Post on 19-Dec-2015
RAIT M. Chatterjee 1
Public Key Algorithms……..
RAIT M. Chatterjee 2
Public Key Cryptography Two keys
Private key known only to individual Public key available to anyone
Idea Confidentiality:
encipher using public key, decipher using private key
Integrity/authentication: encipher using private key, decipher using public one
RAIT M. Chatterjee 3
Requirements
1. Given the appropriate key, it must be computationally easy to encipher or decipher a message
2. It must be computationally infeasible to derive the private key from the public key
3. It must be computationally infeasible to determine the private key from a chosen plaintext attack
RAIT M. Chatterjee 4
Public-Key Cryptography public-key/two-key/asymmetric
cryptography involves the use of two keys: a public-key, which may be known by
anybody, and can be used to encrypt messages, and verify signatures
a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures
RAIT M. Chatterjee 5
Public-Key Cryptography is asymmetric because
those who encrypt messages or verify signatures cannot decrypt messages or create signatures
RAIT M. Chatterjee 6
Public-Key Cryptography
RAIT M. Chatterjee 7
Why Public-Key Cryptography? developed to address two key issues:
key distribution – how to have secure communications in general without having to trust a KDC with your key
digital signatures – how to verify a message comes intact from the claimed sender
public invention due to Whitfield Diffie & Martin Hellman at Stanford in 1976 known earlier in classified community
RAIT M. Chatterjee 8
Public-Key Applications can classify uses into 3 categories:
key exchange (of session keys) encryption/decryption (provide
secrecy) digital signatures (provide
authentication) some algorithms are suitable for all
uses, others are specific to one
RAIT M. Chatterjee 9
Security of Public Key Schemes like private key schemes brute force
exhaustive search attack is always theoretically possible
but keys used are too large (>512 bits) not comparable to symmetric key sizes
security relies on a large enough difference in difficulty between easy (en/decrypt) and hard (to cryptanalyze) problems
requires the use of very large numbers hence is slow compared to secret key
schemes
RAIT M. Chatterjee 10
Diffie-Hellman Compute a common, shared key
Called a symmetric key exchange protocol
Based on discrete logarithm problem Given integers n and g and prime
number p, compute k such that n = gk mod p
Solutions known for small p Solutions computationally infeasible as
p grows large – hence, choose large p
RAIT M. Chatterjee 11
Diffie-Hellman Key Exchange a public-key distribution scheme
cannot be used to exchange arbitrary messages
rather it can establish a common key known only to the two participants
value of key depends on the participants (and their private and public key information)
based on exponentiation in a finite (Galois) field (modulo a prime or a polynomial) - easy
security relies on the difficulty of computing discrete logarithms (similar to factoring) – hard
RAIT M. Chatterjee 12
Diffie-Hellman SetupGenerating the Diffie-Hellman public
key The Diffie-Hellman system allows Alice
and Bob to agree on a key even when Eve is listening to everything they say to each other.
Alice and Bob need to agree on a prime number p, which they can do by simply sending it to each other.
Eve is allowed to learn this number p. In practice the number p is often simply advertised somewhere public.
RAIT M. Chatterjee 13
Generators & Public Key Given a prime number p, it is possible to come up with a
number g (the so-called generator) with a very interesting property. Every number between 1 and p-1 can be written as a power of g when calculating modulo p. For example, using p = 5 the generator is 2, because
20 = 1 21 = 2 22 = 4 23 = 3 (because 8 = 3 mod 5)
Alice and Bob agree in the same way on a generator g for the numbers between 1 and p-1.
The numbers p and g serve as the public key.
RAIT M. Chatterjee 14
Diffie-Hellman Key Exchange
Shared key, public communication No authentication of partners What’s involved?
P is a prime (about 512 bits), and g < p
P and g are publicly known
RAIT M. Chatterjee 15
Diffie-Hellman Key Exchange
ProcedureAlice Bobpick secret Sa randomly pick secret Sb
randomlycompute TA=gSa mod p compute
TB=gSb mod p
send TA to Bob send TB to Alice
compute TBSa mod p compute TA
Sb mod p
RAIT M. Chatterjee 16
Alice and Bob reached the same secret gSaSb mod p, which is then used as the shared key.
RAIT M. Chatterjee 17
DH Security - Discrete Logarithm Is Hard
T = gs mod p Conjecture: given T, g, p, it is
extremely hard to compute the value of s (discrete logarithm)
RAIT M. Chatterjee 18
Diffie-Hellman Scheme
Security factors Discrete logarithm very difficult. Shared key (the secret) itself never
transmitted.
RAIT M. Chatterjee 19
Disadvantages: Expensive exponential operation
DoS possible. The scheme itself cannot be used to
encrypt anything – it is for secret key establishment.
No authentication, so you can not sign anything …
RAIT M. Chatterjee 20
Bucket Brigade Attack...Man In The Middle
Alice Trudy BobgSa=123 gSx =654 gSb
=255 123 --> 654 -->
<--654 <--255 654Sa=123Sx 255Sx=654Sb
Trudy plays Bob to Alice and Alice to Bob
RAIT M. Chatterjee 21
Encryption With Diffie-Hellman
Everyone computes and publishes <p, g, T> T=gS mod p
Alice communicates with Bob: Alice
Picks a random secret Sa
Computes gbSa mod pb
Use Kab = TbSa mod pb to encrypt message
Send encrypted message along with gbSa
mod pb
RAIT M. Chatterjee 22
Diffie-Hellman Bob
(gbSa)Sb mod pb = (gb
Sb)Sa mod pb = TbSa
mod pb = Kab
Use Kab to decrypt
RAIT M. Chatterjee 23
Example of an attack
N=11 g=7 Alice chooses x=3 Bob chooses y=9 Trudy chooses x=8 and y=6
RAIT M. Chatterjee 24
Alice computes 73 mod 11 =2 Bob computes 79 mod 11 =8 Trudy computes 78 mod 11 =9 and 76 mod 11 = 4 Alice sends 2 to Bob….Trudy
intercepts and sends 9 Bob sends 8 to Alice….Trudy
intercepts and sends 4
RAIT M. Chatterjee 25
Alice computes K1= 43 mod 11 =9 Bob computes K2= 99 mod 11 =5
Trudy computes K1 = 88 mod 11 =5 And K2= 26 mod 11 = 9
Thus Trudy is man-in-the-middle……..