Public Key Cryptography

symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if never “met”)? public key cryptography radically different approach [Diffie- Hellman76, RSA78] sender, receiver do not share secret key public encryption key known to all private decryption key known only to receiver

Public key cryptography plaintext message, m ciphertext encryption algorithm decryption algorithm Bob’s public key plaintext message K (m) B + K B + Bob’s private key K B - m = K ( K (m) ) B + B -

Public key encryption algorithms need K ( ) and K ( ) such that B B.. given public key K, it should be impossible to compute private key K B B Requirements: 1 2 RSA: Rivest, Shamir, Adelson algorithm + - K (K (m)) = m B B

RSA: Choosing keys 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. Public key is (n,e). Private key is (n,d). K B + K B -

RSA: Encryption, decryption 0. Given (n,e) and (n,d) as computed above 1. To encrypt bit pattern, m, compute c = m mod n e (i.e., remainder when m is divided by n) e 2. To decrypt received bit pattern, c, compute m = c mod n d (i.e., remainder when c is divided by n) d m = (m mod n) e mod n d Magic happens! c

RSA: Why is that m = (m mod n) e mod n d (m mod n) e mod n = m mod n d ed Useful number theory result: If p,q prime and n = pq, then: x mod n = x mod n yy mod (p-1)(q-1) = m mod n ed mod (p-1)(q-1) = m mod n 1 = m (using number theory result above) (since we chose ed to be divisible by (p-1)(q-1) with remainder 1 )

RSA: another important property The following property will be very useful later: K ( K (m) ) = m B B - + K ( K (m) ) B B + - = use public key first, followed by private key use private key first, followed by public key Result is the same!

Public-Key Cryptography Principles The use of two keys has consequences in: key distribution, confidentiality and authentication. The scheme has six ingredients (see Figure 3.7) –Plaintext –Encryption algorithm –Public and private key –Ciphertext –Decryption algorithm

Encryption using Public-Key system

Authentication using Public-Key System

Applications for Public-Key Cryptosystems Three categories: –Encryption/decryption: The sender encrypts a message with the recipient’s public key. –Digital signature: The sender ”signs” a message with its private key. –Key exchange: Two sides cooperate to exhange a session key.

Requirements for Public-Key Cryptography 1.Computationally easy for a party B to generate a pair (public key KU b, private key KR b ) 2.Easy for the sender to generate ciphertext: 3.Easy for the receiver to decrypt ciphertect using private key:

Requirements for Public-Key Cryptography 4.Computationally infeasible to determine private key (KR b ) knowing public key (KU b ) 5.Computationally infeasible to recover message M, knowing KU b and ciphertext C 6.Either of the two keys can be used for encryption, with the other used for decryption:

Public-Key Cryptographic Algorithms RSA and Diffie-Hellman RSA - Ron Rives, Adi Shamir and Len Adleman at MIT, in –RSA is a block cipher –The most widely implemented Diffie-Hellman –To exchange securely a secret key –Compute discrete logarithms

The RSA Algorithm – Key Generation 1.Select p,q p and q both prime 2.Calculate n = p x q 3.Calculate 4.Select integer e 5.Calculate d 6.Public KeyKU = {e,n} 7.Private keyKR = {d,n}

The RSA Algorithm - Encryption Plaintext:M<n Ciphertext:C = M e (mod n)

The RSA Algorithm - Decryption Ciphertext:C Plaintext:M = C d (mod n)

RSA Example 1.Select primes: p=17 & q=11 2.Compute n = pq =17×11=187 3.Compute ø(n)=(p–1)(q-1)=16×10=160 4.Select e : gcd(e,160)=1; choose e=7 5.Determine d : de mod160=1 and d < 160 Value is d=23 since 23×7=161= 10× Publish public key KU={7,187} 7.Keep secret private key KR={23,187}

RSA Example cont sample RSA encryption/decryption is: given message M = 88 (nb. 88<187 ) encryption: C = 88 7 mod 187 = 11 decryption: M = mod 187 = 88

RSA Key Generation users of RSA must: –determine two primes at random - p, q –select either e or d and compute the other primes p,q must not be easily derived from modulus N=p.q –means must be sufficiently large –typically guess and use probabilistic test exponents e, d are inverses, so use Inverse algorithm to compute the other

RSA Security three approaches to attacking RSA: –brute force key search (infeasible given size of numbers) –mathematical attacks (based on difficulty of computing ø(N), by factoring modulus N) –timing attacks (on running of decryption)

Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts –note: now is known that James Ellis (UK CESG) secretly proposed the concept in 1970 is a practical method for public exchange of a secret key used in a number of commercial products

Diffie-Hellman Key Exchange a public-key distribution scheme –cannot be used to exchange an arbitrary message –rather it can establish a common key –known only to the two participants value of key depends on the participants (and their private and public key information) based on exponentiation in a finite (Galois) field (modulo a prime or a polynomial) - easy security relies on the difficulty of computing discrete logarithms (similar to factoring) – hard

Diffie-Hellman Setup all users agree on global parameters: –large prime integer or polynomial q –α a primitive root mod q each user (eg. A) generates their key –chooses a secret key (number): x A < q –compute their public key: y A = α x A mod q each user makes public that key y A

Diffie-Hellman Key Exchange shared session key for users A & B is K AB : K AB = α x A. x B mod q = y A x B mod q (which B can compute) = y B x A mod q (which A can compute) K AB is used as session key in private-key encryption scheme between Alice and Bob if Alice and Bob subsequently communicate, they will have the same key as before, unless they choose new public-keys attacker needs an x, must solve discrete log

Diffie-Hellman Key Exchange

Diffie-Hellman Example users Alice & Bob who wish to swap keys: agree on prime q=353 and α=3 select random secret keys: –A chooses x A =97, B chooses x B =233 compute public keys: –y A = 3 97 mod 353 = 40 (Alice) –y B = mod 353 = 248 (Bob) compute shared session key as: K AB = y B x A mod 353 = = 160 (Alice) K AB = y A x B mod 353 = = 160 (Bob)

Other Public-Key Cryptographic Algorithms Digital Signature Standard (DSS) –Makes use of the SHA-1 –Not for encryption or key echange Elliptic-Curve Cryptography (ECC) –Good for smaller bit size –Low confidence level, compared with RSA –Very complex