Professional Documents
Culture Documents
1
2
CSc 466/566
Computer Security
3
4
5
collberg@gmail.com
c 2012 Christian Collberg
Copyright
Christian Collberg
6
1/83
Introduction
RSA
Algorithm
Example
Correctness
Security
GPG
Elgamal
Algorithm
Example
Correctness
Security
Diffie-Hellman Key Exchange
Diffie-Hellman Key Exchange
Example
Correctness
Security
Summary
Introduction
2/83
Public-key Algorithms
http://www.youtube.com/watch?v=mvOsb9vNIWM&feature=related
http://www.youtube.com/watch?v=BuUSi_QvFLY&feature=related
EPB (M) = C
http://www.youtube.com/watch?v=nULAC_g22So http://www.youtube.com/watch?v=nJB7a79ahGM
DSB (C ) = M
DSB (EPB (M)) = M
Introduction
3/83
Introduction
4/83
Bob
Alice
Bob sends Alice his public key, or Alice gets it from a public
database.
Alice encrypts her plaintext using Bobs public key and sends
it to Bob.
Introduction
PB
5/83
Alice
SA , PA
PA , PC
PA , PB
PB , PC PA , PD
Carol
SC , PC
Eve
decrypt
plaintext
SB
Introduction
6/83
Bob
SB , PB
PB , PD
1
Bob decrypts the message using his private key to get the
session key K .
SD , PD
ciphertext
A Hybrid Protocol
Dave
PC , PD
encrypt
7/83
Introduction
8/83
Outline
1
2
Bob
Alice
3
4
encrypt
EPB (K )
PB
decrypt
SB
5
encrypt
K
EK (M)
decrypt
K
6
Introduction
9/83
RSA
Introduction
RSA
Algorithm
Example
Correctness
Security
GPG
Elgamal
Algorithm
Example
Correctness
Security
Diffie-Hellman Key Exchange
Diffie-Hellman Key Exchange
Example
Correctness
Security
Summary
RSA
10/83
RSA: Algorithm
RSA
11/83
RSA
Compute M = C d mod n.
12/83
Compute n = pq = 3337.
Select e = 79.
Compute
= 1019
RSA
13/83
RSA
14/83
Encrypt M = 6882326879666683.
Break up M into 3-digit blocks:
m = h688, 232, 687, 966, 668, 003i
= e 1 mod (n)
c1 = m1e mod n
= 688
RSA
15/83
RSA
16/83
or
(16385, n)
as his RSA public key if he wants people to encrypt messages
for him from their cell phones.
As usual, n = pq, for two large primes, p and q.
What is the justification for Alices advice?
RSA
17/83
RSA
18/83
RSA Correctness
We have
C
= M e mod n
M = C d mod n.
1
Encrypt M = 88.
RSA
19/83
RSA
20/83
= e 1 mod (n)
ed mod (n) = 1
ed
Theorem (Euler)
= k(n) + 1
21/83
RSA
22/83
M k(n) = 1 + hq
Multiply both sides by M
M M k(n) = M(1 + hq)
M k(n)+1 = M + Mhq
RSA
23/83
RSA
24/83
RSA Security
C mod n = M
= M
ed
Summary:
Compute n = pq, p and q prime.
Select a small odd integer e relatively prime with (n).
Compute (n) = (p 1)(q 1).
4 Compute d = e 1 mod (n).
5 PB = (e, n) is Bobs RSA public key.
6 SB = (d, n) is Bob RSA private key.
mod n
k(n)+1
1
2
3
mod n
= (M + Mhq) mod n
= (M + (ip)hq) mod n
= (M + (ih)pq) mod n
= (M + (ih)n) mod n
If she can compute d from e and n, she has Bobs private key.
= M mod n
= M
RSA
25/83
RSA
26/83
RSA Security. . .
RSA
27/83
RSA
28/83
Name :
RSA576
Digits :
174
188198812 92 0 60 7 96 3 83 8 69 7 23 9 46 1 65 0 43 9 8 07 1 63 5 63 3 79 4 17 3 82 7 00 7 63 3 56 4 22
988859715 23 4 66 5 48 5 31 9 06 0 60 6 50 4 74 3 04 5 3 17 3 88 0 11 3 03 3 96 7 16 1 99 6 92 3 21 2 05
7340318795 50 6 56 9 96 22 1 30 5 16 87 5 93 0 76 5 02 57 0 59
1900871281 66 4 82 2 11 3 12 6 85 15 7 39 3 54 1 39 7 54 7 18 9 67 8 99 68
5154936666 38 5 39 0 88 0 27 10 3 80 2 10 4 49 8 95 7 19 1 26 14 6 55 7 1
47277214610 7 43 5 30 2 53 6 22 30 7 19 7 30 4 82 24 6 32 9 14 6 95
30209711645 9 85 2 17 11 3 05 2 07 11 2 56 3 63 5 90 39 7 52 7
RSA
RSA
Name :
RSA1536
Digits :
463
184769970 32 1 17 4 14 7 43 0 68 3 56 2 0 20 0 16 4 40 3 01 8 54 9 33 8 66 3 4 1 0 1 71 4 71 7 85 7 74 9 10 6 5 1
696711161 24 9 85 9 33 7 68 4 30 5 43 5 7 44 5 85 6 16 0 61 5 44 5 71 7 94 0 5 2 2 2 97 1 77 3 25 2 46 6 09 6 0 6
469460712 49 6 23 7 20 4 42 0 22 2 69 7 5 67 5 66 8 73 7 84 2 75 6 23 8 95 0 8 7 6 4 67 8 44 0 93 3 28 5 15 7 4 9
657884341 50 8 84 7 55 2 82 9 81 8 67 2 6 45 1 33 9 86 3 36 4 93 1 90 8 08 4 6 7 1 9 90 4 31 8 74 3 81 2 83 3 6 3
502795470 28 2 65 3 29 7 80 2 93 4 91 6 1 55 8 11 8 81 0 49 8 44 9 08 3 19 5 4 5 0 0 98 4 83 9 37 7 52 2 72 5 7 0
525785919 44 9 93 8 70 0 73 6 95 7 55 6 8 84 3 69 3 38 1 27 7 96 1 30 8 92 3 0 3 9 2 56 9 69 5 25 3 26 1 62 0 8 2
3676490316 03 6 55 1 37 14 4 79 1 39 3 23 47 1 69 5 66 9 88 06 9
Name :
RSA768
Digits :
232
123018668 45 3 01 1 77 5 51 3 04 9 49 5 8 38 4 96 2 72 0 77 2 85 3 56 9 59 5 33 4 7 92 1 97 3 22 4 52 1 51 7 2
640050726 36 5 75 1 87 4 52 0 21 9 97 8 6 46 9 38 9 95 6 47 4 94 2 77 4 06 3 84 5 9 25 1 92 5 57 3 26 3 03 4 5
373154826 85 0 79 1 70 2 61 2 21 4 29 1 3 46 1 67 0 42 9 21 4 31 1 60 2 22 1 2 4 0 4 79 2 74 7 37 7 94 0 80 6 6 5
351419597459 85 69 0 21 43 41 3
Name :
RSA2048
Digits :
617
251959084 75 6 57 8 93 4 94 0 27 1 83 2 4 00 4 83 9 85 7 14 2 92 8 21 2 62 0 4 0 3 2 02 7 77 7 13 7 83 6 04 3 6 6
202070759 55 5 62 6 40 1 85 2 58 8 07 8 4 40 6 91 8 29 0 64 1 24 9 51 5 08 2 1 8 9 2 98 5 59 1 49 1 76 1 84 5 0 2
808489120 07 2 84 4 99 2 68 7 39 2 80 7 2 87 7 76 7 35 9 71 4 18 3 47 2 70 2 6 1 8 9 63 7 50 1 49 7 18 2 46 9 1 1
650776133 79 8 59 0 95 7 00 0 97 3 30 4 5 97 4 88 0 84 2 84 0 17 9 74 2 91 0 0 6 4 2 45 8 69 1 81 7 19 5 11 8 7 4
612151517 26 5 46 3 22 8 22 1 68 6 99 8 7 54 9 18 2 42 2 43 3 63 7 25 9 08 5 1 4 1 8 65 4 62 0 43 5 76 7 98 4 2 3
387184774 44 7 92 0 73 9 93 4 23 6 58 4 8 23 8 24 2 81 1 98 1 63 8 15 0 10 6 7 4 8 1 04 5 16 6 03 7 73 0 60 5 6 2
016196762 56 1 33 8 44 1 43 6 03 8 33 9 0 44 1 49 5 26 3 44 3 21 9 01 1 46 5 7 5 4 4 45 4 17 8 42 4 02 0 92 4 6 1
651572335 07 7 87 0 77 4 98 1 71 2 57 7 2 46 7 96 2 92 6 38 6 35 6 37 3 28 9 9 1 2 1 54 8 31 4 38 1 67 8 99 8 8 5
0404453640 2 35 2 73 8 19 5 13 7 86 3 65 6 43 9 12 1 20 1 03 9 71 2 28 2 21 2 0 7 2 03 5 7
Name :
RSA896
Digits :
270
412023436 98 6 65 9 54 3 85 5 53 1 36 5 3 32 5 75 9 48 1 79 8 11 6 99 8 44 3 2 7 9 8 28 4 54 5 56 2 64 3 38 7 6 4
455652484 26 1 98 0 98 8 70 4 23 1 61 8 4 18 7 92 6 14 2 02 4 71 8 88 6 94 9 2 5 6 0 93 1 77 6 37 5 03 3 42 1 1 3
098239748 51 5 09 4 49 0 91 0 69 1 02 6 9 86 1 03 1 86 2 70 4 11 4 88 0 86 6 9 7 0 5 64 9 02 9 03 6 53 6 58 8 6 7
4337317208 1 31 0 41 0 51 9 08 6 4 25 4 79 3 28 2 60 1 39 1 25 7 62 4 03 3 94 6 37 3 26 9 39 1
Name :
RSA1024
Digits :
309
135066410 86 5 99 5 22 3 34 9 60 3 21 6 2 78 8 05 9 69 9 38 8 81 4 75 6 05 6 6 7 0 2 75 2 44 8 51 4 38 5 15 2 6 5
106048595 33 8 33 9 40 2 87 1 50 5 71 9 0 94 4 17 9 82 0 72 8 21 6 44 7 15 5 1 3 7 3 68 0 41 9 70 3 96 4 19 1 7 4
304649658 92 7 42 5 62 3 93 4 10 2 08 6 4 38 3 20 2 11 0 37 2 95 8 72 5 76 2 3 5 8 5 09 6 43 1 10 5 64 0 73 5 0 1
508187510 67 6 59 4 62 9 20 5 56 3 68 5 5 29 4 75 2 13 5 00 8 52 8 79 4 16 3 7 7 3 2 85 3 39 0 61 0 97 5 05 4 4 3
34999811150 05 69 7 72 36 8 90 92 75 6 3
RSA
30/83
Name :
RSA704
Digits :
212
740375634 79 5 61 7 12 8 28 0 46 7 96 0 97 4 29 5 7 31 4 25 9 31 8 88 8 92 3 12 8 90 8 49 3 62 3 2 63 8 97
276503402 82 6 62 7 68 9 19 9 64 1 96 2 51 1 78 4 3 99 5 89 4 33 0 50 2 12 7 58 5 37 0 11 8 96 8 0 98 2 86
733173273 10 8 93 0 90 0 5 52 5 05 1 16 8 77 0 6 32 9 90 7 23 9 63 8 07 8 6 71 0 08 6 09 6 96 2 5 37 9 34 6 50 5 63 7 96 3 5 9
1634733645 80 9 25 3 84 8 44 3 13 3 88 3 86 50 9 08 5 98 4 17 8 36 7 00 3 30
9231218111 08 5 23 8 93 3 31 00 1 04 5 08 1 51 2 12 11 8 16 7 51 1 57 9
39807508642 4 06 4 93 7 39 7 12 55 0 05 5 03 8 64 91 1 99 0 64 3 62
34252670840 6 38 5 18 95 7 59 4 63 88 9 57 2 61 7 68 58 3 31 7
Name :
RSA640
Digits :
193
310741824 04 9 00 4 37 2 13 5 07 5 00 3 58 8 85 6 79 3 0 03 7 34 6 02 2 84 2 72 7 54 5 72 0 16 1 94 8 82
320644051 80 8 15 0 45 5 63 4 68 2 96 7 17 2 32 8 67 8 2 43 7 91 6 27 2 83 8 03 3 41 5 47 1 07 3 10 8 50
1919548529 0 07 3 37 7 2 48 2 27 8 35 2 57 4 23 8 64 5 40 1 46 9 17 3 66 0 24 7 76 5 23 4 66 0 9
http://www.rsa.com/rsalabs/node.asp?id=2093
31/83
RSA
32/83
Outline
1
2
6
RSA
33/83
Software GPG
Introduction
RSA
Algorithm
Example
Correctness
Security
GPG
Elgamal
Algorithm
Example
Correctness
Security
Diffie-Hellman Key Exchange
Diffie-Hellman Key Exchange
Example
Correctness
Security
Summary
GPG
34/83
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192,
AES256, TWOFISH, CAMELLIA128,
CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384,
SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
http://www.gnupg.org
GPG
35/83
GPG
36/83
37/83
Encryption
GPG
38/83
Decryption
Bobby can now decrypt the message using his private key:
> gpg --decrypt message.asc
You need a passphrase to unlock the secret key for
user: "Bobby (recipient) <bobby@gmail.com>"
2048-bit RSA key, ID D95291EF, created 2012-02-12
(main key ID 9974031B)
hQEMA97v9lbZUpHvAQf/a9QklXMiMzBWy5yyZBtNrg7FcrIqx+gXVVUXNN86tZtE
RF42elwU6QwamDzfcOHqp+3zeor4Y5xN+/pL91xti6uwFOhgGrCGJq//AfUKgQyk
MH2e4gR8Y1BuPm9b1c7uzXxRMMOUBBt75KquYGOBLybsP29ttD9iL/ZJl1zSPjSj
El7O0Gp7PqEBotStVOtuknYW/fX0zXndU8XNllKnsnZn21Xm0rMQcFMu8Do/tF5I
lRfTEcL4S9tV4vshgXhNSpTg9sZs1UZynvU2cJqyYkCtgT7TdtrK3fTa8UN+CYQv
U2QRnaNtFhYwBMonFqhefNzDqeZb+P0RqOuoDllYuNJRAViJ3CLjT7kwgBgRtNfY
RkGArQQmgrknW2jq/Y2GZTE8CC7pNXY8U3KYMl9hRA6U5fMp08ndFp8vowBbB2sw
zjxjSY7ZeIR2uwxdLYydtW4m
=B+JA
-----END PGP MESSAGE----GPG
39/83
GPG
40/83
The keyring
The keyring. . .
pub
uid
sub
sec
uid
ssb
2048R/4EC8A0CB 2012-02-12
Alice (sender) <alice@gmail.com>
2048R/B901E082 2012-02-12
GPG
41/83
2048R/4EC8A0CB 2012-02-12
Alice (sender) <alice@gmail.com>
2048R/B901E082 2012-02-12
GPG
42/83
Alice can now decrypt the message and check the signature:
GPG
hQEMA7osp1S5AeCCAQgAsSqSs+Urf0f3KHTtP7cqTwugpcJ9oUAGkw/KQ0DHIE0v
................................................................
8XEAaCwZ8aZK1lXhqBSd/9hCm9Mup2NECihO8crVyff7NTWFyaTBeGAm10q3y46o
QpIgPbcdYZqIt8e/8wPU6xlMZUStzxBKLB+Rj/Zg35ZVioYL
=oiv8
-----END PGP MESSAGE-----
GPG
44/83
Deleting Keys
jA0EBwMCgZ3PBfSZxJlg0ksBBooTMLEVQ2q9HkTR5y9FIoX9nbsyohrOXeQLFlcf
wtWcg+dZvlMS6D7OE3wZCeW2LX50kYcU17MUc8wnJLDAzAdRqPAgDma+sP4=
=UtI4
-----END PGP MESSAGE-----
45/83
Generating Primes
GPG
46/83
GPG
47/83
GPG
48/83
GPG
http://www.schneier.com/paper-attacktrees-fig7.html
49/83
GPG
50/83
Convince sender that fake key (with known private key) is the
key of the intended recipient
2 Convince sender to encrypt with more than one keythe real
key of the recipient and a key whose private key is known.
3 Have the message encrypted with a different public key in the
background, unbeknownst to the sender.
1
2
3
4
GPG
51/83
GPG
GPG
53/83
GPG
54/83
55/83
GPG
56/83
Outline
1
2
3
4
Elgamal
Introduction
RSA
Algorithm
Example
Correctness
Security
GPG
Elgamal
Algorithm
Example
Correctness
Security
Diffie-Hellman Key Exchange
Diffie-Hellman Key Exchange
Example
Correctness
Security
Summary
Elgamal
57/83
Elgamal: Algorithm
Elgamal
58/83
a
b
=
=
M = b (ax )1 mod p
g k mod p
My k mod p
= b ap1x mod p
Elgamal
60/83
Compute
y = g x mod p = 27 mod 13 = 11.
g (p1)/pi mod p 6= 1
If g is not a generator, then one of these powers will 6= 1.
Elgamal
61/83
Elgamal
a2
1
4
9
3
12
10
10
12
3
9
4
1
a3
1
8
1
12
8
8
5
5
1
12
5
12
a4
1
3
3
9
1
9
9
1
9
3
3
1
a5
1
6
9
10
5
2
11
8
3
4
7
12
a6
1
12
1
1
12
12
12
12
1
1
12
1
a7
1
11
3
4
8
7
6
5
9
10
2
12
Elgamal
62/83
a8
1
9
9
3
1
3
3
1
3
9
9
1
a9
1
5
1
12
5
5
8
8
1
12
8
12
a10
1
10
3
9
12
4
4
12
9
3
10
1
a11
1
7
9
10
8
11
2
5
3
4
6
12
a12
1
1
1
1
1
1
1
1
1
1
1
1
1
2
=
=
g k mod p = 25 mod 13 = 6
My k mod p = 3 115 mod 13 = 8
63/83
Elgamal
64/83
In-Class Exercise
M = b (ax )1 mod p
y = g x mod p = 29 mod 13 = 5
= b ap1x mod p
= 8 61317 mod 13
= 8 65 mod 13
= 3
Elgamal
65/83
Elgamal Correctness
Elgamal
66/83
Elgamal Security
= g x mod p
We get
= M
67/83
Elgamal
68/83
Outline
1
2
3
4
Key Exchange
Introduction
RSA
Algorithm
Example
Correctness
Security
GPG
Elgamal
Algorithm
Example
Correctness
Security
Diffie-Hellman Key Exchange
Diffie-Hellman Key Exchange
Example
Correctness
Security
Summary
69/83
Diffie-Hellman: Algorithm
1
Send X to Bob.
4
5
71/83
Alice :
1
70/83
Bob :
1
2
Send Y to Alice
72/83
Example
In-Class Exercise
Let p = 19.
Let g = 10.
Pick a random x = 3.
2 Compute X = g x mod p = 23 mod 13 = 8.
1
4
Bob :
1
2
Pick a random y = 7.
Compute Y = g y mod p = 27 mod 13 = 11.
Alice computes: K1 =
Bob computes: K2 =
K1 = K2 = 5.
Yx
Xy
mod p =
mod p =
113
87
mod 13 = 5.
Compute K1 .
Compute K2 .
mod 13 = 5.
73/83
Diffie-Hellman Correctness
74/83
Diffie-Hellman Correctness. . .
Alice has
K1 = Y x mod p
X
= (g y )x mod p
= g x mod p
= (g x )y mod p
K1 = Y x mod p.
= X y mod p
Bob has
= g y mod p
K2 = X y mod p
K2 = X y mod p.
= (g x )y mod p
= X y mod p
K1 = K2 .
75/83
76/83
Diffie-Hellman Security
Alice :
1
Eve :
Intercept X = g x mod p from Alice.
Pick a number t in Zp .
3 Send T = g t mod p to Bob.
1
2
Given
p, X = g x , Y = g y
Bob :
1
computing
K = g xy mod p
Eve :
Intercept Y = g y mod p from Bob.
Pick a number s in Zp .
3 Send S = g s mod p to Alice.
1
2
is thought to be hard.
77/83
78/83
7
8
2
3
Compute K1 = g xS mod p
Compute K2 = g yT mod p
9
10
79/83
80/83
Outline
1
2
3
4
Introduction
RSA
Algorithm
Example
Correctness
Security
GPG
Elgamal
Algorithm
Example
Correctness
Security
Diffie-Hellman Key Exchange
Diffie-Hellman Key Exchange
Example
Correctness
Security
Summary
Summary
81/83
Acknowledgments
Additional material and exercises have also been collected from
these sources:
Summary
http://homes.cerias.purdue.edu/~crisn/courses/cs355_Fall_2008/lect18.pdf
83/83
Summary
82/83