Jan 10, 2019 The RSA algorithm has three main processes: key pair generation, encryption and decryption. Key pairs include the generation of the public key and the private key. Because of this part of the process, RSA has often been described as the first public-key digital security system. Once the public key is generated, it is transmitted over an unsecured channel, but the private key remains secret and is. Although practical QCs would pose a threat to crypto standards for public-key infrastructure (PKI) key exchange and encryption, no one has demonstrated a practical quantum computer yet. It is an area of active research and growing interest. Although it is possible, it can't be said with certainty whether practical QCs will be built in the future. The Diffie–Hellman key exchange is a frequent choice for such protocols, because of its fast key generation. Password-authenticated key agreement edit When Alice and Bob share a password, they may use a password-authenticated key agreement (PK) form of Diffie–Hellman to prevent man-in-the-middle attacks. The public keys are part of the key pair generation by each one of the parties, usually denoted. With ECC the keys can be generated from the private key at any time, as the public key is generated after the private key within the function, namely by multiplying the private key value with the base point.
The Diffie–Hellman key exchange is a frequent choice for such protocols, because of its fast key generation. Password-authenticated key agreement edit When Alice and Bob share a password, they may use a password-authenticated key agreement (PK) form.
- Cryptography Tutorial
- Cryptography Useful Resources
- Selected Reading
Public Key Cryptography
Unlike symmetric key cryptography, we do not find historical use of public-key cryptography. It is a relatively new concept.
Symmetric cryptography was well suited for organizations such as governments, military, and big financial corporations were involved in the classified communication.
With the spread of more unsecure computer networks in last few decades, a genuine need was felt to use cryptography at larger scale. The symmetric key was found to be non-practical due to challenges it faced for key management. This gave rise to the public key cryptosystems.
The process of encryption and decryption is depicted in the following illustration −
Key Exchange And Generation In Cryptography Center
The most important properties of public key encryption scheme are −
- Different keys are used for encryption and decryption. This is a property which set this scheme different than symmetric encryption scheme.
- Each receiver possesses a unique decryption key, generally referred to as his private key.
- Receiver needs to publish an encryption key, referred to as his public key.
- Some assurance of the authenticity of a public key is needed in this scheme to avoid spoofing by adversary as the receiver. Generally, this type of cryptosystem involves trusted third party which certifies that a particular public key belongs to a specific person or entity only.
- Encryption algorithm is complex enough to prohibit attacker from deducing the plaintext from the ciphertext and the encryption (public) key.
- Though private and public keys are related mathematically, it is not be feasible to calculate the private key from the public key. In fact, intelligent part of any public-key cryptosystem is in designing a relationship between two keys.
There are three types of Public Key Encryption schemes. We discuss them in following sections −
RSA Cryptosystem
This cryptosystem is one the initial system. It remains most employed cryptosystem even today. The system was invented by three scholars Ron Rivest, Adi Shamir, and Len Adleman and hence, it is termed as RSA cryptosystem.
We will see two aspects of the RSA cryptosystem, firstly generation of key pair and secondly encryption-decryption algorithms.
Generation of RSA Key Pair
Each person or a party who desires to participate in communication using encryption needs to generate a pair of keys, namely public key and private key. The process followed in the generation of keys is described below −
- Generate the RSA modulus (n)
- Select two large primes, p and q.
- Calculate n=p*q. For strong unbreakable encryption, let n be a large number, typically a minimum of 512 bits.
- Find Derived Number (e)
- Number e must be greater than 1 and less than (p − 1)(q − 1).
- There must be no common factor for e and (p − 1)(q − 1) except for 1. In other words two numbers e and (p – 1)(q – 1) are coprime.
- Form the public key
- The pair of numbers (n, e) form the RSA public key and is made public.
- Interestingly, though n is part of the public key, difficulty in factorizing a large prime number ensures that attacker cannot find in finite time the two primes (p & q) used to obtain n. This is strength of RSA.
- Generate the private key
- Private Key d is calculated from p, q, and e. For given n and e, there is unique number d.
- Number d is the inverse of e modulo (p - 1)(q – 1). This means that d is the number less than (p - 1)(q - 1) such that when multiplied by e, it is equal to 1 modulo (p - 1)(q - 1).
- This relationship is written mathematically as follows −
The Extended Euclidean Algorithm takes p, q, and e as input and gives d as output.
Example
An example of generating RSA Key pair is given below. (For ease of understanding, the primes p & q taken here are small values. Practically, these values are very high).
- Let two primes be p = 7 and q = 13. Thus, modulus n = pq = 7 x 13 = 91.
- Select e = 5, which is a valid choice since there is no number that is common factor of 5 and (p − 1)(q − 1) = 6 × 12 = 72, except for 1.
- The pair of numbers (n, e) = (91, 5) forms the public key and can be made available to anyone whom we wish to be able to send us encrypted messages.
- Input p = 7, q = 13, and e = 5 to the Extended Euclidean Algorithm. The output will be d = 29.
- Check that the d calculated is correct by computing −
- Hence, public key is (91, 5) and private keys is (91, 29).Generate private key from aws pem file. $ chmod 400 MyKeyPair.pem Display Your Key PairA 'fingerprint' is generated from your key pair, and you can use it to verify thattheprivate key that you have on your local machine matches the public key that's storedin AWS.The fingerprint is an SHA1 hash taken from a DER-encoded copy of the private key.Thisvalue is captured when the key pair is created, and is stored in AWS with the publickey.You can view the fingerprint in the Amazon EC2 console or by running the AWS CLI commandawsec2 describe-key-pairs.The following example displays the fingerprint for MyKeyPair.
Encryption and Decryption
Once the key pair has been generated, the process of encryption and decryption are relatively straightforward and computationally easy.
Interestingly, RSA does not directly operate on strings of bits as in case of symmetric key encryption. It operates on numbers modulo n. Hence, it is necessary to represent the plaintext as a series of numbers less than n.
RSA Encryption
- Suppose the sender wish to send some text message to someone whose public key is (n, e).
- The sender then represents the plaintext as a series of numbers less than n.
- To encrypt the first plaintext P, which is a number modulo n. The encryption process is simple mathematical step as −
- In other words, the ciphertext C is equal to the plaintext P multiplied by itself e times and then reduced modulo n. This means that C is also a number less than n.
- Returning to our Key Generation example with plaintext P = 10, we get ciphertext C −
RSA Decryption
![Key exchange and generation in cryptography center Key exchange and generation in cryptography center](/uploads/1/2/5/8/125872289/518273685.png)
- The decryption process for RSA is also very straightforward. Suppose that the receiver of public-key pair (n, e) has received a ciphertext C.
- Receiver raises C to the power of his private key d. The result modulo n will be the plaintext P.
- Returning again to our numerical example, the ciphertext C = 82 would get decrypted to number 10 using private key 29 −
RSA Analysis
The security of RSA depends on the strengths of two separate functions. The RSA cryptosystem is most popular public-key cryptosystem strength of which is based on the practical difficulty of factoring the very large numbers.
- Encryption Function − It is considered as a one-way function of converting plaintext into ciphertext and it can be reversed only with the knowledge of private key d.
- Key Generation − The difficulty of determining a private key from an RSA public key is equivalent to factoring the modulus n. An attacker thus cannot use knowledge of an RSA public key to determine an RSA private key unless he can factor n. It is also a one way function, going from p & q values to modulus n is easy but reverse is not possible.
If either of these two functions are proved non one-way, then RSA will be broken. In fact, if a technique for factoring efficiently is developed then RSA will no longer be safe.
The strength of RSA encryption drastically goes down against attacks if the number p and q are not large primes and/ or chosen public key e is a small number.
ElGamal Cryptosystem
Along with RSA, there are other public-key cryptosystems proposed. Many of them are based on different versions of the Discrete Logarithm Problem.
ElGamal cryptosystem, called Elliptic Curve Variant, is based on the Discrete Logarithm Problem. It derives the strength from the assumption that the discrete logarithms cannot be found in practical time frame for a given number, while the inverse operation of the power can be computed efficiently.
Let us go through a simple version of ElGamal that works with numbers modulo p. In the case of elliptic curve variants, it is based on quite different number systems.
Generation of ElGamal Key Pair
Each user of ElGamal cryptosystem generates the key pair through as follows −
- Choosing a large prime p. Generally a prime number of 1024 to 2048 bits length is chosen.
- Choosing a generator element g.
- This number must be between 1 and p − 1, but cannot be any number.
- It is a generator of the multiplicative group of integers modulo p. Generate private and public key for ssh access openssl. This means for every integer m co-prime to p, there is an integer k such that gk=a mod n.For example, 3 is generator of group 5 (Z5 = {1, 2, 3, 4}).
N | 3n | 3n mod 5 |
---|---|---|
1 | 3 | 3 |
2 | 9 | 4 |
3 | 27 | 2 |
4 | 81 | 1 |
- Choosing the private key. The private key x is any number bigger than 1 and smaller than p−1.
- Computing part of the public key. The value y is computed from the parameters p, g and the private key x as follows −
- Obtaining Public key. The ElGamal public key consists of the three parameters (p, g, y).For example, suppose that p = 17 and that g = 6 (It can be confirmed that 6 is a generator of group Z17). Tekken 7 cd key generator. The private key x can be any number bigger than 1 and smaller than 71, so we choose x = 5. The value y is then computed as follows −
- Thus the private key is 62 and the public key is (17, 6, 7).
Encryption and Decryption
The generation of an ElGamal key pair is comparatively simpler than the equivalent process for RSA. But the encryption and decryption are slightly more complex than RSA.
ElGamal Encryption
Suppose sender wishes to send a plaintext to someone whose ElGamal public key is (p, g, y), then −
- Sender represents the plaintext as a series of numbers modulo p.
- To encrypt the first plaintext P, which is represented as a number modulo p. The encryption process to obtain the ciphertext C is as follows −
- Randomly generate a number k;
- Compute two values C1 and C2, where −
- Send the ciphertext C, consisting of the two separate values (C1, C2), sent together.
- Referring to our ElGamal key generation example given above, the plaintext P = 13 is encrypted as follows −
- Randomly generate a number, say k = 10
- Compute the two values C1 and C2, where −
- Send the ciphertext C = (C1, C2) = (15, 9).
ElGamal Decryption
- To decrypt the ciphertext (C1, C2) using private key x, the following two steps are taken −
- Compute the modular inverse of (C1)x modulo p, which is (C1)-x , generally referred to as decryption factor.
- Obtain the plaintext by using the following formula −
- In our example, to decrypt the ciphertext C = (C1, C2) = (15, 9) using private key x = 5, the decryption factor is
- Extract plaintext P = (9 × 9) mod 17 = 13.
ElGamal Analysis
In ElGamal system, each user has a private key x. and has three components of public key − prime modulus p, generator g, and public Y = gx mod p. The strength of the ElGamal is based on the difficulty of discrete logarithm problem.
The secure key size is generally > 1024 bits. Today even 2048 bits long key are used. On the processing speed front, Elgamal is quite slow, it is used mainly for key authentication protocols. Due to higher processing efficiency, Elliptic Curve variants of ElGamal are becoming increasingly popular.
Elliptic Curve Cryptography (ECC)
Elliptic Curve Cryptography (ECC) is a term used to describe a suite of cryptographic tools and protocols whose security is based on special versions of the discrete logarithm problem. It does not use numbers modulo p.
ECC is based on sets of numbers that are associated with mathematical objects called elliptic curves. There are rules for adding and computing multiples of these numbers, just as there are for numbers modulo p.
ECC includes a variants of many cryptographic schemes that were initially designed for modular numbers such as ElGamal encryption and Digital Signature Algorithm.
It is believed that the discrete logarithm problem is much harder when applied to points on an elliptic curve. This prompts switching from numbers modulo p to points on an elliptic curve. Also an equivalent security level can be obtained with shorter keys if we use elliptic curve-based variants.
The shorter keys result in two benefits −
- Ease of key management
- Efficient computation
These benefits make elliptic-curve-based variants of encryption scheme highly attractive for application where computing resources are constrained.
RSA and ElGamal Schemes – A Comparison
Let us briefly compare the RSA and ElGamal schemes on the various aspects.
RSA | ElGamal |
---|---|
It is more efficient for encryption. | It is more efficient for decryption. |
It is less efficient for decryption. | It is more efficient for decryption. |
For a particular security level, lengthy keys are required in RSA. | For the same level of security, very short keys are required. |
It is widely accepted and used. | It is new and not very popular in market. |
Key exchange (also key establishment) is a method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm.
If the sender and receiver wish to exchange encrypted messages, each must be equipped to encrypt messages to be sent and decrypt messages received. The nature of the equipping they require depends on the encryption technique they might use. If they use a code, both will require a copy of the same codebook. If they use a cipher, they will need appropriate keys. If the cipher is a symmetric key cipher, both will need a copy of the same key. If it is an asymmetric key cipher with the public/private key property, both will need the other's public key.
Channel of exchange[edit]
Key exchange is done either in-band or out-of-band. encrypted.[1]
The key exchange problem[edit]
The key exchange problem describes ways to exchange whatever keys or other information are needed for establishing a secure communication channel so that no one else can obtain a copy. Historically, before the invention of public-key cryptography (asymmetrical cryptography), symmetric-key cryptography utilized a single key to encrypt and decrypt messages. For two parties to communicate confidentially, they must first exchange the secret key so that each party is able to encrypt messages before sending, and decrypt received ones. This process is known as the key exchange.
The overarching problem with symmetrical cryptography, or single-key cryptography, is that it requires a secret key to be communicated through trusted couriers, diplomatic bags, or any other secure communication channel. If two parties cannot establish a secure initial key exchange, they won't be able to communicate securely without the risk of messages being intercepted and decrypted by a third party who acquired the key during the initial key exchange.
Public-key cryptography uses a two-key system, consisting of the public and the private keys, where messages are encrypted with one key and decrypted with another. It depends on the selected cryptographic algorithm which key—public or private—is used for encrypting messages, and which for decrypting. For example, in RSA, the private key is used for decrypting messages, while in the Digital Signature Algorithm (DSA), the private key is used for encrypting them. The public key can be sent over non-secure channels or shared in public; the private key is only available to its owner.
Known as the Diffie-Hellman key exchange, the encryption key can be openly communicated as it poses no risk to the confidentiality of encrypted messages. One party exchanges the keys to another party where they can then encrypt messages using the key and send back the cipher text. Only the decryption key—in this case, it's the private key—can decrypt that message. At no time during the Diffie-Hellman key exchange is any sensitive information at risk of compromise, as opposed to symmetrical key exchange.
Identification[edit]
In principle, the only remaining problem was to be sure (or at least confident) that a public key actually belonged to its supposed owner. Because it is possible to 'spoof' another's identity in any of several ways, this is not a trivial or easily solved problem, particularly when the two users involved have never met and know nothing about each other.
Diffie–Hellman key exchange[edit]
In 1976, Whitfield Diffie and Martin Hellman published a cryptographic protocol called the Diffie–Hellman key exchange (D–H) based on concepts developed by Hellman's PhD student Ralph Merkle. The protocol enables users to securely exchange secret keys even if an opponent is monitoring that communication channel. The D–H key exchange protocol, however, does not by itself address authentication (i.e. the problem of being sure of the actual identity of the person or 'entity' at the other end of the communication channel). Authentication is crucial when an opponent can both monitor and alter messages within the communication channel (AKA man-in-the-middle or MITM attacks) and was addressed in the fourth section of the paper.[2]
![Key Key](/uploads/1/2/5/8/125872289/266619485.png)
Public key infrastructure[edit]
Public key infrastructures (PKIs) have been proposed as a workaround for the problem of identity authentication. In their most usual implementation, each user applies to a “certificate authority” (CA), trusted by all parties, for a digital certificate which serves for other users as a non-tamperable authentication of identity. The infrastructure is safe, unless the CA itself is compromised. In case it is, though, many PKIs provide a way to revoke certificates so other users will not trust them. Revoked certificates are usually put in certificate revocation lists which any certificate can be matched against.
Several countries and other jurisdictions have passed legislation or issued regulations encouraging PKIs by giving (more or less) legal effect to these digital certificates (see digital signature). Several commercial firms, and a few government departments, have established such certificate authorities. VeriSign is the most prominent commercial firm providing digital identity services.
This does nothing to solve the problem though, as the trustworthiness of the CA itself is still not guaranteed for any particular individual. It is a form of argument from authority fallacy. For actual trustworthiness, personal verification that the certificate belongs to the CA and establishment of trust in the CA are required. This is usually not possible.
There are known cases where authoritarian governments proposed establishing so-called “national CAs” whose certificates would be mandatory to install on citizens’ devices and, once installed and trusted, could be used for monitoring, intercepting, modifying, or blocking the encrypted internet traffic.[3][4][5]
For those new to such things, these arrangements are best thought of as electronic notary endorsements that “this public key belongs to this user”. As with notary endorsements, there can be mistakes or misunderstandings in such vouchings. Additionally, the notary itself can be untrusted. There have been several high-profile public failures by assorted certificate authorities.[citation needed]
Web of trust[edit]
At the other end of the conceptual range is the web of trust system, which avoids central Certificate Authorities entirely. Each user is responsible for getting any certificate from another before using that certificate to communicate with, vet digital signatures from, .. the user claimed to be associated with the particular public key in a certificate. PGP (and GPG, an implementation of the OpenPGP Internet Standard) employ just such a web of trust mechanism. Together they are the most widely used high quality cryptographic system in the world.[citation needed]
Password-authenticated key agreement[edit]
Password-authenticated key agreement algorithms can perform a cryptographic key exchange utilizing knowledge of a user's password.
Quantum key exchange[edit]
Quantum key distribution exploits certain properties of quantum physics to ensure its security. It relies on the fact that observations (or measurements) of a quantum state introduces perturbations in that state. Over many systems, these perturbations are detectable as noise by the receiver, making it possible to detect man-in-the-middle attacks. Beside the correctness and completeness of quantum mechanics, the protocol assumes the availability of an authenticated channel between Alice and Bob.
See also[edit]
References[edit]
- ^Emmett Dulaney, Chuck Easttom (October 5, 2017). CompTIA Security+ Study Guide: Exam SY0-501. John Wiley & Sons.
- ^Diffie, Whitfield; Hellman, Martin E. (November 1976). 'New Directions in Cryptography'(PDF). IEEE Transactions on Information Theory. IT-22 (6): 644–654.
- ^Wolff, Josephine (2015-12-14). 'Kazakhstan's Unsettling New Cybersecurity Plan'. Slate. Retrieved 2019-01-09.
- ^Shapovalova, Natalia (2016-01-05). 'Security Certificate Of The Republic Of Kazakhstan: The State Will Be Able To Control The Encrypted Internet Traffic Of Users'. Mondaq. Retrieved 2019-01-09.
- ^'The Kremlin reportedly wants to create a state-operated center for issuing SSL certificates'. Meduza. 2016-02-15. Retrieved 2019-01-09.
- The possibility of Non-Secret digital encryption J. H. Ellis, January 1970.
- Non-Secret Encryption Using a Finite Field MJ Williamson, January 21, 1974.
- Thoughts on Cheaper Non-Secret Encryption MJ Williamson, August 10, 1976.
- New Directions in Cryptography W. Diffie and M. E. Hellman, IEEE Transactions on Information Theory, vol. IT-22, Nov. 1976, pp: 644–654.
- Cryptographic apparatus and method Martin E. Hellman, Bailey W. Diffie, and Ralph C. Merkle, U.S. Patent #4,200,770, 29 April 1980
- The First Ten Years of Public-Key Cryptography Whitfield Diffie, Proceedings of the IEEE, vol. 76, no. 5, May 1988, pp: 560–577 (1.9MB PDF file)
- Menezes, Alfred; van Oorschot, Paul; Vanstone, Scott (1997). Handbook of Applied Cryptography Boca Raton, Florida: CRC Press. ISBN0-8493-8523-7. (Available online)
- Singh, Simon (1999) The Code Book: the evolution of secrecy from Mary Queen of Scots to quantum cryptography New York: Doubleday ISBN0-385-49531-5Cambodia
Secret Key Cryptography
Retrieved from 'https://en.wikipedia.org/w/index.php?title=Key_exchange&oldid=944813441'