Transcript g - Chuck Easttom

Asymmetric Cryptography
Concepts and Concerns
•
•
•
•
•
•
•
•
•
•
About the Speaker
Chuck Easttom [email protected] www.ChuckEasttom.com
Certifications A+,Network+, iNet+, Server+, Linux+, MCP (Windows 2000 Pro,
VB 6 [Desktop and Distributed]), MCAD, MCSE, MCDBA, MCSA, MCT, MCTS
(Windows Server 2008, SQL Server 2008, Visual Studio 2010, Windows 7),
MCITP (Windows 7 and SQL Server 2008) CIW Security Analyst, CEH, CHFI, EC
Council Certified Security Analyst, EC Council Certified Instructor, CISSP, ISSAP,
and others.
Education: B.A. and M.Ed. from Southeastern Oklahoma State University.
Ph.D. in progress(A.B.D.) from Northcentral University.
Publications: 13 computer science books.
Worked as a subject matter expert for CompTIA in the creation of the
Security+, Server+, and Linux+ exams as well as revising the CTT+.
Created the advanced cryptography course for EC Council
Experience: many years in IT, 10+ years of teaching/training.
Creates study guides for Ucertify.com http://www.ucertify.com/blog/chuckeasttom.html , including their A+ study guide
Frequent expert witness in computer related computer cases
7 provisional patents
Prime Numbers
A prime number is any number whose factors
are 1 and itself. So 2, 3, 5, 7, 11, 13, 17, 23, etc.
are prime numbers. Prime numbers are used
in some public key cryptography algorithms
(which we will study in lesson 4) such as RSA.
Prime Number Theorem: If a random number
N is selected, the chance of it being prime is
approximately 1 / ln(N), where ln(N) denotes
the natural logarithm of N.
Co-Prime
Just as important as prime numbers
are in cryptography, co-prime
numbers are also important. A coprime is a number that has no
factors in common with another
number. For example 3 and 7 are
co-prime
Eulers Totient
This is actually a part of the RSA Algorithm
which we will study in lesson 4. The
number of positive integers less than or
equal to n that are coprime to n is called
the Euler’s Totient of n.
So for the number 6, 4 and 5 are coprime
with 6. Therefore Eulers Totient = 2
For a prime number p the Eulers totient is
always p-1.
Symbolized
Eulers Totient
Coprime numbers have interesting
relationships that are part of
algorithms like RSA. For example if
m and n are coprime then the
totient of m * the totient of n is
equal to the totient of (m*n). Put
more mathematically
If m and n are coprime then
(m) * (n) = (mn)
Modulus Operator
The modulus operator is simple, and
you will see it used in a number of
cryptography algorithms. Simply divide
A by N and return the remainder.
 So 5 mod 2 = 1
 So 12 mod 5 = 2
 Sometimes symbolized as % as in
5%2=1
Asymmetric Encryption
Asymmetric systems use key pairs which consist of a
public key and private key. The public key is made
public (for example, by publishing it in a directory)
and the private key is kept secret. So the
asymmetric cryptography does not involve
exchanging a secret key. The public key can be used
to encrypt messages and only the recipients private
key can decrypt them.
Advantages: Provides a secure way to communicate;
provides method of validation; non-repudiation
Disadvantages: Slower than Symmetric algorithms.
Algorithms
•
•
•
•
•
•
Diffie Hellman
MQV
ElGamal
RSA
DSA
Elliptic Curve
Diffie-Hellman
A cryptographic protocol that allows two parties to
establish a shared key over an insecure channel.
Developed by Whitfield Diffie and Martin Hellman
in 1976. An interesting twist is that the method
had actually been developed a few years earlier by
Malcolm J. Williamson of the British Intelligence
Service, but it was classified.
Diffie-Hellman
The system has two parameters called p and g. Parameter p is a prime
number and parameter g (usually called a generator) is an integer less than
p, with the following property: for every number n between 1 and p-1
inclusive, there is a power k of g such that n = gk mod p. Many cryptography
textbooks use the fictitious characters ‘alice’ and ‘bob’ to illustrate
cryptography and we will do that here as well:
1. Alice generates a random private value a and Bob generates a random
private value b. Both a and b are drawn from the set of integers
2. They derive their public values using parameters p and g and their private
values. Alice's public value is ga mod p and Bob's public value is gb mod p.
3. They exchange their public values.
4. Alice computes gab = (gb)a mod p, and Bob computes gba = (ga)b mod p.
5. Since gab = gba = k, Alice and Bob now have a shared secret key k.
RSA
The algorithm was publicly described in 1977 by
Ron Rivest, Adi Shamir, and Leonard Adleman at
MIT; the letters RSA are the initials of their
surnames. This is perhaps the most widely used
public key cryptography algorithm in existence
today.
It is based on some interesting relationships
with prime numbers. The security of RSA derives
from the fact that it is difficult to factor a large
integer composed of two or more large prime
factors.
RSA – How does it work
• Key generation
– Generate two large random primes, p and q, of approximately
equal size such that their product n = pq is of the required bit
length (such as 128 bits, 256 bits, etc.)
– Let n = pq
– Let m = (p-1)(q-1)
– Choose a small number e, co-prime to m (note: Two numbers are
co-prime if they have no common factors.)
– Find d, such that de % m = 1
– Publish e and n as the public key.
Keep d and n as the secret key.
RSA – How does it work
• Encrypt
– = Me % n
– Put another way
• Computes the ciphertext c = me mod n
• Decrypt
– P = Cd % n
– Put another way
• Uses his private key (d,n) to compute m = cd mod n.
RSA
Normally RSA would be done with very large integers. To make the math easy to
follow we will use small integers in this example. (note this example is from
Wikipedia):
 Choose two distinct prime numbers, such as p = 61 and q = 53.
 Compute n = pq giving n = 61 · 53 = 3233.
 Compute the totient of the product as φ(n) = (p − 1)(q − 1) giving φ(3233) =
(61 − 1)(53 − 1) = 3120.
 Choose any number 1 < e < 3120 that is coprime to 3120. Choosing a prime
number for e leaves us only to check that e is not a divisor of 3120. Let e = 17.
 Compute d, the modular multiplicative inverse of yielding d = 2753.
 The public key is (n = 3233, e = 17). For a padded plaintext message m, the
encryption function is m17 (mod 3233).
 The private key is (n = 3233, d = 2753). For an encrypted ciphertext c, the
decryption function is c2753 (mod 3233).
Is RSA Still Secure?
•
•
•
•
Heninger and Shacham
Zhao and Qi
Yeh, Huang, Lin, and Chang
Hinek
Heninger and Shacham
• Heninger and Shacham (2009) found that RSA
implementations that utilized a smaller
modulus were susceptible to cryptanalysis
attacks. \A smaller modulus can increase the
efficiency of an RSA implementation, but as
Heninger and Shacham (2009) showed, it may
also decrease the efficacy.
Heninger and Shacham
• Heninger and Shacham (2009) utilized the fact
of the smaller modulus to reduce the set of
possible factors, thus decreasing the time
needed to factor the public key of an RSA
implementation. It is in fact a common
practice to use a specific modulus e = 216 + 1=
65537 (Heninger & Shacham, 2009). If an RSA
Implementation is using this common value
for e, then factoring the public key is a much
simpler process
Zhao and Qi
• Zhao and Qi (2007) also utilized
implementations that have a smaller modulus
operator. The authors of this study also
applied modular arithmetic, a subset of
number theory, to analyzing weaknesses in
RSA. Many implementations of RSA use a
shorter modulus operator in order to make
the algorithm execute more quickly.
Resources
• Hinek, M. (2009). Cryptanalysis of RSA and its variants.
England: Chapman and Hall.
• Heninger, N., Shacham, H. (2009). Reconstructing RSA private
keys from random key bit. Advances in Cryptology Lecture
Notes in Computer Science, 1 (1). doi:10.1007/978-3-64203356-8_1.
• Yeh, Y., Huang, T., Lin, H., Chang, Y. (2009). A study on parallel
RSA factorization. Journal of Computers, 4 (2), 112-118.
doi:10.4304/jcp.4.2.112-118
• Zhao, Y., Qi, W. (2007). Small private-exponent attack on RSA
with primes sharing bits. Lecture Notes in Computer Science,
2007, 4779 (2007) 221-229. doi: 10.1007/978-3-540-754961_15
Elliptic Curve
This algorithm was first described in 1985 by Victor Miller
(IBM) and Neil Koblitz (University of Washington) .
The security of Elliptic Curve cryptography is based on the
fact that finding the discrete logarithm of a random elliptic
curve element with respect to a publicly-known base point
is difficult to the point of being impractical to do.
The size of the elliptic curve determines the difficulty of
the finding the algorithm, and thus the security of the
implementation. The level of security afforded by an RSAbased system with a large modulus can be achieved with a
much smaller elliptic curve group.
Elliptic Curve
The U.S. National Security Agency has endorsed
ECC by including schemes based on it in its Suite
B set of recommended algorithms and allows
their use for protecting information classified up
to top secret with 384-bit keys
Elliptic
Curve
It is based on equations of the form
y2 = x3 + Ax + B
along with a distinguished point at infinity,
denoted
An elliptic curve is the set of solutions to the
equation given above.
All the points which satisfy the equation plus a
point at infinity lies on the elliptic curve. The
public key is a point in the curve, obtained by
multiplying the private key with the generator
point (called G). The private key is a random
number.
Want to learn more?
• My Blog
• My website www.ChuckEasttom.com