cs 312 algorithm analysis n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
CS 312: Algorithm Analysis PowerPoint Presentation
Download Presentation
CS 312: Algorithm Analysis

Loading in 2 Seconds...

play fullscreen
1 / 24

CS 312: Algorithm Analysis - PowerPoint PPT Presentation


  • 78 Views
  • Uploaded on

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License . CS 312: Algorithm Analysis. Lecture #5: Public-Key Cryptography with RSA. Slides by: Eric Ringger, with contributions from Mike Jones, Eric Mercer, Sean Warnick. Announcements. HW #3 Due Now

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'CS 312: Algorithm Analysis' - blithe


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
cs 312 algorithm analysis

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.

CS 312: Algorithm Analysis

Lecture #5: Public-Key Cryptography with RSA

Slides by: Eric Ringger, with contributions from Mike Jones, Eric Mercer, Sean Warnick

announcements
Announcements
  • HW #3 Due Now
  • Project #1
    • Early: today (by 5pm)
    • Due: Friday (by 5pm)
  • Next topic: Divide and Conquer
    • Beginning Friday
  • Holiday: Monday!
objectives
Objectives
  • Understand the big picture for cryptography
  • Introduce Public Key Cryptography
  • Apply all of our favorite algorithms to define RSA
  • Understand why RSA is secure
punch line
Punch-Line
  • RSA
    • Named after Rivest, Shamir, Adleman
  • Gives strong guarantees of security
  • Exploits:
    • Polynomial time computability of:
      • Modular Exponentiation – modexp()
      • Greatest Common Divisor – extended-Euclid()
      • Fermat Primality Testing – primality2()
    • Intractability of:
      • Factoring
      • Modular root finding
cryptography
Cryptography
  • Alice and Bob want to communicate in private
  • Eve is an eavesdropper
  • Alice wants to send message x to Bob
  • She encrypts clear-text with
  • She sends the cypher-text to Bob
  • Bob decrypts with
  • Goal: If Eve intercepts , without she can do nothing.
cryptography1
Cryptography
  • Past: private key protocols
    • Exchange codebook
    • E.g., One-time Pad
    • E.g., AES (Advanced Encryption Standard)
  • Present: public key protocols
    • Never need to meet
    • eBob() is publicly available
    • Only Bob possesses dBob()
    • Alice can quickly run eBob()
    • Bob can quickly run dBob()
    • Without dBob(), Eve must perform operations like factoring large numbers. Have fun!
    • E.g., RSA
public key cryptography
Public Key Cryptography

Bob

Alice

Publishes his

public key

Thanks to Diffie, Hellman, and Merkle

public key cryptography1
Public Key Cryptography

Bob

Alice

Get’s Bob’spublic key

Thanks to Diffie, Hellman, and Merkle

public key cryptography2
Public Key Cryptography

Bob

Alice

Uses the key to

encrypt her message

public key cryptography3
Public Key Cryptography

Bob

Alice

Sends the encrypted

message over an open

channel

public key cryptography4
Public Key Cryptography

Bob

Alice

Uses private

knowledge to

decrypt the

message

sends the encrypted

message over an open

channel

public key cryptography5
Public Key Cryptography
  • RSA:
    • Messages from Alice and Bob are numbers modulo N
    • Messages larger than N are broken into blocks, each represented as a number modulo N
    • Encryption is a bijection on {0,1, …, N-1}
      • i.e., a permutation
    • Decryption is its inverse

Function that is

both one-to-one

and onto

number theory
Number Theory
  • Let and be any two primes
  • Let
  • The “totient” function
  • Let be a number relatively prime to
  • Then (theorem)
    • is a bijection on
  • Let = the multiplicative inverse of mod
  • Then (theorem)
    • is also a bijection on
  • Furthermore, for all ,
key generation
Key Generation

Bob needs to generate his public and private keys.

  • He picks two large -bit random primes and (how?)
    • What role should primality2() play?
    • Test random -bit numbers: to find one
  • Public key is
    • Where
    • Where is an (at most) -bit number relatively prime to
    • Often , which permits fast encoding
  • Private key is , the multiplicative inverse of modulo
    • How to compute?
    • extended-Euclid()

That should help with exercise HW#4: 1.27

sending messages
Sending Messages

Alice wants to send to Bob

  • She looks up his public key
  • She encodes as cypher-text
    • How to compute?
  • He receives and decodes it:
    • How to compute?

That’s it!

example
Example
  • Key generation:
    • Let ,
    • Let
    • Public key:
    • Private key: multiplicative inverse of 3 mod 40 = 27
      • Computed using extended-Euclid()
  • Encryption:
    • Clear-text message
    • Cypher-text message
  • Decryption:
    • Decrypted clear-text message
how safe is rsa
How Safe is RSA?
  • There are two main principled attacks.
  • The first:
    • Factor the public key into its primes
    • Invert to get
    • Given and (ciphertext), compute using modular exponentiation.
  • Factoring is hard, but nobody knows how hard.
    • It is unlikely to be in either P or NP-complete.
how safe is rsa1
How Safe is RSA?
  • The second attack involves computing
  • Reasoning:

y1/e

 (xe (mod N))1/e

    • (xe)1/e
    • x (mod N)
  • However, there is no known efficient algorithm for finding modular roots.
brute force attacks
Brute Force Attacks
  • Try all values of – harder than factoring
  • Try all primes from 1 to
  • Use computers: require time to crack
the punch line
The Punch-line
  • The crux of the security behind RSA
    • Efficient algorithms / Polynomial time computability of:
      • Modular Exponentiation – modexp()
      • Greatest Common Divisor – extended-Euclid()
      • Primality Testing – primality2()
    • Absence of efficient algorithms / Intractability of:
      • Factoring
      • Modular root finding
using public key authentication
Using Public Key Authentication
  • PGP (Pretty Good Privacy) uses the Fermatprimalitytest.
  • SSH: use ssh-keygen to generate a suitable pair of keys.
    • The prime number is tested using two methods.
      • The second of which is Miller-Rabin and some filtering based on known composites
      • (see source code)
    • From man ssh:
      • Put your public key on the server (presumably because anyone can see your server)
      • Put your private key on your client (because you control it).
      • ssh can use public key authentication to verify that you are who you say you are without a password.
        • "the server checks if this key is permitted
        • if so, sends the user (actually the ssh program running on behalf of the user) a challenge, a random number, encrypted by the user's public key
        • The challenge can only be decrypted using the proper private key.
        • The user's client then decrypts the challenge using the private key, proving that he/she knows the private key but without disclosing it to the server.“
rsa and ssh
RSA and SSH

Client [private key]

Server [public key]

Login

Encrypt a

random number

using public key

Decrypt the

random number

using private key

If numbers match,

then you must

have the private key

thoughts
Thoughts
  • Security of this scheme remains unproven
    • Factoring large numbers into their primes may turn out to be easy or unnecessary to break the code
    • Can you break it, or prove it is hard to break?
  • Are there other “one-way” functions to do the job?
  • Can we approximately break the code—derive a message within provable bounds of the clear-text ?
  • Are there alternative handshaking schemes to facilitate private communication without prior coordination?
  • Need creative minds on this problem (cool jobs at NSA)
assignment
Assignment
  • Read: Sections 2.1 & 2.2
  • HW #4: 1.27, 2.1, 2.5(a-e) using the Master Theorem
    • Due next Wednesday because
      • Proj. #1 is due Friday
      • Monday is a Holiday