Public Key Cryptography
Attacks on RSA
•Brute force ▫trying all possible private keys ▫use larger key, but then slower •Mathematical attacks (factoring n) ▫improving algorithms (GNFS, SNFS) ▫currently 1024-2048-bit keys seem secure •Timing attacks (on implementation) ▫Check the time it takes during decryption of bits 1 and 0 on certain functions. ▫use -constant time, random delays, blinding
Security Services Provided by RSA
•Confidentiality -Only the owner of the private key knows it, so text enciphered with public key cannot be read by anyone except the owner of the private key •Authentication -Only the owner of the private key knows it, so text enciphered with private key must have been generated by the owner •Integrity -Enciphered letters cannot be changed undetectably without knowing private key •Non-Repudiation -Message enciphered with private key came from someone who knew it
Countermeasures to Timing Attacks
•Constant exponentiation time ▫Ensure that all exponentiations take the same amount of time before returning a result; this is a simple fix but does degrade performance •Random delay ▫Better performance could be achieved by adding a random delay to the exponentiation algorithm to confuse the timing attack •Blinding ▫Multiply the ciphertext by a random number before performing exponentiation
Symmetric-Key vs. Public-Key
•In symmetric-key encryption, the sender has to establish a secret key with the receiver prior to encryption. However, in public-key encryption, the sender just needs to obtain an authentic copy of the receiver's public key. ▫In a network of nusers, a symmetric-key cryptosystem requires n(n-1)/2 secret keys, but a public-key cryptosystem requires only npublic-private key pairs. •Public-key cryptography (digital signatures) provides non-repudiation while symmetric-key cryptography does not. •Public-key cryptosystems are substantially slower than symmetric-key cryptosystems since the key sizes of public-key cryptosystems are typically much larger. ▫RSA 100 to 1000 times slower than DES. 10,000 times slower than AES
Timing Attacks
•Paul Kocher, a cryptographic consultant, demonstrated that a snooper can determine a private key by keeping track of how long a computer takes to decipher messages •It has been shown that you can use the timing information to guess and then check the bits of q on OpenSSL. •Are alarming for two reasons: ▫It comes from a completely unexpected direction ▫It is a ciphertext-only attack
RSA Algorithm
•Plaintext is encrypted in blocks with each block having a binary value less than some number n •Both sender and receiver must know the value of n •The sender knows the value of e, and only the receiver knows the value of d •For some plaintext block M and ciphertext block C: Encryption: C = M^emod n Decryption: M = C^dmod n= (M^e)^d mod n = Medmod n •This is a public-key encryption algorithm with a public key of PU={e,n} and a private key of PR={d,n}
Public-key systems
•Two keys -Private key known only to individual -Public key available to anyone •Idea -Confidentiality: encipher using public key, decipher using private key -Integrity/authentication: encipher using private key, decipher using public one •Requirements -It must be computationally easy to encipher or decipher a message given the appropriate key -It must be computationally infeasible to derive the private key from the public key -It must be computationally infeasible to determine the private key from a chosen plaintext attack
Factoring Problem
•We can identify three approaches to attacking RSA mathematically: ▫Factor ninto its two prime factors. This enables calculation of ø(n) = (p -1) x (q-1), which in turn enables determination of d = e-1(mod ø(n)) ▫The problem of factoring n for large n and large primes p and q is hard, but not as hard as it used to be. ▫The latest challenge key length of 232 decimal (768 bits) was successful. -Refinement of algorithms used, and the increase in computing power -1024 bit is a thousand times harder to factor than 768 bits
Diffie-Hellman Key Exchange
•We can use the public key technology to to generate a key whenever needed between two parties. •The goal is to enable two users to securely exchange a key that can then be used for subsequent symmetric encryption of messages •It works if both sides know that their messages will reach one another without any meddling. •First published public-key algorithm •A number of commercial products employ this key exchange technique •Purpose is to enable two users to securely exchange a key that can then be used for subsequent symmetric encryption of messages•Its effectiveness depends on the difficulty of computing discrete logarithms •This approach is used as the basis for a "session key". •A symmetric key used to protect subsequent communication between Alice and Bob. •In general, public key operations are vastly more expensive than symmetric key, so it is mostly used just to agree on secret keys, transmit secret keys, or sign hashes. •Then a symmetric key like (AES) is used to encrypt the communication.
Discrete Logarithm
•With ordinary positive real numbers, the logarithm function is the inverse of exponentiation. logx(y) = z means x^z = y •Consider a primitive root a for some prime number p, then we know that the powers of a from 1 through (p -1) produce each integer from 1 through (p -1) exactly once. •It follows that for any integer b and a primitive root a of prime number p, we can find a unique exponent i such that: b = a^i(mod p) where 0≤i≤(p-1) This exponent i is referred to as the discrete logarithm of the number b for the base a (mod p). We denote this value as dlog a,p(b).
