230 likes | 393 Vues
Introduction to Public Key Encryption. CSIS 5857: Encoding and Encryption. Public Key Encryption. +. Recipient (Alice) generates key pair : Public key k PU Does not have to be kept secret Distributed to all senders (such as Bob) Private key k PR Kept secret by Alice.
E N D
Introduction to Public Key Encryption CSIS 5857: Encoding and Encryption
Public Key Encryption + • Recipient (Alice) generates key pair: • Public keykPU • Does not have to be kept secret • Distributed to all senders (such as Bob) • Private keykPR • Kept secret by Alice Key pair generator Copy of Alice’s public key
Public Key Encryption • Bob uses Alice’s public keykPUto encrypt message • C= E(kPU,P) • Alice uses her private keykPRto decrypt message • P= D(kPR, C) C E D P P Alice’s kPU Alice’s kPR List of others’ public keys
Public Key Encryption • Central idea: Adversary cannot determine private key from corresponding public key • Could theoretically find private key, but computationally infeasible to do so • Cannot read intercepted messages encrypted with public key “I still can’t compute
Public and Symmetric Keys Problem: How to securely distribute a symmetric keyKS? Solution: • Use public key encryption to securely send it • Use faster symmetric key algorithm (like AES) to securely transmit the rest of the message Epublic (kS, kPU) ks ks E D D E P P Esymmetric (P, kS)
Public Key Math • Public key algorithms are mathematical functions of integer numbers • Keys are large numbers • Plaintext translated to large numbers (not bits) • Encryption is a mathematical function of plaintext and key which creates another large number as ciphertext Alice’s KPR Alice’s KPU
Trapdoor One-Way Functions One-way functions: • Function: y= f (x) • Inverse function: x= f -1 (y) • Given x, y= f (x) very easy to compute • Given y, x= f -1 (y) computationally infeasible to compute Example: Factoring • p and q are very large prime numbers • n = p x q is easy to compute • Factoringninto p and q infeasible • Must try almost all possible p and q
Trapdoor One-Way Functions Trapdoor functions: • Given one-way function: y= f (x) • There exists some “secret trapdoor” that allows x= f -1 (y) to be easily computed Example (very simple): • n = p x q product of two large primes • Factoring ninto p and q to find p infeasible • Finding p is easy if know q • q is a “trapdoor” for finding p from n
Trapdoor One-Way Functions Idea behind public-key encryption: • Encryption function C =E (KPU,P) must be one way • Must not be able to compute P from C • Must have trapdoor to allow decryption • Must be able to easily compute P from C if know trapdoor • Trapdoor = private key
Trapdoor One-Way Functions • Factoring/Discrete Logarithms • RSA, Rabin, ElGamal • Easy to implement, well understood • Elliptic Curve • Relatively new, thought to be much faster than factoring/discrete logarithms • NP-Complete problems • Exponential time to solve problem • Easy to confirm solution if given
Knapsack Problem • NP-Complete problem • Merkle and Hellman (1978) • First proposed approach to public key encryption • Description: • “Knapsack” of size s • k “packages” of different sizes • Which set of packages combine to exactly “fill” the knapsack?
Knapsack Problem Mathematical Description: • Package i has size ai • Package i is in the knapsack if xi = 1not in the knapsack if xi = 0 • Total size of packages in knapsack =x1a1+ x2a2+ …+ xkak Example: • a = [9, 12, 2, 7, 5] • Knapsack size s = 11 • Configuration x that exactly fills the knapsack: x = [1, 0, 1, 0, 0] • Sum = 19 + 012 + 12 + 07 + 05 = 11
Knapsack Problem • One-way function: • Given configuration x, easy to compute sum of packages in knapsack • Given knapsack size s, difficult to compute configuration x of packages that fill knapsack exactly • 2k possible configurations of packages • Have to try all of them to find a fit in knapsack
Knapsack Trapdoor • Superincreasing package sizes • Next package size greater than sum of all previous packages • ai > a1+ a2+ … + ai -1 • Simple algorithm to solve knapsack problem:for (i = k down to 1) { if (s >= ai) { xi = 1 s = s – ai } else xi = 0 }
Knapsack Trapdoor Example: • a = [2, 3, 6, 12, 25, 50, 100, 200] • s = 139 • Steps: • 139 < 200 x8= 0 • 139 > 100 x7 = 1 s = 39 • 39 < 50 x6= 0 • 39 > 25 x5 = 1 s = 14 • 14 > 12 x4 = 1 s = 2 • 2 < 6 x3= 0 • 2 < 3 x2= 0 • 2 = 2 x1 = 1 s = 0
Knapsack Encryption Key Generation: • Create superincreasing set b = [b1, b2, …bk] • Example: b = [2, 3, 6, 12] • Will be part of private key since can solve problem • Problem: how to hide this private key information? • Mix it up with permutation • Use a mod to make it impossible to reorder by size
Knapsack Encryption Key Generation: • Choose a modulusn such that n > b1 + b2 + … + bk • Larger than any possible knapsack size • Example: n = 25 • Choose some multiplierr < nrelatively prime to n • No common divisors • All b r mod n will be different • Example: r = 7 • Compute t such that ti= bi r mod n • Example: b = [ 2, 3, 6, 12] t = [14, 21, 17, 9] • Note that no longer in increasing order!
Knapsack Encryption Key Generation: • Create permutation of t and use it to create a • Example: [3, 2, 4, 1]t = [14, 21, 17, 9] a = [17, 21, 9, 14] • Cannot find t from a! • Adversary cannot recover initial value of b without knowing n and rand the permutation • Public key: a • Private key: b, n, r, and the permutation
Encryption Bob encrypts value 1101using Alice’s public key • Public key = [17, 21, 9, 14] • Value 1001 used as configurationx = [1, 1, 0, 1] • Multiplied/added using public key to get knapsack size171 + 211 + 90 + 141 =52 • Ciphertext: 52 52 Encryption 1101
Decryption • Alice receives ciphertext s = 52 • Compute r -1 mod n • Used to invert the multiplication by r • Example: r = 7, n = 257-1 mod 25 = 18 (718 = 126 = 1 mod 25) • Compute s′ = r -1 s mod n • s′ = 18 52 = 936 mod 25 = 11
Decryption • Invert knapsack process to find values of b that sum to s′ • b = [2, 3, 6, 12] • 1 = 1 2 + 1 3 + 1 6 + 0 12 1110 • Apply the permutation to get the plaintext back • Permutation: [3, 2, 4, 1] • 1 1 1 0 1 1 0 1