1 / 17

Lecture #10 Public Key Algorithms

Lecture #10 Public Key Algorithms. HAIT Summer 2005 Shimrit Tzur-David. Motivation. Distributing the keys has always been the weakest link in most cryptosystems. No matter how strong a cryptosystem is, if an intruder can steal the key, the system was worthless.

kera
Télécharger la présentation

Lecture #10 Public Key Algorithms

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David

  2. Motivation • Distributing the keys has always been the weakest link in most cryptosystems. • No matter how strong a cryptosystem is, if an intruder can steal the key, the system was worthless. • The key had to be distributed to all users of the system. Thus, it seemed as if there was an inherent built-in problem. • Keys had to be protected from theft, but they also had to be distributed, so they could not just be locked up in a bank vault.

  3. Public Key • Will we gain something if encryption and decryption keys will be different? • Actually, a lot! • There are three requirements: • D(E(P)) = P. • It is exceedingly difficult to deduce D from E. • E cannot be broken by a chosen plaintext attack.

  4. Public Key – Cont. • The first requirement says that if we apply D to an encrypted message, E(P), we get the original plaintext message, P, back. • The second requirement says the knowing E can not help to decrypt the encrypted message. • The third requirement is needed because intruders may experiment with the algorithm. • Under these conditions, the encryption key can be made public.

  5. The Method • If Alice wants to receive secret messages, she first devises two algorithms meeting the above requirements. • The encryption algorithm and Alice's key are then made public. Alice might put her public key on her home page. • EA - the encryption algorithm parameterized by Alice's public key. • DA - the (secret) decryption algorithm parameterized by Alice's private key. • Bob does the same thing, publicizing EB but keeping DB secret.

  6. The Secure Channel • Alice and Bob have never had any previous contact. • Both Alice's encryption key, EA, and Bob's encryption key, EB, are public. • Alice takes her first message, P, computes EB(P), and sends it to Bob. • Bob then decrypts it by applying his secret key DB [computes DB(EB(P)) = P]. • No one else can read the encrypted message, EB(P), because the encryption system is assumed strong and because it is too difficult to derive DB from the publicly known EB. • To send a reply, R, Bob transmits EA(R). • Alice and Bob can now communicate securely.

  7. Modular Arithmetic • Most public-key algorithms are based on modular arithmetic. • non-negative integers <= n • normal operations such as + and - • result is the reminder of the division by n • notation: x mod n

  8. Examples • let’s consider some arithmetic mod 10 • 5 + 5 = 0 mod 10 • 2 + 9 = 1 mod 10 • 6 + 7 = 3 mod 10 • -3 = 7 mod 10 because 3 + 7 = 0 mod 10 • 3 * 5 = 5 mod 10 • 4 * 5 = 0 mod 10 • 7 * 3 = 1 mod 10 • the multiplicative inverse of x, x-1 mod 10 is such that x * x-1 = 1 mod 10.

  9. The Totient Function • It is useful to know how many numbers less than n are relatively prime to n. • That count is so important in number theory that it has been given a special notation. It’s called the totient function and it is denoted by (n). • How do we compute the (n)? • (n) < n, because we said we are counting the numbers less than n. • If n is prime, then (n) = n - 1.

  10. The Totient Function – Cont. • If n is the product of two primes n = pq, there are some numbers, less than n, that are not relatively prime to n. • Those are the multiples of p or q less than n = pq, plus 0 (which of course is not relatively prime to anything). • In practice, the non relatively primes are p, 2p, 3p, . . . (q-1)p and q, 2q, 3q, . . . (p-1)q and 0. • (n) = (pq) = pq – (q-1)-(p-1)-1=(p-1)(q-1)

  11. Notation • Public-key cryptography requires each user to have two keys: • a public key, used by the entire world for encrypting messages to be sent to that user • a private key, which the user needs for decrypting messages. • We will refer to these keys as the public and private keys, respectively.

  12. RSA • One good method was discovered by a group at M.I.T. (Rivest et al., 1978). It is known by the initials of the three discoverers (Rivest, Shamir, Adleman): RSA. • It has survived all attempts to break it for more than a quarter of a century and is considered very strong. • Much practical security is based on it. • Its major disadvantage is that it requires keys of at least 1024 bits for good security, which makes it quite slow.

  13. Key Generation • Bob generates his keys as follows • Choose two large distinct random primes p, q • Set n = pq • Compute (n) = (pq) = (p-1)(q-1) • Choose some e 2 Z(n)* • Compute d = e-1 in Z(n)* • Set public key = (e,n) and private key = (d,n)

  14. RSA Encryption • For any message M 2 Zn* • Alice has the public key = (e,n) • Alice computes C = Me mod n • That’s it • To decrypt • Bob has the secret key = (d,n) • He computes Cd mod n = M

  15. RSA Proof • Need to show that for any M 2 Zn*, Med = M mod n • ed = 1 mod (n) [by def of d] • So ed = k(n) + 1 [by def of modulus] • So working in Zn*, Med = Mk(n) + 1 = Mk(n) M1 = (M(n))k M = 1k M = M • LaGrange’s Theorem: M(n) = 1 • This doesn’t say anything about the security of RSA, just that we can decrypt

  16. Security of RSA • The security of the method is based on the difficulty of factoring large numbers. • If the cryptanalyst could factor the (publicly known) n, he could then find p and q, and from these (n). • By knowing (n) and e, d can be found. • Fortunately, mathematicians have been trying to factor large numbers for at least 300 years, and the accumulated evidence suggests that it is an exceedingly difficult problem.

  17. Example P = SUSSANE p=3, q=11, n=33, (n) = 20 d=7, to find e, we need to solve the equation 7e = 1 (mod 20)  e=3 C = P3 (mod 33) P = C7 (mod 33)

More Related