0% found this document useful (0 votes)
20 views45 pages

Chapter 4

Chapter 4 discusses public key cryptography, highlighting its advantages over symmetric cryptography, particularly in key distribution and digital signatures. It explains the principles of asymmetric encryption, including the roles of public and private keys, and outlines the RSA algorithm for secure communication. The chapter also covers the Diffie-Hellman key exchange method and the importance of message authentication and hash functions in ensuring data integrity and authenticity.

Uploaded by

Dagim Mengesha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
20 views45 pages

Chapter 4

Chapter 4 discusses public key cryptography, highlighting its advantages over symmetric cryptography, particularly in key distribution and digital signatures. It explains the principles of asymmetric encryption, including the roles of public and private keys, and outlines the RSA algorithm for secure communication. The chapter also covers the Diffie-Hellman key exchange method and the importance of message authentication and hash functions in ensuring data integrity and authenticity.

Uploaded by

Dagim Mengesha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 45

Chapter 4

Public key
Cryptography
Review of Symmetric Cryptography

• Limitation:
▪ Key distribution
▪sender and receiver must share the same key
▪Needs secure channel for key distribution
▪Impossible for two parties having no prior
relationship
▪Needs many keys for n parties to communicate
▪ Digital signatures: equivalent of signature used in paper documents.

2
Asymmetric encryption

• Asymmetric encryption is a form of


cryptosystem in which encryption and
decryption are performed using different
keys.
• Transforms plaintext into ciphertext using
one of the two keys and an encryption
algorithm.
• Using the paired key and a decryption
algorithm, the plaintext is recovered from
the ciphertext.

3
Cont..

4
Cont..
• Algorithms are based on mathematical functions
rather than on substitution and permutation.
• It is asymmetric(two key): a public & a private key.
▪ A public key, which may be known by anybody, and can be used to encrypt
messages, and verify signatures
▪ A private key, known only to the recipient, used to decrypt messages, and sign
(create) signatures
Common misconception

▪Public key encryption is more secure from


cryptanalysis than is conventional encryption.
• The security of any encryption scheme depends on the length of the key
and the computational work involved in breaking a cipher.
• There is nothing in principle about either conventional or public-key
encryption that makes one superior to another from the point of view of
resisting cryptanalysis.
▪Public key encryption is a general purpose
technique that has made conventional
encryption obsolete.
Important characteristics of algorithms

• Computationally infeasible to determine the


decryption key given only knowledge of the
cryptographic algorithm and the encryption
key.
• Either of the two related keys can be used for
encryption, with the other used for decryption .
• Computationally easy to en/decrypt messages
when the relevant (en/decrypt) key is known
Essential steps
1. Each end system in a network generates a
pair of keys to be used for encryption and
decryption of messages that it will receive.
2. Each system publishes its encryption key by
placing it in a public register or a file. This is
the public key. The companion key is kept
private.
3. If A wishes to send a message to B, it
encrypts the message using B’s public key.
4. When B receives the message, B decrypts it
using B’s private key.
Cont..

9
Cont…
• All participants have access to public keys.
• Private keys are generated locally by each participant and need
never be distributed.
• As long as a system controls its private key, communication is
secure.
• At any time, a system can change its private key and publish the
companion public key to replace its old public key.
Cont…
• Conventional encryption • Public-key encryption
▪ The same algorithm with the ▪ One algorithm is used for
same key is used for encryption and decryption
encryption and decryption. with a pair of keys, one for
▪ The sender and receiver encryption and one for
must share the algorithm decryption.
and the key. ▪ The sender and receiver must
▪ The key must be kept secret. each have one of the
matched pair of keys.
▪ It must be impossible to ▪ One of the two keys must be
decipher a message if no kept secret.
information is available. ▪ It must be impossible to
▪ Knowledge of the algorithm decipher a message if no
and samples of ciphertext other information is available
must be insufficient to ▪ Knowledge of the algorithm
determine the key. and samples of ciphertext
and one of the keys must be
insufficient to determine the
other key.
Cont…
Public-Key Cryptosystem: Secrecy
• Message source A
• plaintext: X = [X1,X2,…,XM]
• M elements of X are letters in some finite alphabet.
• Message destination B.
• B generates a related pair of keys: a public key, KUb, and
private key, KRb.
• Whereas KRb is only known to B.
Cont…
• KUb is publicly available.
• Ciphertext: Y = [Y1,Y2,…,YN]
Y = EKUb(X)
X = DKRb(Y)
• An opponent observing Y and having access to
KUb but not having access to KRb or X, attempts
to recover X and/or KRb.
• It is assumed that the opponent does have
knowledge of encryption (E) and decryption (D)
algorithms.
Cont…

• If the opponent is interested only in this particular message, then


the focus of effort is to recover X, by generating a plaintext
estimate Xˆ.
• If the opponent is interested in being able to read future messages
as well, attempt is to recover KRb by generating an estimate KRbˆ.
Public-Key Cryptosystem: Authentication

• A prepares a message to B and encrypts it using


A’s private key before transmitting it.
• B can decrypt the message using A’s public key.
• The entire encrypted message serves as a digital
signature because it is impossible to alter the
message without access to A’s private key
• so the message is authenticated both in terms
of source and in terms of data integrity.
Public-Crypto for secrecy(confidentiality)
Public-crypto for authentication
Both Authentication and Confidentiality
Use of public-key cryptosystems
1. Encryption /decryption: the sender encrypts a message with the
recipient’s public key.
2. Digital signature: the sender “signs” a message with its private
key.
3. Key exchange: two sides cooperate to exchange a session key.
Cont…
• Conditions that public-key cryptography should
fulfill are:
1. It is computationally easy for a party B to
generate a pair (KUb, KRb)
2. It is computationally easy for a sender A,
knowing the public key and the message to be
encrypted, M, to generate the corresponding
ciphertext:
C = EKUb(M)
3. It is computationally easy for the receiver B to
decrypt the resulting ciphertext using the private
key to recover the original message:
M = DKRb(C) = DKRb(EKUb(M))
Cont…
4. It is computationally infeasible for an opponent,
knowing the public key to determine the private
key.
5. It is computationally infeasible for an opponent,
knowing the public key and a ciphertext, to
recover the original message, M.
• Public-Key cryptanalysis
▪Like conventional vulnerable for brute-force
attack.
▪Solution: Using large keys however there is
trade off (increase in key size causes an increase
in complexity of the function)
RSA
• Developed by Rivest, Shamir and Adleman.
• Block cipher in which the plaintext and ciphertext
are integers between 0 and n-1 for some n.
• Best known & widely used public-key scheme
• Relies on the fact that prime factorization is
computationally very hard.
• Plaintext is encrypted in blocks, with each block
having a binary value less than some number n.
• A typical size for n is 1024 bits.
• The block size must be less than or equal to log2(n), in
practice the block size is 2k bits, where 2k<n≤2k+1.
RSA Key Generation
• Each user generates a public/private key pair by:
• Selecting two large primes at random -p, q
• Computing their system modulus n=p*q, note (n)=(p-
1)(q-1) (totient function)
• Selecting at random the encryption key e where 1<e<
(n), gcd(e, (n))=1 (relative prime)
• Solve following equation to find decryption key d
e*d=1 mod (n) and 0≤d≤(n), (extended Euclid‟s
algorithm)
• publish their public encryption key:PU={e,n}
• keep secret private decryption key: PR={d,n}

24
Encryption and Decryption
• Encryption and decryption are of the following
form.
▪ Message M < n.
▪ Encryption key = (e,n).
▪ Decryption key = (d,n).
▪ Encrypt => C = Me mod n.
▪ Decrypt => M = Cd mod n=(Me)d mod n = Med mod n
• Both sender and receiver must know the value of n.
• The sender knows the value of e, and only the
receiver knows the value of d.
Cont…
• For RSA to be satisfactory for public key encryption, the
following requirements must be met:
1. It is possible to find values of e, d, n such that Med mod n = M for
all M<n.
2. It is relatively easy to calculate Me mod n and Cd mod n for all values
of M<n.
3. It is infeasible to determine d given e and n.
RSA Example:

• Select two primes at random: p=17 & q=11


▪ Compute n = pq =17×11=187
▪ Compute (n) =(p–1)(q-1)=16×10=160
▪ Select e at random in which: gcd(e,160)=1; choose e=7
▪ Determine d: de=1 mod 160 and d<160 the value of d is 23 (1=de mod
(n) )
▪ Publish public key PU={7,187}
▪ Keep secret private key PR={23,187}
Cont..
• Sample RSA encryption/decryption is:
▪ encryption:
C = Me mod n = 887 mod 187 = 11
▪ decryption:
M = Cd mod n = 1123 mod 187 = 88

• Example 2:
▪ Lets choose two primes: p=11 and q=13 then n=p×q=143. ant he
totient of n (n)= (p−1)⋅(q−1)=120.
▪ We choose random e=7 and calculated a private d=103
Cont..
• Lets choose our plaintext message, m to be 9:
• encryption:
▪ Me mod n=97mod143=48=c
• decryption:
▪ Cd mod n=48103mod143=9=m
• How to encrypt a message like "attack at dawn".
• First we need to convert the message into a numeric format.

29
Cont..
• Example : Each letter is represented by an ascii character or can be
encode with another encoding technique.
• Then we need to group the result number and we need to apply
encryption and decryption for each.
• E.g A=65 and a=97, d=100 e.t.c

30
RSA Security

• Four possible approaches to attacking the RSA


algorithm are
▪ Brute force: involves trying all possible private
keys.
▪ Mathematical attacks: focuses on factoring the
product of two primes.
▪ Timing attacks: depend on the running time of
the decryption algorithm.
▪ Chosen ciphertext attacks: This type of attack
exploits properties of the RSA algorithm.
Diffie-Hellman Key Exchange

• public-key encryption helps to address key


distribution problems
• have two aspects of this:
▪ distribution of public keys
▪ use of public-key encryption to distribute secret keys
• First public-key type scheme proposed by Diffie
& Hellman in 1976 along with the exposition of
public key concepts
• Purpose is to enable two users to exchange a
key securely.
Cont..
• It is a practical method for public exchange of a secret key
• Value of key depends on the participants and their private and
public key information
• Exponential key agreement
• Requires no prior secrets
• Real-time over an untrusted network
• Requires two large numbers, one prime (P), and (G), a primitive root
of P

33
Algorithm
• A prime number P and an integer G which is
primitive root of P.
• Both are publicly available numbers
▪ P is at least 512 bits
• Users pick private values a and b which is less
than P
• Compute public values
▪ x = ga mod p
▪ y = gb mod p
• Public values x and y are exchanged

34
Cont..
• Compute shared, private key
▪ ka = ya mod p
▪ kb = xb mod p
• Algebraically it can be shown that ka = kb
▪ Users now have a symmetric secret key to encrypt

Example
• Two Internet users, Alice and Bob wish to have a secure
conversation.
▪ They decide to use the Diffie-Hellman protocol

35
Example

• Alice and Bob get public numbers


▪ P = 23, G = 9
• Alice and Bob pick private value a=4 and b=3 and
compute public values
▪ X = 94 mod 23 = 6561 mod 23 = 6
▪ Y = 93 mod 23 = 729 mod 23 = 16
• Alice and Bob exchange public numbers
• Alice and Bob compute symmetric keys
▪ ka = ya mod p = 164 mod 23 = 9
▪ kb = xb mod p = 63 mod 23 = 9
• Alice and Bob now can talk securely!

36
Message Authentication and Hash Function

• Message authentication is concerned with:


▪Protecting the integrity of a message
▪Validating identity of originator
▪Non-repudiation of origin
• Security Requirements
▪disclosure
▪traffic analysis
▪masquerade
▪content modification
▪sequence modification
▪timing modification
▪source repudiation
▪destination repudiation
Cont….

• Message authentication is a procedure to verify


that received messages come from the alleged
source and have not been altered.
• A digital signature is an authentication
technique that includes repudiation by either
source or destination.
• Authentication Functions:
▪ Message encryption
▪ Message authentication code (MAC)
▪ Hash function
Message encryption

• Ciphertext of the entire message serves as its


authenticator.
• The analysis differs for conventional and public-key
encryption.
• Conventional encryption provides authentication as
well as confidentiality.
• Public-key encryption provides confidentiality but not
authentication, since everybody accesses the public
key.
• Using private key to encrypt and public-key to decrypt
provides authentication.
• To provide both confidentiality and authentication, A
encrypts message using its private key, which gives
digital signature, and then using B’s public-key. (double
key encryption)
Message Authentication Code (MAC)

• Generate a small fixed-size block of data.


• Known as cryptographic checksum or MAC, that is
appended to the message.
▪Two communicating parties share a common secret
key K.
▪When A has a message to send to B, it calculates the
MAC as a function of the message and the key.
• MAC = CK(M)
▪The receiver performs the same calculation on the
received message using the same secret key to
generate a new MAC.
▪The received MAC is compared to calculated MAC.
Cont…

▪If the received MAC matches the calculated MAC


▪The message has not been altered/ Integrity
▪The message is from alleged sender/ Authentication
▪MAC function is similar to encryption, one difference
is that the MAC algorithm need not be reversible as it
must for decryption.
▪It is less vulnerable to being broken than encryption.
▪It provides authentication and integrity but not
confidentiality
▪For confidentiality it should be encrypted again.
Hash Function
• A variation on the MAC is the one-way hash
function.
• As with the MAC, a hash function accepts a
variable-size message M as input and produces a
fixed size hash code H(M).
▪ map original data of arbitrary size to hash value
of fixed size.
• The hash code is a function of all the bits of the
message and provides an error detection capability.
• A change to any bit or bits in the message results in
a change to the hash code.
▪ Guarantee messages integrity but not authentication
Cont..

43
Hash and MAC Algorithms
▪ MD5
• designed by Ronald Rivest
• latest in a series of MD2, MD4
• the most widely used hash algorithm
▪ Secure Hash Algorithm (SHA-1, SHA-2..)
• SHA was designed by NIST (national institute of standards and technology) in
1993, revised in 1995 as SHA-1
• generally preferred hash algorithm
• not vulnerable to any known attacks
• a little slower than MD5
Cont…

▪ RIPEMD-160 (RACE Integrity Primitives Evaluation Message


Digest)
• developed in Europe as part of RIPE project in 96
• somewhat similar to MD5/SHA
• slower, but probably more secure, than SHA
▪ HMAC
• uses hash function on the message
• the security of HMAC relates to that of the underlying hash algorithm
• HMAC authentication using hash function

You might also like