Download presentation
Presentation is loading. Please wait.
1
NET 311 Information Security
Networks and Communication Department Lecture 4: Asymmetric Ciphers (RSA,ElGamal)
2
lecture contents: Public-Key Cryptography Why Public-Key Cryptography?
RSA Cryptography EIGamal Cryptography 19-Sep-18 Networks and Communication Department
3
Private-Key Cryptography
traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications are compromised also is symmetric, parties are equal hence does not protect sender from receiver forging a message & claiming is sent by sender 19-Sep-18 Networks and Communication Department
4
Public-Key Cryptography
probably most significant advance in the history of cryptography uses two keys – a public & a private key asymmetric since parties are not equal uses clever application of number theoretic concepts to function 19-Sep-18 Networks and Communication Department
5
Why Public-Key Cryptography?
Developed to address two key issues: key distribution – how to have secure communications in general without having to trust a KDC (key distribution center) with your key digital signatures – how to verify a message comes intact from the claimed sender The concept of public-key cryptography evolved from an attempt to attack two of the most difficult problems associated with symmetric encryption: key distribution and digital signatures. The first problem is that of key distribution, which under symmetric encryption requires either (1) that two communicants already share a key, which somehow has been distributed to them; or (2) the use of a key distribution center. This seemed to negated the very essence of cryptography: the ability to maintain total secrecy over your own communication. The second was that of "digital signatures." If the use of cryptography was to become widespread, not just in military situations but for commercial and private purposes, then electronic messages and documents would need the equivalent of signatures used in paper documents. The idea of public key schemes, and the first practical scheme, which was for key distribution only, was published in 1976 by Diffie & Hellman. The concept had been previously described in a classified report in 1970 by James Ellis (UK CESG) - and subsequently declassified [ELLI99]. Its interesting to note that they discovered RSA first, then Diffie-Hellman, opposite to the order of public discovery! There is also a claim that the NSA knew of the concept in the mid-60’s [SIMM93]. 19-Sep-18 Networks and Communication Department
6
Public-Key Cryptography
public-key/two-key/asymmetric cryptography involves the use of two keys: a public-key, which may be known by anybody, and can be used to encrypt messages, and verify signatures a related private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures Is asymmetric because those who encrypt messages or verify signatures cannot decrypt messages or create signatures Asymmetric algorithms rely on one key for encryption and a different but related key for decryption. These algorithms have the following important characteristic: • It is computationally infeasible to determine the decryption key given only knowledge of the cryptographic algorithm and the encryption key. In addition, some algorithms, such as RSA, also exhibit the following characteristic: • Either of the two related keys can be used for encryption, with the other used for decryption. Anyone knowing the public key can encrypt messages or verify signatures, but cannot decrypt messages or create signatures, thanks to some clever use of number theory. 6
7
Public-Key Cryptography
Stallings Figure 9.1a “Public-Key Cryptography”, shows that a public-key encryption scheme has six ingredients: • Plaintext: the readable message /data fed into the algorithm as input. • Encryption algorithm: performs various transformations on the plaintext. • Public and private keys: a pair of keys selected so that if one is used for encryption, the other is used for decryption. The exact transformations performed by the algorithm depend on the public or private key that is provided as input. • Ciphertext: the scrambled message produced as output. It depends on the plaintext and the key. For a given message, two different keys will produce two different ciphertexts. • Decryption algorithm: accepts the ciphertext and matching key and produces the original plaintext. Consider the following analogy using padlocked boxes: traditional schemes involve the sender putting a message in a box and locking it, sending that to the receiver, and somehow securely also sending them the key to unlock the box. The radical advance in public key schemes was to turn this around, the receiver sends an unlocked box (their public key) to the sender, who puts the message in the box and locks it (easy - and having locked it cannot get at the message), and sends the locked box to the receiver who can unlock it (also easy), having the (private) key. An attacker would have to pick the lock on the box (hard). 7
8
Asymmetric-Key Cryptography
Asymmetric-key (public key cryptography) uses two keys: one private and one public. Algorithms: RSA Diffie-Hellman ELGAMAL
9
Public-Key Applications
can classify uses into 3 categories: Encryption /decryption: The sender encrypts a message with the recipient’s public key.(privacy) Digital signature: The sender “signs” a message with its private key. Signing is achieved by a cryptographic algorithm applied to the message or to a small block of data that is a function of the message.(authentication) Key exchange: Two sides cooperate to exchange a session key . Several different approaches are possible, involving the private key(s) of one or both parties. some algorithms are suitable for all uses, others are specific to one. Public-key systems are characterized by the use of a cryptographic type of algorithm with two keys. Depending on the application, the sender uses either the sender’s private key or the receiver’s public key, or both, to perform some type of cryptographic function. In broad terms, we can classify the use of public-key cryptosystems into the three categories: • Encryption/decryption: The sender encrypts a message with the recipient’s public key. • Digital signature: The sender “signs” a message with its private key, either to the whole message or to a small block of data that is a function of the message. • Key exchange: Two sides cooperate to exchange a session key. Several different approaches are possible, involving the private key(s) of one or both parties. Some algorithms are suitable for all three applications, whereas others can be used only for one or two of these applications. Stallings Table 9.3 (shown here) indicates the applications supported by the algorithms discussed in this book. 9
10
Modular arithmetic This example is modulo 7
The numbers allowed are 0 to 6 After 6, numbers “wrap around” 7 (mod 7) = 0 3+3 (mod 7)= (mod 7)= 1 5 6 1 2 3 4 19-Sep-18 Networks and Communication Department
11
How to Calculate MOD of the number using Calculator?
Step 1: First divide the original number by mod number Ex / 33 = Step 2: Now take the integer part of the answer and multiply with divisor Ex * 33= 78111 Step 3: Now Subtract the above step answer from dividend Ex =14 This your final answer = 5 ^7 mod (33) = 14 19-Sep-18 Networks and Communication Department
12
RSA The most common public key algorithm is RSA, named for its inventors Rivest, Shamir, and Adelman. It uses two numbers: e public key d private The two keys, e and d, have a special relationship to each other.
13
RSA d
14
RSA – selecting keys Bob uses the following steps to select the private and public keys: Bob chooses two very large prime numbers p and q By “large” we typically mean at least 512 bits Bob multiplies p and q to find n n=p x q Bob calculates another number ф(n) = (p -1) X (q -1) Bob chooses a random number e, 1< e< ф . Choose a prime number “e”, such that e is co-prime to Φ, i.e, Φ is not divisible by e. gcd (ф,e)=1. You can use Euclidian algorithm to help you find correct e. Gcd: greatest coming devisor He then calculates d so that d X e mod ф = 1 or d.e=1mod ф 1< d< ф . (using table method--Extended Euclidian Algorithm) Bob announces e and n to the public; he keeps ф and d secret. Choose a prime number “e”, such that e is coprime to Φ, i.e, Φ is not divisible by e.
15
RSA – Encryption and Decryption
Restriction P < n , if not, the plaintext needs to be divided into blocks to make P less than n. Now the way to solve this problem uses Modular exponentiation Method also called as Right to Left binary method.
16
RSA Exercise Encrypt the following message “NO” By Using RSA algorithm. Assume that p=17, q =11, and e= 7 Hint, each character will be encoded according to this algorithm (A - Z) (00 – 25) Encrypt each character individually .
17
The solution Step1: calculate n, where n= p x q = 17 x 11 = 187
Step2: calculate ɸ where ɸ = (p-1) x (q-1) = 16 X 10 =160 Find e: Gcd(ɸ,e)=1, 1< e< ф Gcd(a,b)=b , a mod b Gcd(160,e)=e , 160 mod e answer must be (1,0) Assume e=2 Gcd(160,2)= (2,0) wrong Assume e=7 Gcd(160,7)=7,160 mod 7= (7,6) Gcd(7,6)=6, 7mod 6 =(6,1) Gcd( 6,1)= 1, 6 mod 1 =(1,0)
18
Step3: calculate d, where e is given e . d mod ɸ=1 7d mod 160 =1 D=23
b k 1 160 -- 2 7 R1/r2=22 3 R1-r2*k2=6 a1-a2*k2=1 b1-b2*k2=-22 7/6=1 4 7-6*1=1 0-1*1=-1 1—22*1=23 At r=1 b=d=23 6/1=6 There can be two possibilities of finding “d”. 1.”d” is greater than Φ (restriction is that d< Φ) So, d = d mod Φ 2.”d” is negative (restriction is “d” must be positive) So, d = d + Φ 19-Sep-18 Networks and Communication Department
19
The solution Step5: encode the plaintext. P=“NO”= 13 14
Step6: C= pe mod n C(N)= (13 ) 7 mod 187 = 106 C(O)=(14) 7 mod 187= 108 Step7: P= Cd mod n P(106)= (106) 23 mod 187 =13 P(108)= (108) 23 mod 187 =14
20
RSA- Application RSA is useful for short messages but not for long messages. RSA is used in digital signature , and authentication algorithms.
21
RSA Example Using e=13 ,d=37, n=77 in the RSA algorithm encrypt the message "IF" using the value of 00 to 25 for letters A to Z, do the encryption character by character. Using e=7 ,d=23, n=187 in the RSA algorithm encrypt the message M = 88. 19-Sep-18 Networks and Communication Department
22
Diffie-Hellman characteristics
In the Diffie-Hellman cryptosystem, two parties create a symmetric session key to exchange data without having to remember or store the key for future use. They do not have to meet to agree on the key; it can be done through the Internet. The two parties need to choose two numbers p and g, both number announced to the public. P large prime number g random number
23
Diffie-Hellman Procedure
Step 1: Alice chooses a large random number a and calculates R1 = ga mod p Step 2: Bob chooses another large random number b and calculates R2 = gb mod p Step 3: Alice sends R1 to Bob Step 4: Bob sends R2 to Alice Step 5: Alice calculates K = (R2) a mod p = ((g) b) a mod p Step 6: Bob also calculates K = (R1) b mod p = ((g) a) b mod p
24
Diffie-Hellman
25
Diffie-Hellman Example
By giving g and p the following values g = 7 and p = 23, calculate the key. The steps are as follows: Alice chooses a = 3 and calculates R1 = 73 mod 23 = 21. 2. Bob chooses b = 6 and calculates R2 = 76 mod 23 = 4. 3. Alice sends the number 21 to Bob. 4. Bob sends the number 4 to Alice. 5. Alice calculates the symmetric key K = 43 mod 23 = 18. 6. Bob calculates the symmetric key K = 216 mod 23 = 18.
26
Diffie-Hellman Example
The value of K is the same for both Alice and Bob; gab mod p = 718 mod 23 = 18. Therefore, we can say that symmetric (shared) key in the Diffie-Hellman protocol is K = gab mod p.
27
Diffie-Hellman Cont. Diffie-Hellman is a very sophisticated symmetric-key creation algorithm. If a and b are very large numbers, it is extremely difficult for Eve to find the key, knowing only p and g. An intruder needs to determine a and b if R1 and R2 are intercepted. The key will be changed each time the two parities need to communicate.
28
El Gamal Cryptography public-key cryptosystem related to D-H
uses exponentiation in a finite field with security based difficulty of computing discrete logarithms, as in D-H Difficault to recover either x given y, or k given K Depends on the one way function, Disadvantage: message expansion by a factor of 2, the ciphertext is twice as long as the corresponding plaintext. each user (eg. A) generates their key chooses a secret key (number): 1 < xA < q-1 compute their public key: yA = axA mod q In 1984, T. Elgamal announced a public-key scheme based on discrete logarithms, closely related to the Diffie-Hellman technique [ELGA84, ELGA85]. The ElGamal cryptosystem is used in some form in a number of standards including the digital signature standard (DSS) and the S/MIME standard. As with Diffie-Hellman, the global elements of ElGamal are a prime number q and a, which is a primitive root of q. User A generates a private/public key pair as shown. The security of ElGamal is based on the difficulty of computing discrete logarithms, to recover either x given y, or k given K (next slide). El_Gamal depends on the one way function, means that the encryption and decryption are done in separate functions. A disadvantage of El_Gamal encryption is that there is message expansion by a factor of 2. That is, the ciphertext is twice as long as the corresponding plaintext. 28
29
El Gamal Message Exchange
Bob encrypts a message to send to A computing represent message M in range 0 <= M <= q-1 longer messages must be sent as blocks chose random integer k with 1 <= k <= q-1 compute one-time key K = yAk mod q encrypt M as a pair of integers (C1,C2) where C1 = ak mod q ; C2 = KM mod q A then recovers message by recovering key K as K = C1xA mod q computing M as M = C2 K-1 mod q a unique k must be used each time otherwise result is insecure Any user B that has access to A's public key can encrypt a message as shown. These steps correspond to Figure 9.1a in that Alice generates a public/private key pair; Bob encrypts using Alice's public key; and Alice decrypts using her private key. See text for details of why these steps result in M being recovered. Note that K functions as a one-time key, used to encrypt and decrypt the message. If a message must be broken up into blocks and sent as a sequence of encrypted blocks, a unique value of k should be used for each block. If k is used for more than one block, knowledge of one block m of the message enables the user to compute other blocks as shown in the text. The basic idea with El Gamal encryption is to choose a random key, protect it, then use it to scramble the message by multiplying the message with it. Two bits of info have to be sent: the first to recover this temporary key, the second the actual scrambled message. See that El Gamal encryption involves 1 modulo exponentiation and a multiplication (vs 1 exponentiation for RSA). 29
30
K=(ak)x = (ax)k mod q 19-Sep-18 Networks and Communication Department
31
Example (self study: Ch4 4.3-4.5)
use field GF(19) q=19 and a=10 Alice computes her key: A chooses xA=5 & computes yA=105 mod 19 = 3 Bob send message m=17 as (11,5) by chosing random k=6 computing K = yAk mod q = 36 mod 19 = 7 computing C1 = ak mod q = 106 mod 19 = 11; C2 = KM mod q = 7.17 mod 19 = 5 Alice recovers original message by computing: recover K = C1xA mod q = 115 mod 19 = 7 compute inverse K-1 = 11 recover M = C2 K-1 mod q = 5.11 mod 19 = 17 Here is an example of ElGamal from the text using the prime field GF(19); that is, q = 19. It has primitive roots {2, 3, 10, 13, 14, 15}, as shown in Table We choose a = 10. Alice generates a key pair as shown. Suppose Bob wants to send the message with the value M = 17. Then he computes the ciphertext pair (11, 5) and sends this to Alice. Alice recovers the message by first recovering K, then computing its inverse (using the Extended Euclids Algorithm – see Ch 4), and finally recovering M. 31
32
References Cryptography and Network Security: Principles and practice’, William Stallings Fifth edition, 2011. 19-Sep-18 Networks and Communication Department
Similar presentations
