Network and Communications Security (IN3210/IN4210) Asymmetric Cryptography
Key Exchange 3
Recapitulation: Symmetric Encryption ● One problem: key exchange Eve 6R4Y2 hlbMZ CB... Dear Dear Bob Decryption Bob Encryption .... .... Alice Bob Key Generator Symmectric Key Network and Communications Security (IN3210/IN4210) 4
Diffie Hellman Key exchange ● Creating common (symmetric) key only known to the communication partners ● Created by Whitfield Diffie and Martin Hellman in 1976 Image source: Wikipedia Network and Communications Security (IN3210/IN4210) 5
Illustration of DH Key Exchange Image source: Wikipedia Network and Communications Security (IN3210/IN4210) 6
Logarithm ● Choose (integer) b and a and calculate y = b a ● Given just b and y can you calculate a ? ● Easy (logarithm): a = log b y ● Example: − b = 7, y = 13841287201, a = ? Network and Communications Security (IN3210/IN4210) 7
Modular Arithmetic ● mod operator: x mod n − remainder when performing an integer division of x and n ● Example: − 19 mod 3 = 1 (19 = 6 * 3 + 1 ) − 13 mod 3 = 1 (13 = 4 * 3 + 1 ) − 1234 mod 10 = 4 − 2 20 mod 10 = 6 Network and Communications Security (IN3210/IN4210) 8
Discrete Logarithm ● Choose integer b, a and n and calculate y = b a mod n ● Given just b , n and y can you calculate a ? ● Example: − b = 7, n = 1023, y = 439, a = ? ● Hard problem: Discrete Logarithm Problem (DLP) ● No simple calculation ● Only (known) method: test all possible values for a (infeasible for large n ) Network and Communications Security (IN3210/IN4210) 9
b a Diffie Hellman Key exchange α ● Alice and Bob agree on (public parameters): − Large prime number p − Generator g (i.e. g is primitive root mod p ) ● Alice: β − chooses a (secret) random number a − calculates α = g a mod p − sends α to Bob g a mod p ● Bob: − chooses a (secret) random number b g b mod p − calculates β = g b mod p − sends β to Alice ● Calculation of common secret: − Alice: β a mod p = ( g b mod p) a mod p = ( g b ) a mod p = g ab mod p = K − Bob: α b mod p = ( g a mod p) b mod p = ( g a ) b mod p Network and Communications Security (IN3210/IN4210)
Diffie Hellman Key exchange ● (Passive) attacker learns: g a mod p − g − p − g b mod p g b mod p − g a mod p ● For calculating K the attacker needs additionally a or b ● a or b can not easily be derived from the know values (DLP) Eve Network and Communications Security (IN3210/IN4210) 11
Weakness of DH Key Exchange g b g a Mallory g e g e Secure Communication Secure Communication K 2 = g be mod p K 1 = g ae mod p Solution: later! Network and Communications Security (IN3210/IN4210) 12
Breaking DH ● g and p must be chosen carefully − e.g. p – 1 shall have small prime factors − otherwise mathematical “tricks” are possible for breaking DLP − (details are irrelevant in this course) ● Always possible: test all possible values for a (or b ) − Which size to choose for p ? ▪ 512 bit → practically broken (2015) ▪ 1024 bit → estimated costs for breaking: 100 million $ ▪ 2048 bit → secure, but long runtime Network and Communications Security (IN3210/IN4210) 13
Asymmetric Encryption
Asymmetric Encryption ● Problem of symmetric encryption: − Shared secret must be distributed ● Problem of DH key exchange: − interactive protocol − both parties must be “online” in order to start encrypted communication ● Asymmetric Encryption: − Use different keys for de- and encryption − Public encryption key is published (everyone can encrypt) − Private decryption key is kept confidential (just owner can decrypt) Network and Communications Security (IN3210/IN4210) 15
Asymmetric Encryption ● Two distinct keys (private key and public key) are used for encryption and decryption respectively Eve 6R4Y2 hlbM ZCB... Dear Dear Bob Bob Encryption Decryption .... .... Alice Bob Private Key Key Pair Generator Public Key Network and Communications Security (IN3210/IN4210) 16
Asymmetric Encryption ● Based on number theoretic problems − RSA: Factorisation Problem − ElGamal: Discrete Logarithm Problem ● RSA: named after its inventors (1978): Massachusetts Institute of Technology − Ronald Rivest University of Southern California − Adi Shamir − Leonard Adleman Image sources: • • Network and Communications Security (IN3210/IN4210) 18
RSA (Textbook Version) ● Key generation: − Choose two prime numbers p and q − Calc n = p · q , m = ( p – 1) ( q – 1) − Choose e and d with e · d (mod m ) = 1 − Public key: n, e Typically: • Set e = 65537 − Private key: d • Calculate d using the ● Encryption of message M (integer < n ): Extended Euclidean algorithm − C = M e mod n ● Decryption of cipher text C : − M’ = C d mod n ● M' = ( M e ) d mod n = M Follows from Euler‘s Theorem Network and Communications Security (IN3210/IN4210) 19
Breaking RSA ● Key generation: − Choose two prime numbers p and q − Calc n = p · q , m = ( p – 1) ( q – 1) − Choose e and d with e · d (mod m ) = 1 − Public key: n, e − Private key: d Example: n = 15 → p = 3, q = 5 ● Attacker: − Knows n and e − Factorizes n , i.e. finds p and q Easy for small numbers, hard for large numbers: − Calculates m and d Factorization problem Network and Communications Security (IN3210/IN4210) 20
RSA Calculation ● 1. problem: calculation effort − 𝑦 𝑜 = 𝑦 ∙ ⋯ ∙ 𝑦 → n – 1 multiplications 𝑜 ● Square and Multiply: − Write n in binary; remove the first 1 − For every 1 perform first a square (... 2 ) operation then a multiply operation (• x) − For every 0 perform a square (... 2 ) operation ● Example: − n = 23 10 = 10111 2 → Q QM QM QM 2 2 ∙ 𝑦 − 𝑦 23 = 𝑦 2 2 ∙ 𝑦 ∙ 𝑦 − 7 multiplications instead of 22 ● “Standard” value for e: − 65537 10 = 10000000000000001 2 → 16 multiplications Network and Communications Security (IN3210/IN4210) 21
RSA Calculation ● 2. problem: large intermediate values: − “ M e mod n ” is smaller than n , but “ M e “ is very large ● Property of mod operator: − ( x • y ) mod n = (( x mod n ) • ( y mod n )) mod n ● Application to Square and Multiply: − Perform a “mod” operation after every square or multiply step − Example: 2 2 mod 𝑜 ∙ 𝑦 mod 𝑜 ▪ 𝑦 23 mod 𝑜 = 𝑦 2 mod 𝑜 2 mod 𝑜 ∙ 𝑦 mod 𝑜 … − No intermediate value is larger than 𝑜 2 Network and Communications Security (IN3210/IN4210) 22
Prime Numbers ● How to calculate large (~ 500 - 2000 bits) prime numbers? ● 2 types of primality tests: − Deterministic (too slow for large numbers) − Probabilistic (fast, but not 100% correct) ● Example: Solovay – Strassen primality test: − max ½ probability of wrong answer − Algorithm for testing “ n prime?” ▪ Repeat k times: o Choose random number a o Run primality test (uses number a as parameter) o If false return „not prime“ ▪ Return „probable prime“ − Error probability: 1/2 k , e.g. 2 -100 for k = 100 Network and Communications Security (IN3210/IN4210) 23
RSA number Decimal digits Binary digits Factored on RSA-100 100 330 April 1, 1991 RSA-110 110 364 April 14, 1992 Breaking RSA RSA-120 120 397 July 9, 1993 RSA-129 129 426 April 26, 1994 RSA-130 130 430 April 10, 1996 ● Best known attack on RSA: RSA-140 140 463 February 2, 1999 RSA-150 150 496 April 16, 2004 factorizing n RSA-155 155 512 August 22, 1999 RSA-160 160 530 April 1, 2003 ● Competition for factorizing given RSA-170 170 563 December 29, 2009 RSA-576 174 576 December 3, 2003 numbers (created 1991): RSA-180 180 596 May 8, 2010 RSA Factoring Challenge RSA-190 190 629 November 8, 2010 RSA-640 193 640 November 2, 2005 ● Consequence: RSA-1024 is not RSA-200 200 663 May 9, 2005 RSA-210 210 696 September 26, 2013 secure any more RSA-704 212 704 July 2, 2012 RSA-220 220 729 May 13, 2016 Source: Wikipedia, RSA-230 230 762 August 15, 2018 RSA-232 232 768 February 17, 2020 RSA-768 232 768 December 12, 2009 RSA-240 240 795 Dec 2, 2019 RSA-250 250 829 Feb 28, 2020 Network and Communications Security (IN3210/IN4210) 24
Hybrid Encryption (1/3) ● Pros and cons of (a)symmetric encryption: − Asymmetric encryption: ▪ easier key management vs. slow performance + limited message size − Symmetric encryption: ▪ good performance (1000x times faster) vs. key exchange problem ● Hybrid Encryption: combining the advantages: − Encrypt a random symmetric session key by means of asymmetric encryption − Encrypt the data with the symmetric session key and by means of symmetric encryption Network and Communications Security (IN3210/IN4210) 26
Hybrid Encryption (2/3) ● Encryption process Dear 6R4Y2hlb Symmetric MZCBaj39 Bob Encryption .... c2jmCw... Alice Encrypted Sym. Key Key Asymetric Generator Encryption Symmetric Key Bob‘s Public Key Network and Communications Security (IN3210/IN4210) 27
Hybrid Encryption (3/3) ● Decryption process 6R4Y2hlb Dear Symmetric MZCBaj39 Bob Decryption c2jmCw... .... Encrypted Bob Sym. Key Asymmetric Decryption Symmetric Key Bob‘s Private Key Network and Communications Security (IN3210/IN4210) 28
Recommend
More recommend
![Cryptography [Asymmetric Cryptography] Fall 2017 Franziska (Franzi) Roesner](https://c.sambuz.com/856287/cryptography-s.jpg)
![Cryptography [Finish Asymmetric Cryptography] Spring 2020 Earlence Fernandes](https://c.sambuz.com/863686/cryptography-s.jpg)
![Cryptography: Hash Functions and MACs [continued] Asymmetric](https://c.sambuz.com/869292/cryptography-hash-functions-and-macs-continued-asymmetric-s.jpg)
![Cryptography [Finish Hash Functions; Start Asymmetric Cryptography] Spring 2020 Franziska](https://c.sambuz.com/883233/cryptography-s.jpg)
