CS 5323

Asymmetric Cryptography

Prof. Ravi Sandhu Executive Director and Endowed Chair

Lecture 3

[email protected] www.profsandhu.com

© Ravi Sandhu World-Leading Research with Real-World Impact! 1 Asymmetric Encryption

© Ravi Sandhu World-Leading Research with Real-World Impact! 2 Public-Key Encryption

INSECURE CHANNEL

Plain- Ciphertext Plain- text text Encryption Decryption Algorithm E Algorithm D A B

B's Public Key B's Private Key

SECURE CHANNEL Confidentiality Integrity

© Ravi Sandhu World-Leading Research with Real-World Impact! 3 Symmetric-Key Encryption

INSECURE CHANNEL Plain- Plain- Ciphertext text text

Encryption Decryption Algorithm E Algorithm D A B

Symmetric Key K K shared by A and B

SECURE CHANNEL Confidentiality Integrity

© Ravi Sandhu World-Leading Research with Real-World Impact! 4 Public-Key Encryption

 reduces the key distribution problem to a secure channel for authentic communication of public keys  requires authentic dissemination of 1 public key/party  scales well for large-scale systems  with N parties we need to generate and distribute N public keys

© Ravi Sandhu World-Leading Research with Real-World Impact! 5 Known Public-Key Attack

 confidentiality based on infeasibility of computing B's private key from B's public key  key sizes are large (2048 bits and above) to make this computation infeasible

© Ravi Sandhu World-Leading Research with Real-World Impact! 6 Speed

 public key runs 1000 times slower than symmetric key  think 2g versus 4g on smartphone  This large difference in speed is likely to remain  Maybe reduce to 100 times

 Use public keys to distribute symmetric keys, use symmetric keys to protect data

© Ravi Sandhu World-Leading Research with Real-World Impact! 7 RSA Cryptosystem

 public key is (n,e)  private key is d  encrypt: C = M mod n  decrypt: M = C mod n

X Not covered in lecture

© Ravi Sandhu World-Leading Research with Real-World Impact! 8 RSA Cryptosystem

 public key is (n,e)  private key is d  encrypt: C = M mod n  decrypt: M = C mod n

This naive use of RSA is X not secure but will Not covered suffice for our purposes in lecture

© Ravi Sandhu World-Leading Research with Real-World Impact! 9 RSA Key Generation

 choose 2 large prime numbers p and q  compute n = p * q  pick e relatively prime to (p-1)*(q-1)  compute d, e*d = 1 mod (p-1)*(q-1)  publish (n,e)  keep d private (and discard p, q)

X Not covered in lecture

© Ravi Sandhu World-Leading Research with Real-World Impact! 10 RSA Key Protection

 compute d, e*d = 1 mod (p-1)*(q-1)  if factorization of n into p*q is known, this is easy to do  security of RSA is no better than the difficulty of factoring n into p, q

X Not covered in lecture

© Ravi Sandhu World-Leading Research with Real-World Impact! 11 Asymmetric Digital Signatures

© Ravi Sandhu World-Leading Research with Real-World Impact! 12 Public-Key Digital Signature

INSECURE CHANNEL

Plain- Plaintext + Signature Yes/No text Signature Verification Algorithm S Algorithm V A B

A's Private Key A's Public Key

SECURE CHANNEL Confidentiality Integrity

© Ravi Sandhu World-Leading Research with Real-World Impact! 13 Compare Public-Key Encryption

INSECURE CHANNEL

Plain- Ciphertext Plain- text text Encryption Decryption Algorithm E Algorithm D A B

B's Public Key B's Private Key

SECURE CHANNEL Confidentiality Integrity

© Ravi Sandhu World-Leading Research with Real-World Impact! 14 Compare Symmetric Key MAC

INSECURE CHANNEL

Plain- Plaintext + MAC Yes/No text MAC Verification Algorithm M Algorithm V A B

K K

SECURE CHANNEL Confidentiality Integrity

© Ravi Sandhu World-Leading Research with Real-World Impact! 15 Digital Signatures in RSA

 RSA has a unique property, not shared by other public key systems  Encryption and decryption commute  (M mod n) mod n = M encryption  (M mod n) mod n = M signature  Same public key can be use for encryption and signature  But not recommended X Not covered in lecture

© Ravi Sandhu World-Leading Research with Real-World Impact! 16 Message Digest

© Ravi Sandhu World-Leading Research with Real-World Impact! 17 Encryption Speed Revisited

 public key runs 1000 times slower than symmetric key  think 2g versus 4g on smartphone  This large difference in speed is likely to remain  Maybe reduce to 100 times

 Use public keys to distribute symmetric keys, use symmetric keys to protect data

© Ravi Sandhu World-Leading Research with Real-World Impact! 18 Digital Signature Speed

 public key runs 1000 times slower than symmetric key  think 2g versus 4g on smartphone  This large difference in speed is likely to remain  Maybe reduce to 100 times

 Sign the message digest (or hash) not the message

© Ravi Sandhu World-Leading Research with Real-World Impact! 19 Message Digest (Hash)

M=H-1(m) original message no practical limit to size M

message digest algorithm H

message digest easy 256 bit hard m m=H(M)

© Ravi Sandhu World-Leading Research with Real-World Impact! 20 Desired Characteristics

 weak hash function  difficult to find M' such that H(M')=H(M)  given M, m=H(M) try messages at random to find M’ with H(M’)=m  2k trials on average, k=128 to be safe

© Ravi Sandhu World-Leading Research with Real-World Impact! 21 Desired Characteristics

 strong hash function  difficult to find any two M and M' such that H(M')=H(M)  try pairs of messages at random to find M and M’ such that H(M’)=H(M)  2k/2 trials on average, k=256 to be safe

Birthday paradox

© Ravi Sandhu World-Leading Research with Real-World Impact! 22 Message Authentication Code

Symmetric Encryption Message-Digest Based Based

CBC-MAC HMAC

MAC has same size as Hash the message block size of underlying cryptosystem and a symmetric key

CCM mode MAC has same size as Provides confidentiality and integrity underlying hash function or can truncate

Revisiting after discussing message digests

© Ravi Sandhu World-Leading Research with Real-World Impact! 23 Asymmetric Key Exchange

© Ravi Sandhu World-Leading Research with Real-World Impact! 24 Diffie-Hellman Key Agreement

xA xB yA=a mod p yB=a mod p A public key public key B

private key private key xA xB

xA xB xA*xB k = yB mod p = yA mod p = a mod p system constants: p: prime number, a: integer X Not covered in lecture

© Ravi Sandhu World-Leading Research with Real-World Impact! 25 Diffie-Hellman Key Agreement

 security depends on difficulty of computing x given y=ax mod p  called the discrete logarithm problem

X Not covered in lecture

© Ravi Sandhu World-Leading Research with Real-World Impact! 26 Diffie-Hellman Man-in-the-Middle Attack

A C B

Public keys need to be X authenticated Not covered in lecture

© Ravi Sandhu World-Leading Research with Real-World Impact! 27