Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------
5.1 INTRODUCTION
In the real world , key management is the hardest part of
cryptology .Cryptanalysts often attack cipher system through their key
management .One of the problems facing symmetric cipher systems is key
distribution Keys must be distributed in secret , since knowledge of the key
gives knowledge of the massage .From the other side, keys are shared by
pairs , and could work well in small networks , but raised tremendously as
network grows up , since every pair of users must exchange keys .
The total numbers of key exchanges required in n-person network is
n(n-1)/2 .In six person network , 15 key exchange are required ,
in 1000 – person network ,nearly 500,000 key exchanges are requied .
Public key system are invented to over come the problems of key
distribution faced by symmetric (one - key) cipher systems .We summarize
the mentioned problems as follows :
First key must be distributed in secret .
Second : If key is compromised , then stranger can share the system
as member .
Third : number of key increases rapidly as users increased .
Public key cryptography based on one-way hash function (trap-door
function),that is depend on two keys public key used for encryption process
and it is available for every one in the network, the second key is the secret
key which is used for decryption processes , and every person in the
network has his own secret keys .In another meaning users have their own
secret keys and share others with public keys .Since public key is known
for every one , then A can communicate with B as follows :
1
Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------A gets public key of B from database.
A encrypt his message using B public key and send it .
B decrypt the message using his own secret key .
5.2 ONE-WAY HAASAH FUNCTION:
The notion of one- way function is central to public key
cryptography .One way function are easy to compute , but it is significantly
hard (computationally) to reverse. That is given x , it is easy to compute
f(x) , but given f(x), it is hard to compute x .Breaking plate is a good
example of a one-way hash function , it is easy to smash a plate into
thousands of tiny pieces back together into a plate . One-way functions are
not useful in public key cryptography, in public key. We need a special
type of one –way function, that is trap-door one-way function, which has a
secret door (secret key) used to reverse the other direction .i.e giving f(x)
and some secret Value we can deduce.
5.3 PUBLIC KEY CRY TOGRAPHY:
The concept of public key or (exponential ciphers) was invented by
Whitfield Diffie and Martin Hellman and independently by Ralph Merkle
at 1976. Since 1976, numerous Public key cryptography algorithms have
been proposed, many of these are insecure, others are impractical, only a
few of them are secure and practical. Only three algorithms work well for
both encryption and digital signature, RSA, EIGamal, and Rabin. All of
them are much slower than symmetricp algorithms by 1000 limes.
Public key cryptography used two different keys, public key for
encrypting process, and secret key for decrypting process. Any one can use
public key and encrypt a message, but only those who have secret key are
2
Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------allowed to decrypt the message. Mathematically, the process is based on
the trapdoor one-way function.Encryption is the easy direction, while
decryption is the hard direction unless he has the secret key.
Public key system encrypt a message block M c by computing
the exponential
C=Me mod n
Where e (public key) and are the keys of encryption transformation ,
M is restored by the same operation using different exponential d (secret
key):
M=Cd mod n
By symmetry, Encryption and decryption are commulative and malual
inverses, thus substituting 5.2 by 5.1:
M=(Md mod n)e mod n = Mde mod n = M
Encryption and decryption can be implemented using fast exponentiation
algorithm.
Figure 5-1 Fast exponentiation
3
Fastexp (a,z,n); rturn x = a mod n Begin Al := ai zi := zi x=1 While (zi<> 0) do Begin While (zI mod 2 =0) do Begin zI : = zI div 2 al:= (al*al) mod n; end; z1:=z1-1; x : =(x*a1) mod n; end; fastexp: = x; end;
Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------Using above algorithm then:
C = fastexp (m ,e , n)
M = fastexp (c ,d , n)
5.4 EXPONENTIAL CIPHER:Encryption and decryption transformations are based on modular
exponentiation. Modular arithmetic is easier to work with on computers,
because, it restricts She range of all intermediate values and the result.
Exponentiation in modular arithmetic is performed without huge
intermediate results. For example, to calculate a8 mod n, don't use the
naive approach and perfonn seven multiplications and one huge modular
reduction:
a8 mod n = (a . a. a. a . a . a. a. a) mod n
Instead, perform three smaller multiplications and three smaller modular
reductions:
a8 modn = ((a2 mod n)2 mod n)2 mod n also
a16 modn = (((a2 mod n)2 mod n)2 mod n)2 mod n
a25 mod n= (a . a24) mod n
=(a. a8 . a16) mod n
=(((a2 . a2)2)2 . (((a2)2)2)2) mod n
= ((((a2- a)2)2)2. a) mod n
=(((((((a2 mod n) .a) mod n)2 mod n)2 mod n)2 mod n) . a) mod n
Inverses is a problem of finding an integer x such that:
ax mod n = 1 a-1 = x mod n .
For example 3 and 7 are multiplicative inverses mod 10, because
21 mod 10 = 1. In general a-1 = x mod n has a unique solution if a and n
4
Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------are relatively prime. If n is prime number then every number in the range
(1, n-1) is relatively prime to n and has exactly one inverse modulo in that
range. Femat's theorem and Euler's generalization can solve such a
problem.
Fermit's theorem:Let n is a prime number; then for every a such that gcd (a,n) =1:
a n-1 mod n =1
Totient Function:For n = p q and p, q are prime
Ø(n)=(p-1)(q-1)
Where Ø(n) is Euler totient function, the number of'elements in tlie
reduced set of residues modulo n.
Example: let p = 3, q = 5, 11 = p , q = 15 '.
Ø (15) = (3-1) (5-1) =8
There are eight elements in the reduced set of residues modulo 15 (1, 2, 4,
7, 8, 11, 13, 14) are relatively prime to 15
5.5 POHLIG-HELLMAN CIPHERS:
Pohlig-Helman scheme is not a symmetric algorithm because different keys
are used for encryption and decryption. It is not a public key scheme,
because the keys are easily derived from each other, both encryption and
decryption keys must kept secret .In the Pohlig-Helman scheme, the
modulus is chosen to be a large prime P. because P is prime,
then Ø(P) =P-1 , which is trivially derived from P, thus the scheme can
only be used for conventional encryption where e and d are both kept
secret.The enciphering and deciphering functions are thus given by :
5
Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------C=Me mod p and M = Cd mod p
Where e d = l ( mod some complex number )
Example:
Let p = l l , whence Ø (p) = p – l = 10; chose d = 7 and compute e
e = inv(7,10) = 3 , M = 5
C = Me mod p = 53 mod l l = 4
M = Cd mod p = 47 mod l l = 5
5.6 RSA CIPHER SYSTEM:
One of the most well known and popular public key systems is the
RSA system, named after the first letters of the surnames of its designers
(Rivest, Shamir and Adleman of the Massachusetts lnstitute of Technology
MIT). The RSA based on the fact that it is relatively easy to calculate the
product of tow prime numbers, but giving the product it far more
complicated. First two prime numbers are generated (p and q of
length 100 -200 digit ), and their product is calculated and denoted by :
n = p* q
Chose e (encryption key ) randomly, relatively prime to p and q and
satisfy the following expression:
3 < e < (p – l) (q – l) and gcd [ e , (p – 1 ) * (p – 1 ) ] = 1
The value of e is used to determine another, d ( decryption key ) for which:
e d = 1 (mod (p -1) (q – 1))
d = e-1 mod ((p – 1) * (q – 1))
The public key consists of the pair (e. n). The encipherment of atext is
performed by taking the binary representation of a message divided into
blocks and denoted by M. the cipher block C is computed by raising the
6
Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------decimal value of M To the power of e and taking the remainder of a
division by n:
Encrypt: C = Me mod n ciphertext
Decrypt M = Cd mod n plaintext
Public key gets its efficiency from the difficulty of factorizing large prime
numbers. Furthermore, it is almost impossible to calculate the value of d if
only the public key (e, n) is known. In order to calculate d then p and q
must be known too.
Example
Let p = 3, q = 17 ;
n = p * q , 3 x 17 = 51
(p – 1 ) (q – 1) = 2 x 16 = 32
Find a number e between 3 and 32 which has no factor in common with 32.
Let e = 7; d can be determined using equation 5.13, then d = 23
e d = 7 x 23 = 161 mod 32 = 1
Let M = 2 then using (5.14) C = 27 mod 51 = 26 and
2623 mod 51 = 261 . 262 . 264.2616 (mod 51 ) = 16 x 13 x 16 x 1 (mod 51) = 2
Figure 5-3 RSA algorithm
Example 2:
7
1 .Cenerate two large prime mumbers p and q.2 .Calculate their product n. = p* q .
3 .Determine encryption key e such that ; 3 > e < (p – 1) (q – 1) and Ø (n) = (p – 1) * (q – 1)
gcd ( e, (p – 1) ( q – 1 ) ) = 1 4 .Calculate d = d = e-1 mod (( p – 1 ) * ( q – 1 ) = e-1 mod Ø (n)
5 .Encrypt : C = Me mod n
6.Decrypt : M = Cd mod n
Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------Let p = 53 and q 61 , then pq 3233, and Ø (n)= (p – 1) (q -1) =52 X 61=
3120, the value of e must be chosen some where between 3 and 3233.
Assume e =71, we can calcuilate d with d =e–1 mod (p -1) (q – 1) = 71–1
mod 3120 = 157.
Assuume that the message is given by M = RENAISSANCE. And the
alphabet is represented by decimal values a = 00, b = 01, c = 02, ete. with
space = 26, And divided into 4 –digit blocks, then we can proceeds as
follows:
M = RE NA I S SA NC E
1704 1300 0818 1800 1302 0426
M1 M2 M3 M4 M5 M6
Now encrypt:
C1 = M171 mod 3233, = 1704 71 mod 3233 = 3106
C2 =M271 mod 3233 , C3 = M371m 3233, etc…
C = 3106 0100 0931 2691 1984 2927
C1 C2 C3 C4 C5 C6
And decrypt:
M1 = C1791 mod 3233 =3106791 mod 3233
M1 = C1791 mod 3233, M2 = C2791 mod 3233, M3 = C3791mod 3233, etc
5.7 KNAPSACK CIPHER :
Knapsack cipher system is a public key system based on the so –
called Knapsack problem . The Knapsack problem can be described as
follows .The vector A = (a1,a2,a3……..an) consist of positive integer .The
elements of this vector are multiplied by a binary vector denoted by
X=(x1,x2……xn) in which every xi ; i= 1,……..,n is either 0 or 1 . This
results is the sum s :
8
Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------
S=
If X and A are given the value of S can be calculated with out any effort .
However if S and A are given , it is considerably move difficult to calculate
X. figure 5-3illustrates the knapsack problem . A Knapsack filled with a
selection of object) from a large set , each object has a different weight (the
elements of a correspond to the determine which items are in the
Knapsack?
In other word is it possible to determine the elements of X ? when A is
sufficiently large (more than 100 elements), it is almost impossible to
calculate X from a given S and A.
Figure 5-3 The knapsack
9
Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------Now suppose A is selected such that Scan be calculated from X and A , but
the calculation of X given S and A is almost impossible , unless additional
information is available .The vector X would then represent the plaintext ,
which would be converted to a cipher text S with the aid of A. The
procedure is performed as follows :
Select two numbers , u and v, which are relatively prime and u > Σaj, the
knapsack vector A (which is a super – increasing sequence) is transformed
to vector B whose elements satisfy :
bi = V ai (mod u) for all values of i :
The vector B is made public u , v and A are kept secret .The vector X can
now enciphered to S according to S = BX . Deciphering of the cipher is
only possible if u ,v and A are available . The following procedure can be
used for deciphering :
Example :
Let A= (3,5,9,19), u = 40 ,v =7 , x =(0110)
10
1. Chose a knapsack vector A with super – increasing sequence .
2. Select two relatively prime number u and v where > 3. Transform vector A into vector B .
bi = vai (mod u) for all values of i .4. Make B public and keep u , v and secret 5. Encrypt S =BX
6. Decrypt X=v-1 S(mod u) =
Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------
Figure 5-4 Knapsack Algorithm
5.8 PUBLIC KEY DIGITAL SIGNATURE ALGORITHM (DSA):In august 1991 , the national institute of standards and technology proposed the
digital signature algorithm (DSA). DSA is a variant of Schnorr and ELgamal
signature algorithm.
The following algorithm is Variant ofSchnorr and Elgamal signature algorithm, which
uses the following parameters:
P : 512 – 1024 bit prime number .
q : 160 bit prime , factor of p – 1 .
g = h(p-1)/q mod p, where h is any number less than p – 1 such that:
h(p-1)q mod p > 1 .
y = gx mod p .
x : private key < q.
k : random number < q.
x = (gk mod p) mod q.
s = k-1 (H(m) + xr )) mod q.
The algorithm makes use of a one- way hash function h(m) . p, q and g are public and
can be common across a net work of users. The private key is X , The public key is y.
To sign a message m follow the procedure shown in figure 5-6 .
11
Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------
Figure 5-5 Digital Signature Algorithm
5.9 Key EXCHANGE:1. using public key : attacked by man- in – the –middle (cipher text attack), and
prevented by interlock protocol .
2. using digital signature , one way hash function .
3. Keys and messages transmission .
5.10 AUTHENTICATION Using one way function attacked by dictionary attack , prevented by using
SALT.e.g skid2,skid3 . DASS, Distributed Authentication Security Service for matual
authentication and key exchange.
5.11 PUBLIC KEY CRY PT ANALYSIS: 1. Mathematically: deduce d from n and e.
2. Guess (p -1) and (q-1)
3. Factoring n : having e ===> deduce d.
4. Chosen ciphertext attack: (Protocol attack): scenario:
eve wants Alice to sign m3; she generates ml and m2 Such that
m3 ml m2 (mod n)
m3d (m1d mod n) (m2d mod n)
moral: never use RSA to sign a random document presented by a stranger.
5. Common modulus: Known n,c1. c2., e1, and e2;
Select two random numbers r and s such that:
rel +,se2 1, assume r is negative:
( C1-1 )- r. c25 =m mod n
Moral: Don't share a common n among a group of users.
12
SENDER Generate a random mmber k<q. Generate r = (qr mod p ) mod q
S=k-1 (H(m)+xr) mod q Receiver:
Verify the signature by computing :w= S-1 mod qul= (h(m).w)mod q.
U2= (rw) mod q. v= ((qn1 yn2) mod p)mod q .
If bv = r then the signature is verfied
Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------6. Genetic algorithm:
Choose a set of prime numbers such that the product of any two of them less than n
use fitness function with the following characteistics:
- Neglect all even numbers, and those least significant digit = 0.
- Neglect numbers, which are divided by 3.
- Generated numbers by mating should be relatively prime to e.
7. Crypt analysis knowing n and e:
8. It is possible for cryptanalyst to try every possible d, until he fined the correct one.
This is called brute-force attack. It is less efficient than other methods.
9. There is a common probabilistic algorithm for computing primesp and q.
10. Factoring n is the most obvious means of attack. Factoring a number means
finding its prime factors. There are some factoring algorithm such as number field
sieve (NFS), Quadratic sieve (QS), elliptic curve method (ECM), pollards Montecarlo
algorithm, ..., etc. In March 1994, a 129-digit (428-bit) number was factored using the
double prime variation of the multiple polynomial (QS) by a team of mathematician,
led by Lenstra. Volunteers on the Internet carried out the computation; 600 people and
1600 machines over the course of eight months. The machines communicated via
electronic mail sending their intermediate result to a central machine where the final
steps of analysis took Lessons learned:
• Knowledge of encryption/decryption pail of exponent for a given modulus (e, n),
enables attacker of factoring the modules.
• Knowledge of encryption/decryption pair of exponent for a given modulus (e,n), c,
n enables attacker to calculale other pairs with out factoring n.
• Common modulus should not been used in network.
• Messages should be padded with random values on low encryption exponents
• Decryption exponent should be large.
13