Scribd
Upload
8 views36 pages

Cryptography and Network Security: Seventh Edition, Global Edition by William Stallings

The document discusses public key cryptography, particularly focusing on the RSA algorithm, its principles, applications, and security aspects. It outlines misconceptions about public-key encryption, the requirements for effective public-key systems, and various attack methods against RSA. Additionally, it highlights the importance of key generation and the use of optimal asymmetric encryption padding (OAEP) to enhance security.

Uploaded by

codenovakc
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
8 views36 pages

Cryptography and Network Security: Seventh Edition, Global Edition by William Stallings

The document discusses public key cryptography, particularly focusing on the RSA algorithm, its principles, applications, and security aspects. It outlines misconceptions about public-key encryption, the requirements for effective public-key systems, and various attack methods against RSA. Additionally, it highlights the importance of key generation and the use of optimal asymmetric encryption padding (OAEP) to enhance security.

Uploaded by

codenovakc
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 36

Cryptography and

Network Security
Seventh Edition, Global Edition
by William Stallings

© 2017 Pearson Education, Ltd., All rights reserved.


Chapter 9
Public Key Cryptography and RSA

© 2017 Pearson Education, Ltd., All rights reserved.


Table 9.1
Terminology Related to Asymmetric Encryption

Source: Glossary of Key Information Security Terms, NIST IR 7298 [KISS06]

© 2017 Pearson Education, Ltd., All rights reserved.


Misconceptions Concerning
Public-Key Encryption

• Public-key encryption is more secure from


cryptanalysis than symmetric encryption

• Public-key encryption is a general-purpose


technique that has made symmetric encryption
obsolete

• There is a feeling that key distribution is trivial


when using public-key encryption, compared to
the cumbersome handshaking involved with key
distribution centers for symmetric encryption
© 2017 Pearson Education, Ltd., All rights reserved.
Principles of Public-Key
Cryptosystems
• The concept of public-key cryptography evolved from
an attempt to attack two of the most difficult
problems associated with symmetric encryption:
Key distribution
• How to have secure communications in general without having to
trust a KDC with your key

Digital signatures
• How to verify that a message comes intact from the claimed sender

• Whitfield Diffie and Martin Hellman from Stanford


University achieved a breakthrough in 1976 by coming
up with a method that addressed both problems and
was radically different from all previous approaches to
cryptography
© 2017 Pearson Education, Ltd., All rights reserved.
Public-Key Cryptosystems
• A public-key encryption scheme has six ingredients:

Encryption Decryption
Plaintext Public key Private key Ciphertext
algorithm algorithm

Accepts
The the
readable ciphertex
Performs The
message Used for Used for t and the
various scrambled
or data encryption encryption matching
transforma- message
that is fed or or produced key and
tions on the
into the decryption decryption as output produces
plaintext
algorithm the
as input original
plaintext

© 2017 Pearson Education, Ltd., All rights reserved.


© 2017 Pearson Education, Ltd., All rights reserved.
Table 9.2
Conventional and Public-Key Encryption

© 2017 Pearson Education, Ltd., All rights reserved.


Public-Key Cryptosystem: Secrecy

© 2017 Pearson Education, Ltd., All rights reserved.


Public-Key Cryptosystem: Authentication

© 2017 Pearson Education, Ltd., All rights reserved.


Public-Key Cryptosystem:
Authentication and Secrecy

© 2017 Pearson Education, Ltd., All rights reserved.


Applications for Public-Key
Cryptosystems
• Public-key cryptosystems can be classified into
three categories:
•The sender encrypts a message
Encryption/decryption with the recipient’s public key

•The sender “signs” a message


Digital signature with its private key

•Two sides cooperate to


Key exchange exchange a session key

• Some algorithms are suitable for all three


applications, whereas others can be used only for
one or two
© 2017 Pearson Education, Ltd., All rights reserved.
Table 9.3
Applications for Public-Key Cryptosystems

Table 9.3 Applications for Public-Key Cryptosystems

© 2017 Pearson Education, Ltd., All rights reserved.


Public-Key Requirements
• Conditions that these algorithms must fulfill:
• It is computationally easy for a party B to generate a pair
(public-key PUb, private key PRb)
• It is computationally easy for a sender A, knowing the
public key and the message to be encrypted, to generate
the corresponding ciphertext
• It is computationally easy for the receiver B to decrypt
the resulting ciphertext using the private key to recover
the original message
• It is computationally infeasible for an adversary, knowing
the public key, to determine the private key
• It is computationally infeasible for an adversary, knowing
the public key and a ciphertext, to recover the original
message
• The two keys can be applied in either order
© 2017 Pearson Education, Ltd., All rights reserved.
Public-Key Requirements
• Need a trap-door one-way function
• A one-way function is one that maps a domain into a range
such that every function value has a unique inverse, with the
condition that the calculation of the function is easy, whereas
the calculation of the inverse is infeasible
• Y = f(X) easy
• X = f–1(Y) infeasible

• A trap-door one-way function is a family of invertible


functions fk, such that
• Y = fk(X) easy, if k and X are known
• X = fk–1(Y) easy, if k and Y are known
• X = fk–1(Y) infeasible, if Y known but k not known

• A practical public-key scheme depends on a suitable trap-


door one-way function
© 2017 Pearson Education, Ltd., All rights reserved.
Public-Key Cryptanalysis
• A public-key encryption scheme is vulnerable to a brute-force
attack
• Countermeasure: use large keys
• Key size must be small enough for practical encryption and
decryption
• Key sizes that have been proposed result in encryption/decryption
speeds that are too slow for general-purpose use
• Public-key encryption is currently confined to key management and
signature applications

• Another form of attack is to find some way to compute the


private key given the public key
• To date it has not been mathematically proven that this form of
attack is infeasible for a particular public-key algorithm

• Finally, there is a probable-message attack


• This attack can be thwarted by appending some random
bits to simple messages
© 2017 Pearson Education, Ltd., All rights reserved.
Rivest-Shamir-Adleman
(RSA) Algorithm
• Developed in 1977 at MIT by Ron Rivest, Adi
Shamir & Len Adleman

• Most widely used general-purpose approach


to public-key encryption

• Is a cipher in which the plaintext and


ciphertext are integers between 0 and n – 1 for
some n
• A typical size for n is 1024 bits, or 309 decimal
digits
© 2017 Pearson Education, Ltd., All rights reserved.
RSA Algorithm
• RSA makes use of an expression with exponentials

• Plaintext is encrypted in blocks with each block having a binary


value less than some number n

• Encryption and decryption are of the following form, for some


plaintext block M and ciphertext block C
C = Me mod n
M = Cd mod n = (Me)d mod n = Med mod n

• Both sender and receiver must know the value of n

• The sender knows the value of e, and only the receiver knows the
value of d

• This is a public-key encryption algorithm with a public key of


PU={e,n} and a private key of PR={d,n}
© 2017 Pearson Education, Ltd., All rights reserved.
Algorithm Requirements
• For this algorithm to be satisfactory for public-
key encryption, the following requirements
must be met:
1. It is possible to find values of e, d, n
such that Med mod n = M for all M < n

2. It is relatively easy to calculate Me mod


n and Cd mod n for all values of M < n

3. It is infeasible to determine d given e


and n

© 2017 Pearson Education, Ltd., All rights reserved.


© 2017 Pearson Education, Ltd., All rights reserved.
Example of RSA Algorithm

© 2017 Pearson Education, Ltd., All rights reserved.


© 2017 Pearson Education, Ltd., All rights reserved.
Exponentiation in Modular
Arithmetic
• Both encryption and decryption in RSA involve
raising an integer to an integer power, mod n

• Can make use of a property of modular


arithmetic:

[(a mod n) x (b mod n)] mod n =(a x b) mod n

• With RSA you are dealing with potentially large


exponents so efficiency of exponentiation is a
consideration
© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
Table 9.4

© 2017 Pearson Education, Ltd., All rights reserved.


Efficient Operation Using
the Public Key
• To speed up the operation of the RSA algorithm
using the public key, a specific choice of e is
usually made

• The most common choice is 65537 (216 + 1)


• Two other popular choices are e=3 and e=17
• Each of these choices has only two 1 bits, so the
number of multiplications required to perform
exponentiation is minimized
• With a very small public key, such as e = 3, RSA
becomes vulnerable to a simple attack
© 2017 Pearson Education, Ltd., All rights reserved.
Key Generation
• Before the application of • Because the value of n = pq
the public-key will be known to any
cryptosystem each potential adversary, primes
participant must must be chosen from a
generate a pair of keys: sufficiently large set
• Determine two prime • The method used for
numbers p and q finding large primes must
• Select either e or d and be reasonably efficient
calculate the other

© 2017 Pearson Education, Ltd., All rights reserved.


Procedure for Picking a
Prime Number
• Pick an odd integer n at random

• Pick an integer a < n at random

• Perform the probabilistic primality test with a


as a parameter. If n fails the test, reject the
value n and go to step 1

• If n has passed a sufficient number of tests,


accept n; otherwise, go to step 2

© 2017 Pearson Education, Ltd., All rights reserved.


The Security of RSA
Brute force
• Involves
Chosen ciphertext trying all Mathematical attacks
attacks possible • There are several
• This type of attack private keys approaches, all
exploits properties equivalent in effort to
of the RSA factoring the product
algorithm of two primes
Five
possible
approaches
to
Hardware fault-based attacking
attack Timing attacks
RSA are:
• This involves inducing • These depend on the
hardware faults in the running time of the
processor that is decryption
generating digital algorithm
signatures

© 2017 Pearson Education, Ltd., All rights reserved.


Factoring Problem
• We can identify three approaches to attacking
RSA mathematically:
• Factor n into its two prime factors. This enables
calculation of ø(n) = (p – 1) x (q – 1), which in
turn enables determination of d = e-1 (mod ø(n))
• Determine ø(n) directly without first
determining p and q. Again this enables
determination of d = e-1 (mod ø(n))
• Determine d directly without first determining
ø(n)

© 2017 Pearson Education, Ltd., All rights reserved.


Chosen Ciphertext Attack
(CCA)
• The adversary chooses a number of ciphertexts and is
then given the corresponding plaintexts, decrypted
with the target’s private key
• Thus the adversary could select a plaintext, encrypt it
with the target’s public key, and then be able to get the
plaintext back by having it decrypted with the private
key
• The adversary exploits properties of RSA and selects
blocks of data that, when processed using the target’s
private key, yield information needed for cryptanalysis

• To counter such attacks, RSA Security Inc.


recommends modifying the plaintext using a
procedure known as optimal asymmetric encryption
padding (OAEP)
© 2017 Pearson Education, Ltd., All rights reserved.
Chosen Ciphertext Attack
(CCA) Example
• Assume that Alice creates the ciphertext C = Pe mode n and
sends C to Bob

• Assume that Bob will decrypt arbitrary ciphertext for Eve, an


adversary

• Eve intercepts C and uses following steps to mount an attack:


• Eve chooses random integer X in Zn*
• Eve calculates Y = C x Xe mod n
• Eve sends Y to Bob for decryption and get Z = Yd mod n
• Eve can easily find P by doing, Z = Yd mod n

© 2017 Pearson Education, Ltd., All rights reserved.


Exercise problems
• Suppose Bob uses the RSA cryptosystem with
a very large modulus n for which the
factorization can not be found in a reasonable
amount of time. Suppose Alice sends a
message to Bob by representing each
alphabetic character as an integer between 0
and 25 (A→0,…,Z→25) and then encrypting
each number separately using RSA with large e
and large n. Is this method secure? If not,
describe the attack against this encryption
method.
© 2017 Pearson Education, Ltd., All
rights reserved.
Exercise problems…
• In RSA public key encryption scheme, each
user has a public key, e and a private key, d.
Suppose Bob leaks his private key. Rather than
generating a new modulus, he decides to
generate a new public and a new private key.
Is this safe?

© 2017 Pearson Education, Ltd., All


rights reserved.
Optimal
Asymmetric
Encryption
Padding
(OAEP)

© 2017 Pearson Education, Ltd., All rights reserved.


Summary
• Public-key
• The RSA algorithm
cryptosystems
• Description of the
• Applications for public- algorithm
key cryptosystems • Computational
aspects
• Requirements for • Security of RSA
public-key
cryptography

• Public-key cryptanalysis

© 2017 Pearson Education, Ltd., All rights reserved.

You might also like