Data Security and Encryption
(CSE348)
1
Revision
Lectures 16-30
2
RSA
Ø
Ø
Ø
Ø
RSA is the best known, and by far the most widely
used general public key encryption algorithm
First published by Rivest, Shamir & Adleman of
MIT in 1978 [RIVE78]
The Rivest-Shamir-Adleman (RSA) scheme has
since that time ruled supreme as the most widely
accepted
Implemented general-purpose approach
to public3
RSA
Ø
Ø
It is based on exponentiation in a finite (Galois)
field over integers modulo a prime, using large
integers (eg. 1024 bits)
Its security is due to the cost of factoring large
numbers
4
RSA
Ø
By Rivest, Shamir & Adleman of MIT in 1977
Ø
Best known & widely used public-key scheme
Ø
based on exponentiation in a finite (Galois) field
over integers modulo a prime
l nb.
exponentiation takes O((log n)3) operations (easy)
Ø
Uses large integers (eg. 1024 bits)
Ø
Security due to cost of factoring large numbers
l nb.
factorization takes O(e log n log log n) operations
(hard)
5
RSA En/decryption
•
•
•
•
The scheme developed by Rivest, Shamir, and
Adleman makes use of an expression with
exponentials
Plaintext is encrypted in blocks
with each block having a binary value less than
some number n
The actual RSA encryption and decryption
computations are each simply a single
exponentiation mod (n)
6
RSA En/decryption
•
•
•
•
•
Both sender and receiver must know the value
of n
The sender knows the value of e, and only the
receiver knows the value of d
Thus, this is a public-key encryption algorithm
with a public key of PU = {e, n} and a private key
of PR = {d, n}
The message must be smaller than the modulus
The “magic” is in the choice of the modulus and
exponents which makes the system work
7
RSA En/decryption
•
•
•
To encrypt a message M the sender:
–
obtains public key of recipient PU={e,n}
–
computes: C = Me mod n, where 0≤M
To decrypt the ciphertext C the owner:
–
uses their private key PR={d,n}
–
computes: M = Cd mod n
The message M must be smaller than the
modulus n (block if needed)
8
Diffie-Hellman Key Exchange
ØPublic-key
cryptography systems (PKCSs)
ØBegins
with a description of one of the earliest
and simplest PKCS
ØDiffie-Hellman
key exchange
ØThis
first published public-key algorithm
appeared in the seminal paper by Diffie and
Hellman
9
Diffie-Hellman Key Exchange
ØThat
defined public-key cryptography [DIFF76b]
ØAnd
is generally referred to as Diffie-Hellman key
exchange
ØThe
concept had been previously described in a
classified report in 1970 by Williamson (UK
CESG)
ØAnd
subsequently declassified in 1987, see
[ELLI99]
10
Diffie-Hellman Key Exchange
ØThe
purpose of the algorithm is to enable two
users to securely exchange a key
ØThat
can then be used for subsequent encryption
of messages
ØThe
algorithm itself is limited to the exchange of
secret values
ØA number
of commercial products employ this
key exchange technique
11
Diffie-Hellman Key Exchange
ØFirst
public-key type scheme proposed
ØBy
Diffie & Hellman in 1976 along with the
exposition of public key concepts
l
now know that Williamson (UK CESG)
secretly proposed the concept in 1970
ØPractical
method for public exchange of a secret
key
ØUsed
in a number of commercial products
12
Diffie-Hellman Key Exchange
ØThe
purpose of the algorithm is to enable two
users to securely exchange a key
ØThat
can then be used for subsequent encryption
of messages
ØThe
algorithm itself is limited to the exchange of
secret values
ØWhich
depends on the value of the public/private
keys of the participants
13
Diffie-Hellman Key Exchange
ØDiffie-Hellman
algorithm uses exponentiation in a
finite (Galois) field (modulo a prime or a
polynomial)
ØAnd
depends for its effectiveness on the difficulty
of computing discrete logarithms
14
Diffie-Hellman Key Exchange
ØA public-key
distribution scheme
l cannot be used to exchange an arbitrary
message
l rather it can establish a common key
l
known only to the two participants
ØValue
of key depends on the participants
Øand their private and public key information
15
Diffie-Hellman Key Exchange
ØBased
on exponentiation in a finite (Galois) field
(modulo a prime or a polynomial) - easy
ØSecurity
relies on the difficulty of computing
discrete logarithms (similar to factoring) – hard
16
Man-in-the-Middle Attack
Ø
Darth prepares by creating two private / public
keys
Ø
Alice transmits her public key to Bob
Ø
Darth intercepts this and transmits his first public
key to Bob
Ø
Darth also calculates a shared key with Alice
Ø
Bob receives the public key and calculates the
shared key (with Darth instead of Alice)
17
Man-in-the-Middle Attack
Ø
Bob transmits his public key to Alice
Ø
Darth intercepts this and transmits his second
public key to Alice
Ø
Darth calculates a shared key with Bob
Ø
Alice receives the key and calculates the shared
key (with Darth instead of Bob)
Ø
Darth can then intercept, decrypt, re-encrypt,
forward all messages between Alice &18Bob
ElGamal Cryptography
ØIn
1984, T. Elgamal announced a public-key
scheme based on discrete logarithms
ØClosely
related to the Diffie-Hellman technique
[ELGA84, ELGA85]
ØThe
ElGamal cryptosystem is used in some form in
a number of standards
ØIncluding
the digital signature standard (DSS) and
the S/MIME email standard
19
ElGamal Cryptography
ØAs
with Diffie-Hellman, the global elements of
ElGamal are a prime number q and a
ØWhich
is a primitive root of q
20
ElGamal Cryptography
ØUser A generates
a private/public key pair as shown
ØThe
security of ElGamal is based on the difficulty of
computing discrete logarithms
ØTo
recover either x given y, or k given K
21
ElGamal Cryptography
ØPublic-key
ØUses
cryptosystem related to D-H
exponentiation in a finite field
ØWith
security based difficulty of computing discrete
logarithms, as in D-H
ØEach
user (eg. A) generates their key
l chooses a secret key (number): 1 < xA < q-1
l
compute their public key: yA = axA mod q
22
ElGamal Message Exchange
ØAny
user B that has access to A's public key can
encrypt a message as shown
ØThese
steps correspond to Figure 9.1a in that
Alice generates a public/private key pair
ØBob
encrypts using Alice's public key; and Alice
decrypts using her private key
ØSee
text for details of why these steps result in M
being recovered
23
ElGamal Message Exchange
24
ElGamal Message Exchange
ØK
functions as a one-time key, used to encrypt
and decrypt the message
ØIf
a message must be broken up into blocks and
sent as a sequence of encrypted blocks, a
unique value of k should be used for each
block
ØIf
k is used for more than one block, knowledge
of one block m of the message enables the
user to compute other blocks
25