NT219-Cryptography

Week 09: Asymmetric Cryptography (P4)

PhD. Ngoc-Tu Nguyen
[email protected]

05-2023 NT219–Cryptography Week 9: 1

 Outline
 Why asymmetric cryptography?
 Factoring Based Cryptography (P1)
 RSA
 Rabin

 Logarithm Based Cryptography (P2)

 Elliptic Curve Cryptography (P3)
 Some advanced cryptography system
(quantum resistance)

05-2023 NT219–Cryptography Week 9: 2

 Implementation the RS A Algorithm (review)

Fermat's little theorem

λ(n) = lcm(p − 1, q − 𝑒 . 𝑑=1 𝑚𝑜𝑑 𝜙 (𝑛)

1) Carmichael's theorem
𝑒 . 𝑑=1 𝑚𝑜𝑑 𝜆(𝑛)

05-2023 NT219–Cryptography Week 9: 3

 Implementation The RS A Algorithm ((review) )
Generalization of Fermat's little theorem𝑛=15 , ℤ 15 ={0 , 1 , 2 , …15 }
• Let

1
2
𝑃𝑈={𝑛, 𝑒} 4

𝑃𝑅={𝑛,𝑝 ,𝑞 ,𝑑, 𝑑𝑝 , 𝑑 𝑞 ,𝑞 𝑖𝑛𝑣 } 7

8
11
13
14

 Openssl_key_geneeration.txt
05-2023 NT219–Cryptography Week 9: 4
 Implementation The RS A Algorithm

𝑃𝑈={𝑛, 𝑒} • Encrypt
𝑒
𝐶 =𝑚 𝑚𝑜𝑑 𝑛

𝑃𝑅={𝑛,𝑝 ,𝑞 ,𝑑, 𝑑𝑝 , 𝑑 𝑞 ,𝑞 𝑖𝑛𝑣 } • Decrypt

𝑑
𝑚=𝐶 𝑚𝑜𝑑 𝑛 !

 Chinese remainder theorem

05-2023 NT219–Cryptography Week 9: 5
 ElGamal cipher
Encryption message (using public key )
• Choose a random number why?
• Compute ;
• Computer
• Output cipher message

Decryption (using secret key )

• Computer

05-2023 NT219–Cryptography Week 9: 6

 Diffie-Hellman exchange Protocol (DHE)
p = 1606938044258990275541962092341162602522202993782792835301301
𝑔 = 123456789
𝑔𝑎 mod p =
78467374529422653579754596319852702575499692980085777948593

𝑔𝑏 mod p =
560048104293218128667441021342483133802626271394299410128798
𝑎= 𝑏=
685408003627063 362059131912941
761059275919665 987637880257325
781694368639459 269696682836735
527871881531452 𝑔𝑎𝑏 mod p = 524942246807440
437452857085801785219961443000 𝑏
845969831329749878767465041215 (𝑔¿¿𝑎) 𝑚𝑜𝑑𝑝¿
05-2023 NT219–Cryptography Week 9: 7
 Computational hardness assumptions

• Integer factorization Problem ;

)

• Discrete Log Problem (DLP):

• Diffie-Hellman Problem (DHP):

05-2023 NT219–Cryptography Week 9: 8

 Man-in-the middle attacks the DHE
𝑎
𝑔 𝑚𝑜𝑑 𝑝
𝑏
𝑎
(𝑎 , 𝑔 ) 𝑏 (𝑏 , 𝑔 )
𝑔 𝑚𝑜𝑑𝑝
𝑎 𝑏 𝑎𝑏 B(Zelensky)
A(Putin) 𝑠𝑘=(𝑔¿¿𝑏) =(𝑔¿¿𝑎) =𝑔 𝑚𝑜𝑑𝑝¿¿
man-in-the-middle attack!
𝑚
𝑎 𝑔 𝑚𝑜𝑑 𝑝
𝑔 𝑚𝑜𝑑 𝑝
𝑏
𝑚
𝑔 𝑚𝑜𝑑 𝑝 𝑔 𝑚𝑜𝑑𝑝
𝑏𝑚
𝑠 𝑘1=𝑔
𝑎𝑚
𝑚𝑜𝑑 𝑝 𝑠 𝑘2=𝑔 𝑚𝑜𝑑 𝑝
05-2023 NT219–Cryptography Week 9: 9
 Motivations
Group (G,+)
can do + −
lightweight computational overhead?
Ring (R, +,
×) can do + − ×
 Z 2n  {0,1,..., 2  1}
n

Field (F, +, can do + − × ÷

×)  Z p  {0,1,..., p  1}
05-2023 NT219–Cryptography Week 9: 10
 Elliptic curve

An el iptic curve is a group defined over a field K

elliptic curve group (𝐸,⊕) can do ⊕ ⊖

underlying field (𝐾, +, ×) can do + − × ÷

operations in underlying field are used and combined

to compute the el iptic curve operation ⊕

05-2023 NT219–Cryptography Week 9: 11

 Elliptic curves
Weierstrass form
𝐸/𝐾: 𝐸 specified
by 𝐾, 𝑎, 𝑏

𝐸/ℝ : 𝑦 2 = 𝑥 3 + 𝑥 + 1 𝐸/ℝ : 𝑦 2 = 𝑥 3 − 𝑥
05-2023 NT219–Cryptography Week 9: 12
 Elliptic curves
Weierstrass form
𝐸 / ℤ7 : 𝑦 2= 𝑥 3+ 𝑥+ 1(𝑚𝑜𝑑 7)
𝐸/ℝ : 𝑦 2 = 𝑥 3 + 𝑥 + 1

x y

1 3 x

2 4 2,5

3 3 x

4 6 x

5 5 x

6 6 x

05-2023 NT219–Cryptography Week 9: 13

 Elliptic curves
Montgomery form
𝐸/𝐾: 𝐸 specified
by 𝐾, A, B

𝐸/ℝ :

05-2023 NT219–Cryptography Week 9: 14

 Curve25519

𝐸/𝐾:
where field

05-2023 NT219–Cryptography Week 9: 15

 Elliptic curves
Edwards form (Ed)
𝐸/𝐾:
𝐸 specified
by: 𝐾, d

𝐸/ℝ :

https://safecurves.cr.yp.to/
05-2023 NT219–Cryptography Week 9: 16
 Elliptic curves
Twisted Edwards form
𝐸/𝐾: 𝐸 specified
by: 𝐾, a, d

𝐸/ℝ :

https://safecurves.cr.yp.to/
05-2023 NT219–Cryptography Week 9: 17
 Elliptic group
Addition of two points:
y  If P1 and P2 are on E, we
can define sum
P2
P1 as shown in picture
x

P3

05-2023 NT219–Cryptography Week 9: 18

 Elliptic group
Point Doubling Special case

=P+P
P+P= O (infinity)

05-2023 NT219–Cryptography Week 9: 19

 Elliptic group

P+ O = P

O+ P=P

P+(-P)= O (infinity)

05-2023 NT219–Cryptography Week 9: 20

 Elliptic group
Example

05-2023 NT219–Cryptography Week 9: 21

 Elliptic group
Given two points P, Q in E/K, there is a third point, denoted by P + Q on
E/K, and the following relations hold for all P, Q, R in E/K, where K be
a finite field
 P + Q = Q + P (commutativity)

 (P + Q) + R = P + (Q + R) (associativity)

 P + O = O + P = P (existence of an identity element)

 there exists ( − P) such that − P + P = P + ( − P)

= O (existence of inverses)

05-2023 NT219–Cryptography Week 9: 22

 Elliptic group
• Group points 𝐸/𝐾
• Subgroup generated by a point
¿ 𝐺≥{𝐺 , 2 𝐺 , …. ,𝑘𝐺 , …}={𝑘𝐺: 𝑘∈ 𝐾 }⊂ 𝐸 / 𝐾
𝐺
𝐺
𝑛 =¿
3𝐺 •
• 5𝐺 |𝐸 / 𝐾|
h=
• ¿¿
•
4𝐺
6𝐺
• 2𝐺
05-2023 NT219–Cryptography Week 9: 23
 Elliptic group
• ECC group parameters:
 ECC equation (type, coeffection):
 Modulo: ¿ 𝐺 >¿ {𝑘𝐺 : 𝑘 ∈ 𝐾 }⊂ 𝐸 / 𝐾
 Generator point: 𝐺
𝐺
 Order of : 3𝐺 •
• 5𝐺
|𝐸 / 𝐾|
h=
 Cofactor: •
¿¿
•
4𝐺
6𝐺
http://www.secg.org/sec2-v2.pdf • 2𝐺

05-2023 NT219–Cryptography Week 9: 24

 Using Elliptic Curves In Cryptography

 Hardness assumption.
d  Q = dG = G + G + … + G.
• Discrete Log Problem (DLP):

 Elliptic curve discrete logarithm

problem (ECDLP)

𝐺 , 𝑄 (¿ 𝑑𝐺) ↦ 𝑑
where
times

05-2023 NT219–Cryptography Week 9: 25

 Elliptic Curve Cryptosystems (ECC)
Algorithm Encryption/ Digital Key
Decryption Signature Exchange

RSA Yes Yes Yes

Elliptic Curve Yes Yes Yes

Diffie– No No Yes
Hellman

DSS No Yes No

05-2023 NT219–Cryptography Week 9: 26

 What Is ECC?
 Elliptic curve cryptography [ECC] is a public-key cryptosystem
just like RSA, Rabin, and El Gamal.
 Every user has a public key and a private key .
 Public key is used for encryption/signature verification.
 Private key is used for decryption/signature generation.

 Elliptic curves are used as an extension to other current

cryptosystems.
 Elliptic Curve Diffie-Hellman Key Exchange
 Elliptic Curve Digital Signature Algorithm

05-2023 NT219–Cryptography Week 9: 27

 Generic Procedures of ECC
 Both parties agree to some publicly-known data items
 The elliptic curve equation
• Type, values of a and b (or others)
• Modulo: prime p or f(x)
 A base point,, taken from the elliptic group;
 Others parameters (assure security)
 Each user generates their public/private key pair
 Private Key:
 Public Key:

times

05-2023 NT219–Cryptography Week 9: 28

 ECC Cipher
 Suppose Alice wants to send to Bob an encrypted message.
 Both agree on a ECC curver and a base point .
 Alice and Bob create public/private keys.
• Alice
– Private Key = a
– Public Key = QA = a .
• Bob
– Private Key = b
– Public Key = QB = b.

05-2023 NT219–Cryptography Week 9: 29

 ECC Cipher
public key public key
Alice Bob

public key ? private key

( 𝐺 , 𝑃 𝐾 𝐵 =𝑏𝐺 , 𝑆𝐾 = 𝑏)

• Input:
• Select a random integer
• Decrypt
, compute
• Encrypt (𝑅 , 𝐶 )
𝑅=𝑘𝐺 , 𝐶=𝑀 +𝑘 . 𝑃 𝐾 𝐵

05-2023 NT219–Cryptography Week 9: 30

 ECC Diffie-Hellman (ECDHE)
 Public: Elliptic curve and a point =(x,y) on curve
 Secret: Alice’s a and Bob’s b

𝑄 𝐴 (¿ 𝑎 . 𝐺)
)

Alice, A Bob, B
• Alice computes
• Bob computes
• These are the same since

05-2023 NT219–Cryptography Week 9: 31

 Diffie-Hellman key exchange attack
𝑎
𝑔 𝑚𝑜𝑑 𝑝
𝑏
𝑎
(𝑎 , 𝑔 ) 𝑏 (𝑏 , 𝑔 )
𝑔 𝑚𝑜𝑑𝑝
𝑎
𝑠𝑘=(𝑔¿¿𝑏) =(𝑔¿¿𝑎) =𝑔 𝑚𝑜𝑑𝑝¿¿
𝑏 𝑎𝑏 Bob
Alice
man-in-the-middle attack!
𝑚
𝑎 𝑔 𝑚𝑜𝑑 𝑝
𝑔 𝑚𝑜𝑑 𝑝
𝑏
𝑚
𝑔 𝑚𝑜𝑑 𝑝 𝑔 𝑚𝑜𝑑𝑝
𝑏𝑚
𝑠 𝑘1=𝑔
𝑎𝑚
𝑚𝑜𝑑 𝑝 𝑠 𝑘2=𝑔 𝑚𝑜𝑑 𝑝
05-2023 NT219–Cryptography Week 9: 32
 Diffie-Hellman key exchange attack
𝑸𝑨

(𝑎 , 𝑄 𝐴 =𝑎𝐺) 𝑸𝑩 (𝑏 , 𝑄 𝐵 =𝑏𝐺)

𝑠𝑘=𝑎 𝑄 𝐵=𝑏𝑄 𝐴 =𝑎𝑏𝐺 Bob

Alice
man-in-the-middle attack!
𝑚𝐺
𝑎𝐺
𝑚𝐺 𝑏𝐺
(𝑎 , 𝑄 𝐴 =𝑎𝐺) (𝑏 , 𝑄 𝐵 =𝑏𝐺)
𝑠 𝑘1=𝑎𝑚𝐺 (𝑚 , 𝑄 𝑀 =𝑚𝐺) 𝑠 𝑘2=𝑏𝑚𝐺
05-2023 NT219–Cryptography Week 9: 33
 Why use ECC?
 How do we analyze Cryptosystems?
 How difficult is the underlying problem that it is based upon
• RSA – Integer Factorization
• DH – Discrete Logarithms
• ECC - Elliptic Curve Discrete Logarithm problem
 How do we measure difficulty?
• We examine the algorithms used to solve these problems

05-2023 NT219–Cryptography Week 9: 34

 Security of ECC
 To protect a 128 bit AES key Symmetric
Encryption
RSA and Diffie-
Hellman
ECC
Key
it would take a: (Key Size in
bits)
(modulus size
in bits)
Size in
bits
 RSA Key Size: 3072 bits
 ECC Key Size: 256 bits 56 512 112

 How do we strengthen RSA? 80 1024 160

 Increase the key length
112 2048 224
 Impractical?
128 3072 256 3 (ngắn hạn)
https://nvlpubs.nist.gov/nistpubs/
SpecialPublications/NIST.SP.80 192 7680 384 4 (trung hạn)
0-57pt1r5.pdf
256 15360 512 5 (dài hạn)

05-2023 NT219–Cryptography Week 9: 35

 Applications of ECC
 Many devices are small and have limited storage and computational
power

 Where can we apply ECC?

 Wireless communication devices

 Smart cards

 Web servers that need to handle many encryption sessions

 Any application where security is needed but lacks the power, storage

and computational power that is necessary for our current cryptosystems

05-2023 NT219–Cryptography Week 9: 36

 Benefits of ECC

 Same benefits of the other cryptosystems: confidentiality,

integrity, authentication and non-repudiation but…

 Shorter key lengths

 Encryption, Decryption and Signature Verification speed up

 Storage and bandwidth savings

05-2023 NT219–Cryptography Week 9: 37

 Summary of ECC
 “Hard problem” analogous to discrete log
 Q=kG, where Q,G belong to a prime curve
given k,G  “easy” to compute Q
given Q,G  “hard” to find k
 known as the elliptic curve logarithm problem

• k must be large enough

 ECC security relies on elliptic curve logarithm problem
 compared to factoring, can use much smaller key sizes than with
RSA etc
 for similar security ECC offers significant
computational advantages
05-2023 NT219–Cryptography Week 9: 38