CPIS 312 Chapter Four PUBLIC KEY CRYPTO Index

CPIS 312 Chapter Four: PUBLIC KEY CRYPTO

Index A. Introduction A. 1 Asymmetric Key Cryptography- Introduction A. 2 General ideas about the Public Key Cryptography B. Mathematical Background Prime Co-Prime Euclidean Algorithms Congruence Relations C. Asymmetric Key Algorithms C. 1 RSA Algorithms C. 2 Example C 3 Performance comparison with DES D. Diffie-Hellman Algorithm E. Public Key Infrastructure F. Hybrid Cryptosystem 2

Asymmetric Key Cryptography/ Public Key Cryptography n n public-key/two-key/asymmetric cryptography involves the use of two keys: n a public-key, which may be known by anybody, and can be used to encrypt messages, and verify signatures n a related private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures infeasible to determine private key from public based on mathematical functions rather than on substitution and permutation is asymmetric because n those who encrypt messages or verify signatures cannot decrypt messages or create signatures

General Idea of Asymmetric Cryptography

Mathematical Background • • Prime Co-Prime Euclidean Algorithms Congruence Relations

Prime The prime is a natural number which has exactly two distinct natural number divisors: 1 and itself The first 15 prime numbers are: 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47.

Coprime The integers a and b are said to be coprime or relatively prime if they have no common factor other than 1 and − 1 (if their Greatest Common Divisor is 1) For example: • 6 and 35 are coprime • 6 and 27 are not coprime because they are both divisible by 3 A fast way to determine whether two numbers are coprime is given by the Euclidean algorithm that determine the greatest common divisor (GCD) of two elements.

Euclidean Algorithm The Euclidean algorithm is an algorithm to determine the greatest common divisor (GCD) of two elements. Using recursion, the algorithm can be expressed: function gcd(a, b) { if b = 0 return a else return gcd(b, a mod b) } For example: • gcd(35, 6) = gcd(6, 5) = gcd(5, 1)=gcd(1, 0)=1 (This means that 35 and 6 are coprime) • gcd(27, 6) = gcd(6, 3) = gcd(3, 0) = 3

Congruence Relation Two integers a and b are said to be “congruent modulo” n, if their difference a − b is an integer multiple of n. If this is the case, it is expressed as: a ≡ b (mod n) For example, 38 ≡ 14 (mod 12) 38 ≡ 2 (mod 12) -3 ≡ 2 (mod 5) "a is congruent to b modulo n“

C. 2. Asymmetric Key Algorithms 3. RSA • The algorithm was publicly described in 1977 , however, was not revealed until 1997 due to its topsecret classification. • Rivest, Shamir, and Adleman devised RSA independently of Cocks' work. • RSA involves a public key and a private key. The public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted using the private key.

C. 2. Asymmetric Key Algorithms 3. RSA 1. Choose two distinct large random prime numbers p and q 2. Compute n=p. q • n is used as the modulus for both the public and private keys 3. Compute the totient: φ(n)=(p-1)(q-1) 4. Choose an integer e such that 1<e<φ(n), and e and φ(n) share no factors other than 1; (i. e. e and φ(n) are coprime) • e is released as the public key exponent 5. Compute d to satisfy the congruence relation: d. e ≡ 1 (mod φ(n)); • d is kept as the private key exponent Public Key: (n, e) Private Key: (n, d) To encrypt message: c = me mod n To decrypt message: m = cd mod n

C. 2. Asymmetric Key Algorithms 3. RSA - Example 1. 2. 3. 4. 5. 6. 7. Select primes: p=17 & q=11 Calculate n = pq =17 x 11=187 Calculate ø(n)=(p– 1)(q-1)=16 x 10=160 Select e: gcd(e, 160)=1; choose e=7 Determine d: de=1 mod 160 and d < 160 Value is d=23 since 23 x 7=161= 10 x 160+1 Publish public key PU={7, 187} Keep secret private key PR={23, 187}

RSA Example n n given message M = 88 encryption: n n C = 887 mod 187 = 11 decryption: n M = 1123 mod 187 = 88

C. 2. Asymmetric Key Algorithms 3. RSA - Some Facts • Security of RSA relies on difficulty of finding d given n and e. – If one can factorise n, then he can find p and q, and hence calculated d. • p and q should differ in length by only a few digits, and both should be on the order of 100 - 200 digits or even larger. – n with 150 digits could be factored in about 1 year. – factoring n with 200 digits could take about 1000 years (assuming about 1012 operations per second).

C. 2. Asymmetric Key Algorithms 3. RSA - Some Facts • Performance comparison with DES – RSA is about 1000 times slower in hardware. – RSA is about 100 times slower in software. • It is not suited for encrypting long messages. • Typically used for – Encrypting session keys for conventional ciphers. – Non-repudiation - digital signatures (see a future lecture). • Smart cards which are RSA-capable have become available.

RSA Example • Here is a more realistic example. We choose a 512 -bit p and q, calculate n and f(n), then choose e and test for relative primeness with f(n). We then calculate d. Finally, we show the results of encryption and decryption. The integer p is a 159 -digit number.

RSA Example • The modulus n = p × q. It has 309 digits. • f(n) = (p − 1)(q − 1) has 309 digits.

RSA Example • Bob chooses e = 35535 (the ideal is 65537) and tests it to make sure it is relatively prime with f(n). He then finds the inverse of e modulo f(n) and calls it d.

RSA Example • Alice wants to send the message “THIS IS A TEST”, which can be changed to a numeric value using the 00− 26 encoding scheme (26 is the space character). • The ciphertext calculated by Alice is C = Pe, which is

RSA Example • Bob can recover the plaintext from the ciphertext using P = Cd, which is • The recovered plaintext is “THIS IS A TEST” after decoding.

Review Question Q 1. You intercept a message encrypted using RSA with value C = 10. You know that the message is intended for a user whose public key is {e=5, n=35}. Find the plaintext M.

C. 2. Asymmetric Key Algorithms 4. Diffie – Hellman “Key Exchange” • Invented by Williamson (GCHQ) and, independently, by Diffie – Hellman (Stanford) • A “key exchange” algorithm used to establish a shared symmetric key not for encrypting or signing • The security of DH on the computational difficulty of the discrete log problem: given g, p, and gk mod p find k

C. 2. Asymmetric Key Algorithms 4. Diffie - Hellman • Let p be prime, let g be a generator – For any x {1, 2, …, p-1} there is n s. t. x = gn mod p • • • Alice selects secret value a Bob selects secret value b Alice sends ga mod p to Bob sends gb mod p to Alice Both compute shared secret gab mod p Shared secret can be used as symmetric key

C. 2. Asymmetric Key Algorithms 4. Diffie - Hellman • Suppose that Bob and Alice use gab mod p as a symmetric key • Trudy can see ga mod p and gb mod p • Note ga. gb mod p = g(a+b) mod p gab mod p • If Trudy can find a or b, system is broken • If Trudy can solve discrete log problem, then she can find a or b

C. 2. Asymmetric Key Algorithms 4. Diffie - Hellman • Public: g and p • Secret: Alice’s exponent a, Bob’s exponent b ga mod p gb mod p Alice, a Bob, b • Alice computes (gb)a = gab mod p • Bob computes (ga)b = gab mod p • Could use K = gab mod p as symmetric key

C. 2. Asymmetric Key Algorithms 4. Diffie - Hellman • Subject to man-in-the-middle (Mi. M) attack Alice, a ga mod p gt mod p gb mod p Trudy, t • Trudy shares secret gat mod p with Alice • Trudy shares secret gbt mod p with Bob • Alice and Bob don’t know Trudy exists! Bob, b

C. 2. Asymmetric Key Algorithms 4. Diffie - Hellman • How to prevent man-in-the-middle attack (Mi. M) attack? – Encrypt DH exchange with symmetric key – Encrypt DH exchange with public key – Sign DH values with private key – Other? • You MUST be aware of Mi. M attack on Diffie. Hellman

C. 2. Asymmetric Key Algorithms 5. Public Key Infrastructure (PKI) • PKI is showing everything required to securely use public key crypto: – A digital certificate, or public key certificate, that contains a user’s name along with the user’s public key. – A digital certificate needs to be signed by one of the Certificate Authorities (CAs) – trusted third party (TTP) - in order to verify the public key. – A digital certificate needs to be added to the Certificate Revocation Lists (CRLs) if the private key is compromised.

C. 2. Asymmetric Key Algorithms 6. Ways to use 1 Anyone can encrypt using the public key, but only the holder of the private key can decrypt. Secrecy depends on the secrecy of the private key. 2 3 Using a private key to encrypt (thus signing) a message; anyone can check the signature using the public key. Validity By combining your own private depends on private key security. key with the other user's public key, you can calculate a shared secret that only the two of you know. The shared secret can be used as the key for a symmetric cipher.

C. 2. Asymmetric Key Algorithms 7. Advantages 1. Hybrid Cryptosystem: – The primary advantage of symmetric key cryptography is efficiency (because there is no infrastructure, such as PKI). – the primary advantage of public key cryptography is that no need to establish a shared key in advance. – To achieve both advantage, use a hybrid cryptosystem, where public key crypto is used to establish a symmetric key. C={M}Alice: encrypt message M with Alice’s public key M=[C]Alice: decrypt ciphertext C with Alice’s private key

C. 2. Asymmetric Key Algorithms 7. Advantages 2. Integrity and non repudiation: – With symmetric key crypto, a MAC provides for integrity. – With public key crypto, a digital signature provides for integrity and non -repudiation. Scenario? Hints: Using a MAC, anyone can repudiate a transaction because the key is shared between the two sides. However, using a digital signature, no one can repudiate a transaction because the private key can be owned by only one.

C. 2. Asymmetric Key Algorithms 7. Advantages 3. Confidentiality and non repudiation: – For confidentiality only, Alice can encrypt M with Bob’s public key Alice will {M}Bob – For integrity and non-repudiation only, Alice can sign M with her private key Alice will [M]Alice – To achieve all: • Alice can sign the message M and encrypt the result: {[M]Alice}Bob • Alice can encrypt M first and then sign the result: [{M}Bob]Alice C={M}Alice: encrypt message M with Alice’s public key M=[C]Alice: decrypt ciphertext C with Alice’s private key

Terms and Concepts • • 36 Symmetric Ciphers Asymmetric Ciphers GK & SIK RSA PKI Shared key Repudiation