![Page 1: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/1.jpg)
8. Cryptography part 2 1
Public Key Model
![Page 2: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/2.jpg)
8. Cryptography part 2 2
Public Key Encryption
![Page 3: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/3.jpg)
8. Cryptography part 2 3
Public Key Signature
![Page 4: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/4.jpg)
8. Cryptography part 2 4
Public-Key Cryptanalysis
Brute-force attack (Try all possible keys)Derive private key from public key
– Try to find the relationship between the public key and the private key and compute the private key from the public one.
Probable-message attack– The public key is known.– Encrypt all possible messages– Try to find a match between the ciphertext and one of the
encrypted messages.– Example: Prof. sends encrypted of letter grades to his students
based on their public key.
![Page 5: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/5.jpg)
8. Cryptography part 2 5
History of Public-Key
1976 – Diffie & Hellman suggested public-key model for encryption and signatures
1976 – Diffie & Hellman developed public-key protocol for key-exchange based on Discrete Log Problem
1977- Rivest, Shamir, Adelman developed RSA public-key scheme for encryption and signatures based on the Number Factoring Problem
1980’s - El-Gamal developed public-key protocols for
encryption and signatures based on Discrete Log Prob
![Page 6: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/6.jpg)
8. Cryptography part 2 6
Revolution in Cryptography
Diffie & Hellman sought to solve 2 problems
– Find a secure way to distribute keys
– Provide digital signature for document
Public key cryptography is based on rigorous mathematical theory, rather than substitutions and permutations.
• It is asymmetric – requires two different keys: private & public
![Page 7: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/7.jpg)
8. Cryptography part 2 7
Diffie-Hellman Key Exchange (I)
See: W. Diffie and ME Hellman, "New Directions in Cryptography", in IEEE Transactions on Information Theory, IT-22 no 6 (November 1976) p. 644-654– The first public key algorithm
– Allows two users to agree on a secret key over a public channel
– No encryption, decryption, nor authentication
– p is a large prime number (about 512 bits), g < p and g is a primitive root of p.
– p and g are publicly known
![Page 8: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/8.jpg)
8. Cryptography part 2 8
Diffie-Hellman Key Exchange (II)
![Page 9: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/9.jpg)
8. Cryptography part 2 9
Diffie-Hellman Key Exchange (III)
![Page 10: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/10.jpg)
8. Cryptography part 2 10
Diffie-Hellman Example
Alice and Bob want to establish a shared secret key and have agree on n=353 (prime) and g=3They select the random secret values:
– Alice chooses Xa=97, Bob chooses Xb=233
They derive the public keys:– Ta= gXa mod n = 397 mod 353 = 40 (Alice’s)– Tb= gXb mod n = 3233 mod 353 = 248 (Bob’s)
They derive the shared secret keyK = Tb
Xa mod n = 24897 mod 353 = 160 (Alice’s)
K = TaXb mod n = 40233 mod 353 = 160 (Bob’s)
![Page 11: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/11.jpg)
8. Cryptography part 2 11
Diffie-Hellman Man-in-the-middle
![Page 12: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/12.jpg)
8. Cryptography part 2 12
Diffie-Hellman Scheme
Security factors
– Discrete logarithm very difficult.
– Shared key (the secret) itself never transmitted.
Disadvantages:
– Expensive exponential operation
– Cannot be used to encrypt anything.
– No authentication, so you cannot sign anything
![Page 13: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/13.jpg)
8. Cryptography part 2 13
RSA (Rivest, Shamir, Adleman)
See: R. Rivest, A. Shamir, and L. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems", CACM 21, pp. 120--126, Feb. 1978The first public key encryption and signature systemSupports both public key encryption and digital signature.
• Theoretical basis:Factorization of large numbers is hard.Variable key length (usually 1024 bits).Variable plaintext block size.Plaintext must be “smaller” than the key.Ciphertext block size is the same length as the key.
![Page 14: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/14.jpg)
8. Cryptography part 2 14
The RSA Algorithm
To generate a key pair:– Pick large primes p and q (do not disclose
them)– Let n = p*q – For the public key, choose e that is relatively
prime to ø(n)=(p-1)(q-1).public key = <e,n>– For private key, find d that is the multiplicative
inverse of e mod ø(n), i.e., e*d
![Page 15: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/15.jpg)
8. Cryptography part 2 15
Using RSA
Given pubKey = <e, n> and privKey = <d, n>
If Message = m
Then:
encryption: c = me mod n, m < n
decryption: m = cd mod n
signature: s = md mod n, m < n
verification: m = se mod n
![Page 16: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/16.jpg)
8. Cryptography part 2 16
Example of RSA (1)
Choose p = 7 and q = 17.Compute n = p*q= 119.Compute (n)=(p-1)(q-1)=96.Select e = 5, (a relatively prime to (n).)Compute d = _77_such that e*d=1 mod (n).• Public key: <5,119>• Private key: <77,119>• Message = 19• Encryption: 195 mod 119 = 66• Decryption: 6677 mod 119 = 19
![Page 17: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/17.jpg)
8. Cryptography part 2 17
Example of RSA (2)
p = 7, q = 11, n = 77Alice chooses e = 17, making d = 53Bob wants to send Alice secret message HELLO (07 04 11 11 14)– 0717 mod 77 = 28; 0417 mod 77 = 16– 1117 mod 77 = 44; – 1117 mod 77 = 44– 1417 mod 77 = 42• Bob sends 28 16 44 44 42
![Page 18: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/18.jpg)
8. Cryptography part 2 18
Example of RSA (3)
Alice receives 28 16 44 44 42
Alice uses private key, d = 53, to decrypt message:
– 2853 mod 77 = 07; 1653 mod 77 = 04
– 4453 mod 77 = 11; 4453 mod 77 = 11
– 4253 mod 77 = 14
• Alice translates 07 04 11 11 14 to HELLO
No one else could read it, as only Alice knows her
private key (needed for decryption)
![Page 19: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/19.jpg)
8. Cryptography part 2 19
Digital Signatures in RSA
RSA has an important property: Encryption and decryption are symmetric
Encryption followed by decryption yields the original
– (Me mod n)d mod n = M
Decryption followed by encryption yields the original
– (Md mod n)e mod n = M
– Because e and d are symmetric in
e*d = 1 mod (p-1)*(q-1)
![Page 20: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/20.jpg)
8. Cryptography part 2 20
Signature example in RSA
p = 7, q = 11, n = 77
Alice chooses e = 17, making d = 53
Alice wants to send message HELLO (07 04 11 11 14) so that Bob knows it is from Alice, and has not been modified in transit
– 0753 mod 77 = 35, 0453 mod 77 = 09
– 1153 mod 77 = 44, 1153 mod 77 = 44
– 1453 mod 77 = 49
• Alice sends 35 09 44 44 49
![Page 21: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/21.jpg)
8. Cryptography part 2 21
Verify sender
Bob receives 35 09 44 44 49He uses Alice’s public key, e = 17, n = 77, to decrypt it:– 3517 mod 77 = 07, 0917 mod 77 = 04– 4417 mod 77 = 11,4417 mod 77 = 11– 4917 mod 77 = 14• Bob has 07 04 11 11 14 HELLO
Only Alice has her private key, so no one else could have created a correct signature
The (deciphered) signature matches the transmitted plaintext, so the plaintext was not altered
![Page 22: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/22.jpg)
8. Cryptography part 2 22
The Security of RSA
• Attacks against RSA
– Brute force: Try all possible private keys
• Can be defeated by using a large key space
– Mathematical attacks
• Factor n into n=p*q.
• Determine.
Determine ø (n) directly: equivalent to factoring n.
Determine d directly: at least as difficult as factoring n.
![Page 23: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/23.jpg)
8. Cryptography part 2 23
The Security of RSA (Cont’d)
Factoring a large integer is very hard!If you can factor the number n then, given public key
<e,n>, you can find d, and hence the private key by:– Knowing factors p, q, such that, n = p*q– Then ø(n) =(p-1)(q-1)– Then d such that e*d = 1 mod ø(n)• Ways to make n difficult to factor– p and q should differ in length by only a few digits– Both (p-1) and (q-1) should contain a large prime factor– gcd(p-1, q-1) should be small.
– d > n1/4.
![Page 24: 8. Cryptography part 21 Public Key Model. 8. Cryptography part 22 Public Key Encryption](https://reader035.vdocument.in/reader035/viewer/2022062516/56649dba5503460f94aaad6f/html5/thumbnails/24.jpg)
8. Cryptography part 2 24
RSA versusversus DES
• Fastest implementations of RSA can encrypt
kilobits/second
• Fastest implementations of DES can encrypt
megabits/second
• RSA could be used for secure exchange of DES keys
• This 1000-fold difference in speed is likely to remain
independent of technology advances