Professional Documents
Culture Documents
Modular Arithmetic
► Modular Addition
Using the last digit of the answer
Additive inverse- subtracting x or adding –
x
Number you’d have to add to x to get 0
4’s inverse will be 6
addition modulo (mod) K a (poor) cipher
with key K
Modular Addition
► Addition modulo (mod) K
Poor cipher with (dk+dm) mod K, e.g., if K=10 and dk is the
key.
+ 0 1 2 3 4 5 6 7 8 9
0 0 0 0 0 0 0 0 0 0 0
1 1 2 3 4 5 6 7 8 9 0
2 2 3 4 5 6 7 8 9 0 1
3 3 4 5 6 7 8 9 0 1 2
► Additiveinverse: addition mod K yields 0.
► “Decrypt” by adding inverse.
Modular Multiplication
► Multiplication modulo K
* 0 1 2 3 4 5 6 7 8 9
0 0 0 0 0 0 0 0 0 0 0
1 1 2 3 4 5 6 7 8 9 1
2 0 2 4 6 8 0 2 4 6 8
3 0 3 6 9 2 5 8 1 4 7
► Multiplicative inverse: multiplication mod K
yields 1
► Only some numbers have inverse
Modular Multiplication
► Only the numbers relatively prime to n
will have mod n multiplicative inverse
► x, m relative prime: no other common
factor than 1
Eg. 8 & 15 are relatively prime - factors of 8
are 1,2,4,8 and of 15 are 1,3,5,15 and 1 is the
only common factor
Modular Exponentiation
xy 0 1 2 3 4 5 6 7 8 9
0 0 0 0 0 0 0 0 0 0
1 1 1 1 1 1 1 1 1 1 1
2 1 2 4 8 6 2 4 8 6 2
3 1 3 9 7 1 3 9 7 1 3
4 1 4 6 4 6 4 6 4 6 4
5 1 5 5 5 5 5 5 5 5 5
6 1 6 6 6 6 6 6 6 6 6
7 1 7 9 3 1 7 9 3 1 7
8 1 8 4 2 6 8 4 2 6 8
9 1 9 1 9 1 9 1 9 1 9
Modular Exponentiation
► xy mod n = xy mod ø(n) mod n
► if y mod ø(n) = 1, then xy mod n = x mod n
► Once you get the answer divide by n and
get the remainder
► 4^6 = 6 mod 10
► 4 ^ 6 = 4096 in ordinary airthmentic and
► 4096 = 6 mod 10
RSA (Rivest, Shamir, Adleman)
► The most popular one.
► Support both public key encryption and
digital signature.
► Assumption/theoretical basis:
Factoring a big number is hard.
► Variable key length (usually 512 bits).
► Variable plaintext block size.
Plaintext must be “smaller” than the key.
Ciphertext block size is the same as the key
length.
► Based on the theory of Prime Numbers
RSA Algorithm
1. Choose two large prime numbers P and Q.
2. Calculate N = P x Q.
3. Select the public key (i.e. the encryption key) E such that it is not a
factor of (P – 1) and (Q – 1).
4. Select the private key (i.e. the decryption key) D such that the
following equation is true:
(D x E) mod (P – 1) x (Q – 1) = 1
5. For encryption, calculate the cipher text CT from the plain text PT as
follows:
CT = PTE mod N
7. For decryption, calculate the plain text PT from the cipher text CT as
follows:
PT = CTD mod N Fig 4.4
Example of RSA Algorithm
Encryption algorithm using Decryption algorithm using
the public key the private key
F F 6 41 4177 F B
A
6 5 Result modulo 119
Result modulo 119 6 F
= 41
RSA Example
• Select primes: p=17 & q=11
• Compute n = pq =17×11=187
• Compute ø(n)=(p–1)(q-1)=16×10=160
• Select e : gcd(e,160)=1; choose e=7
• Determine d: de=1 mod 160 and d < 160
Value is d=23 since 23×7=161= 10×160+1
• Publish public key KU={7,187}
• Keep secret private key KR={23,17,11}
How Does RSA Work?
► Given pub = <e, n> and priv = <d, n>
encryption: c = me mod n, m < n
decryption: m = cd mod n
signature: s = md mod n, m < n
verification: m = se mod n
► given message M = 88 (nb. 88<187)
► encryption:
C = 887 mod 187 = 11
► decryption:
M = 1123 mod 187 = 88
Why Does RSA Work?
► Given pub = <e, n> and priv = <d, n>
n =p*q, ø(n) =(p-1)(q-1)
e*d = 1 mod ø(n)
xe∗d = x mod n
encryption: c = me mod n
decryption: m = cd mod n = me∗d mod n = m mod
n = m (since m < n)
digital signature (similar)
Is RSA Secure?
► Factoring 512-bit number is very hard!
► But if you can factor big number n then given
public key <e,n>, you can find d, hence the
private key by:
Knowing factors p, q, such that, n = p*q
Then ø(n) =(p-1)(q-1)
Then d such that e*d = 1 mod ø(n)
► Threat
Moore’s law
Refinement of factorizing algorithms
► Forthe near future, a key of 1024 or 2048
bits needed
Symmetric (DES) vs. Public Key
(RSA)
► Exponentiation
of RSA is expensive !
► AES and DES are much faster
100 times faster in software
1,000 to 10,000 times faster in hardware
► RSA often used in combination in AES
and DES
Pass the session key with RSA
Digital Certificate
► Problem of man-in-the-middle attack was
solved by using digital certificates
► Digital certificates similar to passport
► It is simply a small computer file
► Establishes the relation between a user
and her public key
► DC must contain the user name and the
user’s public key to prove that a
particular values belongs to a particular
user.
Digital Certificate Contents
► Main contents are the subject name
(user), validity and public key
► Signed by a Certification Authority (CA)
► Provides guarantees about a user’s
identity
► No two digital certificates issued by the
same user can have the same serial
number
Digital Certificate Example
Digital Certificate
Valid to Same
► PKCS#3
Defines mechanism to implement Diffie-
Hellman Key Agreement
► PKCS#4
Merged with PKCS#1
► PKCS#5 – Password Based Encryption (PBE)
Solution for keeping the symmetric session
keys safe
Step 1 : First encrypt the plain text message
with symmetric key
Step 2: then encrypt the symmetric key with a
Key Encryption Key (KEK)
Where to store the KEK – never store it
anywhere
Generate key on demand use it for
encryption/decryption the symmetric key and
then discard it
KEK is generated using a password using a key
generation process
Password
salt
Key Encryption Key
Iteration Count
► PKCS#6 : Extended Certificate Syntax Std
Defines syntax for extending attributes of an
digital certificate
► PKCS#7 :Cryptographic Message Syntax Std
Specifies a format/syntax for data that is the
result of cryptographic operation
Examples :digital signatures and digital envelopes
► PKCS#8:Private Key Information Syntax Std
Describes the syntax for storing the private key
and some attributes of a user securely
Describes the syntax for encryption private keys
so that they cannot be attacked
►PKCS#10 – Certificate Request Syntax
Std
Describes syntax for certification request
Request information consists of 3 aspects :
►Entity's distinguished name
►Entity public key
►Set of attributes
Entity requesting for the certificate signs
with the private key and sends the request
information, signed request and signature algo
to CA
CA verifies the signature and other aspects &
if OK issues certificate
► PKCS#11 : Cryptographic Token Interface
Std (Cryptoki)
Specifies operations performed using hardware
token such as smart card