Upload
others
View
25
Download
0
Embed Size (px)
Citation preview
Introduction to Cryptography
--- Foundations of computer security ---
Related Chapters
• Cryptography
– CHAPTER 2, A Cryptography Primer
– CHAPTER 37, Data Encryption
– CHAPTER 39, Public Key Infrastructure
– CHAPTER 70, Advanced Data Encryption
2
Outline
• basic terms in cryptology
• classic secret key ciphers
• modern secret key ciphers
– DES (Data Encryption Standard) and AES (Advanced Encryption Standard)
– how do they work
– how to use DES and AES in practice • 4 modes of operations
3
Basic Terms
• cryptology (to be very precise) – cryptography --- designing
– cryptanalysis --- code breaking
• cryptologist – cryptographer
– cryptanalyst
• encryption/encipherment – scrambling data into unintelligible to unauthorised
parties
4
Basic Terms (2)
• decryption/decipherment
– un-scrambling
• cipher/cryptosystem
5
A Short History
• dividing line is 1976/77
– classic ~1976/77 • 1976: Diffie & Hellman discovered public key cryptography
• 1977: National Bureau of Standards published DES (Data Encryption Standard)
– modern 1976/77 ~ today
6
History (2)
• the word of “cipher”--- from Greek (secret writing)
• ancient Egypt, Julius Caesar, ...
• WWII – Enigma cipher machine
• broken by British team including Alan Turing
– Purple cipher • broken by US, led to the death of Yamamoto
• Mainly for war, diplomacy & politics
7
Good Book on History of Crypto
• David Kahn, The Codebreakers, Macmillan, New York, 1972.
• PS:
– a revised edition was published in 1996
– Not quite complete
8
Cryptography Goals
• Authentication:
– Alice sends a message to Bob. How can Bob verify that the message originated from Alice and not from Eve pretending to be Alice?
• Confidentiality:
– Alice sends a message to Bob. How can Bob be sure that the message was not read by Eve? For example, personal communications need to be maintained as confidential.
9
Cryptography Goals (2)
• Integrity:
– Alice sends a message to Bob. How does Bob verify that Eve did not intercept the message and change its contents?
• Nonrepudiation:
– Alice could send a message to Bob and later deny that she ever sent a message to Bob. In such a case, how could Bob ever determine who actually sent him the message?
10
Types of Ciphers
• private key cryptosystems/ciphers
– Also known as • Secret key ciphers
• Single key ciphers
• Symmetric ciphers
• public key cryptosystems/ciphers
– Also known as • asymmetric ciphers
11
Representation of Data
• By characters
– each character is represented by a 8-bit byte according to the ASCII table
• By binary bits (0’s and 1’s)
– eg. • fax messages
• images
• digitalised voice data
12
Private Key Cipher
13
E Network or Storage
Plain Text Cipher Text Cipher Text Original Plain Text
Bob
Shared Secret Key
Alice
Shared Secret Key
D
Concepts
• A private key cipher is composed of two algorithms
– encryption algorithm E
– decryption algorithm D
• The same key K is used for encryption & decryption
• K has to be distributed beforehand
14
Notations
• Encrypt a plaintext P using a key K & an encryption algorithm E C = E(K,P)
• Decrypt a ciphertext C using the same key K and the matching decryption algorithm D P = D(K,C)
• Note: P = D(K,C) = D(K, E(K,P))
15
Classic Ciphers
• Substitution ciphers (also called shift/additive ciphers) – Monoalphabetic ciphers
– Polyalphabetic ciphers
• Transposition (permutation) ciphers
• Product ciphers – using both
• substitution, and
• transposition
16
The Caesar Cipher
• The Caesar cipher
– a substitution cipher, named after Julius Caesar.
• Operation principle: each letter is translated into the letter a fixed number of positions after it in the alphabet table.
• the fixed number of positions is a key both for encryption and decryption.
17
18
The Caesar Cipher (cnt’d)
Outer: plaintext
Inner: ciphertext
19
The Caesar Cipher (cnt’d)
K=3
An Example
• for a key K=3, plaintext letter: ABCDEF...UVWXYZ ciphertext letter: DEF...UVWXYZABC
• Hence TREATY IMPOSSIBLE is translated into WUHDWB LPSRVVLEOH
20
An Exercise
• Using the Caesar cipher to encode the following message under a key K=3 WAR STARTS TOMORROW
21
Another substitution cipher example
22
Transposition Cipher
• It works by changing the location of characters (characters’ permutation).
• A cyclic group defines the permutation with a single key to encrypt, and the same key is used to decrypt the ciphered message.
23
Polyalphabetic Cipher
• Instead of one-to-one mapping (Cesar cipher), one-to-many mapping is used.
• A single letter can have multiple substitutes.
• A tableau is developed (see next slide). This tableau is a series of shift ciphers.
• The key is repeated over the plaintext. Then, using the tableau, the corresponding letter is used.
• The top row is used to look up the plaintext, and the leftmost column is used to reference the keyword.
24
25
Polyalphabetic Cipher Example
• Plaintext: “Ask not what your country can do for you”, key: “rockerrooks”.
• Notice that “A” is encrypted to different letters.
26
Plaintext A S K N O T W H A T Y O U R …
Key R O C K E R R O O K S R O C …
Ciphertext R G M X S K N V O D Q F I T …
• Ciphertext only attack: – The cryptanalyst has an
access to the ciphertext only. Frequency analysis is used to infer the key.
• Known plaintext attack: – The cryptanalyst has an an
access to both plaintext and the corresponding cipher text trying to find the key.
• Chosen plaintext attack: – The cryptanalyst can encrypt
plaintext of his choice and analyze the resulting cipher text.
• Chosen Ciphertext attack: – The cryptanalyst can decrypt
ciphertext of his choice to recover the key.
27
Attacks Against Cryptography
• by trial-and error
• by using statistics on letters – frequency distributions of
letters letter percent A 7.49% B 1.29% C 3.54% D 3.62% E 14.00% ..................................
• with the help of fast computers, 99.99% ciphers used before 1976 are breakable by using one of the 4 types of attacks.
• The first computer designed by Alan Turing was used to break the Enigma cipher in WWII.
28
Breaking the Caesar Cipher
MODERN BLOCK CIPHERS
29
Block Ciphers
• Block ciphers provide the backbone algorithmic technology behind most modern-era ciphers
• It is a series of serial operations (rounds).
• In each round, a chunk of the input data is encrypted and fed to the next round. (chaining)
• Each output block is the same size as the input block.
• Each block uses a subkey permuted (derived) from the original key.
30
Modern Private Key Ciphers
• DES (US, 1977) – key -- 56 bits, plaint/ciphertext -- 64 bits
• IDEA (Lai & Massey, Swiss, 1991) – key -- 128 bits, plaint/ciphertext -- 64 bits
• LOKI (ADFA, Australia, 1989) – key, plaint/ciphertext -- 64 bits
• FEAL (NTT, Japan, 1990) – key -- 128 bits, plaint/ciphertext -- 64 bits
• AES (successor to DES, 2001)
31
• a 56-bit key K is expanded into 16 subkeys, each 48 bits (K1, K2, ..., K16)
• Encryption consists of 16 rounds, each using a different 48-bit subkey
• Both a plaintext & a ciphertext are 64 bits long
• Similar to encryption, except that the order in which the subkeys are used is reversed, namely, (K16, K15, ..., K2, K1)
32
Encryption using DES
DES (Encryption)
64-bit plaintext
56-bit key
64-bit ciphertext
DES (Decryption)
64-bit ciphertext
56-bit key
64-bit plaintext
AES Family – AES-128,AES-192, AES-256
33
AES- 128
128-bit plaintext
128-bit key
128-bit ciphertext
AES- 192
128-bit plaintext
192-bit key
128-bit ciphertext
AES- 256
128-bit plaintext
256-bit key
128-bit ciphertext
Examples
• AES128 – PLAINTEXT: 00112233445566778899aabbccddeeff – KEY: 000102030405060708090a0b0c0d0e0f – CIPHERTEXT: 69c4e0d86a7b0430d8cdb78070b4c55a
• AES256
– PLAINTEXT: 00112233445566778899aabbccddeeff – KEY: 000102030405060708090a0b0c0d0e0f
101112131415161718191a1b1c1d1e1f – CIPHERTEXT: 8ea2b7ca516745bfeafc49904b496089
34
Use of A Private Key Cipher in Practice
4 Modes of Operation
• Electronic Code Book (ECB)
• Cipher Block Chaining (CBC)
• Cipher Feedback Mode (CFB)
• Output Feedback Mode (OFB)
• (Use AES-128 as an example)
36
Electronic Code Book (ECB)
37
E E E E E E E E E E
plaintext (message)
m1 m2 m3 m4 m5 m6 m7 m8 m9 m10
c1 c2 c3 c4 c5 c6 c7 c8 c9 c10
K
ciphertext (scrambled message)
Encryption mi, ci: 128 bits for AES K: 128 bits (or 192, 256 bits)
Electronic Code Book (ECB)
38
D D D D D D D D D D
ciphertext (message)
m1 m2 m3 m4 m5 m6 m7 m8 m9 m10
c1 c2 c3 c4 c5 c6 c7 c8 c9 c10
K
plaintext (original message)
Decryption
Electronic Code Book (ECB)
39
Encryption
Decryption
K
E E E E E E E E E E
plaintext (message)
m1 m2 m3 m4 m5 m6 m7 m8 m9 m10
c1 c2 c3 c4 c5 c6 c7 c8 c9 c10
ciphertext (scrambled message)
K D D D D D D D D D D
ciphertext (message)
m1 m2 m3 m4 m5 m6 m7 m8 m9 m10
c1 c2 c3 c4 c5 c6 c7 c8 c9 c10
plaintext (original message)
Padding
• If the length of a plaintext is not a multiple of 128bits, extra bits (0’s or 1’s) are padded to the end of the original message, so that the last block is 128 bits.
• Padded bits are discarded after decryption.
40
Examples of ECB Mode
• AES128, Encryption, 16 bytes – KEY = 10a58869d74be5a374cf867cfb473859 – PLAINTEXT = 00000000000000000000000000000000 – CIPHERTEXT = 6d251e6944b051e04eaa6fb4dbf78465
• AES256, Decryption, 16 bytes
– KEY = 07eb03a08d291d1b07408bf3512ab40 c91097ac77461aad4bb859647f74f00ee
– CIPHERTEXT = 47cb030da2ab051dfc6c4bf6910d12bb – PLAINTEXT = 00000000000000000000000000000000
41 Source: NIST AES Test Data
ECB, AES128
• Plaintext, 128 X 4 bits – 6bc1bee22e409f96e93d7e117393172a
ae2d8a571e03ac9c9eb76fac45af8e51 30c81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710
• Key, 128 bits – 2b7e151628aed2a6abf7158809cf4f3c
• Ciphertext – 3ad77bb40d7a3660a89ecaf32466ef97
f5d3d58503b9699de785895a96fdbaaf 43b1cd7f598ece23881b00e3ed030688 7b0c785e27e8ad3f8223207104725dd4
42
43
Bit-Wise Exclusive OR (XOR)
0 0 = 0
1 1 = 0
0 1 = 1
1 0 = 1
P 1 0 0 1 0 0 1 0
K 0 1 0 1 1 1 1 1
C 1 1 0 0 1 1 0 1
XOR Table
Useful properties: PKC CKP
In Java, C & C++: C = P ^ K; P = C ^ K;
Cipher Block Chaining (CBC)
44
IV
E
m1
c1
E
m2
c2
E
m3
c3
E
m4
c4
K
Encryption
Cipher Block Chaining (CBC)
45
IV
D
m1
c1
D
m2
c2
D
m3
c3
D
m4
c4
K
Decryption
Cipher Block Chaining (CBC) --- Another way to look at decryption
46
c1
m1
c2
m2
c3
m3
IV
c4
m4
D D D D
K
Decryption
Cipher Block Chaining (CBC)
47
IV
E
m1
c1
E
m2
c2
E
m3
c3
E
m4
c4
K
Encryption
c1
m1
c2
m2
c3
m3
IV
c4
m4
D D D D
K Decryption
CBC, AES256
• Plaintext, 128 X 4 bits – 6bc1bee22e409f96e93d7e117393172a
ae2d8a571e03ac9c9eb76fac45af8e51 30c81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710
• Key, 256 bits – 603deb1015ca71be2b73aef0857d7781
1f352c073b6108d72d9810a30914dff4
• IV, 128 bits – 000102030405060708090a0b0c0d0e0f
• Ciphertext – f58c4c04d6e5f1ba779eabfb5f7bfbd6
9cfc4e967edb808d679f777bc6702c7d 39f23369a9d9bacfa530e26304231461 b2eb05e2c39be9fcda6c19078c6a9d1b
48
Cipher Block Chaining (CBC) with Interleave Factor = 2
49
IV
E
m1
c1
E
m2
c2
E
m3
c3
E
m4
c4
K
Encryption
c0
Agreed values
Cipher Block Chaining (CBC) with Interleave Factor = 2
50
Decryption
IV
D
m1
c1
D
m2
c2
D
m3
c3
D
m4
c4
K
c0
Agreed values
Cipher Block Chaining (CBC) with Interleave Factor = 2
51
IV
E
m1
c1
E
m2
c2
E
m3
c3
E
m4
c4
K
Encryption
c1
m1
c2
m2
c3
m3
IV
c4
m4
D D D D
K Decryption
c0
c0
Higher Order Bits & Lower Order Bits
52
128-bit register/storage
Higher order bits Lower order bits
(Note: in line with Java, C, and C++)
The left The right
b127 b0
Cipher Feedback Mode (CFB)
53
Encryption
mi ci
ki: t higher order bits
t bits t bits
E K
128-bit shift register (to the left by t bits)
…
128-bit register
(1)
(2)
(3)
(4) Copy & Feedback t bits
Blocks, Key & Initial Vector for CFB
• Long data is divided into blocks, each having t bits. Typically, t=8.
• Key & initial vector
– Sender & receiver need to agree on 2 pieces of information beforehand: • key K (has to be kept secret)
• an initial vector for the shift register
– it does NOT have to be kept secret !
– a 128-bit all-0 vector may be chosen
54
Cipher Feedback Mode (CFB)
55
Decryption
ci mi
t bits t bits
E K
128-bit shift register (to the left by t bits)
... (3)
(2)
(1)
ki: t higher order bits
(4) Copy & Feedback t bits
Cipher Feedback Mode (CFB)
56
Encryption
mi ci
ki: t higher order bits
t bits t bits
E K
128-bit shift register (to the left by t bits)
…
128-bit register
(1)
(2)
(3)
(4)
ci mi
t bits t bits
E K
128-bit shift register (to the left by t bits)
... (3)
(2)
(4) (1)
Decryption
ki: t higher order bits
4 Sub-steps in CFB Decryption
• encrypt (with, say, AES)
• XOR
• Shift (to the left/higher order bit positions)
• Feedback (to the lower order bit positions)
57
CFB with t=1, AES128
• Plaintext, 16 bits – 6bc1 (=0110 1011 1100 00012)
• Key, 128 bits – 2b7e151628aed2a6abf7158809cf4f3c
• IV, 128 bits – 000102030405060708090a0b0c0d0e0f
• Ciphertext, 16 bits – 68b3 (=0110 1000 1011 00112)
58
CFB with t=8, AES256
• Plaintext, 18 bytes (=144 bits) – 6bc1bee22e409f96e93d7e117393172aae2d
• Key, 256 bits – 603deb1015ca71be2b73aef0857d7781
1f352c073b6108d72d9810a30914dff4
• IV, 128 bits – 000102030405060708090a0b0c0d0e0f
• Ciphertext, 18 bytes – dc1f1a8520a64d655fcc8ac554844e889700
59
Output Feedback Mode (OFB)
60
Encryption
iiickm
:Note
mi ci
t bits t bits
E K
(2)
(3) Feedback all 128 bits
(1)
ki: t higher order bits
128-bit shift register (initially IV)
Output Feedback Mode (OFB)
61
Decryption
ii
iii
iiiii
mm
kkm
kkmkc
00
)(
)(
:Note
ci mi
t bits t bits
E K
128-bit shift register (initially IV)
(2)
(3) Feedback all 128 bits
(1)
ki: t higher order bits
Output Feedback Mode (OFB)
62
Encryption Decryption
mi ci
t bits t bits
E K
128-bit shift register (initially IV)
(2)
(3) Feedback all 128 bits
(1)
ki: t higher order bits
ci mi
t bits t bits
E K
128-bit shift register (initially IV)
(2)
(3) Feedback all 128 bits
(1)
ki: t higher order bits
OFB, AES128
• Plaintext, 128 x 4 bits – 6bc1bee22e409f96e93d7e117393172a
ae2d8a571e03ac9c9eb76fac45af8e51 30c81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710
• Key, 128 bits – 2b7e151628aed2a6abf7158809cf4f3c
• IV, 128 bits – 000102030405060708090a0b0c0d0e0f
• Ciphertext, 128 x 4 bits – 3b3fd92eb72dad20333449f8e83cfb4a
7789508d16918f03f53c52dac54ed825 9740051e9c5fecf64344f7a82260edcc 304c6528f659c77866a510d9c1d6ae5e
63
OFB, AES192
• Plaintext, 128 x 4 bits – 6bc1bee22e409f96e93d7e117393172a
ae2d8a571e03ac9c9eb76fac45af8e51 30c81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710
• Key, 192 bits – 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b
• IV, 128 bits – 000102030405060708090a0b0c0d0e0f
• Ciphertext, 128 x 4 bits – cdc80d6fddf18cab34c25909c99a4174
fcc28b8d4c63837c09e81700c1100401 8d9a9aeac0f6596f559c6d4daf59a5f2 6d9f200857ca6c3e9cac524bd9acc92a
64
Which Mode to Use ?
• electronic code book (ECB) suffers various potential attacks, including block-replacing attack, it should NOT be used !
• Use one of the other 3 modes
– cipher block chaining (CBC)
– cipher feedback mode (CFB)
– output feedback mode (OFB)
65
Other modes
• Counter mode (CTR)
• Combined modes
– CTR + CFB
– CTR + OFB
– ……
66
Counter Mode (CTR)
67
Encryption
iiickm
:Note
mi ci
t bits t bits
E K
128-bit counter (initialized to 0)
(2)
(3) Increase counter by 1
(1)
ki: t higher order bits
Counter
Counter Mode (CTR)
68
Decryption
iiimkc
:Note
ci mi
t bits t bits
E K
128-bit counter (initialized to 0)
(2)
(3) Increase counter by 1
(1)
ki: t higher order bits
Counter
How Long a Key should Be to Be Secure
• 56 bits (DES) -- too short
• 64 bits -- OK for a few months
• 80 bits -- OK for non-critical applications
• 128 bits -- OK for all applications
• 256 bits – OK for applications requiring the highest level of security
69
How to Get Long Keys
• use ciphers that support long keys:
– IDEA (128 bits)
– AES (128, 192, 256 bits)
• use triple DES
– results in a key of 112 bits • encrypt using K1
• decrypt using K2
• encrypt again using K1
70
Triple DES (~2030) --- Option 1
71
E E D m c
c m
Encrypt
Decrypt
K1
K2
K3
D D E
K1
K2
K3 Source: NIST SP800-67 rev1, 1/2012
Triple DES (~2030) – Option 2
72
E E D m c
K1
K2
D D E c m
K1
K2
Encrypt
Decrypt
ONE-WAY HASH
73
One-Way Hash Algorithm
74
A document (of any length)
A condensed, short, fixed length output (say of 160 bits)
One-Way Hash Algorithm
• a one-way hash algorithm hashes an input document into a condensed short output (say of 160 bits)
• One-wayness – Given an output, it is infeasible for any one to find an
input document which is hashed to that specific output !
• Collision resistance – it is infeasible for any one to find two or more input
documents which are hashed to the same condensed output !
75
Criteria of Hash Functions
• Preimage resistance: – Given a message m and the hash function hash, if the hash
value h = hash(m) is given, it should be hard to find any m such that h = hash(m).
• Second preimage resistance (weak collision resistance): – Given input m1 , it should be hard to find another message m2
such that hash(m1) = hash(m2) and that m1 ≠ m2
• Strong collision resistance: – It ought to be hard to find two messages m1 ≠ m2 such that
hash(m1) = hash(m2).
76
Finding collision is infeasible
77
(same condensed output)
I, Bob, will pay $1,000 to Alice.
I, Bob, will pay $10,000 to Alice.
• Shredding a newspaper into very fine pieces – Pick & keep only 20 random pieces
out of all those fine pieces & burn off the rest
• It’s “1-way” – Infeasible for one to recover the
original newspaper from the 20 fine pieces
• It’s “collision-resistant” – Infeasible for one to find 2
different newspapers that are shredded to the same set of 20 pieces
78
Confetti Shredder as “1-Way Hash”
• SHA Family – SHA-1 (output: 160 bits)
– SHA-224 (output: 224 bits)
– SHA-256 (output: 256 bits)
– SHA-324 (output: 324 bits)
– SHA-512 (output: 512 bits)
• MD5 (broken, should no longer be used)
79
Examples of 1-Way Hashing
SECURE TWO-WAY COMMUNICATION
80
Secure 1-Directional Communication
81
Network or Storage
Plain Text Cipher Text Cipher Text Original Plain Text
Bob
Shared Secret Key
Alice
Shared Secret Key
E D
Secure Bi-Directional Communication
82
Open Network
Plain Text Cipher Text Cipher Text Plain Text
Bob Alice
Pair of Shared Secret Keys: KAB & KBA
Pair of Shared Secret Keys: KAB & KBA
E D
PUBLIC KEY CRYPTOGRAPHY (ASYMMETRIC CRYPTOGRAPHY)
83
Public Key Cryptosystem
84
Plain Text Cipher Text Cipher Text Plain Text
Alice Bob
Secret Key
(for decryption)
Open
Network
Bob’s Public Key
(for encryption)
Public Key Directory
E D
Public Key Encryption/Decryption Process
85
Main Differences with AES
• The public encryption key is different from the secret decryption key.
• Infeasible for an attacker to find out the secret decryption key from the public encryption key.
• No need for Alice & Bob to distribute a shared secret key beforehand !
• Only one pair of public and secret keys is required for each user !
86
Digital Signature
87
S
Message
V
Message
H
256 bits
Bob
Secret
Signing Key
+
H
Cathy
Signature
Accept
if satisfied
1-way hash
Signature
Public Key
signature
generation
algorithm
256 bits
signature
verification
algorithm
Open
Network
Bob’s Public
Verification Key
Public Key Directory
Digital Signature Operations
88
Applications of Digital Signature • Authentication • Non-repudiation • Digital certification • E-Commerce
– Digital certificates for servers, clients & users
• Secure communication • Digital credentials • Certified software applications (apps, drivers, APIs etc) • Digital money • ……
89
• ePassport – an embedded RFID chip that
contains information about the owner
– Digitally signed --- good !
– Data may be encrypted with a key derived from user info --- not secure at all !
• Ref: – ICAO Doc 9303, Machine
Readable Travel Documents
90
Digital Signature in ePassport
e-Passport
symbol
RFID chip and
antenna is embedded
in the cover
Symmetric Key Encryption (summary)
• One Key.
• Pre-distribution of the key is needed.
• Fast.
• Not scalable (you need a key for each sender/receiver).
• Not suitable for broadcasting messages.
91
Asymmetric Key Encryption (summary)
• Two Keys (public and private).
• Pre-distribution of the key is NOT needed.
• Slow.
• Private key can not be derived from public key.
• Scalable (you need one pair of keys for each user).
• Suitable for broadcasting messages.
92
Using Both Symmetric and Asymmetric Crypto
• Symmetric keys are used to encrypt sessions between users (fast).
• Asymmetric keys are used to distribute the symmetric keys (more secure).
93
Public Key Encryption
• Based on Integer Factorization
– RSA
• Based on Discrete Logarithm
– ElGamal
– Diffie-Hellman
• Based on Elliptic Curves
– Elliptic curve Diffie-Hellman
• Based on Lattices
– NTRU
Digital Signature
• Based on Integer Factorization
– RSA signature
• Based on Discrete Logarithm
– Schnorr
– DSS
• Based on Elliptic Curves
– EC-DSS
• Based on Lattices
– NTRU signature
94
Notable Public Key Encryption and Digital Signature
95
Signcryption (signature+encryption)
• Simultaneously provides the functions of
– digital signature
• unforgeability & non-repudiation
– public key encryption
• confidentiality
• with a significantly smaller computational & communication overhead
Cost (signcryption) << Cost (signature) + Cost (encryption)
• Ref:
– ISO/IEC 29150:2011, Information technology -- Security techniques – Signcryption, International Organization for Standardization, 12/2011.
– www.signcryption.org
RSA Algorithm
Public key Cryptography
• Developed to address two issues:
– key distribution – how to have secure communications in general without having to trust a KDC with your own key.
– digital signatures – to verify a message coming intact from the intended sender.
• Uses two keys, private and public key.
97
RSA
• Invented by Rivest, Shamir and Adleman in 1977
• It is based on exponentiation over integers modulo a prime
• It uses large integers (to make it hard to break)
• Its security due to cost of factoring large numbers
98
Prime Numbers
• Prime numbers have only two divisors, 1 and it self.
• It can’t be written as multiplication of other numbers.
• Eg. 2,3,5,7 are prime numbers; 4,6,8,9,10 are
not.
• List of prime numbers less than 100 is: 2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59
61 67 71 73 79 83 89 97
99
Prime Factorization
• Given a number n, factoring n is to write it as multiple of other numbers; n = x * y * z.
• Prime factorization is to write a number n as a product of prime numbers.
• Eg. 91 = 7 * 13
100
Fermat’s Little Theorem
• ap-1 mod p = 1 , where p is prime and gcd(a,p)=1
• In other words, if p is a prime number, and a is any integer, then ap-a is an integer multiple of p
• Eg. a=2, p=7, 27 =128, 128-2=126, 126=7*18, 126 is multiple of 7.
101
Relatively Prime Numbers (Coprimes)
• Two numbers (a and b) are relatively prime if they have no common divisors other than 1 – eg. 8 & 9 are relatively prime since factors of 8 are 1,2,4,8
and factors of 9 are 1,3,9 and 1 is the only common factor
• In other words, relatively prime numbers have a greatest common divisor (GCD) of 1.
102
Euler Totient Function ø(n)
• Is an arithmetic function that calculates the number of relatively prime numbers (<= n) to a given number n.
• Examples: – ø(1) = 0.
– ø(10) = 4 // {1,3,7,9}
– ø(p) = p-1, if p is prime.
– ø(pe) = pe - pe-1 , if p is prime.
– ø(m*n) = ø(m) * ø(n), if m and n are coprimes
103
RSA Key Generation
1. choose two distinct prime numbers, p and q
2. compute n = p*q.
3. find ø(n) = ø(p) * ø(q) = (p-1)*(q-1).
4. Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1 – e is the public key
5. calculate d as d*e ≡ 1 (mod φ(n)) – d is the private key
104
RSA Example
1. Select primes: p=17 & q=11
2. Compute n = pq =17×11=187
3. Compute ø(n)=(p–1)(q-1)=16×10=160
4. Select e : gcd(e,160)=1; choose e=7
5. Determine d: d*e=1 mod 160 and d < 160 Value is d=23 since 23×7=161= 10×160+1
6. Publish public key{7,187}
7. Keep secret private key{23,17,11}
105
RSA Example cont
• sample RSA encryption/decryption is:
• given message M = 88
• encryption:
C = 887 mod 187 = 11
• decryption:
M = 1123 mod 187 = 88
106