PowerPoint Presentation

$R:\IETemp\Temporary Internet Files\Content.IE5\I46AVVNA\MC900384336[1].wmf$

Key Exchange MethodsDiffie-Hellman and RSA

CPE 701 Research Case Study

Derek Eiler | April 2012

$R:\IETemp\Temporary Internet Files\Content.IE5\I46AVVNA\MC900384336[1].wmf$

OverviewToday’s discussion

•Background: “key” cryptography concepts

•Diffie-Hellman key exchange

•Public key infrastructure (PKI)

•RSA key pair generation

$R:\IETemp\Temporary Internet Files\Content.IE5\I46AVVNA\MC900384336[1].wmf$

BackgroundA few “key” concepts

•Encryption: plaintext -> ciphertext

•Decryption: ciphertext -> plaintext

•Cryptographic function: mathematicalfunction or algorithm used to encrypt/decrypt

•Key: parameter for a cryptographic function

•Symmetric vs. asymmetric keys

$R:\IETemp\Temporary Internet Files\Content.IE5\I46AVVNA\MC900384336[1].wmf$

So four people walk into a bar…Alice, Bob, Eve, and Mallory

•Alice and Bob want to speak privately over apublic channel

•Eve is always eavesdropping on Alice and Bob

•Mallory has malicious plans to interfere withAlice and Bob’s private conversation

$R:\IETemp\Temporary Internet Files\Content.IE5\I46AVVNA\MC900384336[1].wmf$

Diffie-Hellman key exchangeThe concept

Alice and Bob derive a shared secret key over a public channel (no prior arrangements)
Publicly agree on two public values, 𝑝 and 𝑔
Each choose a private value, 𝑎 and 𝑏
Use clever math to compute a shared secret, 𝑘
Eve and Mallory never overhear enough information to derive the shared secret

$R:\IETemp\Temporary Internet Files\Content.IE5\I46AVVNA\MC900384336[1].wmf$

Diffie-Hellman key exchangeThe math: discrete logarithm problem

Let 𝑝 be a large prime number
Let 𝑔 be an integer < 𝑝
For every number 𝑛 from 1… 𝑝−1 , inclusive, 𝑔 must have a power 𝑘 such that:
𝑛= 𝑔 𝑘 mod 𝑝

Solving the 𝑘 𝑡ℎ root mod 𝑝 is considered (but not proven) hard to do in polynomial time

$R:\IETemp\Temporary Internet Files\Content.IE5\I46AVVNA\MC900384336[1].wmf$

Diffie-Hellman key exchangeThe math: discrete logarithm in action

Solve for 𝑘, given values 𝑝, 𝑔, 𝑎′, 𝑏′ and knowing:
𝑘= 𝑔 𝑎𝑏 = 𝑔 𝑏𝑎
𝑎 ′ = 𝑔 𝑎 mod 𝑝
𝑏 ′ = 𝑔 𝑏 mod 𝑝
𝑘= (𝑏′) 𝑎 mod 𝑝
𝑘= (𝑎′) 𝑏 mod 𝑝
Finding 𝑘 is easy if 𝑎 or 𝑏 are known
Quickly solved by brute force if 𝑝=3 and 𝑔=2
What if 𝑝=6,461,333,867 and 𝑔=3,691?

$R:\IETemp\Temporary Internet Files\Content.IE5\I46AVVNA\MC900384336[1].wmf$

Diffie-Hellman key exchangeExample using small numbers

Alice starts the exchange and tells Bob 𝑝=7, 𝑔=1
Privately, Alice chooses 𝑎=3 and Bob chooses 𝑏=5
Alice computes 𝑎 ′ = 𝑔 𝑎 mod 𝑝 and tells Bob the result
𝑎 ′ = 2 3 mod 7=1
Bob computes 𝑏 ′ = 𝑔 𝑏 mod 𝑝 and tells Alice the result
𝑏 ′ = 2 5 mod 7=4
Since k= 𝑔 𝑏𝑎 , Alice can compute 𝑘= (𝑏′) 𝑎 mod 𝑝
𝑘= (4) 3 mod 7=1
Since k= 𝑔 𝑎𝑏 , Bob can compute 𝑘= (𝑎′) 𝑏 mod 𝑝
𝑘= (1) 5 mod 7=1

Meanwhile, Eve doesn’t know 𝑎 or 𝑏 and can’t easily derive 𝑘

$R:\IETemp\Temporary Internet Files\Content.IE5\I46AVVNA\MC900384336[1].wmf$

RSA key generationThe concept

•Alice generates a pair of keys, publishing oneand keeping the other private

•Anyone may use the published key to encryptmessages intended for Alice

•Only Alice can decrypt messages encryptedwith the public key (unless the private key wascompromised somehow)

•Alice may also use the key pair to prove heridentity

$R:\IETemp\Temporary Internet Files\Content.IE5\I46AVVNA\MC900384336[1].wmf$

RSA key generationThe math: factoring problem

•Computing the product of two prime numbers iseasy (23*17 = 391)

•Factoring the product of two large primenumbers is “hard”

•Try factoring123,018,668,453,011,775,513,049,495,838,496,272,077,285,356,959,533,479,219,732,245,215,172,640,050,726,365,751,874,520,219,978,646,938,995,647,494,277,406,384,592,519,255,732,630,345,373,154,826,850,791,702,612,214,291,346,167,042,921,431,160,222,124,047,927,473,779,408,066,535,141,959,745,986,902,143,413

$R:\IETemp\Temporary Internet Files\Content.IE5\I46AVVNA\MC900384336[1].wmf$

RSA key generationThe math: public and private key pair

Calculate the product 𝑛=𝑝𝑞 where 𝑝 and 𝑞 are very large prime numbers (e.g. tens or even hundreds of digits long)
Carefully choose exponents 𝑒 and 𝑑 such that we can publish the key 𝑘 𝑝𝑢𝑏 =(𝑛,𝑒) and retain the corresponding private key 𝑘 𝑝𝑟𝑖𝑣 =(𝑛,𝑑)

$R:\IETemp\Temporary Internet Files\Content.IE5\I46AVVNA\MC900384336[1].wmf$

RSA key generationThe math: “exponential” difficulty

Choose an 𝑒 such that 𝑒<𝑛 and 𝑒 is coprime to 𝑝−1 𝑞−1
How? For each 𝑒 in {2…𝑝𝑞}, test whether GCD 𝑒, 𝑝−1 𝑞−1 =1 until true.*
Choose a 𝑑 such that 𝑒𝑑−1 is divisible by 𝑝−1 𝑞−1
Now publish 𝑘 𝑝𝑢𝑏 =(𝑛,𝑒) and retain the private key 𝑘 𝑝𝑟𝑖𝑣 =(𝑛,𝑑)

*Euclid’s or Stein’s algorithm are typically used to compute the GCD.

qrcode

$R:\IETemp\Temporary Internet Files\Content.IE5\I46AVVNA\MC900384336[1].wmf$

ReferencesSome light reading on the web

RSA Laboratories: 3.6.1 What is Diffie-Hellman?

David A. Carts: A Review of the Diffie-Hellman Algorithm and its Use in Secure Internet Protocols.

RSA Laboratories: What is the RSA Cryptosystem?

RSA Laboratories: RSA Factoring Challenge.

BigPrimes.net: Prime Numbers Archive.