Cryptography, part 2
Types of Cryptography Shared secret cryptography “Conventional” cryptography “Symmetric” cryptography Public key cryptography “Asymmetric” cryptography
Shared Secret Crypto secret key ciphertext plaintext plaintext If the key is generated at the message source, then it must also be provided to the destination by means of some secure channel. A 3rd party could generate the key and securely deliver it to both source and destination. [s23] ciphertext Encryption algorithm Decryption algorithm plaintext plaintext
Requirements The algorithm must be strong enough that it is impractical to decrypt a message on the basis of the ciphertext alone. Shared secret crypto depends on the secrecy of the key, not the algorithm. Key security is the greatest problem in shared secret crypto (i.e., the key distribution problem).
Public-Key Cryptography Based on special highly “asymmetric” mathematical functions Requires the use of two keys that are inverses of one another The basis for the digital signature
A Simple Example Public key Private key ciphertext plaintext plaintext Decryption algorithm Encryption algorithm plaintext plaintext
Requirements Infeasible to determine the decryption key given only the algorithm and encryption key The algorithms must be powerful enough so that it is impractical to decrypt a message on the basis of the ciphertext alone.
Differences (1) Shared Secret Public Key The same algorithm with the same key is used for encryption and decryption. The sender and receiver must share the same algorithm and key. Public Key One algorithm is used for encryption and decryption with a pair of keys, one for encryption and one for decryption. The send and receiver must each have one of the matching pairs of keys.
Differences (2) Shared Secret Public Key The key must be kept secret. It is impossible or at least impractical to decipher a message if no other information is available. Knowledge of the algorithm plus samples of ciphertext must be insufficient to determine the key. Public Key One of the two keys must be kept secret. It is impossible or at least impractical to decipher a message if no other information is available. Knowledge of the algorithm plus one of the keys plus samples of ciphertext must be insufficient to determine the other key.
Foundation of PK Security Difficulty in factoring large primes Example: 18,206,927 408,508,091 Number of possible primes (hence keys) 2048 bits (standard for RSA) = 617 digits = 10512 possible primes 1082 atoms in the universe 9419 1933 18313 and 22307 220 digits (729 bits) factored in 2016
25195908475657893494027183240048398571429282126204032027777137836043662020707595556264018525880784406918290641249515082189298559149176184502808489120072844992687392807287776735971418347270261896375014971824691165077613379859095700097330459748808428401797429100642458691817195118746121515172654632282216869987549182422433637259085141865462043576798423387184774447907399342365848238242811981638150106748104516603773065620161967625613384414360383390441495263443219011465544454178424020924616515723350778707749817125772467962926386356373289912154831438167899885040445364023527381951378636564391212010397122822120720357
One-way functions Most common functions are invertible; for any F(x) = y, there is an F-1(y) = x. Multiplication and division DES A function which is easy to compute in one direction, but hard to compute in the other, is known as a one-way function. Hashing, modular arithmetic. A one-way function that can be easily inverted with an additional piece of knowledge is called a trapdoor one-way function.
One-way functions Public key encryption is based on the existence of trapdoor one-way functions. Encryption with the public key is easy. Decryption is computationally hard. Knowledge of the private key opens the trapdoor, making inversion easy. Password systems also use one-way functions.
Overview of RSA RSA is the most common and well-known public key cryptosystem Basic notation: a key pair (e,d) contains two keys: e is the public key (used to encrypt documents) d is the private key (used to decrypt documents) M is the plaintext message. Let R be the encryption function. R(e,M) = C. R(d,C) = M. - encryption R(d,M) = C’ R(e,C’) = M - signing R(e,R(d,M)) = M = R(d,R(e,M)) Same function is used for both operations.
The RSA Algorithm Pick two large (100 digit) primes p and q. Let n = pq Select a relatively small integer d that is prime to (p-1)(q-1) Find e, the multiplicative inverse of d mod (p-1)(q-1) (d,n) is the public key. To encrypt M, compute En(M) = Me(mod n) (e,n) is the private key. To decrypt C, compute De(C) = Cd(mod n)
Strengths of RSA No prior communication needed Highly secure (for large enough keys) Well-understood Allows both encryption and signing
Weaknesses of RSA Large keys needed (1024 bits is current standard) Relatively slow Not suitable for very large messages Public keys must still be distributed safely.
Security and Problem Difficulty
Security and Problem Difficulty RSA-155 (512 bit asymmetric-key) broken in 1999. Estimate: capability grows by ~4.25 digits per year. (approx.13-14 bits per year) 1024-bit RSA should be “secure” until 2037. Using Moore’s Law – 1024-bit is 7 million times harder than 512-bit So, we need a 7 millionX speedup to crack 1024-bit RSA with the same relative computational power. Also about 34 years. Question: How long does your data need to be secure?
Security Security of RSA based on difficulty of factoring Widely believed Best known algorithm takes exponential time In 1999, 512-bit challenge factored in 4 months using 35.7 CPU-years 160 175-400 MHz SGI and Sun 8 250 MHz SGI Origin 120 300-450 MHz Pentium II 4 500 MHz Digital/Compaq In 2005, a team of researchers factored the RSA-640 challenge number using 30 2.2GHz CPU years In 2004, the prize for factoring RSA-2048 was $200,000 Estimated resources needed to factor a number within one year Length (bits) PCs Memory 430 1 128MB 760 215,000 4GB 1,020 342106 170GB 1,620 1.61015 120TB
Quantum Cryptography
Elements of the Quantum Theory Light waves are propagated as discrete quanta called photons. They are massless and have energy, momentum and angular momentum called spin. Spin carries the polarization. If on its way we put a polarization filter a photon may pass through it or may not. We can use a detector to check of a photon has passed through a filter.
Heisenberg Uncertainty Principle Certain pairs of physical properties are related in such a way that measuring one property prevents the observer from knowing the value of the other. When measuring the polarization of a photon, the choice of what direction to measure affects all subsequent measurements. If a photon passes through a vertical filter it will have the vertical orientation regardless of its initial direction of polarization.
Quantum Cryptography Process 1
Polarization by a filter A pair of orthogonal filters such as vertical/horizontal is called a basis. A pair of bases is conjugate if the measurement in the first basis completely randomizes the measurements in the second basis. As in the previous slide example for =45deg.
Sender-receiver of photons Suppose Alice uses 0-deg/90-deg polarizer sending photons to Bob. But she does not reveal which. Bob can determine photons by using filter aligned to the same basis. But if he uses 45deg/135 deg polarizer to measure the photon he will not be able to determine any information about the initial polarization of the photon. The result of his measurement will be completely random
Photon Polarization Tilted filter at the angle Vertical filter The probability of a photon appearing after the second filter depends on the angle and becomes 0 at = 90 degrees. The first filter randomizes the measurements of the second filter.
Quantum Cryptography 2
Eavesdropper Eve If Eve uses the filter aligned with Alice’s she can recover the original polarization of the photon. If she uses the misaligned filter she will receive no information about the photon . Also she will influence the original photon and be unable to retransmit it with the original polarization. Bob will be able to deduce Ave’s presence.
Quantum Cryptography 3
Binary information A user can suggest a key by sending a stream of randomly polarized photons. This sequence can be converted to a binary key. If the key was intercepted it could be discarded and a new stream of randomly polarized photons sent.
Quantum key distribution (a)Alice communicates with Bob via a quantum channel sending him photons. (b) Then they discuss results using a public channel. (c) After getting an encryption key Bob can encrypt his messages and send them by any public channel.
Security of quantum key distribution Quantum cryptography obtains its fundamental security from the fact that each qubit is carried by a single photon, and each photon will be altered as soon as it is read. This makes impossible to intercept message without being detected.
Noise The presence of noise can impact detecting attacks. Eavesdropper and noise on the quantum channel are indistinguishable. (1) Malicious eavesdropper can prevent communication. (2) Detecting eavesdropper in the presence of noise is hard.