Professional Documents
Culture Documents
The RSA Algorithmppt
The RSA Algorithmppt
The RSA Algorithmppt
JooSeok Song
2007. 11. 13. Tue
Private-Key Cryptography
traditional private/secret/single key
cryptography uses one key
shared by both sender and receiver
if this key is disclosed communications are
compromised
also is symmetric, parties are equal
hence does not protect sender from receiver
forging a message & claiming is sent by sender
CCLAB
Public-Key Cryptography
probably most significant advance in the 3000
year history of cryptography
uses two keys a public & a private key
asymmetric since parties are not equal
uses clever application of number theoretic
concepts to function
complements rather than replaces private key
crypto
CCLAB
Public-Key Cryptography
public-key/two-key/asymmetric cryptography
involves the use of two keys:
a public-key, which may be known by anybody, and
can be used to encrypt messages, and verify
signatures
a private-key, known only to the recipient, used to
decrypt messages, and sign (create) signatures
is asymmetric because
those who encrypt messages or verify signatures
cannot decrypt messages or create signatures
CCLAB
Public-Key Cryptography
CCLAB
CCLAB
Public-Key Characteristics
Public-Key algorithms rely on two keys with the
characteristics that it is:
computationally infeasible to find decryption key
knowing only algorithm & encryption key
computationally easy to en/decrypt messages when the
relevant (en/decrypt) key is known
either of the two related keys can be used for
encryption, with the other used for decryption (in some
schemes)
CCLAB
Public-Key Cryptosystems
CCLAB
Public-Key Applications
can classify uses into 3 categories:
encryption/decryption (provide secrecy)
digital signatures (provide authentication)
key exchange (of session keys)
CCLAB
Cryptography Outline
Introduction: terminology, cryptanalysis, security
Primitives:
one-way functions
one-way trapdoor functions
one-way hash functions
296.3
Page 11
296.3
Page 12
One-way functions:
possible definition
1. F(x) is polynomial time
2. F-1(x) is NP-hard
What is wrong with this definition?
CCLAB
296.3
Page 13
One-way functions:
better definition
For most x no single PPT (probabilistic
polynomial time) algorithm can compute x
given y
Roughly: at most a 1/|x|k fraction of instances x
are easy for any k and as |x| ->
This definition can be used to make the
probability of hitting an easy instance arbitrarily
small.
CCLAB
296.3
Page 14
296.3
Page 15
One-way functions in
public-key protocols
y = ciphertext m = plaintext k = public key
Consider: y = Ek(m) (i.e., f = Ek)
Everyone knows k and thus f
Ek(m) needs to be easy
Ek-1(y) should be hard
Otherwise eavesdropper could decrypt y.
But what about the intended recipient, who should
be able to decrypt y?
CCLAB
296.3
Page 16
One-way functions in
private-key protocols
y = ciphertext
m = plaintext
k = key
Is
y = Ek(m)
(i.e. f = Ek)
296.3
Page 17
One-way functions in
private-key protocols
y = ciphertext m = plaintext k = key
How about
y = Ek(m) = E(k,m) = Em(k)
(i.e. f = Em)
should this be a one-way function?
In a known-plaintext attack we know a (y,m) pair.
The m along with E defines f
Em(k) needs to be easy
Em-1(y) should be hard
Otherwise we could extract the key k.
CCLAB
296.3
Page 18
In public-key algorithms
f(x) = public key (e.g., e and n in RSA)
Trapdoor = private key (e.g., d in RSA)
CCLAB
296.3
Page 19
CCLAB
296.3
Page 20
RSA
by Rivest, Shamir & Adleman of MIT in 1977
best known & widely used public-key scheme
based on exponentiation in a finite (Galois) field
over integers modulo a prime
nb. exponentiation takes O((log n)3) operations (easy)
CCLAB
RSA Use
to encrypt a message M the sender:
obtains public key of recipient KU={e,N}
computes: C=Me mod N, where 0M<N
CCLAB
Prime Numbers
prime numbers only have divisors of 1 and self
they cannot be written as a product of other numbers
note: 1 is prime, but is generally not of interest
CCLAB
Prime Factorisation
to factor a number n is to write it as a product of
other numbers: n=a b c
note that factoring a number is relatively hard
compared to multiplying the factors together to
generate the number
the prime factorisation of a number n is when its
written as a product of primes
eg. 91=713 ; 3600=243252
CCLAB
CCLAB
Fermat's Theorem
ap-1 mod p = 1
where p is prime and gcd(a,p)=1
CCLAB
CCLAB
eg.
(37) = 36
(21) = (31)(71) = 26 = 12
CCLAB
Euler's Theorem
a generalisation of Fermat's Theorem
a(n)mod N = 1
where gcd(a,N)=1
eg.
CCLAB
a=3;n=10; (10)=4;
hence 34 = 81 = 1 mod 10
a=2;n=11; (11)=10;
hence 210 = 1024 = 1 mod 11
in RSA have:
N=p.q
(N)=(p-1)(q-1)
carefully chosen e & d to be inverses mod (N)
hence e.d=1+k.(N) for some k
hence :
Cd = (Me)d = M1+k.(N) = M1.(M(N))q = M1.
(1)q = M1 = M mod N
CCLAB
RSA Example
1.
2.
3.
4.
5.
CCLAB
decryption:
M = 1123 mod 187 = 88
CCLAB
Exponentiation
can use the Square and Multiply Algorithm
a fast, efficient algorithm for exponentiation
concept is based on repeatedly squaring base
and multiplying in the ones that are needed to
compute the result
look at binary representation of exponent
only takes O(log2 n) multiples for number n
CCLAB
Exponentiation
CCLAB
CCLAB
RSA Security
three approaches to attacking RSA:
brute force key search (infeasible given size of
numbers)
mathematical attacks (based on difficulty of computing
(N), by factoring modulus N)
timing attacks (on running of decryption)
CCLAB
Factoring Problem
mathematical approach takes 3 forms:
factor N=p.q, hence find (N) and then d
determine (N) directly and find d
find d directly
CCLAB
Timing Attacks
developed in mid-1990s
exploit timing variations in operations
eg. multiplying by small vs large number
or IF's varying which instructions executed
CCLAB
Summary
have considered:
CCLAB
prime numbers
Fermats and Eulers Theorems
Primality Testing
Chinese Remainder Theorem
Discrete Logarithms
principles of public-key cryptography
RSA algorithm, implementation, security
Assignments
1. Perform encryption and decryption using RSA
algorithm, as in Figure 1, for the following:
p = 3; q = 11, e = 7; M = 5
p = 5; q = 11, e = 3; M = 9
Encryption
Plaintext
88
Decryption
Ciphertext
11
11 23 mod 187 = 88
KU = 7, 187
KR = 23, 187
Figure 1. Example of RSA Algorithm
Plaintext
88
41
Introduction
Discovered by Whitfield Diffie and Martin
Hellman
New Directions in Cryptography
CCLAB
Introduction
Implementation
P and G are both publicly available numbers
P is at least 512 bits
CCLAB
Implementation
CCLAB
Implementation
Compute shared, private key
ka = ya mod p
kb = xb mod p
CCLAB
Implementation
CCLAB
Example
CCLAB
Example
Applications
CCLAB
CCLAB
Digital
Signature
Model
CCLAB
CCLAB
CCLAB
CCLAB
CCLAB
CCLAB
choose g = h(p-1)/q
where 1<h<p-1 and h(p-1)/q mod p > 1
CCLAB
s-1 mod q
[H(M)w ]mod q
(rw)mod q
[(gu1 yu2)mod p ]mod q
CCLAB
DSS Overview
CCLAB