2. AGENDA
◦ Encryption
◦ Private Key Cryptosystems
◦ Public Key Cryptosystems
◦ Introduction to RSA
◦ Simple RSA Example
◦ Exercise: Key Generation and Message
◦ Attacks against RSA
3. ENCRYPTION
◦ Definition: “The process of converting
information or data into a code, with the
goal of preventing unauthorized access.”
◦ Important for protecting data you want to
keep private
◦ Credit cards, personal information, etc.
4. PRIVATE KEY CRYPTOSYSTEMS
◦ Use of a single, shared key that can
encrypt and decrypt information
◦ Messages are encrypted using the shared
key, then the encrypted message is sent to
the other party
◦ Use Case: sustained messages between
two known parties
6. PUBLIC KEY CRYPTOSYSTEMS
Public Key Cryptography | RSA | Example | Exercise | Attacks
Distinguished from private key:
◦ Private Key: A secret, exclusive key for
encryption and decryption
◦ Public Key: Separate, public key for encryption
and decryption.
◦ Use Case: authentication step and exchange of
shared secret key for further communication
8. PUBLIC KEY - CONFIDENTIALITY
Public Key Cryptography | RSA | Example | Exercise | Attacks
9. PUBLIC KEY - AUTHENTICATION
Public Key Cryptography | RSA | Example | Exercise | Attacks
10. PUBLIC KEY – CONFIDENTIALITY AND
AUTHENTICATION
Public Key Cryptography | RSA | Example | Exercise | Attacks
Bob Private Key -> Alice Public Key -----> Alice Private Key -> Bob Public Key
11. RIVEST-SHAMIR-ADLEMAN (RSA)
◦ Developed by Ron Rivest, Adi Shamir, and
Leonard Adleman
◦ Based on the difficulty of factoring large
prime numbers
◦ Someone with the product of two primes
can encrypt, but only someone who knows
both primes can decrypt.
Public Key Cryptography | RSA | Example | Exercise | Attacks
12. TRAPDOOR FUNCTION
◦ Easy to compute in one direction,
hard to compute in the other without
special information (the trapdoor)
Public Key Cryptography | RSA | Example | Exercise | Attacks
13. RSA – KEY GENERATION
1. Pick two large primes, p and q
p = 11
q = 3
2. Calculate n = pq
n = 11 * 3
n = 33
Public Key Cryptography | RSA | Example | Exercise | Attacks
14. RSA – KEY GENERATION
3. Calculate λ(n) = (p-1)(q-1)
λ(n) = (11-1)(3-1)
λ(n) = 10*2
λ(n) = 20
4. Choose a small number e, coprime to λ(n)
e = 3
Alternate: Fix e first (e=3, e=17, e=65,537)
Public Key Cryptography | RSA | Example | Exercise | Attacks
15. RSA – KEY GENERATION
5. Find d, satisfying de mod λ(n) = 1
Isolating d:
d = (1 + x* λ(n)) / e, where x is any integer.
x = 0 => d = (1 + 0) / 3 (no)
x = 1 => d = (1 + 20) / 3 = 7 (yes!)
d = 7
Public Key Cryptography | RSA | Example | Exercise | Attacks
16. RSA – KEY GENERATION
p = 11
q = 3
n = 33
λ(n) = 20
e = 3
d = 7
Private Key = (n, d) (33, 7)
Public Key = (n, e) (33, 3)
Public Key Cryptography | RSA | Example | Exercise | Attacks
17. RSA – MESSAGES
Private Key = <n, d> <33, 7>
Public Key = <n, e> <33, 3>
We want to send the integer “m” as a message.
Sending Messages:
Encryption: c = me mod n
Decryption: m = cd mod n
Public Key Cryptography | RSA | Example | Exercise | Attacks
18. RSA – ENCRYPTION
Private Key = <n, d> <33, 7>
Public Key = <n, e> <33, 3>
Encryption: c = me mod n
m = 4
c = 43 mod 33
c = 64 mod 33
c = 31
Public Key Cryptography | RSA | Example | Exercise | Attacks
19. RSA – DECRYPTION
Private Key = <n, d> <33, 7>
Public Key = <n, e> <33, 3>
Decryption: m = cd mod n
c = 31
m = 317 mod 33
m = 27,512,614,111 mod 33
m = 4
Public Key Cryptography | RSA | Example | Exercise | Attacks
20. RSA - ALGORITHM
Key Generation
1. Pick two large primes, p and q
2. n = pq
3. λ(n) = (p-1)(q-1)
4. Choose a small number e, coprime to λ(n)
5. Find d, satisfying d*e mod λ(n) = 1
Public Key: <n, e> Encryption: c = me mod n
Secret Key: <n, d> Decryption: m = cd mod n
Public Key Cryptography | RSA | Example | Exercise | Attacks
21. EXERCISE: RSA KEY SIZE
Links to tools for RSA Demo (work in pairs or more):
theisencr.github.io/whitewater_pkc/
Pink generates a public key – “Packed public key” field
Blue copies public key, unpacks, encodes message
“OpenPGP Multi Precision Integer (MPI) of Public Key
(base64)”
Pink copies encoded message, decrypts.
Spend time checking out performance of each step.
Public Key Cryptography | RSA | Example | Exercise | Attacks
22. EXERCISE: ATTACKS
Imagine Eve wanted to intercept communications that
Bob (Blue) sends to Alice (Pink).
Open an additional Pink tab.
Experiment with “tricking” Bob (Blue) into
communicating with Eve (new Pink).
What’s the key step?
Public Key Cryptography | RSA | Example | Exercise | Attacks
23. AUTHENTICATING PUBLIC KEYS
◦ You need to trust that Alice’s public key is *really* her
key!
◦ Three approaches:
▫ Certificate Authorities – central repository of
validated keys
▫ Web of Trust – get people to “vote” that your key
is accurate (Distributed Ledger)
▫ Meet in real life and exchange keys
Public Key Cryptography | RSA | Example | Exercise | Attacks
25. ATTACKING RSA: FACTORING CHALLENGE
◦ Brute forcing RSA requires prime factorization
◦ Monetary reward for cracking large RSA values
◦ RSA-XXX: XXX = number of bits
◦ RSA-768: Factored in December 2009 – 2 ½ years
◦ “On a single core 2.2 GHz AMD Opteron processor
with 2 GB RAM, sieving would have taken about
fifteen hundred years”
Public Key Cryptography | RSA | Example | Exercise | Attacks
26. ATTACKING RSA - RANDOMNESS
p = Randomly Chosen
q = Randomly Chosen
n = p and q
λ(n) = p and q
e = chosen from p, q
d = found from e, λ(n)
Public Key Cryptography | RSA | Example | Exercise | Attacks
27. ATTACKING RSA - RANDOMNESS
◦ “Random numbers” are actually pseudo-random
◦ Ways to generate “random” numbers
▫ Seed by time
▫ Seed by execution history - /dev/random
▫ Seed by atmospheric noise
Public Key Cryptography | RSA | Example | Exercise | Attacks
29. ATTACKING RSA - RANDOMNESS
◦ 2012 paper by Heninger et al. at USENIX
▫ “Mining your P’s and Q’s: Detection of
Widespread Weak Keys in Network Devices”
◦ Plain terms: if the P/Q of two keys are the same, you
can determine the other factor of both.
◦ How rare is this?
Public Key Cryptography | RSA | Example | Exercise | Attacks
30. ATTACKING RSA - RANDOMNESS
◦ If you use poor randomness, common factors
(somewhat) common!
◦ Heninger et al. harvested 5 million SSL keys
◦ Found high common factors in 0.5% of the keys
(25,000 keys)
◦ Result: can compute the private keys of those 25,000!
Public Key Cryptography | RSA | Example | Exercise | Attacks
31. ATTACKING RSA - RANDOMNESS
◦ /dev/urandom: supplies random bytes based on disk
activity, non-blocking
◦ Why would disk activity be not-so-random on devices
like these?
Public Key Cryptography | RSA | Example | Exercise | Attacks
32. SUMMARY SLIDE
Public Key Cryptography | RSA | Example | Exercise | Attacks
◦ Differences between Private and Public
Key Cryptosystems
◦ Introduction to RSA
◦ Walkthrough of RSA at scale
◦ Attacks against RSA