Public Key Cryptography and RSA
Public Key Cryptography and RSA
Public Key Cryptography and RSA
Public-Key Cryptosystem
Public-Key algorithms rely on two keys with the following characteristics:
computationally infeasible to find decryption key knowing only algorithm &
encryption key computationally easy to en/decrypt messages when the relevant
Public-Key Cryptosystems
1. 2. 3. A public-key encryption scheme has six ingredients; (Refer fig. on next slide) Plaintext: This is the readable message or data that is fed into the algorithm as input. Encryption algorithm: The encryption algorithm performs various transformations on the plaintext. uses two keys a Public-Key, which may be known by anybody, and can be used to encrypt
messages, and verify signatures
a Private-Key, known only to the recipient, used to decrypt messages, and sign (create) signatures
4.
5.
Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the key. For a given message, two different keys will produce two different ciphertexts. Decryption algorithm: This algorithm accepts the ciphertext and the matching key and produces the original plaintext.
Public-Key Cryptography
Public-Key Cryptosystems
The essential steps are the following: 1. Each user generates a pair of keys to be used for the encryption and decryption of messages. 2. Each user places one of the two keys in a public register or other accessible file. This is the public key. The companion key is kept private. As Figure (last slide) suggests, each user maintains a collection of public keys obtained from others. 3. If Bob wishes to send a confidential message to Alice, Bob encrypts the message using Alice's public key. 4. When Alice receives the message, she decrypts it using her private key. No other recipient can decrypt the message because only Alice knows Alice's private key.
Y = E(PUb, X) X = D(PRb, Y)
Y = E(PRa, X) X = E(PUa, Y)
Public-Key Applications
Application/use of public-key systems are characterized by the use of two keys in the algorithm. Depending on the application, the sender uses either the sender's private key or the receiver's public key, or both, to perform some type of cryptographic function.
Public-Key Applications
some algorithms are suitable for all uses, others are specific to one
1.
3.
4.
5.
RSA
by Rivest, Shamir & Adleman of MIT in 1977 best known & widely used public-key scheme uses large integers (eg. 1024 bits) security due to cost of factoring large numbers Two parts: 1. 2. RSA Setup / Keys Generation RSA Use / Encryption-Decryption
p, q
primes
p,q
n=p.q
exponents
e, d
n=p.q
publish their public encryption key: keep secret private decryption key:
PU={e,n} PR={d,p,q}
computes: M = Cd mod n
RSA Summary
RSA Example
1. Select primes: p=17 & q=11
2.
3. 4. 5.
Compute:
Compute: Select e: Determine d:
n = pq =1711=187
(n)=(p1)(q-1)=1610=160 gcd(e, (n))= gcd(e,160)=1; choose e=7 d.e1 mod 160 and d < 160; .........since 237=161 ; PU={7,187} ; PR={23,17,11}
So the value is d=23 6. 7. Publish public key Keep secret private key PU={e,n} PR={d,p,q}
M = 88
decryption:
M = 1123 mod 187 = 88
Perform encryption and decryption using the RSA algorithm, as in Figure 9.6, for the following: p = 3; q = 11, e = 7; M = 5 p = 5; q = 11, e = 3; M = 9 p = 7; q = 11, e = 17; M = 8 p = 11; q = 13, e = 11; M = 7
1. 2. 2. 3.
Solutions: 1. n = 33; (n) = 20; d = 3; C = 26. 2. n = 55; (n) = 40; d = 27; C = 14. 3. n = 77; (n) = 60; d = 53; C = 57. 4. n = 143; (n) = 120; d = 11; C = 106.
RSA Security
three approaches to attacking RSA:
brute force key search (infeasible given size of numbers) mathematical attacks (based on difficulty of computing (n), by factoring modulus n) timing attacks (on running of decryption)
Factoring Problem
mathematical approach takes 3 forms:
factor n=p.q, hence find (n) and then d determine (n) directly and find d find d directly
Timing Attacks
developed in mid-1990s exploit timing variations in operations
eg. multiplying by small vs large number or IF's varying which instructions executed
infer operand size based on time taken RSA exploits time taken in exponentiation countermeasures
use constant exponentiation time add random delays blind values used in calculations