![Page 1: CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649da75503460f94a93633/html5/thumbnails/1.jpg)
CSCI 172/283Fall 2010
Public Key Cryptography
![Page 2: CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649da75503460f94a93633/html5/thumbnails/2.jpg)
Public Key CryptographyNew paradigm introduced by Diffie and
HellmanThe mailbox analogy:
Bob has a locked mailboxAlice can insert a letter into the box, but can’t
unlock it to take mail outBob has the key and can take mail out
Encrypt messages to Bob with Bob’s public keyCan freely distribute
Bob decrypts his messages with his private keyOnly Bob knows this
![Page 3: CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649da75503460f94a93633/html5/thumbnails/3.jpg)
RequirementsHow should a public key scheme work?Three main conditions
It must be computationally easy to encrypt or decrypt a message given the appropriate key
It must be computationally infeasible to derive the private key from the public key
It must be computationally infeasible to determine the private key from chosen plaintext attackAttacker can pick any message, have it encrypted,
and obtain the ciphertext
![Page 4: CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649da75503460f94a93633/html5/thumbnails/4.jpg)
Exchanging keysAlice and Bob want to communicate using a
block cipher to encrypt their messages, but don’t have shared key
How do Alice and Bob get a shared key?
![Page 5: CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649da75503460f94a93633/html5/thumbnails/5.jpg)
Solution 1Alice sends the key along with her
encrypted message
Eve sees encrypted message and keyUses key to decrypt message
FAIL!FAIL!
![Page 6: CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649da75503460f94a93633/html5/thumbnails/6.jpg)
Solution 2Alice sends the key at some time prior to
sending Bob the encrypted message
Eve has to wait longerIf she saw the key transmission, she has the
keyUses key to decrypt message
FAIL!FAIL!
![Page 7: CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649da75503460f94a93633/html5/thumbnails/7.jpg)
Solution 3 – Use public key cryptoDiffie Hellman Key ExchangeAll users share common modulus, p, and element g
g ≠ 0, g ≠ 1, and g ≠ p-1Alice chooses her private key, kA
Computes KA = gkA mod p and sends it to Bob in the clear
Bob chooses his private key, kBComputes KB = gkB mod p and sends it to Alice in the
clearWhen Alice and Bob want to agree on a shared key,
they compute a shared secret SSA,B = KB
kA mod pSB,A = KA
kB mod p
![Page 8: CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649da75503460f94a93633/html5/thumbnails/8.jpg)
Why does DH work?SA,B = SB,A
(gkA) kB mod p = (gkB) kA mod p
Eve knowsg and pKA and KB
Why can’t Eve compute the secret?
This was the first public key cryptography scheme
SA,B = KBkA mod p
SB,A = KAkB mod p
![Page 9: CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649da75503460f94a93633/html5/thumbnails/9.jpg)
Hard problemsPublic key cryptosystems are based on hard
problemsDH is based on the Discrete Logarithm Problem
(DLP)
Given: Multiplicative group GElement a in GOutput b
Find:Unique solution to ax = b in G
x is loga b
No polynomial time algorithm exists to solve this*
*On classical computers
![Page 10: CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649da75503460f94a93633/html5/thumbnails/10.jpg)
Could it fail?Eve could fool Alice and Bob
Man in the middle / bucket brigade
AliceBobEve
My key is KA
My key is KA
My key is K’A
My key is K’A
My key is KB
My key is KB
My key is K’B
My key is K’B
Alice has no guarantee that the person she’s establishinga key with is actually Bob
![Page 11: CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649da75503460f94a93633/html5/thumbnails/11.jpg)
RSARivest-Shamir-AdlemanProbably the most well-known public key
schemeFirst, some background
![Page 12: CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649da75503460f94a93633/html5/thumbnails/12.jpg)
Euler’s TotientTotient function (n)
Number of positive numbers less than n that are relatively prime to nTwo numbers are relatively prime when their
greatest common divisor is 1
Example: (10) = 41, 3, 7, 9
Example: (7) = 61, 2, 3, 4, 5, 6If n is prime, (n) = n-1
![Page 13: CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649da75503460f94a93633/html5/thumbnails/13.jpg)
RSA keysChoose 2 large primes, p and qN = pq(N) = (p-1)(q-1) Choose e < N such that gcd(e, (N))=1d such that ed = 1 mod (N)
Public key: {N, e}Private key: {d}
p and q must also be kept secret
![Page 14: CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649da75503460f94a93633/html5/thumbnails/14.jpg)
RSA encryption/decryptionAlice wants to send Bob message m
She knows his public key, {N,e}
AliceBob
c = me mod N
c
m = cd mod N
![Page 15: CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649da75503460f94a93633/html5/thumbnails/15.jpg)
Toy examplep=7, q=11
N=77(N) = (6)(10) = 60
Bob chooses e=17Uses extended Euclidean algorithm to find
inverse of e mod 60Finds d=53
Bob makes {N, e} public
![Page 16: CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649da75503460f94a93633/html5/thumbnails/16.jpg)
Toy example (continued)Alice wants to send Bob “HELLO WORLD”Represent each letter as a number 00(A) to
25(Z)26 is a space
Calculates:0717 mod 77 = 28, 0417 mod 77 = 16, …, 0317
mod 77 = 75Sends Bob 28 16 44 44 42 38 22 42 19 44
75 He decrypts each number with his private
key and gets “HELLO WORLD”
![Page 17: CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649da75503460f94a93633/html5/thumbnails/17.jpg)
What could go wrong?What was wrong with the toy example?
Eve can easily find the encryption of each letter and use that as a key to Alice’s message
Even without knowing the public key, can use statistics to find likely messagesLike cryptogram puzzles
![Page 18: CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649da75503460f94a93633/html5/thumbnails/18.jpg)
How it should really happenp and q should be at least 512 bits each
N at least 1024 bitsThe message “HELLO WORLD” would be
converted into one very large integerThat integer would be raised to the
public/private exponentFor short message, pad them with a
random string
![Page 19: CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649da75503460f94a93633/html5/thumbnails/19.jpg)
Is this key yours?How to bind a key to an identity?
![Page 20: CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649da75503460f94a93633/html5/thumbnails/20.jpg)
PK ParadigmGenkey(some info)
Creates Kpub and Kpriv
Encrypt with Kpub
Decrypt with Kpriv
Certificate binds key to individual
![Page 21: CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649da75503460f94a93633/html5/thumbnails/21.jpg)
IBEIdentity-Based EncryptionKpub is well-known
Known to be bound to ownerName, email, SSN, etc.
Owner requests a private key from CA
No certificates required
![Page 22: CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649da75503460f94a93633/html5/thumbnails/22.jpg)
Conclusion by xkcd
http://xkcd.com/538/