0% found this document useful (0 votes)
97 views25 pages

Applications For Public-Key Cryptosystems

The document discusses public-key cryptosystems and their requirements. It describes trap-door one-way functions and how they enable public-key encryption. It provides an overview of the RSA algorithm and discusses how it works. It then analyzes the security of RSA and describes techniques like timing attacks, fault-based attacks, and chosen ciphertext attacks that can potentially compromise RSA security. It also summarizes other public-key cryptosystems like Diffie-Hellman key exchange, ElGamal cryptography, and elliptic curve cryptography.

Uploaded by

Ranjan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
97 views25 pages

Applications For Public-Key Cryptosystems

The document discusses public-key cryptosystems and their requirements. It describes trap-door one-way functions and how they enable public-key encryption. It provides an overview of the RSA algorithm and discusses how it works. It then analyzes the security of RSA and describes techniques like timing attacks, fault-based attacks, and chosen ciphertext attacks that can potentially compromise RSA security. It also summarizes other public-key cryptosystems like Diffie-Hellman key exchange, ElGamal cryptography, and elliptic curve cryptography.

Uploaded by

Ranjan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 25

Applications for Public-Key Cryptosystems

Public-Key Requirements
• Conditions that these algorithms must fulfill:
– It is computationally easy for a party B to generate a pair
(public-key PUb, private key PRb)
– It is computationally easy for a sender A, knowing the
public key and the message to be encrypted, to generate
the corresponding ciphertext
– It is computationally easy for the receiver B to decrypt the
resulting ciphertext using the private key to recover the
original message
– It is computationally infeasible for an adversary, knowing
the public key, to determine the private key
– It is computationally infeasible for an adversary, knowing
the public key and a ciphertext, to recover the original
message
– The two keys can be applied in either order
Public-Key Requirements
• Need a trap-door one-way function
• A trap-door one-way function is a family of
invertible functions fk, such that
– Y = fk(X) easy, if k and X are known
– X = fk–1(Y) easy, if k and Y are known
– X = fk–1(Y) infeasible, if Y known but k not
known
• A practical public-key scheme depends on a
suitable trap-door one-way function
Rivest-Shamir-Adleman (RSA) Scheme

• Developed in 1977 at MIT by Ron Rivest,


Adi Shamir & Len Adleman
• Most widely used general-purpose
approach to public-key encryption
• Is a cipher in which the plaintext and
ciphertext are integers between 0 and n –
1 for some n
– A typical size for n is 1024 bits, or 309 decimal
digits
Example of RSA Algorithm
The Security of RSA
Factoring Problem
• We can identify three approaches to
attacking RSA mathematically:
– Factor n into its two prime factors. This enables
calculation of ø(n) = (p – 1) x (q – 1), which in
turn enables determination of d = e-1 (mod ø(n))
– Determine ø(n) directly without first determining
p and q. Again this enables determination of d =
e-1 (mod ø(n))
– Determine d directly without first determining
ø(n)
Table 9.5 Progress in RSA Factorization
Timing Attacks
• Paul Kocher, a cryptographic consultant,
demonstrated that a snooper can determine
a private key by keeping track of how long a
computer takes to decipher messages
• Are applicable not just to RSA but to other
public-key cryptography systems
• Are alarming for two reasons:
– It comes from a completely unexpected direction
– It is a ciphertext-only attack
Countermeasures
Fault-Based Attack
• An attack on a processor that is generating RSA digital
signatures
– Induces faults in the signature computation by reducing
the power to the processor
– The faults cause the software to produce invalid
signatures which can then be analyzed by the attacker to
recover the private key
• The attack algorithm involves inducing single-bit
errors and observing the results
• While worthy of consideration, this attack does not
appear to be a serious threat to RSA
– It requires that the attacker have physical access to the
target machine and is able to directly control the input
power to the processor
Chosen Ciphertext Attack (CCA)
• The adversary chooses a number of ciphertexts and
is then given the corresponding plaintexts,
decrypted with the target’s private key
– Thus the adversary could select a plaintext, encrypt it
with the target’s public key, and then be able to get
the plaintext back by having it decrypted with the
private key
– The adversary exploits properties of RSA and selects
blocks of data that, when processed using the target’s
private key, yield information needed for cryptanalysis
– To counter such attacks, RSA Security Inc.
recommends modifying the plaintext using a
procedure known as optimal asymmetric encryption
padding (OAEP)
Diffie-Hellman Key Exchange

• First published public-key algorithm


• A number of commercial products employ
this key exchange technique
• Purpose is to enable two users to securely
exchange a key that can then be used for
subsequent symmetric encryption of
messages
• The algorithm itself is limited to the
exchange of secret values
• Its effectiveness depends on the difficulty of
computing discrete logarithms
Key Exchange Protocols
• Users could create random private/public
Diffie-Hellman keys each time they
communicate
• Users could create a known private/public
Diffie-Hellman key and publish in a directory,
then consulted and used to securely
communicate with them
• Vulnerable to Man-in-the-Middle-Attack
• Authentication of the keys is needed
ElGamal Cryptography
Elliptic Curve Cryptography (ECC)

• Addition operation in ECC is the


counterpart of modular multiplication in
RSA
• Multiple addition is the counterpart of
modular exponentiation
ECC Encryption/Decryption
• Several approaches using elliptic curves have been analyzed
• Must first encode any message m as a point on the elliptic curve Pm
• Select suitable curve and point G as in Diffie-Hellman
• Each user chooses a private key nA and generates a public key PA=nA
*G
• To encrypt and send message Pm to B, A chooses a random positive
integer k and produces the ciphertext Cm consisting of the pair of
points:

Cm = {kG, Pm+kPB}
• To decrypt the ciphertext, B multiplies the first point in the pair by
B’s secret key and subtracts the result from the second point:
Pm+kPB–nB(kG) = Pm+k(nBG)–nB(kG) = Pm
Security of Elliptic Curve Cryptography
• Depends on the difficulty of the elliptic curve
logarithm problem
• Fastest known technique is “Pollard rho
method”
• Compared to factoring, can use much smaller
key sizes than with RSA
• For equivalent key lengths computations are
roughly equivalent
• Hence, for similar security ECC offers
significant computational advantages

You might also like