Public-Key Cryptography & RSA

Question 1

Private (Symmetric) Key

Answer 1

One key
sent to all parties through secure channels
new key when party leaves
all parties equal (so they can forge messages and claim they came from a different party)

Question 2

Public (Asymmetric) Key

Answer 2

Two keys
public to encrypt and verify digital signatures
private to decrypt and digitally sign
parties aren’t equal (encryptor can’t decrypt
verifier can’t create digital signature)
useful for encryption/decryption and/or key exchange and/or digital signature

Question 3

Relatively Prime

Answer 3

If a and b have a GCD of 1, they are relatively prime

doesn’t necessarily mean either are prime

Question 4

GCD - Prime Factorization

Answer 4

One way to find GCD

find prime factorization of each number and check GCD

Question 5

GCD - Euclid’s Algorithm

Answer 5

Another way to find GCD
no factoring
find larger number modulo smaller one
find smaller one modulo result
find prev result modulo new result until you get 0 second to last result is GCD

Question 6

RSA

Answer 6

Ron Rivest, Adi Shamir, Len Adleman
Plaintext/Ciphertext blocks are integers between 0 and n
Size of n usually 1024 bits (309 decimal places)
n = p * q (p and q must be secret, prime, and can’
t equal each other)
When generating keys, e is usually 65537, 3, or 17 (BUT smaller e=simple attack)
(Cheat Sheet)

Question 7

RSA - RSA Attacks - Factorization

Answer 7

d and m too hard and take too long to compute
n easiest to attack
if e, n, p, and q, known, can compute keys to encrypt/decrypt (d logically equivalent to e^-1 mod( p-1 * q-1 ) )

Question 8

RSA - RSA Attacks - Timing

Answer 8

Get exact time hardware takes to decrypt something (depends on how many bits are 1 in d or e) to get feel for which bits should be set to what

Question 9

RSA - RSA Attacks - Timing - Blinding

Answer 9

Multiply C by random number (C * r^e mod n) after encryption, so during “decryption” attacker will time wrong number
Real decryption is Mb * r^-1 mod n

Question 10

RSA - RSA Attacks - Timing - Random Delay

Answer 10

Add random delay to exponentiation

Question 11

RSA - RSA Attacks - Chosen Ciphertext

Answer 11

Replace real ciphertext with phony one and send to intended recipient
Get “message” from intended recipient and use it to derive the real message
Counter this with OAEP (pad M with psuedo-random bits)

Question 12

DH

Answer 12

Create and exchange secret shit (like session keys)
Work if and only if both parties can be authenticated
Works because session key is derived the same by both parties
Works because even if p, primitive root, and public values are known, you can’t get private values or session key
(Cheat Sheet)

Question 13

Primitive Roots

Answer 13

Given p > 1, there exists a primitive root a, that {a^j mod p | j = 1, 2, …, p - 1} = {1, 2, …, p-1}

Question 14

DH - DH Attacks - Brute Force

Answer 14

Have to find discrete logarithm of one of the public keys (infeasible for large p)

Question 15

DH - DH Attacks - Man in the Middle

Answer 15

Take public values Ya and Yb as they are sent, and replace them with Y1 (to A) and Y2 (to B)
Derive Ka and Kb
When B sends message with session key Kb, Decrypt with Kb, read, then encrypt with Ka so A can decrypt with Ka
Works if no one authenticates the origin of the public keys

Question 16

El Gamal

Answer 16

Similar to DH, up until public key generation (Cheat Sheet)