Information Security

Public Key Cryptography and RSA

Private-Key Cryptography
 traditional private/secret/single key
cryptography uses one key
 shared by both sender and receiver
 if this key is disclosed communications are
compromised
 also is symmetric, parties are equal and hence
does not protect sender from receiver forging
a message & claiming is sent by sender

2
Public-Key Cryptography
 probably most significant advance in the 3000
year history of cryptography
 uses two keys – a public & a private key
 asymmetric since parties are not equal
 plaintext and ciphertext are treated as integers
 complements rather than replaces private key
cryptography

3
Public-Key Cryptography

C = f (Kpublic , P) P = g(Kprivate , C)

4
Misconceptions Concerning
Public-Key Encryption
 Public-key encryption is more secure from
cryptanalysis than symmetric encryption
 There is nothing in principle about either symmetric or
public-key encryption that makes one superior to
another for resisting cryptanalysis
 Public-key encryption is a general-purpose
technique that has made symmetric encryption
obsolete
 Both complement each other. In fact, because of the
computational overhead of current public-key
encryption schemes, there seems no foreseeable
likelihood that symmetric encryption will be abandoned
5
Public-Key Cryptography
 public-key/two-key/asymmetric cryptography
involves the use of two keys:
 a public-key, can be used to encrypt messages, and
verify signatures
 a private-key, used to decrypt messages, and sign
(create) signatures
 is asymmetric because
 those who encrypt messages or verify signatures
cannot decrypt messages or create signatures

6
Senarios
 Sender encrypts using public key of receiver and
receiver decrypts using his own private key.
Confidentiality is provided since no one else can
decrypt the message (Private key is not
accessible)
 Sender encrypts using his own private key and
receiver decrypts using the senders public key.
Authentication is provided since no other user
can encrypt the message other than the legitimate
sender (His private key is owned by him only)
7
Public-Key Cryptosystem: Secrecy

8
Public-Key Cryptosystem: Secrecy

9
Public-Key Cryptosystem:
Authentication

10
Public-Key Cryptosystem:
Authentication

11
Public-Key Cryptosystem:
Authentication and Secrecy

12
Public-Key Applications
 Public-key cryptosystems can be classified into
3 categories:
 Encryption/decryption (provide secrecy)
 Digital signatures (provide authentication)
 Key exchange (of session keys)
 Some algorithms are suitable for all uses,
others are specific to one

13
Public-Key Requirements
 Conditions that these algorithms must fulfil:
 it is computationally infeasible to find decryption
key knowing only algorithm & encryption key
 it is computationally easy to en/decrypt messages
when the relevant (en/decrypt) key is known
 either of the two related keys can be used for
encryption, with the other used for decryption (for
some algorithms)
 These are formidable requirements which only
a few algorithms have satisfied
14
Security of Public Key Schemes
 like private key schemes brute force exhaustive
search attack is always theoretically possible
 but keys used are too large (>512bits)
 security relies on a large enough difference in
difficulty between easy (en/decrypt) and hard
(cryptanalyse) problems
 more generally the hard problem is known, its just
made too hard to do in practise
 requires the use of very large numbers
 hence is slow compared to private key schemes

15
Modular Arithmetic and Prime
Numbers
Modular Arithmetic

17
Remainder of a Large Number

18
Prime Numbers
 Prime numbers only have divisors of 1 and self
 They cannot be written as a product of other
numbers
 Note 1 is a non prime number

 List of prime number less than 200 is:

02 03 05 07 11 13 17 19 23 29 31
37 41 43 47 53 59 61 67 71 73 79
83 89 97 101 103 107 109 113 127 131 137
139 149 151 157 163 167 173 179 181 191 193
197 199

19
Relatively Prime Numbers
 Two numbers a and b are relatively prime if
have no common divisors apart from 1 i.e.
gcd(a,b) = 1

 e.g. 8 & 15 are relatively prime since factors of 8 are

1,2,4,8 and of 15 are 1,3,5,15 and 1 is the only
common factor

20
Multiplicative Inverse
 Using extended Euclidean algorithm to find
multiplicative inverse

21
Example
 Find the multiplicative inverse of 11 in Z26.

The gcd (26, 11) is 1; the inverse of 11 is -7 or 19.

22
 RSA Algorithm

Rivest-Shamir-Adleman
RSA
 Developed in 1977 at MIT by Ron Rivest, Adi
Shamir & Len Adleman
 Most widely used general-purpose approach to
public-key encryption
 Is a cipher in which the plaintext and
ciphertext are integers between 0 and n – 1
for some n
 A typical size for n is 1024 bits, or 309 decimal
digits

24
RSA Algorithm
 RSA makes use of an expression with exponentials
 Plaintext is encrypted in blocks with each block having
a binary value less than some number n
 Encryption and decryption are of the following form,
for some plaintext block M and ciphertext block C
C = Me mod n
M = Cd mod n = (Me)d mod n = Med mod n
 Both sender and receiver must know the value of n
 The sender knows the value of e, and only the receiver
knows the value of d
 This is a public-key encryption algorithm with a public
key of PU={e,n} and a private key of PR={d,n} 25
RSA Key Setup
 each user generates a public/private key pair by:
 selecting two large primes at random – p,q
 computing their system modulus
 n=p.q and ø(n)=(p-1)(q-1)
 selecting at random the encryption key e
 where 1<e<ø(n), gcd(e,ø(n))=1
 solve following equation to find decryption key d
 e.d = 1 mod ø(n) and 0≤d≤n
 publish their public encryption key: PU={e,n}
 keep secret private decryption key: PR={d,n}

26
RSA Use
 to encrypt a message M the sender:
 obtains public key of recipient PU={e,n}
 computes: C = Me mod n, where 0≤M<n
 to decrypt the ciphertext C the owner:
 uses their private key PR={d,p,q}
 computes: M = Cd mod n
 note that the message M must be smaller than
the modulus n (block if needed)

27
RSA Example
1. Select primes: p=17 & q=11
2. Compute n = pq = 17×11 = 187
3. Compute ø(n)=(p–1)(q-1)=16×10=160
4. Select e : gcd(e,160)=1; choose e=7
5. Determine d: e.d=1(mod 160) and d < 160
Value is d=23 since 23×7=161= 10×160+1
6. Publish public key PU={7,187}
7. Keep secret private key PR={23,17,11}

28
RSA Example
 sample RSA encryption/decryption is:
 given message M = 88 (nb. 88<187)

29
Exponentiation
 can use the Square and Multiply Algorithm
 a fast, efficient algorithm for exponentiation
 concept is based on repeatedly squaring base
 and multiplying in the ones that are needed to
compute the result
 look at binary representation of exponent
 only takes O(log2 n) multiples for number n
 eg. 75 = 74.71 = 3.7 = 10 mod 11
 eg. 3129 = 3128.31 = 5.3 = 4 mod 11

30
RSA Key Generation
 users of RSA must:
 determine two primes at random - p, q
 select either e or d and compute the other
 primes p,q must not be easily derived from
modulus n=p.q
 means must be sufficiently large
 typically guess and use probabilistic test
 exponents e, d are inverses, so use Inverse
algorithm to compute the other

31
Efficient Operation Using the Public
Key
 To speed up the operation of the RSA
algorithm using the public key, a specific choice
of e is usually made
 The most common choice is 65537 (216 + 1)
 Two other popular choices are e=3 and e=17
 Each of these choices has only two “1” bits, so the
number of multiplications required to perform
exponentiation is minimized
 With a very small public key, such as e = 3, RSA
becomes vulnerable to a simple attack
Timing Attacks
 Paul Kocher, a cryptographic consultant,
demonstrated that a snooper can determine a
private key by keeping track of how long a
computer takes to decipher messages
 Are applicable not just to RSA but to other
public-key cryptography systems
 Are alarming for two reasons:
 It comes from a completely unexpected direction
 It is a ciphertext-only attack
Countermeasures
 Constant exponentiation time
 Ensure that all exponentiations take the same amount
of time before returning a result; this is a simple fix but
does degrade performance
 Random delay
 Better performance could be achieved by adding a
random delay to the exponentiation algorithm to
confuse the timing attack
 Blinding
 Multiply the ciphertext by a random number before
performing exponentiation; this process prevents the
attacker from knowing what ciphertext bits are being
processed inside the computer and therefore prevents
the bit-by-bit analysis essential to the timing attack
34
Summary

 Principles of public-key cryptography

 RSA algorithm

35