Scribd Logo
Upload

Welcome to Scribd!

  • Chapter 12 Public-Key Encryption Pages 436-440, 447, 448-451 RSA Based Public-Key Encryption

    Uploaded by

    Gilian kipkosgei
    6 views13 pages

    Original Title

    Untitled

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views13 pages

    Chapter 12 Public-Key Encryption Pages 436-440, 447, 448-451 RSA Based Public-Key Encryption

    Uploaded by

    Gilian kipkosgei

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 13

    CS 4363: Cryptography

    CS 6373: Applied Cryptography

    Module 12.4

    Chapter 12 Public-Key Encryption


    Pages 436-440, 447, 448-451
    RSA Based Public-Key Encryption

    Ravi Sandhu

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    1
    Two Special Case of ZN *

    slide 17 module 9.2


    N is a prime p
     Zp* has elements {1,…,p-1} DH Assumption
    Order of Zp* is p-1

    N is a product of 2 primes p and q, N = p.q RSA Assumption


     ZN* elements are a subset of {1,…,N-1}
    Order of ZN* is ϕ (N) = (p-1).(q-1)

    ϕ (N) = (N-1) – (q-1) – (p-1)


    = pq - p – q + 1
    = (p-1).(q-1)

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    2
    RSA Key Generation
    same as Algorithm 9.47
    slide 12, module 9.3

    public key private key


    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    3
    RSA Assumption
    slide 14, module 9.3

    Computing d from e, N
    is one strategy for A
    There may be others

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    4
    Plain (Naïve) RSA
    Public Key Encryption

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    5
    Plain (Naïve) RSA
    Public Key Encryption

     Not CPA secure


     Encryption is deterministic

     Not CCA secure (since malleable)


     Common example not in the text
    m1e = c1 mod N
    m2e = c2 mod N
    (m1.m2)e = m1e. m2e = c1. c2 mod N
     Page 447

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    6
    Attacks on Plain (Naïve) RSA
    Public Key Encryption

     Small message space


    m < B, brute force search in O(B)

     Quadratic attack on large message space


    B = 2n, brute force search in O(√B)

     Encrypting short messages using small e


     Encrypting a partially known message
     Encrypting related messages
     Encrypting the same message to multiple receivers

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    7
    Attacks on Plain (Naïve) RSA
    Public Key Encryption

     Small message space


    m < B, brute force search in O(B)

     Quadratic attack on large message space


    B = 2n, brute force search in O(√B)

     Encrypting short messages using small e


     Encrypting a partially known message
     Encrypting related messages
     Encrypting the same message to multiple receivers

    Solution: pad the message to include a random number

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    8
    Optimal Asymmetric
    Encryption Padding
    number of bits
    shown in blue l+k k

    l+k k
    l + 2k < ∥N∥

    G, H : hash functions
    2 round Feistel network
    (slide 14, module 7.2)
    k l+k

    k l+k

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    9
    RSA-OAEP Encryption

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    10
    RSA-OAEP Encryption

    Proved CCA secure if:


    1. G, H are random
    oracles
    AND
    2. RSA Assumption

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    11
    RSA-OAEP Encryption

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    12
    RSA-OAEP Encryption

    If attacker has a
    decryption oracle that
    distinguishes these 2
    cases
    then attacker can
    recover m in ≈ ∥N∥
    queries

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    13

    You might also like