Download presentation
Presentation is loading. Please wait.
1
Cryptography
2
Private-Key Cryptography
traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications are compromised also is symmetric, parties are equal hence does not protect sender from receiver forging a message & claiming is sent by sender
3
Private-Key Cryptography
probably most significant advance in the year history of cryptography uses two keys – a public & a private key asymmetric since parties are not equal uses clever application of number theoretic concepts to function complements rather than replaces private key cryptography
4
Private-Key Cryptography
public-key/two-key/asymmetric cryptography involves the use of two keys: a public-key, which may be known by anybody, and can be used to encrypt messages, and verify signatures a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures is asymmetric because those who encrypt messages or verify signatures cannot decrypt messages or create signatures
5
Private-Key Cryptography
6
Why Public-Key Cryptography?
developed to address two key issues: key distribution – how to have secure communications in general without having to trust a KDC with your key digital signatures – how to verify a message comes intact from the claimed sender public invention due to Whitfield Diffie & Martin Hellman at Stanford in 1976 known earlier in classified community
7
Public-Key Characteristics
Public-Key algorithms rely on two keys with the characteristics that it is: computationally infeasible to find decryption key knowing only algorithm & encryption key computationally easy to en/decrypt messages when the relevant (en/decrypt) key is known either of the two related keys can be used for encryption, with the other used for decryption (in some schemes)
8
Public-Key Applications
can classify uses into 3 categories: encryption/decryption (provide secrecy) digital signatures (provide authentication) key exchange (of session keys) some algorithms are suitable for all uses, others are specific to one
9
Security of Public Key Schemes
like private key schemes brute force exhaustive search attack is always theoretically possible but keys used are too large (>512bits) security relies on a large enough difference in difficulty between easy (en/decrypt) and hard (cryptanalyse) problems more generally the hard problem is known, its just made too hard to do in practise requires the use of very large numbers hence is slow compared to private key schemes
10
RSA by Ron Rivest, Adi Shamir and Len Adleman of MIT in 1977
best known & widely used public-key scheme Much of the underlying theory we will not be able to get to It’s beyond the scope of this course Much of why this all works won’t be taught It’s just an introduction to how it works
11
RSA based on exponentiation in a finite (Galois) field over integers modulo a prime nb. exponentiation takes O((log n)3) operations (easy) uses large integers (eg bits) security due to cost of factoring large numbers nb. factorization takes O(e log n log log n) operations (hard)
12
Is that number prime? Use the Fermat primality test Given:
n: the number to test for primality k: the number of times to test (the certainty) The algorithm is: repeat k times: pick a randomly in the range [1, n−1] if an−1 mod n ≠ 1 then return composite return probably prime
13
Is that number prime? The algorithm is: Let n = 105
repeat k times: pick a randomly in the range [1, n−1] if an−1 mod n ≠ 1 then return composite return probably prime Let n = 105 Iteration 1: a = 92: mod 105 = 1 Iteration 2: a = 84: mod 105 = 21 Therefore, 105 is composite
14
Is that number prime? The algorithm is: Let n = 101
repeat k times: pick a randomly in the range [1, n−1] if an−1 mod n ≠ 1 then return composite return probably prime Let n = 101 Iteration 1: a = 55: mod 101 = 1 Iteration 2: a = 60: mod 101 = 1 Iteration 3: a = 14: mod 101 = 1 Iteration 4: a = 73: mod 101 = 1 At this point, 101 has a (½)4 = 1/16 chance of still being composite
15
More on the Fermat primality test
Each iteration halves the probability that the number is a composite Probability = (½)k If k = 100, probability it’s a composite is (½)100 = 1 in 1.2 1030 that the number is composite Greater chance of having a hardware error! Thus, k = 100 is a good value However, this is not certain! There are known numbers that are composite but will always report prime by this test Source:
16
RSA Three parts: Key generation Encrypting a message
Decrypting a message
17
Key generation steps Choose two random large prime numbers p ≠ q, and set n = p*q Choose an integer 1 < e < n which is relatively prime to (p-1)(q-1) Compute d such that d * e ≡ 1 (mod (p-1)(q-1)) Rephrased: d*e mod (p-1)(q-1) = 1 Destroy all records of p and q
18
Key generation, step 1 Choose two random large prime numbers p ≠ q
In reality, 2048 bit numbers are recommended That’s 617 digits Note that the chance of a random odd 2048 bit number being prime is about 1/710 We can compute if a number is prime relatively quickly via the Fermat primality test We choose p = 107 and q = 97 Compute n = p*q n = 10379
19
Key generation, step 1 Practical considerations
p and q should not be too close together (p-1) and (q-1) should not have small prime factors Use a good random number generator
20
Key generation, step 2 Choose an integer 1 < e < n which is relatively prime to (p-1)(q-1) There are algorithms to do this efficiently We aren’t going over them Easy way to do this: make e be a prime number It only has to be relatively prime to (p-1)(q-1), but can be fully prime
21
Key generation, step 2 Recall that p = 107 and q = 97 We choose e = 85
(p-1)(q-1) = 106*96 = = 26*3*53 We choose e = 85 85 = 5*17 gcd (85, 10176) = 1 Thus, 85 and are relatively prime
22
Key generation, step 3 Compute d such that: d * e ≡ 1 (mod (p-1)(q-1))
Rephrased: d*e mod (p-1)(q-1) = 1 There are algorithms to do this efficiently We aren’t going over them We choose d = 4669 4669*85 mod = 1
23
Key generation, step 4 Destroy all records of p and q
If we know p and q, then we can compute the private encryption key from the public decryption key d * e ≡ 1 (mod (p-1)(q-1))
24
The keys We have n = p*q = 10379, e = 85, and d = 4669
The public key is (n,e) = (10379, 85) The private key is (n,d) = (10379, 4669) Thus, n is not private Only d is private In reality, d and e are 600 (or so) digit numbers Thus n is a 1200 (or so) digit number
25
Encrypting messages To encode a message:
Encode the message m into a number Split the number into smaller numbers m < n Use the formula c = me mod n c is the ciphertext, and m is the message
26
Decrypting messages Use the formula m = cd mod n on each number
Split the number into individual ASCII character numbers Decode the message into a string
27
modPow computation How to compute c = me mod n or m = cd mod n?
Example: mod = 4181 Other means: Java: use the BigInteger.modPow() method Perl: use the bmodpow function in the BigInt library Etc…
28
Why this works m = cd mod n c = me mod n cd ≡ (me)d ≡ med (mod n)
Recall that: ed ≡ 1 (mod p-1) ed ≡ 1 (mod q-1) Thus, med ≡ m (mod p) med ≡ m (mod q) med ≡ m (mod pq) med ≡ m (mod n)
29
Cracking a message In order to decrypt a message, we must compute m = cd mod n n is known (part of the public key) c is known (the ciphertext) e is known (the encryption key) Thus, we must compute d with no other information Recall: choose an integer 1 < e < n which is relatively prime to (p-1)(q-1) Recall: Compute d such that: d*e mod (p-1)(q-1) = 1 Thus, we must factor the composite n into it’s component primes There is no efficient way to do this! We can, very easily, tell that n is composite, but we can’t tell what its factors are Once n is factored into p and q, we compute d as above Then we can decrypt c to obtain m
30
Cracking a message example
In order to decrypt a message, we must compute m = cd mod n n = 10379 c is the ciphertext being cracked e = 85 In order to determine d, we need to factor n d*e mod (p-1)(q-1) = 1 We factor n into p and q: 97 and 107 This would not have been feasible with two large prime factors!!! d * 85 (mod (96)(106)) = 1 We then compute d as above, and crack the message
31
Signing a message Recall that we computed: d*e mod (p-1)(q-1) = 1
Note that d and e are interchangable! You can use either for the encryption key You can encrypt with either key! Thus, you must use the other key to decrypt
32
Signing a message To “sign” a message:
Write a message, and determine the MD5 hash Encrypt the hash with your private (encryption) key Anybody can verify that you created the message because ONLY the public (encryption) key can decrypt the hash The hash is then verified against the message
33
Some of the Theory Fermat’s Theorem Euler Totient Function ø(n)
Euler’s Theorem
34
Fermat's Theorem ap-1 mod p = 1 also known as Fermat’s Little Theorem
where p is prime and gcd(a,p)=1 also known as Fermat’s Little Theorem useful in public key and primality testing
35
Euler Totient Function ø(n)
when doing arithmetic modulo n complete set of residues is: 0..n-1 reduced set of residues is those numbers (residues) which are relatively prime to n eg for n=10, complete set of residues is {0,1,2,3,4,5,6,7,8,9} reduced set of residues is {1,3,7,9} number of elements in reduced set of residues is called the Euler Totient Function ø(n)
36
Euler Totient Function ø(n)
to compute ø(n) need to count number of elements to be excluded in general need prime factorization, but for p (p prime) ø(p) = p-1 for p∙q (p,q prime) ø(p∙q) = (p-1)(q-1) eg. ø(37) = 36 ø(21) = (3–1)×(7–1) = 2×6 = 12
37
Euler's Theorem a generalisation of Fermat's Theorem aø(n)mod N = 1
where gcd(a,N)=1 eg. a=3;n=10; ø(10)=4; hence 34 = 81 = 1 mod 10 a=2;n=11; ø(11)=10; hence 210 = 1024 = 1 mod 11
38
Why RSA Works because of Euler's Theorem: aø(n)mod N = 1 in RSA have:
where gcd(a,N)=1 in RSA have: N=p∙q ø(N)=(p-1)(q-1) carefully chosen e & d to be inverses mod ø(N) hence e∙d=1+k∙ø(N) for some k hence : Cd = (Me)d = M1+k∙ø(N) = M1∙(Mø(N))q = M1∙(1)q = M1 = M mod N
39
PGP and GnuPG Two applications which implement the RSA algorithm
GnuPG Is open-source (thus it’s free) PGP was first, and written by Phil Zimmerman The US gov’t didn’t like PGP…
40
The US gov’t and war munitions
41
How to “crack” PGP Factoring n is not feasible
Thus, “cracking” PGP is done by other means Intercepting the private key “Hacking” into the computer, stealing the computer, etc. Man-in-the-middle attack (next 2 slides) Etc.
42
Man-in-the-middle attack: “Normal” RSA communication
What is your public key? My public key is 12345… What is your public key? My public key is 67890… Here’s message encrypted with 12345… Here’s a response encrypted with 67890…
43
What is your public key? What is your public key? My public key is 12345… My public key is abcde… What is your public key? What is your public key? Black has the private decryption key for abcde… My public key is 67890… My public key is vwxyz… Here’s message encrypted w/ abcde… Black has the private decryption key for vwxyz… Decrypts message with corresponding private key to abcde…; re-encrypts message with blue’s public key (12345…) Here’s message encrypted w/ 12345… Here’s response encrypted w /vwxyz… Decrypts message with corresponding private key to vwxyz…; re-encrypts message with yellow’s public key (67890…) Here’s response encrypted w/ 67890…
44
Other public key encryption methods
Modular logarithms Developed by the US government, therefore not widely trusted Elliptic curves
45
Quantum computers A quantum computer could (in principle) factor n in reasonable time This would make RSA obsolete! Shown (in principle) by Peter Shor in 1993 You would need a new (quantum) encryption algorithm to encrypt your messages This is like saying, “in principle, you could program a computer to correctly predict the weather” A few years ago, IBM created a quantum computer that successfully factored 15 into 3 and 5 I bet the NSA is working on such a computer, also
46
Sources Wikipedia article has a lot of info on RSA and the related algorithms Those articles use different variable names Link at
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.