Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Similar documents
Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

The RSA cryptosystem and primality tests

Discrete Mathematics GCD, LCM, RSA Algorithm

10 Public Key Cryptography : RSA

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Lecture 1: Introduction to Public key cryptography

Introduction to Modern Cryptography. Benny Chor

Public Key Cryptography

Cryptography. pieces from work by Gordon Royle

University of Tokyo: Advanced Algorithms Summer Lecture 6 27 May. Let s keep in mind definitions from the previous lecture:

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013

10 Modular Arithmetic and Cryptography

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

CIS 551 / TCOM 401 Computer and Network Security

RSA Algorithm. Factoring, EulerPhi, Breaking RSA. Çetin Kaya Koç Spring / 14

Public Key Cryptography

Public Key Algorithms

Asymmetric Encryption

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

The RSA public encryption scheme: How I learned to stop worrying and love buying stuff online

Lecture V : Public Key Cryptography

CPSC 467b: Cryptography and Computer Security

RSA. Ramki Thurimella

Cryptography. P. Danziger. Transmit...Bob...

Ma/CS 6a Class 3: The RSA Algorithm

8.1 Principles of Public-Key Cryptosystems

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Cryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

CPSC 467b: Cryptography and Computer Security

CSCI3390-Lecture 16: Probabilistic Algorithms: Number Theory and Cryptography

Mathematics of Cryptography

Introduction to Public-Key Cryptosystems:

RSA: Genesis, Security, Implementation & Key Generation

ECE 646 Lecture 8. RSA: Genesis, Security, Implementation & Key Generation

RSA RSA public key cryptosystem

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.

19. Coding for Secrecy

Chapter 8 Public-key Cryptography and Digital Signatures

CRYPTOGRAPHY AND NUMBER THEORY

Public-Key Cryptosystems CHAPTER 4

Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks

CPSC 467b: Cryptography and Computer Security

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

Encryption: The RSA Public Key Cipher

basics of security/cryptography

Algorithmic Number Theory and Public-key Cryptography

Asymmetric Cryptography

Chapter 4 Asymmetric Cryptography

CPSC 467b: Cryptography and Computer Security

Number Theory & Modern Cryptography

Aspect of Prime Numbers in Public Key Cryptosystem

Cryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg

Mathematics of Public Key Cryptography

Simple Math: Cryptography

Partial Key Exposure: Generalized Framework to Attack RSA

Public-key Cryptography and elliptic curves

RSA Key Generation. Required Reading. W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality

THE RSA ENCRYPTION SCHEME

THE CUBIC PUBLIC-KEY TRANSFORMATION*

Theory of Computation Chapter 12: Cryptography

CS483 Design and Analysis of Algorithms

A Few Facts from Number Theory and the RSA Cryptosystem OVERVIEW. RSA Producing Big Primes. Table of Contents. Overview Basic Facts of Number Theory

Lecture Notes, Week 6

Week 7 An Application to Cryptography

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

Mathematical Foundations of Public-Key Cryptography

Public Key Algorithms

Introduction. What is RSA. A Guide To RSA by Robert Yates. Topics

Théorie de l'information et codage. Master de cryptographie Cours 10 : RSA. 20,23 et 27 mars Université Rennes 1

Cryptography IV: Asymmetric Ciphers

Cryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

Public Key Cryptography

dit-upm RSA Cybersecurity Cryptography

CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES. The questions with a * are extension questions, and will not be included in the assignment.

ICS141: Discrete Mathematics for Computer Science I

Univ.-Prof. Dr. rer. nat. Rudolf Mathar. Written Examination. Cryptography. Tuesday, August 29, 2017, 01:30 p.m.

Elliptic Curve Cryptography

CRYPTOGRAPHY AND LARGE PRIMES *

2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms

Public-Key Encryption: ElGamal, RSA, Rabin

CPSC 467: Cryptography and Computer Security

Public Key Encryption

Number theory (Chapter 4)

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

RSA ENCRYPTION USING THREE MERSENNE PRIMES

Notes for Lecture 17

Outline. Available public-key technologies. Diffie-Hellman protocol Digital Signature. Elliptic curves and the discrete logarithm problem

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

and Other Fun Stuff James L. Massey

L7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015

MEETING 6 - MODULAR ARITHMETIC AND INTRODUCTORY CRYPTOGRAPHY

An Overview of Homomorphic Encryption

The RSA Cipher and its Algorithmic Foundations

NUMBER THEORY FOR CRYPTOGRAPHY

Applied Cryptography and Computer Security CSE 664 Spring 2018

Transcription:

1 C Theme : Cryptography Instructor : Prof. C Pandu Rangan Speaker : Arun Moorthy 93115 CS

2 RSA Cryptosystem Outline of the Talk! Introduction to RSA! Working of the RSA system and associated terminology! Important Features of RSA and an example! Choice of Primes! Tests for Primality! RSA in practice Introduction! RSA stands for Rivest, Shamir and Adleman. It was invented in 1977 by Ron Rivest, Adi Shamir and Leonard Adleman.! RSA is public-key cryptosystem for both encryption(privacy) and authentication.! RSA is based on the fact that while it is easy to multiply two large primes, it is extremely dicult to factorize their product.

3 Working of the RSA Public-Key Cryptosystem RSA works as follows: 1. Take two large prime numbers p and q(of the order of a few hundred bits). 2. Compute their product n. Also compute the Euler function (n) = (p 1)(q 1) 3. Choose a large random number d (d > 1) such that (d; (n)) = 1 (i.e, d and (n) are relatively prime). 4. Compute the number e, 1 < e < (n) such that ed 1(mod (n)) (i.e, ed 1 is divisible by (p 1)(q 1)).

4 Terminology n d e : Modulus or Key : Private or Decryption Exponent : Public or Encryption Exponent (n; e) (n; d) : Public Key : Private Key p; q; (n); d : form the Secret Trapdoor (p and q may be kept with the private key or destroyed). 5. RSA Privacy Plaintext (w) is encoded as a decimal number. The number is divided into blocks of suitable size. The blocks are encrypted separately. A suitable block size is i where 10 i 1 < n < 10 i. Example: ROOF 18 15 15 06 Alice wants to send a message w to Bob. Ciphertext c is created as c = (w e B; mod n B ) (Modular Exponentiation) c is sent to Bob.

5 Bob decrypts c again by modular exponentiation, w = (c d B ; mod n B ). NOTE w c d (mod n) and if decryption is unique, w = (c d ; mod n). 6. RSA Authentication Alice wants to send w to Bob and Bob wants to be sure that it was Alice who sent w. Alice creates a digital signature D A (w), D A (w) = (w d A; mod n A ). Alice sends the pair (w; D A (w)) to Bob. Bob can verify the signature by applying Alice's public encryption exponent e A. Since only Alice has d A, no other person could have signed w.

6 Highlights! Encryption and authentication takes place without sharing of private keys: each person uses only other people's public keys and his/her own private key.! Anyone can send an encrypted message or verify a signed message, using only public keys, but only someone in possession of correct private keys can decrypt or sign a message.! Modular Exponentiation: The computation of (a r ; mod n) is done using a method that is faster than repeatedly multiplying a by itself. We use squaring. After each squaring, reduction modulo n is done. So we never encounter numbers greater than n 2. Thus (a r ; mod n) can be computed in O(log r) time.

7 Example p = 5, q = 11, n = 55, (n) = (p 1)(q 1) = 40 e = 7, d = 23. Plaintexts are numbers in the interval [1; 54]. For this particular example, it is easy to obtain a complete encryption table. To calculate (8 7 ; mod 55). j (8 2j ; mod 55) 0 8 1 9 2 26 7 = 111 2 (8 7 ; mod 55) = ((26(9:8))mod 55) = 2 This contrived example proves that public-key cryptosystems never work for small plain-text spaces. A cryptanalyst can construct a complete decryption table by encrypting all possible plaintexts and rearranging them in alphabetic order.

Choice of Primes 8 p and q should not be close to one another. If p and q are close to one another, p q 2 will be small. p+q 2 will be only slightly larger than p n (p+q)2 n = (p q) 2 4 4. So to factorize n, keep checking integers x > p n such than x 2 n is a perfect square, say y 2. Then p = x + y and q = x y. Example: n = 97343 p n = 311:998 Now 312 2 n = 1 (which is perfect square). So p = x + y = 313 and q = x y = 311. For this reason, it is advisable that p and q are such that their bit representations dier in length by a few bits. Note: Every RSA crtyposystem has some plaintext blocks which are encrypted into themselves (in fact, at least four such blocks). For instance, 1,21,34,54 are plaintexts which are encrypted into themselves for the rst example.

9 Primality Tests Lemma 1: Assume that m is an odd integer and (w; m) = 1. If m is prime, w m 1 1(mod m)! (1) The above condition can hold even if m is not prime. In such a case, m is termed a pseudoprime to the base w. Also, an integer w with (w; m) = 1 and satisfying (1) is called a witness for the primality of m. There are also false witnesses, if m is a pseudoprime only. Lemma 2: Either all or at most half of the integers w with 1 w < m and (w; m) = 1 are the witnesses for the primality of m.

10 Probabilistic Algorithm 1. Given m, choose a random w, 1 w < m. 2. The GCD (w; m) is found using Euclid's algorithm. 3. If (w; m) > 1, m is composite. 4. Otherwise, compute u = (w m 1 ; mod m) by repeated squaring. 5. If u 6= 1, m is composite. 6. If u = 1, w is a witness for the primality of m. In other words, we have some evidence that m could be prime. The more witnesses we nd, the stronger the evidence will be. If we have k witnesses, by Lemma 2, the probability of m being composite is at most 2 k. This test fails for Carmichael numbers. An odd composite number m is a Carmichael number i (1) holds for all w with (w; m) = 1.

11 Lemma 3 If m is an odd prime then, for all w w m 1 2 ( w )(mod m)! (2) m Odd composite numbers m satisfying (2) for some w with (w; m) = 1 are called Euler Pseudoprimes to the base w. Lemma 4: If m is an odd composite number, then at most half of the integers w with 1 w < m and (w; m) = 1 satisfy (2). Solovay-Strassen Primality Test This test uses (2) in exactly the same way that the earlier algorithm uses (1). To test the primality of m, 1. Choose a randon number w < m. 2. If (w; m) > 1, m is composite. 3. Otherwise test the validity of (2). 4. If (2) is not valid, m is composite. 5. Otherwise, w is a witness for the primality of m. Choose another random number < m and repeat the procedure.

12 After nding k witnesses, the probability of m being composite is at most 2 k (according to Lemmas 3 and 4). This result is stronger than our earlier algorithm, because there are no analogues of Carmichael numbers for (2). Strong Pseudoprimes: Assume that m is a pseudoprime to the base w. Extract succesive square roots of the congruence(1) and check if the rst number dierent from 1 equals -1. If this is the case, but m is composite, we refer to m as a strong pseudoprime to the base w. Lemma 5: Let 2 s be the highest power of 2 dividing m 1, that is, m 1 = 2 s r, where r is odd. Choose a number w with 1 w < m and (w; m) = 1. Then m is a strong pseudoprime to the base w i the following condition is satised: either w r 1(mod m) or w 2s0 r 1(mod m)! (3) for some s 0 with 0 s 0 < s. Lemma 6 If m is an odd composite integer, then m is a strong pseudoprime to the base w for at most 25% of all w's satisfying 1 w < m.

13 Miller-Rabin Primality Test 1. Compute m 1 = 2 s r, where m is the given odd integer and r is odd. 2. The random number w is chosen as before and the validity of (3) is tested. 3. If the test fails, m is composite 4. Otherwise, we regard w as a witness for the primality of m and repeat the procedure for another w. If we get k witnesses for the primality of m, then the probability of m being composite is at most 4 k.

14 RSA in practice RSA is combined with a secret-key cryptosystem, such as DES, to encrypt a message by means of an RSA digital envelope. Suppose Alice wishes to send an encrypted message to Bob. The message is rst encrypted by DES, using a randomly chosen DES key. Alice then uses Bob's public key to encrypt the DES key. The DES-encrypted message and the RSA-encrypted DES key together form the RSA digital envelope and are sent to Bob. Upon receipt of the message, Bob decrypts the DES key with his private key, then uses the DES key to decrypt to message itself. Thus the high speed of DES is combined with the key-management convenience of RSA.

15 Concluding Remarks RSA is the most popular public-key cryptosystem available today. Its popularity stems from the fact that it can be used for both encryption and authentication, and that it has been around for many years and has successfully withstood much scrutiny. RSA is built into current operating systems by Microsoft, Apple, Sun, and Novell. In hardware, RSA can be found in secure telephones, on Ethernet network cards, and on smart cards. In addition, RSA is incorporated into all of the major protocols for secure Internet communications. The estimated installed base of RSA encryption engines is around 20 million, making it by far the most widely used public-key cryptosystem in the world. The security of RSA is related to the assumption that factoring is dicult. An easy factoring method or some other feasible attack would break RSA.

16 By comparison, DES is much faster than RSA. In software, DES is generally at least 100 times as fast as RSA. In hardware, DES is between 1,000 and 10,000 times as fast, depending on the implementation. Implementations of RSA will probably narrow the gap a bit in coming years, as there are growing commercial markets, but DES will get faster as well.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback