Public Key Cryptography and RSA

Similar documents
Public Key Cryptography

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Overview. Public Key Algorithms I

CSC 474/574 Information Systems Security

CS669 Network Security

Chapter 3 Public Key Cryptography

Public Key Encryption. Modified by: Dr. Ramzi Saifan

Lecture 6: Overview of Public-Key Cryptography and RSA

Chapter 9 Public Key Cryptography. WANG YANG

Cryptography and Network Security. Sixth Edition by William Stallings

Public Key Algorithms

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Public Key Cryptography and the RSA Cryptosystem

Public Key Algorithms

Chapter 9. Public Key Cryptography, RSA And Key Management

Public-key encipherment concept

Side-Channel Attacks on RSA with CRT. Weakness of RSA Alexander Kozak Jared Vanderbeck

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest

Number Theory and RSA Public-Key Encryption

RSA. Public Key CryptoSystem

Security. Communication security. System Security

Applied Cryptography and Computer Security CSE 664 Spring 2018

Cryptographic Techniques. Information Technologies for IPR Protections 2003/11/12 R107, CSIE Building

Key Management and Elliptic Curves

RSA (material drawn from Avi Kak Lecture 12, Lecture Notes on "Computer and Network Security" Used in asymmetric crypto.

Key Management and Distribution

TECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 31 October 2017

Some Stuff About Crypto

Chapter 7 Public Key Cryptography and Digital Signatures

Public Key Algorithms

Keywords Security, Cryptanalysis, RSA algorithm, Timing Attack

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Topics. Number Theory Review. Public Key Cryptography

Computer Security 3/23/18

10.1 Introduction 10.2 Asymmetric-Key Cryptography Asymmetric-Key Cryptography 10.3 RSA Cryptosystem

Understanding Cryptography by Christof Paar and Jan Pelzl. Chapter 9 Elliptic Curve Cryptography

Computer Security: Principles and Practice

Part VI. Public-key cryptography

Cryptography Intro and RSA

Lecture 2 Applied Cryptography (Part 2)

Introduction to Cryptography Lecture 7

Introduction to Cryptography and Security Mechanisms. Abdul Hameed

Channel Coding and Cryptography Part II: Introduction to Cryptography

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

A nice outline of the RSA algorithm and implementation can be found at:

Cryptographic Concepts

The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who

Cryptography and Network Security

Public Key Encryption

Public Key Cryptography

LECTURE 4: Cryptography

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

ISA 662 Internet Security Protocols. Outline. Prime Numbers (I) Beauty of Mathematics. Division (II) Division (I)

Public-Key Cryptography

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

RSA (algorithm) History

Elliptic Curve Public Key Cryptography

CPSC 467b: Cryptography and Computer Security

CS Network Security. Nasir Memon Polytechnic University Module 7 Public Key Cryptography. RSA.

LECTURE NOTES ON PUBLIC- KEY CRYPTOGRAPHY. (One-Way Functions and ElGamal System)

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

Tuesday, January 17, 17. Crypto - mini lecture 1

Secure Multiparty Computation

0x1A Great Papers in Computer Security

Davenport University ITS Lunch and Learn February 2, 2012 Sneden Center Meeting Hall Presented by: Scott Radtke

NETWORK SECURITY & CRYPTOGRAPHY

Introduction to Cryptography Lecture 7

Analysis, demands, and properties of pseudorandom number generators

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption

CS 161 Computer Security

Cryptography and Network Security

PUBLIC KEY CRYPTO. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Other Systems Using Timing Attacks. Paul C. Kocher? EXTENDED ABSTRACT (7 December 1995)

KALASALINGAM UNIVERSITY

Other Topics in Cryptography. Truong Tuan Anh

CSC/ECE 774 Advanced Network Security

The Application of Elliptic Curves Cryptography in Embedded Systems

An effective Method for Attack RSA Strategy

COMP 4109 Applied Cryptography

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

Great Theoretical Ideas in Computer Science. Lecture 27: Cryptography

Enhanced Asymmetric Public Key Cryptography based on Diffie-Hellman and RSA Algorithm

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa

Lecture 6 - Cryptography

Abhijith Chandrashekar and Dushyant Maheshwary

Lecture IV : Cryptography, Fundamentals

Kurose & Ross, Chapters (5 th ed.)

The Beta Cryptosystem

INTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET)

(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography

Security in Distributed Systems. Network Security

CPSC 467b: Cryptography and Computer Security

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Transcription:

Public Key Cryptography and RSA Major topics Principles of public key cryptosystems The RSA algorithm The Security of RSA Motivations A public key system is asymmetric, there does not have to be an exchange of private keys before communicating A public key system does not make a symmetric system obsolete; in fact it can be used to exchange private keys Key distribution remains an important issue Number theory forms the mathematical foundation of public key cryptography

Primary Needs Generate two keys A public key that can be accessed by anyone A private key that is kept secret Two primary needs Be able to send messages securely to a recipient with no knowledge of a shared secret key Be able to verify a message actually came from a particular person; this is called authentication Uses of a public key system Encryption/decryption of messages Digital signatures Key exchange for using symmetric encryption

Encryption/Decryption

Authentication

Requirements for a Public Key System 1. Party B can easily generate a pair of keys: public key KU b and private key KR b 2. Sender A can access public key KU b and can encrypt message M C = E KU b (M) 3. Receiver B can easily decrypt the message M = D KR b (C) = D KRb (E KUb (M)) 4. It is computationally infeasible for someone intercepting message C and knowing public key KU b to determine private key KR b 5. It is computationally infeasible for someone intercepting message C and knowing public key KU b to recover message M 6. The encryption and decryption functions can be applied in any order M = D KR b (E KUb (M)) = E Kub (D KRb (M)) This makes digital signatures possible

Public Key Secrecy

Public Key Authentication

Public Key Algorithms Approaches to public key cryptography We first cover RSA, perhaps the best known and most widely used approach In chapter 10 we cover elliptic curve methods which are growing in popularity In the same chapter we cover Diffie-Hellman for the exchange of secret keys DSS (Digital Signature Standard) is covered in chap.13

Conventional and Public Key Encryption

The RSA Algorithm

A Sample Calculation 1. Select two primes, p = 17 and q = 11 2. Calculate n = pq = 17 * 11 = 187 3. Calculate φ(n) = (p - 1) (q 1) = 160 4. Select e < φ(n) and relative prime to φ(n), we use e = 7 5. Determine d so the de 1 mod φ(n), in other words, d and e are multiplicative inverses

Group Work Consider the prime numbers p = 11, q = 29. What is n? What is φ(n)? Suppose we select e = 3, what is d? Suppose we want to encrypt the message M = 100 using the public key (3, 319), what is the resultant value for the cipher text C? What is the formula to decrypt C using the private key (187, 319)? It is clear we need to find an easy way to solve this exponential modularization problem

Group Work Suppose ciphertext C = 10 is sent to a user with public key e = 5 and n = 35. How could you decode this ciphertext? What is the decoding?

Fast Modular Exponentiation The algorithm for computing a b mod n b i is the i th bit of b when b is written in binary These bits are processed from the most significant bit to the least significant bit

A Sample Calculation We want to solve 7 560 mod 561 a = 7, b = 560, n = 561 In binary b is 1000110000 So the result is 7 560 mod 561= 1

Group Work We now can decode the message from our prior example (hint: the result should be 100) Find a b (mod n) when a = 254, b = 187, and n = 319 by completing the following table i 8 7 6 5 4 3 2 1 b i 1 0 1 1 1 0 1 1 c 1 d 254 Did you get 100?

How Secure is RSA? Algorithms Used to Break RSA Pollard s Rho, a probabilistic approach Sieve techniques Successful efforts Choice of values Timing Attacks and Fixes Constant exponential time Random delay Blinding

How Easy is it to Factor p*q? The problems It is easy to find two large primes p and q, so in the public key algorithm we set n = p*q The encryption can be broken if n can be factored Some techniques for finding factors Pollard Rho and Pollard p-1 General number field sieve Special number field sieve We will only look at Pollard Rho in detail We will use the Chinese Remainder Theorem

Pollard s rho heutistic neither the running time nor success is guaranteed any divisor it finds will be correct, but it may never report any results in practice, it is the one of the most effective means of factorization currently known it will print the factor p after approximately p iterations; thus it finds small factors quickly

Pollard s rho heuristic The while loop searches indefinitely for factors generating a new x i each time Lines 1-4 are for initialization The x i values saved in y are when i = 1,2,4,8,16, d is the gcd of y- x i and n; if it is nontrivial then it is printed as a factor of n If n is composite, we expect to find enough divisors to factor n after approximately n 1/4 updates

The rho diagrams - 1

The rho diagrams - 2 (a) is generated by the x i starting at 2 for n = 1387 The factor 19 (since 1387 = 19 * 73) is discovered when the x i is 177, this is before the value 1186 is repeated (b) show the recurrence for mod 19, every x i in part (a) is equivalent to the x i mod 19 (c) shows the recurrence for mod 73, again every x i in part (a) is equivalent to the x i mod 73 By the Chinese remainder theorem, each node in (a) corresponds to a pair of nodes in (b) and (c)

Group Work Keep tracing the rho diagrams and find out when the factor 73 is discovered

The Sieve Approaches Sieve techniques have become increasingly effective The generalized number field sieve (GNFS) has replaced quadratic sieve as being most effective An even faster approach, specialized number field sieve (SNFS), works for some numbers (see next slide) Computers will keep getting faster and factoring techniques improved, but keys of size 1024 through 2048 seem to be adequate for the future

Performance Comparison

Choice of p and q Ways to avoid values for n that can be more easily factored The length of p and q should differ by only a few digits Both (p 1) and (q 1) should contain a large prime factor gcd(p 1, q 1) should be small If e < n and d < n ¼ then it is easy to determine d

What is a Timing Attack? The timing of the modular exponentiation algorithm is critical If the b i is set, then the assignment d (d x a) mod n is performed, for some known values of a and d this can be very slow thus revealing a 1 bit Countermeasures attempt to hide these extreme time differences Some countermeasures Insure all exponentiations take the same time (but this does degrade performance) Add a random delay time, this noise must be large enough to confuse the attacking algorithm

Use of Blinding Multiply by a random number before performing exponentiation; this prevents bit-by-bit analysis Here is RSA s approach using blinding 1. Generate a random r between 0 and n-1 2. Compute C = C(r e ) mod n 3. Compute M = (C ) d mod n 4. Compute M = M r -1 where r -1 is the multiplicative inverse of r mod n This only introduces a 2% to 10% penalty

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback