CNS - Unit - 4 - Public Key Cryptosystem
1 like1,375 views
The document discusses public key cryptosystems, which utilize asymmetric encryption to enhance security through the use of two keys: a public key for encryption and a private key for decryption. It covers key algorithms such as RSA and the Diffie-Hellman key exchange method, their computational aspects, and associated vulnerabilities like man-in-the-middle attacks. Additionally, it outlines the foundational principles of public key infrastructures, the essential components of public-key encryption schemes, and their various applications.
![RSA algorithm steps
• Encryption equation for RAS [ C = P.T. ^e % n ]
• Decryption equation for RAS [ P.T. = C ^d % n ]
1. Select TWO prime number (p) and (q).
2. Compute n = p * q.
3. Compute φ(n) = (p - 1) * (q - 1).
4. Choose e such that 1 < e < φ(n) and e and n are coprime.
5. Compute a value for d such that (d * e) % φ(n) = 1.
6. Public key is (e, n).
7. Private key is (d, n).](https://image.slidesharecdn.com/unit-4-220122080121/85/CNS-Unit-4-Public-Key-Cryptosystem-19-320.jpg)
![RSA Algorithm Example
• Choose p = 3 and q = 11
• Compute n = p * q = 3 * 11 = 33
• Compute φ(n) = (p - 1) * (q - 1) = 2 * 10 = 20
• Choose e such that 1 < e < φ(n) and e and n are coprime. Let e = 7
• Compute a value for d such that (d * e) % φ(n) = 1. One solution is d =
3 [(3 * 7) % 20 = 1]
• Public key is (e, n) => (7, 33)
• Private key is (d, n) => (3, 33)
• The encryption of m = 2 is c = 27 % 33 = 29
• The decryption of c = 29 is m = 293 % 33 = 2](https://image.slidesharecdn.com/unit-4-220122080121/85/CNS-Unit-4-Public-Key-Cryptosystem-20-320.jpg)
CNS - Unit - 4 - Public Key Cryptosystem
- 1. UNIT - 4 Public Key Cryptosystem 1 Cryptography and Network Security
- 2. Outline…. • Public Key Cryptosystems with Applications • Requirements and Cryptanalysis • RSA Algorithm • RSA Algorithms Computational aspects and Security • Diffie-Hillman Key Exchange Algorithm • Man-in-Middle Attack
- 3. Public Key Cryptosystems • Asymmetric encryption is a form of cryptosystem in which encryption and decryption are performed using the different keys—one a public key and one a private key. It is also known as public-key encryption. • Asymmetric encryption can be used for confidentiality, authentication, or both. • Public-key algorithms are based on mathematical functions rather than on substitution and permutation. • Public-key encryption is more secure from cryptanalysis than is symmetric encryption.
- 4. Terminology Related to Asymmetric Encryption • Asymmetric Keys ➢Two related keys, a public key and a private key, that are used to perform complementary operations, such as encryption and decryption or signature generation and signature verification. • Public Key Certificate ➢A digital document issued and digitally signed by the private key of a Certification Authority that binds the name of a subscriber to a public key. The certificate indicates that the subscriber identified in the certificate has sole control and access to the corresponding private key.
- 5. Terminology Related to Asymmetric Encryption • Public Key (Asymmetric) Cryptographic Algorithm ➢A cryptographic algorithm that uses two related keys, a public key and a private key. The two keys have the property that deriving the private key from the public key is computationally infeasible. • Public Key Infrastructure (PKI) ➢A set of policies, processes, server platforms, software and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, and revoke public key certificates.
- 6. Public-Key Cryptosystems • Asymmetric algorithms rely on one key for encryption and a different but related key for decryption. These algorithms have the following important characteristic. ❖ It is computationally infeasible to determine the decryption key given only knowledge of the cryptographic algorithm and the encryption key. ❖Either of the two related keys can be used for encryption, with the other used for decryption.
- 7. Encryption with Public Key
- 8. Encryption with Private Key
- 9. Public-Key Encryption scheme has six ingredients • Plaintext: This is the readable message or data that is fed into the algorithm as input. • Encryption algorithm: The encryption algorithm performs various transformations on the plaintext. • Public and private keys: This is a pair of keys that have been selected so that if one is used for encryption, the other is used for decryption. The exact transformations performed by the algorithm depend on the public or private key that is provided as input. • Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the key. For a given message, two different keys will produce two different ciphertext. • Decryption algorithm: This algorithm accepts the ciphertext and the matching key and produces the original plaintext.
- 10. Essential steps for Public-Key Cryptography 1. Each user generates a pair of keys to be used for the encryption and decryption of messages. 2. Each user places one of the two keys in a public register or other accessible file. This is the public key. The companion key is kept private. As Figure suggests, each user maintains a collection of public keys obtained from others. 3. If Bob wishes to send a confidential message to Alice, Bob encrypts the message using Alice’s public key. 4. When Alice receives the message, she decrypts it using her private key. No other recipient can decrypt the message because only Alice knows Alice’s private key.
- 13. Public-Key Cryptosystem: Authentication and Secrecy
- 14. Applications for Public-Key Cryptosystems • Public-key systems are characterized by the use of a cryptographic algorithm with two keys, one held private and one available publicly. • Depending on the application, the sender uses either the sender’s private key or the receiver’s public key, or both, to perform some type of cryptographic function. In broad terms, we can classify the use of public- key cryptosystems into three categories. • Encryption /decryption: The sender encrypts a message with the recipient’s public key. • Digital signature: The sender “signs” a message with its private key. Signing is achieved by a cryptographic algorithm applied to the message or to a small block of data that is a function of the message. • Key exchange: Two sides cooperate to exchange a session key. Several different approaches are possible, involving the private key(s) of one or both parties.
- 15. Applications for Public-Key Cryptosystems Algorithm Encryption/Decryption Digital Signature Key Exchange RSA Yes Yes Yes Elliptic Curve Yes Yes Yes Diffie-Hellman No No Yes Digital Signature Standard No Yes No
- 16. Requirements for Public-Key Cryptosystems • The distinguishing technique used in public-key cryptography is the use of asymmetric key algorithms, where a key used by one party to perform encryption is not the same as the key used by another in decryption. Each user has a pair of cryptographic keys – a public encryption key and a private decryption key.
- 17. Cryptanalysis for Public-Key Cryptosystems • The key size must be larger enough to make brute-force attack impractical but small enough for practical encryption and decryption.
- 18. RSA algorithm • One of the first successful responses to the challenge was developed in 1977 by Ron Rivest, Adi Shamir, and Len Adleman at MIT and first published in 1978. The Rivest-Shamir-Adleman (RSA) scheme has since that time reigned supreme as the most widely accepted and implemented general-purpose approach to public-key encryption. • The RSA scheme is a block cipher.
- 19. RSA algorithm steps • Encryption equation for RAS [ C = P.T. ^e % n ] • Decryption equation for RAS [ P.T. = C ^d % n ] 1. Select TWO prime number (p) and (q). 2. Compute n = p * q. 3. Compute φ(n) = (p - 1) * (q - 1). 4. Choose e such that 1 < e < φ(n) and e and n are coprime. 5. Compute a value for d such that (d * e) % φ(n) = 1. 6. Public key is (e, n). 7. Private key is (d, n).
- 20. RSA Algorithm Example • Choose p = 3 and q = 11 • Compute n = p * q = 3 * 11 = 33 • Compute φ(n) = (p - 1) * (q - 1) = 2 * 10 = 20 • Choose e such that 1 < e < φ(n) and e and n are coprime. Let e = 7 • Compute a value for d such that (d * e) % φ(n) = 1. One solution is d = 3 [(3 * 7) % 20 = 1] • Public key is (e, n) => (7, 33) • Private key is (d, n) => (3, 33) • The encryption of m = 2 is c = 27 % 33 = 29 • The decryption of c = 29 is m = 293 % 33 = 2
- 21. Diffie-Hellman algorithm • Introduction Whitefield Diffie and Martin Hellman devised an amazing solution to the problem of key agreement or key exchange in 1976. This solution is called as the Diffie-Hellman key Exchange/Agreement Algorithm. • The beauty of this the two parties, who want to communicate securely, can agree on a symmetric key using this technique. • This key can then be used for encryption/decryption. • Diffie-Hellman key exchange algorithm can be used only for key agreement not for encryption/decryption.
- 22. Diffie-Hellman algorithm steps 1. Alice and Bob agree on two large prime numbers, n and g. These two integers number not be kept secret. They can use insecure channel to agree on them. 2. Alice chooses another large random number x, and calculates A such that: A = g^x mod n 3. Alice sends the number A to Bob. 4. Bob independently chooses another large random integer and calculate B such that: B=g^y mod n 5. Bob sends the number B to Alice. 6. A now computes the secret key K1 as follows: K1 = B^x mod n 7. B now computes the secret key K2 as follows: K2 = A^y mod n
- 23. Diffie-Hellman Key Exchange Algorithm Example 1. Let n=11 , g=7. 2. Let x=3. Then we have, A=7^3 mod 11 = 343 mod 11 = 2. 3. Alice send 2 to Bob. 4. Let y=6. Then we have, B=7^6 mod 11 = 117649 mod 11 = 4. 5. Bob send 4 to Alice. 6. We have, K1 = 4^3 mod 11 = 64 mod 11 = 9. 7. We have, K2 = 2^6 mod 11 = 64 mod 11 = 9.
- 24. Problem with Diffie-Hellman algorithm • Can we now consider that the Diffie-Hellman key exchange algorithm solve all our problems associated with key exchange? Unfortunately, not quite! • Diffie-Hellman key exchange algorithm can fall pray to the man-in- the-middle attack also called as bucket brigade attack.
- 25. Diffie-Hellman Key Exchange Algorithm Example 1. Let n=11 , g=7. 2. Let x=3. Then we have, A=7^3 mod 11 = 343 mod 11 = 2. 3. Alice send 2 to Bob. 4. Let y=6. Then we have, B=7^6 mod 11 = 117649 mod 11 = 4. 5. Bob send 4 to Alice. 6. We have, K1 = 4^3 mod 11 = 64 mod 11 = 9. 7. We have, K2 = 2^6 mod 11 = 64 mod 11 = 9.
- 26. Man-in-the-middle attack 1. Alice want to communicate with Bob securely and therefore, she first want to do a Diffie-Hellman key exchange with him. For this purpose, she send the values of n and g to Bob, as usual. Len n=11 and g=7. 2. Alice does not realize that the attacker Tom is listening quietly to the conversation between hear and Bob. Tom simply picks up the values of n and g and also forward them to Bob as they originally were. Alice Tom Bob n=11,g=7 n=11,g=7 n=11,g=7
- 27. Man-in-the-middle attack 3. Now, let us assume that Alice, Tom and Bob select random number x and y. 4. Now based on these values, all the three persons calculated the values of A and B Alice Tom Bob x=3 x=8,y=6 y=9 Alice Tom Bob A = g^x mod n = 7^3 mod 11 = 343 mod 11 = 2 A = g^x mod n = 7^8 mod 11 = 5764801 mod 11 = 9 B = g^y mod n = 7^6 mod 11 = 117649 mod 11 = 4 B = g^y mod n = 7^9 mod 11 = 40353607 mod 11 = 8
- 28. Man-in-the-middle attack 5. (a) Alice sends her A(2) to Bob. Tom intercepts it and instead, send his A(9) to Bob. (b) In return , Bob send his B(8) to Alice. As before, Tom intercepts it and, sends his B(4) to Alice. Alice think that this B came to from Bob. (c) Therefore at this time, Alice , Tom and Bob have the values of A and B. Alice Tom Bob A=2,B=4 A=2,B=8 A=9,B=8
- 29. Man-in-the-middle attack 6. Base on these values, all the three persons now calculate their keys. We will notice that Alice calculated only K1. Bob calculated K2, whereas Tom calculated both K1 and K2. Alice Tom Bob K1 = B^x mod n = 4^3 mod 11 = 64 mod 11 = 9 K1 = B^x mod n = 8^8 mod 11 = 16777216 mod 11 = 5 K2 = A^y mod n = 2^6 mod 11 = 64 mod 11 = 9 K2 = A^y mod n = 9^9 mod 11 = 387420489 mod 11 = 5