Public Key Algorithms CS 4803 Fall 04 Modular Arithmetic Public key algorithms are based on modular arithmetic. Modular addition. Modular multiplication. Modular exponentiation. Modular Addition Addition modulo (mod) K Poor cipher with (dk+dm) mod K, e.g., if K=10 and dk is the key. Additive inverse: addition mod K yields 0. “Decrypt” by adding inverse. Modular Multiplication Multiplication modulo K Multiplicative inverse: multiplication mod K yields 1 Only some numbers have inverse Use Euclid’s algorithm to find inverse Given x, n, it finds y such that xy mod n = 1 Only the numbers relatively prime to n will have mod n multiplicative inverse Totient Function x, m relative prime: no other common factor than 1 Totient function ø(n): number of integers less than n relatively prime to n if n is prime, ø(n)=n-1 if n=pq, and p, q are primes, ø(n)=(p-1)(q-1) Modular Exponentiation xy mod n = xy mod ø(n) mod n if y = 1 mod ø(n) then xy mod n = x mod n RSA (Rivest, Shamir, Adleman) The most popular one. Support both public key encryption and digital signature. Assumption/theoretical basis: Factoring a big number is hard. Variable key length (usually 512 bits). Variable plaintext block size. Plaintext must be “smaller” than the key. Ciphertext block size is the same as the key length. What Is RSA? To generate key pair: Pick large primes (>= 256 bits each) p and q Let n = p*q, keep your p and q to yourself! For public key, choose e that is relatively prime to ø(n) =(p-1)(q-1), let pub = <e,n> For private key, find d that is the multiplicative inverse of e mod ø(n), i.e., e*d = 1 mod ø(n), let priv = <d,n> How Does RSA Work? Given pub = <e, n> and priv = <d, n> c = me mod n, m < n decryption: m = cd mod n signature: s = md mod n, m < n verification: m = se mod n encryption: Why Does RSA Work? Given pub = <e, n> and priv = <d, n> n =p*q, ø(n) =(p-1)(q-1) e*d = 1 mod ø(n) xed = x mod n encryption: c = me mod n decryption: m = cd mod n = med mod n = m mod n = m (since m < n) digital signature (similar) Why Is RSA Secure? Factoring 512-bit number is very hard! But if you can factor big number n then given public key <e,n>, you can find d, hence the private key by: Knowing factors p, q, such that, n = p*q Then ø(n) =(p-1)(q-1) Then d such that e*d = 1 mod ø(n) Diffie-Hellman Key Exchange Shared key, public communication No authentication of partners What’s involved? p is a prime (about 512 bits), and g < p p and g are publicly known Diffie-Hellman-Merkle Key Exchange Procedure Alice Bob pick secret Sa randomly pick secret Sb randomly compute TA=gSa mod p compute TB=gSb mod p send TA to Bob send TB to Alice compute TBSa mod p compute TASb mod p Alice and Bob reached the same secret gSaSb mod p, which is then used as the shared key. DH Security - Discrete Logarithm Is Hard T = gs mod p Conjecture: given T, g, p, it is extremely hard to compute the value of s (discrete logarithm) Diffie-Hellman Scheme Security factors Discrete logarithm very difficult. Shared key (the secret) itself never transmitted. Disadvantages: Expensive DoS The exponential operation possible. scheme itself cannot be used to encrypt anything – it is for secret key establishment. No authentication, so you can not sign anything … Bucket Brigade Attack...Man In The Middle Alice gSa=123 123 --> Trudy Bob gSx =654 gSb =255 654 --> <--654 <--255 654Sa=123Sx 255Sx=654Sb Trudy plays Bob to Alice and Alice to Bob Diffie-Hellman in Phone Book Mode DH was subject to active man-in-the-middle attack because their public key-component was intercepted and substituted Phone book mode allows everyone to generate the public key-component in advance and publish them through other reliable means, e.g. <TB> for Bob All communicating parties agree on their common <g, p> Encryption With Diffie-Hellman Everyone computes and publishes <p, g, T> T=gS mod p Alice communicates with Bob: Alice Picks a random secret Sa Computes gbSa mod pb Use Kab = TbSa mod pb to encrypt message Send encrypted message along with gbSa mod pb Bob (gbSa)Sb mod pb = (gbSb)Sa mod pb = TbSa mod pb = Kab Use Kab to decrypt