1 / 30

Information Security and Management 9. Public-key Cryptography and RSA

Information Security and Management 9. Public-key Cryptography and RSA. Chih-Hung Wang Fall 2012. Public Key Cryptography. Problems of symmetric key Key Distribution Need a secure channel. ?. Key. Secure Channel. Public Key Cryptography. KDC (Key Distribution Center).

mheidi
Download Presentation

Information Security and Management 9. Public-key Cryptography and RSA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security and Management 9. Public-key Cryptography and RSA Chih-Hung Wang Fall 2012

  2. Public Key Cryptography • Problems of symmetric key • Key Distribution • Need a secure channel ? Key Secure Channel

  3. Public Key Cryptography • KDC (Key Distribution Center)

  4. Public Key Cryptography • Key Storage • n users in the system. Each one needs n-1 keys. There are n(n-1)/2 keys in the system. • 1000 users in the system. Each one needs 999 keys. There are 499500 keys in the system.

  5. Public Key Cryptosystem

  6. Public Key Cryptosystem

  7. Public Key Cryptosystem • Encryption

  8. Public Key Cryptosystem • Authentication

  9. PKC vs. SKC

  10. PKC for Secrecy

  11. PKC for Secrecy • Secrecy • Ciphertext Y = EKUb(X) • Receiver B can recover the plaintext usinghis private key KRb: DKRb(Y)= DKRb(EKUb(X)) = X

  12. Application for Public-key Cryptosystem

  13. Requirements for PKC (1) • It is computationally easy for a party B to generate a public-key (KUb) and private-key (KRb) pair. • Encryption: C=EKUb(M) • Decryption: M=DKRb(C)=DKRb(EKUb(M)) • It is computationally infeasible for an opponent, knowing the public key KUb to determine the private key KRb. • It is computationally infeasible for an opponent, knowing the public key KUb and a cipher C to recover the original message M. • M= EKUb(DKRb(M))= DKUb(EKRb(M))

  14. Requirements for PKC (2) • One-way function • Y=f(X) easy • X=f-1(Y) infeasible • Trapdoor (one-way) function • Y=fk(X) easy if k and X are known • X=fk-1(Y) easy if k and Y are known • X=fk-1(Y) infeasible if Y is known but k is not known

  15. RSA Cryptosystem • 1977 by Ron Rivest, Adi Shamir, and Len Adleman (MIT) • The first “secure” & “practical” public key cryptosystem • A block cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n

  16. The RSA Algorithm (1/2)

  17. The RSA Algorithm (2/2)

  18. RSA Example

  19. RSA Example N=119 = p*q =7*17 e=5; e*d =1 mod 6*16 d=77

  20. Security of RSA • Three possible approaches to attacking the RSA algorithm • Brute force • Trying all possible private keys • Mathematical attacks • Timing attacks

  21. Factoring Problem • Factor n into its two prime factos. This enable calculation of ψ(n) = (p-1)(q-1), which enables determination of d = e –1 mod ψ(n) . • Determine ψ(n) directly, without first determining p and q. • Determine d directly, without first determining ψ(n)

  22. Factoring Problem • For a large n with large prime factors, factoring is a hard problem, but not as hard as it used to be. • Example: factorize 48770428682337401 => hard problem • Easy problem: Is 223092871 a factor of 48770428682337401? • 1977: three inventors of RSA issue “Mathematical Games” • $100 reward • 1994: RSA-129 (428 bits) breaking

  23. Progress of Factorization (1)

  24. Progress of Factorization (2)

  25. Progress of Factorization (3)

  26. Constraints of RSA • Key Requirement • Key size in the range of 1024 to 2018 bits • p and q should differ in length by only a few digits. Thus, both p and q should be on the order of 1075 to 10100. • Both (p-1) and (q-1) should contain a large prime factor • gcd(p-1,q-1) should be small

  27. Timing Attacks • Proceeds bit by bit • Modular exponentiation method • bi=1; slow for a few values of d and a bi=0 fast c=0; d=1 for i=k to 0 do c=2*c d=(d*d) mod n if bi=1 then c=c+1 d=(d*a) mod n return d a13 = a(1101)=(((12a)2 a)2)2  a

  28. Timing Attacks • Countermeasures • Constant exponentiation time • Degrade performance • Random delay • Blinding • Multiply the ciphertext by a random number before performing exponentiation.

  29. Blinding • Generate a secret random r between 0 and n-1 • Compute C’=C(re) mod n • Compute M’=(C’)d mod n • Compute M=M’r-1 mod n where r-1 is the multiplicative inverse of r mod n. • RSA Data Security reports a 2 to 10% performance penalty for blinding.

  30. Exercise • Other constraints of RSA? • Strong Prime • Selecting e • Common modulus protocol

More Related