Cryptography and System Security

by William Stallings
Lecture slides by Pranali Patil

Prepared By: Pranali Patil

Private-Key Cryptography
 traditional private/secret/single key cryptography uses one key
 Key is shared by both sender and receiver
 if the key is disclosed communications are compromised
 also known as symmetric, both parties are equal
 hence does not protect sender from receiver forging a message & claiming is
sent by sender

Prepared By: Pranali Patil

Public-Key Cryptography
 probably most significant advance in the 3000 year history of
cryptography
 uses two keys – a public key and a private key
 asymmetric since parties are not equal
 uses clever application of number theory concepts to function
 complements rather than replaces private key cryptography

Prepared By: Pranali Patil

Public-Key Cryptography
 public-key/two-key/asymmetric cryptography involves the use of
two keys:
 a public-key, which may be known by anybody, and can be used to encrypt
messages, and verify signatures

 a private-key, known only to the recipient, used to decrypt messages, and

sign (create) signatures

 is asymmetric because
 those who encrypt messages or verify signatures cannot decrypt messages or
create signatures

Prepared By: Pranali Patil

Public-Key Cryptography

Prepared By: Pranali Patil

Public-Key Characteristics
 Public-Key algorithms rely on two keys with the characteristics that it is:
 computationally infeasible to find decryption key knowing only algorithm &
encryption key
 computationally easy to en/decrypt messages when the relevant (en/decrypt)
key is known
 either of the two related keys can be used for encryption, with the other used
for decryption (in some schemes)

Prepared By: Pranali Patil

Public-Key Applications
 can classify uses into 3 categories:
 encryption/decryption (provide secrecy)
 digital signatures (provide authentication)
 key exchange (Security)
 some algorithms are suitable for all uses, others are specific to one

Prepared By: Pranali Patil

 Security of Public Key Schemes
 like private key schemes brute force exhaustive search attack is
always theoretically possible
 but keys used are too large (>512bits)
 security relies on a large enough difference in difficulty between easy
(en/decrypt) and hard (cryptanalyse) problems
 more generally the hard problem is known, its just made too hard to
do in practise
 requires the use of very large numbers
 hence is slow compared to private key schemes

Prepared By: Pranali Patil

RSA Algorithm
 by Rivest, Shamir & Adleman of MIT in 1977
 best known & widely used public-key scheme
 based on exponentiation in a finite (Galois) field over integers modulo a
prime
 nb. exponentiation takes O((log n)3) operations (easy)
 uses large integers (eg. 1024 bits)
 security due to cost of factoring large numbers

Prepared By: Pranali Patil

Prepared By: Pranali Patil
Prepared By: Pranali Patil
RSA Key Algorithm
 each user generates a public/private key pair by:
 selecting two large primes at random - p, q
 computing their system modulus n =p.q
 Calculate ø(n)=(p-1)(q-1)
 selecting at random the encryption key e
gcd (e, ø(n))=1
• solve following equation to find decryption key d
d * e mod ø(n) = 1
 publish their public encryption key: KU={e,n}
 keep secret private decryption key: KR={d,p,q}

Prepared By: Pranali Patil

Prepared By: Pranali Patil
Prepared By: Pranali Patil
RSA Use
 to encrypt a message M the sender:
 obtains public key of recipient KU={e,N}
 computes: C=Me mod N, where 0≤M<N
 to decrypt the ciphertext C the owner:
 uses their private key KR={d,p,q}
 computes: M=Cd mod N
 note that the message M must be smaller than the modulus N (block if
needed)

Prepared By: Pranali Patil

Why RSA Works
 because of Euler's Theorem:
 aø(n)mod N = 1
 where gcd(a,N)=1
 in RSA have:
 N=p.q
 ø(N)=(p-1)(q-1)
 carefully chosen e & d to be inverses mod ø(N)
 hence e.d=1+k.ø(N) for some k
 hence :
Cd = (Me)d = M1+k.ø(N) = M1.(Mø(N))q = M1.(1)q = M1 = M mod N

Prepared By: Pranali Patil

Prepared By: Pranali Patil
Steps to generate public key (e, n) & private key (d, n)

Prepared By: Pranali Patil

How to find GCD with 1
60= 1 * 2 * 2 * 3 * 5
3= 1 * 3
5=1 * 5
7= 1*7

Prepared By: Pranali Patil

Prepared By: Pranali Patil
Prepared By: Pranali Patil
RSA Example
1. Select primes: p=3 & q=11

Prepared By: Pranali Patil

RSA Example
1. Select primes: p=3 & q=11
2. Compute n = p * q =3×11=33

Prepared By: Pranali Patil

RSA Example
1. Select primes: p=3 & q=11
2. Compute n = pq =3×11=33
3. Compute ø(n)=(p–1)(q-1)=2×10=20

Prepared By: Pranali Patil

RSA Example
1. Select primes: p=3 & q=11
2. Compute n = pq =3×11=33
3. Compute ø(n)=(p–1)(q-1)=2×10=20
4. Select e : gcd(e,20)=1; choose e

Prepared By: Pranali Patil

RSA Example
1. Select primes: p=3 & q=11
2. Compute n = pq =3×11=33
3. Compute ø(n)=(p–1)(q-1)=2×10=20
4. Select e : gcd(e,20)=1; choose e=3

Prepared By: Pranali Patil

RSA Example
1. Select primes: p=3 & q=11
2. Compute n = pq =3×11=33
3. Compute ø(n)=(p–1)(q-1)=2×10=20
4. Select e : gcd(e,20)=1; choose e=3
3=1*3
20= 1*2*2*5

Prepared By: Pranali Patil

RSA Example
1. Select primes: p=3 & q=11
2. Compute n = pq =3×11=33
3. Compute ø(n)=(p–1)(q-1)=2×10=20
4. Select e : gcd(e,20)=1; choose e=3
3=1*3
20= 1*2*2*5

Prepared By: Pranali Patil

RSA Example
1. Select primes: p=3 & q=11
2. Compute n = pq =3×11=33
3. Compute ø(n)=(p–1)(q-1)=2×10=20
4. Select e : gcd(e,20)=1; choose e=3
5. Determine d: de=1 mod 20 and d < 20 Value
i=1 to 9
d =((ø(n)*i)+1)/e
((20 * i))+1/3= ((20*1)+1)/3= 7

Prepared By: Pranali Patil

RSA Example
1. Select primes: p=3 & q=11
2. Compute n = pq =3×11=33
3. Compute ø(n)=(p–1)(q-1)=2×10=20
4. Select e : gcd(e,20)=1; choose e=3
5. Determine d: de=1 mod 20 and d < 20 Value is d=7
6. Publish public key KU={3,33}
7. Keep secret private key KR={7,3,11}

Prepared By: Pranali Patil

RSA Example cont
 sample RSA encryption/decryption is:
 given message M = 00111011
 M=59
 encryption:
C = 593 mod 33 = 20
 decryption:
M = 207 mod 33 = 59

Prepared By: Pranali Patil

RSA Example
1. Select primes: p=7 & q=17
2. Compute n = pq =7×17=119
3. Compute ø(n)=(p–1)(q-1)=6×16=96
4. Select e : gcd(e,96)=1; choose e=5
5. Determine d: de=1 mod 96 and d < 96
6. Value is d=77 since
7. Publish public key KU={5,119}
8. Keep secret private key KR={77,119}

Prepared By: Pranali Patil

160= 16 * 10= 1*2 *2*2*2*2*5
(e,n)
User A as (7,119)
Calculate ø(n) and d
M=10
p, q,

Prepared By: Pranali Patil

RSA Example cont
 sample RSA encryption/decryption is:
 given message M = 88 (nb. 88<187)
 encryption:
C = 887 mod 187 = 11
 decryption:
M = 1123 mod 187 = 88

Prepared By: Pranali Patil

Exponentiation
 can use the Square and Multiply Algorithm
 a fast, efficient algorithm for exponentiation
 concept is based on repeatedly squaring base
 and multiplying in the ones that are needed to compute the result
 look at binary representation of exponent
 only takes O(log2 n) multiples for number n
 eg. 75 = 74.71 = 3.7 = 10 mod 11
 eg. 3129 = 3128.31 = 5.3 = 4 mod 11

Prepared By: Pranali Patil

Exponentiation

Prepared By: Pranali Patil

RSA Key Generation
 users of RSA must:
 determine two primes at random - p, q
 select either e or d and compute the other
 primes p,q must not be easily derived from modulus N=p.q
 means must be sufficiently large
 typically guess and use probabilistic test
 exponents e, d are inverses, so use Inverse algorithm to compute the
other

Prepared By: Pranali Patil

RSA Security
 three approaches to attacking RSA:
 brute force key search (infeasible given size of numbers)
 mathematical attacks (based on difficulty of computing ø(N), by factoring
modulus N)
 timing attacks (on running of decryption)

Prepared By: Pranali Patil

Factoring Problem
 mathematical approach takes 3 forms:
 factor N=p.q, hence find ø(N) and then d
 determine ø(N) directly and find d
 find d directly
 currently believe all equivalent to factoring
 have seen slow improvements over the years
 as of Aug-99 best is 130 decimal digits (512) bit with GNFS

 biggest improvement comes from improved algorithm

 cf “Quadratic Sieve” to “Generalized Number Field Sieve”

 barring dramatic breakthrough 1024+ bit RSA secure

 ensure p, q of similar size and matching other constraints

Prepared By: Pranali Patil

Timing Attacks
 developed in mid-1990’s
 exploit timing variations in operations
 eg. multiplying by small vs large number
 or IF's varying which instructions executed
 infer operand size based on time taken
 RSA exploits time taken in exponentiation
 countermeasures
 use constant exponentiation time
 add random delays
 blind values used in calculations
Prepared By: Pranali Patil
Summary
 have considered:
 principles of public-key cryptography
 RSA algorithm, implementation, security

Prepared By: Pranali Patil

1. p= 3 and q=11
M=5
find e, d, C
2. p= 3 and q=19
M=6
find e, d, C

Prepared By: Pranali Patil