Session 4 Asymmetric ciphers
Contents Definition of asymmetric (public key) ciphers Applications of asymmetric ciphers The public key encipherment procedure The RSA public key cipher system
Asymmetric cipher definition The general cryptographic procedure: A Plaintext KEY decipher decrypt Cryptanalysis Ciphertext encipher B
Asymmetric cipher definition In a symmetric cipher system, the same key is delivered to both participants in advance, via a secure channel. If there are n participants, the keys have to be distributed pairwise, i.e. Each participant is given n -1 different keys The total number of keys is n (n -1)/2. Consequence: problems with distribution, storage and updating of keys.
Asymmetric cipher definition An alternative key distribution system is needed, or a different cipher system. There is not much flexibility left within a symmetric cipher system to distribute the keys in a better way. Then we need a cipher system that would NOT use the secure channel to distribute the keys.
Asymmetric cipher definition How can we define such a system? Does such a system exist? If such a system exists in theory, can we realize it in practice? What is the security of such a system?
Asymmetric cipher definition Diffie-Hellman’s definition of a public key (or asymmetric) cipher system (1976) (1): Let {K } be a finite key space and let {M } be a finite message space. A public key cipher system is a pair of families of transformations and representing irreversible transformations:
Asymmetric cipher definition Diffie-Hellman’s definition of a public key (or asymmetric) cipher system (1976) (2): In such a system, the following holds: For every K{K }, EK is the inverse of DK For every K{K } and M{M }, the algorithms EK and DK are easy to compute For almost every K{K }, each easily computed algorithm equivalent to DK is computationally infeasible to derive from EK For every K{K }, it is feasible to compute inverse pairs EK and DK from K.
Asymmetric cipher definition From the property 3, EK can be made public, without compromising DK From the property 4, there is a guarantee that there is a feasible way of computing corresponding pairs of inverse transformations EK and DK.
Asymmetric cipher definition Given a system of this kind, the problem of key distribution is vastly simplified: Each participant generates a pair of inverse transformations, E and D. The deciphering transformation D must be kept secret but need not be transmitted by any channel – we do not need a secure channel. The enciphering transformation E can be made public – placed in a public directory.
Asymmetric cipher definition But we still do not know whether such a cipher system is (theoretically) possible. One of the possibilities to theoretically well define such a system is through so called one-way functions.
Asymmetric cipher definition A function y =f (x ) is a one-way function if For any x, it is feasible to compute f (x ) For almost all y in the range of f, it is computationally infeasible to solve the equation x =f -1(y ), for any x in the domain.
Asymmetric cipher definition The function f is not invertible from the computational point of view. A special class of one-way functions is of interest in the public key context – trap-door one-way functions.
Asymmetric cipher definition A trap-door one-way function A simply computed inverse exists But given f, it is conditionally computationally infeasible to find a simply computed inverse Only through knowledge of certain trap-door information can easily computed inverse be found.
Asymmetric cipher definition The problem Strictly mathematically speaking, the existence of (trap-door) one-way functions has not been proved yet. There are functions that have properties similar to these functions – we believe that they are candidates for (trap-door) one-way functions.
Asymmetric cipher definition Rivest-Shamir-Adleman’s (RSA’s) definition of an asymmetric (public key) cipher system (1977) (1): Let E be an encipherment transformation and let D be the corresponding decipherment transformation.
Asymmetric cipher definition RSA’s definition of an asymmetric (public key) cipher system (1977) (2): The properties of E and D D (E (M ))=M Both E and D are feasible to compute Publicly revealing E does not reveal a feasible way to compute D E (D (M ))=M
Asymmetric cipher definition A function E satisfying the properties 1-3 is a trap-door one-way function. A function E satisfying the properties 1-4 is a trap-door one-way permutation (one-one and onto).
Applications of asymmetric ciphers Confidentiality Integrity – digital signatures Authentication – hash functions Key exchange
The public key encipherment procedure The participants in the communication are usually given names, such as Alice and Bob. Alice uses the transformation EA for encipherment and DA for decipherment Bob uses the transformation EB for encipherment and DB for decipherment.
The public key encipherment procedure Illustration-confidentiality: Alice sends an enciphered message to Bob
The public key encipherment procedure Alice takes EB from a public directory DB is kept secret by Bob. It is not transmitted by any means – no secure channel is needed.
The public key encipherment procedure The confidentiality protocol
The RSA public key cipher system The prerequisites: each participant does the following (1): Generates two large distinct random primes p and q, approximately of the same size (if encoded in bits) Computes n =pq and (n )=(p -1)(q -1) Selects a random integer e, 1<e < (n ), such that (e, (n ))=1
The RSA public key cipher system The prerequisites: each participant does the following (2): Computes the unique integer d, 1<d < (n ) such that ed 1 (mod (n )). This can be done by means of the extended Euclidean algorithm. The public key is (n,e ) and the private key is d.
The RSA public key cipher system Encipherment: Alice enciphers a message for Bob Obtains Bob’s authentic public key (nB,eB) Represents the message in a form of an integer m on the segment [0,nB -1] Computes Sends c to Bob.
The RSA public key cipher system Decipherment: Bob deciphers the message enciphered by Alice Bob uses his private key dB to compute m is converted to a meaningful text.
The RSA public key cipher system The security of the RSA cipher system lies in the hope that the encipherment function is a one-way function. The trap-door is the knowledge of the factorization of n. This knowledge allows Bob to decipher.
The RSA public key cipher system To realize RSA in practice we need (1) Random primes Generating random numbers Primality testing Euler’s function (n )
The RSA public key cipher system To realize RSA in practice we need (2) Extended Euclidean algorithm Multiplicative inverse Modular exponentiation – to compute powers with large exponents
Random primes Random primes generation Generate a random integer m If m is even, replace m by m +1 Test if m is prime If m is not prime, test if m +2 is prime, etc.
Random primes Theorem (the prime number theorem) If m is chosen at random, the probability that m is prime is approximately 1/ln m. Consequence: we can expect to test ln m numbers for primality.
Random primes Example: if m can be represented with 512 bits, (i.e. the maximum representable integer is 2256-1) then ln m 177, which means that we have to test approximately 177 integers before we find a prime of that size.
Random primes Primality testing In practice, probabilistic (Monte Carlo) algorithms for testing primality are used, e.g. Solovay-Strassen Miller-Rabin These algorithms are fast, but they may give an integer that is not a prime at output, but the probability of this is small.
The Euler’s function (n ) Let n be a positive integer. The Euler’s function (n ) is defined to be the number of positive integers b less than or equal to n, which are relatively prime to n, i.e.
The Euler’s function (n ) Theorem - computing (n ) Given a positive integer n with the factorization Then
The Euler’s function (n ) Example – RSA n =pq, where p and q are primes Then (n ) = (p1-p 0)(q1-q 0)=(p -1)(q -1)
Extended Euclidean algorithm Euclidean algorithm - computes (a,b), given integers a and b
Extended Euclidean algorithm Example: find (1180,482) 1180 = 2482 + 216 482 = 2216 + 50 216 = 450 + 16 50 = 316 + 2 16 = 82 + 0 So, (1180,482)=2
Extended Euclidean algorithm Theorem – extended Euclidean algorithm Let d =(a,b), where a >b. Then there exist integers u and v such that d =ua +vb.
Extended Euclidean algorithm Example 1180=2482+216 482=2216+50 216=450+16 50=316+2 16=82+0 2=50-316= =50-3(216-450)= =1350-3216= =13(482-2216)-3216= =13482-29216= =13482-29(1180-2482)= =71482-291180 So, u =-29, v =71
Multiplicative inverse Arithmetic modulo m Zm is defined to be the set G = {0,...,m -1}, equipped with two operations, + and , i.e. Zm is a structure (G,+,) The results of addition and multiplication are reduced modulo m
Multiplicative inverse The structure (G,+) satisfies the axioms of the group – additive group: Closure: Associativity: Existence of the identity (neutral) element Existence of the inverse elements
Multiplicative inverse The structure (G,) satisfies closure, associativity and the existence of the neutral element, but does not satisfy the existence of inverse element for each element of G (in general). Such a structure (G,+,) is called a ring.
Multiplicative inverse Multiplicative inverse – inverse of an element of the structure (G,) of the ring Zm Theorem An element a of Zm has a multiplicative inverse if and only if (a,m )=1
Multiplicative inverse Let a be an element of Zm and let (a,m )=1 (i.e. a and m are mutually prime). This can be shown by Euclidean algorithm. Then by extended Euclidean algorithm we get 1=ua +vm
Multiplicative inverse Taking modulo m of the both sides of the expression 1=ua +vm we get 1ua (mod m ) This means that u is the multiplicative inverse of a modulo m.
Multiplicative inverse Example Find the multiplicative inverse of 2 in Z17. The Euclidean algorithm gives 17=82+1 2=21+0 The extended Euclidean algorithm gives 1=17-82 Taking modulo 17 of both sides gives 1-82 (mod 17), or equivalently 192 (mod 17), i.e. 9=2-1
Modular exponentiation Modular exponentiation is computing bn (mod m ) Let (n0,n1,...,nk-1) be the binary representation of n, i.e. n =n0+2n1+22n2+...+2k-1nk-1 The binary representation of n is obtained by means of the “arrow algorithm”
Modular exponentiation The “arrow algorithm” – convert from base 10 to any base B Get the last digit of the converted number by dividing n by B and taking the remainder Replace n by the quotient Repeat until the quotient is 0.
Modular exponentiation The modular exponentiation algorithm
Modular exponentiation Example: compute 3875 (mod 103) We first convert the exponent 75 to base 2 Thus 7510=(1001011)2 Then we run 7 iterations of the algorithm, using b =38, n =75 and m =103.
Modular exponentiation The algorithm flow
Modular exponentiation So at the output the algorithm gives that 3875 (mod 103)=79 Alternatively, we can pre-compute the values Each such value is obtained by squaring the previous one and taking modulo m.
Modular exponentiation What the algorithm actually does is to compute 3875 as Then we have
Example – RSA encipher and decipher Bob does the following (1): Chooses p =11 and q =13 Computes n =1113=143 and (n )=1012=120 Sets e =7 and checks with EA that (e, (n ))=1, i.e. (7,120)=1. Indeed, 120=177+1
Example – RSA encipher and decipher Bob does the following (2): Applies EEA to find that 7-1-17103 (mod 120), so d =103 Posts his public key (143,7) in a public repository and keeps the private key d =103 secret.
Example – RSA encipher and decipher Alice wants to encipher the message 5 and to send the ciphertext to Bob (1) Obtains Bob’s public key (143,7) Computes c =57 (mod 143) As 7=(111)2, Alice carries out the pre-computations 51=5, 52=25, 54=252=53 (all mod 143)
Example – RSA encipher and decipher Alice wants to encipher the message 5 and to send the ciphertext to Bob (2) c=57=52553=47 (mod 143) c=47 is sent to Bob
Example – RSA encipher and decipher Bob receives c =47 and deciphers (1) Computes m =47103 mod 143 As 103=(1100111)2, Bob carries out the pre-computations 471=47, 472=64, 474=92, 478=27, 4716=14, 4732=53 and 4764=92 (all mod 143)
Example – RSA encipher and decipher Bob receives c =47 and deciphers (2) m =47103=4764925392=5 (mod 143)