Public-key Encryption

1. Public-key Encryption plaintext plaintext ciphertext encryption algorithm decryption algorithm Problems with symmetric (private-key) encryption 1) secure distribution of keys 2) large number of keys Solution to both problems: Public-key (asymmetric) encryption keypub keypriv

2. lena ole Data transmission via public-key encryption Every user maintains a unique pair of keys: one private and one public. Public keys are available for anyone to use. For Lena to send a message to Ole, she first encrypts using Ole’s public key. This ensures that only Ole will be able to read the message. Note that this preserves data _____________, but does not ensure ___________.

3. pub priv Public-key Encryption - the Concept Proposed in 1976 by Witfield Diffie & Martin Hellman Necessary Properties Computationally easy to generate a pair of keys -- (Kpub, Kpriv) Computationally easy to encrypt -- E(plaintext, Kpub)  ciphertext Computationally easy to decrypt -- D(ciphertext, Kpriv)  plaintext Computationally infeasible to determine Kpriv, even knowing E, D, and Kpub Computationally infeasible to decrypt without Kpriv, even knowing E, D, and Kpub An Additional Useful Property Keys can be used in the opposite order for encryption/decryption -- D( E(plaintext, Kpriv), Kpub)  plaintext

4. RSA Algorithm Rivest-Shamir-Adelman (1978) is the best known of current public-key encryption methods. • Begin with two large primes (p and q). • n = p*q (Note that n should be more than 200 digits - roughly 512 bits.) • Select e relatively prime to (p-1)*(q-1). • Select d so that (e*d) mod ((p-1)*(q-1)) = 1. • public key:(e, n)private key:(d, n) Encryption Algorithm (apply to each part of the transmission) E(message, e, n) = (messagee) mod n Decryption Algorithm (apply to each part of the transmission) D(message, d, n) = (messaged) mod n Side note: (p-1)*(q-1) comes from Euler’s definition of totient (n) = number of positive integers less than n that are relatively prime to n. more theory: www. di-mgt.com.au/rsa_theory.pdf

5. Example (note that numbers are artificially small.) A B C D E F G H I J K L M N O P Q R S T U V W X Y Z  0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 23 25 26 to encipher I to encipher H I 8 H 7 7e mod n = 73 mod 34 = 3 8e mod n = 83 mod 34 = 2 to decipher 3 to decipher 2 3d mod n = 311 mod 34 = 7 2d mod n = 211 mod 34 = 8 7 H 8 I p = 2 q = 17 Therefore, n = p*q = 34 Select e = 3 Note that (p-1)*(q-1) = 16. (3 and 16 are relatively prime.) d = 11 because e*d = 3*11 = 33 and 33 mod 16 = 1 Treat alphabet as integers from zero, and include blank: HI MOM SEND 3 2 32 28 24 28 32 18 30 21 27 3 2 32 28 24 28 32 18 30 21 27 7 8 26 12 14 12 26 18 4 13 3

6. Effort Key Size dec. digits bits Year MIPS-yrs Attack/factoring Method RSA Cryptanalysis Issues 1) The values of p, q, and (n)arenot divulged. 2) Cryptanalysis of RSA accomplished by finding the prime factors of a large number. 3) Factoring is not known to be an NP problem, but the best known algorithms are exponential. 4) To date no serious security flaws have been discovered. Finding p and q • Verifying that p and q are prime requires testing potential factors. • A practical alternative (Solovay & Strassen algorithm) tests a number to any desired probability of being prime. Crack History

7. 1020 1016 MIPS-years required for factoring General number field sieve 1012 Special number field sieve 108 104 Key Size (in bits) 512 1024 1536 2048 • Another factoring method (Special Number Field Sieve) is faster. • Key sizes of at least 2048 appear to be safe for the near future.

8. Cryptanalysis Can be Tricky Generally, the strength of a public-key algorithm depends upon key size. Suppose Lena sends a very short message - say one byte E( LenasByte, KOlePub )  encipheredByte Suppose the man in the middle (Hagar) intercepts encipheredByte How can Hagar discover LenasByte ? Note: This particular vulnerability is unique to public-key cryptosystems. Solution:

9. More About Public-key Encryption Efficient? • RSA can be as much as 10,00 times slower than symmetric algorithms (Multiplication used in place of bit manipulation and table lookup/indexing). • to improve computation: (a * b) mod n = [(a mod n) * (b mod n)] mod n Other Public-key Cryptosystems Elliptic Curve Cryptography (ECC) • several different ciphers • based upon cubic equations of the form: y2 +axy + by = x3 + cx2 + dx + e • appears to have computational speed advantages over RSA • “test of time”? Diffie-Hellman Key Exchange • not a full system, but a key-exchange technique built on public key concept Digital Signature Standard (DSS) • not a full system, but a technique for implementing digital signatures built on public key concept

10. lena ole Public-key Authenticity The additional property of RSA & elliptic curve ciphers: D(E(plaintext, kpub), kpriv) = plaintext D(E(plaintext, kpriv), kpub) = plaintext Confidential transmission 1) Lena encrypts the message using Ole’s public key. 2) The message from (1) is transmitted. 3) Ole decrypts message using his private key. Confidential & Authenticated transmission 1) Lena encrypts the message (or part of it) using her private key. 2) Lena uses Ole’s public key to encrypt the result of (1). 3) The message from (2) is transmitted. 4) Ole decrypts the message with his private key. 5) Ole decrypts the result of (4) (or appropriate part) with Lena’s public key.