Public key cryptography ACCESS 2012
advertisement
Public key cryptography
ACCESS 2012
based on Tom Davis’ and Nick Korevaar’s notes.
Before exchanging encrypted messages Alice and Bob do some preliminary work.
A
Alice B
Bob • Picks two large primes: pA and qA .
(sssh it’s a secret!)
• Computes modulus NA = pA qA .
• Picks encryption power eA such that
• Picks two large primes: pB and qB .
(sssh it’s a secret!)
• Computes modulus NB = pB qB .
• Picks encryption power eB such that
gcd(eA , (pA − 1)(qA − 1)) = 1.
Public key:
NA
gcd(eB , (pB − 1)(qB − 1)) = 1.
eA
Public key:
NB
eB
Scenario 1. Bob wants to send a secret MESSAGE to Alice.
A
Alice B
Bob B transcribes MESSAGE into an integer x
1. (or several if MESSAGE is too long)
B encrypts message using Alice’s public
2. e
key: NA A
y = EA (x) = xeA
mod NA
A knows her number theory and pA and
3. qA so she can find her decryption power dA by
solving the multiplicative inverse equation
eA dA ≡ 1
mod (pA − 1)(qA − 1)
A decrypts the message
4. x ≡ DA y
≡ y dA
mod NA .
The decryption function works because of Fermat’s little theorem, indeed:
DA (EA (x)) ≡ DA (xeA ) ≡ (xeA )dA ≡ xeA dA ≡ x1+k(pA −1)(qA −1) ≡ x mod NA .
Problem: Evil can send an message to Alice pretending to be Bob!
1
Scenario 2. Bob wants to send a secret MESSAGE to Alice with secure signature.
A
Alice B
Bob • Picks two large primes: pA and qA .
(sssh it’s a secret!)
• Computes modulus NA = pA qA .
• Picks encryption power eA such that
• Picks two large primes: pB and qB .
(sssh it’s a secret!)
• Computes modulus NB = pB qB .
• Picks encryption power eB such that
gcd(eA , (pA − 1)(qA − 1)) = 1.
gcd(eB , (pB − 1)(qB − 1)) = 1.
e
Public key: NA A
Private key: dA
e
Public key: NB B
Private key: dB
(with xeA dA ≡ x mod NA ).
Signature: sA ≡ integer(s) < NA
transcribing to e.g. “signed by Alice”.
(with xeB dB ≡ x mod NB ).
Signature: sB ≡ integer(s) < NB
transcribing to e.g. “signed by Bob”.
A
Alice B
Bob B decrypts his signature sB with ’s
B
1. private key
DB (sB ).
B appends message x to DB (sB ) creating
2. x#DB (sB ) (breaks this into blocks < NA ) and
A
encrypts using ’s
public key:
y = EA (x#DB (sB ))
EVIL doesn’t know DB so EVIL
• can’t get to x#DB (sB )
• can’t read message x
A which look
• can’t forge messages to B
like they came from .
A decodes message y:
3. DA ( y ) = DA (EA (x#DB (sB )))
= |{z}
x # DB (sB )
| {z }
message
gibberish
A uses ’s
B
4. public key to compute:
EB (DB (sB )) = sB .
B could make DB (sB )!!
and only 2
