+ All Categories
Home > Engineering > Presentacion diapositiva 40

Presentacion diapositiva 40

Date post: 14-Apr-2017
Upload: fucs-fundacion-universitaria-de-ciencias-de-la-salud
View: 137 times
Download: 0 times
Share this document with a friend
Introduction to Cryptography and Security Mechanisms Dr Keith Martin McCrea 349 01784 443099 [email protected]
Page 1: Presentacion diapositiva 40

Introduction to Cryptography and Security


Dr Keith MartinMcCrea 349 01784 [email protected]

Page 2: Presentacion diapositiva 40

Before we start…

Page 3: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Quiz 1

From a security perspective, rather than an efficiency perspective, which of the following statements about the block size of a block cipher is most accurate?

A The bigger the block size the better

B The block size should neither be too small nor too large

C The block size should neither be too small nor too large, and should be a multiple of 8

D The block size is unimportant

Page 4: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Quiz 2

The main reason for using different modes of operation of a block cipher is to:

A Increase the strength of the block cipher

B Increase the efficiency of the block cipher

C Protect against error propagation

D Change the properties of the block cipher

Page 5: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Quiz 3Which of the following is most accurate? A Key management for stream ciphers is easier than for block ciphers, because the plaintext is not actually encrypted directly with the key

B Key management for block ciphers is less critical when using CBC mode, since the security of the ciphertext depends on the preceding ciphertext as well as the key

C Key management for stream ciphers is more difficult than for block ciphers because the key needs to kept

synchronised at each end of the communication link

D Key management is roughly of the same level of difficulty for stream ciphers and block ciphers

Page 6: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms:

Unit 7

Public Key AlgorithmsDr Keith Martin

McCrea 349 01784 [email protected]

Page 7: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Learning Outcomes• Explain the basic principles behind public key

cryptography • Recognise the fundamental problems that need to be

solved before public key cryptography can be used effectively

• Explain the concept of a one-way function • Describe the RSA encryption system • Describe the ElGamal encryption system • Calculate very simple numerical examples of RSA and

ElGamal• Compare the basic properties of RSA and ElGamal• Describe the Diffie-Hellman key exchange mechanism

Page 8: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005



1. Public key cryptography2. RSA3. ElGamal4. Diffie-Hellman

Page 9: Presentacion diapositiva 40

1. Public key cryptography

Page 10: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Symmetric assumptions

Consider the relationship between two entities who are communicating using a symmetric cipher.

What assumptions are being made about the relationship between them?

Page 11: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


The briefcase example




4 5

Alice Bob

Page 12: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


The briefcase example


1. There is only one key for each padlock

2. The padlocks are so strong that they cannot be removed by force


3. You have no way of being sure that it is the correct person who finally gets your message

4. The briefcase has to be sent back and forward three times, which seems pretty inefficient.

Page 13: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Desirable properties

Use the properties and problems for the briefcase example to come up with a specification of four properties that are desirable for any cipher system that is to be used between two entities who do not already share a symmetric key.

Page 14: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Public key blueprint

• The keys used to encrypt and decrypt are different.• Anyone who wants to be a receiver needs to “publish”

an encryption key, which is known as the public key. • Anyone who wants to be a receiver needs a unique

decryption key, which is known as the private key.• It should not be possible to deduce the plaintext from

knowledge of the ciphertext and the public key.• Some guarantee needs to be offered of the

authenticity of a public key.

Page 15: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Important question

Do public key cipher systems solve all the problems of symmetric key cipher systems?

Page 16: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Design of a public key algorithm

In a public key system, if everyone knows everything necessary:

• the encryption algorithm and

• the encryption key

to determine the ciphertext then how is it possible that they cannot then work out what the plaintext (decryption key) is from this information?

Page 17: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


One way functions

A one-way function is a function that is “easy” to compute and “difficult” to reverse.

How might we express this notion of a one way function informally in complexity theoretic terms?

Page 18: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


OWF: Multiplying two primes

It is easy to take two prime numbers and multiply them together.

If they are fairly small we can do this in our heads, on a piece of paper, or on a calculator.

As they get bigger and bigger it is fairly easy to write a computer program to compute the product.

Multiplication runs in polynomial time.

Multiplication of two primes is easy.

Page 19: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


OWF: Multiplying two primes

To factor: Comments15 








 600 digit number 


 600 digit even number


Page 20: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


OWF: Multiplying two primes

Multiplication of two prime numbers is believed to be a one-way function.

We say believed because nobody has been able to prove that it is hard to factorise.

Maybe one day someone will find a way of factorising efficiently.

What will happen if someone does find an efficient way of factorising ?

Page 21: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


OWF: Modular exponentiation

The process of exponentiation just means raising numbers to a power.

Raising a to the power b, normally denoted ab just means multiplying a by itself b times. In other words:

ab = a x a x a x … x a  

Modular exponentiation means computing ab modulo some other number n. We tend to write this as

ab mod n.

Modular exponentiation is “easy”.

Page 22: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


OWF: Modular exponentiation

However, given a, b, and ab mod n (when n is prime), calculating b is regarded by mathematicians as a hard problem.

This difficult problem is often referred to as the discrete logarithm problem.

In other words, given a number a and a prime number n, the function

f(b) = ab mod n

 is believed to be a one-way function.

Page 23: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


OWF: Modular square roots

What is the square root of 1369?

Propose a technique for finding the square root of 1369 that will generalise to any integer.

Page 24: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


OWF: Modular square roots

What is the square root of 56 module 101?

Let’s try 40…

Let’s try 30…

Page 25: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Suitable OWFs

We have seen that the encryption process of a public key cipher system requires a one way function.

Is every one way function suitable for implementation as the encryption process of a public key cipher system?

Page 26: Presentacion diapositiva 40

2. RSA

Page 27: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


RSAThe RSA public key encryption algorithm was the first practical implementation of public key encryption discovered.

It remains the most used public key encryption algorithm today.

It is named after the three researchers Ron Rivest, Adi Shamir and Len Adleman who first published it.

Make sure you are familiar with the concepts of modular arithmetic, prime numbers, the Euclidean Algorithm and the method of Repeated Squares.

Page 28: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Setting up RSA

• Let n be the product of two large primes p and q– By “large” we typically mean at least 512 bits.

• Select a special number e – greater than 1 and less than (p-1)(q-1). The precise

mathematical property that e must have is that there must be no numbers that divide neatly into e and into (p-1)(q-1), except for 1.

• Publish the pair of numbers (n,e)• Compute the private key d from p, q and e

Page 29: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Computing the private keyThe private key d is computed to be the unique inverse of e modulo (p-1)(q-1).

In other words, d is the unique number less than (p-1)(q-1) that when multiplied by e gives you 1 modulo (p-1)(q-1).

Written mathematically:

ed = 1 mod (p-1)(q-1)

The Euclidean Algorithm is the process that you need to follow in order to compute d.

Page 30: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Computing the private key

1. Who is capable of running the Euclidean Algorithm to find the private key?

2. How efficient is this process?

Page 31: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Choosing eLet’s consider p=3 and q=7. What choices of e are acceptable?

In this case (p-1)(q-1) = 2 x 6 = 12. Any suitable choice of e must have the property that there are no numbers that neatly divide into e and 12 except for 1. Let’s just try them all out:

e=2: this is no good, since 2 divides both e and 12. In fact this will be true for all multiples of 2 as well, so e=4, e=6, e=8 and e=10 are also not possible.

e=3: this is no good, since 3 divides both e and 12. In fact this will be true for all multiples of 3 as well, so e=6 and e=9 are also not possible.

The remaining choices are e=5, e=7 and e=11. Since in each case there is no number that divides into them and 12 other than 1, all these choices of e are possible.

Page 32: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Setting up RSA: exampleStep 1: Let p = 47 and q = 59. Thus n = 47 x 59 = 2773

Step 2: Select e = 17

Step 3: Publish (n,e) = (2773, 17)

Step 4: (p-1) x (q-1) = 46 x 58 = 2668 Use the Euclidean Algorithm to compute the modular inverse of 17 modulo 2668. The result is d = 157

<< Check: 17 x 157 = 2669 = 1(mod 2668) >>

Public key is (2773,17) Private key is 157

Page 33: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Encryption and decryption

The first job is to represent the plaintext as a series of numbers modulo n.

The encryption process to obtain the ciphertext C from plaintext M is very simple:

C = Me mod n

The decryption process is also simple:

M = Cd mod n

Page 34: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Encryption and decryption: example

Public key is (2773,17) Private key is 157

Plaintext block represented as a number: M = 31

Encryption using Public Key: C = 3117 (mod 2773)

= 587

Decryption using Private Key: M = 587157 (mod 2773)

= 31

Page 35: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Security of RSA

1. Trying to decrypt a ciphertext without knowledge of the private key

2. Trying to determine the private key

We will look at two different strategies for trying to “break” RSA:

Page 36: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Decrypting ciphertext without the key

The encryption process in RSA involves computing the function C = Me mod n, which is regarded as being easy.

An attacker who observes this ciphertext, and has knowledge of e and n, needs to try to work out what M is.

Computing M from C, e and n is regarded as a hard problem.

Have we seen this one way function before?

Page 37: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Determining the private key

Assuming that you know the public key of a user, what would you need to do in order to obtain the corresponding private key?

Page 38: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


RSA security summary

One-way function Description


Encryption function 

 The encryption function is a trapdoor one-way function, whose trapdoor is the private key. The difficulty of reversing this function without the trapdoor knowledge is believed (but not known) to be as difficult as factoring. 


Multiplication of two primes 

 The difficulty of determining an RSA private key from an RSA public key is known to be equivalent to factoring n. An attacker thus cannot use knowledge of an RSA public key to determine an RSA private key unless they can factor n. Because multiplication of two primes is believed to be a one-way function, determining an RSA private key from an RSA public key is believed to be very difficult. 

There are two one-way functions involved in the security of RSA.

Page 39: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Length of an RSA modulus

What length of RSA modulus do you think is roughly equivalent to:

1. An 80 bit symmetric key?

2. A 112 bit symmetric key?

3. A 128 bit symmetric key?

It is hard to compare the equivalent security parameters for symmetric key cipher systems and RSA, however it is roughly believed that factorising a 512 bit number is about as hard as searching for a 56 bit symmetric key.

Page 40: Presentacion diapositiva 40

3. ElGamal

Page 41: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005



• To show that RSA is not the only public key system

• To exhibit a public key system based on a different one way function

• ElGamal is the basis for several well-known cryptographic primitives

We will also take a look at the ElGamal public key cipher system for a number of reasons:

Page 42: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Setting up ElGamal• Let p be a large prime

– By “large” we mean here a prime rather typical in length to that of an RSA modulus

• Select a special number g – The number g must be a primitive element modulo p.

• Choose a private key x– This can be any number bigger than 1 and smaller than p-1

• Compute public key y from x, p and g – The public key y is g raised to the power of the private key x

modulo p. In other words: y = gx mod p

Page 43: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Setting up ElGamal: example

Step 1: Let p = 23

Step 2: Select a primitive element g = 11

Step 3: Choose a private key x = 6

Step 4: Compute y = 116 (mod 23) = 9

Public key is 9 Private key is 6

Page 44: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


ElGamal encryption

The first job is to represent the plaintext as a series of numbers modulo p. Then:

1. Generate a random number k

2. Compute two values C1 and C2, where

C1 = gk mod p and C2 = Myk mod p

3. Send the ciphertext C, which consists of the two separate values C1 and C2.

Page 45: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


ElGamal encryption: example

To encrypt M = 10 using Public key 9 1 - Generate a random number k = 3 2 - Compute C1= 113 mod 23 = 20

C2= 10 x 93 mod 23 = 10 x 16 = 160 mod 23 = 22

3 - Ciphertext C = (20 , 22 )

Page 46: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


ElGamal decryptionC1 = gk mod p C2 = Myk mod p

1 - The receiver begins by using their private key x to transform C1 into something more useful:

C1x = (gk)x mod p

NOTE: C1x = (gk)x = (gx)k = (y)k = yk mod p

2 - This is a very useful quantity because if you divide C2 by it you get M. In other words:

C2 / yk = (Myk) / yk = M mod p

Page 47: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


ElGamal decryption: example

To decrypt C = (20 , 22 ) 1 - Compute 206 = 16 mod 23 2 - Compute 22 / 16 = 10 mod 23

3 - Plaintext = 10

Page 48: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Security of ElGamal

1. Trying to decrypt a ciphertext without knowledge of the private key

2. Trying to determine the private key

Recall the two different strategies for trying to “break” RSA:

What hard problems do you come across if you try to follow these two different strategies to break ElGamal?

Page 49: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


ElGamal v RSA

PROS of ElGamal

• Does not rely on factorisation being hard

CONS of ElGamal

• Requires a random number generator

• Message expansion

While regarded as similar from a security perspective, are there any differences between ElGamal and RSA from an efficiency perspective?

Page 50: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Public key systems in practice• Public key cipher systems led to mini revolution in

cryptography in the mid 1970’s, with a further boom in interest since the development of the Internet in the 1990’s.

• Public key cipher systems are only likely to grow in importance in the coming years.– In Unit 8 we discuss cryptographic services, some of which involve

public key techniques. – One of the major applications of public key cipher systems is for

digital signatures, a topic that we explore in Unit 9 – We devote much of Unit 12 to considering the big problem of

authenticating public keys. – We will discover in Unit 10 that a second major application of public

key cipher systems is to distribute and transfer symmetric keys around a network, thus presenting public key cipher systems as a useful enabler for faster symmetric cipher systems.

Page 51: Presentacion diapositiva 40

4. Diffie-Hellman

Page 52: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Diffie-HellmanThe Diffie–Hellman (DH) key exchange technique was first defined

in their seminal paper in 1976.

DH key exchange is a method of exchanging public (i.e. non-secret) information to obtain a shared secret.

DH is not an encryption algorithm.

DH key exchange has the following important properties:

1. The resulting shared secret cannot be computed by either of the parties without the cooperation of the other.

2. A third party observing all the messages transmitted during DH key exchange cannot deduce the resulting shared secret at the end of the protocol.

Page 53: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Principle behind DH

DH key exchange assumes first that there exists:

1. A public key cipher system that has a special property (we come to this shortly).

2. A carefully chosen, publicly known function F that takes two numbers x and y as input, and outputs a third number F(x,y) (for example, multiplication is such a function).

DH key exchange was first proposed before there were any known public key algorithms, but the idea behind it motivated the hunt for practical public key algorithms.

DH key exchange is not only a useful and practical key establishment technique, but also a significant milestone in the history of modern cryptography.

Page 54: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Principle behind DH

1. Alice and Bob exchange their public keys PA and PB.

2. Alice computes F(SA , PB)

3. Bob computes F(SB, PA)

4. The special property of the public key cipher system, and the choice of the function F, are such that F(SA , PB) = F(SB, PA). If this is the case then Alice and Bob now share a secret.

5. This shared secret can easily be converted by some public means into a bitstring suitable for use as, for example, a DES key.

Assume that Alice and Bob are the parties who wish to establish a shared secret, and let their public and private keys in the public key cipher system be denoted by (PA , SA) and (PB , SB) respectively.

The basic principle behind Diffie–Hellman key exchange is as follows:

Page 55: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Diffie-Hellman key exchangeThe most commonly described implementation of DH key exchange uses the keys of the ElGamal cipher system and a very simple function F.

The system parameters (which are public) are:

• a large prime number p – typically 1024 bits in length

• a primitive element g1. Alice generates a private random value a, calculates ga (mod p)

and sends it to Bob. Meanwhile Bob generates a private random value b, calculates gb (mod p) and sends it to Alice.

2. Alice takes gb and her private random value a to compute (gb)a = gab (mod p).

3. Bob takes ga and his private random value b to compute (ga)b = gab (mod p).

4. Alice and Bob adopt gab (mod p) as the shared secret.

Page 56: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


DH questions

1. What is the hard problem on which the DH key exchange algorithm is based?

2. Suppose that DH key exchange is used to generate a symmetric key. Why might that key be derived (but different from) the DH shared secret?

3. The example of DH key exchange that we described is based on ElGamal keys. Can you use the public and private keys of any established public key encryption algorithm to implement DH key exchange?

Page 57: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Man-in-the-middle attack

1. What will happen when Alice tries to send a message to Bob, encrypted with a key based on her DH shared secret?

2. Can Fred obtain the correct DH shared secret that would have been established had he not interfered?

Alice BobFred

ga (mod p) gf (mod p)

gf (mod p) gb (mod p)

Page 58: Presentacion diapositiva 40

Introduction to Cryptography and Security Mechanisms 2005


Summary• Public key systems replace the problem of distributing

symmetric keys with one of authenticating public keys• Public key encryption algorithms need to be trapdoor one-way

functions• RSA is a public key encryption algorithm whose security is

believed to be based on the problem of factoring large numbers• ElGamal is a public key encryption algorithm whose security is

believed to be based on the discrete logarithm problem• RSA is generally favoured over ElGamal for practical rather than

security reasons• RSA and ElGamal are less efficient and fast to operate than

most symmetric encryption algorithms because they involve modular exponentiation

• DH key exchange is an important protocol on which many real key exchange protocols are based
