SlideShare a Scribd company logo

Public-Key Cryptography.pdfWrite the result of the following operation with the correct number of significant figure of 0.248?

F
FahmiOlayah

The document discusses public-key and private-key cryptography, highlighting the differences and advantages of public-key systems, such as enhanced security through key pairs and addressing key distribution issues. It details the RSA algorithm for public-key cryptography, including key generation, encryption, and decryption processes, along with security concerns like timing attacks and chosen ciphertext attacks. Additionally, the document explains the Diffie-Hellman key exchange method for securely sharing cryptographic keys between parties.

Engineering
1 of 38
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
PUBLIC-KEY CRYPTOGRAPHY CS432: Network Security
Private-Key Cryptography 2     Traditional private/secret/single key cryptography uses only One key Shared by both sender and receiver If this key is disclosed, communications are compromised Symmetric, parties are equal Does not protect sender from receiver forging a message & claiming is sent by sender
Public-Key Cryptography 3       Encryption and decryption are carried out using two different keys Public & Private key Asymmetric since parties are not equal Any party encrypts messages or verifies signatures can not decrypts messages or creates signatures Complements rather than replaces private key crypto All parties interested in secure communications publish their public keys No problem of key distribution Infeasible to determine private key from public key Provides confidentially and authentication
Public-Key Cryptography 4           Why Public-Key Cryptography? Key distribution In symmetric key cryptosystems: parties already shared a key, or they use Key Distribution Center (KDC) Digital signatures Verify a message Public-key cryptography involves the use of two keys: Public-key Known by anybody Used to encrypt messages Verify signatures Private-key Known only to the recipient Used to decrypt messages Sign (create) signatures
Confidentially & Authentication 5 Confidentiall y Authentication
Confidentially & Authentication 6 Confidentially & Authentication
Confidentially & Authentication 7
Confidentially & Authentication 8
Private-Key and Public-Key Cryptography 9
Public-Key Applications 10    Encryption/Decryption (provide Confidentially) Digital signatures (provide Authentication) Key exchange (of session keys)
Public-Key Requirements 11  Public-Key algorithms rely on two keys where: Computationally infeasible to find decryption key or plain text knowing only algorithm, encryption key, and ciphertext Computationally easy to encrypt/decrypt messages when the relevant (encrypt/decrypt) key is known
Public-Key Requirements 12   One-way function Maps a domain into a range such that every function value has a unique inverse Trap-door one-way function Easy to calculate in one direction and infeasible to calculate in the other direction unless certain additional information is known.
Security of Public Key Schemes 13    Brute force exhaustive search attack is always theoretically possible Keys used are too large (>512bits) Security relies on a large enough difference in difficulty between easy (encrypt/decrypt) and hard (cryptanalyze) problems Use of very large numbers Slow compared to private key schemes
RSA 14     By Rivest, Shamir & Adleman of MIT in 1977 Best known & widely used public-key scheme Based on exponentiation in a finite (Galois) field over integers modulo a prime Exponentiation takes O((log n)3) (easy) Uses large integers (eg. 1024 bits) Security due to cost of factoring large numbers Factorization takes O(elog n log log n) (hard)
RSA Setup 15       Each user generates a public/private key pair by: Selecting two large primes at random: p, q Computing their system modulus n=p.q ø(n)=(p-1)(q-1) Selecting at random the encryption key e, where: 1<e<ø(n) gcd(e,ø(n))=1 Solve following equation to find decryption key d d= e-1 mod ø(n) and 0≤d≤ø(n) Publish their public encryption key: PU={e,n} Keep secret private decryption key: PR={d,n} (p, q, ø(n), d) are secret
RSA Encryption and Decryption 16    To encrypt a message M the sender: Obtains public key of recipient PU={e,n} Computes: C = Me mod n, where 0≤M<n To decrypt the ciphertext C the owner: Uses their private key PR={d,n} Computes: M = Cd mod n M must be smaller than the modulus n (block if needed)
Power Reduction 17   When n is a product of two primes, in arithmetic operations modulo n, the exponents behave modulo the ø(n), if ø(n) < e Example: 57·54 mod 15 = 5(7+4) mod ø(15) mod 15 = 5(7+4) mod 8 mod 15 = 53 mod 15 = 125 mod 15 = 5
Why RSA Works? 18     Because of Euler's Theorem: aø(n) mod n = 1, where gcd(a,n)=1 RSA have: n=p.q ø(n)=(p-1)(q-1) e & d to be inverses mod ø(n) e.d=k.ø(n)+1 for some k Hence : Cd = Me.d = Mk.ø(n)+1 = M1.(Mø(n))k = M1.(1)k = M.1 = M mod n
RSA Example Key Setup 19        Select primes: p=17 & q=11 Calculate n = pq 17 x 11=187 Calculate ø(n)=(p‒1)(q-1) 16x10=160 Select e: gcd(e, ø(n))=1; 0≤e≤ø(n) Choose e=7 Determine d: d.e=1 mod ø(n) and 0≤d≤ø(n) d=23 since 23x7=161 mod ø(n) = 1 Publish public key PU={7,187} Keep secret private key PR={23,187}
RSA Example Encryption and Decryption 20    Given message M = 88 Encryption: C = 887 mod 187 = 11 Decryption: M = 1123 mod 187 = 88
Exponentiation 21       Use the Square and Multiply Algorithm Fast, efficient algorithm for exponentiation Based on repeatedly squaring base and multiplying in the ones that are needed to compute the result Look at binary representation of exponent Takes O(log2 n) multiples for number n Example: Solve 75 mod 11? 5 = (101)2 71 = 7 mod 11 = 7 72 = 49 mod 11 = 5 74 = 5.5 mod 11 = 25 mod 11 = 3 75 = 74.71 = 3.7 = 10 mod 11 = 10 Solve 3129 mod 11?
RSA Example n = p.q = 77 ø(n) = (p-1)(q-1) = 10 . 6 = 60 d = e-1 mod ø(n) = 37-1 d 60 = 13 C = Me = 1537 mod 77 37 = (100101)2 151= 15 mod 77 = 15 152 = 15.15 mod 77 = 225 mod 77 = 71 154 = 71.71 mod 77 = 5041 mod 11 = 36 158 = 36.36 mod 77 = 1296 mod 11 = 64 1516 = 64.64 mod 77 = 4096 mod 11 = 15 1532 = 15.15 mod 77 = 225 mod 11 = 71 1537 = 1532 .154 .151= 71.36.15 = 71 C = 71 M = Cd mod n = 7113 mod 77 13 = (1101)2 711 = 71 mod 77 = 71 712 = 71.71 mod 77 = 5041 mod 11 = 36 714 = 36.36 mod 77 = 1296 mod 11 = 64 718 = 64.64 mod 77 = 4096 mod 11 = 15 7113 = 718.714 .711 = 15.64.71 = 15 M = 15 22 Encryption Decryption  Let p=11, q=7, m=15, e=37 Show the calculation of encryption and decryption?
Efficient Encryption 23    Encryption uses exponentiation to power e If e small, this will be faster Examples: e=65537 (216-1), e=3, or e=17 If e is too small It is easy to be attacked using CRT
Efficient Decryption 24   Decryption uses exponentiation to power d It is likely to be large, insecure if not CRT could be used to compute modulo p and q separately Only the owner of the private key could use this technique (p and q are secret)
RSA Key Generation 25    RSA users must: Determine two primes at random - p, q Select either e or d and compute the other p,q must not be easily derived from modulus n=p.q Must be sufficiently large Exponents e, d are inverses So use Inverse algorithm to compute the other
RSA Security 26  Possible approaches to attacking RSA are: Brute force key search - infeasible given size of numbers Mathematical attacks - based on difficulty of computing ø(n), by factoring modulus n Timing attacks - on running of decryption Chosen ciphertext attacks - given properties of RSA
Factoring Problem 27    Mathematical approach takes three forms: Factor n=p.q, hence compute ø(n) and then d Determine ø(n) directly and compute d Find d directly All considered as factorization problem Best results reach 663 bits A key size that ranges between 1024 to 2048 is reasonable
Timing Attacks 28   Exploit timing variations in operations Multiplying by small vs large number Varying which instructions executed Infer operand size based on time taken Time taken in exponentiation Countermeasures Use constant exponentiation time Add random delays Blind values used in calculations
Chosen Ciphertext Attacks 29   RSA is vulnerable to a Chosen Ciphertext Attack Attackers chooses ciphertexts & gets decrypted plaintext back Choose ciphertext to exploit properties of RSA to provide extra information to help cryptanalysis Countermeasures Random pad of plaintext Optimal Asymmetric Encryption Padding (OASP)
Another RSA Example 30  Let p=197, q=211, m=28, e=17 Show the calculation of encryption and decryption?
Diffie-Hellman Key Exchange 31      Enable two users to securely exchange a key that can then be used for subsequent encryption of messages Exchange of a secret key Public-key distribution scheme Can not be used to exchange an arbitrary message It can establish a common key Known only to the two participants Value of key depends on the participants (and their private and public key information) Based on exponentiation in a finite (Galois) field - easy Security relies on the difficulty of computing discrete logarithms (similar to factoring) ‒ hard
Discrete Logarithm   If ‘a’ is a primitive root of the prime number p, then the numbers a mod p, a2 mod p,..., ap-1 mod p are distinct and consist of the integers from 1 through p-1 in some permutation. For any integer ‘b’ and a primitive root ‘a’ of prime number ‘p’, we can find a unique exponent ‘i’ such that b ≡ai (mod p) where 0≤ i≤ (p -1) The exponent i is referred to as the discrete logarithm of b for the base a, mod p. i=loga(b) mod p IS-876
Diffie-Hellman Setup 33     All users agree on global parameters: Large prime integer or polynomial q g being a primitive root mod q Each user (ex. A) generates their key Chooses a secret key (number): xA < q Compute their public key: yA = gxA mod q Each user makes public that key yA Primitive root of a prime number as one whose powers modulo generate all the integers from 1 to p-1
Diffie-Hellman Key Exchange 34     Shared session key for users A & B is KAB : KAB = gxA.xB mod q = yA xB mod q (which B can compute) = yB xA mod q (which A can compute) KAB is used as session key in private-key encryption scheme between Alice and Bob if Alice and Bob subsequently communicate, they will have the same key as before, unless they choose new public-keys attacker needs an x, must solve discrete log
Diffie-Hellman Example 35      Alice & Bob who wish to swap keys: Agree on prime q=353 and g=3 Select random secret keys: A chooses xA=97, B chooses xB=233 Compute respective public keys: yA=397 mod 353 = 40 (Alice) yB=3233 mod 353 = 248 (Bob) Compute shared session key as: KAB= yB xA mod 353 = 24897 = 160 (Alice) KAB= yA xB mod 353 = 40233 = 160 (Bob)
Key Exchange Protocols 36     Users could create random private/public D-H keys each time they communicate Users could create a known private/public D-H key and publish in a directory, then consulted and used to securely communicate with them Both of these are vulnerable to a Man-in-the- Middle Attack Authentication of the keys is needed
Man-in-the-Middle Attack 37         Mallory prepares by creating two private / public keys Alice transmits her public key to Bob Mallory intercepts this and transmits his first public key to Bob. Mallory also calculates a shared key with Alice Bob receives the public key and calculates the shared key (with Mallory instead of Alice) Bob transmits his public key to Alice Mallory intercepts this and transmits his second public key to Alice. Mallory calculates a shared key with Bob Alice receives the key and calculates the shared key (with Mallory instead of Bob) Mallory can then intercept, decrypt, re-encrypt, forward all messages between Alice & Bob
Man-in-the-Middle Attack 38

More Related Content

PPT
Rsa
ismaelhaider
 
PPT
Unit --3.ppt
DHANABALSUBRAMANIAN
 
PPT
Ch09
Joe Christensen
 
PPT
ch09_rsa_nemo.ppt
ChandraB15
 
PPT
Introduction to cryptography
Suresh Thammishetty
 
PPTX
RSA & MD5 algorithm
Siva Rushi
 
PPTX
3 pkc+rsa
Shashank Mishra
 
PPT
RSA Algorithm.ppt
ArchanaT30
 
Rsa
ismaelhaider
 
Unit --3.ppt
DHANABALSUBRAMANIAN
 
Ch09
Joe Christensen
 
ch09_rsa_nemo.ppt
ChandraB15
 
Introduction to cryptography
Suresh Thammishetty
 
RSA & MD5 algorithm
Siva Rushi
 
3 pkc+rsa
Shashank Mishra
 
RSA Algorithm.ppt
ArchanaT30
 

Similar to Public-Key Cryptography.pdfWrite the result of the following operation with the correct number of significant figure of 0.248? (20)

PPTX
Information and network security 33 rsa algorithm
Vaibhav Khanna
 
PPTX
Cloud computing and security 03
Akash Kamble
 
PPT
The RSA (Rivest, Shamir & Adleman ) Algorithm
devarahul1
 
PPT
PUBLIC KEY & RSA.ppt
RizwanBasha12
 
PPTX
Rivest Shamir Adleman Algorithm and its variant : DRSA.pptx
werip98386
 
PPT
Rsa
Navneet Sharma
 
PPT
Rsa diffi-network security-itt
rameshvvv
 
PDF
international security system data threats
gacop74666
 
PDF
PRINCIPLES OF INFORMATION SYSTEM SECURITY
gacop74666
 
PPTX
RSA Algm.pptx
Sou Jana
 
PPTX
Rsa cryptosystem
Abhishek Gautam
 
PPT
The rsa algorithm
Komal Singh
 
PPT
The Introduction to RSA Algorithm with numerical example
ramamoorthi24
 
PDF
Presentation on Cryptography_Based on IEEE_Paper
Nithin Cv
 
PPT
The rsa algorithm JooSeok Song
Information Security Awareness Group
 
PPT
The rsa algorithm
Marwa Hashem elsherif
 
PPT
The rsa algorithm
alagumani1984
 
PPTX
encryption and decryption ,and its types
josereena1
 
PDF
PKC&RSA
Anver S R
 
PDF
F010243136
IOSR Journals
 
Information and network security 33 rsa algorithm
Vaibhav Khanna
 
Cloud computing and security 03
Akash Kamble
 
The RSA (Rivest, Shamir & Adleman ) Algorithm
devarahul1
 
PUBLIC KEY & RSA.ppt
RizwanBasha12
 
Rivest Shamir Adleman Algorithm and its variant : DRSA.pptx
werip98386
 
Rsa
Navneet Sharma
 
Rsa diffi-network security-itt
rameshvvv
 
international security system data threats
gacop74666
 
PRINCIPLES OF INFORMATION SYSTEM SECURITY
gacop74666
 
RSA Algm.pptx
Sou Jana
 
Rsa cryptosystem
Abhishek Gautam
 
The rsa algorithm
Komal Singh
 
The Introduction to RSA Algorithm with numerical example
ramamoorthi24
 
Presentation on Cryptography_Based on IEEE_Paper
Nithin Cv
 
The rsa algorithm JooSeok Song
Information Security Awareness Group
 
The rsa algorithm
Marwa Hashem elsherif
 
The rsa algorithm
alagumani1984
 
encryption and decryption ,and its types
josereena1
 
PKC&RSA
Anver S R
 
F010243136
IOSR Journals
 
Ad

More from FahmiOlayah (17)

PPTX
Medical Gas Training (Medical Gas Station. Pipelines and stations) .pptx
FahmiOlayah
 
PPTX
Design For Quality(Why and what Quality in Design).pptx
FahmiOlayah
 
PDF
Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...
FahmiOlayah
 
PPT
endoscope.Motion Sensor Interfacing with Microcontrollerppt
FahmiOlayah
 
PDF
Computer Ethics _PENTAX VIDEODiagnostic endoscopy PROCESSOR EPK-1000 Chp 1.pdf
FahmiOlayah
 
PPTX
fffffDiagnostic endoscopyPENTAX VIDEO PROCESSOR EPK-1000f.pptx
FahmiOlayah
 
PPT
MedicalDevicesType K tube has thicker walls than Type L tube, and Type L wall...
FahmiOlayah
 
PDF
TRL102610-What is IT Governancedigital Transformation Plan Company ppt.pdf
FahmiOlayah
 
PPT
10447Safety and security and ways to use them558.ppt
FahmiOlayah
 
PPTX
SAFETY CONCERNlllSafety and security and ways to use them
FahmiOlayah
 
PPTX
11Jaundice is one of the most common conditions requiring medical attention...
FahmiOlayah
 
PPTX
Phototherapyhospital-website-project-proposal.pptx
FahmiOlayah
 
PPTX
1617ventilator tester analysis ppt36-leonardo-da-vinci-template-16x9.pptx
FahmiOlayah
 
PPTX
L4-IntroducClick to edit Master title styletion to logic.pptx
FahmiOlayah
 
PPTX
L9-files fClick to edit Master title styleormat.pptx
FahmiOlayah
 
PPT
60Click to edit Master title style467.ppt
FahmiOlayah
 
PPTX
Click to edit Master title styleClick to edit Master title style
FahmiOlayah
 
Medical Gas Training (Medical Gas Station. Pipelines and stations) .pptx
FahmiOlayah
 
Design For Quality(Why and what Quality in Design).pptx
FahmiOlayah
 
Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...
FahmiOlayah
 
endoscope.Motion Sensor Interfacing with Microcontrollerppt
FahmiOlayah
 
Computer Ethics _PENTAX VIDEODiagnostic endoscopy PROCESSOR EPK-1000 Chp 1.pdf
FahmiOlayah
 
fffffDiagnostic endoscopyPENTAX VIDEO PROCESSOR EPK-1000f.pptx
FahmiOlayah
 
MedicalDevicesType K tube has thicker walls than Type L tube, and Type L wall...
FahmiOlayah
 
TRL102610-What is IT Governancedigital Transformation Plan Company ppt.pdf
FahmiOlayah
 
10447Safety and security and ways to use them558.ppt
FahmiOlayah
 
SAFETY CONCERNlllSafety and security and ways to use them
FahmiOlayah
 
11Jaundice is one of the most common conditions requiring medical attention...
FahmiOlayah
 
Phototherapyhospital-website-project-proposal.pptx
FahmiOlayah
 
1617ventilator tester analysis ppt36-leonardo-da-vinci-template-16x9.pptx
FahmiOlayah
 
L4-IntroducClick to edit Master title styletion to logic.pptx
FahmiOlayah
 
L9-files fClick to edit Master title styleormat.pptx
FahmiOlayah
 
60Click to edit Master title style467.ppt
FahmiOlayah
 
Click to edit Master title styleClick to edit Master title style
FahmiOlayah
 
Ad

Recently uploaded (20)

PDF
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
PDF
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
PPTX
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
PDF
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
PDF
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
PDF
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
PPTX
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
PPTX
Geodesy 1.pptx...............................................
abhi1361yadav
 
PPTX
Construction Project Organization Group 2.pptx
vj5agdales
 
PDF
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
PPTX
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
PDF
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
PDF
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
PDF
composite construction of structures.pdf
AinieButt1
 
PPTX
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
PPTX
Welding lecture in detail for understanding
sahilpoonia10
 
PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PPTX
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
PDF
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
PDF
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
Geodesy 1.pptx...............................................
abhi1361yadav
 
Construction Project Organization Group 2.pptx
vj5agdales
 
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
composite construction of structures.pdf
AinieButt1
 
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
Welding lecture in detail for understanding
sahilpoonia10
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 

Public-Key Cryptography.pdfWrite the result of the following operation with the correct number of significant figure of 0.248?

  • 2. Private-Key Cryptography 2     Traditional private/secret/single key cryptography uses only One key Shared by both sender and receiver If this key is disclosed, communications are compromised Symmetric, parties are equal Does not protect sender from receiver forging a message & claiming is sent by sender
  • 3. Public-Key Cryptography 3       Encryption and decryption are carried out using two different keys Public & Private key Asymmetric since parties are not equal Any party encrypts messages or verifies signatures can not decrypts messages or creates signatures Complements rather than replaces private key crypto All parties interested in secure communications publish their public keys No problem of key distribution Infeasible to determine private key from public key Provides confidentially and authentication
  • 4. Public-Key Cryptography 4           Why Public-Key Cryptography? Key distribution In symmetric key cryptosystems: parties already shared a key, or they use Key Distribution Center (KDC) Digital signatures Verify a message Public-key cryptography involves the use of two keys: Public-key Known by anybody Used to encrypt messages Verify signatures Private-key Known only to the recipient Used to decrypt messages Sign (create) signatures
  • 10. Public-Key Applications 10    Encryption/Decryption (provide Confidentially) Digital signatures (provide Authentication) Key exchange (of session keys)
  • 11. Public-Key Requirements 11  Public-Key algorithms rely on two keys where: Computationally infeasible to find decryption key or plain text knowing only algorithm, encryption key, and ciphertext Computationally easy to encrypt/decrypt messages when the relevant (encrypt/decrypt) key is known
  • 12. Public-Key Requirements 12   One-way function Maps a domain into a range such that every function value has a unique inverse Trap-door one-way function Easy to calculate in one direction and infeasible to calculate in the other direction unless certain additional information is known.
  • 13. Security of Public Key Schemes 13    Brute force exhaustive search attack is always theoretically possible Keys used are too large (>512bits) Security relies on a large enough difference in difficulty between easy (encrypt/decrypt) and hard (cryptanalyze) problems Use of very large numbers Slow compared to private key schemes
  • 14. RSA 14     By Rivest, Shamir & Adleman of MIT in 1977 Best known & widely used public-key scheme Based on exponentiation in a finite (Galois) field over integers modulo a prime Exponentiation takes O((log n)3) (easy) Uses large integers (eg. 1024 bits) Security due to cost of factoring large numbers Factorization takes O(elog n log log n) (hard)
  • 15. RSA Setup 15       Each user generates a public/private key pair by: Selecting two large primes at random: p, q Computing their system modulus n=p.q ø(n)=(p-1)(q-1) Selecting at random the encryption key e, where: 1<e<ø(n) gcd(e,ø(n))=1 Solve following equation to find decryption key d d= e-1 mod ø(n) and 0≤d≤ø(n) Publish their public encryption key: PU={e,n} Keep secret private decryption key: PR={d,n} (p, q, ø(n), d) are secret
  • 16. RSA Encryption and Decryption 16    To encrypt a message M the sender: Obtains public key of recipient PU={e,n} Computes: C = Me mod n, where 0≤M<n To decrypt the ciphertext C the owner: Uses their private key PR={d,n} Computes: M = Cd mod n M must be smaller than the modulus n (block if needed)
  • 17. Power Reduction 17   When n is a product of two primes, in arithmetic operations modulo n, the exponents behave modulo the ø(n), if ø(n) < e Example: 57·54 mod 15 = 5(7+4) mod ø(15) mod 15 = 5(7+4) mod 8 mod 15 = 53 mod 15 = 125 mod 15 = 5
  • 18. Why RSA Works? 18     Because of Euler's Theorem: aø(n) mod n = 1, where gcd(a,n)=1 RSA have: n=p.q ø(n)=(p-1)(q-1) e & d to be inverses mod ø(n) e.d=k.ø(n)+1 for some k Hence : Cd = Me.d = Mk.ø(n)+1 = M1.(Mø(n))k = M1.(1)k = M.1 = M mod n
  • 19. RSA Example Key Setup 19        Select primes: p=17 & q=11 Calculate n = pq 17 x 11=187 Calculate ø(n)=(p‒1)(q-1) 16x10=160 Select e: gcd(e, ø(n))=1; 0≤e≤ø(n) Choose e=7 Determine d: d.e=1 mod ø(n) and 0≤d≤ø(n) d=23 since 23x7=161 mod ø(n) = 1 Publish public key PU={7,187} Keep secret private key PR={23,187}
  • 20. RSA Example Encryption and Decryption 20    Given message M = 88 Encryption: C = 887 mod 187 = 11 Decryption: M = 1123 mod 187 = 88
  • 21. Exponentiation 21       Use the Square and Multiply Algorithm Fast, efficient algorithm for exponentiation Based on repeatedly squaring base and multiplying in the ones that are needed to compute the result Look at binary representation of exponent Takes O(log2 n) multiples for number n Example: Solve 75 mod 11? 5 = (101)2 71 = 7 mod 11 = 7 72 = 49 mod 11 = 5 74 = 5.5 mod 11 = 25 mod 11 = 3 75 = 74.71 = 3.7 = 10 mod 11 = 10 Solve 3129 mod 11?
  • 22. RSA Example n = p.q = 77 ø(n) = (p-1)(q-1) = 10 . 6 = 60 d = e-1 mod ø(n) = 37-1 d 60 = 13 C = Me = 1537 mod 77 37 = (100101)2 151= 15 mod 77 = 15 152 = 15.15 mod 77 = 225 mod 77 = 71 154 = 71.71 mod 77 = 5041 mod 11 = 36 158 = 36.36 mod 77 = 1296 mod 11 = 64 1516 = 64.64 mod 77 = 4096 mod 11 = 15 1532 = 15.15 mod 77 = 225 mod 11 = 71 1537 = 1532 .154 .151= 71.36.15 = 71 C = 71 M = Cd mod n = 7113 mod 77 13 = (1101)2 711 = 71 mod 77 = 71 712 = 71.71 mod 77 = 5041 mod 11 = 36 714 = 36.36 mod 77 = 1296 mod 11 = 64 718 = 64.64 mod 77 = 4096 mod 11 = 15 7113 = 718.714 .711 = 15.64.71 = 15 M = 15 22 Encryption Decryption  Let p=11, q=7, m=15, e=37 Show the calculation of encryption and decryption?
  • 23. Efficient Encryption 23    Encryption uses exponentiation to power e If e small, this will be faster Examples: e=65537 (216-1), e=3, or e=17 If e is too small It is easy to be attacked using CRT
  • 24. Efficient Decryption 24   Decryption uses exponentiation to power d It is likely to be large, insecure if not CRT could be used to compute modulo p and q separately Only the owner of the private key could use this technique (p and q are secret)
  • 25. RSA Key Generation 25    RSA users must: Determine two primes at random - p, q Select either e or d and compute the other p,q must not be easily derived from modulus n=p.q Must be sufficiently large Exponents e, d are inverses So use Inverse algorithm to compute the other
  • 26. RSA Security 26  Possible approaches to attacking RSA are: Brute force key search - infeasible given size of numbers Mathematical attacks - based on difficulty of computing ø(n), by factoring modulus n Timing attacks - on running of decryption Chosen ciphertext attacks - given properties of RSA
  • 27. Factoring Problem 27    Mathematical approach takes three forms: Factor n=p.q, hence compute ø(n) and then d Determine ø(n) directly and compute d Find d directly All considered as factorization problem Best results reach 663 bits A key size that ranges between 1024 to 2048 is reasonable
  • 28. Timing Attacks 28   Exploit timing variations in operations Multiplying by small vs large number Varying which instructions executed Infer operand size based on time taken Time taken in exponentiation Countermeasures Use constant exponentiation time Add random delays Blind values used in calculations
  • 29. Chosen Ciphertext Attacks 29   RSA is vulnerable to a Chosen Ciphertext Attack Attackers chooses ciphertexts & gets decrypted plaintext back Choose ciphertext to exploit properties of RSA to provide extra information to help cryptanalysis Countermeasures Random pad of plaintext Optimal Asymmetric Encryption Padding (OASP)
  • 30. Another RSA Example 30  Let p=197, q=211, m=28, e=17 Show the calculation of encryption and decryption?
  • 31. Diffie-Hellman Key Exchange 31      Enable two users to securely exchange a key that can then be used for subsequent encryption of messages Exchange of a secret key Public-key distribution scheme Can not be used to exchange an arbitrary message It can establish a common key Known only to the two participants Value of key depends on the participants (and their private and public key information) Based on exponentiation in a finite (Galois) field - easy Security relies on the difficulty of computing discrete logarithms (similar to factoring) ‒ hard
  • 32. Discrete Logarithm   If ‘a’ is a primitive root of the prime number p, then the numbers a mod p, a2 mod p,..., ap-1 mod p are distinct and consist of the integers from 1 through p-1 in some permutation. For any integer ‘b’ and a primitive root ‘a’ of prime number ‘p’, we can find a unique exponent ‘i’ such that b ≡ai (mod p) where 0≤ i≤ (p -1) The exponent i is referred to as the discrete logarithm of b for the base a, mod p. i=loga(b) mod p IS-876
  • 33. Diffie-Hellman Setup 33     All users agree on global parameters: Large prime integer or polynomial q g being a primitive root mod q Each user (ex. A) generates their key Chooses a secret key (number): xA < q Compute their public key: yA = gxA mod q Each user makes public that key yA Primitive root of a prime number as one whose powers modulo generate all the integers from 1 to p-1
  • 34. Diffie-Hellman Key Exchange 34     Shared session key for users A & B is KAB : KAB = gxA.xB mod q = yA xB mod q (which B can compute) = yB xA mod q (which A can compute) KAB is used as session key in private-key encryption scheme between Alice and Bob if Alice and Bob subsequently communicate, they will have the same key as before, unless they choose new public-keys attacker needs an x, must solve discrete log
  • 35. Diffie-Hellman Example 35      Alice & Bob who wish to swap keys: Agree on prime q=353 and g=3 Select random secret keys: A chooses xA=97, B chooses xB=233 Compute respective public keys: yA=397 mod 353 = 40 (Alice) yB=3233 mod 353 = 248 (Bob) Compute shared session key as: KAB= yB xA mod 353 = 24897 = 160 (Alice) KAB= yA xB mod 353 = 40233 = 160 (Bob)
  • 36. Key Exchange Protocols 36     Users could create random private/public D-H keys each time they communicate Users could create a known private/public D-H key and publish in a directory, then consulted and used to securely communicate with them Both of these are vulnerable to a Man-in-the- Middle Attack Authentication of the keys is needed
  • 37. Man-in-the-Middle Attack 37         Mallory prepares by creating two private / public keys Alice transmits her public key to Bob Mallory intercepts this and transmits his first public key to Bob. Mallory also calculates a shared key with Alice Bob receives the public key and calculates the shared key (with Mallory instead of Alice) Bob transmits his public key to Alice Mallory intercepts this and transmits his second public key to Alice. Mallory calculates a shared key with Bob Alice receives the key and calculates the shared key (with Mallory instead of Bob) Mallory can then intercept, decrypt, re-encrypt, forward all messages between Alice & Bob