Symmetric and Asymmetric-key cryptography will exist in parallel and continue to serve the community. It is believe that they are complements of each other; the advantages of one can compensate for the disadvantages of the other. Symmetric-key cryptography is based on sharing secrecy; Asymmetric-key cryptography is based on personal secrecy.
Traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications are compromised. Hence, does not protect sender from receiver forging a message & claiming is sent by sender. Symmetric key cryptography is based on applying substitution and permutation of symbols (characters or bits). In a community of n people, N (N-1)/2 shared secrets are needed fro symmetric key cryptography.
Public-Key Cryptography
uses two keys a public & a private key asymmetric since parties are not equal complements rather than replaces private key crypto Public-key/two-key/Asymmetric cryptography involves the use of two keys Public-key, which may be known by anybody, and can be used to Encrypt messages and verify signatures Private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures is Asymmetric because those who encrypt messages or verify signatures cannot decrypt messages or create signatue
Public-Key Characteristics
Public-Key Characteristics
Public-Key algorithms rely on two keys with the characteristics that it is computationally infeasible to find decryption key knowing only algorithm & encryption key computationally easy to encrypt/decrypt messages when the relevant (encrypt/decrypt) key is known either of the two related keys can be used for encryption with the other used for decryption (in some schemes)
Public-Key Applications
Public-Key Applications
can classify uses into 3 categories Encryption/Decryption (provide secrecy) Digital Signatures (provide authentication) Key Exchange (of session keys) some algorithms are suitable for all uses, others are specific to one
developed to address two key issues Key Distribution how to have secure communications in general without having to trust a KDC with your key Digital Signatures how to verify a message comes intact from the claimed sender
Asymmetric key cry ptography uses two separate keys: one private and one public.
Locking and unlocking in asymmetric-key cryptosystem
Public-Key Cryptosystems
easy
p,q
hard
N=pq
Trap-Door OWF
Definition: f:DR is a trap-door one way function if there is a trap-door s such that: Without knowledge of s, the function f is a one way function Given s, inverting f is easy Example: fg,p(x) = gx mod p is not a trap-door one way function. Example: RSA is a trap-door OWF.
easy
xe mod N hard
One-Way Function (OWF) 1. f is easy to compute. 2. f 1 is difficult to compute Trapdoor One-Way Function (TOWF) 3. Given y and a trapdoor, x can be computed easily.
Each user generates a public/private key pair by selecting two large primes at random - p, q computing their system modulus N=p.q note (N)=(p-1)(q-1) selecting at random the encryption key e where 1<e<(N), gcd(e, (N))=1 solve following equation to find decryption key d e.d=1 mod (N) and 0dN publish their public encryption key: KU={e, N} keep secret private decryption key: KR={d, p, q}
RSA Example
1. 2. 3. 4. 5. 6. 7. Select primes: p=17 & q=11 Compute n = pq =1711=187 Compute (n)=(p1)(q-1)=1610=160 Select e : gcd(e,160)=1; choose e=7 Determine d: de=1 mod 160 and d < 160 Value is d=23 since 237=161= 10160+1 Publish public key KU={7,187} Keep secret private key KR={23,17,11}
Exponentiation
can use the Square and Multiply Algorithm a fast, efficient algorithm for exponentiation concept is based on repeatedly squaring base and multiplying in the ones that are needed to compute the result look at binary representation of exponent only takes O(log2 n) multiples for number n eg. 75 = 74.71 = 3.7 = 10 mod 11 eg. 3129 = 3128.31 = 5.3 = 4 mod 11
Exponentiation
RSA Security
Three approaches to attacking RSA Brute force key search (infeasible given size of numbers) Mathematical attacks (based on difficulty of computing (N), by factoring modulus N) Timing attacks (on running of decryption)
Factoring Problem
mathematical approach takes 3 forms: factor N=p.q, hence find (N) and then d determine (N) directly and find d find d directly currently believe all equivalent to factoring have seen slow improvements over the years as of Aug-99 best is 130 decimal digits (512) bit with GNFS biggest improvement comes from improved algorithm cf Quadratic Sieve to Generalized Number Field Sieve barring dramatic breakthrough 1024+ bit RSA secure ensure p, q of similar size and matching other constraints
Timing Attacks
developed in mid-1990s exploit timing variations in operations eg. multiplying by small vs large number or IF's varying which instructions executed infer operand size based on time taken RSA exploits time taken in exponentiation countermeasures use constant exponentiation time add random delays blind values used in calculations
Exponentiation in Zpq*
Motivation: We want to exponentiation for encryption. Let e be an integer, 1 < e < (p-1) (q-1). Question: When is exponentiation to the eth power, x --> xe, a one-to-one op in Zpq* ?
Exponentiation in Zpq*
Claim: If e is relatively prime to (p-1)(q-1) then x --> xe is a one-to-one op in Zpq* Constructive proof: Since gcd(e, (p-1)(q-1))=1, e has a multiplicative inverse mod (p-1)(q-1). Denote it by d, then ed=1 + C(p-1)(q-1). Let y=xe, then yd =(xe)d=x1+C(p-1)(q-1) =x meaning y --> yd is the inverse of x-->xe QED
A Small Example
Let p=47, q=59, N=pq=2773. (N)= 46*58=2668. Pick d=157, then 157*17 - 2668 =1, so e=17 is the inverse of 157 mod 2668. For N =2773 we can encode two letters per Block, using a two digit number per letter: blank=00, A=01,B=02,,Z=26. Message: ITS ALL GREEK TO ME is encoded 0920 1900 0112 1200 0718 0505 1100 2015 0013 0500
A Small Example
N=2773, e=17 (10001 in binary). ITS ALL GREEK TO ME is encoded as 0920 1900 0112 1200 0718 0505 1100 2015 0013 0500 First block M=0920 encrypts to Me= M17 = (((M2)2 )2 )2 * M = 948 (mod 2773) The whole message (10 blocks) is encrypted as 0948 2342 1084 1444 2663 2390 0778 0774 0219 1655 Indeed 0948d=0948157=920 (mod 2773), etc.
Attacks on RSA
1. Factor N=pq. This is believed hard unless p, q have some bad properties. To Avoid such primes, it is recommended to Take p, q large enough (100 digits each). Make sure p, q are not too close together. Make sure both (p-1), (q-1) have large prime factors (to foil Pollards rho algorithm).
Basic Scheme
A public key encryption scheme includes the following elements: A private key k A public key k An encryption algorithm, which is a trap door OWF. The trap-door info is the private key Public key is published Encryption uses the public key (anyone can encrypt) Decryption requires the private key
Properties of RSA
The requirement (e,(n))=1 is important for uniqueness Finding d, given p and q is easy. Finding d given only n and e is assumed to be hard (the RSA assumption) The public exponent e may be small. Typically its value is either 3 (problematic) or 216+1 Each encryption involves several modular multiplications. Decryption is longer.
Plaintext/Ciphertext Unlike in symmetric-key cryptography, plaintext and ciphertext are treated as integers in asymmetric-key cryptography. Encryption/Decryption C = f (Kpublic , P) P = g(Kprivate , C)