Public Key Algorithms CS 4803 Fall 04

advertisement
Public Key Algorithms
CS 4803 Fall 04
Modular Arithmetic
Public key algorithms are based on modular
arithmetic.
 Modular addition.
 Modular multiplication.
 Modular exponentiation.

Modular Addition

Addition modulo (mod) K
 Poor
cipher with (dk+dm) mod K, e.g., if K=10
and dk is the key.
Additive inverse: addition mod K yields 0.
 “Decrypt” by adding inverse.

Modular Multiplication
Multiplication modulo K
 Multiplicative inverse: multiplication mod
K yields 1
 Only some numbers have inverse
 Use Euclid’s algorithm to find inverse

 Given

x, n, it finds y such that xy mod n = 1
Only the numbers relatively prime to n will
have mod n multiplicative inverse
Totient Function
x, m relative prime: no other common factor
than 1
 Totient function ø(n): number of integers
less than n relatively prime to n

 if
n is prime, ø(n)=n-1
 if n=pq, and p, q are primes, ø(n)=(p-1)(q-1)
Modular Exponentiation
 xy
mod n = xy mod ø(n) mod n
 if y = 1 mod ø(n) then xy mod n = x mod n
RSA (Rivest, Shamir, Adleman)



The most popular one.
Support both public key encryption and digital
signature.
Assumption/theoretical basis:
 Factoring


a big number is hard.
Variable key length (usually 512 bits).
Variable plaintext block size.
 Plaintext
must be “smaller” than the key.
 Ciphertext block size is the same as the key length.
What Is RSA?

To generate key pair:
 Pick
large primes (>= 256 bits each) p and q
 Let n = p*q, keep your p and q to yourself!
 For public key, choose e that is relatively prime
to ø(n) =(p-1)(q-1), let pub = <e,n>
 For private key, find d that is the multiplicative
inverse of e mod ø(n), i.e., e*d = 1 mod ø(n),
let priv = <d,n>
How Does RSA Work?

Given pub = <e, n> and priv = <d, n>
c = me mod n, m < n
 decryption: m = cd mod n
 signature: s = md mod n, m < n
 verification: m = se mod n
 encryption:
Why Does RSA Work?

Given pub = <e, n> and priv = <d, n>
n
=p*q, ø(n) =(p-1)(q-1)
 e*d = 1 mod ø(n)
 xed = x mod n
 encryption: c = me mod n
 decryption: m = cd mod n = med mod n = m
mod n = m (since m < n)
 digital signature (similar)
Why Is RSA Secure?
Factoring 512-bit number is very hard!
 But if you can factor big number n then
given public key <e,n>, you can find d,
hence the private key by:

 Knowing
factors p, q, such that, n = p*q
 Then ø(n) =(p-1)(q-1)
 Then d such that e*d = 1 mod ø(n)
Diffie-Hellman Key Exchange
Shared key, public communication
 No authentication of partners
 What’s involved?

p
is a prime (about 512 bits), and g < p
 p and g are publicly known
Diffie-Hellman-Merkle Key Exchange
Procedure
Alice
Bob
pick secret Sa randomly pick secret Sb randomly
compute TA=gSa mod p
compute TB=gSb mod p
send TA to Bob
send TB to Alice
compute TBSa mod p
compute TASb mod p
Alice and Bob reached the same secret gSaSb mod p,
which is then used as the shared key.

DH Security - Discrete
Logarithm Is Hard
T = gs mod p
 Conjecture: given T, g, p, it is extremely
hard to compute the value of s (discrete
logarithm)

Diffie-Hellman Scheme

Security factors
 Discrete
logarithm very difficult.
 Shared key (the secret) itself never transmitted.

Disadvantages:
 Expensive
 DoS
 The
exponential operation
possible.
scheme itself cannot be used to encrypt
anything – it is for secret key establishment.
 No authentication, so you can not sign anything
…
Bucket Brigade Attack...Man In
The Middle
Alice
gSa=123
123 -->
Trudy
Bob
gSx =654
gSb =255
654 -->
<--654
<--255
654Sa=123Sx 255Sx=654Sb
 Trudy plays Bob to Alice and Alice to Bob
Diffie-Hellman in Phone Book
Mode
DH was subject to active man-in-the-middle
attack because their public key-component was
intercepted and substituted
 Phone book mode allows everyone to generate
the public key-component in advance and
publish them through other reliable means, e.g.
<TB> for Bob
 All communicating parties agree on their
common <g, p>

Encryption With Diffie-Hellman

Everyone computes and publishes <p, g, T>
 T=gS

mod p
Alice communicates with Bob:
 Alice
 Picks
a random secret Sa
 Computes gbSa mod pb
 Use Kab = TbSa mod pb to encrypt message
 Send encrypted message along with gbSa mod pb
 Bob
 (gbSa)Sb
mod pb = (gbSb)Sa mod pb = TbSa mod pb = Kab
 Use Kab to decrypt
Download