css322y13s2l07 public key cryptography
TRANSCRIPT
-
8/10/2019 Css322y13s2l07 Public Key Cryptography
1/29
CSS322
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
1/29
Public Key Cryptography
CSS322: Security and Cryptography
Sirindhorn International Institute of TechnologyThammasat University
Prepared by Steven Gordon on 28 October 2013css322y13s2l07, Steve/Courses/2013/s2/css322/lectures/rsa.tex, r2963
http://find/ -
8/10/2019 Css322y13s2l07 Public Key Cryptography
2/29
-
8/10/2019 Css322y13s2l07 Public Key Cryptography
3/29
CSS322
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
3/29
Birth of Public-Key Cryptosystems
Beginning to 1960s: permutations and substitutions(Caesar, rotor machines, DES, . . . )
1960s: NSA secretly discovered public-keycryptography
1970: first known (secret) report on public-keycryptography by CESG, UK
1976: Diffie and Hellman public introduction topublic-key cryptography
Avoid reliance on third-parties for key distribution Allow digital signatures
http://find/ -
8/10/2019 Css322y13s2l07 Public Key Cryptography
4/29
CSS322
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
4/29
Principles of Public-Key Cryptosystems
Symmetric algorithms used same secret key forencryption and decryption
Asymmetric algorithms in public-key cryptography useone key for encryption and different but related key fordecryption
Characteristics of asymmetric algorithms:
Require: Computationally infeasible to determinedecryption key given only algorithm and encryption key Optional: Either of two related keys can be used for
encryption, with other used for decryption
http://find/ -
8/10/2019 Css322y13s2l07 Public Key Cryptography
5/29
CSS322
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
5/29
Public and Private Keys
Public-Private Key Pair
User A has pair of related keys, public and private:(PUA, PRA); similar for other users
Public Key
Public, Available to anyone
For secrecy: used in encryption
For authentication: used in decryption
Private Key
Secret, known only by owner
For secrecy: used in decryption
For authentication: used in decryption
http://find/http://goback/ -
8/10/2019 Css322y13s2l07 Public Key Cryptography
6/29
CSS322
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
6/29
Confidentiality with Public Key Crypto
Encrypt using receivers public key
Decrypt using receivers private key
Only the person with private key can successful decrypt
http://find/ -
8/10/2019 Css322y13s2l07 Public Key Cryptography
7/29
CSS322
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
7/29
Authentication with Public Key Crypto
Encrypt using senders private key
Decrypt using senders public key
Only the person with private key could have encrypted
http://goforward/http://find/http://goback/ -
8/10/2019 Css322y13s2l07 Public Key Cryptography
8/29
CSS322
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
8/29
Conventional vs Public-Key Encryption
Credit: Table 9.2 in Stallings, Cryptography and Network Security, 5th Ed., Pearson 2011
http://find/ -
8/10/2019 Css322y13s2l07 Public Key Cryptography
9/29
CSS322
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
9/29
Applications of Public Key Cryptosystems
Secrecy, encryption/decryption of messages
Digital signature, sign message with private key
Key exchange, share secret session keys
Credit: Table 9.3 in Stallings, Cryptography and Network Security, 5th Ed., Pearson 2011
http://find/http://goback/ -
8/10/2019 Css322y13s2l07 Public Key Cryptography
10/29
CSS322
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
10/29
Requirements of Public-Key Cryptography
1. Computationally easy for Bto generate pair (PUb,PRb)
2. Computationally easy for A, knowing PUband message
M, to generate ciphertext:
C = E(PUb,M)
3. Computationally easy for B to decrypt ciphertext using
PRb:
M= D(PRb,C) = D[PRb,E(PUb,M)]
4. Computationally infeasible for attacker, knowing PUband C, to determine PRb
5. Computationally infeasible for attacker, knowing PUband C, to determine M
6. (Optional) Two keys can be applied in either order:
M= D[PUb,E(PRb,M)] = D[PRb,E(PUb,M)]
http://find/ -
8/10/2019 Css322y13s2l07 Public Key Cryptography
11/29
CSS322
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
11/29
Requirements of Public-Key Cryptography
6 requirements lead to need fortrap-door one-way function
Every function value has unique inverse
Calculation of function is easy
Calculation of inverse is infeasible, unless certaininformation is known
Y =
fk(X
) easy, if k
andY
are knownX =f1k (Y) easy, ifk and Y are known
X =f1k (Y) infeasible, ifY is known but k is not
What is easy? What is infeasible?
Computational complexity of algorithm gives anindication Easy if can be solved in polynomial time as function of
input
http://find/ -
8/10/2019 Css322y13s2l07 Public Key Cryptography
12/29
CSS322
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
12/29
Public-Key Cryptanalysis
Brute Force Attacks
Use large key to avoid brute force attacks Public key algorithms less efficient with larger keys
Public-key cryptography mainly used for keymanagement and signatures
Compute Private Key from Public Key
No known feasible methods using standard computing
Probable-Message Attack
Encrypt all possible M using PUbfor the C that
matches C, attacker knows M
Only feasible ofM is short
Solution for short messages: append random bits tomake it lon er
http://find/http://goback/ -
8/10/2019 Css322y13s2l07 Public Key Cryptography
13/29
CSS322
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
13/29
Contents
Principles of Public-Key Cryptosystems
The RSA Algorithm
Diffie-Hellman Key Exchange
Other Public-Key Cryptosystems
http://find/http://goback/ -
8/10/2019 Css322y13s2l07 Public Key Cryptography
14/29
-
8/10/2019 Css322y13s2l07 Public Key Cryptography
15/29
CSS322
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
15/29
The RSA Algorithm
Key Generation
1. Choose primes pand q, and calculate n=pq2. Select e: gcd((n), e) = 1, 1
-
8/10/2019 Css322y13s2l07 Public Key Cryptography
16/29
CSS322
-
8/10/2019 Css322y13s2l07 Public Key Cryptography
17/29
CSS322
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
17/29
Example of RSA Algorithm
CSS322S
http://find/ -
8/10/2019 Css322y13s2l07 Public Key Cryptography
18/29
CSS322
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
18/29
RSA Implementation Example
Encryption:C =Me mod n
Decryption:M=Cd mod n
Modulus, n of length bbits
Public exponent, e
Private exponent, d
Prime1, p, and Prime2, q
Exponent1, dp=d (mod p 1)
Exponent2, dq=d (mod q 1) Coefficient, qinv =q
1 (mod p)
Private values: {n, e, d, p, q, dp, dq, qinv}
Public values: {n, e}
http://find/ -
8/10/2019 Css322y13s2l07 Public Key Cryptography
19/29
CSS322S i f RSA
-
8/10/2019 Css322y13s2l07 Public Key Cryptography
20/29
CSS322
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
20/29
Security of RSA
Brute-Force attack: choose large d(but makesalgorithm slower)
Mathematical attacks:1. Factor n into its two prime factors2. Determine (n) directly, without determining porq3. Determine d directly, without determining (n)
Factoring n is considered fastest approach; hence usedas measure of RSA security
Timing attacks: practical, but countermeasures easy toadd (e.g. random delay). 2 to 10% performance penalty
Chosen ciphertext attack: countermeasure is to use
padding (Optimal Asymmetric Encryption Padding)
CSS322P i F t i ti
http://find/ -
8/10/2019 Css322y13s2l07 Public Key Cryptography
21/29
CSS322
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
21/29
Progress in Factorisation
Factoring is considered the easiest attack
Some records by length ofn: 1991: 330 bits (100 digits) 2003: 576 bits (174 digits) 2005: 640 bits (193 digits) 2009: 768 bit (232 digits), 1020 operations, 2000 years
on single core 2.2 GHz computer
Typical length ofn: 1024 bits, 2048 bits, 4096 bits
CSS322C t t
http://find/ -
8/10/2019 Css322y13s2l07 Public Key Cryptography
22/29
SS3
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
22/29
Contents
Principles of Public-Key Cryptosystems
The RSA Algorithm
Diffie-Hellman Key Exchange
Other Public-Key Cryptosystems
http://find/ -
8/10/2019 Css322y13s2l07 Public Key Cryptography
23/29
CSS322Diffie Hellman Key Exchange Algorithm
-
8/10/2019 Css322y13s2l07 Public Key Cryptography
24/29
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
24/29
Diffie-Hellman Key Exchange Algorithm
Credit: Figure 10.1 in Stallings, Cryptography and Network Security,5thEd.,Pearson2011
CSS322Diffie Hellman Key Exchange
http://find/ -
8/10/2019 Css322y13s2l07 Public Key Cryptography
25/29
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
25/29
Diffie-Hellman Key Exchange
Credit: Figure 10.2.2 in Stallings, Cryptography and Network Security, 5th Ed., Pearson 2011
CSS322Diffie Hellman Key Exchange Example
http://find/ -
8/10/2019 Css322y13s2l07 Public Key Cryptography
26/29
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
26/29
Diffie-Hellman Key Exchange Example
CSS322Security of Diffie Hellman Key Exchange
http://find/ -
8/10/2019 Css322y13s2l07 Public Key Cryptography
27/29
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
27/29
Security of Diffie-Hellman Key Exchange
Insecure against man-in-the-middle-attack
Countermeasure is to use digital signatures and
public-key certificates
CSS322Contents
http://find/http://goback/ -
8/10/2019 Css322y13s2l07 Public Key Cryptography
28/29
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
28/29
Contents
Principles of Public-Key Cryptosystems
The RSA Algorithm
Diffie-Hellman Key Exchange
Other Public-Key Cryptosystems
CSS322Other Public-Key Cryptosystems
http://find/ -
8/10/2019 Css322y13s2l07 Public Key Cryptography
29/29
Public Key Crypto
Principles
RSA
Diffie-Hellman
Others
29/29
Other Public Key Cryptosystems
ElGamal Crypto-system
Similar concepts to Diffie-Hellman Used in Digital Signature Standard and secure email
Elliptic Curve Cryptography
Uses elliptic curve arithmetic (instead of modulararithmetic in RSA)
Equivalent security to RSA with smaller keys (betterperformance)
Used for key exchange and digital signatures
http://find/