V-i chain block Encryption Encryption 64 bits ciphertext 64 bits ciphertext Electronic codebook mode Cipher block chaining mode Encryption Encryption k bits output k bits output I k bits plaintext-++ k bits plaintext k bits ciphertext Cipher feedback mode Output feedback mode FIGURE 97.5 Modes of use for block cryptosystems. Although the dES key length was acceptable to most users when the standard was released in 1977, increases in computing power have made exhaustive search less expensive, so the relative security of dES has decreased. NSA now supports some of its own secret algorithms as DES replacements("COMSEC Commercial Endorse ment Program, Type Ir"devices), although NIST support for DES continues and no algorithmic weaknesses in DES have been publicly revealed Public-key cryptosystems [Diffie and Hellman, 1976] use two different keys(asymmetric systems). For example, information can be encrypted with one key and decrypted with a different(but related through a secure process)key. If the aim is secrecy, the decryption key must be secret so only the recipient can decrypt. In this case, however, the encryption key can be publicly known and known to be associated with a particular potential recipient. Although the sender can be assured of information secrecy in this process, the recipient cannot be assured of sender authenticity. If the secret key of a pair of keys is used by a sender to encrypt, any ecipient who knows the sender's public key can be assured of sender authenticity, but there is no assurance of secrecy. If the public-key cryptosystem has commutative transformations(as does the RSA cryptosystem) encryption with the sender's secret key and with the recipients public key for encipherment, and decryption by the recipient with his or her secret key and with the sender's public key provides both secrecy and authenticity. RSA (named after Rivest, Shamir, and Adleman) is the most well known and most widely used public-key cryptosystem. Unlike DES, the key length ot rsd enof the public key is not helpful in determining the secret key). Key selection begins with the choice of two prime numbers, each can be approximately 150 decimal digits ng, giving about a 300-digit number on which the RSA encryption is based [Eq(97. 1)]. The security of the system depends on the difficulty of factoring large numbers that have no relatively small factors. Equation (97. 2)shows how a secret modulus is determined, and Eq. (97.3)shows how the modulus is used to relate the secret key and the public key. Equation(97. 4) gives the RSA encryption process, and Eq. (97.5)gives the RSA decryption process. An adversary who could factor n could use Eq. (97.2)to determine the modulus, o, and then the secret key, d, from Eq (97.3), given the public key, e. (97.1) φ=(p-1)(q-1) d=1(mod o) c 2000 by CRC Press LLC© 2000 by CRC Press LLC Although the DES key length was acceptable to most users when the standard was released in 1977, increases in computing power have made exhaustive search less expensive, so the relative security of DES has decreased. NSA now supports some of its own secret algorithms as DES replacements (“COMSEC Commercial Endorse￾ment Program, Type II” devices), although NIST support for DES continues and no algorithmic weaknesses in DES have been publicly revealed. Public-key cryptosystems [Diffie and Hellman, 1976] use two different keys (asymmetric systems). For example, information can be encrypted with one key and decrypted with a different (but related through a secure process) key. If the aim is secrecy, the decryption key must be secret so only the recipient can decrypt. In this case, however, the encryption key can be publicly known and known to be associated with a particular potential recipient. Although the sender can be assured of information secrecy in this process, the recipient cannot be assured of sender authenticity. If the secret key of a pair of keys is used by a sender to encrypt, any recipient who knows the sender’s public key can be assured of sender authenticity, but there is no assurance of secrecy. If the public-key cryptosystem has commutative transformations (as does the RSA cryptosystem), encryption with the sender’s secret key and with the recipient’s public key for encipherment, and decryption by the recipient with his or her secret key and with the sender’s public key provides both secrecy and authenticity. RSA (named after Rivest, Shamir, and Adleman) is the most well known and most widely used public-key cryptosystem. Unlike DES, the key length of RSA encryption is user-selectable. However, the length chosen must be securely long (long enough that knowledge of the public key is not helpful in determining the secret key). Key selection begins with the choice of two prime numbers, each can be approximately 150 decimal digits long, giving about a 300-digit number on which the RSA encryption is based [Eq. (97.1)]. The security of the system depends on the difficulty of factoring large numbers that have no relatively small factors. Equation (97.2) shows how a secret modulus is determined, and Eq. (97.3) shows how the modulus is used to relate the secret key and the public key. Equation (97.4) gives the RSA encryption process, and Eq. (97.5) gives the RSA decryption process. An adversary who could factor n could use Eq. (97.2) to determine the modulus, φ, and then the secret key, d, from Eq. (97.3), given the public key, e. n = pq (97.1) φ = (p – 1)(q – 1) (97.2) ed = 1 (mod φ) (97.3) FIGURE 97.5 Modes of use for block cryptosystems