Chapter 7: Public Key Cryptography Flashcards
Why would we need Public Key Cryptography?
- Introduced ciphers and authentication mechanisms require a common, pre-shared, secret key
- Out-of-band sharing is not always an option
- Key exchange needs to be conducted securely
- Symmetric mechanisms require a considerable amount of keys in the system
Why would we need PKI?
- Asymmetric Crypto reduces the number of keys in the system :
Assume n parties, only unique keys and asymmetric crypto:
- Every party has a public key and a private key
- Every party keeps their own private key secret
- Every party publishes their public key
- Amount of secret keys in the system: n ∈ O(n)
- Different keys used for en-/decryption:
Discussion: Symmetric vs. Asymmetric Encryption
- Benefits of asymmetric encryption mechanisms include
- But what about integrity and authenticity of the exchanged public key?
- Example: Can we just …
- … publish a public key on a website?
- … send a public key via mail to friends?
1 * Number of keys needed in a communication system is reduced
2 * Public keys are not required to be exchanged between participants of the communication system via a secure
channel that guarantees confidentiality of the key
- Certainly not, as the integrity and authenticity of the received key cannot be guaranteed.
RSA Cipher Mathematical Background
How are they generated? (RSA Cipher)
RSA Cipher
Public Key Algorithm
Define encryption and decryption.
Why does RSA Cipher work? ON SLIDES.
RSA for confidentiality
What are the assumptions?
- We choose a random x andcompute c = xe mod n
- Then x can not be recovered
- Relation between c and x looks random enough when keys unknown
Problems with RSA for confidentiality
In order to achieve confidentiality we need to use a suitable encryption scheme based on RSA! WHY?
Solution: * Employ Padding (“enlarges m”)
* Add random bits (“adds non-determinism”, “avoids 0”)
* Schemes: PKCS, OAEP
RSA for Confidentiality
OAEP (Optimal asymmetric encryption padding)
Provide the notation and the output.
RSA for Integrity
Observations? Can we do Better?
Yes, we can do better.
- Dedicated signature schemes exist
- Example: RSA-PSS, part of PKCS standards
- RSA-PSS hashes m twice, adds padding and salt
- Result is encrypted with Ksec
Hybrid Encryption Scheme
Why do we need it, instead of asymmetric crypto? What’s the idea?
Problems with Asymmetric Crypto:
* Very expensive
* Orders of magnitude slower than symmetric crypto or hashing
* Unsuitable to encrypt larger amounts of data
Idea:
* Hybrid Encryption Scheme
* Use public key cryptography to securely exchange (ephemeral) symmetric key
* Use symmetric cryptography to encrypt the actual payload data
Hybrid Encryption Scheme: Key Agreement
How does it work?
New Idea:
* Alice does not decide and send a symmetric key
* A key agreement protocol is used to establish a shared key
* Key agreement protocols usually also
* Authenticate the entities
* Provide additional communication protection
* Well-known example: Diffie-Hellman key exchange protocol
