Presentation is loading. Please wait.

Presentation is loading. Please wait.

Real-world Security of Public Key Crypto

Published byChester Bridges Modified over 6 years ago

Similar presentations

Presentation on theme: "Real-world Security of Public Key Crypto"— Presentation transcript:

1 Real-world Security of Public Key Crypto
Network Security Real-world Security of Public Key Crypto 2018/11/20 Topic 2: Public Key Encryption and Digital Signatures

2 Diffie and Hellman won ACM Turing Award (2015)
2018/11/20 Topic 2: Public Key Encrypption and Digital Signatures

3 Rivest Shamir and Adleman won ACM Turing Award (2012)
2018/11/20 Topic 2: Public Key Encrypption and Digital Signatures

4 Topic 2: Public Key Encrypption and Digital Signatures
RSA Algorithm Invented in 1978 by Ron Rivest, Adi Shamir and Leonard Adleman Published as R L Rivest, A Shamir, L Adleman, "On Digital Signatures and Public Key Cryptosystems", Communications of the ACM, vol 21 no 2, pp , Feb 1978 Security relies on the difficulty of factoring large composite numbers Essentially the same algorithm was discovered in 1973 by Clifford Cocks, who works for the British intelligence Takes 2-3 years to discover the same alg. 2018/11/20 Topic 2: Public Key Encrypption and Digital Signatures

5 RSA Public Key Crypto System
Key generation: 1. Select 2 large prime numbers of about the same size, p and q Typically each p, q has between 512 and 2048 bits 2. Compute n = pq, and (n) = (q-1)(p-1) 3. Select e, 1<e< (n), s.t. gcd(e, (n)) = 1 Typically e=3 or e=65537 4. Compute d, 1< d< (n) s.t. ed  1 mod (n) Knowing (n), d easy to compute. Public key: (e, n) Private key: d 2018/11/20 Topic 2: Public Key Encrypption and Digital Signatures

6 RSA Description (cont.)
Encryption Given a message M, 0 < M < n M  Zn {0} use public key (e, n) compute C = Me mod n C  Zn {0} Decryption Given a ciphertext C, use private key (d) Compute Cd mod n = (Me mod n)d mod n = Med mod n = M 2018/11/20 Topic 2: Public Key Encrypption and Digital Signatures

7 Topic 2: Public Key Encrypption and Digital Signatures
Group Discussion 2 Is textbook RSA secure? 2018/11/20 Topic 2: Public Key Encrypption and Digital Signatures

8 A simple attack on textbook RSA
Random session-key K Web Browser CLIENT HELLO Web Server d SERVER HELLO (e,N) C=RSA(K) Session-key K is 64 bits. View K  {0,…,264} Eavesdropper sees: C = Ke (mod N) . Suppose K = K1K2 where K1, K2 < (prob. 20%) Then: C/K1e = K2e (mod N) Build table: C/1e, C/2e, C/3e, …, C/234e . time: 234 For K2 = 0,…, 234 test if K2e is in table. time: 23434 Attack time: 240 << 264

9 A real-world attack on QQ Browser
2018/11/20 Topic 2: Public Key Encrypption and Digital Signatures

10 Topic 2: Public Key Encrypption and Digital Signatures
2018/11/20 Topic 2: Public Key Encrypption and Digital Signatures

11 Topic 2: Public Key Encrypption and Digital Signatures
2018/11/20 Topic 2: Public Key Encrypption and Digital Signatures

12 Topic 2: Public Key Encrypption and Digital Signatures
2018/11/20 Topic 2: Public Key Encrypption and Digital Signatures

13 RSA Encryption & IND-CPA Security
The RSA assumption, which assumes that the RSA problem is hard to solve, ensures that the plaintext cannot be fully recovered. Plain RSA does not provide IND-CPA security. For Public Key systems, the adversary has the public key, hence the initial training phase is unnecessary, as the adversary can encrypt any message he wants to. How to use it more securely? 2018/11/20 Topic 2: Public Key Encrypption and Digital Signatures

14 Real World Usage of Public Key Encryption
Often used to encrypt a symmetric key To encrypt a message M under an RSA public key (n,e), generate a new AES key K, compute [Ke mod n, AES-CBCK(M)] Alternatively, one can use random padding. E.g., computer (M || r) e mod n to encrypt a message M with a random value r More generally, uses a function F(M,r), and encrypts as F(M,r) e mod n From F(M,r), one should be able to recover M This provides randomized encryption e.g., Optimal Asymmetric Encryption Padding (OAEP) Roughly, to encrypt M, chooses random r, encode M as M’ = [X = M  H1(r) , Y= r  H2(X) ] where H1 and H2 are cryptographic hash functions, then encrypt it as (M’) e mod n Note that given M’=[X,Y], r = Y  H2(X), and M = X  H1(r) 2018/11/20 Topic 2: Public Key Encrypption and Digital Signatures

15 RSA-OAEP Optimal Asymmetric Encryption Padding (OAEP)
Roughly, to encrypt m, chooses random r, encode m as m’ = [X = m  H1(r) , Y= r  H2(X) ] where H1 and H2 are cryptographic hash functions, then encrypt it as (m’) e mod n To decrypt m’=[X,Y], compute r = Y  H2(X), and m = X  H1(r) Proven secure under the RSA assumption when H1 and H2 are assumed to be random oracles. Unless both X and Y are fully recovered, cannot obtain r, without r, cannot obtain any information of m. We will not cover Random Oracle Model in this course. See Chapter 13 if interested. CS555 Topic 19

16 RSA- Optimal asymmetric encryption padding (RSA-OAEP)
2018/11/20 Topic 2: Public Key Encrypption and Digital Signatures

Download ppt "Real-world Security of Public Key Crypto"

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
CS555Spring 2012/Topic 171 Cryptography CS 555 Topic 17: Textbook RSA encryption.

CS555Spring 2012/Topic 171 Cryptography CS 555 Topic 17: Textbook RSA encryption.
IS 302: Information Security and Trust Week 4: Asymmetric Encryption

IS 302: Information Security and Trust Week 4: Asymmetric Encryption
CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.

CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.
CS252: Systems Programming Ninghui Li Topic 3: Programming in a FIZ: Simple Functional Programming Language.

CS252: Systems Programming Ninghui Li Topic 3: Programming in a FIZ: Simple Functional Programming Language.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Public Key Cryptography

Public Key Cryptography
Public Encryption: RSA

Public Encryption: RSA
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
RSA Encryption William Lu. RSA Background  Basic technique first discovered in 1973 by Clifford Cocks of CESG (part of British GCHQ)  Invented in 1977.

RSA Encryption William Lu. RSA Background  Basic technique first discovered in 1973 by Clifford Cocks of CESG (part of British GCHQ)  Invented in 1977.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.

Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
Public Key Cryptography Bryan Pearsaul. Outline What is Cryptology? Symmetric Ciphers Asymmetric Ciphers Diffie-Hellman RSA (Rivest/Shamir/Adleman) Moral.

Public Key Cryptography Bryan Pearsaul. Outline What is Cryptology? Symmetric Ciphers Asymmetric Ciphers Diffie-Hellman RSA (Rivest/Shamir/Adleman) Moral.
Dan Boneh Public Key Encryption from trapdoor permutations The RSA trapdoor permutation Online Cryptography Course Dan Boneh.

Dan Boneh Public Key Encryption from trapdoor permutations The RSA trapdoor permutation Online Cryptography Course Dan Boneh.
Public Key Model 8. Cryptography part 2.

Public Key Model 8. Cryptography part 2.
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.

Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.

Andreas Steffen, , 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.
RSA and its Mathematics Behind

RSA and its Mathematics Behind
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.

Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
1 Lect. 13 : Public Key Encryption RSA ElGamal. 2 Shamir Rivest Adleman RSA Public Key Systems  RSA is the first public key cryptosystem  Proposed in.

1 Lect. 13 : Public Key Encryption RSA ElGamal. 2 Shamir Rivest Adleman RSA Public Key Systems  RSA is the first public key cryptosystem  Proposed in.

Similar presentations

Ads by Google