Introduction to Cryptography and Security Mechanisms Abdul Hameed http://informationtechnology.pk
Before we start
3 Quiz 1 From a security perspective, rather than an efficiency perspective, which of the following statements about the block size of a block cipher is most accurate? A B C D The bigger the block size the better The block size should neither be too small nor too large The block size should neither be too small nor too large, and should be a multiple of 8 The block size is not important
4 Quiz 2 The main reason for using different modes of operation of a block cipher is to: A B C D Increase the strength of the block cipher Increase the efficiency of the block cipher Protect against error propagation Change the properties of the block cipher
5 Learning Outcomes Explain the basic principles behind public key cryptography Recognise the fundamental problems that need to be solved before public key cryptography can be used effectively Explain the concept of a one-way function Describe the RSA encryption system Calculate very simple numerical examples of RSA Basic properties of RSA
6 Sections 1. Public key cryptography 2. RSA
1. Public key cryptography
Symmetric assumptions 8 Consider the relationship between two entities who are communicating using a symmetric cipher. What assumptions are being made about the relationship between them?
9 The briefcase example 1 2 Alice Bob 3 4 5
10 The briefcase example Properties: 1. There is only one key for each padlock 2. The padlocks are so strong that they cannot be removed by force Problems: 3. You have no way of being sure that it is the correct person who finally gets your message 4. The briefcase has to be sent back and forward three times, which seems pretty inefficient.
Desirable properties 11 Use the properties and problems for the briefcase example to come up with a specification of four properties that are desirable for any cipher system that is to be used between two entities who do not already share a symmetric key.
12 Public key blueprint The keys used to encrypt and decrypt are different. Anyone who wants to be a receiver needs to publish an encryption key, which is known as the public key. Anyone who wants to be a receiver needs a unique decryption key, which is known as the private key. It should not be possible to deduce the plaintext from knowledge of the ciphertext and the public key. Some guarantee needs to be offered of the authenticity of a public key.
Important question 13 Do public key cipher systems solve all the problems of symmetric key cipher systems?
Design of a public key algorithm 14 In a public key system, if everyone knows everything necessary: the encryption algorithm and the encryption key to determine the ciphertext then how is it possible that they cannot then work out what the plaintext (decryption key) is from this information?
15 One way functions A one-way function is a function that is easy to compute and difficult to reverse. How might we express this notion of a one way function informally in complexity theoretic terms?
16 OWF: Multiplying two primes It is easy to take two prime numbers and multiply them together. If they are fairly small we can do this in our heads, on a piece of paper, or on a calculator. As they get bigger and bigger it is fairly easy to write a computer program to compute the product. Multiplication runs in polynomial time. Multiplication of two primes is easy.
17 OWF: Multiplying two primes 15 143 6887 31897 To factor: Comments 600 digit number 600 digit even number
18 OWF: Multiplying two primes Multiplication of two prime numbers is believed to be a one-way function. We say believed because nobody has been able to prove that it is hard to factorise. Maybe one day someone will find a way of factorising efficiently. What will happen if someone does find an efficient way of factorising?
19 OWF: Modular exponentiation The process of exponentiation just means raising numbers to a power. Raising a to the power b, normally denoted a b just means multiplying a by itself b times. In other words: a b = a x a x a x x a Modular exponentiation means computing a b modulo some other number n. We tend to write this as a b mod n. Modular exponentiation is easy.
20 OWF: Modular exponentiation However, given a, b, and a b mod n (when n is prime), calculating b is regarded by mathematicians as a hard problem. This difficult problem is often referred to as the discrete logarithm problem. In other words, given a number a and a prime number n, the function f(b) = a b mod n is believed to be a one-way function.
21 OWF: Modular square roots What is the square root of 1369? Propose a technique for finding the square root of 1369 that will generalise to any integer.
22 OWF: Modular square roots What is the square root of 56 module 101? Let s try 40 Let s try 30
23 Suitable OWFs We have seen that the encryption process of a public key cipher system requires a one way function. Is every one way function suitable for implementation as the encryption process of a public key cipher system?
2. RSA
25 RSA The RSA public key encryption algorithm was the first practical implementation of public key encryption discovered. It remains the most used public key encryption algorithm today. It is named after the three researchers Ron Rivest, Adi Shamir and Len Adleman who first published it. Make sure you are familiar with the concepts of modular arithmetic, prime numbers, the Euclidean Algorithm.
26 Setting up RSA Let n be the product of two large primes p and q By large we typically mean at least 512 bits. Select a special number e greater than 1 and less than (p-1)(q-1). The precise mathematical property that e must have is that there must be no numbers that divide neatly into e and into (p-1)(q-1), except for 1. Publish the pair of numbers (n,e) Compute the private key d from p, q and e
27 Computing the private key The private key d is computed to be the unique inverse of e modulo (p-1)(q-1). In other words, d is the unique number less than (p-1)(q-1) that when multiplied by e gives you 1 modulo (p-1)(q-1). Written mathematically: ed = 1 mod (p-1)(q-1) The Euclidean Algorithm is the process that you need to follow in order to compute d.
28 Computing the private key 1. Who is capable of running the Euclidean Algorithm to find the private key? 2. How efficient is this process?
29 Choosing e Let s consider p=3 and q=7. What choices of e are acceptable? In this case (p-1)(q-1) = 2 x 6 = 12. Any suitable choice of e must have the property that there are no numbers that neatly divide into e and 12 except for 1. Let s just try them all out: e=2: this is no good, since 2 divides both e and 12. In fact this will be true for all multiples of 2 as well, so e=4, e=6, e=8 and e=10 are also not possible. e=3: this is no good, since 3 divides both e and 12. In fact this will be true for all multiples of 3 as well, so e=6 and e=9 are also not possible. The remaining choices are e=5, e=7 and e=11. Since in each case there is no number that divides into them and 12 other than 1, all these choices of e are possible.
30 Setting up RSA: example Step 1: Let p = 47 and q = 59. Thus n = 47 x 59 = 2773 Step 2: Select e = 17 Step 3: Publish (n,e) = (2773, 17) Step 4: (p-1) x (q-1) = 46 x 58 = 2668 Use the Euclidean Algorithm to compute the modular inverse of 17 modulo 2668. The result is d = 157 << Check: 17 x 157 = 2669 = 1(mod 2668) >> Public key is (2773,17) Private key is 157
31 Encryption and decryption The first job is to represent the plaintext as a series of numbers modulo n. The encryption process to obtain the ciphertext C from plaintext M is very simple: C = M e mod n The decryption process is also simple: M = C d mod n
32 Encryption and decryption: example Public key is (2773,17) Private key is 157 Plaintext block represented as a number: M = 31 Encryption using Public Key: C = 31 17 (mod 2773) = 587 Decryption using Private Key: M = 587 157 (mod 2773) = 31
33 Security of RSA We will look at two different strategies for trying to break RSA: 1. Trying to decrypt a ciphertext without knowledge of the private key 2. Trying to determine the private key
34 Decrypting cipher text without the key The encryption process in RSA involves computing the function C = M e mod n, which is regarded as being easy. An attacker who observes this ciphertext, and has knowledge of e and n, needs to try to work out what M is. Computing M from C, e and n is regarded as a hard problem. Have we seen this one way function before?
35 Determining the private key Assuming that you know the public key of a user, what would you need to do in order to obtain the corresponding private key?
36 RSA security summary There are two one-way functions involved in the security of RSA. One-way function Description Encryption function The encryption function is a trapdoor one-way function, whose trapdoor is the private key. The difficulty of reversing this function without the trapdoor knowledge is believed (but not known) to be as difficult as factoring. Multiplication of two primes The difficulty of determining an RSA private key from an RSA public key is known to be equivalent to factoring n. An attacker thus cannot use knowledge of an RSA public key to determine an RSA private key unless they can factor n. Because multiplication of two primes is believed to be a one-way function, determining an RSA private key from an RSA public key is believed to be very difficult.
37 Length of an RSA modulus It is hard to compare the equivalent security parameters for symmetric key cipher systems and RSA, however it is roughly believed that factorising a 512 bit number is about as hard as searching for a 56 bit symmetric key. What length of RSA modulus do you think is roughly equivalent to: 1. An 80 bit symmetric key? 2. A 112 bit symmetric key? 3. A 128 bit symmetric key?
38 Public key systems in practice Public key cipher systems led to mini revolution in cryptography in the mid 1970 s, with a further boom in interest since the development of the Internet in the 1990 s. Public key cipher systems are only likely to grow in importance in the coming years. One of the major applications of public key cipher systems is for digital signatures Considering the big problem of authenticating public keys. A second major application of public key cipher systems is to distribute and transfer symmetric keys around a network, thus presenting public key cipher systems as a useful enabler for faster symmetric cipher systems.