Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption Outline • Basic concepts of public key encryption – One-way functions – Trapdoor functions • The RSA public key algorithm – Encryption/decryption functions – Public/private key generation – Underlying mathematics Public Key Encryption • Recipient (Alice) generates key pair: – Public key kPU + • Does not have to be kept secret • Distributed to all senders (such as Bob) – Private key kPR • Kept secret by Alice Key pair generator Copy of Alice’s public key 3 Public Key Encryption • Bob uses Alice’s public key kPU to encrypt message – C = E(kPU, P) • Alice uses her private key kPR to decrypt message – P = D(kPR, C) C P E D Alice’s kPU P Alice’s kPR List of others’ public keys 4 Public Key Encryption • Central idea: Adversary cannot determine private key from corresponding public key – Could theoretically find private key, but computationally infeasible to do so – Cannot read intercepted messages encrypted with public key “I still can’t compute 5 Public and Symmetric Keys Problem: How to securely distribute a symmetric key KS ? Solution: 1. Use public key encryption to securely send it 2. Use faster symmetric key algorithm (like AES) to securely transmit the rest of the message ks P E E Epublic (kS, kPU) Esymmetric (P, kS) D D ks P 6 Public Key Math • Public key algorithms are mathematical functions of integer numbers – Keys are large numbers (hundreds of digits long) – Plaintext translated to large numbers (not bits) – Encryption is a mathematical function of plaintext and key which creates another large number as ciphertext Alice’s KPU Alice’s KPR 7 Trapdoor One-Way Functions One-way functions: – Function: y = f (x) – Inverse function: x = f -1 (y) • Given x, y = f (x) very easy to compute • Given y, x = f -1 (y) computationally infeasible to compute Example: Factoring – p and q are very large prime numbers – n = p x q is easy to compute – Factoring n into p and q infeasible • Must try almost all possible p and q 8 Trapdoor One-Way Functions Trapdoor functions: • Given one-way function: y = f (x) • There exists some “secret trapdoor” that allows x = f -1 (y) to be easily computed Example (very simple): • n = p x q product of two large primes • Factoring n into p and q to find p infeasible • Finding p is easy if know q – q is a “trapdoor” for finding p from n 9 Trapdoor One-Way Functions Idea behind public-key encryption: • Encryption function C = E (KPU, P) must be one way – Must not be able to compute P from C • Must have trapdoor to allow decryption – Must be able to easily compute P from C if know trapdoor • Trapdoor = private key 10 Trapdoor One-Way Functions • Discrete Logarithms – RSA, Rabin, ElGamal, Diffie-Hellman – Easy to implement, well understood • Elliptic Curve – Discrete logarithms represented as curves – Much faster than factoring/discrete logarithms • NP-Complete problems – Example: “knapsack problem”, Merkle and Hellman (1978) – Exponential time to solve problem – Easy to confirm solution if given 11 RSA Algorithm • First widely used public key encryption algorithm – Developed for public use in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT – Developed secretly in 1973 by Clifford Cocks (British mathematician working for UK intelligence) – MIT granted a patent for RSA (expired in 2000) • Still most widely used public key algorithm – Part of most cryptosystems (SSH, PGP, etc.) 12 RSA Algorithm • Based on modular exponentiation function • Central component: large modulus n – RSA requires at least 1024 bit values for n – Equivalent to approximately 309 digit decimal number • Encryption: C = PE mod n easy to compute – Plaintext P and ciphertext C both large integers – Modulus n and exponent E are public key 13 RSA Algorithm • “Modular logarithm” problem: P = E C mod n infeasible to compute – Given ciphertext C and public key E, n for what integer P does C = PE mod n? – Example: For what P does P 343 mod 159197 = 33677? – Would have to test all P < n to find a P such that C = PE mod n • Trapdoor for decryption: Exists D such that P = CD mod n – n must be product of two primes p and q – D is secret private key based on E, p and q 14 RSA Algorithm 15 RSA Key Generation • Select 2 large primes p and q – At least 512 bits (154 decimal digits) • Compute n = p q • Compute Φ(n) = (p -1) (q -1) – Euler totient function – Cannot compute directly from n without factoring into p and q – Crucial that multiplication of large primes is one way! 16 RSA Key Generation • Select some E for encryption – 1 < E < Φ(n) – E is relatively prime to Φ(n) • Compute D as E-1 mod Φ(n) – ED mod Φ(n) = 1 • Public key: E and n • Private key: D 17 RSA Example • Public key: n = 159197 (from 397 401) E = 343 note that these are too small in reality! Known to sender Bob • Private key: D = 12007= 343-1 mod 158400 (that is, 396 x 400) Known only by recipient Alice 18 RSA Mathematics Must show: P = C D mod n = (P E)D mod n = P ED mod n Where ED mod Φ(n) = 1 Based on Euler’s theorem: • If n = p q and P < n • Then P k Φ(n) + 1 mod n = P for all integer k 19 RSA Mathematics Proof (sort of): • (k Φ(n) + 1) mod Φ(n) = 1 Since k Φ(n) is divisible by Φ(n) • There exists some k such that ED = k Φ(n) + 1 Since also have ED mod Φ(n) = 1 • P ED mod n = P Substituting ED for k Φ(n) + 1 in Euler’s Theorem 20
© Copyright 2024 Paperzz