305495 Special Topic in Computer Systems (Computer Security) Lecture 3

Asymmetric-Key Cryptography

2008/2

Panupong Sornkhom, Department of Electrical and Computer Engineering, Naresuan University

Outline
Asymmetric Encryption Principles Public-Key Cryptography Algorithms

2008/2

Panupong Sornkhom, Department of Electrical and Computer Engineering, Naresuan University

Asymmetric Encryption Principles

A public-key encryption scheme has six ingredients
Plaintext Encryption algorithm Public key Private key Ciphertext Decryption algorithm

2008/2

Panupong Sornkhom, Department of Electrical and Computer Engineering, Naresuan University

Asymmetric Encryption Principles (2)

Picture from [1]

2008/2 Panupong Sornkhom, Department of Electrical and Computer Engineering, Naresuan University 4

Asymmetric Encryption Principles (3)

Picture from [1]

2008/2 Panupong Sornkhom, Department of Electrical and Computer Engineering, Naresuan University 5

Asymmetric Encryption Principles (4)

Application for Public-Key Cryptosystems
Encryption/decryption Digital signature Key exchange

Some algorithms are suitable for all three applications, whereas others can be used only for one or two of these applications

Picture from [1]

2008/2 Panupong Sornkhom, Department of Electrical and Computer Engineering, Naresuan University 6

Asymmetric Encryption Principles (5)

Requirements for Public-Key Cryptography
It is computationally easy for a party B to generate a pair (public key KUb, private key KRb) It is computationally easy for a sender A, knowing the public key and the message to be encrypted, M, to generate the corresponding ciphertext
C = EKUb(M)

It is computationally easy for the receiver B to decrypt the resulting ciphertext using the private key to recover the original message
M = DKRb(C) = DKRb[EKUb(M)]

It is computationally infeasible for an opponent, knowing the public key, KUb, to determine the private key, KRb. It is computationally infeasible for an opponent, knowning the public key, KUb, and a ciphertext, C, to recover the original message, M.
2008/2 Panupong Sornkhom, Department of Electrical and Computer Engineering, Naresuan University 7

Public-Key Cryptography Algorithms

RSA
RSA uses two exponents, e and d, where e is public and d is private. If P = plaintext and C = ciphertext, then Alice uses C = Pe mod n and Bob uses P = Cd mod n. The modulus n, a very large number, is created during the key generation process

Diffie-Hellman Key Exchange (DH)

The purpose of the algorithm is to enable two users to exchange a secret key securely. The algorithm depends for its effectiveness on the difficulty of computing discrete logarithms.

2008/2

Panupong Sornkhom, Department of Electrical and Computer Engineering, Naresuan University

Public-Key Cryptography Algorithms (2)

RSA algorithm

Picture from [1]

2008/2 Panupong Sornkhom, Department of Electrical and Computer Engineering, Naresuan University 9

Public-Key Cryptography Algorithms (3)

Diffie-Hellman Key Exchange

Picture from [1]

2008/2 Panupong Sornkhom, Department of Electrical and Computer Engineering, Naresuan University 10

Public-Key Cryptography Algorithms (4)

Digital Signature Standard (DSS)
DSS makes use of the SHA-1 and presents a new digital signature technique, the Digital Signature Algorithm (DSA). DSS uses and algorithm that is designed to provide only the digital signature function. Unlike RSA, it cannot be used for encryption or key exchange.

Elliptic-Curve Cryptography (ECC)

The principal attraction of ECC compared to RSA is that it appears to offer equal security for a far smaller bit size, thereby reducing processing overheard.

2008/2

Panupong Sornkhom, Department of Electrical and Computer Engineering, Naresuan University

11

References
[1] William Stallings, Network Security Essentials: Applications and Standards, 2nd ed, Prentice Hall. [2] Behrouz A. Forouzan, Introduction to Cryptography and Network Security, McGRAW-HILL.

2008/2

Panupong Sornkhom, Department of Electrical and Computer Engineering, Naresuan University

12