Lecture 9 - Amir Masoumzadeh
Download
Report
Transcript Lecture 9 - Amir Masoumzadeh
Public Key Cryptography
INFSCI 1075: Network Security – Spring 2013
Amir Masoumzadeh
What we have looked at so far
CRYPTOLOGY
CRYPTOGRAPHY
Private Key
(Secret Key)
Block Cipher
Stream Cipher
CRYPTANALYSIS
Public Key
Integer Factorization
Discrete Logarithm
2
Outline
Problems with secret key schemes
Public key cryptography
Integer factorization
Discrete logarithms
How to achieve confidentiality, authentication, or both
3
Conventional Encryption Model
Insecure channel
Alice
x
Encrypt
Decrypt
y
k
k
Secure Channel
Key Source
y = ek (x) : Ciphertext
x = dk (y) : Plaintext
4
Oscar
Bob
x
Secret Key Cryptosystems
Block ciphers and stream ciphers
Use the same secret key on both sides for encryption and
decryption
Operations for ek and dk are identical
A separate key for each communication
KAlice&Bob
Alice
5
Bob
KAlice&Carol
Kbob&Carol
Carol
Problems with Secret Key Schemes
Key distribution and management is a problem
If the key is disclosed, communications are compromised
How many secret keys do we need?
How to provide non-repudiation?
6
What if a receiver forges a message and claims that is sent by a
sender! Both have access to the secret key!
Authentication, which secret key cryptosystems do not provide
Problems with Secret Key Schemes (cont.)
A secret key algorithm
implies every pair of
communicating entities
share a secret key
Total number of keys is
O(n2)
For n users, we need
n(n – 1)/2 pairs of keys
It is like having a mailbox
for EACH pair of
communicating people
7
Alice
Carol
Bob
Dan
Solution
One mailbox for one person
Make a SLOT in the mailbox
Everyone (including Oscar) can deposit messages in the
mailbox
Only the owner of the mailbox can recover the messages
So now for n users we only need n mailboxes and n keys
8
Why Public Key Cryptography?
Developed to address two key issues:
9
Key distribution – how to have secure communications in
general without having to trust a KDC with your key
(Confidentiality)
Digital signatures – how to verify a message comes intact
from the claimed sender (non-repudiation)
Public Key Cryptography
Pioneered by Whitfield Diffie and Martin Hellman in 1976
Public-key / two-key / asymmetric cryptography involves
the use of two keys:
Public-key (KU)
Private-key (KR)
Is known to everyone, used to encrypt messages and verify signatures
(Slot in the mailbox)
known only to the recipient, used to decrypt messages and sign
(create signatures)
(Actual key to open the mailbox)
Public Key Cryptography is asymmetric because
10
Those who encrypt messages or verify signatures cannot
decrypt messages or create signatures
Public Key Encryption Model
Insecure channel
Alice x
Encrypt
y
kubob
Decrypt
x
krbob
y = eku (x) : Ciphertext
x = dkr (y) : Plaintext
Oscar knows kubob
11
Bob
Requirements
It is easy to encrypt using the public key KU
It is easy to decrypt using the private key KR
It is computationally infeasible to determine the private
key given the public key
It is computationally infeasible to determine the plaintext
x given the ciphertext y and the public key KU
It should be easy to generate a public key-private key pair
Encryption and decryption should be inverse functions
12
dKR(eKU(x)) = x
What can satisfy these requirements?
There is a need for a mathematical function unlike
secret key cryptosystems
One way functions:
Every function value has a unique inverse
Calculating y = f (x) is easy
Calculating x = f -1(y) is not feasible
Examples:
13
Integer factorization
Discrete logarithms
Integer Factorization
Multiplication is easy
7 17 109 151 = 195821
Integer factorization is difficult
30616693 = ? ? ? ?
Answer: 47 59 61 181
Used in RSA
14
Discrete Logarithm
EASY: Modular exponentiation
223 mod 109 = ?
DIFFICULT: Discrete logarithm
223 = 8388608 77 mod 109
2x mod 109 = 68 : Find x
x = log2 68 mod 109
One way to solve it: Brute Force
Answer: x = 15
Used in Diffie-Hellman Key Exchange, ElGamal
Encryption Scheme, and Elliptic Curves
15
Trapdoor One-Way Functions
A special kind of one-way function that is hard to invert
unless some secret information, called the trapdoor, is
known
Every function value has a unique inverse
There are two related keys k1 and k2
Calculating y = f (k1, x) is easy
Calculating x = f -1(k2, y) is easy if k2 is known. It is
infeasible if k2 is not known and only k1 is known
16
Finding k2 given k1 is very hard
Providing Confidentiality
Bob’s public
KUB
key
KRB Bob’s private
key
plaintext
message, m
encryption ciphertext
algorithm
eKU (m)
B
17
decryption plaintext
algorithm message
m = dKR ( eKU (m) )
B
B
Providing Authentication
KUA Alice’s public key
KRA Alice’s private key
plaintext
message, m
encryption ciphertext
algorithm
eKR (m)
B
decryption plaintext
algorithm message
m = dKR ( eKU (m) )
B
B
Bob’s public
KUB
key
KRB Bob’s private
key
18
Providing Authentication & Confidentiality
plaintext encryption
message, m algorithm
C
eKR (m)
encryption
algorithm
A
decryption
algorithm
dKR ( eKU ( eKR (m) ) )
B
19
B
eKU ( eKR (m) )
B
C
decryption
algorithm
C’
A
A
plaintext
message
dKU ( eKR (m) )
A
A
Remarks
Single most major advance in cryptography
Much slower than private key cryptosystems
Vulnerable to brute force attacks
Vulnerable to mathematical analysis
Used primarily for signatures and key exchange rather than bulk data
encryption
Note that KU and KR are related
Key sizes are much larger than those in secret key algorithms
Probable message attack
20
KU is known
If the number of messages is small, Oscar can encrypt all possible
messages to break the system
Public Key Algorithms and Security
Three different popular algorithms
RSA (integer factorization)
ElGamal (discrete logarithms on prime number fields)
Menezes-Vanstone (discrete logarithms on elliptic curves)
Keys sizes for security
21
1024 bits for RSA and ElGamal
160 bits for Menezes-Vanstone
80 bits for block ciphers