CS 4803 Fall 04 Public Key Algorithms

Modular Arithmetic n Public key algorithms are based on modular arithmetic. n Modular addition. n Modular multiplication. n Modular exponentiation.

Modular Addition n Addition modulo (mod) K u Poor cipher with (d k +d m ) mod K, e.g., if K=10 and d k is the key. n Additive inverse: addition mod K yields 0. n “Decrypt” by adding inverse.

Modular Multiplication n Multiplication modulo K n Multiplicative inverse: multiplication mod K yields 1 n Only some numbers have inverse n Use Euclid’s algorithm to find inverse u Given x, n, it finds y such that x  y mod n = 1 n Only the numbers relatively prime to n will have mod n multiplicative inverse

Totient Function n x, m relative prime: no other common factor than 1 n Totient function ø(n): number of integers less than n relatively prime to n u if n is prime, ø(n)=n-1 u if n=p  q, and p, q are primes, ø(n)=(p-1)(q-1)

Modular Exponentiation n x y mod n = x y mod ø(n) mod n n if y = 1 mod ø(n) then x y mod n = x mod n

RSA (Rivest, Shamir, Adleman) n The most popular one. n Support both public key encryption and digital signature. n Assumption/theoretical basis: u Factoring a big number is hard. n Variable key length (usually 512 bits). n Variable plaintext block size. u Plaintext must be “smaller” than the key. u Ciphertext block size is the same as the key length.

What Is RSA? n To generate key pair: u Pick large primes (>= 256 bits each) p and q u Let n = p*q, keep your p and q to yourself! u For public key, choose e that is relatively prime to ø(n) =(p-1)(q-1), let pub = u For public key, choose e that is relatively prime to ø(n) =(p-1)(q-1), let pub = u For private key, find d that is the multiplicative inverse of e mod ø(n), i.e., e*d = 1 mod ø(n), let priv = u For private key, find d that is the multiplicative inverse of e mod ø(n), i.e., e*d = 1 mod ø(n), let priv =

How Does RSA Work? n Given pub = and priv = n Given pub = and priv = u encryption: c = m e mod n, m < n u decryption: m = c d mod n u signature: s = m d mod n, m < n u verification: m = s e mod n

Why Does RSA Work? n Given pub = and priv = n Given pub = and priv = u n =p*q, ø(n) =(p-1)(q-1) u e*d = 1 mod ø(n) u x e  d = x mod n u encryption: c = m e mod n u decryption: m = c d mod n = m e  d mod n = m mod n = m (since m < n) u digital signature (similar)

Why Is RSA Secure? n Factoring 512-bit number is very hard! n But if you can factor big number n then given public key, you can find d, hence the private key by: u Knowing factors p, q, such that, n = p*q u Then ø(n) =(p-1)(q-1) u Then d such that e*d = 1 mod ø(n)

Diffie-Hellman Key Exchange n Shared key, public communication n No authentication of partners n What’s involved? u p is a prime (about 512 bits), and g < p u p and g are publicly known

Diffie-Hellman-Merkle Key Exchange n Procedure AliceBob pick secret S a randomly pick secret S b randomly compute T A =g Sa mod pcompute T B =g Sb mod p send T A to Bobsend T B to Alice compute T B Sa mod pcompute T A Sb mod p Alice and Bob reached the same secret g SaSb mod p, which is then used as the shared key.

DH Security - Discrete Logarithm Is Hard n T = g s mod p n Conjecture: given T, g, p, it is extremely hard to compute the value of s (discrete logarithm)

Diffie-Hellman Scheme n Security factors u Discrete logarithm very difficult. u Shared key (the secret) itself never transmitted. n Disadvantages: u Expensive exponential operation F DoS possible. u The scheme itself cannot be used to encrypt anything – it is for secret key establishment. u No authentication, so you can not sign anything …

Bucket Brigade Attack...Man In The Middle AliceTrudyBob g Sa =123 g Sx =654 g Sb = > > > > <--654 <--255 <--654 < Sa =123 Sx 255 Sx =654 Sb 654 Sa =123 Sx 255 Sx =654 Sb n Trudy plays Bob to Alice and Alice to Bob

Diffie-Hellman in Phone Book Mode n DH was subject to active man-in-the-middle attack because their public key-component was intercepted and substituted n Phone book mode allows everyone to generate the public key-component in advance and publish them through other reliable means, e.g. for Bob n All communicating parties agree on their common n All communicating parties agree on their common

Encryption With Diffie-Hellman n Everyone computes and publishes n Everyone computes and publishes u T=g S mod p n Alice communicates with Bob: u Alice F Picks a random secret S a F Computes g b Sa mod p b F Use K ab = T b Sa mod p b to encrypt message F Send encrypted message along with g b Sa mod p b u Bob F (g b Sa ) Sb mod p b = (g b Sb ) Sa mod p b = T b Sa mod p b = K ab F Use K ab to decrypt