Alice & Bob: Public key cryptography 101 - Mail.ru techforum 2012

Alice & Bob
Mail.ru techforum - 24 april 2012
Moskow - Russia
Public key cryptography 101
woensdag 25 april 12

View Slide

Joshua Thijssen / Netherlands
Freelance consultant, developer and
trainer @ NoxLogic / Techademy
Development in PHP, Python, Perl,
C, Java....
Blog: http://adayinthelifeof.nl
Email: [email protected]
Twitter: @jaytaph
2

View Slide

An introduction into public key cryptography
3

View Slide

4
Without this there would be
no internet as we know today
(really)

View Slide

5

View Slide

Meet Alice,
5

View Slide

Meet Alice,
and Bob.
5
Hi Bob!
Hello Alice!

View Slide

“bad” encryption algorithms
6
http://www.ﬂickr.com/photos/dpwk/1714014449/in/[email protected]/

View Slide

“algorithm”:
A = 1, B = 2, C = 3, ...., Z = 26
‣ SUBSTITUTION SCHEME
7

View Slide

ciphertext:
19, 5, 3, 18, 5, 20
“algorithm”:
A = 1, B = 2, C = 3, ...., Z = 26
7

View Slide

ciphertext:
19, 5, 3, 18, 5, 20
“algorithm”:
A = 1, B = 2, C = 3, ...., Z = 26
=
S E C R E T
7

View Slide

8

View Slide

8
ciphertext:


View Slide

8
ciphertext:

=
W I N G D I N G S

View Slide

“algorithm”:
c = m + k mod 26
‣ CAESARIAN CIPHER or CAESARIAN SHIFT
9
http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg

View Slide

“algorithm”:
c = m + k mod 26
9
Message: C O D E

View Slide

“algorithm”:
c = m + k mod 26
9
Message: C O D E
Ciphertext (key=1): D P E F

View Slide

“algorithm”:
c = m + k mod 26
9
Message: C O D E
Ciphertext (key=2): E Q F G

View Slide

“algorithm”:
c = m + k mod 26
9
Message: C O D E
Ciphertext (key=-1): B M C D

View Slide

“algorithm”:
c = m + k mod 26
9
Message: C O D E
Ciphertext (key=0): C O D E

View Slide

“algorithm”:
c = m + k mod 26
9
Message: C O D E

View Slide

‣ FLAWS IN THESE CIPHERS
10

View Slide

➡ Key is too easy to guess.
10

View Slide

➡ Key has to be send to Bob.
10

View Slide

➡ Deterministic.
10

View Slide

➡ Deterministic.
➡ Prone to frequency analysis.
10

View Slide

11

View Slide

➡ The usage of every letter in the English (or
any other language) can be represented by
a percentage.
11

View Slide

a percentage.
➡ ‘E’ is used 12.7% of the times in english
texts, the ‘Z’ only 0.074%.
11

View Slide

a percentage.
➡ ‘E’ is used 12.7% of the times in english
texts, the ‘Z’ only 0.074%.
➡ ‘O’ is used 11.07% of the times in russian
texts, the ‘Ъ’ only 0.02%.
11

View Slide

http://www.gutenberg.org/cache/epub/14082/pg14082.txt
Once upon a midnight dreary, while I pondered, weak and weary,
Over many a quaint and curious volume of forgotten lore—
While I nodded, nearly napping, suddenly there came a tapping,
As of some one gently rapping—rapping at my chamber door.
"'Tis some visitor," I muttered, "tapping at my chamber door—
Only this and nothing more."
12

View Slide

A small bit of text can result in differences, but still there are
some letters we can deduce..
‣ “THE RAVEN”, FIRST PARAGRAPH
13

View Slide

We can deduce almost all letters just without even CARING
about the crypto algorithm used.
‣ “THE RAVEN”, ALL PARAGRAPHS
14

View Slide

15

View Slide

➡ Determinism and the ability to use
frequency analysis are “bad things”
15

View Slide

‣ SYMMETRICAL ALGORITHMS
16

View Slide

➡ Previous examples were symmetrical encryptions.
16

View Slide

➡ Same key is used for both encryption and decryption.
16

View Slide

➡ Same key is used for both encryption and decryption.
➡ Good symmetrical encryptions: AES, Blowﬁsh, (3)DES
16

View Slide

‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMS
17

View Slide

How does Alice send over the key securely
to Bob? Everybody’s listening!
‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMS
17

View Slide

Another encryption system:
Asymmetrical encryption or public key encryption.
18

View Slide

Two keys instead of one:
public key - available for everybody.
Can be published on your blog.
private key - For your eyes only!
19

View Slide

http://upload.wikimedia.org/wikipedia/commons/f/f9/Public_key_encryption.svg
‣ USES 2 KEYS INSTEAD OF ONE: A KEYPAIR
20

View Slide

It is NOT possible to decrypt the message
with same key that is used to encrypt.
21

View Slide

Encrypt with public key:
- only private key (thus Alice) can decrypt.
- message is only for Alice = encryption
22

View Slide

Encrypt with public key:
- only private key (thus Alice) can decrypt.
- message is only for Alice = encryption
22
Encrypt with private key:
- only public key can decrypt.
- message is guaranteed coming for Alice = signing

View Slide

Symmetrical
✓ quick.
✓ not resource intensive.
✓ useful for small and large
messages.
✗ need to send over the key
to the other side.
Asymmetrical
✓ no need to send over the
(whole) key.
✓ can be used for encryption
and validation (signing).
✗ very resource intensive.
✗ only useful for small messages.
23

View Slide

Use symmetrical encryption for the (large) message
and encrypt the key used with an asymmetrical
encryption method.
24

View Slide

Hybrid
✓ quick
✓ not resource intensive
✓ useful for small and large messages
✓ safely exchange key data
25

View Slide

+
http://www.zastavki.com/pictures/1152x864/2008/Animals_Cats_Small_cat_005241_.jpg
Hybrid
✓ quick
✓ not resource intensive
✓ useful for small and large messages
✓ safely exchange key data
25

View Slide

But how does it work?
26

View Slide

RSA
27

View Slide

RSA
Ron Rivest, Adi Shamir, Leonard Adleman
27

View Slide

RSA
27
1978

View Slide

RSA
27
1978
Pierre de Fermat, Leonard Euler
17th - 18th century

View Slide

Public key encryption works on the premise that it
is practically impossible to refactor a large number
back into 2 separate prime numbers
28

View Slide

Public key encryption works on the premise that it
is practically impossible to refactor a large number
back into 2 separate prime numbers
Prime number is only divisible by 1 and
itself: 2, 3, 5, 7, 11, 13, 17, 19 etc...
28

View Slide

29

View Slide

“large” number: 221
29

View Slide

but we cannot calculate its
prime factors without brute force.
There is no “formula” (like e=mc2)
29

View Slide

but we cannot calculate its
prime factors without brute force.
There is no “formula” (like e=mc2)
(13 and 17)
29

View Slide

30

View Slide

➡ There is no proof that it’s impossible to refactor
quickly (all tough it doesn’t look plausible)
30

View Slide

➡ There is no proof that it’s impossible to refactor
quickly (all tough it doesn’t look plausible)
➡ Brute-force decrypting is always lurking around
(quicker machines, better algorithms).
30

View Slide

31
The math
behind the curtain

View Slide

32

View Slide

32
➡ p = (large) prime number

View Slide

32
➡ q = (large) prime number (but not too close to p)

View Slide

32
➡ n = p . q (bit length of the RSA key)

View Slide

32
➡ φ = (p-1) . (q-1) (the φ thingie is called phi)

View Slide

32
➡ e = gcd(e, φ) = 1

View Slide

32
➡ e = gcd(e, φ) = 1
➡ d = (d . e) mod φ = 1

View Slide

Step 1: select primes P and Q
‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ? 33

View Slide

‣ P = 11
‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ? 33

View Slide

‣ P = 11
‣ Q = 3
‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ? 33

View Slide

Step 2: calculate N and Phi
‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34

View Slide

➡ N = P . Q = 11 . 3 = 33
‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34

View Slide

➡ N = P . Q = 11 . 3 = 33
➡ φ = (11-1) . (3-1) = 10 . 2 = 20
‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34

View Slide

➡ N = P . Q = 11 . 3 = 33
➡ φ = (11-1) . (3-1) = 10 . 2 = 20
‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34
33 decimal is 100001 in binary == 6 bit key

View Slide

➡ N = P . Q = 11 . 3 = 33
➡ φ = (11-1) . (3-1) = 10 . 2 = 20
‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34
There are 20 co primes for 33 : φ(33) = 20
33 decimal is 100001 in binary == 6 bit key

View Slide

Step 3: ﬁnd e
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35

View Slide

Step 3: ﬁnd e
‣ e = 3
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35

View Slide

Step 3: ﬁnd e
‣ e = 3
‣ gcd(e, φ) = 1 ==> gcd(3, 20) = 1
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35

View Slide

Step 3: ﬁnd e
‣ e = 3
‣ gcd(e, φ) = 1 ==> gcd(3, 20) = 1
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35
Fermat number: 2 + 1
2
n

View Slide

Step 3: ﬁnd e
‣ e = 3
‣ gcd(e, φ) = 1 ==> gcd(3, 20) = 1
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35
Fermat number: 2 + 1
2
n
Fermat prime: Fermat that is prime: 3, 5, 17, 257, 65537
Study shows that 98.5% of the time 65537 is used

View Slide

‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?
Step 4: ﬁnd d
36

View Slide

‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?
Step 4: ﬁnd d
‣ Extended Euclidean Algorithm gives 7
36

View Slide

‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?
Step 4: ﬁnd d
‣ brute force: (e.d mod φ = 1)
36

View Slide

‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?
Step 4: ﬁnd d
‣ brute force: (e.d mod φ = 1)
3 . 1 = 3 mod 20 = 3
3 . 2 = 6 mod 20 = 6
3 . 3 = 9 mod 20 = 9
3 . 4 = 12 mod 20 = 12
3 . 5 = 15 mod 20 = 15
3 . 6 = 18 mod 20 = 18
3 . 7 = 21 mod 20 = 1
3 . 8 = 24 mod 20 = 4
3 . 9 = 27 mod 20 = 7
3.10 = 30 mod 20 = 10
36

View Slide

‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7 37

View Slide

That’s it:
➡ public key = (n, e) = (33, 3)
➡ private key = (n, d) = (33, 7)
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7 37

View Slide

The actual math is much more complex since
we use very large numbers, but it all comes
down to these (relatively simple) calculations..
38

View Slide

39
[email protected]:~$ openssl rsa -text -noout -in server.key

View Slide

39
Private-Key: (256 bit)
modulus:
00:c2:d0:c4:1f:6f:78:16:82:d1:0c:dd:5a:af:de:f2:ff:31:c6:
9b:3b:9f:e8:24:2a:5c:06:56:ea:d7:7c:c6:19
publicExponent: 65537 (0x10001)
privateExponent:
22:8f:fd:2b:82:90:30:96:36:d6:6c:73:09:5e:a9:87:73:6e:
2d:d4:d5:78:fc:3b:20:ea:0d:02:e5:2b:cb:3d
prime1:
00:f0:49:fd:91:18:01:53:92:8f:87:d7:2b:c8:19:7d:17
prime2:
00:cf:8d:a1:3b:93:af:61:77:8f:c9:8f:1d:aa:8d:b4:4f
exponent1:
00:e1:d8:c9:89:bc:84:52:a6:a8:5d:47:32:91:6a:d3:95
exponent2:
5a:88:b1:fa:d5:d9:db:8f:16:a6:5a:0a:1b:ba:42:1b
coefficient:
00:99:fa:de:80:d4:ee:f3:69:59:e5:8a:72:ad:e5:30:3d

View Slide

39
n
e
d
p
q
d mod (p-1)
e mod (q-1)
(inverse q) mod p
Private-Key: (256 bit)
modulus:
00:c2:d0:c4:1f:6f:78:16:82:d1:0c:dd:5a:af:de:f2:ff:31:c6:
9b:3b:9f:e8:24:2a:5c:06:56:ea:d7:7c:c6:19
publicExponent: 65537 (0x10001)
privateExponent:
22:8f:fd:2b:82:90:30:96:36:d6:6c:73:09:5e:a9:87:73:6e:
2d:d4:d5:78:fc:3b:20:ea:0d:02:e5:2b:cb:3d
prime1:
00:f0:49:fd:91:18:01:53:92:8f:87:d7:2b:c8:19:7d:17
prime2:
00:cf:8d:a1:3b:93:af:61:77:8f:c9:8f:1d:aa:8d:b4:4f
exponent1:
00:e1:d8:c9:89:bc:84:52:a6:a8:5d:47:32:91:6a:d3:95
exponent2:
5a:88:b1:fa:d5:d9:db:8f:16:a6:5a:0a:1b:ba:42:1b
coefficient:
00:99:fa:de:80:d4:ee:f3:69:59:e5:8a:72:ad:e5:30:3d

View Slide

Encrypting a message:
c = me mod n
Decrypting a message:
m = cd mod n
40

View Slide

Encrypting a message: private key = (n,d) = (33, 7):
Decrypting a message: public key = (n,e) = (33, 3):
m = 13, 20, 15, 5
13^7 mod 33 = 7
20^7 mod 33 = 26
15^7 mod 33 = 27
5^7 mod 33 = 14
c = 7, 26, 27,14
41

View Slide

Encrypting a message: private key = (n,d) = (33, 7):
Decrypting a message: public key = (n,e) = (33, 3):
m = 13, 20, 15, 5
13^7 mod 33 = 7
20^7 mod 33 = 26
15^7 mod 33 = 27
5^7 mod 33 = 14
c = 7, 26, 27,14
41
c = 7, 26, 27,14
7^3 mod 33 = 13
26^3 mod 33 = 20
27^3 mod 33 = 15
14^3 mod 33 =5
m = 13, 20, 15, 5

View Slide

42

View Slide

➡ A message is an “integer”
42

View Slide

➡ A message must be between 2 and n-1.
42

View Slide

➡ A message must be between 2 and n-1.
➡ Deterministic, so we must use a padding
scheme to make it non-deterministic.
42

View Slide

43

View Slide

➡ Public Key Cryptography Standard #1
43

View Slide

➡ Pads data with (random) bytes up to n bits
in length (v1.5 or OAEP/v2.x).
43

View Slide

➡ Pads data with (random) bytes up to n bits
in length (v1.5 or OAEP/v2.x).
➡ Got it ﬂaws and weaknesses too. Always
use the latest available version (v2.1)
43

View Slide

Data = 4E636AF98E40F3ADCFCCB698F4E80B9F
The encoded message block, EMB, after encoding but before encryption, with random
padding bytes shown in green:
0002257F48FD1F1793B7E5E02306F2D3228F5C95ADF5F31566729F132AA12009
E3FC9B2B475CD6944EF191E3F59545E671E474B555799FE3756099F044964038
B16B2148E9A2F9C6F44BB5C52E3C6C8061CF694145FAFDB24402AD1819EACEDF
4A36C6E4D2CD8FC1D62E5A1268F496004E636AF98E40F3ADCFCCB698F4E80B9F
After RSA encryption, the output is:
3D2AB25B1EB667A40F504CC4D778EC399A899C8790EDECEF062CD739492C9CE5
8B92B9ECF32AF4AAC7A61EAEC346449891F49A722378E008EFF0B0A8DBC6E621
EDC90CEC64CF34C640F5B36C48EE9322808AF8F4A0212B28715C76F3CB99AC7E
609787ADCE055839829E0142C44B676D218111FFE69F9D41424E177CBA3A435B
http://www.di-mgt.com.au/rsa_alg.html#pkcs1schemes 44

View Slide

45
Some words of wisdom:
(free of charge)

View Slide

46

View Slide

➡ Don’t “invent” your own encryption. It will
NOT be secure, and it WILL fail.
46

View Slide

➡ Encryption is as strong as the weakest link,
which 9 out of 10 times will be you.
46

View Slide

➡ Encryptions evolve. Do not use today what
you used 10 years ago.
46

View Slide

➡ Every encryption will become obsolete!
46

View Slide

➡ Every encryption will become obsolete!
➡ Always follow the best practices.
46

View Slide

http://farm1.static.ﬂickr.com/73/163450213_18478d3aa6_d.jpg
Questions?
47

View Slide

Thank you
48
Find me on twitter: @jaytaph
Find me for development and training: www.noxlogic.nl
Find me on email: [email protected]
Find me for blogs: www.adayinthelifeof.nl
http://xkcd.com/153/

View Slide

Alice & Bob: Public key cryptography 101 - Mail.ru techforum 2012

Alice & Bob: Public key cryptography 101 - Mail.ru techforum 2012

Joshua Thijssen

More Decks by Joshua Thijssen

Featured

Transcript