Public Key Cryptosystems and RSA

PUBLIC KEY
CRYPTOSYSTEMS
AND RSA
Christopher Theisen
http://theisencr.github.io/whitewater_pkc/

AGENDA
◦ Encryption
◦ Private Key Cryptosystems
◦ Public Key Cryptosystems
◦ Introduction to RSA
◦ Simple RSA Example
◦ Exercise: Key Generation and Message
◦ Attacks against RSA

ENCRYPTION
◦ Definition: “The process of converting
information or data into a code, with the
goal of preventing unauthorized access.”
◦ Important for protecting data you want to
keep private
◦ Credit cards, personal information, etc.

PRIVATE KEY CRYPTOSYSTEMS
◦ Use of a single, shared key that can
encrypt and decrypt information
◦ Messages are encrypted using the shared
key, then the encrypted message is sent to
the other party
◦ Use Case: sustained messages between
two known parties

PRIVATE KEY CRYPTOSYSTEMS
Public Key Cryptography | RSA | Example | Exercise | Attacks

PUBLIC KEY CRYPTOSYSTEMS
Distinguished from private key:
◦ Private Key: A secret, exclusive key for
encryption and decryption
◦ Public Key: Separate, public key for encryption
and decryption.
◦ Use Case: authentication step and exchange of
shared secret key for further communication

PUBLIC KEY CRYPTOSYSTEMS

PUBLIC KEY - CONFIDENTIALITY

PUBLIC KEY - AUTHENTICATION

PUBLIC KEY – CONFIDENTIALITY AND
AUTHENTICATION
Bob Private Key -> Alice Public Key -----> Alice Private Key -> Bob Public Key

RIVEST-SHAMIR-ADLEMAN (RSA)
◦ Developed by Ron Rivest, Adi Shamir, and
Leonard Adleman
◦ Based on the difficulty of factoring large
prime numbers
◦ Someone with the product of two primes
can encrypt, but only someone who knows
both primes can decrypt.

TRAPDOOR FUNCTION
◦ Easy to compute in one direction,
hard to compute in the other without
special information (the trapdoor)

RSA – KEY GENERATION
1. Pick two large primes, p and q
p = 11
q = 3
2. Calculate n = pq
n = 11 * 3
n = 33

3. Calculate λ(n) = (p-1)(q-1)
λ(n) = (11-1)(3-1)
λ(n) = 10*2
λ(n) = 20
4. Choose a small number e, coprime to λ(n)
e = 3
Alternate: Fix e first (e=3, e=17, e=65,537)

5. Find d, satisfying de mod λ(n) = 1
Isolating d:
d = (1 + x* λ(n)) / e, where x is any integer.
x = 0 => d = (1 + 0) / 3 (no)
x = 1 => d = (1 + 20) / 3 = 7 (yes!)
d = 7

p = 11
q = 3
n = 33
λ(n) = 20
e = 3
d = 7
Private Key = (n, d) (33, 7)
Public Key = (n, e) (33, 3)

RSA – MESSAGES
Private Key = <n, d> <33, 7>
Public Key = <n, e> <33, 3>
We want to send the integer “m” as a message.
Sending Messages:
Encryption: c = me mod n
Decryption: m = cd mod n

RSA – ENCRYPTION
Encryption: c = me mod n
m = 4
c = 43 mod 33
c = 64 mod 33
c = 31

RSA – DECRYPTION
Decryption: m = cd mod n
c = 31
m = 317 mod 33
m = 27,512,614,111 mod 33
m = 4

RSA - ALGORITHM
Key Generation
1. Pick two large primes, p and q
2. n = pq
3. λ(n) = (p-1)(q-1)
4. Choose a small number e, coprime to λ(n)
5. Find d, satisfying d*e mod λ(n) = 1
Public Key: <n, e> Encryption: c = me mod n
Secret Key: <n, d> Decryption: m = cd mod n

EXERCISE: RSA KEY SIZE
Links to tools for RSA Demo (work in pairs or more):
theisencr.github.io/whitewater_pkc/
Pink generates a public key – “Packed public key” field
Blue copies public key, unpacks, encodes message
“OpenPGP Multi Precision Integer (MPI) of Public Key
(base64)”
Pink copies encoded message, decrypts.
Spend time checking out performance of each step.

EXERCISE: ATTACKS
Imagine Eve wanted to intercept communications that
Bob (Blue) sends to Alice (Pink).
Open an additional Pink tab.
Experiment with “tricking” Bob (Blue) into
communicating with Eve (new Pink).
What’s the key step?

AUTHENTICATING PUBLIC KEYS
◦ You need to trust that Alice’s public key is *really* her
key!
◦ Three approaches:
▫ Certificate Authorities – central repository of
validated keys
▫ Web of Trust – get people to “vote” that your key
is accurate (Distributed Ledger)
▫ Meet in real life and exchange keys

ATTACKING RSA

ATTACKING RSA: FACTORING CHALLENGE
◦ Brute forcing RSA requires prime factorization
◦ Monetary reward for cracking large RSA values
◦ RSA-XXX: XXX = number of bits
◦ RSA-768: Factored in December 2009 – 2 ½ years
◦ “On a single core 2.2 GHz AMD Opteron processor
with 2 GB RAM, sieving would have taken about
fifteen hundred years”

ATTACKING RSA - RANDOMNESS
p = Randomly Chosen
q = Randomly Chosen
n = p and q
λ(n) = p and q
e = chosen from p, q
d = found from e, λ(n)

◦ “Random numbers” are actually pseudo-random
◦ Ways to generate “random” numbers
▫ Seed by time
▫ Seed by execution history - /dev/random
▫ Seed by atmospheric noise

◦ 2012 paper by Heninger et al. at USENIX
▫ “Mining your P’s and Q’s: Detection of
Widespread Weak Keys in Network Devices”
◦ Plain terms: if the P/Q of two keys are the same, you
can determine the other factor of both.
◦ How rare is this?

◦ If you use poor randomness, common factors
(somewhat) common!
◦ Heninger et al. harvested 5 million SSL keys
◦ Found high common factors in 0.5% of the keys
(25,000 keys)
◦ Result: can compute the private keys of those 25,000!

◦ /dev/urandom: supplies random bytes based on disk
activity, non-blocking
◦ Why would disk activity be not-so-random on devices
like these?

SUMMARY SLIDE
◦ Differences between Private and Public
Key Cryptosystems
◦ Introduction to RSA
◦ Walkthrough of RSA at scale
◦ Attacks against RSA

Class Materials:
theisencr.github.io/whitewater_pkc
theisen.cr@gmail.com
theisencr.github.io

Public Key Cryptosystems and RSA

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Public Key Cryptosystems and RSA

Ähnlich wie Public Key Cryptosystems and RSA (20)

Mehr von Chris Theisen

Mehr von Chris Theisen (8)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Public Key Cryptosystems and RSA

Hinweis der Redaktion