public_key_cryptography

Public Key Cryptography

All secret key algorithms & hash algorithms do the same thing

but public key algorithms look very different from each other.

What is common among all of them is that

each participant has two keys, public and private,

and most of them are based on modular arithmetic.

Modular Arithmetic

x mod n is the remainder of x when divided by n.

e.g., 8 mod 10 = 8, 18 mod 10 = 8, 24 mod 10 = 4
8 mod 7 = 1, 18 mod 7 = 4, 24 mod 7 = 3

Ø Addition:

Example: addition mod 10

8 + 8 = 6,

1 + 9 = 0,

7 + 6 = 3

See Fig. 6-1 for addition mod 10 Table:

Encryption: Addition mod 10 can be used for encryption of digits.

Add k, a secret key between 1-9, to each digit.

Example: if k = 7, then 1987 is encrypted to 8654.

Decryption: Add -k, the additive inverse of k, to each digit.

An additive inverse of x is the number you'd have to add to x to get 0.

Example: if k = 7, then -k is 3 since 7+3 = 0

Thus 8654 will is decrypted to 1987.

In the above table (Fig. 6-1), each "0" is the intersection of

k and -k, e.g., 0 is the intersection of 3 and 7.

Ø Multiplication:

Example: multiplication mod 10 :

8 x 8 = 4, 1 x 9 = 9 , 7 x 6 = 2

See Fig. 6-2 for multiplication mod 10 Table:

Encryption: multiplication by 1, 3, 7, 9 works as a cipher

since it performs 1-1 mapping.

Example: if k = 7, then 1987 is encrypted to 7369

Decryption: is done by multiplying each digit by k^-1 ,

the multiplicative inverse of k.

It is the number to multiply by k to get 1.

Example: if k = 7, then k^-1 is 3 since 7x3 = 1

In the above table (Fig. 6-2),

each "1" is the intersection of k and k^-1.

Note that only {1,3,7,9} have multiplicative inverse mod 10.

Ø What is so special about the set {1,3,7,9}?

These numbers are relatively prime to 10,

i.e., they do not share with 10 any common factors other than 1.

Note that 9 is not a prime number but it is relatively prime to 10.

Ø How many numbers less than n are relatively prime to n?

This quantity is referred to as:

Ø(n) and is called the totient function.

· If n is prime:

then {1,2, ..., n-1} are all relatively prime and
thus Ø(n) = n-1.

· If n = p.q where p and q are two distinct primes,

then Ø(n) = (p-1)(q-1).

Example: for n = 10 = 2.5, Ø(10) =(2-1).(5-1)=1.4=4,
which is the set {1,3,7,9}.

Ø Exponentation:

Example: exponentiation mod 10

4 ² = 6, 8 ⁸ = 6, 1⁹ = 1 , 7⁶ = 9

See Fig. 6-3 for exponentiation mod 10 Table:

Amazing fact about Ø(n):

x ^mmod n = x ^{m mod Ø(n)} mod n

Since Ø(10)=4, in Fig. 6-3:

x ^mmod 10 = x ^{m mod 4} mod 10

the i^th column is identical to the i+4^th column,

e.g., 1^st =5^th =9^th and 3^rd = 7^th =11^th.

Special case:

if m = 1 mod Ø(n), then for any number x,

x ^mmod n = x mod n.

Example: For n =10, Ø(10)=4

Since m = 9 is = 1 mod 4:

3⁹mod 10 = 3 mod 10 = 3 &

6⁹mod 10 = 6 mod 10 = 6

in general:

for any x : x⁹mod 10 = x mod 10 = x

An exponentiative inverse of e is the number d such that:

e.d = 1 mod Ø(n)

Example: For n= 10, Ø(10)=4:

e=3 and d=7 are exponentiative inverses since:

3.7 = 21 = 1 mod 4

Encrypt/Decrypt:

· To encrypt m: compute c = m^emod n

· To decrypt c: compute m = c^dmod n

Example:

encrypt m = 8: c = 8³= 2

decrypt c = 2: m = 2⁷= 8

Sign/Verify:

· To sign m: compute s = m^dmod n

· To verify s: compute m = s^emod n

Example:

sign m = 8: s = 8⁷= 2

verify s = 2: m = 2³= 8

In public cryptography:

<e, n> is public key

<d, n> is private key

RSA: Rivest, Shamir & Adleman

Key length:

Variable (long for security, short for efficiency).

Most common values is 512 & 1024 bits.

Block size:

plain text length is variable but less than key length &
cipher text length equals key length.

Thus RSA is used for encrypting small amount of data,

e.g., a secret key and then use the secret key cryptography for

encrypting/decrypting large amount of data.

RSA Algorithm:

Generate public & private keys pair:

1. Choose two large primes p and q.
(Typically 256 bits each & keep them secret).

2. Compute n = p.q & Ø(n) = (p-1)(q-1).
(It is very hard to factor n into p & q ).

3. Choose a number e that is relatively prime to Ø(n).

4. Find a number d that is the exponentiative inverse of e
i.e., e.d = 1 mod Ø(n).

5. The public key: <e,n> & the private key: <d,n>.

Encrypt/Decrypt:

To encrypt a message m ( less than n):

c = m^emod n

To decrypt c:

m = c^dmod n

This works since:
   c^dmod n = (m^e)^dmod n
                  = m^e.dmod n
                  = m mod n    // since e.d = 1 mod Ø(n)
                  = m                // since m < n

Sign/Verify:

To sign a message m ( less than n):

s = m^dmod n

To verify s:

m = s^emod n

This also works since:

s^emod n = m^e.dmod n = m mod n = m

Why is RSA Secure:

Every one knows the public key: <e, n>.

To find the private key <d,n>

you need to know Ø(n) since e.d = 1 mod Ø(n).

To know Ø(n) you need to know p and q since

Ø(n) = (p-1).(q-1).

Thus to break RSA you should know:

how to factor n to find p and q.

Factoring a big number like n is hard. The best technique to factor 512 bit number takes 30,000 MIPS-years!

Efficiency of RSA Operations:

Exponentiation

How to compute 123⁵⁴ mod 678?

123²= 123.123 = 15129 = 213 mod 678
123³= 123.213 = 26199 = 435 mod 678
123⁴= 123.435 = 53505 = 621 mod 678
......
123⁵⁴= ...... = 87 mod 678

This requires 54 small number multiplications

and 54 small number divisions.

How to compute 123³² mod 678?

123²= 123.123 = 15129     = 213 mod 678
123⁴= 213.213 = 45369     = 621 mod 678
123⁸= 621.621 = 385641   = 537 mod 678
123¹⁶= 537.537 = 288369   = 219 mod 678
123³²= 219.219 = 47961     = 501 mod 678

This requires 5 multiplications

and 5 divisions instead of 32.

To efficiently compute 123⁵⁴: 54 is represented in binary as:

1 1 0 1 1 0

| | | | |
(((( (123²)123 )²)²123 )²123 )²

This requires 8 multiplications and 8 divisions instead of 32.

Each 1 requires two multipliactions and two divisions
and each 0 requires one multipliaction and one division.

Thus in the above we have three 1s and two 0s

and that yields: 3.2 + 2.1 = 8.
Note that we ignore the leading 1.

Another example: y¹⁴, 14 is represented in binary as:

       1                1                 1                  0
                      |                  |                   |
      ((             ( y²) y            )²y               )²

This requires 5 multiplications and 5 divisions instead of 32.

Generating RSA Keys

Finding e:

Two popular values for e are: 3 and 65537 (2¹⁶+ 1).

These make public key operations on message m faster
(encryption and signature verification is m^e):

- m³requires 2 multiplications & 2 divisions.

- m⁶⁵⁵³⁷ requires 17 multiplactions & 17 divisions

since the binary value of 65537 is 100..01 (15 zeros).

Finding n:

If e = 3:

Choose random numbers x and y then:

p = (2x+1)*3+2 &
q = (2y+1)*3+2

If e = 65537:

Randomly choose p and q and make sure that
they are not 1 mod 65537

(the probability of rejection is 1 in 2¹⁶).

Once we selected p and q, then:

n = p.q &

Ø(n) = (p-1)(q-1).

Finding d:

How to fine d such that e.d = 1 mod Ø(n) ?
Use Euclid algorithm (see Section 7.4, page 187 of textbook).

The RSA keys:

public key: <3 | 65537, n> private key: <d , n>.

Diffie-Hellman

Alice and Bob agree on: p (large prime) & g < p.

Alice Bob

Pick S_A (512-bit random number) Pick S_B (512-bit random number)
Compute T_A= ( gS_A) mod p Compute T_B= (gS_B) mod p

T_A>>> <<< T_B

Compute X = T_B^SA mod p Compute Y = T_A^SB mod p

X is the same as Y!

why?

X = T_B^S^A = g^S^B^S^A
Y = T_A^S^B = g^S^A^S^B

No one can compute g⁽^S^A^S^B⁾by knowing g ^(SA ⁾ & g^(SB ⁾

The bucket Brigade/Man-in-theMiddle Attach

Alice Mr. X Bob

Pick S_A Pick S_X Pick S_B

Compute: T_A= g^SA mod p T_X= g^SX mod p T_B= g^SB mod p

T_A_>>T_{A ..}T_X_>>T_X
T_X_<<T_X
..T_B_<<T_B

Compute: K_AX = T_X^SA mod p K_AX = T_A^SX mod p K_BX = T_X^SB mod p
K_BX = T_B^SX mod p

Possible Defense

· Each person i picks S_i and computes T_i = g^Si mod p and