4-RSA - PublicKeyCryptographyandRSA 794Q: Introduction to...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
p1. Public Key Cryptography and RSA 794Q: Introduction to Cryptography Spring 2010
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
p2. Public-Key Cryptography Also known as asymmetric-key cryptography. Each user has a pair of keys: a public key and a private key. The public key is used for encryption. The key is known to the public. The private key is used for decryption. The key is only known to the owner.
Background image of page 2
p3. Bob Alice
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
p4. Why Public-Key Cryptography? Developed to address two main issues: key distribution digital signatures Invented by Diffie & Hellman in 1976.
Background image of page 4
p5. Public-Key Cryptosystem (PKC) Each user u has a pair of keys (PK u , SK u ). PK u is the public key, available in a public directory. SK u the private key, known to u only. Key-generation algorithm: to generate keys. Encryption algorithm E : to send message M to user u, compute C = E(PK u , M). Decryption algorithm D : Upon receiving C, user u computes D(SK u , C). Requirement: D(SK u ,E(PK u , M)) = M.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
p6. () Key generation algorithm : On input 1 , (1 ) outputs a pair of keys, , , each of length at least . Encryption algorit hm : On input a public key and a pla Public-key encryption scheme nn GG pk sk n Ep k intext , outputs a ciphertext . We write ( ). (The message space may depend on .) Decryption algorithm : On input a secret key and a ciphertext , outputs a message pk k mM E c c E m pk Ds k cD . We write : ( ). Correctness requirement: Pr ( ) : 1 except for a negligible measure of key pairs output by ( 1) . k sk pk pk n mm D c DEm m m M G = ⎡⎤ =← =
Background image of page 6
p7. () Adversary: a polynomial-time eavesdropper. ( , , ) : a public-key encryption scheme. Imagine a n experiment: (1 ) is run to obtain a pair of keys , . Ciphertext-Indistinguishability n GED Gp k s k i 01 The adversary is given , and outputs a pair of messages , of the same length. A random bit {0,1} is chosen; and a ciphertext ( ) is computed and given to the a pk pk b pk mm M b cE m i i dversary. The adversary determines whether is the encryption of or . c i
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
p8. ciphertext-indistinguishable against eave A publick-key encryption scheme with security parameter is if for every polynomial-time adversary Definit there sdropper exists ion: a neg ligib s le n A 01 function such that Pr ( , , , ) : ( , ) (1 ), { , } { , }, ( ) 1 negl( ) 2 n Ap k up k negl km mc m p ks k G m m M mm m c E m n =← ←← ≤+
Background image of page 8
p9. Since the adversary knows the publick key , it can encrypt any polynomial number of messages of its choice. That is, eavesdroppers are capable of CPA's. Thus, if a pub lic-key encryp Remarks pk tion scheme is secure against eavesdroppers, then it is also CPA-secure. Most publick-key encryption schemes are based on one-way funct . ions
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
p10. 1 1 trapdoor Easy: Hard: Use as the private key. Most (assumed) one-way functions come from number theory trapdoo .
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 01/22/2011 for the course CSE 794 taught by Professor Tenh.lai during the Spring '10 term at Ohio State.

Page1 / 120

4-RSA - PublicKeyCryptographyandRSA 794Q: Introduction to...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online