Public-Key Cryptography Principles • Based on mathematical functions • The use of two keys has consequences in: key distribution, confidentiality and authentication. • Miscoceptions • The scheme has six ingredients – Plaintext – Encryption algorithm – Public and private key – Ciphertext – Decryption algorithm
Data and Network Security 2
Public-Key, essntial steps 1. Each user generates a pair of keys to be used for the encryption and decryption of messages. 2. Each user places one of the two keys in a public register or other accessible file. This is the public key. The companion key is kept private. Each user maintains a collection of public keys obtained from others. 3. If Bob wishes to send a private message to Alice, Bob encrypts the message using Alice’s public key. 4. When Alice receives the message, she decrypts it using her private key. No other recipient can decrypt the message because only Alice knows Alice’s private key.
Data and Network Security 3
Public-Key • With this approach, all participants have access to public keys, and private keys are generated locally by each participant and therefore need never be distributed. • As long as a user protects his or her private key, incoming communication is secure. • At any time, a user can change the private key and publish the companion public key to replace the old public key.
Data and Network Security 4
Encryption using Public-Key system
Data and Network Security 5
Authentication using Public- Key System
Data and Network Security 6
Applications for Public-Key Cryptosystems • Three categories: – Encryption/decryption: The sender encrypts a message with the recipient’s public key. – Digital signature: The sender ”signs” a message with its private key. – Key echange: Two sides cooperate two exhange a session key.
Data and Network Security 7
Requirements for Public- Key Cryptography 1. Computationally easy for a party B to generate a pair (public key KUb, private key KRb) 2. Easy for sender to generate ciphertext: C EKUb (M ) 3. Easy for the receiver to decrypt ciphertect using private key: M DKRb (C ) DKRb [ EKUb (M )] Data and Network Security 8 Requirements for Public- Key Cryptography 4. Computationally infeasible to determine private key (KRb) knowing public key (KUb) 5. Computationally infeasible to recover message M, knowing KUb and ciphertext C 6. Either of the two keys can be used for encryption, with the other used for decryption: M DKRb [ EKUb (M )] DKUb[ EKRb (M )] Data and Network Security 9 Public-Key Cryptographic Algorithms • RSA and Diffie-Hellman • RSA - Ron Rives, Adi Shamir and Len Adleman at MIT, in 1977. – RSA is a block cipher – The most widely implemented • Diffie-Hellman – Echange a secret key securely – Compute discrete logarithms
Data and Network Security 10
The RSA Algorithm – Key Generation 1. Select p,q p and q both prime 2. Calculate n = p x q 3. Calculate (n) ( p 1)(q 1) 4. Select integer e gcd( (n), e) 1; 1 e (n) 5. Calculate d d de mod (n) 6. Public Key KU = {e,n} 7. Private key KR = {d,n}
Data and Network Security 11
The RSA Algorithm - Encryption • Plaintext: M<n
• Ciphertext: C = Me (mod n)
Data and Network Security 12
The RSA Algorithm - Decryption • Ciphertext: C
• Plaintext: M = Cd (mod n)
Data and Network Security 13
Example of RSA Algorithm
Data and Network Security 14
Other Public-Key Cryptographic Algorithms • Digital Signature Standard (DSS) – Makes use of the SHA-1 – Not for encryption or key echange • Elliptic-Curve Cryptography (ECC) – Good for smaller bit size – Low confidence level, compared with RSA – Very complex