1 / 13

Encryption and RSA Concepts - Key Schedule, Galois Field, and Public-Key Cryptography

This text discusses key schedule and tie-ins with Galois field in Rijndael/AES, as well as the concepts of public-key cryptography using RSA.

ronl
Download Presentation

Encryption and RSA Concepts - Key Schedule, Galois Field, and Public-Key Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DTTF/NB479: Dszquphsbqiz Day 19 • Announcements: • HW4 – DES due Friday midnight • Any volunteers to help config C/C# later today? • Who’s using Scheme? • Quiz on ch 3 postponed until after break • Term project groups and topics due end of week after break • Use ch 10 – 19 as inspiration • Today • Finish Rijndael • RSA concepts • Questions?

  2. Rijndael/AES Tie-ins with Galois field, GF(28): S-box implements z = Ax-1 + b in GF(28) MixColumn multiplies by a matrix in GF(28) to diffuse bits Key schedule (next) uses S-box and powers in GF(28) • Wikipedia’s visuals

  3. AddRoundKey (ARK) XOR the round key with matrix d. Key schedule on next slide

  4. Key Schedule Write original key as 4x4matrix with 4 columns: W(0), W(1), W(2), W(3). Key for round i is (W(4i), W(4i+1), W(4i+2), W(4i+3)) K1 K10 K0 Other columns defined recursively: Highly non-linear. Resists attacks at finding whole key when part is known 192-, 256-bit versions similar

  5. Decryption E(k) is: (ARK0, BS, SR, MC, ARK1, … BS, SR, MC, ARK9, BS, SR, ARK10) Each function is invertible: ARK; IBS; ISR; IMC So D(k) is: ARK10, ISR, IBS, ARK9, IMC, ISR, IBS, … ARK1, IMC, ISR, IBS, ARK0) Half-round structure: • Write E(k) = ARK, (BS, SR), (MC, ARK), … (BS, SR), (MC, ARK), (BS, SR), ARK (Note that last MC wouldn’t fit) • D(k) = ARK, (ISR, IBS), (ARK, IMC), (ISR, IBS), … (ARK, IMC), (ISR, IBS), ARK Can write: D(k) = ARK, (IBS, ISR), (IMC, IARK), … (IBS, ISR), (IMC, IARK), (IBS, ISR), ARK

  6. Wrap-up • Do you trust 128-bit encryption now? • You should, especially when keys are sent using public key cryptography (next)

  7. Public-key Cryptography • Problem: how can I send my AES key without Eve intercepting it? • Consider a scheme in which everyone publishes a (public) method by which messages can be encrypted and sent to them … but only the publisher can decrypt. • Knowing how to encrypt does not reveal how to decrypt!

  8. RSA (Rivest – Shamir – Adelman) For Alice to send a message to Bob. • Bob chooses primes p,q (large, ~100 digits each) • He publishes his public key (n,e): • n = pq • e, a large number such that gcd(e, (p-1)(q-1)) = 1 • Alice has a message m < n. • Otherwise (if m > n), break message into chunks < n • Alice sends c = me(mod n) • Bob computes cd (mod n) = (me)d = m (mod n). • What does he use for d?

  9. Alice – (m)  Bob Bob’s key: n = pq e: gcd(e, (p-1)(q-1)) = 1 This is so d=e-1 mod (p-1)(q-1) exists Alice sends c = me(mod n) Bob computes cd (mod n) = (me)d = m (mod n), where d = e-1 (mod n). What does he use for d? Recall Euler’s theorem: as long as gcd(m,n) = 1 So med = m (mod n) iff ed = 1 (mod f(n) = 1 (mod (p-1)(q-1)) So d = e-1 *mod (p-1)(q-1) Why does decryption work?

  10. Alice – (m)  Bob Bob’s key: n = pq = (13)(17) = 221 e = 35: gcd(e, (p-1)(q-1)) = 1 d=e-1 mod 192 exists: d = __11__ m = 20 (letter t) 1-based, so leading ‘a’ = 1 not ignored c = me(mod n) = _197___ cd (mod n) = _20__ Issues: How to compute 2035(mod 221)? Efficiency is O(log e) How to compute d? Extended Euclidean alg. And why is this secure? Why can’t Eve calculate d herself? Toy example

  11. Security • Eve knows e, n, and c only • To find d = e-1 (mod f(n)),Eve needs to know f(n) = (p-1)(q-1) • If she knows n, she can factor it into p and q to find f(n), right? • That’s a big if, since n is ~200 digits long! • Large numbers are hard to factor! • Can’t just test every prime from 1 .. sqrt(n)

  12. Security • c = me (mod n) • Can Eve just compute e-th root of c? • Not since mod n • Unless we brute force, but not when n is large!

  13. Is f(n) as hard to find as the factors of n? • Claim: factoring n hard  finding f(n) hard • Equivalently: f(n) easy  factoring n easy • If I know n and f(n), how can I find p, q? • Hint: write n and f(n) in terms of p and q. • I will show later that finding d is as hard to find as factors of n (uses factoring). • So Eve has no shortcuts to factoring!

More Related