Outline • Some Math Essentials & History • Asymmetric signatures and key exchange ISA 662 • Asymmetric encryption Internet Security Protocols • Symmetric MACs Lecture 2 ISA 662 1 2 Beauty of Mathematics Prime Numbers (I) x Percentage Percentage x/(ln x - 1) Percentage Demonstration 1,000 168 16.8% 169 16.9% 10,000 1,229 12.3% 1,218 12.2% Pick a number from 10 to 99 100,000 9,592 9.6% 9,512 9.5% At the 2 digits, for example: 1,000,000 78,498 7.8% 78,030 7.8% 10,000,000 664,579 6.6% 661,459 6.6% If you chose 51, you would add 5+1=6 100,000,000 5,761,455 5.8% 5,740,304 5.7% Then subtract the result from the original number 1,000,000,000 50,847,534 5.1% 50,701,542 5.1% 10,000,000,000 455,052,511 4.6% 454,011,971 4.5% So 51-6=45 • Prime numbers “thin out” as the numbers get larger (Demonstration shown in class) • There are 25primes <100, so density is 1 in 4. • Ten digit number, density is 1 in 23. • Hundred digit number, density is 1 in 230. 3 4 Division (I) Division (II) (also called counting numbers) 5 6 1 Division (III) Common Divisors (I) 7 8 Common Divisors (II) Euler’s Totient Function (I) • Leonhard Euler – Swiss mathematician and physicist – First to use the term function. – Lived in the 1700’s in Z * • Totient function ø(n): |Zn | – number of integers less than n and relatively prime to n – If n is prime, ø(n)= n-1 – If n=p∗q, and p, q are primes, ø(n)=( p-1)( q-1) – If p is prime and k>0, ø(pk) =( p-1) pk-1 9 10 Euler’s Totient Function (II) Motivation 1- Key Distribution Problem • Examples: • In a secret key cryptosystem, the secret key must be ø(7)= 7*(1-(1/7))=6 {1,2,3,4,5,6} transmitted via a secure channel Or ø(7) =7-1=6, because 7 is prime • Inconvenient – nparties want to communicate with each other, how many keys total keys are needed and how many other keys must each n ø(10)= 10*(1-(1/2)*(1-(1/5))=4 {1,3,7,9} store? n entities – There will be n(n-1) / 2 keys total ø(18)= 18*(1-(1/2)*(1-(1/3))=6 {1,5,7,11,13,17} Each entity has to store n-1 keys • Insecure ø(21)= 21*(1-(1/3)*(1-(1/7))=12 – Is the secure channel really secure? {1,2,4,5,8,10,11,13,16,17,19,20} Or ø(21)= ø(3.7)= ø(3). ø(7)= 2.6 = 12 • Public key cryptosystem solves the problem – Public key known by everyone – telephone directory – Privacy key is never transmitted 11 12 2 How many Symmetric Keys needed? Motivation 2- Digital Signature Administration Problems: Total Keys n Keys Stored • In a secret key cryptosystem, authentication and – Adding new entities 2 2 1 non-repudiation may be difficult – Removing existing entities 3 3 2 4 6 3 – Changing keys 5 10 4 • Authentication 6 15 5 – You must share a secret key with someone in order to 7 21 6 8 28 7 verify his signature 9 36 8 10 45 9 • Non-repudiation 11 55 10 – “I didn’t sign it. You did since you also have the key” 12 66 11 13 78 12 • Public key cryptosystem solves the problem 14 91 13 15 105 14 – Verification of signature needs only the public key – One is solely responsible for his private key 13 14 Public Key Algorithms Requirements for Public-Key Algorithms • Public key algorithms covered in this class • It is computationally easy to – RSA: encryption and digital signature – generate a (public, private) keypair. – to generate a ciphertext using thepublic key. – Diffie-Hellman: key exchange – to decrypt the ciphertext using theprivate key. – DSA: digital signature – to sign with theprivate key. • Number theory underlies most of public key – to verify the signature with thepublic key. algorithms. • It is computationally infeasible to – determine the private key from thepublic key. – recover the message from the ciphertext and thepublic key. – forge a signature. 15 16 The Big Picture The Basic Idea • Confidentiality: encipher using public key, decipher using private key Plain- Plain- • Integrity/authentication: encipher using private text Encryption Ciphertext Decryption text key, decipher using public key Algorithm INSECURE CHANNEL Algorithm A B Plain- Plain- A B text Encryption Ciphertext Decryption text B's Public Key B's Private Key Algorithm Algorithm RE ‘Signature’ LIA BL E C HA NN EL B's Public Key B's Private Key B's Public Key B 17 AA B18 3 Public Key Model Public Key Encryption 19 20 Public Key Signatures Use of Public-Key Cryptosystems • Encryption/decryption – The sender encrypts a message with the receiver’s public key – Only the receiver can decrypt the message. • Digital signature – The sender signs a message with itsprivate key. – Authentication and non-repudiation • Key exchange – Two sides cooperate to exchange a session key. – Secret key cryptosystems are often used with the session key. 21 22 Goals of Public-Key Cryptanalysis Public-Key Cryptanalysis • Given the public key, cipher text, signature, to • Brute-force attack – Try allpossible keys – find out the private key • Derivation of private key from public key – find out the message encrypted – Try to find the relationshipbetween the public key and the private key and compute theprivate key from the public one. – forge the signature • Probable-message attack – Thepublic key is known. – Encrypt allpossible messages – Try to find a matchbetween the ciphertext and one of the above encrypted messages. – Example: Prof. sends encrypted messages of letter grades to his studentsbased on their public key. 23 24 4 History of Public-Key Schemes Revolution in Cryptography • 1976 – Diffie & Hellman suggested the public-key model • Diffie & Hellman sought to solve 2 problems for encryption and signatures – Find a secure way to distribute keys in the public • 1976 – Diffie & Hellman developed public-key protocol for key-exchange based on Discrete Log Problem – Provide digital signature for document • 1977- Rivest, Shamir, Adelman developed RSA public- • Public key cryptography is based on rigorous key scheme for encryption and signatures based on the mathematical theory, rather than substitutions and Number Factoring Problem permutations. • 1980’s- El-Gamal developed public-key protocols for encryption and signatures based on Discrete Log Problem • It is asymmetric – requires two different keys: private key & public key 25 26 Diffie-Hellman Key Exchange (I) Diffie-Hellman Key Exchange (II) • Published in – W. Diffie and ME Hellman, " New Directions in Cryptography ", in IEEE Transactions on Information Theory, IT-22 no 6 (November 1976) p. 644-654 • The first public key algorithm • Allows two users to agree on a secret key over public channel • No encryption, decryption, nor authentication • What’s involved? – p is a large prime number (about 512 bits), g < p and g is a primitive root of p. – p and g are publicly known 27 28 Diffie-Hellman Key Exchange (III) Diffie-Hellman Man-in-the-middle 29 30 5 Diffie-Hellman Example Hard Number Theory Problems Alice and Bob want to establish a shared secret key • T = gs mod p • Have agree on the value n=353 (prime) and g=3 – Given T, g, p , it is computationally infeasible to compute the • Select the random secret values: value of s (discrete logarithm) – Alice chooses Xa=97, Bob chooses Xb=233 – This is thebasis of the Diffie-Hellman, El-Gamal, and DSS • Derive the public keys: Public-Key Schemes. Xa 97 –Ta= g mod n = 3 mod 353 = 40 (Alice’s) • Another difficult number theory problem, it is to compute Xb 233 –Tb= g mod n = 3 mod 353 = 248 (Bob’s) the product of two primes p and q to obtain n=pq. But it is • Derive the shared secret key difficult to factor the composite number n into its two Xa 97 – K = Tb mod n = 248 mod 353 = 160 (Alice’s) prime factors p and q. Xb 233 – K = Ta mod n = 40 mod 353 = 160 (Bob’s) – This is thebasis of the RSA Public-Key scheme 31 32 Diffie-Hellman Scheme Diffie-Hellman in Phone Book Mode • Security factors • DH is subject to active man-in-the-middle attack – Discrete logarithm very difficult. because their public key-component may be intercepted and substituted – Shared key (the secret) itself never transmitted. • Phone book mode allows everyone to generate the • Disadvantages: public key-component in advance and publish them – Expensive exponential operation through other reliable means – Cannot be used to encrypt anything. • All communicating parties agree on their common < g, – No authentication, so you can not sign anything. p> • Essential requirement : authenticity of the public key. 33 34 RSA (Rivest, Shamir, Adleman) Number Factoring • Published in – R. Rivest, A. Shamir, and L. Adleman, " A Method for Obtaining Digital Signatures and Public-Key Cryptosystems ", CACM 21, pp. 120--126, Feb. 1978 – The first public key encryption and signature system • Support both public key encryption and digital signature. • Assumption/theoretical basis: – Factorization of large primes is hard. • Variable key length (usually 1024 bits). • Variable plaintext block size. – Plaintext must be “smaller” than the key. – Ciphertext block size is the same as the key length. How about Tomorrow’s computers? 35 36 6 Quantum Computing The RSA Algorithm • A classical computer has a memory made up of bits, where each bit holds either a one or a zero. The device computes by manipulating those bits, i.e.