-upm Cybersecurity Cryptography José A. Mañas < http://www.dit.upm.es/~pepe/> Information Technology Department Universidad Politécnica de Madrid 4 october 2018
public key (asymmetric) public key secret key data encrypt decrypt data home 2
wrapped encryption public key session key secret key encrypt decrypt data encrypt decrypt data home 3
signed hash public key private key data data hash hash validation sign signature valid? 4
e=13 n= 55 d= 37 n= 55 toy data m e mod n x d mod n data 3 5 15 38 15 20 3 5 15 5
cryptoanalysis e = 13 n = 55 brute force try every option! is there a better path? red = 3 black = pow(red, e, n) for d in range(0, n): x = pow(black, d, n) if x == red: print(d) 6
encrypt: (1978) Ron Rivest, Adi Shamir & Leonard Adleman (MIT) Set up choose prime numbers p, q public key: <n, e> n= p q φ n = (p 1)(q 1) e gcd(e, φ n ) = 1 private key: <n, d> e d 1 mod φ n Encryption c = m e mod n Decryption m = c d mod n e may be simple: 0x11 0x10001 attack: guess p y q out of n integer number factorization 7
preparation encrypt: : example m= 688 p= 47 n= p*q= 47*71= 3337 q= 71 Z= (p-1)*(q-1)= 3220 e= 79; prime w.r.t. Z e*d= 1 mod Z d= 1019 public <e= 79, n= 3337> encrypt c= m e mod n = 688 79 mod 3337 private <d=1019, n= 3337> decrypt m= c d mod n= 1570 1019 mod 3337 black <c= 1570> m= 688 8
Machine 9
maths Fermat (1636): A B 1 1 mod B if A > 0, B is prime, A prime to B (1978): M (p 1)(q 1) 1 (mod pq) fermat (A = M p 1, B = q) M (p 1)(q 1) 1 (mod q) M (p 1)(q 1) 1 = kq, that is, q X fermat (A = M q 1, B = p) M (p 1)(q 1) 1 (mod p) M (p 1)(q 1) 1 = kp, that is, p X q X and p X and p prime and q prime pq X M (p 1)(q 1) 1 = kpq M (p 1)(q 1) 1 (mod pq) 10
maths encrypt then decrypt M ed = M k p 1 q 1 +1 = M M (p 1)(q 1) k = M 1 k = M 11
example # return (g, x, y) a*x + b*y = gcd(x, y) def egcd(a, b): if a == 0: return (b, 0, 1) else: g, x, y = egcd(b % a, a) return (g, y - (b // a) * x, x) # x = mulinv(b) mod n, (x * b) % n == 1 def mulinv(b, n): g, x, _ = egcd(b, n) if g == 1: return x % n p = 5 q = 11 n = p * q z = (p-1)*(q-1) e = 13 d = mulinv(e, z) m = pow(m, e, n) pow(pow(m, e, n), d, n) extended euclidean algorithm 12
more general private key: <n, d> e d 1 mod lcm p 1, q 1 ; 0 < d < n def lcm(a, b): return a * b / math.gcd(a, b) m = lcm(p-1, q-1) d = mulinv(e, m) d + m d + 2*m d + 3 * m 32 bits p = bd19 q = f2a7 e = 10001 d = 1b63fb39 d = 394332d1 d = 57226a69 d = 7501a201 d = 92e0d999 d = b0c01131 13
Ron Rivest, Adi Shamir & Leonard Adleman (MIT) set up let prime numbers p, q public key: <n, e> n= p q e prime w.r.t. φ n = (p 1)(q 1) private key: <n, d> e d 1 mod φ n sign: (1978) sign send verify s = H(m) d mod n <m, s> compare equality H(m) s e mod n 14
sign: : example preparation p= 5 n= p*q= 5*11= 55 q= 11 Z= (p-1)*(q-1)= 4*10= 40 e= 13; prime w.r.t. Z e*d= 1 mod Z d= 37 private <d=37, n= 55> signed s= m d mod n= 3 37 mod 55= 53 public <e= 13, n= 55> verification s e mod n = 53 13 mod 55 = 3 h(m) = 3 signed message <m, s= 53> h(m)= 3 15
how many primes are there? Estimates 3.7 10 151 with 512 bits 1.5 10 298 with 1.000 bits dictionary attacks are unfeasible The first fifty million primes 16
http://www.emc.com/emc-plus/rsa-labs/historical/the-rsa-factoring-challenge-faq.htm17
https://aiimpacts.org/progress-in-general-purpose-factoring/ 18
number of bits http://www.keylength.com/ 19
references A Method for Obtaining Digital Signatures and Public-Key Cryptosystems Tools R.L. Rivest, A. Shamir, and L. Adleman Prime factorization tool Prime factors calculator Number Factorization 20
exercises 1. check validity of pub = (133, 40501), sec = (38797, 40501) 2. check validity of pub = (133, 40501), sec = (397, 40501) 3. check validity of pub = (133, 40501), sec = (16413, 40501) 4. design a key pair where p = 53, q = 113 choose minimal e 5. design a key pair where p = 193, q = 163 choose minimal e try e= 3, 5, 7, 9, 11, 13,, 17,, 25,... 6. idem p= 193, q= 181 21
exam Home automation. We need reduced keys. Specifically, we have a thermostat with this public reception key: {e = 7, n = 33}. The owner of the house sends it an order to set the temperature of the house to "31", where 31 is the desired temperature, encrypted with the previous key. It is requested: 1. Is the key correct? What is its strength in bits? 2. What temperature range can we mark? 3. Break the key; that is, find out the private part to decipher. 4. Find out at what temperature you want to set the thermostat. Decipher and verify. 22
exercise Alice uses the Crypto System to receive messages from Bob Alice publishes n = 299 and e = 35 Check that e = 35 is a valid exponent for the algorithm Compute d, the private exponent of Alice Bob wants to send to Alice the (encrypted) plaintext P=15 What does he send to Alice? Verify she can decrypt this message 23
exercise Alice publishes the following data n = pq = 221 and e = 13 Bob receives the message M = 65 and the corresponding digital signature S = 182. Verify the signature 24