Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013

Similar documents
Last Updated: Oct 14, 2017

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Chapter 8 Public-key Cryptography and Digital Signatures

Public Key Algorithms

Ma/CS 6a Class 3: The RSA Algorithm

CIS 551 / TCOM 401 Computer and Network Security

RSA Algorithm. Factoring, EulerPhi, Breaking RSA. Çetin Kaya Koç Spring / 14

The RSA cryptosystem and primality tests

Mathematics of Cryptography

Public Key Cryptography

Number Theory & Modern Cryptography

Lecture V : Public Key Cryptography

RSA. Ramki Thurimella

dit-upm RSA Cybersecurity Cryptography

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Mathematical Foundations of Public-Key Cryptography

Asymmetric Encryption

CRYPTOGRAPHY AND NUMBER THEORY

Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30

Solution to Midterm Examination

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

RSA ENCRYPTION USING THREE MERSENNE PRIMES

Chapter 4 Asymmetric Cryptography

Public Key Cryptography

Asymmetric Cryptography

RSA RSA public key cryptosystem

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

ECE596C: Handout #11

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Math.3336: Discrete Mathematics. Mathematical Induction

Public-Key Cryptosystems CHAPTER 4

10 Public Key Cryptography : RSA

The security of RSA (part 1) The security of RSA (part 1)

CPSC 467b: Cryptography and Computer Security

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

Lecture 1: Introduction to Public key cryptography

Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.

Cryptography IV: Asymmetric Ciphers

Cryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg

Cryptography. P. Danziger. Transmit...Bob...

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Encryption: The RSA Public Key Cipher

Ti Secured communications

Cryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups

Ma/CS 6a Class 4: Primality Testing

THE RSA CRYPTOSYSTEM

Discrete mathematics I - Number theory

10 Modular Arithmetic and Cryptography

Public-key Cryptography and elliptic curves

Introduction to Modern Cryptography. Lecture RSA Public Key CryptoSystem 2. One way Trapdoor Functions

Question: Total Points: Score:

Week 7 An Application to Cryptography

ECE 646 Lecture 9. RSA: Genesis, operation & security

Ma/CS 6a Class 4: Primality Testing

MATH 158 FINAL EXAM 20 DECEMBER 2016

Lecture Notes, Week 6

Algorithmic Number Theory and Public-key Cryptography

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

Cryptography. pieces from work by Gordon Royle

Carmen s Core Concepts (Math 135)

Discrete Mathematics GCD, LCM, RSA Algorithm

Introduction to Cryptography. Lecture 8

Introduction to Modern Cryptography. Benny Chor

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.

Analysis of the RSA Encryption Algorithm

5199/IOC5063 Theory of Cryptology, 2014 Fall

Public Key Algorithms

Candidates must show on each answer book the type of calculator used. Only calculators permitted under UEA Regulations may be used.

Practice Assignment 2 Discussion 24/02/ /02/2018

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

Introduction to Public-Key Cryptosystems:

Public Key Cryptography

Congruence of Integers

Introduction. What is RSA. A Guide To RSA by Robert Yates. Topics

Mathematics of Public Key Cryptography

Number Theory. Modular Arithmetic

NUMBER THEORY FOR CRYPTOGRAPHY

MATHEMATICS EXTENDED ESSAY

Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks

CS March 17, 2009

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Innovation and Cryptoventures. Cryptography 101. Campbell R. Harvey. Duke University, NBER and Investment Strategy Advisor, Man Group, plc

My brief introduction to cryptography

Public Key Cryptography

For your quiz in recitation this week, refer to these exercise generators:

Great Theoretical Ideas in Computer Science

Other Public-Key Cryptosystems

Attacks on RSA & Using Asymmetric Crypto

Introduction to Cybersecurity Cryptography (Part 4)

CPSC 467: Cryptography and Computer Security

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Biomedical Security. Overview 9/15/2017. Erwin M. Bakker

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

Outline. Available public-key technologies. Diffie-Hellman protocol Digital Signature. Elliptic curves and the discrete logarithm problem

RSA: Genesis, Security, Implementation & Key Generation

Transcription:

RSA Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013

Recap

Recap Number theory o What is a prime number? o What is prime factorization? o What is a GCD? o What does relatively prime mean? What does co-prime mean? o What does congruence mean? o What is the additive inverse of 13 % 17? o What is the multiplicative inverse of 7 % 8?

Recap: Diffie- Hellman You re trapped in your spaceship You have enough energy to send a single message to your HQ You have: o o o HQ s public DH values g=5, p = 875498279345 g a = 32477230478 Your AES implementation from Labs #1 & 2 An arbitrary precision calculator How can you construct your message so that it will be safe from eavesdroppers?

Asymmetric Encryption

Public Key Terminology Public Key Private Key Digital Signature You encrypt with a public key, and you decrypt with a private key You sign with a private key, and you verify with a public key

Model for Encryption with Public Key Cryptography Alice Bob s Public Key Bob Bob s Private Key Plaintext Ciphertext Plaintext Encryption Algorithm Decryption Algorithm

Model for Digital Signature with Public Key Cryptography Alice Alice s Private Key Bob Alice s Public Key Plaintext Ciphertext Plaintext Signing Algorithm Verification Algorithm

History of RSA Invented in 1977 by o Ron Rivest o Adi Shamir o Leonard Adleman Patent expired in the year 2000 It s withstood years of extensive cryptanalysis o Suggests a level of confidence in the algorithm

RSA m = message c = ciphertext e = public exponent d = private exponent n = modulus RSA Encryption o c = m e % n RSA Decryption o m = c d % n

The Math Behind RSA RSA encrypt/decrypt operations are simple The math to get to the point where these operations work is not so simple (at first) o Fermat s little theorem o Euler s generalization of Fermat s little theorem

Fermat s LiIle Theorem If o p is prime o a is relatively prime to p (co-prime) Then Fermat s theorem states o a p-1 1 (mod p) o for all 0 < a < p This serves as the basis for o Fermat s primality test o Euler s generalization Which values of a aren t co- prime to p? Pierre de Fermat (1601-1655)

Application of Fermat s LiIle Theorem Compute 2 12 % 11 Compute 2 565 % 561 (561 is prime)

Euler s Generalization of Fermat s LiIle Theorem Euler said o a phi(n) 1 (mod n) phi(n) o Euler s totient function ϕ(n) n doesn t need to be prime a must still be co- prime to n o The number of values less than n which are relatively prime to n Multiplicative group of integers (Z n *) RSA is interested in values of n that are the product of two prime numbers p and q Leonhard Euler (1707-1783)

Computing phi(n) in RSA phi(n) is the number of integers between 0 and n that are co-prime to n When p * q = n, and p and q are prime, what is the phi(n)? (p- 1)(q- 1) Proof (When p * q = n) Observations 1) there are p-1 multiples of q between 1 and n 2) there are q-1 multiples of p between 1 and n These multiples are not co-prime to n Definition: phi(n) = # of values between 0 and n that are co-prime to n phi(n) = # of values between 0 and n minus # of values between 0 and n not co-prime to n phi(n) = [ n 1] [(p-1) + (q-1)] = [pq 1] (p-1) (q-1) = pq p q + 1 = (p-1)(q-1) Why not?

RSA Euler said: a phi(n) 1 (mod n) o m (p-1)(q-1) 1 (mod n) Notice: m (p-1)(q-1) * m m (p-1)(q-1)+1 m (mod n) o m phi(n)+1 m (mod n) Let e*d = k*phi(n) + 1 o Then e*d 1 (mod phi(n)) o Therefore m ed m k*phi(n)+1 m phi(n) *m phi(n) * * m m (mod n) RSA Encryption o m e = c (mod n) RSA Decryption o c d = m (mod n)

Steps for RSA Encryption Select p, q (large prime numbers) n=p*q phi(n) = (p-1)(q-1) Select integer e where e is relatively prime to phi(n) o Common values for e are 3 and 65537. Why? Calculate d, where d*e = 1 (mod phi(n)) Public key is KU = {e, n} Private key is KR = {d, n} RSA encryption o m e = c (mod n) RSA decryption o c d = m (mod n) Why is RSA Secure? Hard to factor large numbers Hard to compute d without phi(n) Discrete logs are hard (m d % n) Given signature, hard to find d

RSA Usage Given m e = c (mod n) and c d = m (mod n) o What restrictions should be placed on m? For bulk encryption (files, emails, web pages, etc) o o o Some try using RSA as block cipher Never, never, never encrypt data directly using RSA Inefficient Insecure Always use symmetric encryption for data, and use RSA to encrypt the symmetric key (after adding the appropriate padding) Digital signatures o o Do not sign the entire document Sign (encrypt) a hash of the document using the private key Makes sure the length of the hash is < n

How do we get p, q, e, & d? What is p? o How do we get it? What is q? o How do we get it? What is e? o How do we get it? o What is the relationship of e and (p-1)(q-1)? What is d? o How do we get it?

Multiplicative Inverses Use the extended Euclidean algorithm o Based on the fact that GCD can be defined recursively If x > y, then GCD(x,y) = (recursively) GCD(y, x-y) Also if x > y, then GCD(x,y) = (recursively) GCD(y, x%y) o GCD can also be used as follows: Suppose ax + by = gcd(x,y) If x is the modulus, and gcd (x,y) = 1 o Then ax + by = 1 and b is y -1

Extended Euclidean algorithm GCD (120, 23) 120 / 23 = 5 r 5 23 / 5 = 4 r 3 5 / 3 = 1 r 2 3 / 2 = 1 r 1 2 / 1 = 2 r 0 1 / 0 GCD is 1, 120 and 23 are co-prime GCD (120, 23) 120 / 23 = 5 r 5 => 5 = 120(1) + 23(-5) 23 / 5 = 4 r 3 => 3 = 23(1) + 5(-4) 5 / 3 = 1 r 2 => 2 = 5(1) + 3(-1) 3 / 2 = 1 r 1 => 1 = 3(1) + 2(-1) 2 / 1 = 2 r 0 => 0 = 2(1) + 1(-2) Notice the first line is a sum of products involving 120 and 23. We can derive a formula for each remainder to be a sum of products of 120,23.

Extended Euclidean algorithm GCD (120, 23) 120 / 23 = 5 r 5 => 5 = 120(1) + 23(-5) 23 / 5 = 4 r 3 => 3 = 23(1) + 5(-4) 5 / 3 = 1 r 2 => 2 = 5(1) + 3(-1) 3 / 2 = 1 r 1 => 1 = 3(1) + 2(-1) 2 / 1 = 2 r 0 => 0 = 2(1) + 1(-2) GCD (120, 23) 120 / 23 = 5 r 5 => 5 = 120(1) + 23(-5) 23 / 5 = 4 r 3 => 3 = 23 + [120(1) + 23(-5)] (-4) = 23 + (120(-4) + 23(20)) = 23(21) + 120(-4) 5 / 3 = 1 r 2 => 2 = 5(1) + 3(-1) 3 / 2 = 1 r 1 => 1 = 3(1) + 2(-1) 2 / 1 = 2 r 0 => 0 = 2(1) + 1(-2)

Extended Euclidean algorithm GCD (120, 23) 120 / 23 = 5 r 5 => 5 = 120(1) + 23(-5) 23 / 5 = 4 r 3 => 3 = 23(21) + 120(-4) 5 / 3 = 1 r 2 => 2 = 5(1) + 3(-1) 3 / 2 = 1 r 1 => 1 = 3(1) + 2(-1) 2 / 1 = 2 r 0 => 0 = 2(1) + 1(-2) GCD (120, 23) 120 / 23 = 5 r 5 => 5 = 120(1) + 23(-5) 23 / 5 = 4 r 3 => 3 = 23(21) + 120(-4) 5 / 3 = 1 r 2 => 2 = [120(1)+23(-5)] + [23(21)+120(-4)](-1) = 120(5) + 23(-26) 3 / 2 = 1 r 1 => 1 = 3(1) + 2(-1) 2 / 1 = 2 r 0 => 0 = 2(1) + 1(-2)

Extended Euclidean algorithm GCD (120, 23) 120 / 23 = 5 r 5 => 5 = 120(1) + 23(-5) 23 / 5 = 4 r 3 => 3 = 23(21) + 120(-4) 5 / 3 = 1 r 2 => 2 = 120(5) + 23(-26) 3 / 2 = 1 r 1 => 1 = 3(1) + 2(-1) 2 / 1 = 2 r 0 => 0 = 2(1) + 1(-2) GCD (120, 23) 120 / 23 = 5 r 5 => 5 = 120(1) + 23(-5) 23 / 5 = 4 r 3 => 3 = 23(21) + 120(-4) 5 / 3 = 1 r 2 => 2 = 120(5) + 23(-26) 3 / 2 = 1 r 1 => 1 = [23(21) + 120(-4)] + [120(5) + 23(-26)](-1) = 23(47) + 120(-9) 2 / 1 = 2 r 0 => 0 = 2(1) + 1(-2) Notice that 1 = 23*47 + 120(-9) means that 47 is the multiplicative inverse of 23 (mod 120)

Computing d For RSA, calculate GCD(phi(n), e) to find d using extended Euclidean algorithm (see handout on Lab #4 page) o Manual iterative method for the exam o Use the table method in your lab For RSA, the GCD(phi(n),e) will result in an equation of the form o 1 = e*d + phi(n)*k o Where d or k is negative If d is negative convert it to an equivalent positive number (mod n) using phi(n) + d

Computing RSA Keys Example p=17 q=11 n=? phi(n)=? e=7 d=?

Applications for Public Key Cryptosystems Algorithm Encrypt/Decrypt Digital Signature Key Exchange Diffie- Hellman No No Yes RSA Yes Yes Yes DSS No Yes No Elliptic Curve Yes Yes Yes

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback