 We introduced public key cryptography last Last lecture and to demonstrate public key cryptography. We in we went through how this algorithm called rsa works And we went through the steps for generating a key pair a public and private key for each user And then the steps we went through an example of encrypting some message So we'll go back to that example in a moment just to remind you but First let's just explain what is rsa so the out it's the name of the algorithm and The name comes from the the three inventors the three guys who created the algorithm reverse Ron Revest Eddie Shamir and Len Adelman so RS and a So they created this algorithm Not long after the first Public key algorithm was released by Diffie and Hellman And you see at the end of these slides we We will not cover up before the midterm will cover after the midterm another algorithm called Diffie Hellman but rsa was an algorithm created and they went and Created a company that sold products that used it Including spin-offs that sold certificates for websites So most of the certificates that we use today to access websites using HTTPS use rsa and Some of the people who worked at rsa security spun off what was now become verisign. Who's a major certificate provider? So it's considered to the most widely used public key algorithm. There are others, but it's widely used still used still considered secure and It's not commonly used though for encrypting data we'll see it's primarily used for authenticating And we'll explain the difference After we go through the the algorithm. So let's return to our example actually We flick between the slides in the example. This is the algorithm itself Three steps or three parts of the algorithm generating the keys You can think every user has a key pair. So you every user generates their own key pair You do it yourself. You don't get someone else to do it for you because one of them is a private key So only you should know that in in our examples We've said the private key is those values of D and N and the public is E and N But just be aware that the private key The value of N in the private key is actually public the secret value is D. It's just that we combine them together because when we encrypt If we have some message M where we treat as as an integer As long as M is less than N so our integer the message we want to encrypt must be less than N Then to encrypt we take M raise it to the power of E and mod by N And we get our ciphertext and to decrypt We take the ciphertext raised to the power of D and mod by N and we get the original M back and What we'll try and do today is prove that we always get the original M back Because that's a requirement for encryption and decryption that we do get the original plaintext back and that will lead to well Why do we go through these steps of key generation? What? What's the significance of doing it in this manner? So we'll try and cover that today the example we went through We generated in fact two sets of keys one for a and one one for B And we had an example where a wanted to send a confidential message to be that message was 15 So again if our message is some string we need some way to convert it to an integer using some form of encoding under the condition that M must be less than N and To send to be we encrypt using bees public key for confidentiality Because the only person who can decrypt is the only is the person who has the other key in the key pair So if we encrypt with bees public key, it can only be decrypted with bees private key And only B has their private key. So that ensures confidentiality so what we did to encrypt we Took the public key of B, which is really E and N Five and two hundred ninety nine and fifteen to the power of five mod two nine nine gave us the ciphertext of two one four We send that to be and we showed when bee decrypted They got the original message 15 back We need to prove that that will always happen today And then we got to well from the attackers perspective What can they do to try and defeat the security of this algorithm and we said The attacker knows the ciphertext. That's a given they know the public key E and N So there are different approaches the attacker can take the first approach We are tried as the attackers. We also know the algorithm So we know this equation C equals M to the power of E mod N. We know three of the variables in that equation So the challenge for the attacker is to solve the equation Rearrange and find M Two different approaches to find M You could do a brute force type approach and try M equal to one see if it gives us 214 when we raise to the power of five and mod by two nine nine if not try two three so Try all possible values of M That would work especially with our small numbers So for the real use of RSA We must have our numbers large enough such that that would not work that we cannot try all possible values of M that is M must be potentially large and the the limit of M is N the modulus So N should be large The other approach is trying to solve it by just inverting the equation We have some exponentiation in modular arithmetic and the opposite is discreet logarithm Can be written at the discreet log. We need to find the base M when we mod by two hundred and ninety nine We get an answer of two hundred and fifteen when we raise to the power of five. So we need to find M and Again for large numbers solving discrete logarithms is considered practically impossible So as long as we use large enough numbers There are no known solutions that will Find the answer within reasonable time Within thousands of years So solving discrete logarithms is considered a hard problem to do. So that's one reason why RSA is considered secure Solving a discrete logarithm is a computationally hard problem So if we couldn't try that there's other approaches the attacker can take They also know the message is equal to the ciphertext raised to the power of D mod N in that Equation we have two unknowns M and D If we can find D we'll find M easily. So the other approach for the attacker find D and again since we know how The keys were generated. We know that some E times D mod the torsion of N equals 1 That's the rule for generating the keys So again, we have an equation five times D mod the torsion of two hundred ninety nine equals one we need to find the D and Two ways to find it Well just find it. We need to know the torsion of two hundred ninety nine and Two ways to do that factor the torsion into its two primes P and Q Once we do that. It's easy to find the torsion and then it's relatively easy to find D D Again if we use large numbers a large N Factoring it into its two primes is considered a problem, which is also computationally hard Meaning if N is large enough No one will be able to factor it into its two primes within reasonable time So that's the other reason why RSA is considered secure Factoring into primes is a too hard to solve The other approach is to manually solve the torsion by manually. I mean Think of the approach try is one and two hundred ninety nine are they relatively prime two and two hundred ninety nine and count all the numbers relatively prime and Again, there are no known algorithms which are Can be completed in reasonable time if N is large Large will give some examples of what we mean by large soon. So the security of RSA depends upon the fact that Factoring a number into its primes is hard The calculating the torsion of a number is hard and the solving at a discrete logarithm is hard and People consider them to be hard and in fact the easiest of those three problems is Considered to be Factoring into the primes and so when people try to attack RSA That's what they try and solve because that's the easiest one to solve They try to attack it in terms of give an end try and factor into its primes So prime factorization is a very important Problem with respect to RSA security of course with the small numbers you can solve it and break RSA and Your quiz question and maybe an exam question will be here's a public key find the private key I think that's one of the quiz questions So you can do it for small numbers, but just be aware when we use larger numbers It does not extend. It's not possible Questions on RSA. That's the summary of what we got to last lecture So we want to do two things We want to say a little bit of about the practical use of RSA now and how large the number should be and also we want to Explain or prove why? Why did we get 15 here? Why do we get the original m back? That is I Started with a message m of 15. I raised it the power of five and mod by 299 and get some number 214 Now I take 214 and raised to a power of another number 53 Mod by 299. Why do I get 15 back? Why isn't it 16 or 17 or some other number? Well, if it is a different number then the algorithm doesn't work. It was designed to work. So let's just look at well what What is the design such that this will always work such that it will always get 15 and that will lead to the key generation steps? Let me just check your notes and see if I've given you this Right if you go forward a few slides on the From the handouts, there's something called there's a another handout called public key cryptography examples And what I'll go through is that first one the RSA conditions. So there's no need for you to write it down I'll show some of the conditions So what do we know about RSA? We know some of the That's right the two encryption the encryption and encryption algorithms and I'll denote the m that we get here first is m prime the RSA algorithm tells us that we take some original message m and raise it to power of e mod by n and We get C and If we take that C and raise it to power of d and mod by n we'll get some other let's to know m prime as output We require m to be the same as m prime. We require the original message To be the same as the decrypted message Otherwise our decryption doesn't work So the question is on under what conditions Does m equal m prime? Well before we look at the conditions, let's consider an example and let's just choose Instead of going through key generation, let's choose some different values of Some small numbers and I'll let you choose. What's m give me an m small number easy to calculate less than 20 Five someone said five. Okay. E E Let's choose any values Not follow the rules for key generation and see if it works Okay, let's just choose these values and just see if it works. So what do we get C? equals our value of M5 to the power of 17 Number's too big. We'll use the calculator mod 20. What do we get? We use the calculator to solve that M5 to the power of 17 mod 20 is 5 easy That's the encryption. So C equals 5. Let's decrypt m prime equals C To the power of D for mod 20. What do we get? So it works That is the original message m equal to 5 and The decrypted message m equals 5. So that's what we expect. Let's try another one So we need this to work. Let's try say n equal to 21 Everything else the same. I will not write it down. What we'll see equal It'll be 5 to the power of 17 mod 21 17 what does m prime equal? 17 to the power of 4 mod 21 What did you do wrong? 4 it doesn't work So it doesn't always work So we need to know what conditions will it work and we must make sure that we choose values such that we will always work We cannot just choose any value Okay, and there you can do some analysis to why these two work one worked and one didn't But we'll go through and look at the conditions will it will always work So it doesn't work meaning we start with a plain text message 5 we encrypt and then decrypt and we get a plain text message of 4 That's not good Encryption if we don't get the original plain text back So let's look at the conditions when it will always work. That is will always get the same m as output When does am I who am prime? Look at our equations. We can substitute in let's try We said m prime Equals C to the power of D mod n But we know an equation for C. So let's replace that from the top equation C. We said was Calculated as m to the power of e Mod n all to the raise to power of D All mod n all I did was replace the C with the first equation for the encryption equation just a substitution there and We use our rules of modular arithmetic. We can expand this out and The mod n can come out of the brackets and it becomes m to the power of e to the power of D mod n something to the power of something All to the power of something is m to the power of e times D That's our just our rules of exponentiation. So I know right m prime so we're saying that for m To equal m prime This must be true Under what conditions? The other way to write it so when so if m is to be equal to m prime We must have let's remove the prime now We must have the conditions such that the message Is equal to the message to the power of e times D mod n we must have values especially of e d and n such that this is true and Something equals m equals m to the power of something mod n Go back to our number theory. What are some of the theorems there? Fermat's theorem and Euler's theorem Do they match that? property their theorems told us about For example a to the power of something is equivalent to a mod n and a hint it's Euler's theorem Have a look at Euler's theorem in your lecture notes this the second form We wrote it as Something like a will equal to or equivalent to a to the power of the totion of n Plus one Mod mod n That is Euler's theorem Told us that if we have some integer a and raise it to the power of the totion of n plus one and then mod by n we'll get that original integer a back and For rsa to work we would like it to be that of that form that is we take some integer m Raise it to the some power mod by n. We must get the original and integer m back That's what we want So this will be true if The black equation is of the form of Euler's theorem. That is when if e times d Equals the totion of n plus one if it was you'd see it's in the exact same form if You replace e times d with the totion of n plus one Then it would be m equals m to the power of the power of the totion of n plus one mod n and We would always get our original integer back So rsa encryption and decryption will work if e times d equals the totion of n plus one or e times d mod The totion of n should equal what the totion of n plus one mod the totion of n equals There'll be one remainder think 10 plus one mod 10 equals 20 plus one mod 20 One it's always one remainder. So the totion of n plus one mod the totion of n will be one so we can say Under what conditions does rsa work under the condition that e times d those two values we use equals the totion of n plus one or Another way to think of that e times d mod the totion of n equals one So the conditions for rsa to work so far at this this last equation. We need an e times d Mod the totion of n to be equal to one. This is multiplication So we need to have some conditions for that to work What does it say about e and d? Something time something equals one in modular arithmetic. What do we call that? Right and sometimes we call it a multiplicative inverse remember an Inverse in multiplication is when you times two numbers together and you get one so we say e and d are multiplicative inverses of each other When are they multiplicative inverses? When they're relatively prime in the totion of n. So the condition is for this to be true We now must choose values such that Our writer in brief form that The multiplicative inverse of d equals e Vice versa the multiplicative inverse of e equals d in that in mod the totion of n That's the condition When does a number have a multiplicative inverse? when that number is Relatively prime to the totion of n so our conditions are We must choose an e which is relatively prime with the totion of n if we do so Then we can find If we choose some if we know the totion of n we choose some e which is relatively prime with it then we know that it must have a multiplicative inverse and There are algorithms for calculating what is the multiplicative inverse they're not too hard So if we know e is relatively prime with the totion of n we can find d and It meets this condition e times d mod the totion of n equals 1 Which tells us the e times d equals the totion of n plus 1 and That means our equation for RSA encrypt and decrypt Matches Euler's theorem and that means that we'll always get the original m as output The m that we encrypt will be the same as the m we get when we decrypt Whereas this leading us. This is leading us to why the key generation steps are as they are that is We must choose an e which is relatively prime with the totion of n and then we calculate a d Go back to key generation. What were the key generation steps? Look at step two. We'll get to step one in a moment Step two select an e which is relatively prime with a totion of n here We denote it as great as common divisor equals one, but that's relatively prime. So that's why step two is that? so that we can successfully decrypt Calculator d which is the inverse of e why? because the proof of RSA decrypting successfully requires that last step if we're going to generate keys we need to know what is the totion of n so How do we choose a number n such that? We can calculate the totion of n easily We can choose it as two primes if we instead of choosing some n randomly we choose two primes p and q where n equals p times q That's a q then we can easily calculate the totion of n The reason for doing it that way a reason is that we know when we generate the keys Instead of choosing an n we choose two primes and then finding the totion of n is easy Then we need to find a number relatively prime with the totion of n and then we can calculate d the multiplicative inverse What this is trying to point out is that the reason the key generation steps Are these three values that are three steps is so that RSA works If we used other steps, it wouldn't decrypt successfully and we saw an example when we just chose random values or strange values of e and d or that I use 17 and 4 and mod 21 it didn't decrypt we must correctly choose the values Any questions the trap door Right, and we'll come back to we'll talk in general is that this algorithm RSA is uses Mathematical operations which are easy to do in one way But hard to do in the other way called a one-way function or sometimes a trap door function and For example, it's easy It's easy to calculate the totion of n if you have p and q But it's hard to calculate the totion of n if you don't have p and q you need to just go from That actual value That's an example This is maybe a little bit too much to go through on an afternoon close to four o'clock There will not be a question in the exam about proving RSA. Okay, so There'll be questions about RSA guaranteed how to generate keys encrypt encrypt some other questions But not what we've just gone through there of proving Why it works? I've asked that in previous exams, but not this year I'll create a harder question instead No, no, not harder Let's Go back to our slides and see what we've got So we must generate the key using these steps Those steps were chosen such that the decryption would work correctly and such that it will be secure so that those requirements we went through Well, well, let's summarize again The steps are chosen so it's easy for us to find e, d and n that is we can use a computer to choose a value Choose the two primes p and q calculate n Find e find d a computer can do that quite quickly for us We need a the algorithm has the features such that it's easy to encrypt That is if I take some m raise it to the power of e and mod by n my computer can calculate it quite quickly It doesn't take years to calculate and similar it should be easy to decrypt if we know d and it meets that But it must be impossible to find d given e and n and we've gone through why that's the case We'll summarize that later and The conditions for it to work are listed there Which we've just gone through We've gone through an example of RSA We'll return to this a little bit later Now let's look at some of the practical aspects our example use small numbers just so we can do it in our head What should you do using practice? What turns out we use very large numbers How easy it is it for RSA to compute to encrypt decrypt and generate the keys well some things that it takes advantage of is Modular exponentiation Remember we take let's go back the algorithm Let's say m is a large number and e is a large number or If the ciphertext is a large number and d is a large number you take one large number raise it to the power of another large number What do you get a? much much much larger number Okay, so that can be slow to compute and then mod by n so that can be slow to directly compute so Implementations of RSA take advantage of the fact that we can expand that down that this property of multiplication That is we can break it into steps which make it easier to compute in a computer so there are ways to Make RSA faster than just directly doing a large exponentiation What about choosing the values? What about e remember we chose e relatively prime with the totion of n what value do you choose? it's a public value and There are some values which are widely used Because it's public. You don't have to have a different value from someone else The d value must be different because that's private but the e value can be the same as other people and it turns out that Implementations often use the same values. So some examples are 3 17 and a common one will see is 65,537 people have done analysis and found out that these are suitable values of e and that they make doing the exponentiation quite fast Raising our power m to the power of e if e is small then it's quite fast to do and these can help with the implementation in there's some special attacks that if you do use a small value of e and you use a An inappropriate or small value of m then attacks may be possible But they're very easy to overcome to make sure m is large add some padding to it. So if m was quite small You should and or the software that encrypts for you should make it larger such that the attacks are not possible and that works quite well D is your private value of course that needs to be large because Someone can just try and guess it if D is Small then they can do a brute force attack and try all possible values of D until they get the right value So it needs to be large But if it's large If it's large, we're taking a number C and raise to the power of a large number is slow to compute There are ways to compute the decryption Quite quickly. So the Chinese remainder theorem and Fermat's theorem makes it again easy to compute even for large values of D We'll show you some examples of how long it takes shortly P and Q are very important. They must be large very large primes Why because You get n from multiplying P and Q and the challenge for the attacker is given n fine P and Q and It's only hard to find the prime factors when the that number n is very large. So P and Q should be very large primes Generally what's happened there are algorithms for to choose random Choose primes for you that usually just choose a random odd number and do many tests and check that it is prime It works most cases So the strength of RSA a Brute force attack an attacker can try all possible values of D to try and guess it well to stop that make sure D is large But a large D makes the algorithm slower and we've gone through these mathematical attacks Three things the attacker can try to do Factor n into its primes Calculate the totion of n directly without knowing P or Q or Do a discrete logarithm and to find D without even knowing the totion of n So there are different attacks that they can do in theory all of those require solving computationally difficult problems So long as the numbers are large enough the attacker can't solve them Of those approaches Factoring n is considered the fastest or the easiest for the attacker is a way to measure RSA security There are some other theoretical attacks Timing attacks chosen cipher text attacks. So there are other known attacks on RSA which can be successful But they're very easy to defend against so there are countermeasures which are commonly implemented So in theory there's an attack, but it's very easy to prevent the attack by adding a Few modifications to when you encrypt and decrypt How big should N be or how big should the two primes be? This is a little bit old, but it's a RSA the company Who release products that use RSA they want it to be secure They used to in the past have a competition that you'd win thousands or hundreds of thousands of dollars if you could factor a number N into its two primes and Some of the The winners of that competition so back in 1991 N Which was 330 bits so one 100 digits you write a number of 100 digits If that was the value of N back in 1990 ones people eventually factored that into its primes P and Q and The competition was extended and the most recent one. It's been closed, but in 2009 Some group factored at 232 digit number N into its primes So given some N They use many computers and some specialized algorithms to find the two primes P and Q it took About 2,000 years If you used a single computer to do that so they use many computers, of course But the equivalent to you running one computer in that case a single core computer for 2,000 years to factor that 232 digit N into its primes Making N larger of course makes it harder and the typical values of N when RSA used of these three values 1,024 2,048 or 4,096 bits and 1,024 bits is still considered secure But for safety people recommend nowadays using 2,048 bits But there are no known attacks on 1,024 bit values of N So in fact, this is the value of the modulus N in RSA It's usually set and the P and Q values are set such that we multiply together will get this 1,024 bit or 2,048 bit value of N that there are no known Successes in factoring a 2,048 bit value of N into its primes and similar for 1,024 bit Okay, so even there are no known attacks on 1,024 bit. It's still considered safe But maybe in the short future, maybe people do get to factor 1,024 bits. Therefore, it's recommended to use 2,048 bits just to be safe close to 1,000 well Be careful you're increasing It's another 200 bits or so So just adding bits doesn't It's not linear. Okay, that is the the strength Adding bits can make it much more stronger Okay, and if so you cannot simply Extrapolate from here, but if you did what have we gone we've gone over 18 years increased by 400 bits Okay from two ninety ninety one to two thousand and nine increased by about four hundred bits Well, if it was a linear then another 18 years in what two thousand and 27 Maybe we'd get up to a thousand bits But if we're already using two thousand and forty eight bits now then let's still consider safe But in fact, it's not linear like that, but still people consider a thousand and twenty four okay But no longer Recommended just to be safe But many people still use it we'll look at Two examples where I'll use first case I'll use some software just to generate some keys And we'll look at them and see the actual values and then I'll show you another realistic example RSA keys Before the examples let's because that will finish us for today and this topic because we will not go under Diffie Helman But let's just go back to the start and see what slides I've missed over here So just recap on the principles of public key crypto systems We've gone through the history We know that we have a public and private key pair This is in general not just for RSA, but for other algorithms as well There are others and we've we've seen that for confidentiality use the destinations public key always remember that and There may be I think the some of the Quiz questions one of the quiz questions is something about in which order to use the keys to for confidentiality to keep a message secret encrypt that using the destinations Public key such that the only person in the world who can decrypt is the person who has the corresponding private key Which should be the destination? But we can use the keys in the opposite order for the purpose of authentication I want to send a message from a to b I don't care if someone else sees the message But I want to make sure a b so b wants to make sure that this came from a it didn't come from someone pretending to be a That's authentication in this case So a will send a message to b We don't care if someone sees the message Anyone is allowed to read the message but b wants to be able to prove that this message did come from a not someone else and That the way we do it is that we encrypt the message With the private key of a If we encrypt with a private key of a what can we decrypt with? The other key in the key pair, which is the public key of a that's the only thing that was successfully decrypt So we encrypt with the private key of a Send the ciphertext the encrypted message with the private key of a to b What b does is verifies the message and to verify they decrypt with the public key of a of course They know the public key of a it's public So b uses the public key of a to decrypt and b checks if it does decrypt with the public key of a That implies it must have been encrypted with the private key of a and that implies that this message came from a Because there's only one person in the world who has the private key of a So this is a form of authentication Can someone else late maybe the malicious user see can they view the message M? What do they need to do to see the message You're an attacker now what will you do you want to see the message how will you do it? Come on put on your your black hats think about what you'll do Use the public key of a all right. You can see the message the message Was obtained we encrypted the message with the private key of a to get the ciphertext So if the attacker knows the ciphertext see Then they can of course decrypt with the public key of a because it's public so this does not provide Confidentiality everyone can see the message. That's not our purpose here Can the attacker send a message pretending to be a How do they do that if I send a message pretending to be a I need to encrypt that message with some private key If I use of my of course, I don't have the private key of a Because that should be private to a only so if I'm the malicious user see and let's say I encrypt the message using the private key of C Send it to be and tell be this came from a What does be do? It tries to decrypt with the public key of a If B thinks the message came from a then they'll try to decrypt with the public key of a But since it was encrypted with the private key of C the malicious user It will not successfully decrypt and B will know that and therefore not trust the message So this provides authentication if someone tries to send a fake message pretending before from a They must encrypt it with some private key The only one that will work is the private key of a and the only person who has that is a so that implies that a sent the message Similar it can be seen if you try to modify the message along the way If you try and change the message that is you intercept the ciphertext and Try and change the message somehow Then you need the private key of a to send the the encrypted form back to be and since you don't have the private key of a You cannot modify the message either so public key cryptography can be used for confidentiality keeping a message secret or If you use the keys really in the opposite direction encrypt with your private key Then it can be used for authentication proving who the message came from and Ensuring that the message has not been modified along the way and After the mid-term will spend more time on authentication that this technique and other techniques for authentication But that's just the brief introduction. I think that's all we need to say that compares Conventional or symmetric key cryptography and public key cryptography There are different algorithms for public key crypto systems RSA. We've gone through Diffie helman will go through after the mid-term There are others as well elliptic curve cryptography Digital signature standard, which will not go through but there are others that are possible Some use for confidentiality in crypt and decrypt for a secret message Some are used for authentication and later will introduce that the name for that is a digital signature But not yet. So signing a message Actually, we can say This process is called signing a message a Signs the message using their private key Same as you sign a document using your your own signature your own handwriting Here you sign a document or a message using your own private key So we sign a message using a private key in public key cryptography I think there's no need to go through this at this stage This is just state some of the requirements of the general algorithms But I think we've mentioned them along the way especially with RSA and This talks about the trapdoor function that the algorithms must have but again This is general for all algorithms. We've seen a detailed example for RSA Which is sufficient for for this stage So we focused on RSA for public key cryptography We'll we'll finish today with an example of RSA and that will finish this topic for up until the midterm What was the previous homework? Everyone did that? Haven't marked it yet. What did the homework? Open SSL. Okay, right. You used open SSL to encrypt So let's use open SSL. You used it for AES triple desk and other algorithms symmetric key algorithms It can be used of course for public key algorithms So I'll not use it to for encrypt. I'll just simply use open SSL to generate some keys Quite simple. I'll just copy some commands to generate some keys and then explain It's hopefully I get it right Let's just explain this command All right, we're using this software that you've been introduced to called open SSL. No the open SSL is It's really developed as a library So that the applications that you write can call the open SSL library to do cryptographic operations So that your application doesn't need to implement RSA or AES You just call open SSL to do it for you But it also offers a command line interface, but the main use is as a library for other applications Generate public key pair. That's the operation to generate a key pair The algorithm we're going to choose is RSA and For this case, I'm just illustrating some options. We don't need them But there are some default values, but a public key option for RSA the bits We're generating a 2048 bit value of n so we could have specified a 1024 or 2048 or 4096 that's the length so the strength and in this case The value of e what's called the public exponent the exponent. We raise to the power of e Let's use three So e will use three It defaults to some other value and the output will be put into this file, which I've called. Let's let's change it to key pair Just a file that stores it and it's of a particular format that's that's commonly available for it exchanging key pairs or parts of keys It took some time Okay, you time it Or we can time it it takes Real-time 423 427 Milliseconds to do that. Okay, or it seems fast, but in fact compared to Some other algorithms for generating a random key for symmetric key ciphers. It's actually slow, but not a problem So performance wise, it's fine. It does take some time On different computers because it genes to generate two large primes p and q and it goes through an algorithm to generate and test Does it really have large primes p and q that takes some time? So it prints some output Just to indicate that it's doing something along the way Let's have a look. So the key pair is a File it's formatted in such a way. It's 1700 bytes. Let's have a look Zoom out It's a text file, but it's formatted in a way that it's encoded Yeah, don't look this is my private key. We'll explain that the details So it's encoded in some way such that you can easily copy and paste it into an email or save it as a text file But actually it contains multiple values should contain in there somewhere e Nd and some other values we'll see in a moment So we'll just view that in a nicer way, and I'll just take that key pair in and output it as some nicer formatted text And then we'll scroll up and see So this is a little bit nicer format Let's just look through the values So it gives the raw format and then at the software interprets it Interprets the actual value. So here's the modulus. The modulus is n. Let me mod by n It's two hundred and two thousand and forty eight bits long the modulus and those bits are here given in hex So this is the actual value of n Given in hexadecimal Down the bottom is e the public exponent. Remember we raised the power of e three in decimal So he is very small in that case and Here's the one you shouldn't remember is my private exponent d the private exponent is d in our equations that's long and Remember we require d to be large because we don't want someone to be able to guess what my d is So this is it's also about two thousand and forty eight bits So when the algorithm works it chooses it The value such that d is about the same length as n a little bit shorter So d is about two thousand and forty eight bits So to guess that you've got two to the power of two thousand and forty eight possible values And you cannot guess that in reasonable time and actually it stores for mainly for Performance reasons it stores some other values the primes p and q prime one and prime two So there are the two primes That were used so it generated p and q it calculated n the totion of n and found e and d and Last set of values. We will not cover in any depth exponent one exponent two and The coefficient are three other values again just included for speeding up computations You can speed up the encryption and decryption by storing some intermediate values and these are stored in my key here on the lecture slides This slide lists the names of those things that we see from open SSL So the modulus is n the public exponent is e the private exponent d the two primes p and q and These other three values are related to d and p and q and they're main they're only used to speed up encryption and decryption to make it faster and We consider all of those values to be my private key So that are the values I must store and I store them all together Of course some of them are going to be public the first two and an e I'm going to tell other people but I would normally store them in a file like the file that I have Just generated all those values such that when I can Want to encrypt something or decrypt something like I have those values all in a file Last last thing for this one We can extract the public key if I want to send my public values to someone we can do so That just takes all of those values and puts into a new file just the public values And this just shows those public values. It shows that The two public values are the modulus n and the exponent e which is three And this is the file which I could make available to others so Of course, I keep my private key private and the public key I can put in an email I'll put on a website but use some mechanism to make available to others So we can generate keys quite easily Maybe in a later homework after the midterm I'll give you some tasks for using open SSL to generate keys and encrypt and decrypt and you'll see some performance measurements The last thing you have a midterm exam coming up, but even before that We visit a website and you know you use HTTPS for secure websites and if you click on the little icon the padlock up here. It tells us something about the the encryption used for When my web browser access that website And it gives us some more information and we'll cover this in a later topic a little bit more but it uses certificates okay and Some technical details here. It may be hard to see We if you cannot see it says down here TLS TLS is the protocol used by HTTPS for secure connections So transport layer security EC DHE EC stands for elliptic curve cryptography. We're back That's a public key algorithm DH for Diffie-Hellman So there's a combination there. We haven't covered them yet, but it uses RSA in here for the certificate and it actually Uses AES to encrypt the data a hundred and twenty eight bit key of AES using some mode of operation called GCM one we didn't cover and It uses char 256 as a hash algorithm, which we'll cover after the midterm so to encrypt my connection and Not only to encrypt the connection But for me to prove or my browser be sure that I'm accessing the right website We use different cryptographic algorithms and RSA is a key one an important one in there If we view the certificate And we look at the details Again hard to see you'll have a look in your own browser to see all this But we see in here this The public key algorithm used in the certificate is RSA and the subjects public key is given here the modulus The modulus is two thousand and forty eight bits and the exponent is e 65,537 this is the public key of the website that I visited and That's used to support securing the connection between my browser and the website So RSA is widely used in in web security and in a later topic in this course We will look into more detail of what a certificate is and how all those algorithms come together That finishes this topic Any questions