CSE 127: Lecture 22
The topics covered in this lecture are:
using crypto for security,
RSA for encryption and message authentication,
cracking keys,
and modular exponentiation.
We have been discussing how we can use cryptographic tools to make insecure
connections less susceptible to eavesdropping and tampering. Again, the three
major parts of this are:
- Confidentiality
- Ensuring that others cannot eavesdrop on your data by obscuring
it with encryption
- Integrity
- Ensuring that others have not changed the message by computing
Message Authentication Codes (MACs) which are like a checksum of the
data, but use encryption keys.
- Accountability
- Ensuring that people can be connected to their actions. Crypto
can be used to verify identification publicly.
For RSA encryption, we need four things: p, q, e, and d.
- The p and q are large prime numbers, and n = p*q.
- The public key is (e,n), where e is a number chosen randomly.
- The private key is d, where e*d=1 mod phi(n), and phi(n)=(p-1)(q-1).
- From Euler's theorem, we know that xphi(n)=1 mod n.
If we are given a message m, we can encrypt and decrypt the message using the
public and private keys of a user.
Encryption: Cipher text is computed by:
c = me mod n
Decryption: The original message is computed by:
p = cd mod n
How do we know that the decrypted message p is the same as the original message
m? We can use Euler's theorem:
- (me)d mod n
- = mde mod n
- = m1+k*phi(n) mod n
- = m*(mphi(n))k mod n
- = m*1k mod n
We can also use RSA to cryptographically sign messages. We do this by
computing a cryptographic hash (like MD5 or SHA1) on a message m to
obtain a digest, which we'll call s. Then the signed digest is computed
as r = sd mod n. Then the public can verify that the
message is properly signed if re mod n==s.
Normally you want to keep information about your keys private. However,
if you know the factorization of n, then you have an advantage. You can
use the Extended GCD. The EGCD is like the GCD, but it gives three
outputs, w, z, and g. The value g = GCD(x,y), while EGCD also finds
w*x + z*y = g
So that if we ask for EGCD(e, phi(n)), we know that g=1 with high probability.
(g=1 means that e and phi(n) are coprime. In the unlikely
circumstance that g > 1, just choose another random e and try again.)
and we get
w*e + z*phi(n) = g = 1
where w is the multiplicative inverse mod phi(n). We use w as the
secret decryption exponent (usually called d).
There are many systems with encryption keys that are embedded in hardware
or hidden in software, away from users access. However, having physical
access to the system makes it easier to find out what the encryption keys
are. For example, Microsoft has a crypto API that allows applications to
do crypto operations, but the applications cannot access the keys
directly; instead they have something akin to file descriptors which
point to the keys which the API hides. Additionally, the implementation
of the library is modular, so that it may be filled by a third-party
vendor's software or hardware.
If you wanted to get access to the crypto keys in the library, how could
you do that? Having access to the system helps. It turns out that you can
compute statistics on the time and/or power required for the processor to
compute crypto routines by running the routines many times. Those
statistics can give insight into finding the values of the keys. Next
time we will see more on how this is done. Until then, here is the code
to compute exponentiation mod n.
The following code computes y = xe mod n. Note that in this
code, integers are larger than the typical "int"; they may be
arbitrarily big (using special math libraries).
Int modexp(x, e, n) {
Int y = 1, z = x;
while (e != 0) {
if (e is odd) {
y = y * z mod n;
}
z = z * z mod n;
e = e div 2;
}
return y;
}
[
search CSE |
CSE |
bsy's home page |
links |
webster |
MRQE |
google |
yahoo |
citeseer |
certserver
]
bsy+cse127w02@cs.ucsd.edu, last updated Mon Mar 25 15:22:09 PST 2002. Copyright 2002 Bennet Yee.
email bsy.