sign in sign up
<<
Home , Key exchange, RSA (cryptosystem), Trapdoor function

Public . Diffie-Hellman Key Establishment . Rivest-Shamir-Adleman

Introduction

Modern cryptography is founded on the idea that the key that you use to encrypt can be made public while the key that is used to decrypt must be kept private. As such, these systems are known as public key cryptographic systems.

What you need for a public key cryptographic system to work is a set of algorithms that is easy to process in one direction, but difficult to undo. In the case of RSA, the easy algorithm multiplies two prime numbers. If multiplication is the easy algorithm, its difficult pair algorithm is factoring the product of the multiplication back into its two component primes. Algorithms that have this characteristic — easy in one direction, hard the other — are known as trapdoor functions. Finding a good is critical to making a secure public key cryptographic system. Simplistically: the bigger the spread between the difficulty of going one direction in a trapdoor function and going the other, the more secure a cryptographic system based on it will be.

RSA algorithm and the Diffie-Hellman algorithm are revolutionary because they represent the first viable cryptographic schemes, where security is based on the theory of numbers; it was the first to enable secure communication between two parties without a !

(based on a text “A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography”, from blog: http://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography

. Part I Diffie-Hellman key agreement

Objective: Execute the Diffie-Hellman algorithm to agree on a shared secret key.

Diffie-Hellman key exchange, also called exponential key exchange, is a method that uses numbers raised to specific powers to produce decryption keys on the basis of components that are never directly transmitted, making the task of a would-be code breaker mathematically overwhelming. To implement Diffie-Hellman, two end users , while communicating over a channel they know to be private, mutually agree on positive whole numbers p and , such that p is a and q is a generator of p. The generator q is a number that, when raised to positive whole- number powers less than p, never produces the same result for any two such whole numbers. The value of p may be large but the value of q is usually small.

Once Alice and Bob have agreed on p and q in private, they choose positive whole-number personal keys a and b, both less than the prime-number modulus p. Neither user divulges their personal key to anyone; ideally they memorize these numbers and do not write them down or store them anywhere. Next, Alice and Bob compute public keys a* and b* based on their personal keys according to the formulas

* a a = q mod p and

b b* = q mod p

The two users can share their public keys a* and b* over a communications medium assumed to be insecure, such as the Internet, a corporate or wide area network (WAN). From these public keys, a number x can be generated by either user on the basis of their own personal keys. Alice computes x using the formula

a x = (b*) mod p

Bob computes x using the formula

b x = (a*) mod p

The value of x turns out to be the same according to either of the above two formulas. However, the personal keys a and b, which are critical in the calculation of x, have not been transmitted over a public medium. Because it is a large and apparently random number, a potential hacker has almost no chance of correctly guessing x, even with the help of a powerful computer to conduct millions of trials. The two users can therefore, in theory, communicate privately over a public medium with an encryption method of their choice using the decryption key x.

The most serious limitation of Diffie-Hellman in its basic or "pure" form is the lack of authentication. Communications using Diffie-Hellman all by itself are vulnerable to man in the middle attacks. Ideally, Diffie-Hellman should be used in conjunction with a recognized authentication method such as digital signatures to verify the identities of the users over the public communications medium. Diffie- Hellman is well suited for use in data communication but is less often used for data stored or archived over long periods of time

(based on a text “Diffie-Hellman key exchange (exponential key exchange) http://searchsecurity.techtarget.com/definition/Diffie-Hellman-key-exchange

Steps

1. Work in pairs. Boot up PC in Windows or linux. Use calculator. 2. Refer to DH algorithm presented in lecture slides. 3. Proceed through the whole DH algorithm steps in order to agree on a shared secret key. 4. During the process exchange the relevant data between you and your peer.

Part II RSA encryption

The RSA algorithm is the most popular and best understood public key cryptography system. Its security relies on the fact that factoring is slow and multiplication is fast. What follows is a quick walk-through of what a small RSA system looks like and how it works.

In general, a public key encryption system has two components, a public key and a private key. Encryption works by taking a message and applying a mathematical operation to it to get a random- looking number. Decryption takes the random looking number and applies a different operation to get back to the original number. Encryption with the public key can only be undone by decrypting with the private key.

Computers don't do well with arbitrarily large numbers. We can make sure that the numbers we are dealing with do not get too large by choosing a maximum number and only dealing with numbers less than the maximum. We can treat the numbers like the numbers on an analog . Any calculation that results in a number larger than the maximum gets wrapped around to a number in the valid range.

In RSA, this maximum value (call it max) is obtained by multiplying two random prime numbers. The public and private keys are two specially chosen numbers that are greater than zero and less than the maximum value, call them pub and priv. To encrypt a number you multiply it by itself pub times, making sure to wrap around when you hit the maximum. To decrypt a message, you multiply it by itself priv times and you get back to the original number. It sounds surprising, but it actually works. This property was a big breakthrough when it was discovered.

To create a RSA key pair, first randomly pick the two prime numbers to obtain the maximum (max). Then pick a number to be the public key pub. As long as you know the two prime numbers, you can compute a corresponding private key priv from this public key. This is how factoring relates to breaking RSA — factoring the maximum number into its component primes allows you to compute someone's private key from the public key and decrypt their private messages.

(based on a text “A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography”, from blog: http://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography

Steps

Objective: Define your own RSA . Execute RSA algorithm to encrypt and decrypt a short message.

1. Work in pairs. Boot up PC in Windows or linux. Use calculator. 2. Refer to RSA algorithm presented in lecture slides (and below). 3. Select an arbitrary plaintext message (a single word, a few characters in length) 4. Proceed through the whole RSA algorithm steps in order to encrypt a message: 5. Choose two prime numbers p and q. Choose e. Build the public key etc. … (note: see the examples of and note well how d is computed: “An Introduction to the RSA Encryption Method” http://math.arizona.edu/sites/math.arizona.edu/files/webfm/undergrad/uta/Spring12UTATalkSalterbergJake.pdf ) 6. Another person is kindly requested to decrypt the ciphertext message. 7. Compare the original plaintext with the recovered plaintext to verify that the procedure was carried out properly.

Table 1. ASCII character map (UTF-8)

Fig. 1. Diffie-Hellman algorithm

Some helpful links:

. Prime numbers http://en.wikipedia.org/wiki/Prime_number . The first 1000 prime numbers http://primes.utm.edu/lists/small/1000.txt . Prime Numbers Generator and Checker http://www.numberempire.com/primenumbers.php . Prime Numbers Chart and Calculator http://www.mathsisfun.com/prime_numbers.html . Diffie-Hellman Key Exchange explained (text, Polish): http://pl.wikipedia.org/wiki/Protok%C3%B3%C5%82_Diffiego-Hellmana . Diffie-Hellman Key Exchange (video, English): http://www.youtube.com/watch?v=U1kybvKaUeQhttp://www.youtube.com/watch?v=U1ky bvKaUeQhttp://www.youtube.com/watch?v=U1kybvKaUeQ . Diffie-Hellman Key Exchange (video, English): http://www.youtube.com/watch?v=3QnD2c4Xovk . Diffie-Hellman Key Exchange (video, English): http://www.youtube.com/watch?v=U1kybvKaUeQ