Network and Communications Network Security Department of Computer Science Virginia Commonwealth University

Topics Elements of Number Theory Public-Key Cryptography – Principles – Knapsack Algorithm – RSA algorithm – Computational aspects – Diffie – Hellman Key Exchange

Elements of Number Theory

Modular Arithmetic Modular Arithmetic is commutative, associative and distributive (a+b) mod n = ((a mod n) + (b mod n)) mod n (a*b) mod n = ((a mod n ) * (b mod n)) mod n (a*(b+c)) mod n = (((a*b) mod n) + ((a*c) mod n)) mod n 23 = 11 (mod 12) A = b (mod n) if a = b+kn for some integer k

Why Modular Arithmetic? Easy to compute with computer! Since it restricts the range of all intermediate values and result. For a k bit modulus, n, operation, the intermediate results of any +, -, *,/ will not be more than 2 k bit long Ex. a x mod n (a*a*a*a*a*a*a*a) mod n (a 2 mod n) 2 mod n) 2 mod n What id x is not a power of 2? a 25 mod n ? 25 = a 25 mod n = (a 16 * a 8 * a) mod n = ((a 2 *a) 8 *a) mod n = (a 2 *a) 2 ) 2 ) 2 *a) mod n = ((((((a 2 % n)*a) mod n) 2 ) mod n) 2 ) mod n) 2 ) mod n*a) mod n

Prime and Relatively Prime Numbers Any integer p>1 is a prime number if its only divisors are ±1 and ±p. Two integers a and b are relatively prime if they have no prime factors in common, that is, if their only common factor is 1. Equivalently, a and b are relatively prime if gcd(a,b)=1

Prime numbers >2 512

Fermat’s Theorem If p is prime and a is a positive integer not divisible by p, then a p-1 Ξ 1 mod p Alternatively, a p Ξ a mod p

Euler’s Totient Function Euler’s Totient Function Φ(n) is the number of positive integers less than n and relatively prime to n.

Euler’s Theorem For every a and n that are relatively prime, if GCD(a,n) = 1, then a Φ(n) Ξ 1 mod n Alternatively, a Φ(n)+1 Ξ a (mod n)

Inverse Modulo a Number What is the inverse of 4 in modulo 7 system 4*x = 1 (mod 7) Inverse of 2, modulo 14 In general a -1 = x (mod n) if a & n are relatively prime a Φ(n) mod n Ξ 1 x= a Φ(n)-1 mod n Inverse of 5, modulo7? Since Φ(n) = 6, X = mod 7 = 5 5 mod 7 = 3

Primitive Root Primitive Root of a prime number p is one whose powers generate all integers from 1 to p-1. If a is a primitive root of the prime number p, then the numbers a mod p, a 2 mod p, … a p-1 mod p are distinct and consist of integers from 1 to (p-1) in some permutation. 7? 3 0 = 13 1 = 33 2 = 23 3 = 63 4 = = 5

Public-Key Cryptography

Public Key Cryptography All Cryptographic Systems before this were based on Substitutions and Permutations Public-key cryptography is based on mathematical Functions Asymmetric – Uses two separate keys Use of two keys has profound consequences in : – Confidentiality – Authentication – Key Distribution

Public-Key Encryption: Myths and Realities Myth: More Secure than conventional encryption Reality: Security of any encryption depends on key length and computational effort required in breaking a cipher Myth: General purpose technique that has made conventional encryption obsolete Reality: Public-key cryptography has lot of computational overhead that makes it impractical in many applications Myth: Facilitates easy key distribution Reality: Requires some protocol, generally involving a central agent

Public-key Cryptography: Basics Six ingredients of the Scheme Plaintext, Public Key, Private Key, Encryption algorithm, Decryption Algorithm, Ciphertext Essential Steps (for communication from A to B at each end System/User) A and B Generate a pair of keys (public, private) A and B publish public key in a public register/file A encrypts message using B’s public key (for confidentiality) or using A’s private key (for authentication) B decrypts message using B’s private key (for confidentiality) or using A’s public key (for authentication)

Confidentiality Using Public-key System

Authentication Using Public-key System

Confidentiality and Authentication Using Public-key System

Conventional and Public-Key Encryption: A Comparison Conventional Encryption Needed to Work: 1. The same algorithm with the same key is used for encryption and decryption. 2. The sender and receiver must share the algorithm and the key. Needed for Security: 1. The key must be kept secret. 2. It must be impossible or at least impractical to decipher a message if no other information is available. 3. Knowledge of the algorithm plus samples of ciphertext must be insufficient to determine the key. Public Key Encryption Needed to Work: 1. One algorithm is used for encryption and decryption with a pair of keys, one for encryption and one for decryption. 2. The sender and receiver must each have one of the matched pair of keys (not the same one). Needed for Security: 1. One of the two keys must be kept secret. 2. It must be impossible or at least impractical to decipher a message if no other information is available. 3. Knowledge of the algorithm plus one of the keys plus samples of ciphertext must be insufficient to determine the other key.

Requirements for Public-Key Cryptography 1. Computationally easy for a party B to generate a pair (public key KU b, private key KR b ) 2. Easy for sender to generate ciphertext: 3. Easy for the receiver to decrypt ciphertect using private key:

Requirements for Public-Key Cryptography (contd.) 4. Computationally infeasible to determine private key (KRb) knowing public key (KUb) 5. Computationally infeasible to recover message M, knowing KUb and ciphertext C 6. Either of the two keys can be used for encryption, with the other used for decryption:

Public-Key Cryptographic Algorithms KnapSack, Diffie-Hellman and RSA Diffie-Hellman – Exchange a secret key securely – Based on difficulty of discrete logarithms RSA - Ron Rivest, Adi Shamir and Len Adleman at MIT, in – RSA is a block cipher – Based on difficulty of prime factorization – The most widely implemented

Knapsack Algorithm Given a set of values M 1, M 2,..M n and a sum S compute b i such that S = b 1 M 1 + b 2 M 2 + … + b n M n 1, 5, 6, 11, 14, 20 S = 22 Super increasing Knapsack {1,3,13,27,52} 5, 6, 11 What if S = 24?

Example {2,3,6,13,27,52} Fins n > sum of all weight and multiplier such that gcd(m,n) = 1 Do multiplication (31,105) 2*31 mod 105 = 62,… – {62,93,81,88,102,37} = = 174 = C 174 *61 mod 105 = 9 = 3+6 = mod 105 ? mod 105

RSA Algorithm: Basics Block Cipher – Block has binary value Block Size ≤ log 2 (n) – Block Size k bits: 2 k <n ≤2 k+1 M: message; C: ciphertext; {e,n}: public key; {d,n}: private key Both Sender and receiver know n; Sender knows e, receiver knows d. C = M e mod n M = C d mod n = (M e ) d mod n = M e d mod n Requirements: – Possible to find e,d,n s.t. M e d = M mod n for all M<n – Relatively easy to compute M e and C d for all M<n – Infeasible to determine d given e and n

Relationship between d and e Required: M ed = M mod n Corollary to Euler’s theorem – Given two prime numbers p and q and two integers m and n such that n=pq and 0<m<n and an arbitrary integer k,: m kΦ(n)+1 = m k(p-1)(q-1)+1 Ξ m mod n, where Φ(n) is the Euler Totient Function From the above, ed = KΦ(n)+1 satisfies the requirement  ed =1 mod Φ(n) d Ξ e -1 mod Φ(n)  e and d are multiplicative inverses mod Φ(n)

The RSA Algorithm – Key Generation 1. Select p,q p and q both prime 2. Calculate n = p x q 3. Calculate 4. Select integer e 5. Calculate d 6. Public KeyKU = {e,n} 7. Private keyKR = {d,n}

The RSA Algorithm - Encryption Plaintext:M<n Ciphertext:C = M e (mod n)

The RSA Algorithm - Decryption Ciphertext:C Plaintext:M = C d (mod n)

Example of RSA Algorithm For this example, they keys were generated as follows: 1.Select two prime numbers, p = 7 and q = 17 2.Calculate n = pq = 7 x 17 = Calculate Φ(n) = (p-1)(q-1) = 96 4.Select e such that e is relatively prime to Φ(n)=96 and less than Φ(n); in this case e = 5 5.Determine d such that de = 1 mod 96 and d< 96. The correct value is d=77, because 77 x 5 = 385 = 4 x The resulting keys are public key KU = {5, 119} are private key KR= {77, 119}. The example shows the use of these keys for a plaintext input of M = 19.

Computational Aspects Raising an integer to an integer power mod n (M e, C d ) – fast exponentiation algorithms – Useful property of modular arithmetic: (a x b) mod n = [(a mod n) x (b mod n)] mod n Finding Large Prime Numbers (p,q) – Currently, no useful techniques to yield arbitrarily large primes – Generate a random odd number and test for primality Probabilistic algorithms (ex Miller-Rabin algorithm) Selecting e(d) and calculating d(e) – Extended Euclid’s algorithm

Security of RSA Three kinds of attacks: Brute force: trying all possible private keys Mathematical attacks: approaches to factoring the product of two primes Suggestions: – p,q differ in length by only a few digits. (p,q order of to ) – Both (p-1) and (q-1) should contain a large prime factor – gcd(p-1, q-1) should be small Timing attacks: based on running time of decryption algorithm Countermeasures: – Ensure constant exponentiation time – Add random delay to exponentiation algorithm – Bliding (multiply ciphertext by a random number before exponentiation)

Diffie - Hellman Key Exchange Scheme First published public-key algorithm (1976) Based on difficulty of computing Discrete Logarithms Enables two users to exchange a key securely to be used for subsequent message encryption Several commercial products based on this technique

Diffie - Hellman Key Exchange Algorithm

Diffie – Hellman Key Exchange Operation q, α are required to be known ahead of time ( or A could pick q and α and include in the first message)

Diffie – Hellman Exchange Example Key exchange is based on the use of prime number q=97 and a primitive root of 97, in this case α = 5. A and B select secret keys X A =36 and X B =58, respectively. Each computes its public key: K = (Y B ) X A mod 97 = = 75 mod 97 K = (Y A ) X B mod 97 = = 75 mod 97 From X A, X B, an attacker cannot easily compute 75.

Diffie – Hellman Exchange Example Key exchange is based on the use of prime number q=97 and a primitive root of 97, in this case α = 5. A and B select secret keys XA=36 and XB=58, respectively. Each computes its public key: K = (Y B ) X A mod 97 = = 75 mod 97 K = (Y A ) X B mod 97 = = 75 mod 97 From [50,44], an attacker cannot easily compute 75.

For any integer ‘b’ and a primitive root ‘a’ of prime number ‘p’, one can find a unique exponent ‘i’ such that b = a i mod p where 0 ≤ i ≤ (p-1) The exponent ‘i’ is called the Discrete Logarithm or index of b for the base a mod p. Given a,i, and p, it is straightforward to compute b. Given a,b, and p, it is computationally infeasible to compute the discrete logarithm i.