Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Alice & Bob: Public key cryptography 101 - Mail.ru techforum 2012

Joshua Thijssen
April 25, 2012
330

Alice & Bob: Public key cryptography 101 - Mail.ru techforum 2012

Joshua Thijssen

April 25, 2012
Tweet

Transcript

  1. Alice & Bob Mail.ru techforum - 24 april 2012 Moskow

    - Russia Public key cryptography 101 woensdag 25 april 12
  2. Joshua Thijssen / Netherlands Freelance consultant, developer and trainer @

    NoxLogic / Techademy Development in PHP, Python, Perl, C, Java.... Blog: http://adayinthelifeof.nl Email: [email protected] Twitter: @jaytaph 2 woensdag 25 april 12
  3. 4 Without this there would be no internet as we

    know today (really) woensdag 25 april 12
  4. “algorithm”: A = 1, B = 2, C = 3,

    ...., Z = 26 ‣ SUBSTITUTION SCHEME 7 woensdag 25 april 12
  5. ciphertext: 19, 5, 3, 18, 5, 20 “algorithm”: A =

    1, B = 2, C = 3, ...., Z = 26 ‣ SUBSTITUTION SCHEME 7 woensdag 25 april 12
  6. ciphertext: 19, 5, 3, 18, 5, 20 “algorithm”: A =

    1, B = 2, C = 3, ...., Z = 26 = S E C R E T ‣ SUBSTITUTION SCHEME 7 woensdag 25 april 12
  7. 8 ciphertext:  = W I N G D I

    N G S ‣ SUBSTITUTION SCHEME woensdag 25 april 12
  8. “algorithm”: c = m + k mod 26 ‣ CAESARIAN

    CIPHER or CAESARIAN SHIFT 9 http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg woensdag 25 april 12
  9. “algorithm”: c = m + k mod 26 ‣ CAESARIAN

    CIPHER or CAESARIAN SHIFT 9 Message: C O D E http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg woensdag 25 april 12
  10. “algorithm”: c = m + k mod 26 ‣ CAESARIAN

    CIPHER or CAESARIAN SHIFT 9 Message: C O D E Ciphertext (key=1): D P E F http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg woensdag 25 april 12
  11. “algorithm”: c = m + k mod 26 ‣ CAESARIAN

    CIPHER or CAESARIAN SHIFT 9 Message: C O D E Ciphertext (key=1): D P E F Ciphertext (key=2): E Q F G http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg woensdag 25 april 12
  12. “algorithm”: c = m + k mod 26 ‣ CAESARIAN

    CIPHER or CAESARIAN SHIFT 9 Message: C O D E Ciphertext (key=1): D P E F Ciphertext (key=2): E Q F G Ciphertext (key=-1): B M C D http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg woensdag 25 april 12
  13. “algorithm”: c = m + k mod 26 ‣ CAESARIAN

    CIPHER or CAESARIAN SHIFT 9 Message: C O D E Ciphertext (key=1): D P E F Ciphertext (key=2): E Q F G Ciphertext (key=-1): B M C D Ciphertext (key=0): C O D E http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg woensdag 25 april 12
  14. “algorithm”: c = m + k mod 26 ‣ CAESARIAN

    CIPHER or CAESARIAN SHIFT 9 Message: C O D E Ciphertext (key=1): D P E F Ciphertext (key=2): E Q F G Ciphertext (key=-1): B M C D Ciphertext (key=0): C O D E Ciphertext (key=26): C O D E http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg woensdag 25 april 12
  15. “algorithm”: c = m + k mod 26 ‣ CAESARIAN

    CIPHER or CAESARIAN SHIFT 9 Message: C O D E Ciphertext (key=1): D P E F Ciphertext (key=2): E Q F G Ciphertext (key=-1): B M C D Ciphertext (key=0): C O D E Ciphertext (key=26): C O D E Ciphertext (key=52): C O D E http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg woensdag 25 april 12
  16. ➡ Key is too easy to guess. ‣ FLAWS IN

    THESE CIPHERS 10 woensdag 25 april 12
  17. ➡ Key is too easy to guess. ➡ Key has

    to be send to Bob. ‣ FLAWS IN THESE CIPHERS 10 woensdag 25 april 12
  18. ➡ Key is too easy to guess. ➡ Key has

    to be send to Bob. ➡ Deterministic. ‣ FLAWS IN THESE CIPHERS 10 woensdag 25 april 12
  19. ➡ Key is too easy to guess. ➡ Key has

    to be send to Bob. ➡ Deterministic. ➡ Prone to frequency analysis. ‣ FLAWS IN THESE CIPHERS 10 woensdag 25 april 12
  20. ➡ The usage of every letter in the English (or

    any other language) can be represented by a percentage. 11 woensdag 25 april 12
  21. ➡ The usage of every letter in the English (or

    any other language) can be represented by a percentage. ➡ ‘E’ is used 12.7% of the times in english texts, the ‘Z’ only 0.074%. 11 woensdag 25 april 12
  22. ➡ The usage of every letter in the English (or

    any other language) can be represented by a percentage. ➡ ‘E’ is used 12.7% of the times in english texts, the ‘Z’ only 0.074%. ➡ ‘O’ is used 11.07% of the times in russian texts, the ‘Ъ’ only 0.02%. 11 woensdag 25 april 12
  23. http://www.gutenberg.org/cache/epub/14082/pg14082.txt Once upon a midnight dreary, while I pondered, weak

    and weary, Over many a quaint and curious volume of forgotten lore— While I nodded, nearly napping, suddenly there came a tapping, As of some one gently rapping—rapping at my chamber door. "'Tis some visitor," I muttered, "tapping at my chamber door— Only this and nothing more." 12 woensdag 25 april 12
  24. A small bit of text can result in differences, but

    still there are some letters we can deduce.. ‣ “THE RAVEN”, FIRST PARAGRAPH 13 woensdag 25 april 12
  25. We can deduce almost all letters just without even CARING

    about the crypto algorithm used. ‣ “THE RAVEN”, ALL PARAGRAPHS 14 woensdag 25 april 12
  26. ➡ Determinism and the ability to use frequency analysis are

    “bad things” ‣ FLAWS IN THESE CIPHERS 15 woensdag 25 april 12
  27. ➡ Previous examples were symmetrical encryptions. ➡ Same key is

    used for both encryption and decryption. ‣ SYMMETRICAL ALGORITHMS 16 woensdag 25 april 12
  28. ➡ Previous examples were symmetrical encryptions. ➡ Same key is

    used for both encryption and decryption. ➡ Good symmetrical encryptions: AES, Blowfish, (3)DES ‣ SYMMETRICAL ALGORITHMS 16 woensdag 25 april 12
  29. How does Alice send over the key securely to Bob?

    Everybody’s listening! ‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMS 17 woensdag 25 april 12
  30. Two keys instead of one: public key - available for

    everybody. Can be published on your blog. private key - For your eyes only! 19 woensdag 25 april 12
  31. It is NOT possible to decrypt the message with same

    key that is used to encrypt. 21 woensdag 25 april 12
  32. Encrypt with public key: - only private key (thus Alice)

    can decrypt. - message is only for Alice = encryption 22 woensdag 25 april 12
  33. Encrypt with public key: - only private key (thus Alice)

    can decrypt. - message is only for Alice = encryption 22 Encrypt with private key: - only public key can decrypt. - message is guaranteed coming for Alice = signing woensdag 25 april 12
  34. Symmetrical ✓ quick. ✓ not resource intensive. ✓ useful for

    small and large messages. ✗ need to send over the key to the other side. Asymmetrical ✓ no need to send over the (whole) key. ✓ can be used for encryption and validation (signing). ✗ very resource intensive. ✗ only useful for small messages. 23 woensdag 25 april 12
  35. Use symmetrical encryption for the (large) message and encrypt the

    key used with an asymmetrical encryption method. 24 woensdag 25 april 12
  36. Hybrid ✓ quick ✓ not resource intensive ✓ useful for

    small and large messages ✓ safely exchange key data 25 woensdag 25 april 12
  37. + http://www.zastavki.com/pictures/1152x864/2008/Animals_Cats_Small_cat_005241_.jpg Hybrid ✓ quick ✓ not resource intensive ✓

    useful for small and large messages ✓ safely exchange key data 25 woensdag 25 april 12
  38. RSA Ron Rivest, Adi Shamir, Leonard Adleman 27 1978 Pierre

    de Fermat, Leonard Euler 17th - 18th century woensdag 25 april 12
  39. Public key encryption works on the premise that it is

    practically impossible to refactor a large number back into 2 separate prime numbers 28 woensdag 25 april 12
  40. Public key encryption works on the premise that it is

    practically impossible to refactor a large number back into 2 separate prime numbers Prime number is only divisible by 1 and itself: 2, 3, 5, 7, 11, 13, 17, 19 etc... 28 woensdag 25 april 12
  41. “large” number: 221 but we cannot calculate its prime factors

    without brute force. There is no “formula” (like e=mc2) 29 woensdag 25 april 12
  42. “large” number: 221 but we cannot calculate its prime factors

    without brute force. There is no “formula” (like e=mc2) (13 and 17) 29 woensdag 25 april 12
  43. ➡ There is no proof that it’s impossible to refactor

    quickly (all tough it doesn’t look plausible) 30 woensdag 25 april 12
  44. ➡ There is no proof that it’s impossible to refactor

    quickly (all tough it doesn’t look plausible) ➡ Brute-force decrypting is always lurking around (quicker machines, better algorithms). 30 woensdag 25 april 12
  45. 32 ➡ p = (large) prime number ➡ q =

    (large) prime number (but not too close to p) woensdag 25 april 12
  46. 32 ➡ p = (large) prime number ➡ q =

    (large) prime number (but not too close to p) ➡ n = p . q (bit length of the RSA key) woensdag 25 april 12
  47. 32 ➡ p = (large) prime number ➡ q =

    (large) prime number (but not too close to p) ➡ n = p . q (bit length of the RSA key) ➡ φ = (p-1) . (q-1) (the φ thingie is called phi) woensdag 25 april 12
  48. 32 ➡ p = (large) prime number ➡ q =

    (large) prime number (but not too close to p) ➡ n = p . q (bit length of the RSA key) ➡ φ = (p-1) . (q-1) (the φ thingie is called phi) ➡ e = gcd(e, φ) = 1 woensdag 25 april 12
  49. 32 ➡ p = (large) prime number ➡ q =

    (large) prime number (but not too close to p) ➡ n = p . q (bit length of the RSA key) ➡ φ = (p-1) . (q-1) (the φ thingie is called phi) ➡ e = gcd(e, φ) = 1 ➡ d = (d . e) mod φ = 1 woensdag 25 april 12
  50. Step 1: select primes P and Q ‣ P =

    ? | Q = ? | N = ? | Phi = ? | e = ? | d = ? 33 woensdag 25 april 12
  51. Step 1: select primes P and Q ‣ P =

    11 ‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ? 33 woensdag 25 april 12
  52. Step 1: select primes P and Q ‣ P =

    11 ‣ Q = 3 ‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ? 33 woensdag 25 april 12
  53. Step 2: calculate N and Phi ‣ P = 11

    | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34 woensdag 25 april 12
  54. ➡ N = P . Q = 11 . 3

    = 33 Step 2: calculate N and Phi ‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34 woensdag 25 april 12
  55. ➡ N = P . Q = 11 . 3

    = 33 ➡ φ = (11-1) . (3-1) = 10 . 2 = 20 Step 2: calculate N and Phi ‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34 woensdag 25 april 12
  56. ➡ N = P . Q = 11 . 3

    = 33 ➡ φ = (11-1) . (3-1) = 10 . 2 = 20 Step 2: calculate N and Phi ‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34 33 decimal is 100001 in binary == 6 bit key woensdag 25 april 12
  57. ➡ N = P . Q = 11 . 3

    = 33 ➡ φ = (11-1) . (3-1) = 10 . 2 = 20 Step 2: calculate N and Phi ‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34 There are 20 co primes for 33 : φ(33) = 20 33 decimal is 100001 in binary == 6 bit key woensdag 25 april 12
  58. Step 3: find e ‣ P = 11 | Q

    = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35 woensdag 25 april 12
  59. Step 3: find e ‣ e = 3 ‣ P

    = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35 woensdag 25 april 12
  60. Step 3: find e ‣ e = 3 ‣ gcd(e,

    φ) = 1 ==> gcd(3, 20) = 1 ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35 woensdag 25 april 12
  61. Step 3: find e ‣ e = 3 ‣ gcd(e,

    φ) = 1 ==> gcd(3, 20) = 1 ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35 Fermat number: 2 + 1 2 n woensdag 25 april 12
  62. Step 3: find e ‣ e = 3 ‣ gcd(e,

    φ) = 1 ==> gcd(3, 20) = 1 ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35 Fermat number: 2 + 1 2 n Fermat prime: Fermat that is prime: 3, 5, 17, 257, 65537 Study shows that 98.5% of the time 65537 is used woensdag 25 april 12
  63. ‣ P = 11 | Q = 3 | N

    = 33 | Phi = 20 | e = 3 | d = ? Step 4: find d 36 woensdag 25 april 12
  64. ‣ P = 11 | Q = 3 | N

    = 33 | Phi = 20 | e = 3 | d = ? Step 4: find d ‣ Extended Euclidean Algorithm gives 7 36 woensdag 25 april 12
  65. ‣ P = 11 | Q = 3 | N

    = 33 | Phi = 20 | e = 3 | d = ? Step 4: find d ‣ Extended Euclidean Algorithm gives 7 ‣ brute force: (e.d mod φ = 1) 36 woensdag 25 april 12
  66. ‣ P = 11 | Q = 3 | N

    = 33 | Phi = 20 | e = 3 | d = ? Step 4: find d ‣ Extended Euclidean Algorithm gives 7 ‣ brute force: (e.d mod φ = 1) 3 . 1 = 3 mod 20 = 3 3 . 2 = 6 mod 20 = 6 3 . 3 = 9 mod 20 = 9 3 . 4 = 12 mod 20 = 12 3 . 5 = 15 mod 20 = 15 3 . 6 = 18 mod 20 = 18 3 . 7 = 21 mod 20 = 1 3 . 8 = 24 mod 20 = 4 3 . 9 = 27 mod 20 = 7 3.10 = 30 mod 20 = 10 36 woensdag 25 april 12
  67. ‣ P = 11 | Q = 3 | N

    = 33 | Phi = 20 | e = 3 | d = 7 37 woensdag 25 april 12
  68. That’s it: ➡ public key = (n, e) = (33,

    3) ➡ private key = (n, d) = (33, 7) ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7 37 woensdag 25 april 12
  69. The actual math is much more complex since we use

    very large numbers, but it all comes down to these (relatively simple) calculations.. 38 woensdag 25 april 12
  70. 39 jthijssen@debian-jth:~$ openssl rsa -text -noout -in server.key Private-Key: (256

    bit) modulus: 00:c2:d0:c4:1f:6f:78:16:82:d1:0c:dd:5a:af:de:f2:ff:31:c6: 9b:3b:9f:e8:24:2a:5c:06:56:ea:d7:7c:c6:19 publicExponent: 65537 (0x10001) privateExponent: 22:8f:fd:2b:82:90:30:96:36:d6:6c:73:09:5e:a9:87:73:6e: 2d:d4:d5:78:fc:3b:20:ea:0d:02:e5:2b:cb:3d prime1: 00:f0:49:fd:91:18:01:53:92:8f:87:d7:2b:c8:19:7d:17 prime2: 00:cf:8d:a1:3b:93:af:61:77:8f:c9:8f:1d:aa:8d:b4:4f exponent1: 00:e1:d8:c9:89:bc:84:52:a6:a8:5d:47:32:91:6a:d3:95 exponent2: 5a:88:b1:fa:d5:d9:db:8f:16:a6:5a:0a:1b:ba:42:1b coefficient: 00:99:fa:de:80:d4:ee:f3:69:59:e5:8a:72:ad:e5:30:3d woensdag 25 april 12
  71. 39 jthijssen@debian-jth:~$ openssl rsa -text -noout -in server.key n e

    d p q d mod (p-1) e mod (q-1) (inverse q) mod p Private-Key: (256 bit) modulus: 00:c2:d0:c4:1f:6f:78:16:82:d1:0c:dd:5a:af:de:f2:ff:31:c6: 9b:3b:9f:e8:24:2a:5c:06:56:ea:d7:7c:c6:19 publicExponent: 65537 (0x10001) privateExponent: 22:8f:fd:2b:82:90:30:96:36:d6:6c:73:09:5e:a9:87:73:6e: 2d:d4:d5:78:fc:3b:20:ea:0d:02:e5:2b:cb:3d prime1: 00:f0:49:fd:91:18:01:53:92:8f:87:d7:2b:c8:19:7d:17 prime2: 00:cf:8d:a1:3b:93:af:61:77:8f:c9:8f:1d:aa:8d:b4:4f exponent1: 00:e1:d8:c9:89:bc:84:52:a6:a8:5d:47:32:91:6a:d3:95 exponent2: 5a:88:b1:fa:d5:d9:db:8f:16:a6:5a:0a:1b:ba:42:1b coefficient: 00:99:fa:de:80:d4:ee:f3:69:59:e5:8a:72:ad:e5:30:3d woensdag 25 april 12
  72. Encrypting a message: c = me mod n Decrypting a

    message: m = cd mod n 40 woensdag 25 april 12
  73. Encrypting a message: private key = (n,d) = (33, 7):

    Decrypting a message: public key = (n,e) = (33, 3): m = 13, 20, 15, 5 13^7 mod 33 = 7 20^7 mod 33 = 26 15^7 mod 33 = 27 5^7 mod 33 = 14 c = 7, 26, 27,14 41 woensdag 25 april 12
  74. Encrypting a message: private key = (n,d) = (33, 7):

    Decrypting a message: public key = (n,e) = (33, 3): m = 13, 20, 15, 5 13^7 mod 33 = 7 20^7 mod 33 = 26 15^7 mod 33 = 27 5^7 mod 33 = 14 c = 7, 26, 27,14 41 c = 7, 26, 27,14 7^3 mod 33 = 13 26^3 mod 33 = 20 27^3 mod 33 = 15 14^3 mod 33 =5 m = 13, 20, 15, 5 woensdag 25 april 12
  75. ➡ A message is an “integer” ➡ A message must

    be between 2 and n-1. 42 woensdag 25 april 12
  76. ➡ A message is an “integer” ➡ A message must

    be between 2 and n-1. ➡ Deterministic, so we must use a padding scheme to make it non-deterministic. 42 woensdag 25 april 12
  77. ➡ Public Key Cryptography Standard #1 ➡ Pads data with

    (random) bytes up to n bits in length (v1.5 or OAEP/v2.x). 43 woensdag 25 april 12
  78. ➡ Public Key Cryptography Standard #1 ➡ Pads data with

    (random) bytes up to n bits in length (v1.5 or OAEP/v2.x). ➡ Got it flaws and weaknesses too. Always use the latest available version (v2.1) 43 woensdag 25 april 12
  79. Data = 4E636AF98E40F3ADCFCCB698F4E80B9F The encoded message block, EMB, after encoding

    but before encryption, with random padding bytes shown in green: 0002257F48FD1F1793B7E5E02306F2D3228F5C95ADF5F31566729F132AA12009 E3FC9B2B475CD6944EF191E3F59545E671E474B555799FE3756099F044964038 B16B2148E9A2F9C6F44BB5C52E3C6C8061CF694145FAFDB24402AD1819EACEDF 4A36C6E4D2CD8FC1D62E5A1268F496004E636AF98E40F3ADCFCCB698F4E80B9F After RSA encryption, the output is: 3D2AB25B1EB667A40F504CC4D778EC399A899C8790EDECEF062CD739492C9CE5 8B92B9ECF32AF4AAC7A61EAEC346449891F49A722378E008EFF0B0A8DBC6E621 EDC90CEC64CF34C640F5B36C48EE9322808AF8F4A0212B28715C76F3CB99AC7E 609787ADCE055839829E0142C44B676D218111FFE69F9D41424E177CBA3A435B http://www.di-mgt.com.au/rsa_alg.html#pkcs1schemes 44 woensdag 25 april 12
  80. ➡ Don’t “invent” your own encryption. It will NOT be

    secure, and it WILL fail. 46 woensdag 25 april 12
  81. ➡ Don’t “invent” your own encryption. It will NOT be

    secure, and it WILL fail. ➡ Encryption is as strong as the weakest link, which 9 out of 10 times will be you. 46 woensdag 25 april 12
  82. ➡ Don’t “invent” your own encryption. It will NOT be

    secure, and it WILL fail. ➡ Encryption is as strong as the weakest link, which 9 out of 10 times will be you. ➡ Encryptions evolve. Do not use today what you used 10 years ago. 46 woensdag 25 april 12
  83. ➡ Don’t “invent” your own encryption. It will NOT be

    secure, and it WILL fail. ➡ Encryption is as strong as the weakest link, which 9 out of 10 times will be you. ➡ Encryptions evolve. Do not use today what you used 10 years ago. ➡ Every encryption will become obsolete! 46 woensdag 25 april 12
  84. ➡ Don’t “invent” your own encryption. It will NOT be

    secure, and it WILL fail. ➡ Encryption is as strong as the weakest link, which 9 out of 10 times will be you. ➡ Encryptions evolve. Do not use today what you used 10 years ago. ➡ Every encryption will become obsolete! ➡ Always follow the best practices. 46 woensdag 25 april 12
  85. Thank you 48 Find me on twitter: @jaytaph Find me

    for development and training: www.noxlogic.nl Find me on email: [email protected] Find me for blogs: www.adayinthelifeof.nl http://xkcd.com/153/ woensdag 25 april 12