Public-Key Cryptography

Public-Key Cryptography •Asymmetric encryption is a form of cryptosystem in which encryption and decryption are performed using the different keys.•Each individual has two keys: oprivate key (not revealed to anyone) opublic key (make it known to everyone)

•The use of two keys has consequences in: key distribution, confidentiality and authentication.•Public-key algorithms are based on mathematical functions rather than on substitution and permutation.

Encryption using Public-Key system

•Asymmetric encryption transforms plaintext into ciphertext using a one of two keys and an encryption algorithm. Using the paired key and a decryption algorithm, the plaintext is recovered from the ciphertext.

•The scheme has six ingredientso Plaintexto Encryption algorithmo Public and private keyo Ciphertexto Decryption algorithm

Authentication using Public-Key System

Public key encryption Vs secret key encryption

Applications for Public-Key Cryptosystems

•Three categories:o Encryption/decryption: The sender encrypts a message with

the recipient’s public key.o Digital signature: The sender ”signs” a message with its private

key.o Key echange: Two sides cooperate two exhange a session key

Requirements for Public-Key Cryptography

1. Computationally easy for a party B to generate a pair (public key KUb, private key KRb)

2. Easy for sender to generate ciphertext:

3. Easy for the receiver to decrypt ciphertect using private key:

)(MEC KUb

)]([)( MEDCDM KUbKRbKRb

Requirements for Public-Key Cryptography

4. Computationally infeasible to determine private key (KRb) knowing public key (KUb)

5. Computationally infeasible to recover message M, knowing KUb and ciphertext C

6. Either of the two keys can be used for encryption, with the other used for decryption:

)]([)]([ MEDMEDM KRbKUbKUbKRb

Public-Key Cryptographic Algorithms

•RSA and Diffie-Hellman •RSA - Ron Rives, Adi Shamir and Leanord Adleman at MIT, in 1977.o RSA is a block ciphero The most widely implemented

•Diffie-Hellman o Exchange a secret key securelyo Compute discrete logarithms

The RSA Algorithm – Key Generation

•Each user generates a public/private key pair by:

1. Select p,q p and q both prime2. Calculate n = p x q3. Calculate 4. Select integer e5. Calculate d 6. Public Key KU = {e,n}7. Private key KR = {d,n}

)1)(1()( qpn)(1;1)),(gcd( neen

)(mod1 ned

RSA Use•To encrypt a message M the sender:o obtains public key of recipient KU={e,n} o computes: C= Me mod n, where 0≤M<n

•To decrypt the ciphertext C the owner:o uses their private key KR={d,n} o computes: M=Cd mod n

•Note that the message M must be smaller than the modulus n (block if needed)

Prime Factorisation•To factor a number n is to write it as a product of other numbers: n=a × b × c •Note that factoring a number is relatively hard compared to multiplying the factors together to generate the number •The prime factorisation of a number n is when its written as a product of primes o eg. 91=7×13

Public-Key Cryptography•Public-Key Cryptography based on integer factorization or discrete logarithm problems

1. Integer Factorization Problem

2. Discrete Logarithm ProblemoIn general: computing x from gx mod p.

huge prime no. very huge no.huge prime no.* =

Very difficult to factorize!

Relatively Prime Numbers & GCD•Two numbers a, b are relatively prime if have no common divisors apart from 1

o eg. 8 & 15 are relatively prime since factors of 8 are 1,2,4,8 and of 15 are 1,3,5,15 and 1 is the only common factor

•conversely can determine the greatest common divisor by compar-ing their prime factorizations and using least powers

o eg. 300=21×31×52 18=21×32 , GCD(18,300)=21×31×50=6

Euler Totient Function ø(n)•when doing arithmetic modulo n •Complete set of residues is: 0..n-1 •Reduced set of residues is those numbers (residues) which are relat -ively prime to n

o e.g for n=10, o complete set of residues is {0,1,2,3,4,5,6,7,8,9} o reduced set of residues is {1,3,7,9}

•Number of elements in reduced set of residues is called the Euler Totient Function ø(n)

Euler Totient Function ø(n)•To compute ø(n) need to count number of elements to be excluded•In general need prime factorization, buto for p (p prime) ø(p) = p-1 o for p.q (p,q prime) ø(p.q) = (p-1)(q-1)

•eg.o ø(37) = 36o ø(21) = (3–1)×(7–1) = 2×6 = 12

Euclidean algorithmExample : The following are the division steps for computing gcd(16457, 1638)1. Divide the smaller into the larger: 16457 = 1638 x 10 + 77(dividend)= (divisor) x (quotient) + (reminder)2. Continue to divide remainders into previous divisors:1638 = 77 x 21 + 2177 = 21 x 3 + 1421= 14 x1 + 714= 7 x 2 +03. The process stops when the remainder is 0. The greatest common divisor of 16457and 1638 is 7, gcd(16457, 1638)=7.

Extended Euclidean Algorithm Now, do the "backward part" of the Euclidean algorithm (this is often called the “extended Euclidean algorithm)– expressing 7 as a combination of 16457 and1638.

7= 21- 14x 1

Replace 14 in our equation by (2) equation

7= 21-(77-21x3)x1

Rearrange this equation to be two terms

7= 4 x 21- 77

7= 4 x (1638 - 77 x21) - 77 from (3)

7= 4 x 1638 - 77 x 85

7=4 x 1638 – 85 ( 16457 – 1638 x 10)

7 = 1638 x 854 – 85 x 16457

(4) 16457 = 1638 x 10 + 77(3) 1638 = 77 x 21 + 21(2) 77 = 21 x 3 + 14(1)21= 14 x1 + 7

Finding Multiplicative Inverse For example: d= e-1 mod ø(n) d= 7-1 mod 160 (0-159) We have to find number x such that 7 * x mod 160 = 1 7 * x =1 So we start with Euclidean Algorithm: 160= 7* 22 +6 7= 6 * 1 +1 6= 1* 6 + 0

By using Extended Euclidean Algorithm: 1= 7 – 6*1 1= 7- (160 – 7 * 22) * 1 1= 7 – 1* 160 + 1* 7*22 1= 7(1+1*22) - 160 1= 7 * 23 -160 x= 23. 160 mod 160 =0

RSA Example - Key Setup For example, the keys were generated as follows.

1. Select two prime numbers, p = 17 and q = 11.

2. Calculate n = pq = 17 × 11 = 187.

3. Calculate ø(n) = (p - 1)(q - 1) = 16 × 10 = 160.

4. Select e such that e is relatively prime to ø(n) = 160 and less than ø(n); we choose e = 7.

5. Determine d such that de = 1 (mod 160) and d < 160.The correct value is d = 23, because 23 × 7 = 161 = (1 × 160) + 1 (from previous slide)

•The resulting keys are public key PU = {7, 187} and private key PR = {23, 187}.

RSA Example - En/Decryption•sample RSA encryption/decryption is: •given message M = 88 (88<187)•encryption:C = 887 mod 187 = 11

•decryption:M = 1123 mod 187 = 88

Reading “Cryptography and Network Security Principles and Practices”, Fourth Edition by William Stallings

Chapter 9