katacryptology
play

Katacryptology trust or not your favorite cryptotool ? RSA PreSE - PowerPoint PPT Presentation

Katacryptology Robert Erra LSE WEEK 2014 Catacrypt ? Why should you Katacryptology trust or not your favorite cryptotool ? RSA PreSE 1 Robert Erra PreSE 2 LSE WEEK 2014 PreSE 3 PreSE 5 PostSE 1 July 17, 2014 PostSE 3 Back to RSA


  1. Katacryptology Robert Erra LSE WEEK 2014 Catacrypt ? Why should you Katacryptology trust or not your favorite cryptotool ? RSA PreSE 1 Robert Erra PreSE 2 LSE WEEK 2014 PreSE 3 PreSE 5 PostSE 1 July 17, 2014 PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  2. Plan Katacryptology Robert Erra LSE WEEK 2014 Catacrypt ? Why should you trust or not your favorite cryptotool 1 Catacrypt ? ? RSA PreSE 1 PreSE 2 PreSE 3 PreSE 5 PostSE 1 PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  3. Catacrypt ? Chairman: J.-J. Quisquater Katacryptology Robert Erra LSE WEEK 2014 From http: // catacrypt.net / : Catacrypt ? The main point is: many cryptographic protocols are only based Why should you on the security of one cryptographic algorithm (e.g. RSA) and trust or not your favorite cryptotool we don’t know the exact RSA security (including Ron Rivest). ? What if somebody finds a clever and fast factoring algorithm? RSA Well, it is indeed an hypothesis but we know several instances PreSE 1 of possible progress. A new fast algorithm is a possible PreSE 2 PreSE 3 catastroph if not handled properly. And there are other PreSE 5 problems with hash functions, elliptic curves, aso. Think also PostSE 1 about the recent Heartbleed bug (April 2014, see PostSE 3 http: // en.wikipedia.org / wiki / Heartbleed): the discovery was very Back to RSA late and we were close to a catastrophic situation. . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  4. Plan Katacryptology Robert Erra LSE WEEK 2014 Catacrypt ? Why should you trust or not your favorite cryptotool 2 Why should you trust or not your favorite cryptotool ? ? RSA PreSE 1 PreSE 2 PreSE 3 PreSE 5 PostSE 1 PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  5. Rise and Fall of a cryptographic tool: 1 Katacryptology Robert Erra LSE WEEK 2014 There is a Pre and Post Snowden Era : Catacrypt ? Why should you trust or not your favorite cryptotool Pre Snowden Era Problems: ? RSA • PreSE 1: Your key got older PreSE 1 • PreSE 2: Your algorithm got older PreSE 2 • PreSE 3: Your(s) key(s) has(have) been badly PreSE 3 computed PreSE 5 PostSE 1 • PreSE 4: Your algorithm has been badly PostSE 3 programmed 1 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? 1 See https: // cryptocoding.net Robert Erra LSE WEEK 2014 Katacryptology

  6. Rise and Fall of a cryptographic tool: 2 Katacryptology Robert Erra LSE WEEK 2014 Catacrypt ? Pre Snowden Era Problems: Why should you trust or not your • PreSE 5: Your algorithm is used into an insecure favorite cryptotool ? protocol RSA • PreSE 6: Your software is used on an insecure device PreSE 1 (a smart card) PreSE 2 PreSE 3 • PreSE 7: Your processor has a bug (we can use the PreSE 5 intel division bug to factor a RSA key) PostSE 1 PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  7. Rise and Fall of a cryptographic tool: 3 Katacryptology Robert Erra LSE WEEK 2014 Catacrypt ? Why should you trust or not your Post Snowden Era Problems: favorite cryptotool ? • PostSE 1: Your algorithm has a backdoor RSA • PostSE 2: Your processor has a backdoor PreSE 1 • PostSE 3: Your key has a backdoor PreSE 2 PreSE 3 • and so on . . . PreSE 5 PostSE 1 PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  8. Rise and Fall of a cryptographic tool: 4 Katacryptology Robert Erra LSE WEEK 2014 To trust your favorite cryptotool means: You have to trust the full stack : Catacrypt ? Why should you • To trust your algorithm trust or not your favorite cryptotool • To trust your code ? RSA • To trust all the computations that use randomness PreSE 1 • To trust the protocols that uses your cryptotool PreSE 2 • To trust your processor PreSE 3 PreSE 5 • To trust your device PostSE 1 • and so on . . . PostSE 3 Back to RSA Remind: Attackers can do what they want! So, is it . . . weaknesses possible to trust your favorite cryptotool? Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  9. Plan Katacryptology Robert Erra LSE WEEK 2014 Catacrypt ? Why should you trust or not your favorite cryptotool 3 RSA ? RSA PreSE 1 PreSE 2 PreSE 3 PreSE 5 PostSE 1 PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  10. RSA: A "joke" Katacryptology RSA on the shirt / gift september 17th 2000 (end of the Robert Erra LSE WEEK 2014 patent RSA (1978)) par RSA Data Securiy ! Catacrypt ? Why should you trust or not your favorite cryptotool ? RSA PreSE 1 PreSE 2 PreSE 3 PreSE 5 PostSE 1 PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  11. RSA Katacryptology Robert Erra LSE WEEK 2014 RSA: Rivest Shamir Adleman (cf wikipedia) Catacrypt ? Why should you • RSA is an algorithm for public-key cryptography . . . trust or not your favorite cryptotool • . . . publicly described in 1977 by Ron Rivest, Adi ? Shamir, and Leonard Adleman at MIT RSA PreSE 1 • . . . and probably invented by Cli ff ord Cocks, a British PreSE 2 mathematician working for the UK intelligence PreSE 3 agency GCHQ PreSE 5 • . . . and is believed to be secure given su ffi ciently long PostSE 1 keys and the use of up-to-date implementations. PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  12. RSA: Computing the keys Katacryptology Robert Erra LSE WEEK 2014 Catacrypt ? 1 Choose two � large random prime numbers p and q . Why should you 2 Compute n = p × q ; n is the modulus trust or not your favorite cryptotool ? 3 Compute the Euler totient: ϕ ( n ) = ( p − 1)( q − 1). RSA 4 Choose an integer e such that 1 < e < ϕ ( n ), and e is PreSE 1 coprime to ϕ ( n ) : gcd ( e , ϕ ( n )) = 1. PreSE 2 5 Compute d to satisfy the congruence equation PreSE 3 d e ≡ 1 mod ϕ ( n ), i.e. for some integer k: PreSE 5 PostSE 1 d e = 1 + k ϕ ( n ) PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  13. RSA: vocabulary Katacryptology Robert Erra LSE WEEK 2014 Catacrypt ? Remarks Why should you trust or not your • e is released as the public key exponent. favorite cryptotool ? • d is kept as the private key exponent RSA • The public key consists of the modulus n and the PreSE 1 public (or encryption) exponent e : ( n , e ). PreSE 2 • The private key consists of the modulus n and the PreSE 3 PreSE 5 private (or decryption) exponent d which must be PostSE 1 kept secret: ( n , d ). PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  14. RSA: how to use it ? Katacryptology Robert Erra LSE WEEK 2014 Suppose Alice uses Bob’s public key to send him Catacrypt ? Why should you . . . an encrypted message. But Bob has no way of trust or not your favorite cryptotool verifying that the message was actually from Alice since ? anyone can use Bob’s public key to send him encrypted RSA messages. So, in order to verify the origin of a message, PreSE 1 RSA can also be used to sign a message. PreSE 2 • Encryption: C = M e mod n PreSE 3 PreSE 5 • Decryption: M = C d mod n PostSE 1 • Signature: S = M d mod n PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  15. Plan Katacryptology Robert Erra LSE WEEK 2014 Catacrypt ? Why should you trust or not your favorite cryptotool 4 PreSE 1 ? RSA PreSE 1 PreSE 2 PreSE 3 PreSE 5 PostSE 1 PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  16. PreSE 1: factoring an RSA modulus ? Katacryptology Robert Erra LSE WEEK 2014 Catacrypt ? The Humpich a ff air Why should you trust or not your • In 1997 S. Humpich factored the GIE CB Public RSA favorite cryptotool ? modulus RSA • It has been chosen years before: 320 bits PreSE 1 PreSE 2 • In 1991 the record was RSA100: which means 330 bits PreSE 3 • In 2000 the record was RSA512: which means 512 bits PreSE 5 • S. Humpich was put in jail . . . PostSE 1 PostSE 3 Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

  17. Factorization Katacryptology Robert Erra — Some factorisation records LSE WEEK 2014 Catacrypt ? N Year Algorithm Why should you RSA-120 (399 bits) 1993 MQPS trust or not your favorite cryptotool RSA-129 (429 bits) 1994 MPQS ? RSA-130 (432 bits) 1996 NFS RSA PreSE 1 RSA-140 (466 bits) 1999 NFS PreSE 2 RSA-155 (512 bits) 1999 NFS PreSE 3 RSA-160 (532 bits) 2003 NFS PreSE 5 RSA-200 (665 bits) 2005 NFS PostSE 1 RSA-768 bits 2010 NFS PostSE 3 2030 ? RSA-1024 bits ?? Back to RSA . . . weaknesses Quantum computers and the future of RSA ? Robert Erra LSE WEEK 2014 Katacryptology

Recommend


More recommend