Public Key The major difficulty in designing a workable public key cryptosystem is in figuring out how to create a system in which we can reveal a transform PA() without thereby revealing how to compute the corresponding inverse transformation SA(). PA(): public, SA(): secret, and M = SA(PA(M)) Factoring and Cryptograph RSA public key system 1. p, q: two large prime numbers, chosen by the receiver, and told to nobody else (not even the sender!). 2. n: the product pq is n, and placed in the public domain. 3. E: a random integer, placed in the public domain by the receiver, who has first made sure that E is relatively prime to (p-1)(q-1). 4. P: a message that the sender would like to send, though of as a string of bits whose value lies in the range [0,n-1]. 5. D: the decryption key that satisfies DE 1 (mod (p-1)(q-1)). 1 A. Send a message C, where C PE (mod n). B. decode the message CD PDE (mod n) P(1 + t(p-1)(q-1)) (mod n) P P t(p-1)(q-1) (mod n) (mod n) P Euler Theorem. P (p-1)(q-1) 1 (mod n) Theoretical and Algorithmic Events 1. By randomly selecting and multiplying together two 100-digit primes, one can create a public key that cannot be “broken” in any feasible amount of time with current technology. 2. “The factoring large integer is easy, then breaking the RSA cryptosystem is easy.” The converse statement is unproved. 3. The number of primes less than n is approximated by (n) ~ n/ln n. 4. [Factoring large integers] We don’t even know a probabilistic algorithm that return a factor of a large composite integer, with probability > 1/2, in polynomial time. 2 5. A probabilistic factoring algorithm that finds factors in an average time that is only exp{( 2 o(1)(lg lg lg n) 0.5 }. moderately exponential, Hybrid or Key-management 1. Select a random key K for the fast non-public-key cryptosystem, and encrypts M using K, obtaining ciphertext C. 2. Encrypts K using RSA public key. (Note: K is short, thus, compute PB(K) is easy.) 3. Transmits (C, PB(K)) to the receiver, who decrypts PB(K) to obtain K, and uses K to decrypt C, obtain M. Digital signature: PA( SA (M)) 3 The Story [1976] DES (data encryption standard): permutation and shuffling Key distribution [1975] Idea of the public key: Diffie, Hellman, and Merkel, Stanford. Protected by a computational intractable problem MIT vs. Stanford: Factoring problem vs. Knapsack problem (special case, failed) [1977] RSA public key algorithm: Rivest, Shmir and Adleman [1977] A challenge of factoring a129 digitals number, solved by 600 people with many computers in 1994. [1973] Another public key solution by Ellis and Cox at GCHQ. [1976] DH(Diffie-Hellman) public key algorithm, Diffie, Hellman, and ElGamal; based upon the DH Problem (DHP): it is conjectured (but not proven) to be equivalent to the Discrete Logarithm Problem (DLP). "...no one can imagine a way of passing from ga and gb to gab without first being able to determine a or b; but it is conceivable that such a way might exist". The Diffie-Hellman problem in Z *n is at least as difficult as the problem of factoring n. 4 Pretty Good Privacy (PGP) [1991] Pretty good privacy (PGP) by Zimmerman and ElGamal: DH (RSA, no longer supported now)+ IDEA (Created by Xuejia Lai, a variation of DES). http://pgpi.com Freeware + Internet Against PGP by FBI, …: 1993~1996 Impact to film makers: Mercury Rising, Enemy of the State, … Key escrow Certification authorities: Verisign 1998 5