09–Feb–2006                  Public-key cryptography                     CIS551 / TCOM 401

 

Motivation for Public-Key Cryptography:

 

• Weakest link: Shared-key (private-key) cryptography suffers from key-management issues – How could the communicating entities securely agree on the shared-key before secure communication can begin? Communicating the shared-key securely is a typical case of Catch-22 problem.
• Overhead: Keys should be pro-actively refreshed to keep the damage of a shared-key compromise in control (attacker cannot enjoy a perpetual utility from a compromised key, that way).
• Key generation: When there are n entities involved in communication, the number of shared-keys required are of the O(square(n)).
• Historical perspective: Enigma – a German poly-alphabetic crypto system based on shared key – was compromised by the allies not because of its cryptographic weakness but because of the key-management issues that are innate to shared-key cryptography (and espionage).

 

Public-Key Cryptography:

 

• How does it work? Every communicating entity has its own <private key, public key> combination. The public key, as the name suggests, is known to all the communicating entities (more like a telephone directory listing). The private key is known only to the associated entity (private to the entity) and the security of Public-Key cryptography depends on the fact that only this entity has the knowledge of private-key. In its usual form, any communication to an entity is encrypted using its public key and the receiving entity decrypts the message using its private key.
• Positive Consequences:
• Key agreement: No longer do the communicating entities need to have an agreement on a common key for encryption as well as decryption. This is attributed to the fact that encryption and decryption do not use the same key (as opposed to shared-key cryptography). For this reason, the suite of public-key algorithms is also called asymmetric cryptography.
• Key generation: Since, each entity (and not each communication instance) requires its own <public key, private key> combination, the number of keys required when ‘n’ communicating entities are involved is of the O(n).
• Side-effects: Since the private-key is known only to the associated entity and no one else, this fact could be exploited to assure authenticity – that the message is received from an authenticated sender. This is exactly what digital signature algorithms make use of. The roles of public and private key are reversed, i.e., encryption is done using the private key of the sender and the decryption is done using the public key of the sender. If the message was successfully decrypted (usually, the decrypted message is matched against a template), it is a proof that the message came from the entity corresponding to the public key used in decrypting the message.
• Negative Consequence:
• Since the central idea in public-key cryptography is use of one-way (or near one-way) functions (which are computationally complex), public-key cryptography are typically of the order of power(10, 3) slower than secret-key algorithms. It would be quite inconceivable to perform the whole communication using computationally expensive and time consuming public-key cryptography.
• Best of both the worlds (Secret & Public): Attributed to the key-communication and computational cost weaknesses of secret and public-key cryptographies, respectively, it is usual for an implementation to use public-key cryptography only during the initial (hand-shake) part of the communication and communicate the secret-key for the communication session. The communication, from then on, would proceed using the performance-friendly secret-key cryptography.

 

Implementation of Public-Key Cryptography – RSA:

 

• Rivest (R), Shamir (S) & Adleman (A) are mathematicians who worked on resolving the key-management issues with Secret-key cryptography. It was long understood that one-way functions are the resolution to this issue. They proposed a one-way function in 1979 the implementation of which effectively became the RSA algorithm.
• The central idea is that it is hard to factorize a number ‘n’ whose factors are two relatively large prime numbers, ‘pf1’ & ‘pf2’. Hence, pf1 * pf2 is effectively a one-way function as given ‘n’ and just ‘n’ it is hard to find ‘pf1’ and ‘pf2’. Hence, there is no harm in making ‘n’ public (part of the public key in RSA). The private key is a function of ‘pf1’ and ‘pf2’ (apart from another parameter – another component of public key). The private key is such that it would effectively reverse the operation on the message with the public key (the vice versa is true as well – Both private and public key negate each other.). Since the attacker contemplated with a cipher text encrypted with RSA has only the public value ‘n’ (apart from the other component of public key) and it is computationally tedious to factorize ‘n’ into ‘pf1’ and ‘pf2’, and hence, determine the private key, RSA provides good security without the hassles of secure key-sharing.
• Arithmetic reasoning behind why RSA works: Slides are self-explanatory.
• Is RSA the absolute security? No! The security provided by RSA is not absolute. It is deemed that under the availability of current computing resources, RSA is computationally hard to crack. But, what is computationally possible keeps evolving – There are already considerable work being done on Quantum computing, that, when made a reality, would render RSA ineffective.
• Idiosyncrasy: Because of the function, power(message, encryption key) mod n, that is central to RSA encryption as well as decryption, it is obvious that for values of message block, 0 & 1, the RSA encryption does nothing but return the message as is. In order to prevent this from compromising the security, there are padding standards that are used to make the message less sparse by deliberately introducing pre-determined sequence of bits at pre-determined positions before encryption.