Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Chapter Five : Public key Cipher Systems ---------------------------------------------------------------------- 1 5.1 INTRODUCTION In the real world , key management is the hardest part of cryptology .Cryptanalysts often attack cipher system through their key management .One of the problems facing symmetric cipher systems is key distribution Keys must be distributed in secret , since knowledge of the key gives knowledge of the massage .From the other side, keys are shared by pairs , and could work well in small networks , but raised tremendously as network grows up , since every pair of users must exchange keys . The total numbers of key exchanges required in n-person network is n(n-1)/2 .In six person network , 15 key exchange are required , in 1000 – person network ,nearly 500,000 key exchanges are requied . Public key system are invented to over come the problems of key distribution faced by symmetric (one - key) cipher systems .We summarize the mentioned problems as follows : First key must be distributed in secret . Second : If key is compromised , then stranger can share the system as member . Third : number of key increases rapidly as users increased . Public key cryptography based on one-way hash function (trap-door function),that is depend on two keys public key used for encryption process and it is available for every one in the network, the second key is the secret key which is used for decryption processes , and every person in the network has his own secret keys .In another meaning users have their own secret keys and share others with public keys .Since public key is known for every one , then A can communicate with B as follows : Chapter Five : Public key Cipher Systems ---------------------------------------------------------------------- 2 A gets public key of B from database. A encrypt his message using B public key and send it . B decrypt the message using his own secret key . 5.2 ONE-WAY HAASAH FUNCTION: The notion of one- way function is central to public key cryptography .One way function are easy to compute , but it is significantly hard (computationally) to reverse. That is given x , it is easy to compute f(x) , but given f(x), it is hard to compute x .Breaking plate is a good example of a one-way hash function , it is easy to smash a plate into thousands of tiny pieces back together into a plate . One-way functions are not useful in public key cryptography, in public key. We need a special type of one –way function, that is trap-door one-way function, which has a secret door (secret key) used to reverse the other direction .i.e giving f(x) and some secret Value we can deduce. 5.3 PUBLIC KEY CRY TOGRAPHY: The concept of public key or (exponential ciphers) was invented by Whitfield Diffie and Martin Hellman and independently by Ralph Merkle at 1976. Since 1976, numerous Public key cryptography algorithms have been proposed, many of these are insecure, others are impractical, only a few of them are secure and practical. Only three algorithms work well for both encryption and digital signature, RSA, EIGamal, and Rabin. All of them are much slower than symmetricp algorithms by 1000 limes. Public key cryptography used two different keys, public key for encrypting process, and secret key for decrypting process. Any one can use public key and encrypt a message, but only those who have secret key are Chapter Five : Public key Cipher Systems ---------------------------------------------------------------------- 3 allowed to decrypt the message. Mathematically, the process is based on the trapdoor one-way function.Encryption is the easy direction, while decryption is the hard direction unless he has the secret key. Public key system encrypt a message block M c 0, n by computing 1 the exponential e C=M mod n Where e (public key) and are the keys of encryption transformation , M is restored by the same operation using different exponential d (secret key): M=Cd mod n By symmetry, Encryption and decryption are commulative and malual inverses, thus substituting 5.2 by 5.1: M=(Md mod n)e mod n = Mde mod n = M Encryption and decryption can be implemented using fast exponentiation algorithm. Fastexp (a,z,n); rturn x = a mod n Begin Al := ai zi := zi x=1 While (zi<> 0) do Begin While (zI mod 2 =0) do Begin zI : = zI div 2 al:= (al*al) mod n; end; z1:=z1-1; x : =(x*a1) mod n; end; fastexp: = x; end; Figure 5-1 Fast exponentiation Chapter Five : Public key Cipher Systems ---------------------------------------------------------------------- 4 Using above algorithm then: C = fastexp (m ,e , n) M = fastexp (c ,d , n) 5.4 EXPONENTIAL CIPHER: Encryption and decryption transformations are based on modular exponentiation. Modular arithmetic is easier to work with on computers, because, it restricts She range of all intermediate values and the result. Exponentiation in modular arithmetic is performed without huge intermediate results. For example, to calculate a8 mod n, don't use the naive approach and perfonn seven multiplications and one huge modular reduction: a8 mod n = (a . a. a. a . a . a. a. a) mod n Instead, perform three smaller multiplications and three smaller modular reductions: a8 modn = ((a2 mod n)2 mod n)2 mod n also a16 modn = (((a2 mod n)2 mod n)2 mod n)2 mod n a25 mod n= (a . a24) mod n =(a. a8 . a16) mod n =(((a2 . a2)2)2 . (((a2)2)2)2) mod n = ((((a2- a)2)2)2. a) mod n =(((((((a2 mod n) .a) mod n)2 mod n)2 mod n)2 mod n) . a) mod n Inverses is a problem of finding an integer x such that: ax mod n = 1 a-1 = x mod n. For example 3 and 7 are multiplicative inverses mod 10, because 21 mod 10 = 1. In general a-1 = x mod n has a unique solution if a and n Chapter Five : Public key Cipher Systems ---------------------------------------------------------------------- 5 are relatively prime. If n is prime number then every number in the range (1, n-1) is relatively prime to n and has exactly one inverse modulo in that range. Femat's theorem and Euler's generalization can solve such a problem. Fermit's theorem: Let n is a prime number; then for every a such that gcd (a,n) =1: a n-1 mod n =1 Totient Function: For n = p q and p, q are prime Ø(n)=(p-1)(q-1) Where Ø(n) is Euler totient function, the number of'elements in tlie reduced set of residues modulo n. Example: let p = 3, q = 5, 11 = p , q = 15 '. Ø (15) = (3-1) (5-1) =8 There are eight elements in the reduced set of residues modulo 15 (1, 2, 4, 7, 8, 11, 13, 14) are relatively prime to 15 5.5 POHLIG-HELLMAN CIPHERS: Pohlig-Helman scheme is not a symmetric algorithm because different keys are used for encryption and decryption. It is not a public key scheme, because the keys are easily derived from each other, both encryption and decryption keys must kept secret .In the Pohlig-Helman scheme, the modulus is chosen to be a large prime P. because P is prime, then Ø(P) =P-1 , which is trivially derived from P, thus the scheme can only be used for conventional encryption where e and d are both kept secret.The enciphering and deciphering functions are thus given by : Chapter Five : Public key Cipher Systems ---------------------------------------------------------------------- 6 C=Me mod p and M = Cd mod p Where e d = l ( mod some complex number ) Example: Let p = l l , whence Ø (p) = p – l = 10; chose d = 7 and compute e = inv(7,10) = 3 , e M=5 C = Me mod p = 53 mod l l = 4 M = Cd mod p = 47 mod l l = 5 5.6 RSA CIPHER SYSTEM: One of the most well known and popular public key systems is the RSA system, named after the first letters of the surnames of its designers (Rivest, Shamir and Adleman of the Massachusetts lnstitute of Technology MIT). The RSA based on the fact that it is relatively easy to calculate the product of tow prime numbers, but giving the product it far more complicated. First two prime numbers are generated (p and q of length 100 -200 digit ), and their product is calculated and denoted by : n = p* q Chose e (encryption key ) randomly, relatively prime to p and q and satisfy the following expression: 3 < e < (p – l) (q – l) and gcd [ e , (p – 1 ) * (p – 1 ) ] = 1 The value of e is used to determine another, d ( decryption key ) for which: e d = 1 (mod (p -1) (q – 1)) d = e-1 mod ((p – 1) * (q – 1)) The public key consists of the pair (e. n). The encipherment of atext is performed by taking the binary representation of a message divided into blocks and denoted by M. the cipher block C is computed by raising the Chapter Five : Public key Cipher Systems ---------------------------------------------------------------------- 7 decimal value of M To the power of e and taking the remainder of a division by n: Encrypt: C = Me mod n ciphertext Decrypt M = Cd mod n plaintext Public key gets its efficiency from the difficulty of factorizing large prime numbers. Furthermore, it is almost impossible to calculate the value of d if only the public key (e, n) is known. In order to calculate d then p and q must be known too. Example Let p = 3, q = 17 ; n=p*q , 3 x 17 = 51 (p – 1 ) (q – 1) = 2 x 16 = 32 Find a number e between 3 and 32 which has no factor in common with 32. Let e = 7; d can be determined using equation 5.13, then d = 23 e d = 7 x 23 = 161 mod 32 = 1 Let M = 2 then using (5.14) C = 27 mod 51 = 26 and 2623 mod 51 = 261 . 262 . 264.2616 (mod 51 ) = 16 x 13 x 16 x 1 (mod 51) = 2 1. Cenerate two large prime mumbers p and q. 2. Calculate their product n. = p* q. 3. Determine encryption key e such that ; 3 < e < (p – 1) (q – 1) and Ø (n) = (p – 1) * (q – 1) gcd ( e, (p – 1) ( q – 1 ) ) = 1 4. Calculate d = d = e-1 mod (( p – 1 ) * ( q – 1 ) = e-1 mod Ø (n) 5. Encrypt : C = Me mod n 6.Decrypt : M = Cd mod n Figure 5-3 RSA algorithm Chapter Five : Public key Cipher Systems ---------------------------------------------------------------------- 8 Example 2: Let p = 53 and q 61 , then pq 3233, and Ø (n)= (p – 1) (q -1) =52 X 61= 3120, the value of e must be chosen some where between 3 and 3233. Assume e =71, we can calcuilate d with d =e–1 mod (p -1) (q – 1) = 71–1 mod 3120 = 157. Assuume that the message is given by M = RENAISSANCE. And the alphabet is represented by decimal values a = 00, b = 01, c = 02, ete. with space = 26, And divided into 4 –digit blocks, then we can proceeds as follows: M = RE 1704 NA IS SA 1300 0818 1800 M1 M2 M3 NC 1302 M4 M5 E 0426 M6 Now encrypt: C1 = M171 mod 3233, = 1704 71 mod 3233 = 3106 C2 =M271 mod 3233 , C3 = M371m 3233, etc… C = 3106 0100 0931 2691 C1 C2 C3 1984 2927 C4 C5 C6 And decrypt: M1 = C1791 mod 3233 =3106791 mod 3233 M1 = C1791 mod 3233, M2 = C2791 mod 3233, M3 = C3791mod 3233, etc 5.7 KNAPSACK CIPHER : Knapsack cipher system is a public key system based on the so – called Knapsack problem . The Knapsack problem can be described as follows .The vector A = (a1,a2,a3……..an) consist of positive integer .The elements of this vector are multiplied by a binary vector denoted by Chapter Five : Public key Cipher Systems ---------------------------------------------------------------------- 9 X=(x1,x2……xn) in which every xi ; i= 1,……..,n is either 0 or 1 . This results is the sum s : n S= aixi i 1 If X and A are given the value of S can be calculated with out any effort . However if S and A are given , it is considerably move difficult to calculate X. figure 5-3illustrates the knapsack problem . A Knapsack filled with a selection of object) from a large set , each object has a different weight (the elements of a correspond to the determine which items are in the Knapsack? In other word is it possible to determine the elements of X ? when A is sufficiently large (more than 100 elements), it is almost impossible to calculate X from a given S and A. Figure 5-3 The knapsack Chapter Five : Public key Cipher Systems ---------------------------------------------------------------------- 10 Now suppose A is selected such that Scan be calculated from X and A , but the calculation of X given S and A is almost impossible , unless additional information is available .The vector X would then represent the plaintext , which would be converted to a cipher text S with the aid of A. The procedure is performed as follows : Select two numbers , u and v, which are relatively prime and u > Σaj, the knapsack vector A (which is a super – increasing sequence) is transformed to vector B whose elements satisfy : bi = V ai (mod u) for all values of i : The vector B is made public u , v and A are kept secret .The vector X can now enciphered to S according to S = BX . Deciphering of the cipher is only possible if u ,v and A are available . The following procedure can be used for deciphering : vv 1 1(mod u ) n v 1 S mod u v 1 bixi(mod u ) i 1 n v 1 S mod u v 1 vaixi(mod u ) i 1 n n i 1 i 1 v 1 S mod u v 1 v 1vaixi(mod u ) v 1 bixi(mod u ) Example : Let A= (3,5,9,19), u = 40 ,v =7 , x =(0110) vv 1 1(mod u )7v 1 1(mod 40) V 1 23(mod 40) bi v ai (mod u ) 7 ai (mod 40) b (21,35,23,13) S BX 35 23 58 Todecipher 4 v 1 S (mod u ) 23 * 58(mod 40 14)Thisleadst o aixi 14 X (0110) i 1 Chapter Five : Public key Cipher Systems ---------------------------------------------------------------------- 11 1. Chose a knapsack vector A with super – increasing sequence . 2. Select two relatively prime number u and v where u > a i 3. Transform vector A into vector B . bi = vai (mod u) for all values of i . 4. Make B public and keep u , v and secret 5. Encrypt S =BX n 6. Decrypt X=v-1 S(mod u) = aixi(mod u ) i 1 Figure 5-4 Knapsack Algorithm 5.8 PUBLIC KEY DIGITAL SIGNATURE ALGORITHM (DSA): In august 1991 , the national institute of standards and technology proposed the digital signature algorithm (DSA). DSA is a variant of Schnorr and ELgamal signature algorithm. The following algorithm is Variant ofSchnorr and Elgamal signature algorithm, which uses the following parameters: P : 512 – 1024 bit prime number . q : 160 bit prime , factor of p – 1 . g = h(p-1)/q mod p, where h is any number less than p – 1 such that: h(p-1)q mod p > 1 . y = gx mod p . x : private key < q. k : random number < q. x = (gk mod p) mod q. s = k-1 (H(m) + xr )) mod q. The algorithm makes use of a one- way hash function h(m) . p, q and g are public and can be common across a net work of users. The private key is X , The public key is y. To sign a message m follow the procedure shown in figure 5-6 . Chapter Five : Public key Cipher Systems ---------------------------------------------------------------------- 12 SENDER Generate a random mmber k<q. Generate r = (qr mod p ) mod q S=k-1 (H(m)+xr) mod q Receiver: Verify the signature by computing : w= S-1 mod q ul= (h(m).w)mod q. U2= (rw) mod q. v= ((qn1 yn2) mod p)mod q . If bv = r then the signature is verfied Figure 5-5 Digital Signature Algorithm 5.9 Key EXCHANGE: 1. using public key : attacked by man- in – the –middle (cipher text attack), and prevented by interlock protocol . 2. using digital signature , one way hash function . 3. Keys and messages transmission . 5.10 AUTHENTICATION Using one way function attacked by dictionary attack , prevented by using SALT.e.g skid2,skid3 . DASS, Distributed Authentication Security Service for matual authentication and key exchange. 5.11 PUBLIC KEY CRY PT ANALYSIS: 1. Mathematically: deduce d from n and e. 2. Guess (p -1) and (q-1) 3. Factoring n : having e ===> deduce d. 4. Chosen ciphertext attack: (Protocol attack): scenario: eve wants Alice to sign m3; she generates ml and m2 Such that m3 m3d ml m2 (mod n) (m1d mod n) (m2d mod n) moral: never use RSA to sign a random document presented by a stranger. 5. Common modulus: Known n,c1. c2., e1, and e2; Select two random numbers r and s such that: rel +,se2 1, assume r is negative: ( C1-1 )- r. c25 =m mod n Chapter Five : Public key Cipher Systems ---------------------------------------------------------------------- 13 Moral: Don't share a common n among a group of users. 6. Genetic algorithm: Choose a set of prime numbers such that the product of any two of them less than n use fitness function with the following characteistics: - Neglect all even numbers, and those least significant digit = 0. - Neglect numbers, which are divided by 3. - Generated numbers by mating should be relatively prime to e. 7. Crypt analysis knowing n and e: 8. It is possible for cryptanalyst to try every possible d, until he fined the correct one. This is called brute-force attack. It is less efficient than other methods. 9. There is a common probabilistic algorithm for computing primesp and q. 10. Factoring n is the most obvious means of attack. Factoring a number means finding its prime factors. There are some factoring algorithm such as number field sieve (NFS), Quadratic sieve (QS), elliptic curve method (ECM), pollards Montecarlo algorithm, ..., etc. In March 1994, a 129-digit (428-bit) number was factored using the double prime variation of the multiple polynomial (QS) by a team of mathematician, led by Lenstra. Volunteers on the Internet carried out the computation; 600 people and 1600 machines over the course of eight months. The machines communicated via electronic mail sending their intermediate result to a central machine where the final steps of analysis took Lessons learned: • Knowledge of encryption/decryption pail of exponent for a given modulus (e, n), enables attacker of factoring the modules. • Knowledge of encryption/decryption pair of exponent for a given modulus (e,n), c, n enables attacker to calculale other pairs with out factoring n. • Common modulus should not been used in network. • Messages should be padded with random values on low encryption exponents • Decryption exponent should be large.