Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • CSCI 620 Lecture5

    Enviado por

    Pruthvi Royal
    26 visualizações14 páginas

    Título original

    CSCI_620_lecture5.ppt

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    PPT, PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PPT, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    26 visualizações14 páginas

    CSCI 620 Lecture5

    Enviado por

    Pruthvi Royal

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PPT, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 14

    Operating System

    Security
    CSCI-620: M02
    Instructor: Qian Wang
    Lecture 5: 10/7/2016
    Email: qwang23@nyit.edu
    Cryptography Public Key
    Cryptography

    Based on slides by Professor Nitesh Saxena


    Textbook RSA: KeyGen
    Alice wants people to be able to send her encrypted
    messages.
    She chooses two (large) prime numbers, p and q and
    computes n=pq and (n) . [large = 1024 bits +]
    She chooses a number e such that e is relatively (n)
    prime to Z the
    and computes d,
    (n )
    inverse of e in (n)
    , i.e., ed =1 mod

    She publicizes the pair (e,n) as her public key. (e is


    called RSA exponent,
    (n) n is called RSA modulus). She
    keeps d secret and destroys p, q, and

    Plaintext and ciphertext messages are elements of


    Zn and e is the encryption key.

    2
    RSA: Encryption
    Bob wants to send a message x (an
    element of Zn*) to Alice.
    He looks up her encryption key, (e,n),
    in a directory.
    The encrypted message is
    y E ( x) x e mod n

    Bob sends y to Alice.


    3
    RSA: Decryption
    To decrypt the message

    y E ( x) x mod n
    e

    shes received from Bob, Alice computes

    D( y ) y mod n
    d

    Claim: D(y) = x

    4
    RSA: why does it all work
    Need to show
    D[E[x]] = x
    E[x] and D[y] can be computed efficiently if
    keys are known
    E-1[y] cannot be computed efficiently without
    knowledge of the (private) decryption key d.
    Also, it should be possible to select keys
    reasonably efficiently
    This does not have to be done too often, so
    efficiency requirements are less stringent.

    5
    E and D are Inverses
    D( y ) y mod n d

    ( x e mod n) d mod n
    ( x ) mod n
    e d

    x ed mod n
    t ( n ) 1
    x mod n Becauseed 1 mod ( n)
    (n) t
    (x ) x mod n
    1 x mod n x mod n
    t
    From Eulers Theorem

    6
    Tiny RSA example.
    Let p = 7, q = 11. Then n = 77 and
    (n) 60

    Choose e = 13. Then d = 13-1 mod 60


    = 37.
    Let message = 2.
    E(2) = 213 mod 77 = 30.
    D(30) = 3037 mod 77=2

    7
    Slightly Larger RSA
    example.
    Let p = 47, q = 71. Then n = 3337 and
    ( pq ) 46 * 70 3220
    Choose e = 79. Then d = 79-1 mod 3220 =
    1019.
    Let message = 688232 Break it into 3
    digit blocks to encrypt.
    E(688) = 68879 mod 3337 = 1570.
    E(232) = 23279 mod 3337 = 2756
    D(1570) = 15701019 mod 3337 = 688.
    D(2756) = 27561019 mod 3337 = 232.
    8
    Security of RSA: RSA
    assumption
    Suppose Oscar intercepts the encrypted
    message y that Bob has sent to Alice.
    Oscar can look up (e,n) in the public
    directory (just as Bob did when he
    encrypted the message)
    If Oscar can compute d = e-1 mod
    (n)
    then he can use
    ) yplaintext
    D( ythe
    to recover
    d
    mod n x.
    x
    If Oscar can compute , he can
    compute d (the same (nway
    ) Alice did).
    9
    Security of RSA: factoring
    Oscar knows that n is the product of two
    primes
    If he can factor n, he can compute
    (n)
    But factoring large numbers is very difficult:
    Grade school method takes divisions.
    Prohibitive for large n, suchOas
    ( 160
    n ) bits
    Better factorization algorithms exist, but they
    are still too slow for large n
    Lower bound for factorization is an open
    problem

    10
    How big should n be?
    Today we need n to be at least 1024-
    bits
    This is equivalent to security provided by
    80-bit long keys in private-key crypto
    No other attack on RSA known
    Except some side channel attacks, based
    on timing, power analysis, etc. But, these
    exploit certain physical charactesistics, not
    a theoretical weakness in the
    cryptosystem!
    11
    Key selection
    To select keys we need efficient
    algorithms to
    Select large primes
    Primes are dense so choose randomly.
    Probabilistic primality testing methods
    known. Work in logarithmic time.
    Compute multiplicative inverses
    Extended Euclidean algorithm

    12
    Operation
    The RSA algorithm involves four steps:
    key generation, key distribution,
    encryption and decryption.
    RSA involves a public key and a private
    key. The public key can be known by
    everyone and is used for encrypting
    messages. The intention is that
    messages encrypted with the public key
    can only be decrypted in a reasonable
    amount of time using the private key.
    13
    RSA in Practice
    In practice, we use a randomized
    version of RSA, called RSA-OAEP
    Use PKCS#1 standard for RSA encryption
    https://www.emc.com/collateral/white-
    papers/h11300-pkcs-1v2-2-rsa-
    cryptography-standard-wp.pdf
    Interested in details of OAEP: refer to
    (section 3.1 of)
    http://isis.poly.edu/courses/cs6903/Lectures/lecture13.pdf

    14

    Você também pode gostar