6 Unit 3 - Asymmetric Key Cryptography
6 Unit 3 - Asymmetric Key Cryptography
Asymmetric-Key
Cryptography
Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
10.1
Chapter 10
Objectives
10.2
Why Public-Key Cryptography?
Developed to address two key issues:
key distribution – how to have secure
communications in general without having to
trust a KDC with your key
digital signatures – how to verify a message
comes intact from the claimed sender
public
invention due to Whitfield Diffie &
Martin Hellman at Stanford Uni in 1976
known earlier in classified community
Public-Key Cryptography
public-key/two-key/asymmetric cryptography involves the use
of two keys:
a public-key, which may be known by anybody, and can be
Note
Symmetric-key cryptography is based on sharing secrecy;
asymmetric-key cryptography is based on personal secrecy.
10.5
10.1.1 Keys
10.6
10.1.2 General Idea
10.7
10.1.2 Continued
Plaintext/Ciphertext
Unlike in symmetric-key cryptography, plaintext and
ciphertext are treated as integers in asymmetric-key
cryptography.
Encryption/Decryption
C = f (Kpublic , P) P = g(Kprivate , C)
10.8
10.1.3 Need for Both
10.9
10.1.4 Trapdoor One-Way Function
10.10
10.1.4 Continued
One-Way Function (OWF)
1. f is easy to compute.
2. f −1 is difficult to compute.
10.11
10.1.4 Continued
10.12
Public-Key Requirements
need a trapdoor one-way function
one-way function has
Y = f(X) easy
X = f–1(Y) infeasible
The size of cipher text is same or smaller than the The size of cipher text is same or larger than the
original plain text. original plain text.
In symmetric key encryption, resource utilization is In asymmetric key encryption, resource utilization is
low as compared to asymmetric key encryption. high.
10.14
10-2 RSA CRYPTOSYSTEM
10.15
RSA
by Rivest, Shamir & Adleman of MIT in 1977
best known & widely used public-key scheme
based on exponentiation in a finite (Galois) field over
integers modulo a prime
nb. exponentiation takes O((log n)3) operations
(easy)
uses large integers (eg. 1024 bits)
security due to cost of factoring large numbers
nb. factorization takes O(e log n log log n) operations
(hard)
10.2.1 Introduction
10.17
10.2.2 Procedure
10.18
Proof of RSA
de mod Ø (n) = R
Dividend = quotient ×divisor + remainder
10.20
Example
10.21
10.22
10.2.3 Some Trivial Examples
Example 10. 5
Bob chooses 7 and 11 as p and q and calculates n = 77. The
value of (n) = (7 − 1)(11 − 1) or 60. Now he chooses two
exponents, e and d, from Z60∗. If he chooses e to be 13, then
d is 37. Note that e × d mod 60 = 1 (they are inverses of each
Now imagine that Alice wants to send the plaintext 5 to Bob.
She uses the public exponent 13 to encrypt 5.
10.23
10.2.6 Continued
Example 10. 8
10.24
10.2.6 Continued
Example 10. 8 Continued
10.25
10.2.6 Continued
Example 10. 8 Continued
10.26
10.2.6 Continued
Example 10. 8 Continued
10.27
10.2.6 Continued
Example 10. 8 Continued
10.28
10.2.4 Attacks on RSA
10.29
10.30
10.31
10.32
Attacks on encryption exponent
Coppersmith Theorem attack:
Low encryption exponent attack
It states that “ in a modulo-n polynomial f(x) of degree e , one
can use an algorithm of the complexity log n to find the roots
if one of the roots is smaller than n1/e
This theorem can be applied to RSA algorithm
With C=f(P)=P e mod n , if e=3 and only 2/3rd of the bits in P
are known, then the algorithm can find all the bits in the
plaintext.
Broadcast attack
Related message attack
Shortpad Attack
10.33
Attacks on encryption exponent
Broadcast attack
- launched if one entity sends the same message to
a group of recipients with same low encryption
exponent.
Example:
Alice sends same message to three recipient with same
public exponent e =3 and the moduli n1, n2, and n3
C1 = P3 mod n1
C2 = P3 mod n2
C3 = P3 mod n3
10.34
Attacks on encryption exponent
10.35
Attacks on Decryption exponent
Revealed Decryption attack
Low decryption attack
10.36
Plaintext attacks
Short Message attack
Cycling Attack
Unconcealed Message attack
10.39
10.40
Plaintext attacks
•Unconcealed message attack: In some rare
cases, it is found that some encrypted cipher
text is the same as the plain text i.e original
text. This means that the plain text is not
hidden. Such type of attack is called an
unconcealed message attack
10.41
Attacks on modulus: Common modulus
attack
10.42
10.43
10.44
Attacks on encryption exponent
Coppersmith Theorem attack:
Low encryption exponent attack
It states that “ in a modulo-n polynomial f(x) of degree e , one
can use an algorithm of the complexity log n to find the roots
if one of the roots is smaller than n1/e
This theorem can be applied to RSA algorithm
With C=f(P)=P e mod n , if e=3 and only 2/3rd of the bits in P
are known, then the algorithm can find all the bits in the
plaintext.
Broadcast attack
Related message attack
Shortpad Attack
10.45
Attacks on encryption exponent
Broadcast attack
- launched if one entity sends the same message to
a group of recipients with same low encryption
exponent.
Example:
Alice sends same message to three recipient with same
public exponent e =3 and the moduli n1, n2, and n3
C1 = P3 mod n1
C2 = P3 mod n2
C3 = P3 mod n3
10.46