Public key crypto Public key crypto RSA Essentials RSA Essentials Public Key Crypto in Java Public Key Crypto in Java Radboud University Nijmegen Radboud University Nijmegen Public key protocols Public key protocols Diffie-Hellman and El Gamal Diffie-Hellman and El Gamal Outline Public key crypto RSA Essentials Computer Security: Public Key Crypto Public Key Crypto in Java Public key protocols B. Jacobs Blind signatures Public key infrastructures Institute for Computing and Information Sciences – Digital Security Radboud University Nijmegen Compromise of certificates Version: fall 2012 Diffie-Hellman and El Gamal Diffie-Hellman key exchange El Gamal encryption and signature Elliptic curves B. Jacobs Version: fall 2012 Computer Security 1 / 96 B. Jacobs Version: fall 2012 Computer Security 2 / 96 Public key crypto Public key crypto RSA Essentials RSA Essentials Public Key Crypto in Java Public Key Crypto in Java Radboud University Nijmegen Radboud University Nijmegen Public key protocols Public key protocols Diffie-Hellman and El Gamal Diffie-Hellman and El Gamal Public key background Using locks to explain the (encryption) idea • Suppose Alice wants to sent Bob an encrypted message • A big problem in secret key crypto is key managment: • Bob first sends Alice his open padlock • N users need N ( N − 1) different keys 2 • only Bob has the private key to open it • but Alice (or anyone else) can close it • Public key crypto involves a revolutionary idea: use one key • this open padlock corresponds to Bob’s pair per user, consisting of public key • a public key, for: • Alice puts the message in a box, and closes it with Bob’s 1 encryption 2 checking signatures padlock • a private key, for: • the box can be seen as a form of encryption 1 decryption • Upon receiving the box, Bob uses his private key to open the 2 putting signatures padlock (and the box), and reads the message. • Question: how do you know for sure this is Bob’s lock? B. Jacobs Version: fall 2012 Computer Security 4 / 96 B. Jacobs Version: fall 2012 Computer Security 5 / 96 Public key crypto Public key crypto RSA Essentials RSA Essentials Public Key Crypto in Java Public Key Crypto in Java Radboud University Nijmegen Radboud University Nijmegen Public key protocols Public key protocols Diffie-Hellman and El Gamal Diffie-Hellman and El Gamal Public key crypto: historical essentials Public key equation • Let’s write a key pair as: • K e for encryption / public key • The idea of public key crypto: • K d for decryption / private key • first invented in 1969 by James Ellis of GCHQ • Let’s further write the relevant operations as: • first published in 1976 by Diffie & Hellman • { m } K e for encryption of message m with public key K e • Implementations of public key crypto: • [ n ] K d for decryption of message n with private key K d • first one by Clifford Cocks (GCHQ), but unpublished • The relevant equations are: • Rivest, Shamir and Adleman (RSA) first published in 1978, [ { m } K e ] K d = m using the difficulty of prime number factorisation • several alternatives exist today, notably using “El-Gamal” on • But for certain systems (like RSA) one also has: “elliptic curves” { [ m ] K d } K e = m B. Jacobs Version: fall 2012 Computer Security 6 / 96 B. Jacobs Version: fall 2012 Computer Security 7 / 96
Public key crypto Public key crypto RSA Essentials RSA Essentials Public Key Crypto in Java Public Key Crypto in Java Radboud University Nijmegen Radboud University Nijmegen Public key protocols Public key protocols Diffie-Hellman and El Gamal Diffie-Hellman and El Gamal Key pair requirements Number theoretic ingredients I • Recall that that a number is prime if it is divisible only by 1 and by itself. 1 Encryption and decryption use different keys: Prime numbers are: 2, 3, 5, 7, 11, 13, . . . . . . (infinitely many) • encryption uses the public “encryption” key • Each number can be written in a unique way as product of • decryption the private “decryption” key primes (possibly multiple times), as in: 2 Encryption is one-way: it can not be inverted efficiently 100 = 2 2 · 5 2 30 = 2 · 3 · 5 12345 = 3 · 5 · 823 without the private key. • Finding such a prime number factorisation is a 3 The private key cannot be reconstructed (efficiently) from the computationally hard problem public one. • In particular, given two very large primes p , q , you can publish 4 Encryption can withstand chosen plaintext attacks n = p · q and no-one will (easily) find out what p , q are. • needed because an attacker can generate arbitrary many pairs � m , { m } K e � • Eeasy for 55 = 5 · 11 but already hard for 1763 = 41 · 43 • In 2009 factoring a 232-digit (768 bit) number n = p · q with hundreds of machines took about 2 years B. Jacobs Version: fall 2012 Computer Security 8 / 96 B. Jacobs Version: fall 2012 Computer Security 10 / 96 Public key crypto Public key crypto RSA Essentials RSA Essentials Public Key Crypto in Java Public Key Crypto in Java Radboud University Nijmegen Radboud University Nijmegen Public key protocols Public key protocols Diffie-Hellman and El Gamal Diffie-Hellman and El Gamal Modular (clock) arithmetic Numbers modulo N How many numbers are there modulo N ? • On a 12-hour clock, the time ‘ 1 o’clock ’ is the same as the time ‘ 13 o’clock ’; one writes One writes Z N for the set of numbers modulo N . Thus: 1 ≡ 13 (mod 12) ie “1 and 13 are the same modulo 12” = � 0 , 1 , 2 , · · · N − 1 � Z N • Similarly for 24-hour clocks: For every m ∈ Z we have m mod N ∈ Z N . 5 ≡ 29 (mod 24) since 5 + 24 = 29 Some Remarks 5 ≡ 53 (mod 24) since 5 + (2 · 24) = 53 • Sometimes Z / N Z is written for Z N 19 ≡ − 5 (mod 24) since 19 + ( − 1 · 24) = − 5 • Formally, the elements m of Z N are equivalence classes • In general, for N > 0 and n , m ∈ Z , { k | k ≡ m (mod N ) } of numbers modulo N n ≡ m (mod N ) ⇐ ⇒ there is a k ∈ Z with n = m + k · N • These classes are also called residue classeses or just residues • In practice we treat them simply as numbers. In words, the difference of n , m is a multiple of N . B. Jacobs Version: fall 2012 Computer Security 11 / 96 B. Jacobs Version: fall 2012 Computer Security 12 / 96 Public key crypto Public key crypto RSA Essentials RSA Essentials Public Key Crypto in Java Public Key Crypto in Java Radboud University Nijmegen Radboud University Nijmegen Public key protocols Public key protocols Diffie-Hellman and El Gamal Diffie-Hellman and El Gamal Residues form a “ring” Multiplication tables • Numbers modulo N can be added, subtracted and multiplied: For small N it is easy to make multiplication tables for Z N . they form a “ring” For instance, for N = 5, • For instance, modulo N = 15 10 + 6 ≡ 1 6 − 10 ≡ 11 Z 5 0 1 2 3 4 3 + 2 ≡ 5 0 − 14 ≡ 1 • Note : every non-zero number 0 0 0 0 0 0 4 · 5 ≡ 5 10 · 10 ≡ 10 n ∈ Z 5 has a an inverse 1 n ∈ Z 5 0 1 2 3 4 1 • This holds for every Z p with p • Sometimes it happens that a product is 1 0 2 4 1 3 2 a prime number For instance (still modulo 15): 4 · 4 ≡ 1 and 7 · 13 ≡ 1 3 0 3 1 4 2 (more below) • In that case one can say: 4 0 4 3 2 1 1 1 4 ≡ 4 and 7 ≡ 13 B. Jacobs Version: fall 2012 Computer Security 13 / 96 B. Jacobs Version: fall 2012 Computer Security 14 / 96
Recommend
More recommend