Public ! key cryptography S"##ested )y Diffie . /ellman 1567 - - PowerPoint PPT Presentation

public key cryptography
SMART_READER_LITE
LIVE PREVIEW

Public ! key cryptography S"##ested )y Diffie . /ellman 1567 - - PowerPoint PPT Presentation

Oct 01, 2023 623 likes •866 views

Public ! key cryptography S"##ested )y Diffie . /ellman 1567 8nstead 9f 9ne secret, s=ared key ?@it= t=e ass9ciated pr9)lems 9f key distri)"ti9n)C Dse a key pair ? e,d ) f9r eac= "ser 9ne f9r encrypti9n, 9ne f9r

slide-1
SLIDE 1

Public!key cryptography

S"##ested )y Diffie . /ellman 1567 8nstead 9f 9ne secret, s=ared key ?@it= t=e

ass9ciated pr9)lems 9f key distri)"ti9n)C

Dse a key pair ?e,d) f9r eac= "ser

9ne f9r encrypti9n, 9ne f9r decrypti9n 9ne priEate ?secret), 9ne p")lic sFtF c = Ee?m), m = Dd?c) in s9me cases E=D and

m = De?Ed?m)) = Ee?Dd?m)) = Dd?Ee?m)) iFeF t=e keys ?e,d) are inEerses 9f eac= 9t=er

slide-2
SLIDE 2

Both confidentiality and authenticity

H =as ?eA,dA), I =as ?eB,dB)

@=ere e is priEate, d p")lic

C9nfidentiality H ! IC c = EdB?m)

can 9nly )e decrypted )y DeB

H"t=enticity H ! IC c = EeA?m)

can )e decrypted )y any9ne, )"t can 9nly =aEe )een

encrypted )y EeA

I9t= c9nf.a"t= H ! IC c = EdB?EeA?m))

decrypted )y DdA?DeB?c))

slide-3
SLIDE 3

Requirements on PKS

1F Easy t9 #enerate ?e,d) LF Easy t9 encrypt Ek?m) #iEen k and m MF Easy t9 decrypt Dk?c) #iEen k and c NF C9mp"tati9nally infeasi)le t9 find e #iEen d OF C9mp"tati9nally infeasi)le t9 find m #iEen e and

c = Ee?m)

7F m = De?Ed?m)) = Ee?Dd?m)) = Dd?Ee?m))

?n9t al@ays)

slide-4
SLIDE 4

One!way trapdoor functions

H one!way f"ncti9n f is a ?1!1) f"ncti9n sFtF

y = f?x) is easy t9 c9mp"te, )"t x = f!1?y) infeasi)le

H trapdoor f"ncti9n f is a f"ncti9n sFtF

x = fk

!1?y) is easy iff k is kn9@n ?t=e key)

EasyC c9mp"ta)le in p9lyn9mial time,

pr9p9rti9nal t9 naC n len#t= 9f inp"t, a c9nstant

InfeasibleC n9t c9mp"ta)le in p9lyn9mial time,

eF#F 9nly in Ln

slide-5
SLIDE 5

Examples of one!way trapdoors

Ireakin# a le# SP"eeQin# t99t=paste 9"t 9f a t")e Mixin# c9l9"rs M"ltiplicati9n 9f lar#e prime n"m)ers

fact9riQati9n is =ard

Exp9nentiati9n 9f lar#e n"m)ers

discrete l9#arit=ms are =ard

slide-6
SLIDE 6

Exponential cryptography

RSHC f9r M=C=Zn

c = me m9d n m = cd m9d n

ExampleC e = O, d = 66, n = 115, m = 15

c = 15O = LN67055 m9d 115 = 77 m = 7766 " 1FL6#101N0 m9d 115 = 15

Seems impracticalV /9@ d9 @e find ?e,d) pairs sFtF it @9rksV

slide-7
SLIDE 7

Review: Modular arithmetic

a $ b ?m9d n) if a!b = kn f9r s9me k

eF#F 16 $ 6 ?m9d O)

Write a m9d n = r

if r is t=e ?p9sitiEe) resid"e 9f a/n

implies a $ r ?m9d n)

Let % )e an 9perati9nC Y, !, ⋅F Z=en

?a % b) m9d n = ??a m9d n) % ?b m9d n)) m9d n

?Zn,[Y,!,⋅\) is a c9mm"tatiEe rin#C

"s"al c9mm"tatiEe, ass9ciatiEe, distri)"tiEe la@s

slide-8
SLIDE 8

Efficient exponentiation mod n

?a # b) m9d n = ??a m9d n) # ?b m9d n)) m9d n,

s9 ab m9d n can )e c9mp"ted @it=9"t #eneratin# astr9n9mical n"m)ersC

MO m9d 6 = LNM m9d 6 = O

MO m9d 6 = ?ML)L#3 m9d 6 = ??ML m9d 6)#?ML m9d 6) m9d 6)#M m9d 6 = ??5 m9d 6)#?5 m9d 6) m9d 6)#M m9d 6 = ?L#L m9d 6)#M m9d 6 = 1L m9d 6 = O

Hl#9rit=m descripti9n in fi#"re 7F6

slide-9
SLIDE 9

Rivest, Shamir, Adleman

RSHC

c = me m9d n m = cd m9d n m = ?me m9d n)d m9d n = med m9d n ?= mde m9d n)

Find s"c= e,d, and n "sin# E"ler^s t=e9rem

slide-10
SLIDE 10

Review: Modular arithmetic (cont)

x is t=e m"ltiplicatiEe inEerse 9f a m9d"l9 n, @ritten a!1, if ax $ 1 ?m9d n)

ExC M⋅O $ 1 ?m9d 1N)

Z=e red"ced set 9f resid"es m9d"l9 n is Z*

n = [ x & Zn ! [0\ C #cd?x,n) = 1 \

E"ler^s t9tient f"ncti9n '?n) is t=e cardinality 9f Z*

n

ExC Z*

LN =[ 1, O, 6, 11, 1M, 16, 15, LM \,

'?LN)=_

slide-11
SLIDE 11

Euler and primes

LemmaC 8f p and q are prime, t=en '?pq) = ?p!1)#?q!1) = '?p)#'?q) Pr99fC in Zpq = a0,pq!1b, t=e n"m)ers n9t relatiEely prime t9 pq are ?in additi9n t9 0)C

q, 2q, ..., (p!1)q p, 2p, ..., (q!1)p

s9 '?pq) = pq ! ??p!1)Y?q!1)Y1) = pq ! p ! q Y 1 = ?p!1)?q!1) c9teC '?p)=p!1, f9r p a prime

slide-12
SLIDE 12

Euler’s theorem

Z=e9remC f9r all a and n sFtF #cd?a,n) = 1 ?t=ey are relatiEely prime), a'?n) m9d n = 1 C9r9llaryC f9r p and q primes, n=pq and 0dm<n, m'?n)Y1 = m?p!1)?q!1)Y1 $ m ?m9d n) 8f ed m9d '?n) = 1, t=en ed = t'?n)Y1 f9r s9me t, s9 ?e,d) is a @9rkin# key pair ?)y t=e c9r9llary)F

slide-13
SLIDE 13

Making RSA key pairs

ed m9d '?n) = 1, and if #cd?d,'?n)), E"ler^s t=e9rem t=en #iEes e = d'?'?n))!1 m9d '?n) C9mp"tin# e fr9m d and '(n) is easy, and eEen m9re efficient @it= an extensi9n 9f E"clid^s al#9rit=m f9r #cd?d,'?n)) ?see secti9n 6FO) /aEin# '?n) makes RSH easy t9 )reake '?n)=?p!1)?q!1), s9 p and q m"st )e secret, @=ile n=pq m"st )e p")licF Fact9riQin# pr9d"cts 9f lar#e ?prime) n"m)ers is =ardf

slide-14
SLIDE 14

Factorization

Fact9riQati9n 9f n=pq ?t9 find '?n)) is diffic"lt if

p and q are lar#e

H"#"st 1555C 1OO!di#it ?O1L!)it) n fact9riQed

MOF6 CPD!years ?6FN m9nt=s) "sin# 170 @9rkstati9ns, 1L0

P88, 1L str9n# @9rkstati9ns, and 9ne Cray

Fe)r"ary 1555C 1N0!di#it n fact9riQed

_F5 CPD!years ?5 @eeks) "sin# 1LO @9rkstati9ns, 70 Pcs,

and 9ne Cray

10LN!)it n expected t9 )e N0 milli9n times =arder

t=an 1N0!)it

slide-15
SLIDE 15

Finding large primes

cagEe met=9ds t99 time!c9ns"min# h"ess a n"m)er and test it many times

#iEes =i#= pr9)a)ility 9f primeness

m9re likely t=at a )it is flipped )y c9smic radiati9n

f9r L00 di#its, appr9x 60 #"esses eac= tested 100

times is en9"#=

Desired pr9perties t9 make fact9riQati9n =arder

p, q 9f different len#t= ?p!1) and ?q!1) @it= lar#e prime fact9rs #cd?p!1,q!1) small

slide-16
SLIDE 16

RSA cryptanalysis

Ir"te f9rce n9t feasi)le @it= lar#e keys ?typically

10LN!L0N_ )its)

Fact9riQati9n diffic"lt, )"t mat=ematical adEances

may make it si#nificantly easier

1566 c=allen#eC NL_!)it n @9"ld take N0 P"adrilli9n

years ! t99k _ m9nt=s ?155N)

Zimin# attack

)ased 9n t=e time t9 decrypt ?cip=ertext!9nly attack) c9"ntermeas"resC rand9m delay, i)lindin#i

slide-17
SLIDE 17

Simple RSA key exchange

H sends p")lic key dA and idA t9 I I selects a rand9m sessi9n key kS I sends c = EdA?kS) t9 H H decrypts kS = DeA?c)

j"lnera)le t9 man!in!t=e!middle attack

)9t= c9nfidentiality and a"t=enticity needed

slide-18
SLIDE 18

Blind use of RSA is insecure

W=en "sed f9r s=9rt messa#es ?eF#F 1L_!)it

keys), RSH is Eery E"lnera)le

f9r M&Zm, takes O?Lm/2) time and O?m#LmkL) space ideaC c/ML

e $ M1 e ?m9d n), if M=M1M2

)"ild ta)le 9f M1

e m9d n f9r all p9ssi)le M1 and c=eck f9r

c/M2

e m9d nF Zakes Lm1lLm2 9perati9ns ?M1<2m1, M2<2m2) Ilindin# necessary!

create secret rand9m r<n c = mre m9d n m = cd·r!1 @=ere r!1 is t=e inEerse 9f r

slide-19
SLIDE 19

Generators and discrete logarithms

a is a primitive root ?9r generator) m9d"l9 p if

Zp

* is #enerated )y exp9nentiati9n 9f a m9d p

exC L is a primitiEe r99t m9d 11C

Z11

m = [ 1, L, M, N, O, 7, 6, _, 5, 10 \

= [ L10, L1, L_, LL, LN, L5, L6, LM, L7, LO\ m9d 11

F9r any b, and a a #enerat9r m9d p, a "niP"e i

exists sFtF b=ai m9d pF

i is t=e discrete logarithm ?index) 9f b f9r )ase a,

m9d p

@rite i = inda,p?b)

slide-20
SLIDE 20

Diffie!Hellman key exchange

P")licC prime q, #enerat9r a m9d"l9 q. Dser H selects priEate, rand9m xA < q, and

c9mp"tes yA = axA m9d q

Dser I selects and c9mp"tes xB and yB same @ay Eac= sends =is y Eal"e t9 t=e 9t=er, and c9mp"tes

t=e s=ared keyC

K = ?yB)xA m9d q = ?axB m9d q)xA m9d q

= ?axB#xA) m9d q = ?axA#xB) m9d q = ?axA m9d q)xB m9d q = ?yA)xB m9d q = K

slide-21
SLIDE 21

Diffie!Hellman cryptanalysis

Kn9@nC q, a, yA, yB Z9 #et k, need xA 9r xB

xA = inda,q?yB)

F9r q a lar#e prime, t=is is c9mp"tati9nally

infeasi)le

slide-22
SLIDE 22

ElGamal PKS

Like Diffie!/ellman, )"t after exc=an#in# y

Eal"es, a messa#e m < q can )e encryptedC

select rand9m k in a1,q!1b c9mp"te K = yB

k m9d q

send ?C1,CL) @=ere

C1 = ak m9d q CL = Km m9d q

decrypti9nC

K = C1

xB m9d q

m = CLK!1 m9d q