Download presentation
Presentation is loading. Please wait.
Published byMildred Webster Modified over 9 years ago
1
Problems with symmetric (private-key) encryption 1) secure distribution of keys 2) large number of keys Solution to both problems: Public-key (asymmetric) encryption plaintextciphertext encryption algorithmdecryption algorithm plaintext key pub key priv D( E(message, k pub ), k priv ) = message
2
Data transmission via public-key encryption Every user maintains a unique pair of keys: one private and one public. Public keys are available for anyone to use. For Lena to send a message to Ole, she first encrypts using Ole’s public key. This ensures that only Ole will be able to read the message. lena ole Note that this preserves data confidentiality, but does not ensure authenticity.
3
pub priv Public-key Encryption - the Concept Computationally easy to generate a pair of keys -- (K pub, K priv ) Computationally easy to encrypt -- E(plaintext, K pub ) ciphertext Proposed in 1976 by Witfield Diffie & Martin Hellman Necessary Properties Computationally easy to decrypt -- D(ciphertext, K priv ) plaintext Computationally infeasible to determine K priv, even knowing E, D, and K pub Computationally infeasible to decrypt without K priv, even knowing E, D, and K pub An Additional Useful Property Keys can be used in the opposite order for encryption/decryption -- D( E(plaintext, K priv ), K pub ) plaintext
4
Encryption Algorithm (apply to each part of the transmission) Begin with two large primes (p and q). n = p*q (Note that n should be more than 200 digits - roughly 512 bits.) Select e relatively prime to (p-1)*(q-1). E(message, e, n) = (message e ) mod n Select d so that (e*d) mod ((p-1)*(q-1)) = 1. public key: (e, n) private key: (d, n) Decryption Algorithm (apply to each part of the transmission) D(message, d, n) = (message d ) mod n Side note: (p-1)*(q-1) comes from Euler’s definition of totient (n) = number of positive integers less than n that are relatively prime to n. Rivest-Shamir-Adelman (1978) is the best known of current public-key encryption methods. more theory: www. di-mgt.com.au/rsa_theory.html
5
Example (note that numbers are artificially small.) HI MOM SEND 3 2 32 28 24 28 32 18 30 21 277 8 26 12 14 12 26 18 4 13 3 p = 2q = 17 Therefore, n = p*q = 34 Select e = 3 Note that (p-1)*(q-1) = 16. (3 and 16 are relatively prime.) d = 11 because e*d = 3*11 = 33 and 33 mod 16 = 1 Treat alphabet as integers from zero, and include blank: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 23 25 26 H 7 7 e mod n = 7 3 mod 34 = 3 to encipher H I 8 8 e mod n = 8 3 mod 34 = 2 to encipher I 7 H7 H 3 d mod n = 3 11 mod 34 = 7 to decipher 3 8 I8 I 2 d mod n = 2 11 mod 34 = 8 to decipher 2 3 2 32 28 24 28 32 18 30 21 27
6
Issues 1) The values of p, q, and (n) are not divulged. 2) Cryptanalysis of RSA accomplished by finding the prime factors of a large number. 3) Factoring is not known to be an NP problem, but the best known algorithms are exponential. 4) To date no serious security flaws have been discovered. Finding p and q Verifying that p and q are prime requires testing potential factors. A practical alternative (Solovay & Strassen algorithm) tests a number to any desired probability of being prime.RSA-10010033219917 Quadratic Sieve RSA-12912942819945000 RSA-13013043119961000 Generalized num field Sieve RSA-15515551219998000 dec. digits bitsYearMIPS-yrsAttack/factoring Method Key Size Effort Crack History
7
512102415362048 10 4 10 8 10 12 10 16 10 20 MIPS-years required for factoring Key Size (in bits) Another factoring method (Special Number Field Sieve) is faster. Key sizes of 1024 to 2048 appear to be safe for the near future. General number field sieve Special number field sieve
8
Generally, the strength of a public-key algorithm depends upon key size. Suppose Lena sends a very short message - say one byte E( LenasByte, K OlePub ) encipheredByte Suppose the man in the middle (Hagar) intercepts encipheredByte How can Hagar discover LenasByte ? Note: This particular vulnerability is unique to public-key cryptosystems. Solution: Append random bits to otherwise short messages, making them longer.
9
Other Public-key Cryptosystems Elliptic Curve Cryptography (ECC) several different ciphers based upon cubic equations of the form: y 2 +axy + by = x 3 + cx 2 + dx + e appears to have computational speed advantages over RSA “test of time”? Efficient? RSA can be as much as 10,00 times slower than symmetric algorithms (Multiplication used in place of bit manipulation and table lookup/indexing). to improve computation: (a * b) mod n = [(a mod n) * (b mod n)] mod n Diffie-Hellman Key Exchange not a full system, but a key-exchange technique built on public key concept Digital Signature Standard (DSS) not a full system, but a technique for implementing digital signatures built on public key concept
10
The additional property of RSA & elliptic curve ciphers: D(E(plaintext, k pub ), k priv ) = plaintext D(E(plaintext, k priv ), k pub ) = plaintext Confidential transmission 1) Lena encrypts the message using Ole’s public key. 2) The message from (1) is transmitted. 3) Ole decrypts message using his private key. lena ole Confidential & Authenticated transmission 1) Lena encrypts the message (or part of it) using her private key. 2) Lena uses Ole’s public key to encrypt the result of (1). 3) The message from (2) is transmitted. 4) Ole decrypts the message with his private key. 5) Ole decrypts the result of (4) (or appropriate part) with Lena’s public key.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.