1. 1 CSCD 434 Spring 2012 Lecture 12 Cryptography – Asymmetric or Public Key S A R

2. RSA Inventors The algorithm was publicly described in 1977 – Ron Rivest, Adi Shamir, and Leonard Adleman from MIT – Letters RSA are the initials of their surnames Adi Shamir Ron Rivest Leonard Adleman 2

3. 3 Introduction Traditional Encryption Algorithms – Symmetric Key encryption and popular algorithms – Based on a secret shared key – DES, AES – Block Ciphers – Talk about these later … Today – Public key cryptography – Uses two keys, public and private keys – RSA, Diffie Hellman

4. Cryptographic Properties What do crypto properties dependent on? – The strength of the cryptographic algorithms Key length Key strength – Ability to resist analysis – Correctness of algorithm implementation Based on following randomness requirements

5. Random Number Generation Most crypto systems depend on Random Number Generation – Facts No computer can generate true random numbers in software Pseudorandom generators create bit strings for keys Keys or parts of keys are used in nearly all cryptography – Stream ciphers, block ciphers, asymmetric methods

6. Random Number Generation Strength of cryptographic method depends on – Randomness of its keys, – Randomness of output cipher code Two main methods to generate randomness – What are they? 1. Algorithm or software - Pseudorandom Number Generators (PRNG)‏ 2. Hardware devices - True Random Number Generators (TRN)‏ Next slides from Handbook of Applied Cryptography http://www.cacr.math.uwaterloo.ca/hac/

7. Psedorandom Number Generation A pseudorandom bit generator is said to pass all polynomial-time statistical tests if no polynomial-time algorithm can correctly distinguish between a generator output sequence and a truly random sequence of same length with probability significantly greater than 1/2 A pseudorandom bit generator is said to pass the next- bit test if there is no polynomial-time algorithm which, on input of the first L bits of an output sequence s, can predict the (L + 1) bit of s with probability significantly greater than 1/2

8. True Random Bit Generator Next Step up in Random Generation A (true) random bit generator requires a naturally occurring source of randomness Designing hardware device or software program to exploit this randomness and produce a bit sequence that is free of biases and correlations is a difficult task

9. True Random Bit Generator Hardware-based random bit generators exploits randomness which occurs in some physical phenomena Examples of physical phenomena include 1. Elapsed time between emission of particles during radioactive decay 2. Thermal noise from a semiconductor diode or resistor 3. Frequency instability of a free running oscillator 4. Amount a metal insulator semiconductor capacitor is charged during a fixed period of time 5. Air turbulence within a sealed disk drive which causes random fluctuations in disk drive sector read latency times, and 6. Sound from a microphone or video input from a camera

10. True Random Bit Generator Designing random bit generator in software is even more difficult than in hardware. Processes upon which software random bit generators may be based include: 1. System clock 2. Elapsed time between keystrokes or mouse movement 3. Content of input/output buffers 4. User input, and 5. Operating system values like system load and network statistics Behavior varies considerably depending on computer platform May also be difficult to prevent an adversary from observing or manipulating these processes

11. Cryptographically Secure Pseudorandom Bit Generation A PRBG that passes next-bit test is called a cryptographically secure pseudorandom bit generator (CSPRBG)‏ Which algorithms qualify as CSPRBG types of algorithms? – RSA – Blum-Blum-Shub pseudorandom – Micali-Schnorr pseudorandom bit generator

12. Public Key Cryptography or Asymmetric Cryptography

13. Basis of Public Key Cryptography Public Key Cryptography – Radical departure from traditional symmetric crypto systems Strategy of Symmetric – Just make them more and more complicated Substitution and permutation Substitute numbers, permute them, do this many times in a serious of rounds – Public Key based on mathematical functions and number theory – Creates two separate keys

14. 14 Symmetric Key Cryptography Main Challenge Get sender and receiver to agree on secret key without anyone else finding out – Intercept key in transit, can later read, modify, and forge all messages encrypted or authenticated using that key – Problem - Generation, transmission and storage of keys Key Management – All keys in secret-key cryptosystem must remain secret – Secret-key cryptography often has problems with secure key management Open systems with large number of users

15. 15 Public Key Cryptography Public-key cryptosystems are networks of users rather than a single pair of users Each user has pair of keys associated with him/her – Public key Published under the users name in a public directory accessible to anyone – Private-key Known only to the user Pair of keys generated by running key-generation algorithm

16. Public Key System Bob Alice Carol Denise Public Directory

17. Public Key Treasure Chest Public key = Chest with open lock Private key = Key to chest Treasure = Message Encrypting with public key – Find chest with open lock – Put a message in it – Lock the chest Decrypting with private key – Unlock lock with key – Take contents out of the chest

18. 18 Public Key Cryptography To solve key management problem Whitfield Diffie and Martin Hellman introduced concept of public-key cryptography in 1976 They were not the first to discover this... http://www.absoluteastronomy.com/topics/Cryptography Public-key cryptosystems have two primary uses, encryption and digital signatures Each person gets a pair of keys, a public key and a private key Public key is published, while private key is kept secret All communications involve only public keys, no private key is ever transmitted or shared

19. 19 Message Passing Only requirement is public keys be associated with their users in a trusted (authenticated) manner Anyone can send a confidential message by using public information, Message can only be decrypted with a private key, which is in sole possession of the intended recipient First, an article linked to Alice and Bob http://www.networkworld.com/news/2005/020705widernetalicea ndbob.html

20. 20 Message Passing For Alice to send a secret message to Bob: 1. Alice passes secret message and Bob's public key to encryption algorithm to construct encrypted message 2. Alice transmits encrypted message (perhaps via e-mail) to Bob 3. Bob decrypts transmitted, encrypted message with his private key and decryption algorithm

21. 21 Alice and Bob Communicate Alice wishes to communicate securely with Bob She writes a message to Bob and encrypts it with Bob’s public key She sends this message to Bob, who decrypts it with his private key If message intercepted while in transit, it cannot be read

22. 22 Digital Signatures Want privacy of communications, also important to know with whom you are communicating Plus, important to know message content has not been altered in transmission Asymmetric encryption also used to provide confirmation of both – Source, who sent the message and – Integrity of message, message has not been tampered with Accomplish this through use of digital signatures

23. 23 Digital Signatures What is a digital signature? A digital signature is digest, or hash, of message encrypted with sender’s private key If Alice wishes to digitally sign message sent to Bob – She first creates hash of message – Then, encrypts it with her private key – This is the digital signature, which is attached to message Message with signature attached is sent to Bob.

24. 24 Alice Digitally Signs Message Hash of Message How does Bob prove its Alice?

25. 25 Bob Authenticates Message When Bob gets message, he decrypts digital signature with Alice’s public key, recalculates hash of message itself, and compares two If results match, Bob knows that message is from Alice not from impostor, AND knows message has not been tampered with in transit

26. Requirements for Public-Key Cryptography 1. Easy for sender to generate ciphertext 2. Computationally easy to generate key pair 3.Easy for receiver to decrypt ciphertext using private key

27. Requirements for Public-Key Cryptography 4. Computationally infeasible to recover message M, knowing it and ciphertext, C 5. Either of two keys can be used for encryption, with other used for decryption 6. Computationally infeasible to determine private key, knowing public key

28. 28 Public Key Cryptography Technology Maturity Public key cryptography has been in use for more than 30 years – Whats it used for today? – SSH – Secure Sockets Layer (SSL) from Netscape – Pretty Good Privacy (or PGP) another popular application of public key cryptography Used to send confidential electronic mail and digitally signing electronic documents Plus number of commercial companies have become third party providers of public key cryptography software including: – RSA Security, Inc, Sun Microsystems, Microsoft, Entrust, Inc., and VeriSign, Inc.

29. 29 Modulo Arithmetic Before getting into Algorithms, Review Basics – Modulo arithmetic is important – Most public key algorithms based on modulo arithmetic x mod n = remainder of x when divided by n Example: mod 10 addition 3 + 7 = 0 3 + 9 = 2 2 + 2 = 4 Example: mod 10 multiplication 8 * 2 = 6 8 * 3 = 4

30. 30 Modulo Arithmetic – For crypto purposes interested in multiplicative inverses of mod arithmetic Multiplicative inverse of a number is the number you multiply to get 1 x * 1/x = 1, another notation, x * x -1 = 1 Modulo arithmetic – no fractions So, x -1 of number are primes with respect to a given mod n Example: mod 10, look for smallest m makes this true 7m mod 10 ≡ 1 3 is multiplicative inverse of 7, 9 is its own inverse What’s another one for 7? No obvious way to find multiplicative inverse mod n if n is large

31. 31 Modulo Arithmetic Euclid’s Algorithm – Look up on your own if interested http://en.wikipedia.org/wiki/Euclidean_algorithm Efficiently finds inverse mod n uses gcd gcd – greatest common devisor – Given x and n it finds y such that x*y mod n = 1 – First, find out... How many numbers < n are relatively prime to n? – Turns out all numbers relatively prime to n will have multiplicative inverses and none of other numbers will, What is relatively prime?

32. Relatively Prime Definition – Describes two numbers for which only common factor is 1. Relatively prime numbers have a greatest common factor (gcf) of 1 – For example, 6 and 35 are relatively prime (gcf = 1) while 6 and 8 are not relatively prime (gcf = 2)‏

33. 33 Modulo Arithmetic Turns out, Euler's totient function φ(n)‏ N umber of positive integers not larger than n that are coprime or relatively prime to n Useful for determining number of prime numbers – If n is prime, then all integers {1,2,3... n-1} are relatively prime to n, so φ(n) = n-1 – If n is product of two primes, then n = pq, and φ(n) = (p-1)(q-1)‏

34. 34 Modulo Arithmetic Example: φ(10) = 4 {1,3,7,9} φ(21) = 12 {1,2,4,5,8,10,11,13,16,17,19,20} Also, exponentiation inverses are also special interest to public key cryptography Special case where y = 1 mod φ(n) if y = 1 mod φ(n) then for any number x, x y = x mod n

35. Modulo Arithmetic Used in Public Key Encryption!! There is a reason for this 35

36. 36 RSA The RSA Public Key Cryptography was invented by Ronald Rivest, Adi Shamir, and Leonard Adelman in 1977 Security based on difficulty of factoring Large prime numbers Public key, can be safely published for all to know, is used to encrypt the message Private key, which is held by owner, and which is never shown to anybody, is used to decrypt the message.

37. 37 RSA – 1024, 2048, 4096-bit keys common Longer keys mean more security Data must be < key length – But data size can vary too Ciphertext will be size of the key Relatively Slow Algorithm – Many times... used for encryption of the secret key of a symmetric algorithm – Symmetric algorithm then used for encryption

38. 38 RSA Overview – Choose an integer e < n relatively prime to n – Find second integer d, such that ed mod φ(n) = 1 – Public key is (e,n) and private key is d – m is message. So, c = m e mod n and m = c d mod n encryption decryption

39. Why Does RSA Work? Decoding is easy if you know d, but hard if you don't: – You have to figure out p-1 and q-1 – Which means you have to figure out p and q – So you have to factor N and that's too hard!

40. 40 RSA Algorithm Example First, generate a public Key and a Private key Choose, two large prime numbers, p and q (they remain secret)‏ To make example easy to follow small numbers are used To find random primes, we start at a random number and go up ascending odd numbers until we find a prime Lets have: p = 7 q = 19 2) Let n = pq n = 7 * 19 = 133 n is part of public key 3) Let m = (p - 1)(q - 1) = φ(n) m = (7 - 1)(19 - 1) = 6 * 18 = 108 m is used in calculation and is φ(n)

41. 41 RSA Algorithm 4) Choose a small number, e coprime to m e coprime to m, means that the largest number that can exactly divide both e and m (their greatest common divisor, or gcd) is 1. Euclid's algorithm is used to find the gcd of two numbers, but the details are omitted here. – e = 2 => gcd(e, 108) = 2 (no) e = 3 => gcd(e, 108) = 3 (no) e = 4 => gcd(e, 108) = 4 (no) e = 5 => gcd(e, 108) = 1 (yes!) e is part of public key 5) Find d, such that de mod m = 1 This is equivalent to finding d which satisfies de = 1 + nm where n is any integer. We can rewrite this as d = (1 + nm) / e. Now we work through values of n until an integer solution for e is found: – n = 0 => d = 1 / 5 (no) d is private key n = 1 => d = 109 / 5 (no) n = 2 => d = 217 / 5 (no) n = 3 => d = 325 / 5 = 65 (yes!)‏

42. 42 RSA Algorithm Encryption Example – For this example, lets use the message "6", P C = P e mod n = 6 5 mod 133 = 7776 mod 133 = 62 Public Key n = 133 e = 5 Secret Key n = 133 d = 65

43. 43 RSA Algorithm Decryption This works very much like encryption, but involves a larger exponentiation, which is broken down into several steps. P = C d % n = 62 65 % 133 = 62 * 62 64 % 133 = 62 * (62 2 ) 32 % 133 = 62 * 3844 32 % 133 = 62 * (3844 % 133) 32 % 133 = 62 * 120 32 % 133 Public Key n = 133 e = 5 Secret Key n = 133 d = 65

44. 44 RSA Algorithm We now repeat the sequence of operations that reduced 62 65 to 120 32 to reduce the exponent down to 1 = 62 * 36 16 % 133 = 62 * 99 8 % 133 = 62 * 92 4 % 133 = 62 * 85 2 % 133 = 62 * 43 % 133 = 2666 % 133 = 6 And that matches the plaintext we put in at the beginning, so the algorithm worked! Public Key n = 133 e = 5 Secret Key n = 133 d = 65

45. 45 Security and Other Issued of Public Key Cryptography

46. 46 Problems with Public Key Problems: – If a key is lost, all messages and signatures are lost – If a key is compromised, all messages and signatures are compromised – It's hard to revoke a key – It's hard to repudiate a key Authentication – How do you know who you are talking to? Is that really Alice's public key? – Public key infrastructure, web of trust, digital certificates Have to do with how Public Key algorithms implemented

47. 47 The RSA Algorithm (cont’d)‏ The security of RSA – Brute force: This involves trying all possible private keys. – Mathematical attacks: There are several approaches, all equivalent to factoring product of two primes – Timing attacks: These depend on running time of the decryption algorithm

48. 48 The RSA Algorithm (cont’d)‏ To avoid brute force attacks, use a large key To make n difficult to factor – p and q should differ in length by only a few digits (both in the range of 10 75 to 10 100 )‏ – both (p-1) and (q-1) should contain a large prime factor – gcd(p-1,q-1) should be small – should avoid e < n and d < n 1/4

49. 49 Timing Attacks Timing attacks are “side channel attack” – Attacker gains information from implementation of cryptosystem, not from weakness mathematical properties of the system – Unintended channels of information arise due to Way an operation is performed or the media used Side channel attacks exploit information about timing, power consumption, electromagnetic emanations or even sound to recover secret information about a cryptosystem

50. 50 Timing Attacks Because of performance optimizations, – Computations of cryptographic algorithm often take different amounts of time Depends on input and value of secret parameter If RSA private key operations can be timed reasonably accurately Some cases statistical analysis can be applied to recover the secret key involved in the computations Ref: P.Kocher, "Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems", at www.cryptography.com/resources/whitepapers/ TimingAttacks.pdf

51. 51 Next Time Symmetric Encryption Encryption Applications Reading: Course RelevantLinks page Williams Stallings DES Wikipedia AES Page Wikipedia DES Page Wikipedia PKI Page Assignment: On Cryptography!