Académique Documents
Professionnel Documents
Culture Documents
[Part 2]
• To distinguish between two cryptosystems:
Asymmetric-Key Encipherment symmetric-key and asymmetric-key;
• To discuss the RSA cryptosystem;
• To introduce the usage of asymmetric-key
Chapter 10 cryptosystems;
• To introduce the attacks in asymmetric-key
cryptosystems;
Asymmetric-Key Cryptography
Forouzan, B.A. Cryptography and Network Security (International Edition). United States: McGraw Hill, 2008. 1.2
1.3 1.4
Chapter 10 10.1 Introduction Chapter 10 10.1 Introduction
• The conceptual differences between them are based on • For n people, we need: • For n people, we need:
how these systems keep a secret (key).
n(n -1) / 2 shared secrets. only n shared secrets.
AK BD PU B
= 15 KCD B KCE C A B C
K BF PUC
K AF
K AE PUD
K DF PU E
K DE PRD PRF
K EF PU F
D E F Public key D E F
distribution
channel PRE
http://4vector.com/i/free-vector-business-people-icon-02-vector_019614_2.jpg 1.7 http://4vector.com/i/free-vector-business-people-icon-02-vector_019614_2.jpg 1.8
Chapter 10 10.1 Introduction Chapter 10 Contents
Stalling, W. Cryptography and Network Security: Principles and Practices (Fourth Edition). United States of America: Pearson, Prentice Hall, 2006. (page 258) 1.9 1.10
•Example:
• Alice locks the padlock with Bob’s public key, then only
Bob’s private key can unlock it.
b) . M = DK Alice 2 (C)
C = EK public (M ) M = DK private (C)
1.15 1.16
Chapter 10 10.2 Asymmetric-Key Cryptography Chapter 10 10.2 Asymmetric-Key Cryptography
General Idea
• Example: F wants to send a message to A; F will use A’s • Example: F wants to send a message to A; F will use A’s
public key. public key.
PU A , PRA PU A , PRA
A B
Message F
C A B
CiphertextF = Encrypt(PU
C
A , messageF)
PU F , PRF PU F , PRF
D E F D E F
D E F
PF
• The encryption function f is used only for encryption; D E F
• The decryption function g is used only for decryption.
PA CC = E(PUC , PA )
A B C A CBB C
C
C
CF = E(PU F , PA )
CD = E(PU D , PA )
D E F CDD C
E
E
FC
F
CE = E(PU E , PA )
http://4vector.com/i/free-vector-business-people-icon-02-vector_019614_2.jpg 1.27 http://4vector.com/i/free-vector-business-people-icon-02-vector_019614_2.jpg 1.28
Chapter 10 10.2 Asymmetric-Key Cryptography Chapter 10 10.2 Asymmetric-Key Cryptography
Exercise10.0:
Solution 10.0:
PA = D(PRB ,CB ) • Asymmetric-key cryptography is normally used to encrypt
or decrypt small pieces of information, such as the cipher
key for a symmetric-key cryptography.
PA = D(PRC ,CC )
• In other words, asymmetric-key cryptography normally is
PA used for ancillary goals instead of message
A B C encipherment that play a very important role in
cryptography today.
D E F
PA = D(PRE ,CE )
http://4vector.com/i/free-vector-business-people-icon-02-vector_019614_2.jpg 1.29 1.30
There is a very important fact that is sometimes • The main idea behind asymmetric-key cryptography is the
misunderstood: concept of the trapdoor one-way function f : x ® y , that
The advent of asymmetric-key cryptography DOES NOT is
ELIMINATE the need for symmetric-key cryptography. • f is one-to-one.
• f if a public.
Reasons: • One-Way Function (OWF)
1) Asymmetric-key cryptography is much slower than
symmetric-key cryptography because it uses
mathematical functions for encipherment.
2) Asymmetric-key cryptography is still needed for
authentication, digital signatures, and secret-key exchanges.
A one-way function (OWF) with a third properties : •Given p and q, it is always easy to calculate n;
•Given n, it is very difficult to compute p and q;
•This is the factorization problem.
3) Given y, and a trapdoor (secret), x can be easily
computed. Example 10.2:When n is large, the function y = x k mod n is a
trapdoor one-way function (TOWF).
• Given x, k, and n, it is easy to calculate y;
• Given y, k, and n, it is very difficult to calculate x;
• This is the discrete logarithm problem;
• However, if we know the trapdoor, k′ such
that k ´ k ' = 1mod f (n), we can use x = y mod n
k'
to find x.
1.35 1.36
Chapter 10 10.2 Asymmetric-Key Cryptography Chapter 10 10.2 Asymmetric-Key Cryptography
Security of Asymmetric-key Cryptography
Example 10.3:For x = 6, a = 9, and p = 11, we compute
• Similar to symmetric-key cryptography
y º x a º x((x 2 )2 )2 mod p
schemes, the brute force exhaustive
with 4 multiplications: search attack is always theoretically
possible but keys used are too large
y = 6((6 2 )2 )2 mod11 = 6((36)2 )2 mod11 (> 512 bits).
= 6((3)2 )2 mod11 = 6(9)2 mod11
= 6(81)mod11 = 6(4)mod11 • Keys used must be large enough to make brute force
= 24 mod11 = 2 attack impractical, but small enough for practical
encipherment that requires the use of very large
However, finding an a such that 6 a º 2 mod11 is hard. numbers.
We need to try all possibilities (from 1 to p – 1) to obtain • However, the enciperment process is slow compared to
such a. symmetric-key cryprography schemes.
Assoc. Prof. Mazleena Salleh, Cryptography and Network Security, 2014/2015-Semester 2.
1.37 https://portal.solent.ac.uk/campus/campus-and-accommodation/accommodation/images/lock-key.jpg 1.38
Privacy / Confidentiality :
• Computationally easy :
•sender encrypts message with
• to generate the key pairs; receover’s public key;
• for the sender to encrypt;
• for the receiver to decrypt;
Authentication (Digital Signature) :
• sender creates signature by
• Computationally infeasible for an opponent,
encrypting the message with
Key Exchange :
• knowing the public key to determine the private key; his/her private key;
To exchange a
• knowing the public key and a ciphertext, to recover the session key between
original message. Integrity two entities.
Assoc. Prof. Mazleena Salleh, Cryptography and Network Security, 2014/2015-Semester 2. Assoc. Prof. Mazleena Salleh, Cryptography and Network Security, 2014/2015-Semester 2.
http://www.productivity501.com/wp-content/uploads/2009/06/public-private-keys.png 1.39 http://networklore.com/wp-content/uploads/2010/01/binary-security.png 1.40
Chapter 10 10.2 Asymmetric-Key Cryptography Chapter 10 10.2 Asymmetric-Key Cryptography
Confidentiality Authentication
Figure10.4: Asymmetric-key cryptosystem: secrecy / privacy / confidentiality. Figure10.5: Asymmetric-key cryptosystem: authentication.
Stalling, W. Cryptography and Network Security: Principles and Practices (Fourth Edition). United States of America: Pearson, Prentice Hall, 2006. (page 263) Stalling, W. Cryptography and Network Security: Principles and Practices (Fourth Edition). United States of America: Pearson, Prentice Hall, 2006. (page 264)
http://flylib.com/books/3/190/1/html/2/images/09fig02.jpg 1.41 http://flylib.com/books/3/190/1/html/2/images/09fig02.jpg 1.42
Stalling, W. Cryptography and Network Security: Principles and Practices (Fourth Edition). United States of America: Pearson, Prentice Hall, 2006. (page 265) Stalling, W. Cryptography and Network Security: Principles and Practices (Fourth Edition). United States of America: Pearson, Prentice Hall, 2006. (page 265)
http://flylib.com/books/3/190/1/html/2/images/09fig04.jpg 1.43 http://flylib.com/books/3/190/1/html/2/images/09fig04.jpg 1.44
Chapter 10 10.2 Asymmetric-Key Cryptography Chapter 10 Contents
Stalling, W. Cryptography and Network Security: Principles and Practices (Fourth Edition). United States of America: Pearson, Prentice Hall, 2006. (page 266)
http://flylib.com/books/en/3.190.1.83/1/ 1.45 1.46
10.1 Introduction
10.2 Asymmetric-Key Cryptography
10.3 RSA Cryptosystem
10.4 Attacks on RSA Cryptosystem
10.5 Other Cryptosystems
10.6 Summary
1.47 1.48
Chapter 10 10.3 RSA Cryptosystem Chapter 10 10.3 RSA Cryptosystem
Introduction
Public Private
Figure10.4: Complexity of operations in RSA.
• Suppose P is the plaintext and C is the ciphertext;
• Alice uses C = P mod n to create ciphertext from plaintext;
e
• Based on number theory operations and the difficulty to
• Bob uses P = C mod n to retrieve the plaintext sent by Alice;
d
find prime factors for a large number, n = pq, where p and
q are primes.
• The modulus n, a very large number, is created during the key
generation process (will discuss later). [ Back ]
1.49 Assoc. Prof. Mazleena Salleh, Cryptography and Network Security, 2014/2015-Semester 2. 1.50
• Encryption and decryption use modular exponentiation. Summary of RSA idea (Figure 10.4):
• Modular logarithm is as hard as factoring the modulus, for • Alice uses a one-way function (modular exponentiation)
which there is no polynomial algorithm yet. with a trapdoor known only to Bob.
• Eve, who does not know the trapdoor cannot decrypt the
message.
• Figure 10.4 show the idea:
• Alice can encrypt in polynomial time (e is public);
• Bob also can decrypt in polynomial time (because he • If some day, a polynomial algorithm for eth root
knows d); modulo n calculation is found, modular exponentiation
is not a one-way function anymore.
• But Eve cannot decrypt because she would have to
calculate the eth root of C using modular arithmetic.
1.51 1.52
Chapter 10 10.3 RSA Cryptosystem Chapter 10 10.3 RSA Cryptosystem
Procedure
RSA Structure
• RSA uses two algebraic structures:
1.55 1.56
Chapter 10 10.3 RSA Cryptosystem Chapter 10 10.3 RSA Cryptosystem
f (pe) = pe – pe-1
Example 10.4a:Given p = 5 and q = 3. f (8) f (23)
= 23 – 23-1
=8–4=4
• Calculates n = p x q = 5 x 3 = 15.
• The value of f (n) = (p – 1)(q – 1) = (5 − 1)(3 − 1) = 8. d = 5f (8)-1 mod8
d = 54-1 mod8
• Choose integer e, gcd(f (n), e) = 1 and 1 < e < f (n).
= 53 mod8
Say e = 5
d=5
• Calculates d = e-1 mod f (n) = 5-1 mod 8.
Use Euler’s theorem to find the inverse:
• Public Key, Kpu = { e, n } = { 5, 15 }
a-1 = af (n)-1 mod n
• Public Key, Kpr = { d, n } = { 5, 15 }
d = 5f (8)-1 mod8
Assoc. Prof. Mazleena Salleh, Cryptography and Network Security, 2014/2015-Semester 2. 1.57 Assoc. Prof. Mazleena Salleh, Cryptography and Network Security, 2014/2015-Semester 2. 1.58
Example 10.4b:• Public Key, Kpu = { e, n } = { 5, 15 } Exercise 10.1:a) Find the value of f (15).
b) Using the Euler’s theorem, proof that 4 mod15 = 4
5
• Public Key, Kpr = { d, n } = { 5, 15 }
Let k = 1;
Message encryption :
C = M e mod n = 45 mod15 = 4
Message decryption :
M = C d mod n = 4 5 mod15 = 4
Assoc. Prof. Mazleena Salleh, Cryptography and Network Security, 2014/2015-Semester 2. 1.59 1.60
Chapter 10 10.3 RSA Cryptosystem Chapter 10 10.3 RSA Cryptosystem
Exercise 10.1:Given p = 11 and q = 13. Assume that e = 11 is used to Example 10.5a:Bob chooses 7 and 11 as p and q.
encrypt a message M = 7,
a) calculate the value of d, and the ciphertext C.
•Calculates n = p x q = 7 x 11 = 77.
b) Show the decryption process to get the original
message. •The value of f (n) = (7 − 1)(11 − 1) = 60.
Solution 10.1: •Now Bob chooses two exponents, e and d, from Z60∗.
•If Bob chooses e = 13, then d = 37.
Assoc. Prof. Mazleena Salleh, Cryptography and Network Security, 2014/2015-Semester 2. 1.61 1.62
Example 10.5b:Now imagine that Alice wants to send the plaintext 5 Exercise 10.2:From Example 10.5a, proof that d = 37.
to Bob. (Multiplicative inverses from Euler’s theorem)
e = 13
a-1 mod n = af (n)-1 mod n
• Alice uses the public exponent 13 to encrypt 5:
d = 37
C = P e mod n = 513 mod 77 = 26
n = 77
1.63 1.64
Chapter 10 10.2 Asymmetric-Key Cryptography Chapter 10 10.2 Asymmetric-Key Cryptography
Exercise 10.2:From Example 10.5a, proof that d = 37. Exercise 10.3:From Example 10.5b, proof that :
(Multiplicative inverses from Euler’s theorem)
a) . 513 mod 77 = 26
-1 f (n)-1
a mod n = a mod n b) 26
. 37 mod 77 = 5
Solution 10.2: d = e-1 mod f (n)
= 13-1 mod f (77) Solution 10.3:
= 13f (60)-1 mod 60
= 13
1.65 1.66
Example 10.6a:Azizah creates a pair of keys for herself. She chooses Example 10.6b:Suppose Mubassyir wants to send a message “NO” to
397 and 401 as p and q. Azizah.
Code Character
00 A
01
02
B
C •He changes each character to a number (from 00 to
• Calculates n = p x q = 397 x 401 = 159197. 03
04
D
E 25), with each character coded as two digits.
05 F
06 G
• The value of f(n) = (397 − 1)(401 − 1) = 158400. 07
08
H
I •He then concatenates the two coded characters and
09 J
gets a four-digit number.
• Now Azizah chooses two exponents, e and d, from 10
11
K
L
Zf(159197)∗.
12 M
13
14
N
O
•The plaintext is 1314.
15 P
• If Azizah chooses e = 343, then d = 12007. 16
17
Q
R
18 S
19 T
20
21
U
V
•Figure 10.7 shows the process.
22 W
23 X
24 Y
25 Z
1.67 1.68
Chapter 10 10.3 RSA Cryptosystem Chapter 10 10.2 Asymmetric-Key Cryptography
1.69 1.70
Exercise 10.4:From Example 10.5b, proof that : Exercise 10.5:From Example 10.5b, proof that :
1.71 1.72
Chapter 10 10.3 RSA Cryptosystem Chapter 10 10.3 RSA Cryptosystem
Assoc. Prof. Mazleena Salleh, Cryptography and Network Security, 2014/2015-Semester 2. 1.73 Assoc. Prof. Mazleena Salleh, Cryptography and Network Security, 2014/2015-Semester 2. 1.74
1.77 1.78
Chapter 10 10.4 Attacks on RSA Cryptosystem Chapter 10 10.4 Attacks on RSA Cryptosystem
• Another way to break the RSA is to find a technique to • There are no attack against the algorithm but instead the
compute eth roots mod n. protocol.
• Since C = Me mod n, the eth root of C mod n is the • Attacker sees a ciphertext and guesses that the
message m. message might be.
• This would allow someone to recover encrypted
messages and forge signatures even without knowing
the private key.
• No general methods are currently known that attempt
to break RSA in this way.
• However, in special cases where multiple related
messages are encrypted with the same small
exponent, it may be possible to recover the messages.
Assoc. Prof. Mazleena Salleh, Cryptography and Network Security, 2014/2015-Semester 2. 1.81 Assoc. Prof. Mazleena Salleh, Cryptography and Network Security, 2014/2015-Semester 2. 1.82
1.83 1.84
Chapter 10 10.5 Other Cryptosystems Chapter 10 10.5 Other Cryptosystems
Rabin Cryptosystem
1.89 1.90
• There are two ways to achieve secrecy: symmetric- and • In asymmetric-key cryptography:
asymmetric-key cryptography that complement each
other.
Encryption and decryption can be thought of as
• The conceptual differences between the two systems are locking and unlocking padlocks with keys.
basically based on how they keep a secret. • Locked with a public key;
• Unlock only with the corresponding private key.
Symmetric-Key Asymmetric-Key
Keys Single key: secret-key Two keys: public-key,
private-key. The burden of providing security is mostly in the
Secret Shared between two Unshared.
receiver, who needs to:
entities.
• create two keys (public and private key).
Implementation Based on substitution and Based on applying
permutation of symbols. mathematical functions to • Distribute the public key to the community via a
numbers. public-key distribution channel.
• The main idea behind symmetric-key cryptography is the Exercise 10.2:In RSA:
concept of the trapdoor one-way function (TOWF), which is a) Given n = 221 and e = 5, find d.
a function such f is easy to compute, but f -1 is
computationally infeasible unless a trapdoor is used. b) Given n = 3937 and e = 17, find d.
c) Given p = 19, q = 23 and e = 3, find n, f(n) and d.
• The most common public-key algorithm is the RSA
cryptosystems.
• No devastating attacks have yet been discovered on RSA.
Forouzan,B.A. Cryptography and Network Security (International Edition). Singapore: McGraw-Hill, 2008. (page 334)
Chapter 10 Exercises Chapter 10 Exercises
Exercise 10.3:Perform encryption and decryption using the RSA Exercise 10.4:To understand the security of the RSA algorithm,
algorithm for the following: find d if you know that e = 17 and n = 187.
a) p = 3, q = 11, e = 7, and M = 5.
b) p = 5, q = 11, e = 3, and M = 9.
c) p = 7, q = 11, e = 17, and M = 8.
d) p = 11, q = 13, e = 11, and M = 7.
e) p = 17, q = 31, e = 7, and M = 2.
Stalling, W. Cryptography and Network Security: Principles and Practices (Fourth Edition). United States of America: Pearson, Prentice Hall, 2006. (page 282)
Forouzan,B.A. Cryptography and Network Security (International Edition). Singapore: McGraw-Hill, 2008. (page 334)
Chapter 10 Exercises
Stalling, W. Cryptography and Network Security: Principles and Practices (Fourth Edition). United States of America: Pearson, Prentice Hall, 2006. (page 282)