測為質數 ) Run M-R test t times with different a => Prob = (1/4) t

23 How many integers to test to find a prime? Prime number theory: the primes near n are spaced on the average one every ln (n) integers Discard even integers, and ending with digit 5 => test about 0.4ln (n) numbers Ex. prime on the order of magnitude of 2 200 (200 bits) => 0.4ln (2 200 ) = 55 trails to find a prime 1n no. of primes n = ln (n) Density of prime?

24 How to generate public/private keys? Q: select e or d that is relatively prime to  (n)? A: Extended Euclid’s algorithm Test gcd(e,  (n)) = 1? Calculate the multiplicative inverse at the same time if they are relatively prime Procedure: Generate a series of random numbers, test each against  (n) How many random numbers to test? The prob. that two random numbers are relatively prime is about 0.6 (problem 8.1)

25 Outline Review of RSA Discrete logarithms Testing for primality Key management in public-key cryptosystem Diffie-Hellman Key exchange

26 Key management (Ch 10.1) Two issues for public-key cryptosystem Distribution of public keys The use of public-key encryption to distribute secret keys (keys for symm. cipher) Distribution of public keys Public announcement Public available directory Public-key authority Public-key certificates

27 1. Public announcement Drawback: the opponent can pretend to be another user Ex. post public keys to public forums, such as USENET newsgroup and Internet mailing list

28 2. Public available directory Some trusted entity maintains a publicly available dynamic directory of public keys Register the public key Register the public key {A, KU a } {B, KU b } … Attack: an opponent invades the public-key directory, and counterfeit public keys

29 3. Public-key authority Central authority: 1. Maintain directory of public keys 2. Each participant knows the public key for the authority A can confirm the message from the authority N 1 : 認證 B 的身份 N 2 : 認證 A 的身份

30 4. Public-key certificates 憑證 Certificate: contain public key and other information, generate from the certificate authority Application must be in person or by secure channel 1. Anyone can read, verify 2. Only CA can create Time: verify currency of certificate

31 Simple secret key distribution Public-key scheme has slow data rate  use public key to distribute secret key  use secret key scheme for data encryption session key (secret key) E KU e || ID A intercept KU e [ K s ] E KU a [ K s ] KsKs

32 Secret key distribution with confidentiality and authentication Against active and passive attacks Authenticate B Authenticate A Confidentiality (only B can read) authentication (only A can create it)

33 A hybrid and hierarchical scheme KDC A B C Use public-key scheme to distribute master key MK A MK B Use master keys with KDC to distribute session key KsKs KsKs Advantage: 1.Use master key to distribute session keys, instead of using public-key scheme => faster ! 2.Backward compatible to old KDC scheme (master + session key)

34 Outline Review of RSA Discrete logarithms Testing for primality Key management in public-key cryptosystem Diffie-Hellman Key exchange

35 Diffie-Hellman key exchange Purpose: enable two users to exchange a key securely that can then be used for subsequent encryption of message Diffie-Hellman algorithm: take advantage of the hard problem – discrete logarithm AB Setup up a secret key K The issue of distribution of secret keys

36 Protocol of D-H key exchange Public: q,   q is a prime;  q, is a primitive root of q) Discrete log ?

37 Verify D-H algorithm Both users get the same secret key K User A gets: Eq: User B gets: the same

38 Other issues about D-H Brute-force attack: Ex. 3 a mod 353 = 40 Try all 3 x mod 353, 0<x<353, until it equal 40 Use D-H algorithm as public-key system KDC {User, Public Key} {A, Y A  X  } A {B, Y B  X  } B AB YBYB E [Message] K

Download ppt "Outline Review of RSA Discrete logarithms Testing for primality Key management in public-key cryptosystem Diffie-Hellman Key exchange."

Similar presentations

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)
7. Asymmetric encryption-

7. Asymmetric encryption-
Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.

Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Chap. 8,9: Introduction to number theory and RSA algorithm

Chap. 8,9: Introduction to number theory and RSA algorithm
Cryptography and Network Security Chapter 9. Chapter 9 – Public Key Cryptography and RSA Every Egyptian received two names, which were known respectively.

Cryptography and Network Security Chapter 9. Chapter 9 – Public Key Cryptography and RSA Every Egyptian received two names, which were known respectively.
Public Key Cryptography and the RSA Algorithm

Public Key Cryptography and the RSA Algorithm
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings.
Cryptography & Number Theory

Cryptography & Number Theory
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.

Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
Chapter3 Public-Key Cryptography and Message Authentication.

Chapter3 Public-Key Cryptography and Message Authentication.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.

Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Cryptography and Network Security Chapter 9 5th Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 9 5th Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.
The RSA Algorithm JooSeok Song 2007. 11. 13. Tue.

The RSA Algorithm JooSeok Song Tue.
ASYMMETRIC CIPHERS.

ASYMMETRIC CIPHERS.

Similar presentations

Ads by Google