Introduction to Cryptography. --- Foundations of computer security ---

Transcription

1 Introduction to Cryptography --- Foundations of computer security ---

2 Related Chapters Cryptography CHAPTER 2, A Cryptography Primer CHAPTER 37, Data Encryption CHAPTER 39, Public Key Infrastructure CHAPTER 70, Advanced Data Encryption 2

3 Outline basic terms in cryptology classic secret key ciphers modern secret key ciphers DES (Data Encryption Standard) and AES (Advanced Encryption Standard) how do they work how to use DES and AES in practice 4 modes of operations 3

4 Basic Terms cryptology (to be very precise) cryptography --- designing cryptanalysis --- code breaking cryptologist cryptographer cryptanalyst encryption/encipherment scrambling data into unintelligible to unauthorised parties 4

5 Basic Terms (2) decryption/decipherment un-scrambling cipher/cryptosystem 5

6 A Short History dividing line is 1976/77 classic ~1976/ : Diffie & Hellman discovered public key cryptography 1977: National Bureau of Standards published DES (Data Encryption Standard) modern 1976/77 ~ today 6

7 History (2) the word of cipher --- from Greek (secret writing) ancient Egypt, Julius Caesar,... WWII Enigma cipher machine broken by British team including Alan Turing Purple cipher broken by US, led to the death of Yamamoto Mainly for war, diplomacy & politics 7

8 Good Book on History of Crypto David Kahn, The Codebreakers, Macmillan, New York, PS: a revised edition was published in 1996 Not quite complete 8

9 Cryptography Goals Authentication: Alice sends a message to Bob. How can Bob verify that the message originated from Alice and not from Eve pretending to be Alice? Confidentiality: Alice sends a message to Bob. How can Bob be sure that the message was not read by Eve? For example, personal communications need to be maintained as confidential. 9

10 Cryptography Goals (2) Integrity: Alice sends a message to Bob. How does Bob verify that Eve did not intercept the message and change its contents? Nonrepudiation: Alice could send a message to Bob and later deny that she ever sent a message to Bob. In such a case, how could Bob ever determine who actually sent him the message? 10

11 Types of Ciphers private key cryptosystems/ciphers Also known as Secret key ciphers Single key ciphers Symmetric ciphers public key cryptosystems/ciphers Also known as asymmetric ciphers 11

12 Representation of Data By characters each character is represented by a 8-bit byte according to the ASCII table By binary bits (0 s and 1 s) eg. fax messages images digitalised voice data 12

13 Private Key Cipher Plain Text Cipher Text Cipher Text Original Plain Text E Network or Storage D Shared Secret Key Alice Shared Secret Key Bob 13

14 Concepts A private key cipher is composed of two algorithms encryption algorithm E decryption algorithm D The same key K is used for encryption & decryption K has to be distributed beforehand 14

15 Notations Encrypt a plaintext P using a key K & an encryption algorithm E C = E(K,P) Decrypt a ciphertext C using the same key K and the matching decryption algorithm D P = D(K,C) Note: P = D(K,C) = D(K, E(K,P)) 15

16 Classic Ciphers Substitution ciphers (also called shift/additive ciphers) Monoalphabetic ciphers Polyalphabetic ciphers Transposition (permutation) ciphers Product ciphers using both substitution, and transposition 16

17 The Caesar Cipher The Caesar cipher a substitution cipher, named after Julius Caesar. Operation principle: each letter is translated into the letter a fixed number of positions after it in the alphabet table. the fixed number of positions is a key both for encryption and decryption. 17

18 The Caesar Cipher (cnt d) Outer: plaintext Inner: ciphertext 18

19 The Caesar Cipher (cnt d) K=3 19

20 An Example for a key K=3, plaintext letter: ABCDEF...UVWXYZ ciphertext letter: DEF...UVWXYZABC Hence TREATY IMPOSSIBLE is translated into WUHDWB LPSRVVLEOH 20

21 An Exercise Using the Caesar cipher to encode the following message under a key K=3 WAR STARTS TOMORROW 21

22 Another substitution cipher example 22

23 Transposition Cipher It works by changing the location of characters (characters permutation). A cyclic group defines the permutation with a single key to encrypt, and the same key is used to decrypt the ciphered message. 23

24 Polyalphabetic Cipher Instead of one-to-one mapping (Cesar cipher), one-tomany mapping is used. A single letter can have multiple substitutes. A tableau is developed (see next slide). This tableau is a series of shift ciphers. The key is repeated over the plaintext. Then, using the tableau, the corresponding letter is used. The top row is used to look up the plaintext, and the leftmost column is used to reference the keyword. 24

25 25

26 Polyalphabetic Cipher Example Plaintext: Ask not what your country can do for you, key: rockerrooks. Plaintext A S K N O T W H A T Y O U R Key R O C K E R R O O K S R O C Ciphertext R G M X S K N V O D Q F I T Notice that A is encrypted to different letters. 26

27 Attacks Against Cryptography Ciphertext only attack: The cryptanalyst has an access to the ciphertext only. Frequency analysis is used to infer the key. Known plaintext attack: The cryptanalyst has an an access to both plaintext and the corresponding cipher text trying to find the key. Chosen plaintext attack: The cryptanalyst can encrypt plaintext of his choice and analyze the resulting cipher text. Chosen Ciphertext attack: The cryptanalyst can decrypt ciphertext of his choice to recover the key. 27

28 Breaking the Caesar Cipher by trial-and error by using statistics on letters frequency distributions of letters letter percent A 7.49% B 1.29% C 3.54% D 3.62% E 14.00%... with the help of fast computers, 99.99% ciphers used before 1976 are breakable by using one of the 4 types of attacks. The first computer designed by Alan Turing was used to break the Enigma cipher in WWII. 28

29 MODERN BLOCK CIPHERS 29

30 Block Ciphers Block ciphers provide the backbone algorithmic technology behind most modern-era ciphers It is a series of serial operations (rounds). In each round, a chunk of the input data is encrypted and fed to the next round. (chaining) Each output block is the same size as the input block. Each block uses a subkey permuted (derived) from the original key. 30

31 Modern Private Key Ciphers DES (US, 1977) key bits, plaint/ciphertext bits IDEA (Lai & Massey, Swiss, 1991) key bits, plaint/ciphertext bits LOKI (ADFA, Australia, 1989) key, plaint/ciphertext bits FEAL (NTT, Japan, 1990) key bits, plaint/ciphertext bits AES (successor to DES, 2001) 31

32 Encryption using DES a 56-bit key K is expanded into 16 subkeys, each 48 bits (K1, K2,..., K16) Encryption consists of 16 rounds, each using a different 48-bit subkey Both a plaintext & a ciphertext are 64 bits long 64-bit plaintext Similar to encryption, except that the order in which the subkeys are used is reversed, namely, (K16, K15,..., K2, K1) 64-bit ciphertext 56-bit key DES (Encryption) 56-bit key DES (Decryption) 64-bit ciphertext 64-bit plaintext 32

33 AES Family AES-128,AES-192, AES bit plaintext 128-bit plaintext 128-bit plaintext 128-bit key AES bit key AES bit key AES bit ciphertext 128-bit ciphertext 128-bit ciphertext 33

34 Examples AES128 PLAINTEXT: aabbccddeeff KEY: a0b0c0d0e0f CIPHERTEXT: 69c4e0d86a7b0430d8cdb78070b4c55a AES256 PLAINTEXT: aabbccddeeff KEY: a0b0c0d0e0f a1b1c1d1e1f CIPHERTEXT: 8ea2b7ca516745bfeafc49904b

35 Use of A Private Key Cipher in Practice

36 4 Modes of Operation Electronic Code Book (ECB) Cipher Block Chaining (CBC) Cipher Feedback Mode (CFB) Output Feedback Mode (OFB) (Use AES-128 as an example) 36

37 Electronic Code Book (ECB) Encryption mi, ci: 128 bits for AES K: 128 bits (or 192, 256 bits) plaintext (message) m1 m2 m3 m4 m5 m6 m7 m8 m9 m10 E E E E E E E E E E K c1 c2 c3 c4 c5 c6 c7 c8 c9 c10 ciphertext (scrambled message) 37

38 Electronic Code Book (ECB) Decryption ciphertext (message) c1 c2 c3 c4 c5 c6 c7 c8 c9 c10 D D D D D D D D D D K m1 m2 m3 m4 m5 m6 m7 m8 m9 m10 plaintext (original message) 38

39 Electronic Code Book (ECB) Encryption plaintext (message) m1 m2 m3 m4 m5 m6 m7 m8 m9 m10 K E E E E E E E E E E c1 c2 c3 c4 c5 c6 c7 c8 c9 c10 ciphertext (scrambled message) ciphertext (message) Decryption c1 c2 c3 c4 c5 c6 c7 c8 c9 c10 D D D D D D D D D D K m1 m2 m3 m4 m5 m6 m7 m8 m9 m10 plaintext (original message) 39

40 Padding If the length of a plaintext is not a multiple of 128bits, extra bits (0 s or 1 s) are padded to the end of the original message, so that the last block is 128 bits. Padded bits are discarded after decryption. 40

41 Examples of ECB Mode AES128, Encryption, 16 bytes KEY = 10a58869d74be5a374cf867cfb PLAINTEXT = CIPHERTEXT = 6d251e6944b051e04eaa6fb4dbf78465 AES256, Decryption, 16 bytes KEY = 07eb03a08d291d1b07408bf3512ab40 c91097ac77461aad4bb859647f74f00ee CIPHERTEXT = 47cb030da2ab051dfc6c4bf6910d12bb PLAINTEXT = Source: NIST AES Test Data 41

42 ECB, AES128 Plaintext, 128 X 4 bits 6bc1bee22e409f96e93d7e a ae2d8a571e03ac9c9eb76fac45af8e51 30c81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710 Key, 128 bits 2b7e151628aed2a6abf cf4f3c Ciphertext 3ad77bb40d7a3660a89ecaf32466ef97 f5d3d58503b9699de785895a96fdbaaf 43b1cd7f598ece23881b00e3ed b0c785e27e8ad3f dd4 42

43 Bit-Wise Exclusive OR (XOR) XOR Table 0 0 = = = = 1 P K C Useful properties: P K C C K P In Java, C & C++: C = P ^ K; P = C ^ K; 43

44 Cipher Block Chaining (CBC) Encryption m1 m2 m3 m4 IV E E E E K c1 c2 c3 c4 44

45 Cipher Block Chaining (CBC) Decryption m1 m2 m3 m4 IV D D D D K c1 c2 c3 c4 45

46 Cipher Block Chaining (CBC) --- Another way to look at decryption Decryption c1 c2 c3 c4 D D D D IV K m1 m2 m3 m4 46

47 Cipher Block Chaining (CBC) Encryption m1 m2 m3 m4 IV E E E E K c1 c2 c3 c4 c1 c2 c3 c4 Decryption IV D D D D K m1 m2 m3 m4 47

48 CBC, AES256 Plaintext, 128 X 4 bits 6bc1bee22e409f96e93d7e a ae2d8a571e03ac9c9eb76fac45af8e51 30c81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710 Key, 256 bits 603deb1015ca71be2b73aef0857d7781 1f352c073b6108d72d9810a30914dff4 IV, 128 bits a0b0c0d0e0f Ciphertext f58c4c04d6e5f1ba779eabfb5f7bfbd6 9cfc4e967edb808d679f777bc6702c7d 39f23369a9d9bacfa530e b2eb05e2c39be9fcda6c19078c6a9d1b 48

49 Cipher Block Chaining (CBC) with Interleave Factor = 2 Encryption Agreed values m1 m2 m3 m4 IV E E E E K c0 c1 c2 c3 c4 49

50 Cipher Block Chaining (CBC) with Interleave Factor = 2 Decryption Agreed values m1 m2 m3 m4 IV D D D D K c0 c1 c2 c3 c4 50

51 Cipher Block Chaining (CBC) with Interleave Factor = 2 Encryption m1 m2 m3 m4 IV E E E E K c0 c1 c2 c3 c4 c0 c1 c2 c3 c4 Decryption IV D D D D K m1 m2 m3 m4 51

52 Higher Order Bits & Lower Order Bits The left The right b bit register/storage b 0 Higher order bits Lower order bits (Note: in line with Java, C, and C++) 52

53 Cipher Feedback Mode (CFB) Encryption 128-bit register 128-bit shift register (to the left by t bits) K ki: t higher order bits mi t bits (3) (1) E (2) t bits (4) Copy & Feedback t bits ci 53

54 Blocks, Key & Initial Vector for CFB Long data is divided into blocks, each having t bits. Typically, t=8. Key & initial vector Sender & receiver need to agree on 2 pieces of information beforehand: key K (has to be kept secret) an initial vector for the shift register it does NOT have to be kept secret! a 128-bit all-0 vector may be chosen 54

55 Cipher Feedback Mode (CFB) Decryption 128-bit shift register (to the left by t bits) (3)... K (1) E (4) Copy & Feedback t bits ki: t higher order bits ci mi t bits (2) t bits 55

56 Cipher Feedback Mode (CFB) Encryption Decryption 128-bit shift register (to the left by t bits) (3) (1) K E (4) 128-bit register K 128-bit shift register (to the left by t bits) (3)... (4) (1) E ki: t higher order bits mi (2) ci ci ki: t higher order bits mi t bits t bits t bits (2) t bits 56

57 4 Sub-steps in CFB Decryption encrypt (with, say, AES) XOR Shift (to the left/higher order bit positions) Feedback (to the lower order bit positions) 57

58 CFB with t=1, AES128 Plaintext, 16 bits 6bc1 (= ) Key, 128 bits 2b7e151628aed2a6abf cf4f3c IV, 128 bits a0b0c0d0e0f Ciphertext, 16 bits 68b3 (= ) 58

59 CFB with t=8, AES256 Plaintext, 18 bytes (=144 bits) 6bc1bee22e409f96e93d7e aae2d Key, 256 bits 603deb1015ca71be2b73aef0857d7781 1f352c073b6108d72d9810a30914dff4 IV, 128 bits a0b0c0d0e0f Ciphertext, 18 bytes dc1f1a8520a64d655fcc8ac554844e

60 Output Feedback Mode (OFB) Encryption 128-bit shift register (initially IV) K (1) E (3) Feedback all 128 bits ki: t higher order bits Note : mi ci m i k i c i t bits (2) t bits 60

61 Output Feedback Mode (OFB) Decryption 128-bit shift register (initially IV) K (1) E (3) Feedback all 128 bits ki: t higher order bits Note c i m i k : i ( m ( k i i k k i ) i ) k i ci t bits (2) mi t bits m i 0 0 m i 61

62 Output Feedback Mode (OFB) Encryption 128-bit shift register (initially IV) Decryption 128-bit shift register (initially IV) K (1) E (3) Feedback all 128 bits K (1) E (3) Feedback all 128 bits ki: t higher order bits ki: t higher order bits mi ci ci mi t bits (2) t bits t bits (2) t bits 62

63 OFB, AES128 Plaintext, 128 x 4 bits 6bc1bee22e409f96e93d7e a ae2d8a571e03ac9c9eb76fac45af8e51 30c81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710 Key, 128 bits 2b7e151628aed2a6abf cf4f3c IV, 128 bits a0b0c0d0e0f Ciphertext, 128 x 4 bits 3b3fd92eb72dad f8e83cfb4a d16918f03f53c52dac54ed e9c5fecf64344f7a82260edcc 304c6528f659c77866a510d9c1d6ae5e 63

64 OFB, AES192 Plaintext, 128 x 4 bits 6bc1bee22e409f96e93d7e a ae2d8a571e03ac9c9eb76fac45af8e51 30c81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710 Key, 192 bits 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b IV, 128 bits a0b0c0d0e0f Ciphertext, 128 x 4 bits cdc80d6fddf18cab34c25909c99a4174 fcc28b8d4c63837c09e81700c d9a9aeac0f6596f559c6d4daf59a5f2 6d9f200857ca6c3e9cac524bd9acc92a 64

65 Which Mode to Use? electronic code book (ECB) suffers various potential attacks, including block-replacing attack, it should NOT be used! Use one of the other 3 modes cipher block chaining (CBC) cipher feedback mode (CFB) output feedback mode (OFB) 65

66 Other modes Counter mode (CTR) Combined modes CTR + CFB CTR + OFB 66

67 Counter Mode (CTR) Encryption 128-bit counter (initialized to 0) K (1) Counter E (3) Increase counter by 1 ki: t higher order bits Note : mi ci m i k i c i t bits (2) t bits 67

68 Counter Mode (CTR) Decryption 128-bit counter (initialized to 0) K (1) Counter E (3) Increase counter by 1 ki: t higher order bits Note : ci mi c i k i m i t bits (2) t bits 68

69 How Long a Key should Be to Be Secure 56 bits (DES) -- too short 64 bits -- OK for a few months 80 bits -- OK for non-critical applications 128 bits -- OK for all applications 256 bits OK for applications requiring the highest level of security 69

70 How to Get Long Keys use ciphers that support long keys: IDEA (128 bits) AES (128, 192, 256 bits) use triple DES results in a key of 112 bits encrypt using K1 decrypt using K2 encrypt again using K1 70

71 Triple DES (~2030) --- Option 1 Encrypt m K1 E D E c K2 K3 c D E D m Decrypt K1 K2 K3 Source: NIST SP rev1, 1/

72 Triple DES (~2030) Option 2 Encrypt m E D E c K1 K2 c D E D m Decrypt K1 K2 72

73 ONE-WAY HASH 73

74 One-Way Hash Algorithm A document (of any length) A condensed, short, fixed length output (say of 160 bits) 74

75 One-Way Hash Algorithm a one-way hash algorithm hashes an input document into a condensed short output (say of 160 bits) One-wayness Given an output, it is infeasible for any one to find an input document which is hashed to that specific output! Collision resistance it is infeasible for any one to find two or more input documents which are hashed to the same condensed output! 75

76 Criteria of Hash Functions Preimage resistance: Given a message m and the hash function hash, if the hash value h = hash(m) is given, it should be hard to find any m such that h = hash(m). Second preimage resistance (weak collision resistance): Given input m 1, it should be hard to find another message m 2 such that hash(m 1 ) = hash(m 2 ) and that m 1 m 2 Strong collision resistance: It ought to be hard to find two messages m 1 m 2 such that hash(m 1 ) = hash(m 2 ). 76

77 Finding collision is infeasible I, Bob, will pay $1,000 to Alice. I, Bob, will pay $10,000 to Alice. (same condensed output) 77

78 Confetti Shredder as 1-Way Hash Shredding a newspaper into very fine pieces Pick & keep only 20 random pieces out of all those fine pieces & burn off the rest It s 1-way Infeasible for one to recover the original newspaper from the 20 fine pieces It s collision-resistant Infeasible for one to find 2 different newspapers that are shredded to the same set of 20 pieces 78

79 Examples of 1-Way Hashing SHA Family SHA-1 (output: 160 bits) SHA-224 (output: 224 bits) SHA-256 (output: 256 bits) SHA-324 (output: 324 bits) SHA-512 (output: 512 bits) MD5 (broken, should no longer be used) 79

80 SECURE TWO-WAY COMMUNICATION 80

81 Secure 1-Directional Communication Plain Text Cipher Text Cipher Text Original Plain Text E Network or Storage D Shared Secret Key Alice Shared Secret Key Bob 81

82 Secure Bi-Directional Communication Plain Text Cipher Text Cipher Text Plain Text E Open Network D Pair of Shared Secret Keys: K A B & K B A Alice Pair of Shared Secret Keys: K A B & K B A Bob 82

83 PUBLIC KEY CRYPTOGRAPHY (ASYMMETRIC CRYPTOGRAPHY) 83

84 Public Key Cryptosystem Bob s Public Key (for encryption) Public Key Directory Plain Text Cipher Text Cipher Text Plain Text E Open Network D Alice Bob Secret Key (for decryption) 84

85 Public Key Encryption/Decryption Process 85

86 Main Differences with AES The public encryption key is different from the secret decryption key. Infeasible for an attacker to find out the secret decryption key from the public encryption key. No need for Alice & Bob to distribute a shared secret key beforehand! Only one pair of public and secret keys is required for each user! 86

87 Digital Signature Public Key Directory Bob s Public Verification Key Bob Cathy Message signature generation algorithm H 256 bits 1-way hash S Signature Secret Signing Key Open Network Signature Message + signature verification H 256 bits V Accept if satisfied Public Key 87

88 Digital Signature Operations 88

89 Applications of Digital Signature Authentication Non-repudiation Digital certification E-Commerce Digital certificates for servers, clients & users Secure communication Digital credentials Certified software applications (apps, drivers, APIs etc) Digital money 89

90 Digital Signature in epassport epassport an embedded RFID chip that contains information about the owner Digitally signed --- good! Data may be encrypted with a key derived from user info --- not secure at all! Ref: ICAO Doc 9303, Machine Readable Travel Documents RFID chip and antenna is embedded in the cover e-passport symbol 90

91 Symmetric Key Encryption (summary) One Key. Pre-distribution of the key is needed. Fast. Not scalable (you need a key for each sender/receiver). Not suitable for broadcasting messages. 91

92 Asymmetric Key Encryption (summary) Two Keys (public and private). Pre-distribution of the key is NOT needed. Slow. Private key can not be derived from public key. Scalable (you need one pair of keys for each user). Suitable for broadcasting messages. 92

93 Using Both Symmetric and Asymmetric Crypto Symmetric keys are used to encrypt sessions between users (fast). Asymmetric keys are used to distribute the symmetric keys (more secure). 93

94 Notable Public Key Encryption and Digital Signature Public Key Encryption Based on Integer Factorization RSA Based on Discrete Logarithm ElGamal Diffie-Hellman Based on Elliptic Curves Elliptic curve Diffie-Hellman Based on Lattices NTRU Digital Signature Based on Integer Factorization RSA signature Based on Discrete Logarithm Schnorr DSS Based on Elliptic Curves EC-DSS Based on Lattices NTRU signature 94

95 Signcryption (signature+encryption) Simultaneously provides the functions of digital signature unforgeability & non-repudiation public key encryption confidentiality with a significantly smaller computational & communication overhead Cost (signcryption) Ref: << Cost (signature) + Cost (encryption) ISO/IEC 29150:2011, Information technology -- Security techniques Signcryption, International Organization for Standardization, 12/

96 RSA Algorithm

97 Public key Cryptography Developed to address two issues: key distribution how to have secure communications in general without having to trust a KDC with your own key. digital signatures to verify a message coming intact from the intended sender. Uses two keys, private and public key. 97

98 RSA Invented by Rivest, Shamir and Adleman in 1977 It is based on exponentiation over integers modulo a prime It uses large integers (to make it hard to break) Its security due to cost of factoring large numbers 98

99 Prime Numbers Prime numbers have only two divisors, 1 and it self. It can t be written as multiplication of other numbers. Eg. 2,3,5,7 are prime numbers; 4,6,8,9,10 are not. List of prime numbers less than 100 is:

100 Prime Factorization Given a number n, factoring n is to write it as multiple of other numbers; n = x * y * z. Prime factorization is to write a number n as a product of prime numbers. Eg. 91 = 7 *

101 Fermat s Little Theorem a p-1 mod p = 1, where p is prime and gcd(a,p)=1 In other words, if p is a prime number, and a is any integer, then a p -a is an integer multiple of p Eg. a=2, p=7, 2 7 =128, 128-2=126, 126=7*18, 126 is multiple of

102 Relatively Prime Numbers (Coprimes) Two numbers (a and b) are relatively prime if they have no common divisors other than 1 eg. 8 & 9 are relatively prime since factors of 8 are 1,2,4,8 and factors of 9 are 1,3,9 and 1 is the only common factor In other words, relatively prime numbers have a greatest common divisor (GCD) of

103 Euler Totient Function ø(n) Is an arithmetic function that calculates the number of relatively prime numbers (<= n) to a given number n. Examples: ø(1) = 0. ø(10) = 4 // {1,3,7,9} ø(p) = p-1, if p is prime. ø(p e ) = p e - p e-1, if p is prime. ø(m*n) = ø(m) * ø(n), if m and n are coprimes 103

104 RSA Key Generation 1. choose two distinct prime numbers, p and q 2. compute n = p*q. 3. find ø(n) = ø(p) * ø(q) = (p-1)*(q-1). 4. Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1 e is the public key 5. calculate d as d*e 1 (mod φ(n)) d is the private key 104

105 RSA Example 1. Select primes: p=17 & q=11 2. Compute n = pq =17 11= Compute ø(n)=(p 1)(q-1)=16 10= Select e : gcd(e,160)=1; choose e=7 5. Determine d: d*e=1 mod 160 and d < 160 Value is d=23 since 23 7=161= Publish public key{7,187} 7. Keep secret private key{23,17,11} 105

106 RSA Example cont sample RSA encryption/decryption is: given message M = 88 encryption: C = 88 7 mod 187 = 11 decryption: M = mod 187 =