Security tutorial

NETW1002
SYMMETRIC CRYPTOGRAPHY
• Encryption and Decryption with the same key
• Sender (𝐴) and Receiver (𝐵) have to agree on the key somehow
ASSYMMETRIC CRYPTOGRAPHY
• Encryption and Decryption with different keys
• Sender does not know the decryption key
ASSYMMETRIC CRYPTOGRAPHY
• PROCEDURE:
• 𝐵 (receiver) generates 2 keys {𝐾𝑢 , 𝐾𝑟}
• 𝐾𝑢 is made public to anyone, while 𝐾𝑟 is kept private.
• 𝐴 can use 𝐾𝑢 for encrypting messages sent to 𝐵.
• Only 𝐵 can decrypt messages using 𝐾𝑟 .
• Notes:
• {𝐾𝑢 , 𝐾𝑟 } should be chosen to reverse the effect of each other.
• Knowing 𝐾𝑢, it should be “hard” to compute 𝐾𝑟 for anyone except 𝐵.
Uses of Asymmetric cryptography
• Encryption:
• 𝐴 encrypts a message using 𝐵’s public key 𝐾𝑢𝑏 and sends it to 𝐵.
𝑐 = 𝑒𝑘𝑢𝑏 (𝑚)
• 𝐵 decrypts the message using its private key 𝐾𝑟𝑏 .
𝑚 = 𝑑𝑘𝑟𝑏 (𝑐)

• Signatures
• 𝐵 encrypts a message with its private key 𝐾𝑟𝑏 and sends it to 𝐴.
𝑐 = 𝑒𝑘𝑟𝑏 (𝑚)
• 𝐴 can decrypt the message using 𝐵’s public key 𝐾𝑢𝑏 .
𝑚 = 𝑑𝑘𝑢𝑏 (𝑐)
• If 𝐴 does not obtain 𝑚 again, then the message was not from 𝐵.
RSA – cryptosystem - Idea
• Recall Euler’s Theorem:
• 𝑔𝑥𝑚𝑜𝑑 𝑛 = 𝑔𝑥 𝑚𝑜𝑑 𝜙(𝑛) 𝑚𝑜𝑑 𝑛
• ◦ 𝑔𝑥𝑚𝑜𝑑 𝑛 = 𝑔 𝑚𝑜𝑑 𝑛, if 𝑥 𝑚𝑜𝑑 𝜙(𝑛) =1
• Encryption of a message 𝑚
• Compute c = 𝑚𝑒𝑚𝑜𝑑 𝑛
• Decryption
• Compute 𝑚′ = 𝑐𝑑𝑚𝑜𝑑 𝑛
• 𝑚′ = 𝑚𝑒∗𝑑 𝑚𝑜𝑑 𝑛
• {𝑒, 𝑑} are chosen such that (𝑒 ∗ 𝑑) 𝑚𝑜𝑑 𝜙 𝑛 = 1
• ∴ 𝑚′ = 𝑚
RSA – Keys Generation
• Steps:
1. Choose two primes (𝑝, 𝑞)
2. Compute 𝑛 = 𝑝 ∗ 𝑞
3. Compute 𝜙(n) = (𝑝 − 1)∗(𝑞 − 1)
4. Choose 𝑒 relatively prime to 𝜙(𝑛) (Why? To compute inverse)
5. Compute 𝑑 as 𝑒−1 𝑚𝑜𝑑 𝜙(𝑛) (How? Extended euclid)
• 𝑒 is made public (𝐾𝑢 = {𝑛, 𝑒})
• 𝑑 is kept private (𝐾𝑟 = 𝑑)
• The security of RSA depends on 𝜙(𝑛) being secret.
RSA Example
• Steps:
1. Choose 𝑝, 𝑞 ⇒ 𝑝 = 3, 𝑞 = 11
2. Compute 𝑛 = 𝑝 ∗ 𝑞 = 33
3. Compute 𝜙(𝑛)= 2 ∗ 10 = 20
4. Choose 𝑒 relatively prime to 𝜙(𝑛) ⇒ 𝑒 = 3
5. Compute 𝑑 as 𝑒−1 𝑚𝑜𝑑 𝜙(𝑛) ⇒ 𝑑 = (3−1)𝑚𝑜𝑑 20 = 7

• We want to encrypt 𝑚 = 6
𝑐 =63 𝑚𝑜𝑑 33 = 18
• To decrypt 𝑐
• 𝑚′ = 187 𝑚𝑜𝑑 33 = 6 = 𝑚
Question 1
• In RSA, assume an agent A chooses 𝑝 = 5 and 𝑞 =11 and the public
key 𝑒 = 13, compute the encryption of 𝑚 = 40, and the signature of
A over 𝑚.
• Solution:
𝑛 = 5 ∗ 11 = 55
𝜙(𝑛) = 4 ∗ 10 = 40
𝑑 = 𝑒−1𝑚𝑜𝑑 40 = 37
Encryption = 𝑚𝑒 𝑚𝑜𝑑 𝑛 = 4013 𝑚𝑜𝑑 55
Signature = 𝑚d 𝑚𝑜𝑑 𝑛 = 4037 𝑚𝑜𝑑 55
Question 6
• In a public-key system using RSA, you intercept the ciphertext 𝑐=10
sent to a user whose public key is 𝑒 = 5, 𝑛 = 35. What is the
plaintext 𝑚?
• Solution:
𝑛 = 35 = 5 ∗ 7
𝜙 (𝑛) = 4 ∗ 6 = 24
𝑑 = 𝑒−1 𝑚𝑜𝑑 𝜙(𝑛) = 5−1𝑚𝑜𝑑 24 = 5
𝑚 = 𝑐𝑑 𝑚𝑜𝑑 𝑛 = 105 𝑚𝑜𝑑 35 = 5
Question 3:
• Suppose Bob has an RSA cryptosystem with modulus 𝑛 and encryption key 𝑏1, and
Charlie has an RSA cryptosystem with (the same) modulus 𝑛 and encryption key 𝑏2.
Suppose also that gcd(𝑏1, 𝑏2)=1. Now, consider the situation that arises if Alice
encrypts the same plaintext 𝑥 to send to both Bob and Charlie. Thus, she computes 𝑦1
= 𝑥b1 𝑚𝑜𝑑 𝑛 and 𝑦2 = 𝑥b2 𝑚𝑜𝑑 𝑛, and then she sends 𝑦1 to Bob and 𝑦2 to Charlie.
Suppose Oscar intercepts 𝑦1 and 𝑦2, and performs the computations below:
𝑐1 = 𝑏1−1𝑚𝑜𝑑 𝑏2
𝑐2 = (𝑐1𝑏1 − 1) /𝑏2
𝑐1 𝑐 2 −1
𝑥1 = 𝑦 ∗ (𝑦 ) 𝑚𝑜𝑑 𝑛
• Prove that 𝑥1 is 𝑥.
Solution:
(3) ⇒ 𝑥1 = 𝑦1c1 ∗ (𝑦2c2)-1
• 𝑥1 = y1c1 ∗ 𝑦2-c2
• 𝑥1 = (𝑥 b1)c1 ∗ (𝑥 b2)-c2
• 𝑥1 = 𝑥 b1 * c1 – b2*c2
(2) ⇒ 𝑐2 = (𝑐1𝑏1 − 1)/𝑏2
• 𝑐1 ∗ 𝑏1− 1 = 𝑐2 ∗ 𝑏2
• 𝑏1 ∗ 𝑐 1 − 𝑏2 ∗ 𝑐 2 = 1
• 𝑥1 = 𝑥1 = 𝑥
Steps Performed by Oscar;
1. C1 = b1-1 mod b2
2. C2 = (c1b1 - 1)/b2
3. 𝑥 1 = y1c1 ∗ (y2c2)-1 mod n
To prove that 𝒄𝟐 is an integer
1. (1) ⇒ 𝑐1 = 𝑏1−1𝑚𝑜𝑑 𝑏2
2. 𝑐1 ∗ 𝑏1 = 1 𝑚𝑜𝑑 𝑏2
3. 𝑐1 ∗ 𝑏1 = 𝑘 ∗ 𝑏2 + 1
4. (𝑐1 ∗ 𝑏1 − 1)/ 𝑏2 = 𝑘
5. (2) ⇒ 𝑐2 = 𝑘
Question 4
• Suppose we have a set of blocks encoded with the RSA algorithm
and we don't have the private key. Assume 𝑛 =𝑝∗𝑞,and 𝑒 is the public
key. Suppose also someone tells us they know one of the plaintext
blocks 𝑚 has a common factor with 𝑛. Does this help us in any way?
Solution:
∵ 𝑛 = 𝑝 ∗ 𝑞 and (𝑝,𝑞) are primes,
• The common factor between 𝑚 and 𝑛 is either 𝑝 or 𝑞.
To get the common factor, find gcd 𝑚, 𝑛 using Euclid Algorithm.
• Knowing the factor, we now know both 𝑝 and 𝑞
Calculate 𝜙(𝑛) = (𝑝 − 1) ∗ (𝑞 − 1)
We can calculate 𝑑 = 𝑒−1𝑚𝑜𝑑 𝜙(𝑛) using Extended Euclid Alg.
Question 5:
• Suppose Bob uses the RSA cryptosystem with a very large modulus
𝑛 for which the factorization cannot be found in a reasonable amount
of time. Suppose Alice sends a message to Bob by representing
each alphabetic character as an integer between 0 and 25, i.e., 𝐴 =
0, 𝑍 = 25, and then encrypting each number separately using RSA
with large 𝑒 and large 𝑛. Is this method secure? If not, describe the
most efficient attack against this encryption method.
Solution:
• Only 26 plain texts possible
• 𝒎 = {𝟎,𝟏,𝟐,..,𝟐𝟓}
• Intruder can encrypt all possible values of 𝑚.
• 𝒄𝒊 = 𝒎𝒊 𝒆 𝒎𝒐𝒅 𝒏, 𝐢 ∈ [𝟎, 𝟐𝟓]
• Store the encryptions in a table
Question 2:
• In RSA, can we have situation where 𝑒𝑘(𝑒𝑘(𝑥)) = 𝑥? When does this happen?
Demonstrate by a simple example.
Solution:
• 𝑒𝑘(𝑒𝑘(𝑥)) = 𝑥
• 𝑥𝑒∗𝑒𝑚𝑜𝑑 𝑛 = 𝑥
• 𝑒 ∗ 𝑒 𝑚𝑜𝑑 𝜙(𝑛) = 1
• 𝑒 = 𝑒−1𝑚𝑜𝑑 𝜙(𝑛)
• Example:
• 𝑝 = 5, 𝑞 = 7 ⇒ 𝑛 = 35, 𝜙(𝑛) = 24
• 𝑒=5
• 𝑒−1 𝑚𝑜𝑑 24 = 5−1𝑚𝑜𝑑 24 = 5 = 𝑒