Public Key Cryptosystems RSA

Transcription

1 Public Key Crytosystems RSA Receiver Sender and rime 53 Attacker 47

2 Public Key Crytosystems RSA Comute numbers n = * Receiver Sender and rime 53 Attacker

3 Public Key Crytosystems RSA Choose e rime relative to ( 1)( 1) Receiver Sender and rime Attacker

4 Public Key Crytosystems RSA Publish <n,e> air as the ublic key Receiver Sender and rime Attacker

5 Public Key Crytosystems RSA Find d such that (e*d 1) is divisible by ( 1)( 1) Receiver Sender and rime Attacker

6 Public Key Crytosystems RSA Kee <d,n> as the rivate key Receiver Sender and rime Attacker

7 Public Key Crytosystems RSA Toss and Receiver Sender 2217 Attacker

8 Public Key Crytosystems RSA Receiver m 43 mod 2337 Sender 2217 Attacker

9 Public Key Crytosystems RSA Receiver Sender (m 43 mod 2337) 1667 mod 2337 Attacker

10 Public Key Crytosystems RSA Modulo arithmetic Fermat's Little Theorem If is rime and 0 < m <, then m 1 = 1 mod Ex: 3 (5 1) = 81 = 1 mod 5 36 (29 1) = = 1 mod 29 (See htt://gauss.ececs.uc.edu/courses/c472/java/fermat/fermat.html)

11 Public Key Crytosystems RSA Z*n All numbers less than n that are relatively rime with n Examles: Z*10 = { 1, 3, 7, 9 }; Z*15 = { 1, 2, 4, 7, 8, 11, 13, 14 } If numbers a, b are members of Z*n then so is a b mod n. Examles: 4 11 mod 15 = 44 mod 15 = 14; mod 15 = 182 mod 15 = 2. (See htt://gauss.ececs.uc.edu/courses/c472/java/generator/zstarn.html)

12 Public Key Crytosystems RSA Euler's Totient Function: Defined: (n) is the number of elements in Z*n Examle: (7) = 6 ({1,2,3,4,5,6}) ; (10) = 4 ({1,3,7,9}) Suose n = and and are relatively rime Examle: (70): { 1, 3, 9, 11, 13, 17, 19, 23, 27, 29, 31, 33, 37, 39, 41, 43, 47, 51, 53, 57, 59, 61, 67, 69 } (70) = (7) (10) = 24.

13 Public Key Crytosystems RSA Euler's Theorem: For all m in Z*n, m (n) = 1 mod n. Examles: suose n = 10, Z*n = { 1, 3, 7, 9 } = 81 = 1 mod = 2401 = 1 mod = 6561 = 1 mod 10 Suose n = 14, Z*n = { 1, 3, 5, 9, 11, 13 } = 729 = 1 mod = = 1 mod = = 1 mod = = 1 mod = = 1 mod 14

14 Public Key Crytosystems RSA Euler's Theorem: k (n)+1 For all m in Z*n, and any non neg int k, m = m mod n. Why? a (k (n)+1) = (a (n) ) k a = 1 k a = a For all m relatively rime to n, and any non neg int k, k (n)+1 m = m mod n; if n =, and are rime then (n) = ( 1) ( 1)

15 Public Key Crytosystems RSA Relevance to RSA: n = e relatively rime to (n) = ( 1) ( 1) d such that e d 1 divisible by (n) hence (e d 1) / (n) = k so e d = k (n) + 1 = 1 mod (n) therefore m e d = m k (n)+1 = m mod n

16 Public Key Crytosystems RSA, signing Receiver m 263 mod 323 Sender 2217 Attacker

17 Public Key Crytosystems RSA, signing Receiver Sender (m 263 mod 323) 23 mod 323 Attacker

18 Public Key Crytosystems RSA, exonentiating mod 78837

19 Public Key Crytosystems RSA, exonentiating mod Yikes!

20 Public Key Crytosystems RSA, exonentiating mod Yikes! Rescued by: a x *b y mod = (a x mod )*(b y mod ) mod

21 Public Key Crytosystems RSA, exonentiating mod mod That is, do the modular reduction after each multilication.

22 Public Key Crytosystems RSA, find rimes Probability that a random number n is rime: 1/ln(n) For 100 digit number this is 1/230.

23 Public Key Crytosystems RSA, find rimes Probability that a random number n is rime: 1/ln(n) For 100 digit number this is 1/230. But how to test for being rime?

24 Public Key Crytosystems RSA, find rimes Probability that a random number n is rime: 1/ln(n) For 100 digit number this is 1/230. But how to test for being rime? If is rime and 0 < a <, then a 1 = 1 mod Ex: 3 (5 1) = 81 = 1 mod 5 36 (29 1) = = 1 mod 29 (See htt://gauss.ececs.uc.edu/courses/c472/java/fermat/fermat.html)

25 Public Key Crytosystems RSA, find rimes Probability that a random number n is rime: 1/ln(n) For 100 digit number this is 1/230. But how to test for being rime? If is rime and 0 < a <, then a 1 = 1 mod Ex: 3 (5 1) = 81 = 1 mod 5 36 (29 1) = = 1 mod 29 Pr ( isn't rime but a 1 = 1 mod ) = 1/ (See htt://gauss.ececs.uc.edu/courses/c472/java/fermat/fermat.html)

26 } Public Key Crytosystems RSA, find rimes Can always exress a number n 1 as 2 b c for some odd number c. ex: 48 = Here is the 2 } Here is the odd number b

27 Public Key Crytosystems RSA, find rimes Can always exress a number n 1 as 2 b c for some odd number c. ex: 48 = Then can comute a n 1 mod n by comuting a c mod n and suaring the result b times. If the result is not 1 then n is not rime.

28 Public Key Crytosystems RSA, find rimes Trivial suare roots of 1 mod : 1 mod and 1 mod If is rime, there are no nontrivial suare roots of 1 mod Let x be a suare root of 1 mod. Then x 2 = 1 mod. Or, (x 1)(x+1) = 0 mod. But x 1 and x+1 are divisible by rime. Hence, the roduct cannot be divisible by. Therefore x does not exist.

29 Public Key Crytosystems RSA, find rimes Consider n 1 = 2 b c again. If is rime then a c = 1 mod or for some r, a 2rc = 1 mod.

30 Public Key Crytosystems RSA, find rimes Choose a random odd integer to test. Calculate b = # times 2 divides 1. Calculate m such that = b m. Choose a random integer a such that 0 < a <. If a m 1 mod a 2 jm 1 mod, for some 0 j b 1, then asses the test. A rime will ass the test for all a.

31 Public Key Crytosystems RSA, find rimes Choose a random odd integer to test. Calculate b = # times 2 divides 1. Calculate m such that = b m. Choose a random integer a such that 0 < a <. If a m 1 mod a 2 jm 1 mod, for some 0 j b 1, then asses the test. A rime will ass the test for all a. A non rime number asses the test for at most 1/4 of all ossible a. So, reeat N times and robability of error is (1/4) N. (See htt://gauss.ececs.uc.edu/courses/c472/java/millerrabin/mr.html)

32 Public Key Crytosystems RSA, icking d and e Choose e first, then find and so ( 1) and ( 1) are relatively rime to e RSA is no less secure if e is always the same and small Poular values for e are 3 and For e = 3, though, must ad message or else cihertext = laintext Choose 2 mod 3 so 1 = 1 mod 3 So, choose random odd number, multily by 3 and add 2, then test for rimality