Professional Documents
Culture Documents
K K
Safe with a strong lock, only Alice and Bob have a copy of the key
• Alice encrypts locks message in the safe with her key
• Bob decrypts uses his copy of the key to open the safe
Public-Key Cryptography
• probably most significant advance in
the 3000 year history of
cryptography
• uses two keys – a public key and a
private key
• asymmetric since parties are not
equal
• uses clever application of number
theory concepts to function
• complements rather than replaces
private key cryptography
Idea behind Asymmetric
Cryptography
New Idea:
1976: first publication of such an algorithm by Whitfield Diffie and Martin Hellman,and
also by Ralph Merkle.
Asymmetric Cryptography:
Analogy
Safe with public lock and private lock:
(Kpub) (Kpr)
• Alice deposits (encrypts) a message with the - not secret - public key Kpub
• Only Bob has the - secret - private key Kpr to retrieve (decrypt) the message
Public-Key Cryptography
• public-key/two-key/asymmetric
cryptography involves the use of
two keys:
• a public-key, which may be known by
anybody, and can be used to encrypt
messages, and verify signatures
• a private-key, known only to the
recipient, used to decrypt messages,
and sign (create) signatures
• is asymmetric because
• those who encrypt messages or verify
signatures cannot decrypt messages
or create signatures
Public-Key Cryptography
Why Public-Key Cryptography?
• developed to address two key issues:
• key distribution – how to have secure
communications in general without
having to trust a KDC with your key
• digital signatures – how to verify a
message comes intact from the claimed
sender
• public invention due to Whitfield Diffie &
Martin Hellman at Stanford U. in 1976
• known earlier in classified community
Public-Key Characteristics
• Public-Key algorithms rely on two keys
with the characteristics that it is:
• computationally infeasible to find
decryption key knowing only algorithm
& encryption key
• computationally easy to en/decrypt
messages when the relevant
(en/decrypt) key is known
• either of the two related keys can be
used for encryption, with the other used
for decryption (in some schemes)
A breakthrough idea
• Rather than having a secret key that the two
users must share, each users has two keys.
• One key is secret and he is the only one
who knows it
• The other key is public and anyone who
wishes to send him a message uses that
key to encrypt the message
• Diffie and Hellman first (publicly)
introduced the idea in 1976 – this was
radically different than all previous efforts
A word of warning
Public-key cryptography complements
rather than replaces symmetric
cryptography
• There is nothing in principle to make public-key
crypto more secure than symmetric crypto
• Public-key crypto does not make symmetric crypto
obsolete: it has its advantages but also its (major)
drawbacks such as speed
• Due to its low speed, it is mostly confined to key
management and digital signatures
…
• Some algorithms (such as RSA) satisfy
also the following useful characteristic:
• Either one of the two keys can be used for
encryption – the other one should then be
used to decrypt the message
Essential steps in public-key
encryption
• Each user generates a pair of keys to be
used for encryption and decryption
• Each user places one of the two keys in a
public register and the other key is kept
private
• If B wants to send a confidential message
to A, B encrypts the message using A’s
public key
…
• When A receives the message, she
decrypts it using her private key
• Nobody else can decrypt the message
because that can only be done using A’s
private key
• Deducing a private key should be
infeasible
• If a user wishes to change his keys –
generate another pair of keys and publish
the public one: no interaction with other
users is needed
Bob sends an encrypted
message to Alice
Some notation
y = ekpub(x) ≡ xe mod n
x = dkpr(y) ≡ yd mod n
where x, y ε Zn.
Remarks:
• Choosing two large, distinct primes p, q (in Step 1) is non-trivial
• gcd(e, Φ(n)) = 1 ensures that e has an inverse and, thus, that there
is always a private key d
Chapter 7 of Understanding Cryptography by
Christof Paar and Jan Pelzl
Example: RSA with small numbers
ALICE BOB
Message x = 4 1. Choose p = 3 and q = 11
2. Compute n = p * q = 33
3. Φ(n) = (3-1) * (11-1) = 20
4. Choose e = 3
Kpub = (33,3)
5. d ≡ e-1 ≡7 mod 20
y = xe ≡ 43 ≡ 31 mod 33
y = 31
yd = 317 ≡ 4 = x mod 33
letter m me c = me mod n
encrypt:
l 12 1524832 17
d
decrypt:
c c m = cd mod n letter
17 481968572106750915091411825223071697 12 l
RSA Security
• possible approaches to attacking RSA are:
• brute force key search - infeasible given
size of numbers
• mathematical attacks - based on
difficulty of computing ø(n) , by
factoring modulus n
• timing attacks - on running of
decryption
• chosen ciphertext attacks - given
properties of RSA
References and further readings
• Book: cryptography and network security
by William Stalling 5th edition chapter 9
• Book:Understanding cryptography by
christof Paar chapter 6 & 7