LOGO

Public Key EncryptionKyle Schmidt

A Brief History of Cryptography

Ancient Greeks Scytale Cipher

Julius Caesar Caesar Cipher

“Enigma” Automated Cipher

What is Cryptography?

Secure and private communication

Encryption Rendering a message unintelligible

WEDNESDAY THE SIXTEENTHJRQARFQNL GUR FVKGRRAGU

Symmetric vs. Asymmetric

Symmetric Single key

Asymmetric (Public Key) Two keys

• Public key & Private key Mailbox Concept Digital Signature

Branches of Cryptology

Cryptology

Cryptography Cryptanalysis

Symmetric Asymmetric

Encryption Message AuthenticationEncryption

Advantages of Asymmetric

Secure Exchange of Keys Can’t trust the middleman

Nonrepudiation Keep track of your own key

More Uses Encryption Message Authentication Digital Signatures

Modular Arithmetic

Most cryptosystems based on finite, discrete sets

modulus = 12

Modulus Operation

Formal Definition:

Given integers a, r, and m, we saya ≡ r mod m

if (r – a) is divisible by m

a = r mod m

Note that there are infinitely many remainders

Not to be confused with:

The Ring Zm

Ring of integers with properties: Arithmetic operations always yield result in Zm

• e.g. ∀a, b ε Zm then (a + b) ε Zm

Neutral elements 0 for addition, 1 for multiplication• e.g. ∀a ε Zm, a + 0 ≡ a mod m

Additive inverse always exists

• i.e. ∀a ε Zm, ∃b = -a such that a + b ≡ 0 mod m

Multiplicative inverse only exists for some elements

Euclidean Algorithm

Calculates Greatest Common Divisor (GCD)

Simplify the problem

GCD(a, b) = GCD(a – b, b)

Euclidean Algorithm

a = bq + r

a = sub = tu

r = a – bq

r = (su) – (qt)u

r = (s – qt)u

a = bq + r

a = (s’v)q + (t’v)

a = (s’q + t)v

b = s’vr = t’v

Euclidean Algorithm

1 q1 = a / b a = bq1 + r1 r1 = a – b q1

2 q2 = b / r1 b = q2 r1 + r2 r2 = b – q2 r1

3 q3 = r1 / r2 r1 = q3 r2 + r3 r3 = r1 – q3 r2

n qn = rn-2 / rn-1 rn-2 = qn rn-1 + rn rn = rn-2 – qn rn-1

n+1 qn+1 = rn-1 / rn rn-1 = qn+1 rn + 0 ---

Procedure of Euclidean Algorithm

Extended Euclidean Algorithm

Modular Division Multiplication by multiplicative inverse ba-1 instead of b/a

Multiplicative Inverse: aa-1 ≡ 1 mod m

Extended Euclidean Algorithm: Fast, efficient way to find multiplicative inverse

Extended Euclidean Algorithm

Perform regular Euclidean Algorithm

GCD(a, b) must be 1

Then for ax + by = 1, x is the multiplicative inverse of a, and y is the multiplicative inverse of b

Extended Euclidean Algorithm

a = bq1 + r1

b = q2 r1 + r2

r1 = q3 r2 + r3

rn-2 = qn rn-1 + 1

r1 = a – bq1

r2 = b – q2 r1

r3 = r1 – q3 r2

1 = rn-2 – qn rn-1

1 = rn-2 – qn rn-1

1 = rn-2 – qn (r1 – q3 r2)

1 = rn-2 – qn (r1 – q3 (b – q2 r1))

1 = rn-2 – qn (r1 – q3 (b – q2 (a – b q1)))

1 = ax + by

Extended Euclidean Algorithm

Proof

ax + by = 1

ax + by 1 mod a

by 1 mod a

aa-1 1 mod a

Euler’s Totient Function

Essential for RSA Scheme and most likely others

Totient (n) Number of totatives of an integer n Totative: An integer m, 0 < m < n, GCD(m, n) = 1

Prime factorization of n must be known

{1, 2, 3, …, 30}

Example: (30)

1

2

34

5

6

7

89

10

11

12

13

14

15

16

17

18

19

20

2122

23

24

25

2627

28

29

30

(5)

(2) (3)

S =

C =

A = = B

Example: (30)

Calculate totients from frequencyDe Morgan’s Theorem:

Probability a number is in a subset is equal to Probability a number is not in all other subsets

Probability a number is NOT in a set is equal to 1 – (Probability of being IN the set)

Probability = (1 – 1/2) * (1 – 1/3) * (1 – 1/5)Frequency = (1 – 1/2) * (1 – 1/3) * (1 – 1/5) * 30

Euler’s Totient Function

Formula:

(n) = n(1 – 1/p1)(1 – 1/p2)…(1 – 1/pm)

=

(n) = (p1 – 1)p1k1–1(p2 – 1)p2

k2–1 …(pm – 1)pmkm–1

RSA

Ronald Rivest, Adi Shamir, Leonard Adleman 1977

Most widely used asymmetric scheme todayTwo main uses:

Secure exchange of keys Digital signatures

How RSA Works

Keys are pairs of integers Encrypting key: (e, n) Decrypting key: (d, n)

Encryption/Decryption: Exponentiation within Zn

Encrypt message: C = Me

Decrypt cyphertext: M = Cd

Before encrypting: Convert plaintext to integer with hash function

RSA: Key Generation

1. Choose two arbitrary prime numbers p and q

2. Calculate n = pq

3. Calculate (n) = (p – 1)(q – 1)

4. Choose arbitrary integer e < (n) – 1such that GCD(e, (n)) = 1

5. Calculate d = multiplicative inverse of e mod (n)using Extended Euclidean Algorithm

RSA: Key Generation

Basic requirement: After choosing p, q, choose e, d, k satisfying:

• ed – 1 = k(p – 1)(q – 1)

Extended Euclidean Algorithm requires two integers that are relatively prime Thus, requiring e and (n) to be relatively prime

ensures that there will be a matching private key

How RSA Works

Me = C; Cd = M Prove Cd ≡ (Me)d ≡ Med ≡ M mod n

Fermat’s Little Theorem M(n) ≡ 1 mod n if M and n are relatively prime

Mk(n) ≡ 1 mod nM*Mk(n) ≡ M mod nMk(n)+1 ≡ M mod n

Med ≡ M mod n

ed – 1 = k(p – 1)(q – 1)ed = k(p – 1)(q – 1) + 1ed = k (n) + 1

How RSA Works

M = Med

= M1+(n)k

= (M)M(n)k

= (M)(M(n))k

= (M)(1)k

= M

M = M

RSA: Faster Encryption

“Square-and-Multiply” Algorithm Quick and efficient, even with large numbers

Based on binary representation of exponentIterative through bits, left to rightConsider y = xh mod n

Starting with 2nd bit from left:1. Calculate y = x

2. Calculate y = y2 mod n

3. If current bit of h is 1, calculate y = yx mod n

4. Repeat steps 2 and 3 for each bit in exponent

RSA: Faster Encryption

Example: y = 226 mod 5

Iteration Current Bit Calculation Value of y

    y = x 2

1 1 [1] 0 1 0 y = y2 mod n 4 mod 5 = 4

1 1 [1] 0 1 0 y = y * x mod n 8 mod 5 = 3

2 1 1 [0] 1 0 y = y2 mod n 9 mod 5 = 4

3 1 1 0 [1] 0 y = y2 mod n 16 mod 5 = 1

3 1 1 0 [1] 0 y = y * x mod n 2 mod 5 = 2

4 1 1 0 1 [0] y = y2 mod n 4 mod 5 = 4

RSA: Faster Encryption

Square-and-Multiply has complexity O(log n), where n is the number of bits in the exponent

Relatively efficient

Although still intensive for small devices

Speed up encryption more: smaller public key No significant loss of security

RSA: Faster Decryption

Can’t use smaller private key Major security loss

Chinese Remainder Theorem Allows computation of y = x mod (pq) given:

• y1 = x mod p and y2 = x mod q

Break down Cd mod n into smaller computationsMore computations, but less intensiveRequires knowledge of p and q, thus cannot be

used to speed up encryption

RSA: Faster Decryption

Variation of Fermat’s Little Theorem: xp-1 ≡ 1 mod p

Using this, break down exponent d into d1 = d mod (p – 1) and d2 = d mod (q – 1)

Decryption now requires two exponentiations:

Using Chinese Remainder Theorem, compute:y ≡ y1q(q–1 mod p) + y2p(p–1 mod q) mod n

On average, four times faster

Practical Uses of RSA

Even with these methods to speed up RSA, it is still much slower than symmetric systems

Not typically used for large-scale encryptionEncrypt smaller messages

Passwords Symmetric keys

Digital SignaturesUsed together with symmetric systems

Secure key exchange + fast, efficient encryption

Problem

Modern computers becoming more efficientFactoring large numbers is becoming easier

•Larger keys required for RSA to remain secure–RSA becoming slower and slower

Alternative

Elliptic Curve Cryptography (ECC) 1985 Neal Koblitz, Victor S. Miller Estimated to be widespread within next decade

Elliptic Curve Cryptography: Premise

Point “Addition” (addition of ordered pairs)

Given a set E of points, and an operator “+”: Compute “sum” of two points as another point P + Q = R; P, Q, R ɛ E NOT actual arithmetic addition

Point “Multiplication” G = P + P + … + Pk = kP; G, P ɛ E, k ɛ R

Elliptic Curve Cryptography: Premise

The set E is drawn from points of an elliptic curve y2 = x3 + ax + b

Security comes from difficulty of finding k if given G and P Elliptic Curve Discrete Logarithm Problem Can’t just divide G by P

• Not arithmetic multiplication! More similar to finding k in a = bk

No efficient algorithm exists to solve this problem

Computing P + Q

Since elliptic curves are cubic, there are generally three points a line intersects the curve

Use this fact to calculate P + Q1. Draw line from P to Q

2. Define the third point of intersection to be –R

3. Thus R is the mirror reflection of –R

Computing P + Q

If there is no third point (the line is vertical), P + Q is said to be “infinity”, denoted as O

O is an additive identity (P + O = P)

To compute P + P, use P’s tangent line instead

Elliptic Curve Algebra

Algebraic Formulae: P + Q

• xP+Q = β2 – xP – xQ

• yP+Q = β(xP – xR) – yP

– β is the slope of the line

P + P (or 2P)• x2P = ([3x2

P + a] / 2yP)2 – 2xP

• y2P = ([3x2P + a] / 2yP) * (xP

– xR) – yP

– a is the same parameter from the cubic equation

How it is Applied to Cryptography

To ensure security, some restrictions: Curve must be smooth (no cusps, intersections, etc) Can’t use all real numbers – must be discrete

• In particular, prime numbers or binary numbers No longer a “curve,” but algebra still holds

Why ECC is harder to crack than RSA: Algebra is more complex than factoring numbers

Secure Key Exchange

Variation of Diffie-Hellman Scheme1. Alice and Bob agree on parameters for curve

a, b in y2 = x3 + ax + b and a point G ɛ E

2. Alice chooses a private integer XA and calculates a point YA = XAG

3. Bob does similar, calculating YB from integer XB

4. Alice and Bob publicly exchange YA and YB

5. The secret key K is computed by: For Alice, K = XAYB

For Bob, K = XBYA

Secure Key Exchange

Alice and Bob get the same private key, because: K = XAYB

= XA(XBG)

= XBXAG

= XBYA

= K

The Bigger Picture

ECC found to be 10x faster than RSA

Requires less memory and computational power

Equal security as RSA

Ideal for use on: Smart cards Wireless devices Other constrained devices RSA is unsuitable for

The Bigger Picture

Security of RSA Increasingly more vulnerable

Security of ECC No significant increase in vulnerability over 25 years

Symmetric Key Size RSA Key Size ECC Key Size80 1024 160112 2048 224128 3072 256192 7680 384256 15360 521

NIST Recommended Key Sizes for Equal Security

References

[1] Alayont, Feryâl. (2005). “RSA: A Public Key Cryptosystem”. <http://faculty.gvsu.edu/alayontf/talks/rsa.pdf> [2] Kak, Avi. (2011). “Elliptic Curve Cryptography and Digital Rights Management”. Lecture Notes on Computer and Network Security.

<https://engineering.purdue.edu/kak/compsec/NewLectures/Lecture14.pdf> [3] Kotas, William A. (2000). “A Brief History of Cryptography”. University of Tennessee Honors Thesis Projects.

<http://trace.tennessee.edu/utk_chanhonoproj/398> [4] National Security Agency. (2009). “The Case for Elliptic Curve Cryptography”. <http://www.nsa.gov/business/programs/elliptic_curve.shtml> [5] Paar, Christof and Pelzl, Jan. (2010). “Introduction to Cryptography”. Understanding Cryptography – A Textbook for Students and Practitioners (online

slides). <http://www.crypto-textbook.com> [6] Paar, Christof and Pelzl, Jan. (2010). “The RSA Cryptosystem”. Understanding Cryptography – A Textbook for Students and Practitioners (online slides). <http://www.crypto-textbook.com> [7] RSA Laboratories. (2000). “RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography, Version 4.1”.

<http://www.rsasecurity.com/rsalabs/faq/files/rsalabs_faq41.pdf> [8] Turner, Clay S. (2008). “Euler’s Totient Function and Public Key Cryptography”.

<http://web.cs.du.edu/~ramki/courses/security/2011Winter/notes/RSAmath.pdf> [9] Vinck, A.J. Han. (2011). “Introduction to Public Key Cryptography”. <http://www.exp-math.uni-essen.de/~vinck/crypto/script-crypto-pdf/add-to-3.pdf> [10] Wagner, Neal R. (2003). “The RSA Public Key Cryptosystem”. The Laws of Cryptography with Java Code.

<http://www.cs.utsa.edu/~wagner/lawsbookcolor/laws.pdf> [11] Weisstein, Eric W. “Euclidean Algorithm”. MathWorld – A Wolfram Web Resource. <http://mathworld.wolfram.com/EuclideanAlgorithm.html>

References

Additional images for this presentation retrieved from:

• http://en.wikipedia.org/wiki/Enigma_machine• http://en.wikipedia.org/wiki/Public-key_cryptography• http://www.usc.edu/dept/molecular-science/RSA-2003.htm• http://en.wikipedia.org/wiki/Leonhard_Euler• http://physicsworld.com/cws/article/news/47723• http://en.wikipedia.org/wiki/Credit_card