Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.

Published byBrianna Hunt Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena."— Presentation transcript:

1 Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena

2 Course Administration HW1 – due at 11am on Feb 06 Any questions, or help needed? 2

3 Outline of Today’s Lecture The RSA Cryptosystem (Encryption) 3

4 “Textbook” RSA: KeyGen Alice wants people to be able to send her encrypted messages. She chooses two (large) prime numbers, p and q and computes n=pq and. [“large” = 1024 bits +] She chooses a number e such that e is relatively prime to and computes d, the inverse of e in, i.e., ed =1 mod She publicizes the pair (e,n) as her public key. (e is called RSA exponent, n is called RSA modulus). She keeps d secret and destroys p, q, and Plaintext and ciphertext messages are elements of Z n and e is the encryption key. 4

5 RSA: Encryption Bob wants to send a message x (an element of Z n * ) to Alice. He looks up her encryption key, (e,n), in a directory. The encrypted message is Bob sends y to Alice. 5

6 RSA: Decryption To decrypt the message she’s received from Bob, Alice computes Claim: D(y) = x 6

7 RSA: why does it all work Need to show  D[E[x]] = x  E[x] and D[y] can be computed efficiently if keys are known  E -1 [y] cannot be computed efficiently without knowledge of the (private) decryption key d. Also, it should be possible to select keys reasonably efficiently  This does not have to be done too often, so efficiency requirements are less stringent. 7

8 E and D are Inverses 8 Because From Euler’s Theorem

9 Tiny RSA example. Let p = 7, q = 11. Then n = 77 and Choose e = 13. Then d = 13 -1 mod 60 = 37. Let message = 2. E(2) = 2 13 mod 77 = 30. D(30) = 30 37 mod 77=2 9

10 Slightly Larger RSA example. Let p = 47, q = 71. Then n = 3337 and Choose e = 79. Then d = 79 -1 mod 3220 = 1019. Let message = 688232… Break it into 3 digit blocks to encrypt. E(688) = 688 79 mod 3337 = 1570. E(232) = 232 79 mod 3337 = 2756 D(1570) = 1570 1019 mod 3337 = 688. D(2756) = 2756 1019 mod 3337 = 232. 10

11 Security of RSA: RSA assumption Suppose Oscar intercepts the encrypted message y that Bob has sent to Alice. Oscar can look up (e,n) in the public directory (just as Bob did when he encrypted the message) If Oscar can compute d = e -1 mod then he can use to recover the plaintext x. If Oscar can compute, he can compute d (the same way Alice did). 11

12 Security of RSA: factoring Oscar knows that n is the product of two primes If he can factor n, he can compute But factoring large numbers is very difficult: – Grade school method takes divisions. – Prohibitive for large n, such as 160 bits – Better factorization algorithms exist, but they are still too slow for large n – Lower bound for factorization is an open problem 12

13 How big should n be? Today we need n to be at least 1024-bits – This is equivalent to security provided by 80-bit long keys in private-key crypto No other attack on RSA known – Except some side channel attacks, based on timing, power analysis, etc. But, these exploit certain physical charactesistics, not a theoretical weakness in the cryptosystem! 13

14 Key selection To select keys we need efficient algorithms to – Select large primes Primes are dense so choose randomly. Probabilistic primality testing methods known. Work in logarithmic time. – Compute multiplicative inverses Extended Euclidean algorithm 14

15 RSA in Practice Textbook RSA is insecure – Known-plaintext? – CPA? – CCA? In practice, we use a “randomized” version of RSA, called RSA-OAEP – Use PKCS#1 standard for RSA encryption http://www.rsa.com/rsalabs/node.asp?id=2125 – Interested in details of OAEP: refer to (section 3.1 of) http://isis.poly.edu/courses/cs6903/Lectures/lecture13.pdf http://isis.poly.edu/courses/cs6903/Lectures/lecture13.pdf 15

16 Some questions c1 = RSA_Enc(m1), c2 = RSA_Enc(m2). – What is RSA_Enc(m1m2)? Homomorphic property – What is RSA_Enc(2m1)? Malleability (not a good property!) Is it possible to find inverses mod n (RSA modulus)? 16

17 Some Questions RSA stands for Robust Security Algorithm, right? If e is small (such as 3) – Encryption is faster than decryption or the other way round? Private key crypto has key distribution problem and Public key crypto is slow – How about a hybrid approach? – Do you know how ssl/ssh works? 17

18 Some Questions Key generation in RSA is -------- than in DL- based schemes (El Gamal/DSS) I encrypt m with Alice’s RSA PK, I get c – I encryt m again, I get --? – What does this mean? What if I do the above with DES? 18

19 Some Questions Find x such that – x = 4 (mod 5) – x = 7 (mod 8) – x = 3 (mod 9) 19

20 Further Reading Section 8.2 of HAC Section 9 of Stallings 20

Download ppt "Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena."

Similar presentations

RSA.

RSA.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.

CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
Public Key Encryption Algorithm

Public Key Encryption Algorithm
7. Asymmetric encryption-

7. Asymmetric encryption-
Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Attacks on Digital Signature Algorithm: RSA

Attacks on Digital Signature Algorithm: RSA
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from

Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.

1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.
Public Key Cryptography

Public Key Cryptography
Public Encryption: RSA

Public Encryption: RSA
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
Lecture 3.2: Public Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 3.2: Public Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.

Similar presentations

Ads by Google