Matt Valeriote (McMaster University) Public Key Cryptography 20 October, / 19

Transcription

1 Matt Valeriote (McMaster University) Public Key Cryptography 20 October, / 19

2 Public Key Cryptography Matt Valeriote McMaster University 20 October, 2016 Matt Valeriote (McMaster University) Public Key Cryptography 20 October, / 19

3 Private Key Cryptography Private key crypto systems use a single key. The key is shared by both the sender and receiver. If the key is disclosed, then the system is compromised. Such a system does not prevent the receiver from forging a message from the sender. Matt Valeriote (McMaster University) Public Key Cryptography 20 October, / 19

4 Public Key Cryptography First proposed in 1976 by Diffie and Hellman. Such a system uses two keys a public key for encryption and a private key for decryption. The encoding function is easy to compute, using the public key. The decoding function is extremely difficult to compute without knowing the private key. Matt Valeriote (McMaster University) Public Key Cryptography 20 October, / 19

5 Public Key Cryptography Matt Valeriote (McMaster University) Public Key Cryptography 20 October, / 19

6 The RSA Cryptosystem Introduced by Rivest, Shamir, and Adelman in RSA is the most popular public key cryptosystem. The system is based on the supposed difficulty of factoring large numbers. A recent factoring speed record involved an international research team factoring a 232-digit number. The team used hundreds of processors and over 2 years of intensive work to factor the number. On a single fast PC, it would have taken 1,500 years to factor the number. Using current technology, it would take over 3 trillion years (more than 200 times the age of the universe) to factor a 620 digit number. Matt Valeriote (McMaster University) Public Key Cryptography 20 October, / 19

7 Arithmetic Preliminaries Any natural number can be factored as a product of prime numbers. It is easy to generate large prime numbers at random. It is easy to multiply two numbers together, but it is hard to factor large numbers into primes (as far as we know). Two numbers are said to be relatively prime if they have no common prime divisors, e.g. 6 and 35 are relatively prime. The greatest common divisor (gcd) of two numbers can be quickly computed. The gcd of 60 and 42 is 6. The RSA algorithm makes use of modular arithmetic. Matt Valeriote (McMaster University) Public Key Cryptography 20 October, / 19

8 Clock Arithmetic Example (What time is it?) Suppose that the current time is 9 o clock. What time will it be in 4 hours? Answer: = 13 o clock, but we reduce by 12 to get the answer 1 o clock. In other words, mod 12. Matt Valeriote (McMaster University) Public Key Cryptography 20 October, / 19

9 Modular Arithmetic Definition (Modular Addition) Let a, b, r, n be natural numbers with r < n. Two natural numbers a and b are congruent modulo n, written a b mod n if (a b) is a multiple of n. For example, 13 1 mod 12, mod 5, 2 5 mod 2. The sum of a and b mod n is equal to r if a + b r mod n. So, mod 2 and mod 5 Definition (Modular Multiplication) Let a, b, r, n be natural numbers with r < n. The product of a and b mod n is equal to r if a b r mod n. So, mod 2 and mod 5 Matt Valeriote (McMaster University) Public Key Cryptography 20 October, / 19

10 Modular Exponentiation We can also define modular exponentiation in a similar manner. For example, mod 3, mod 11. (Fermat s Theorem) If p is a prime number and a is relatively prime to p, then a p 1 1 mod p. So, mod 23, i.e., is a multiple of the prime 23. It is not computationally difficult to compute a b modulo n using a method called repeated squares. Matt Valeriote (McMaster University) Public Key Cryptography 20 October, / 19

11 RSA Key Generation Alice s Keys Select two large prime numbers p and q at random. Compute the system modulus n = p q and m = (p 1)(q 1). Choose at random a number e with 1 < e < m that is relatively prime to m. Find a number d with e d 1 mod m and with 0 d < m. Alice s Public Encryption Key is the pair (e, n). Alice s Private Decryption Key is the triple (d, p, q). Matt Valeriote (McMaster University) Public Key Cryptography 20 October, / 19

12 Encrypting Bob s message to Alice The Encryption Algorithm Suppose that Bob wants to securely send to Alice a text message. First, he digitizes it according to some simple method. For example, each letter could be represented by a number between 01 and 26 (and space as 00). The message hello alice is digitized as M = Bob computes the number y < n such that M e y mod n and sends y to Alice. Note: for this to work, M must be less than n. Since Alice has published her public key, then Bob (or anyone else) can securely send a message to Alice using this method. Matt Valeriote (McMaster University) Public Key Cryptography 20 October, / 19

13 Decrypting Bob s message The Decryption Algorithm Once Alice has received Bob s encrypted message y she can use her private key to decrypt the message. The decrypted message is equal to y d modulo n, i.e., M y d mod n. Correctness of the RSA cryptosystem Euler s Theorem is a generalization of Fermat s Theorem (mentioned earlier) and can be used to show that when one computes y d mod n, then the answer will be M, the original message. Matt Valeriote (McMaster University) Public Key Cryptography 20 October, / 19

14 A Simple Example Suppose that Alice selects the prime numbers p = 17 and q = 11. Then n = 187 and m = (17 1)(11 1) = 160 = (2 5 )(5). The number e = 7 is relatively prime to 160 (any odd number less than 160 that is not a multiple of 5 would work). Find the number d < 160 with d e 1 mod 160. d = 23 works (since 23 7 = mod 160). Alice s public key is (7, 187). Her private key is (23,17,11). Matt Valeriote (McMaster University) Public Key Cryptography 20 October, / 19

15 A Simple Example, Continued Suppose that Bob wants to securely send the number M = 88 to Alice using her public key (7,187). He computes M e mod n or 88 7 mod mod 187. Bob sends the number y = 11 to Alice. To decrypt Bob s message, Alice uses her private key (23, 17, 11) to compute y d mod n, or mod 187. The answer is 88!!! Matt Valeriote (McMaster University) Public Key Cryptography 20 October, / 19

16 How to break the RSA system Suppose that Eve has intercepted the number y, Bob s encrypted message to Alice. Eve also knows Alice s public key (e, n) (since everyone does). If Eve could find the prime factors of n, namely p and q, then she could easily compute the number d since she already knows the number e and she can compute m = (p 1)(q 1). Once Eve has computed d, then she can decrypt the message M that Bob sent to Alice by computing y d mod n. So if Eve has a fast method for factoring very large numbers, then she can easily decrypt messages sent using the RSA cryptosystem. Matt Valeriote (McMaster University) Public Key Cryptography 20 October, / 19

17 Dr. V s Public Key and Encrypted Midterm Question Public Key Dr. Valeriote s public key is the pair (e,n), where e = n = Encrypted Message The following number encrypts a number M whose first two digits are a question number a, and next three a page number b. This question will appear on the midterm test if someone from the class can figure out what M is and inform Dr. V. before class on Thursday, October Matt Valeriote (McMaster University) Public Key Cryptography 20 October, / 19

18 Message Verification Problem Solution Suppose that Alice receives a message that appears to be from Bob. Since her public key is widely available, then anyone, in principal could send her an encoded message. She would like to verify that in fact Bob sent the message. Suppose that Bob s public key is (e,n ) and his private key is (d,p,q ) and Alice s keys are (e,n) and (d,p,q). Before sending the message M, Bob computes M M d mod n. Bob encrypts the number M using Alice s public key and sends the result, y, to her. Alice is the only one who can decode y, and doing so produces the number M. She can now use Bob s public key to recover M from M. Matt Valeriote (McMaster University) Public Key Cryptography 20 October, / 19

19 Matt Valeriote (McMaster University) Public Key Cryptography 20 October, / 19