# Public Key Encryption - PowerPoint PPT Presentation Download Presentation Public Key Encryption

Public Key Encryption Download Presentation ## Public Key Encryption

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
##### Presentation Transcript

1. Public Key Encryption Kyle Schmidt

2. A Brief History of Cryptography • Ancient Greeks • Scytale Cipher • Julius Caesar • Caesar Cipher • “Enigma” • Automated Cipher

3. What is Cryptography? • Secure and private communication • Encryption • Rendering a message unintelligible WEDNESDAY THE SIXTEENTH JRQARFQNL GUR FVKGRRAGU

4. Symmetric vs. Asymmetric • Symmetric • Single key • Asymmetric (Public Key) • Two keys • Public key & Private key • Mailbox Concept • Digital Signature

5. Branches of Cryptology Cryptology Cryptography Cryptanalysis Symmetric Asymmetric Message Authentication Encryption Encryption

6. Advantages of Asymmetric • Secure Exchange of Keys • Can’t trust the middleman • Nonrepudiation • Keep track of your own key • More Uses • Encryption • Message Authentication • Digital Signatures

7. Modular Arithmetic • Most cryptosystems based on finite, discrete sets modulus = 12

8. Modulus Operation • Formal Definition: Given integers a, r, and m, we say a ≡ r mod m if (r – a) is divisible by m • Note that there are infinitely many remainders • Not to be confused with: a = r mod m

9. The Ring Zm • Ring of integers with properties: • Arithmetic operations always yield result in Zm • e.g. ∀a, bεZm then (a + b) ε Zm • Neutral elements 0 for addition, 1 for multiplication • e.g. ∀a εZm, a + 0 ≡ a mod m • Additive inverse always exists • i.e. ∀a εZm, ∃b = -a such that a + b ≡ 0 mod m • Multiplicative inverse only exists for some elements

10. Euclidean Algorithm • Calculates Greatest Common Divisor (GCD) • Simplify the problem • GCD(a, b) = GCD(a – b, b)

11. Euclidean Algorithm a = bq + r a = su b = tu b = s’v r = t’v r = a – bq a = bq + r r = (su) – (qt)u a = (s’v)q + (t’v) r = (s – qt)u a = (s’q + t)v

12. Euclidean Algorithm Procedure of Euclidean Algorithm

13. Extended Euclidean Algorithm • Modular Division • Multiplication by multiplicative inverse • ba-1 instead of b/a • Multiplicative Inverse: • aa-1≡ 1 mod m • Extended Euclidean Algorithm: • Fast, efficient way to find multiplicative inverse

14. Extended Euclidean Algorithm • Perform regular Euclidean Algorithm • GCD(a, b) must be 1 • Then for ax + by = 1, • x is the multiplicative inverse of a, and • y is the multiplicative inverse of b

15. Extended Euclidean Algorithm a = bq1 + r1 b = q2 r1 + r2 r1 = q3 r2 + r3 rn-2 = qn rn-1 + 1 r1 = a – bq1 r2 = b – q2 r1 r3 = r1 – q3 r2 1 = rn-2 – qn rn-1 1 = rn-2 – qn rn-1 1 = rn-2 – qn (r1 – q3 r2) 1 = rn-2 – qn (r1 – q3 (b – q2 r1)) 1 = rn-2 – qn (r1 – q3 (b – q2 (a – b q1))) 1 = ax + by

16. Extended Euclidean Algorithm • Proof ax + by = 1 ax + by  1 mod a by  1 mod a aa-1 1 mod a

17. Euler’s Totient Function • Essential for RSA Scheme • and most likely others • Totient (n) • Number of totatives of an integer n • Totative: An integer m, 0 < m < n, GCD(m, n) = 1 • Prime factorization of n must be known

18. Example: (30) C = 5 25 (5) {1, 2, 3, …, 30} S = 10 15 2 20 30 3 4 8 14 A = 9 = B 6 12 21 (2) 16 22 (3) 24 27 18 26 28 13 17 19 1 7 11 23 29

19. Example: (30) • Calculate totients from frequency • De Morgan’s Theorem: • Probability a number is in a subset is equal to Probability a number is not in all other subsets • Probability a number is NOT in a set is equal to 1 – (Probability of being IN the set) • Probability= (1 – 1/2) * (1 – 1/3) * (1 – 1/5) • Frequency = (1 – 1/2) * (1 – 1/3) * (1 – 1/5) * 30

20. Euler’s Totient Function • Formula: (n) = n(1 – 1/p1)(1 – 1/p2)…(1 – 1/pm) = (n) = (p1 – 1)p1k1–1(p2 – 1)p2k2–1 …(pm – 1)pmkm–1

21. RSA • Ronald Rivest, Adi Shamir, Leonard Adleman • 1977 • Most widely used asymmetric scheme today • Two main uses: • Secure exchange of keys • Digital signatures

22. How RSA Works • Keys are pairs of integers • Encrypting key: (e, n) • Decrypting key: (d, n) • Encryption/Decryption: Exponentiation within Zn • Encrypt message: C = Me • Decrypt cyphertext: M = Cd • Before encrypting: • Convert plaintext to integer with hash function

23. RSA: Key Generation • Choose two arbitrary prime numbers p and q • Calculate n = pq • Calculate (n) • = (p – 1)(q – 1) • Choose arbitrary integer e < (n) – 1 such that GCD(e, (n)) = 1 • Calculate d = multiplicative inverse of e mod (n) using Extended Euclidean Algorithm

24. RSA: Key Generation • Basic requirement: • After choosing p, q, choose e, d, k satisfying: • ed – 1 = k(p – 1)(q – 1) • Extended Euclidean Algorithm requires two integers that are relatively prime • Thus, requiring e and (n) to be relatively prime ensures that there will be a matching private key

25. How RSA Works • Me = C; Cd = M • Prove Cd≡(Me)d ≡ Med≡ M mod n • Fermat’s Little Theorem • M(n)≡ 1 mod n if M and n are relatively prime • Mk(n) ≡ 1 mod n • M*Mk(n) ≡ M mod n • Mk(n)+1 ≡ M mod n • ed – 1 = k(p – 1)(q – 1) • ed = k(p – 1)(q – 1) + 1 • ed = k (n) + 1 Med ≡ M mod n

26. How RSA Works • M = Med • = M1+(n)k • = (M)M(n)k • = (M)(M(n))k • = (M)(1)k • = M • M = M

27. RSA: Faster Encryption • “Square-and-Multiply” Algorithm • Quick and efficient, even with large numbers • Based on binary representation of exponent • Iterative through bits, left to right • Consider y = xh mod n • Starting with 2nd bit from left: • Calculate y = x • Calculate y = y2 mod n • If current bit of h is 1, calculate y = yx mod n • Repeat steps 2 and 3 for each bit in exponent

28. Iteration Current Bit Calculation Value of y y = x 2 1 1  0 1 0 y = y2 mod n 4 mod 5 = 4 1 1  0 1 0 y = y * x mod n 8 mod 5 = 3 2 1 1  1 0 y = y2 mod n 9 mod 5 = 4 3 1 10  0 y = y2 mod n 16 mod 5 = 1 3 1 10  0 y = y * x mod n 2 mod 5 = 2 4 1 10 1  y = y2 mod n 4 mod 5 = 4 RSA: Faster Encryption • Example: y = 226 mod 5

29. RSA: Faster Encryption • Square-and-Multiply has complexity O(log n), where n is the number of bits in the exponent • Relatively efficient • Although still intensive for small devices • Speed up encryption more: smaller public key • No significant loss of security

30. RSA: Faster Decryption • Can’t use smaller private key • Major security loss • Chinese Remainder Theorem • Allows computation of y = x mod (pq) given: • y1 = x mod p and y2 = x mod q • Break down Cd mod n into smaller computations • More computations, but less intensive • Requires knowledge of p and q, thus cannot be used to speed up encryption

31. RSA: Faster Decryption • Variation of Fermat’s Little Theorem: • xp-1 ≡ 1 mod p • Using this, break down exponent d into d1 = d mod (p – 1) and d2 = d mod (q – 1) • Decryption now requires two exponentiations: • Using Chinese Remainder Theorem, compute: y ≡ y1q(q–1mod p) + y2p(p–1mod q) mod n • On average, four times faster

32. Practical Uses of RSA • Even with these methods to speed up RSA, it is still much slower than symmetric systems • Not typically used for large-scale encryption • Encrypt smaller messages • Passwords • Symmetric keys • Digital Signatures • Used together with symmetric systems • Secure key exchange + fast, efficient encryption

33. Problem • Modern computers becoming more efficient • Factoring large numbers is becoming easier • Larger keys required for RSA to remain secure • RSA becoming slower and slower

34. Alternative • Elliptic Curve Cryptography (ECC) • 1985 • Neal Koblitz, Victor S. Miller • Estimated to be widespread within next decade

35. Elliptic Curve Cryptography: Premise • Point “Addition” (addition of ordered pairs) • Given a set E of points, and an operator “+”: • Compute “sum” of two points as another point • P + Q = R; P, Q, RɛE • NOT actual arithmetic addition • Point “Multiplication” • G = P + P + … + Pk = kP; G, P ɛ E, k ɛR

36. Elliptic Curve Cryptography: Premise • The set E is drawn from points of an elliptic curve • y2 = x3 + ax + b • Security comes from difficulty of finding k if given G and P • Elliptic Curve Discrete Logarithm Problem • Can’t just divide G by P • Not arithmetic multiplication! • More similar to finding k in a = bk • No efficient algorithm exists to solve this problem

37. Computing P + Q • Since elliptic curves are cubic, there are generally three points a line intersects the curve • Use this fact to calculate P + Q • Draw line from P to Q • Define the third point of intersection to be –R • Thus R is the mirror reflection of –R

38. Computing P + Q • If there is no third point (the line is vertical), P + Q is said to be “infinity”, denoted as O • O is an additive identity (P + O = P) • To compute P + P, use P’s tangent line instead

39. Elliptic Curve Algebra • Algebraic Formulae: • P + Q • xP+Q = β2 – xP – xQ • yP+Q = β(xP – xR) – yP • β is the slope of the line • P + P (or 2P) • x2P= ([3x2P + a] / 2yP)2 – 2xP • y2P = ([3x2P + a] / 2yP) * (xP– xR) – yP • ais the same parameter from the cubic equation

40. How it is Applied to Cryptography • To ensure security, some restrictions: • Curve must be smooth (no cusps, intersections, etc) • Can’t use all real numbers – must be discrete • In particular, prime numbers or binary numbers • No longer a “curve,” but algebra still holds • Why ECC is harder to crack than RSA: • Algebra is more complex than factoring numbers

41. Secure Key Exchange • Variation of Diffie-Hellman Scheme • Alice and Bob agree on parameters for curve • a, b in y2 = x3 + ax + b and a point Gɛ E • Alice chooses a private integer XAand calculates a point YA = XAG • Bob does similar, calculating YBfrom integer XB • Alice and Bob publicly exchange YA and YB • The secret key K is computed by: • For Alice, K = XAYB • For Bob, K = XBYA

42. Secure Key Exchange • Alice and Bob get the same private key, because: • K = XAYB • = XA(XBG) • = XBXAG • = XBYA • = K

43. The Bigger Picture • ECC found to be 10x faster than RSA • Requires less memory and computational power • Equal security as RSA • Ideal for use on: • Smart cards • Wireless devices • Other constrained devices RSA is unsuitable for

44. Symmetric Key Size RSA Key Size ECC Key Size 80 1024 160 112 2048 224 128 3072 256 192 7680 384 256 15360 521 The Bigger Picture • Security of RSA • Increasingly more vulnerable • Security of ECC • No significant increase in vulnerability over 25 years NIST Recommended Key Sizes for Equal Security

45. References  Alayont, Feryâl. (2005). “RSA: A Public Key Cryptosystem”. <http://faculty.gvsu.edu/alayontf/talks/rsa.pdf>  Kak, Avi. (2011). “Elliptic Curve Cryptography and Digital Rights Management”. Lecture Notes on Computer and Network Security. <https://engineering.purdue.edu/kak/compsec/NewLectures/Lecture14.pdf>  Kotas, William A. (2000). “A Brief History of Cryptography”. University of Tennessee Honors Thesis Projects. <http://trace.tennessee.edu/utk_chanhonoproj/398>  National Security Agency. (2009). “The Case for Elliptic Curve Cryptography”. <http://www.nsa.gov/business/programs/elliptic_curve.shtml>  Paar, Christof and Pelzl, Jan. (2010). “Introduction to Cryptography”. Understanding Cryptography – A Textbook for Students and Practitioners (online slides). <http://www.crypto-textbook.com>  Paar, Christof and Pelzl, Jan. (2010). “The RSA Cryptosystem”. Understanding Cryptography – A Textbook for Students and Practitioners (online slides). <http://www.crypto-textbook.com>  RSA Laboratories. (2000). “RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography, Version 4.1”. <http://www.rsasecurity.com/rsalabs/faq/files/rsalabs_faq41.pdf>  Turner, Clay S. (2008). “Euler’s Totient Function and Public Key Cryptography”. <http://web.cs.du.edu/~ramki/courses/security/2011Winter/notes/RSAmath.pdf>  Vinck, A.J. Han. (2011). “Introduction to Public Key Cryptography”. <http://www.exp-math.uni-essen.de/~vinck/crypto/script-crypto-pdf/add-to-3.pdf>  Wagner, Neal R. (2003). “The RSA Public Key Cryptosystem”. The Laws of Cryptography with Java Code. <http://www.cs.utsa.edu/~wagner/lawsbookcolor/laws.pdf>  Weisstein, Eric W. “Euclidean Algorithm”. MathWorld – A Wolfram Web Resource. <http://mathworld.wolfram.com/EuclideanAlgorithm.html>

46. References • Additional images for this presentation retrieved from: • http://en.wikipedia.org/wiki/Enigma_machine • http://en.wikipedia.org/wiki/Public-key_cryptography • http://www.usc.edu/dept/molecular-science/RSA-2003.htm • http://en.wikipedia.org/wiki/Leonhard_Euler • http://physicsworld.com/cws/article/news/47723 • http://en.wikipedia.org/wiki/Credit_card