1 / 10

Agenda

CS G513 / SS G513 Network Security. Agenda. Public Key Encryption Basics and Attacks RSA – Correctness and Security Strength. (Asymmetric) Public Key Encryption. Key Idea: One key (say the encryption key) is public and distributed in an open (but authentic) way.

hue
Download Presentation

Agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS G513 / SS G513 Network Security Agenda Public Key Encryption Basics and Attacks RSA – Correctness and Security Strength

  2. (Asymmetric) Public Key Encryption • Key Idea: • One key (say the encryption key) is public and distributed in an open (but authentic) way. • The other key (say decryption key) is kept secret/private. • Secrecy – achieved by the fact that only those who own (a private) key can decrypt a message encrypted by (the corresponding) public key. • D(kv , E(ku , m)) = m • kv is the private key • Ku is the public key Sundar B.

  3. PKE - Types of Attacks • Chosen plain-text attack is possible by a passive adversary. • Stronger attack: Chosen ciphertext attack • Choose a ciphertext and obtain (by some means from victim) the corresponding plaintext • Indifferent chosen-ciphertext attack • Adversary provided with decryptions of ciphertexts of its choice, but the choices made a-priori. • Adaptive Chosen-ciphertext attacks • Adversary may use or have access to victim’s decryption machine but not the private key even after seeing the ciphertext to be broken. Sundar B.

  4. Public Key Encryption - Issues • Public Key Distribution • Must be done in authentic way – otherwise leads to easy impersonation • PKE schemes may assume block wise encryption: • Plaintext is broken into blocks of fixed length • Cipher Block Chaining (CBC mode) can be used against block manipulation • CFB and OFB modes so cannot be used in PKE schemes – Why? Sundar B.

  5. RSA • Rivest, Shamir and Adleman – 1978. • Based on modular arithmetic and prime factors. • Key generation • Generate two different, large, random primes p and q (roughly the same size as each other) • Compute n=pq and  = (p-1)(q-1) • Select a random int. e such that gcd(e, ) = 1. • Compute d s.t. ed = 1 (mod ) • Let ku = (n,e) and kv = (n,d) • Does d always exist ? Sundar B.

  6. RSA • Encryption: • Represent message as an int m in the range [0..N-1] • Compute c = me (mod n) • Decryption • Compute m = cd (mod n) Sundar B.

  7. RSA - Correctness • Lemma 1: med = m (mod p) • Lemma 2: med = m (mod q) • Theorem: cd = (me)d = m (mod n) • Proof of Theorem: Since p and q are distinct primes, med – m divides pq (by lemma 1 and 2) i.e. med = m (mod n)

  8. RSA - Correctness • Proof of Lemma 1: • Given ed = 1 (mod ), there exists k such that ed = 1 + k . • If gcd(m,p) = 1 then mp-1 = 1 (mod p) by Fermat’s Little Theorem. • Then med = m (mod p). • But this is true if gcd(m,p) = p as well as • both sides are congruent to 0 (mod p) Sundar B.

  9. Security of RSA • Adversary’s task: • Given ciphertext c, and public key (n,e) • find plaintext m • find private key (n,d) • Possible approach: • Factorize n • Compute  and d just as the sender does. • Then (n,d) is the private key and • m = cd (mod n) is the plaintext message. Sundar B.

  10. Security of RSA • Security of RSA depends on 2 claims: • Factoring is difficult (Claim 1) and • Obtaining d is at least hard as factoring (Claim 2). • Factorization is difficult • No known polynomial time algorithm exists. • But not proven to be NP-hard. • It has been proved that • given any multiple of  = (p-1)(q-1), n can be factored. • Since ed = 1(mod ) , ed-1 = k for some k.

More Related