Last Updated: Oct 14, 2017

Similar documents
Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013

Public Key Cryptography. Tim van der Horst & Kent Seamons

NUMBERS, MATHEMATICS AND EQUATIONS

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Chapter 8 Public-key Cryptography and Digital Signatures

Public Key Algorithms

5 th grade Common Core Standards

RSA ENCRYPTION USING THREE MERSENNE PRIMES

Application Of Mealy Machine And Recurrence Relations In Cryptography

The RSA cryptosystem and primality tests

Public Key Cryptography

CRYPTOGRAPHY AND NUMBER THEORY

RSA Algorithm. Factoring, EulerPhi, Breaking RSA. Çetin Kaya Koç Spring / 14

Cryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg

Math 105: Review for Exam I - Solutions

B. Definition of an exponential

Number Theory & Modern Cryptography

RSA. Ramki Thurimella

Cryptography IV: Asymmetric Ciphers

[COLLEGE ALGEBRA EXAM I REVIEW TOPICS] ( u s e t h i s t o m a k e s u r e y o u a r e r e a d y )

dit-upm RSA Cybersecurity Cryptography

Algorithmic Number Theory and Public-key Cryptography

CIS 551 / TCOM 401 Computer and Network Security

Function notation & composite functions Factoring Dividing polynomials Remainder theorem & factor property

Lecture V : Public Key Cryptography

Public Key Cryptography

Lecture 1: Introduction to Public key cryptography

Asymmetric Encryption

Fall 2013 Physics 172 Recitation 3 Momentum and Springs

Corrections for the textbook answers: Sec 6.1 #8h)covert angle to a positive by adding period #9b) # rad/sec

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

5199/IOC5063 Theory of Cryptology, 2014 Fall

Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Mathematical Foundations of Public-Key Cryptography

Department: MATHEMATICS

8 th Grade Math: Pre-Algebra

Cryptography. P. Danziger. Transmit...Bob...

Chapter 3 Kinematics in Two Dimensions; Vectors

Building to Transformations on Coordinate Axis Grade 5: Geometry Graph points on the coordinate plane to solve real-world and mathematical problems.

COMP 551 Applied Machine Learning Lecture 11: Support Vector Machines

Mathematics of Cryptography

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Analysis of the RSA Encryption Algorithm

Cryptography. pieces from work by Gordon Royle

RSA RSA public key cryptosystem

Chapter 4 Asymmetric Cryptography

Asymmetric Cryptography

Ma/CS 6a Class 3: The RSA Algorithm

Concept Category 2. Trigonometry & The Unit Circle

Revisiting the Socrates Example

Math.3336: Discrete Mathematics. Mathematical Induction

LEARNING : At the end of the lesson, students should be able to: OUTCOMES a) state trigonometric ratios of sin,cos, tan, cosec, sec and cot

Chapter Summary. Mathematical Induction Strong Induction Recursive Definitions Structural Induction Recursive Algorithms

Math Foundations 10 Work Plan

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Public-key Cryptography and elliptic curves

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Public-Key Cryptosystems CHAPTER 4

ANSWER KEY FOR MATH 10 SAMPLE EXAMINATION. Instructions: If asked to label the axes please use real world (contextual) labels

Section 5.8 Notes Page Exponential Growth and Decay Models; Newton s Law

ECEN 4872/5827 Lecture Notes

Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.

Ti Secured communications

Introduction to Cryptography. Susan Hohenberger

Cryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups

CHAPTER 24: INFERENCE IN REGRESSION. Chapter 24: Make inferences about the population from which the sample data came.

Public Key Cryptography

Individual Events 5 I3 a 6 I4 a 8 I5 A Group Events

This section is primarily focused on tools to aid us in finding roots/zeros/ -intercepts of polynomials. Essentially, our focus turns to solving.

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

Trigonometric Ratios Unit 5 Tentative TEST date

10 Public Key Cryptography : RSA

Encryption: The RSA Public Key Cipher

Algebra2/Trig: Trig Unit 2 Packet

CHM112 Lab Graphing with Excel Grading Rubric

Experiment #3. Graphing with Excel

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Public Key Cryptography

Introduction to Public-Key Cryptosystems:

Math 412: Number Theory Lecture 13 Applications of

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Lecture Notes, Week 6

Ma/CS 6a Class 4: Primality Testing

2004 AP CHEMISTRY FREE-RESPONSE QUESTIONS

Discrete Mathematics GCD, LCM, RSA Algorithm

Sections 15.1 to 15.12, 16.1 and 16.2 of the textbook (Robbins-Miller) cover the materials required for this topic.

Introduction to Modern Cryptography. Lecture RSA Public Key CryptoSystem 2. One way Trapdoor Functions

MODULE 1. e x + c. [You can t separate a demominator, but you can divide a single denominator into each numerator term] a + b a(a + b)+1 = a + b

1 PreCalculus AP Unit G Rotational Trig (MCR) Name:

Credits: 4 Lecture Hours: 4 Lab/Studio Hours: 0

Ma/CS 6a Class 4: Primality Testing

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

CHAPTER 2 Algebraic Expressions and Fundamental Operations

Introduction to Cybersecurity Cryptography (Part 4)

ECE596C: Handout #11

Introduction to Cybersecurity Cryptography (Part 5)

LHS Mathematics Department Honors Pre-Calculus Final Exam 2002 Answers

Transcription:

RSA Last Updated: Oct 14, 2017

Recap Number thery What is a prime number? What is prime factrizatin? What is a GCD? What des relatively prime mean? What des c-prime mean? What des cngruence mean? What is the additive inverse f 13 % 17? What is the multiplicative inverse f 7 % 8?

Recap: Diffie-Hellman Yu re trapped in yur spaceship Yu have enugh energy t send a single message t yur HQ Yu have: HQ s public DH values g=5, p = 875498279345 g a = 32477230478 Yur AES implementatin frm Labs #1 & 2 An arbitrary precisin calculatr Hw can yu cnstruct yur message s that it will be safe frm eavesdrppers?

Asymmetric Encryptin

Public Key Terminlgy Public Key Private Key Digital Signature Yu encrypt with a public key, and yu decrypt with a private key Yu sign with a private key, and yu verify with a public key

Mdel fr Encryptin with Public Key Cryptgraphy Alice Bb s Public Key Bb Bb s Private Key Plaintext Ciphertext Plaintext Encryptin Algrithm Decryptin Algrithm

Mdel fr Digital Signature with Public Key Cryptgraphy Alice Alice s Private Key Bb Alice s Public Key Plaintext Signed Dcument Plaintext Signing Algrithm Signature Verificatin Algrithm

Histry f RSA Invented in 1977 by Rn Rivest Adi Shamir Lenard Adleman Patented until 2000 It s withstd years f extensive cryptanalysis Suggests a level f cnfidence in the algrithm Example f successful attacks against implementatins Side channel attacks Pr randm number generatrs

Textbk RSA m = message c = ciphertext e = public expnent d = private expnent n = mdulus RSA Encryptin c = m e % n RSA Decryptin m = c d % n

The Math Behind RSA RSA encrypt/decrypt peratins are simple The math t get t the pint where these peratins wrk is nt s simple (at first) Fermat s little therem Euler s generalizatin f Fermat s little therem

If Fermat s Little Therem p is prime a is relatively prime t p (c-prime) Then Fermat s therem states a p-1 º 1 (md p) fr all 0 < a < p This serves as the basis fr Fermat s primality test Which values f a aren t c-prime t p? Euler s generalizatin Pierre de Fermat (1601-1655)

Euler s Generalizatin f Fermat s Little Therem Euler said a phi(n) º 1 (md n) phi(n) Euler s ttient functin j(n) The number f values less than n which are relatively prime t n Multiplicative grup f integers (Z n *) n desn t need t be prime a must still be c-prime t n RSA is interested in values f n that are the prduct f tw prime numbers p and q Lenhard Euler (1707-1783)

Cmputing phi(n) in RSA phi(n) is the number f integers between 0 and n that are c-prime t n When p * q = n, and p and q are prime, what is the phi(n)? (p-1)(q-1) Prf (When p * q = n) Observatins 1) there are p-1 multiples f q between 1 and n 2) there are q-1 multiples f p between 1 and n These multiples are nt c-prime t n Definitin: phi(n) = # f values between 0 and n that are c-prime t n phi(n) = # f values between 0 and n minus # f values between 0 and n nt c-prime t n Why nt? phi(n) = [ n 1] [(p-1) + (q-1)] = [pq 1] (p-1) (q-1) = pq p q + 1 = (p-1)(q-1)

RSA Euler said: a phi(n) º 1 (md n) m (p-1)(q-1) º 1 (md n) Ntice: m (p-1)(q-1) * m º m (p-1)(q-1)+1 º m (md n) m phi(n)+1 º m (md n) Let e*d = k*phi(n) + 1 Then e*d º 1 (md phi(n)) Therefre m ed º m k*phi(n)+1 º m phi(n) *m phi(n) * * m º m (md n) RSA Encryptin m e = c (md n) RSA Decryptin c d = m (md n)

Steps fr RSA Encryptin Select p, q (large prime numbers) n=p*q phi(n) = (p-1)(q-1) Select integer e where e is relatively prime t phi(n) Cmmn values fr e are 3 and 65537. Why? Calculate d, where d*e = 1 (md phi(n)) Public key is KU = {e, n} Private key is KR = {d, n} RSA encryptin m e = c (md n) RSA decryptin c d = m (md n) Why is RSA Secure? Hard t factr large numbers Hard t cmpute d withut phi(n) Discrete lgs are hard (m d % n) Given signature, hard t find d

RSA Usage Given m e = c (md n) and c d = m (md n) What restrictins shuld be placed n m? Fr bulk encryptin (files, emails, web pages, etc) Sme try using RSA as blck cipher Never, never, never encrypt data directly using RSA Inefficient Insecure Always use symmetric encryptin fr data, and use RSA t encrypt the symmetric key (after adding the apprpriate padding) Digital signatures D nt sign the entire dcument - t slw Sign ( encrypt ) a hash f the dcument using the private key The length f the hash is < n

Hw d we get p, q, e, & d? What is p? Hw d we get it? What is q? Hw d we get it? What is e? Hw d we get it? What is the relatinship f e and (p-1)(q-1)? What is d? Hw d we get it?

Multiplicative Inverses Use the extended Euclidean algrithm Based n the fact that GCD can be defined recursively If x > y, then GCD(x,y) = (recursively) GCD(y, x-y) Als if x > y, then GCD(x,y) = (recursively) GCD(y, x%y) GCD can als be used as fllws: Suppse ax + by = gcd(x,y) If x is the mdulus, and gcd (x,y) = 1 Then ax + by = 1 and b is y -1

Steps fr RSA Encryptin Select p, q (large prime numbers) n=p*q phi(n) = (p-1)(q-1) Select integer e where e is relatively prime t phi(n) Cmmn values fr e are 3 and 65537. Why? Calculate d, where d*e = 1 (md phi(n)) Public key is KU = {e, n} Private key is KR = {d, n} RSA encryptin m e = c (md n) RSA decryptin c d = m (md n)

Extended Euclidean algrithm We will use this algrithm t cmpute d Based n the fact that GCD can be defined recursively If x > y, then GCD(x,y) = (recursively) GCD(y, x-y) Als if x > y, then GCD(x,y) = (recursively) GCD(y, x%y)

GCD(x,y) = GCD(y, x%y) Apply this principle recursively GCD (120,23) 120 / 23 = 5 r 5 GCD ( 23, 5) 23 / 5 = 4 r 3 GCD ( 5, 3) 5 / 3 = 1 r 2 GCD ( 3, 2) 3 / 2 = 1 r 1 GCD ( 2, 1) 2 / 1 = 2 r 0 GCD is the last nn-zer remainder GCD is 1, 120 and 23 are c-prime

Sum f Prducts Each remainder r is equal t a sum f prducts f the riginal x and y GCD (x, y) = q remainder r, where r = x(1) + y(-q) GCD (120, 23) 120 / 23 = 5 r 5 => 5 = 120(1) + 23(-5) 23 / 5 = 4 r 3 => 3 = 23(1) + 5(-4) 5 / 3 = 1 r 2 => 2 = 5(1) + 3(-1) 3 / 2 = 1 r 1 => 1 = 3(1) + 2(-1) Ntice the first line is a sum f prducts invlving 120 and 23. We can derive a frmula fr each remainder t be a sum f prducts f 120,23.

Substitutin ** Substitute the equatin fr 5 the prir line and simplify t prduce a sum f prducts using the riginal numbers 120 and 23 t replace the sum f prducts f 23 and 5. GCD (120, 23) 120 / 23 = 5 r 5 => 5 = 120(1) + 23(-5) 23 / 5 = 4 r 3 => 3 = 23(1) + 5(-4) ** 5 / 3 = 1 r 2 => 2 = 5(1) + 3(-1) 3 / 2 = 1 r 1 => 1 = 3(1) + 2(-1) GCD (120, 23) 120 / 23 = 5 r 5 => 5 = 120(1) + 23(-5) 23 / 5 = 4 r 3 => 3 = 23 + [120(1) + 23(-5)] (-4) = 23 + (120(-4) + 23(20)) = 23(21) + 120(-4) 5 / 3 = 1 r 2 => 2 = 5(1) + 3(-1) 3 / 2 = 1 r 1 => 1 = 3(1) + 2(-1)

Sum f Prducts ** Cntinue this pattern. Simplify the next line t be a sum f prducts f 120 and 23 using equatins already in the frm fr the prir remainders 5 and 3. Simplify. Be careful t get the signs crrect. Keep like terms (multiples) tgether. GCD (120, 23) 120 / 23 = 5 r 5 => 5 = 120(1) + 23(-5) 23 / 5 = 4 r 3 => 3 = 23(21) + 120(-4) 5 / 3 = 1 r 2 => 2 = 5(1) + 3(-1) ** 3 / 2 = 1 r 1 => 1 = 3(1) + 2(-1) GCD (120, 23) 120 / 23 = 5 r 5 => 5 = 120(1) + 23(-5) 23 / 5 = 4 r 3 => 3 = 23(21) + 120(-4) 5 / 3 = 1 r 2 => 2 = [120(1)+23(-5)](1) + [23(21)+120(-4)](-1) = 120(5) + 23(-26) 3 / 2 = 1 r 1 => 1 = 3(1) + 2(-1)

Sum f Prducts GCD (120, 23) 120 / 23 = 5 r 5 => 5 = 120(1) + 23(-5) 23 / 5 = 4 r 3 => 3 = 23(21) + 120(-4) 5 / 3 = 1 r 2 => 2 = 120(5) + 23(-26) 3 / 2 = 1 r 1 => 1 = 3(1) + 2(-1) GCD (120, 23) 120 / 23 = 5 r 5 => 5 = 120(1) + 23(-5) 23 / 5 = 4 r 3 => 3 = 23(21) + 120(-4) 5 / 3 = 1 r 2 => 2 = 120(5) + 23(-26) 3 / 2 = 1 r 1 => 1 = [23(21) + 120(-4)](1) + [120(5) + 23(-26)](-1) = 23(47) + 120(-9) Ntice that 1 = 23*47 + 120(-9) means that 47 is the multiplicative inverse f 23 (md 120)

Cmputing d Fr RSA, calculate GCD(phi(n), e) t find d using extended Euclidean algrithm (see handut n Lab #4 page) Manual iterative methd fr the exam Use the table methd in yur lab Fr RSA, the GCD(phi(n),e) will result in an equatin f the frm 1 = e*d + phi(n)*k Where d r k is negative If d is negative cnvert it t an equivalent psitive number (md n) using phi(n) + d

Steps fr determining d Calculate phi(n) and select an e (3, 5, 7 usually fr ur ty prblems) Find the GCD f (phi(n), e) which shuld always be 1 if e is valid. If the GCD is nt 1, repeat fr a different value f e. Create a sum f prducts expressin fr each remainder frm x/y f the frm [ remainder = X(1) + y(-qutient) ] Starting frm the first expressin, use substitutin t create an equatin f the frm: remainder = phi(n)*k + e(d) If d is negative, cnvert t a psitive number d = phi(n) + d

p=5, q=11, e=3 Practice

Practice p=5, q=11, e=3 n = p*q = 5*11 = 55 phi(n) = (p-1)(q-1) = 4*10 = 40 Calculate d GCD (phi(n), e) = GCD (40, 3) 40/ 3 = 13 r 1 => 1 = 40(1) + 3(-13) Since d is negative, d = phi(n) + d = 40 + (-13) = 27 Public Key = {3, 55} Private Key = {27, 55}

p=11, q=13, e= number <= 8 Practice

Practice p=11, q=13, e= number <= 8 n = p*q = 11*13 = 143 phi(n) = (p-1)(q-1) = 10*12 = 120 Calculate d GCD (phi(n),e) = GCD (120,3/5/7) ** nte that 3,5 nt c-prime t 120 120/ 7 = 17 r 1 => 1 = 120(1) + 7(-17) Since d is negative, d = phi(n) + d = 120 + (-17) = 103 Public Key = {7, 143} Private Key = {103, 143}

p=5, q=13, e=5 Practice

Practice p=5, q=13, e=5 n = p*q = 5*13 = 65 phi(n) = (p-1)(q-1) = 4*12 = 48 Calculate d GCD (phi(n),e) = GCD (48,5) 48/ 5 = 9 r 3 => 3 = 48(1) + 5(-9) 5 / 3 = 1 r 2 => 2 = 5(1) + 3(-1) = 5(1) + [48(1) + 5(-9)](-1) 5(10) + 48(-1) 3 / 2 = 1 r 1 => 1 = 3(1) + 2(-1) = [48(1) + 5(-9)](1) + [5(10) + 48(-1)](-1) 48(2) + 5(-19) Since d is negative, d = phi(n) + d = 48 + (-19) = 29 Public Key = {5, 65} Private Key = {29, 65}

p=17, q=11, e=7 Practice

Practice p=17, q=11, e=7 n = p*q = 17*11 = 187 phi(n) = (p-1)(q-1) = 16*10 = 160 Calculate d GCD (phi(n), e) = GCD (160, 7) 160/ 7 = 22 r 6 => 6 = 160(1) + 7(-22) 7 / 6 = 1 r 1 => 1 = 7(1) + 6(-1) 7(1) + [160(1) + 7(-22)](-1) 160(-1) + 7(23) Public Key = {7, 187} Private Key = {23, 187}

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback