Presentation is loading. Please wait.

Presentation is loading. Please wait.

Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.

Published byThomasine Powers Modified over 9 years ago

Similar presentations

Presentation on theme: "Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption."— Presentation transcript:

1 Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption

2 2 Outline Short message attacks –Generating all possible messages with the public key Timing attacks –Guessing private key based on decryption run time Apply to many encryption algorithms

3 3 Mathematical Attacks Based on finding fast ways to solve underlying mathematics –Factorization –Discrete Logarithms Unsolved at this point Recommendations: –Large p and q (at least 1024 bits) –Don’t reuse same n too many times –Large E (at least 2 16 +1)

4 4 Short Message Attacks Typical use of public key algorithm: Generating short messages –Symmetric keys (used then to send rest of message) –Social security numbers, etc. Idea: –Adversary acquires public key E, n –Uses them to encrypt all possible messages that may be sent (plausible if messages are short enough!) and stores in table –Intercepts encrypted message C and searches for match in the table Adversary can recover plaintext without decryption key!

5 5 Short Message Attack Example: Darth knows that Bob will use Alice’s public key to send her a Social Security Number (9 digits) Alice’s K PU Darth finds Alice’s public key K PU

6 6 Short Message Attack Darth uses Alice’s public key K PU to encrypt all possible Social Security Numbers (only a billion) Alice’s K PU 000-00-0000 … 298-76-8466 298-76-8467 298-76-8468 … 999-99-9999 jk34jk234n … 98nnsap43 j290u9kjwn lkmqwe844 … Jbn29q004s

7 7 Short Message Attack Darth intercepts Bob’s SSN encrypted with Alice’s public key Searches for match in table of encrypted values 000-00-0000 … 298-76-8466 298-76-8467 298-76-8468 … 999-99-9999 jk34jk234n … 98nnsap43 j290u9kjwn lkmqwe844 … Jbn29q004s j290u9kjwn Message matches this encrypted value So this must be the corresponding plaintext value

8 8 Short Message Attacks Solution: Pad message to M bits –M large enough so adversary can’t generate all 2 M possible messages –Can’t just add extra bits to end – still possibly vulnerable Optimal Asymmetric Encryption Padding (OAEP) –Additional bits used as “mask” to conceal plaintext Mask generated randomly Mask data sent as part of encrypted message for decryption –Based on cryptographic hash (more later)

9 9 Optimal Asymmetric Encryption Padding Encryption: Message padded to m bits Random bits r mask padded message –Run through hash function G –XOR’d with padded message to give P 1 Masked message mask random bits –Masked message run through hash function H –XOR’d with random bits to give P 2 Masked message and random bits (P 1 and P 2 ) encrypted and sent Key: One-way hash functions make it impossible to recover r from P 2

10 10 Optimal Asymmetric Encryption Padding Decryption: Ciphertext decrypted to get masked message and random bits (P 1 and P 2 ) Masked message P 1 run through hash function H and XOR’d with P 2 to recover r r run through hash function G and XOR’d with P 1 to recover original padded plaintext

11 Timing Attacks Encryption/decryption times may not be constant for all algorithms Times may be function of: –Plaintext, Ciphertext –Keys Adversary can observe timing in different ways –Overall time –Processor cycles –Power consumption… 11

12 12 Timing Attacks on RSA Fast exponentiation algorithm used for decryption to compute C D mod n: result = 1 for (i = 0 to number of bits in D - 1) { if (i th bit of D = 1) result = (result * C) mod n C = C 2 mod n } Speed of decryption depends on number of 1’s in D –Each 1 requires additional multiplication operation –Each 0 skips that step

13 13 Timing Attacks on RSA If adversary knows the following: –Ciphertext C Can compute how long it takes to multiply ciphertext and compute mods That is, how long a 1 or a 0 takes to decrypt –Total time decryption takes Can be observed They could compute number of 1’s in private D Given enough known plaintexts, can reliably guess D completely

14 14 Timing Attacks on RSA Darth infiltrates organization –Requests secure data from database –Observes ciphertext –Times processor cycles required by decryption –Guesses properties of key Fast exponentiation C P

15 15 Timing Attack Solutions Solutions: “Pad” algorithm so all decryptions take same time for (i = 0 to number of bits in D - 1) { if (i th bit of D = 1) result = (result * C) mod n else garbageVariable = (result * C) mod n C = C 2 mod n } Remove adversary’s ability to know the C used in the fast exponentiation (blinding) –Compute fast exponentiation on a value other than C –Use that value to recover the plaintext –Used by commercial versions of RSA

16 16 Blinding Timing Attacks Algorithm: –Select random r < modulus n –Compute C 1 = C  r E mod n –Compute P 1 = C 1 D mod n = (C  r E ) D mod n = (C D mod n  r ED mod n ) mod n = (P  r ) mod n –Compute P = (P 1  r -1 ) mod n fast exponentiation on value unknown to adversary Factor out the original r

17 17 Timing Attacks Based on implementation of algorithm, not underlying mathematics Any cryptosystem that has a component that takes different time for different keys may be vulnerable Current research: AES –MixColumns stage uses matrix multiplication –More 0’s in state  Faster matrix multiplication –May be able to recover intermediate states based on run time

Download ppt "Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption."

Similar presentations

RSA.

RSA.
Public Key Cryptosystem

Public Key Cryptosystem
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.
Attacks on Digital Signature Algorithm: RSA

Attacks on Digital Signature Algorithm: RSA
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)

Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
Public Encryption: RSA

Public Encryption: RSA
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 6 Epayment Security II.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange
CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.

CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Database Key Management CSCI 5857: Encoding and Encryption.

Database Key Management CSCI 5857: Encoding and Encryption.

Similar presentations

Ads by Google