COMP424 Computer Security

Similar documents
Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Public Key Cryptography

Introduction. What is RSA. A Guide To RSA by Robert Yates. Topics

Number Theory A focused introduction

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Discrete Mathematics GCD, LCM, RSA Algorithm

AN ALGEBRAIC PROOF OF RSA ENCRYPTION AND DECRYPTION

Encryption: The RSA Public Key Cipher

10 Modular Arithmetic and Cryptography

Introduction to Modern Cryptography. Benny Chor

Iterated Encryption and Wiener s attack on RSA

Fall 2017 September 20, Written Homework 02

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Mathematics of Public Key Cryptography

CS March 17, 2009

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Lecture 22: RSA Encryption. RSA Encryption

Integers and Division

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

CPSC 467b: Cryptography and Computer Security

RSA. Ramki Thurimella

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

19. Coding for Secrecy

ECE596C: Handout #11

Number theory (Chapter 4)

Chapter 4 Mathematics of Cryptography

The security of RSA (part 1) The security of RSA (part 1)

ICS141: Discrete Mathematics for Computer Science I

Public Key Algorithms

Lecture Notes, Week 6

Public-Key Encryption: ElGamal, RSA, Rabin

8.1 Principles of Public-Key Cryptosystems

10 Public Key Cryptography : RSA

Mathematics of Cryptography

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

CPSC 467: Cryptography and Computer Security

Lecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography

Real scripts backgrounder 3 - Polyalphabetic encipherment - XOR as a cipher - RSA algorithm. David Morgan

[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives

Winter 2011 Josh Benaloh Brian LaMacchia

Math 430 Midterm II Review Packet Spring 2018 SOLUTIONS TO PRACTICE PROBLEMS

NET 311D INFORMATION SECURITY

Lecture 4 Chiu Yuen Koo Nikolai Yakovenko. 1 Summary. 2 Hybrid Encryption. CMSC 858K Advanced Topics in Cryptography February 5, 2004

Powers in Modular Arithmetic, and RSA Public Key Cryptography

CIS 551 / TCOM 401 Computer and Network Security

The RSA Cipher and its Algorithmic Foundations

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

Math.3336: Discrete Mathematics. Mathematical Induction

Lecture 1: Introduction to Public key cryptography

Implementation of the RSA algorithm and its cryptanalysis. Abstract. Introduction

Exercise Sheet Cryptography 1, 2011

CRYPTOGRAPHY AND LARGE PRIMES *

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

RSA RSA public key cryptosystem

Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.

CPSC 467: Cryptography and Computer Security

Attacks on RSA & Using Asymmetric Crypto

The RSA public encryption scheme: How I learned to stop worrying and love buying stuff online

Lecture 3.1: Public Key Cryptography I

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security

MEETING 6 - MODULAR ARITHMETIC AND INTRODUCTORY CRYPTOGRAPHY

Factoring and Algebraic Fractions

Cryptography: Joining the RSA Cryptosystem

Implementation Tutorial on RSA

Ti Secured communications

THE RSA ENCRYPTION SCHEME

You separate binary numbers into columns in a similar fashion. 2 5 = 32

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

A Quick Look at some Mathematics and Cryptography A Talk for CLIR at UConn

Public Key Cryptography

Topics in Cryptography. Lecture 5: Basic Number Theory

RSA ENCRYPTION USING THREE MERSENNE PRIMES

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

Notes 10: Public-key cryptography

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013

Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30

Mathematical Foundations of Public-Key Cryptography

Chapter 8 Public-key Cryptography and Digital Signatures

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Chapter 4 Public Key Cryptology - Part I

Cryptography. pieces from work by Gordon Royle

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

Innovation and Cryptoventures. Cryptography 101. Campbell R. Harvey. Duke University, NBER and Investment Strategy Advisor, Man Group, plc

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

Homework 4 for Modular Arithmetic: The RSA Cipher

Week 7 An Application to Cryptography

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Number Theory and Group Theoryfor Public-Key Cryptography

Efficient Leak Resistant Modular Exponentiation in RNS

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Sets. We discuss an informal (naive) set theory as needed in Computer Science. It was introduced by G. Cantor in the second half of the nineteenth

Introduction to Cybersecurity Cryptography (Part 5)

2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Cryptography. P. Danziger. Transmit...Bob...

Public-key Cryptography and elliptic curves

Factoring. Number Theory # 2

Transcription:

COMP424 Computer Security Prof. Wiegley jeffw@csun.edu Rivest, Shamir & Adelman (RSA) Implementation 1

Relatively prime Prime: n, is prime if its only two factors are 1 and n. (and n 1). Relatively prime: Two numbers x and y are relatively prime if x and y do not share any factors (other than 1) in common. Example: 18 and 27 are not relatively prime because they share the factor 3. 18 = 2 3 3 27 = 3 3 3 Example: 42 and 55 are relatively prime because none of 42 s factors are a factor of 55. (Even though neither is prime.) 42 = 2 3 7 55 = 5 11 2

Modulo Programmers identify modulo as the operator that yields the remainder of an integer division. Mathematicians use modulo to define a mathematical space. Notation is slightly different: b x = 1 mod n means that in the space modulo n, b x is equal to 1. (As opposed to a programmer s perspective which might read b x is equal to 1%n.) This requires some understanding of basic modulo algebraic rules. 3

Modulo algebra (multiplication) ab mod n = (a mod n b mod n) mod n The value of ab mod n can be calculated by first calculating a mod n and then b mod n, multiplying the results and taking the modulo of the result. Example: let n = 10. 16 19 mod 10 = (16 mod 10) 19 mod 10) mod 10 = (6 9) mod 10 = 54 mod 10 = 4 The outer modulo operator must remain because the product of the inner portions may exceed n. 4

Modulo algebra (addition) Similarly, a + b mod n = (a mod n + b mod n) mod n Example: let n = 10 again. 16 + 19 mod 10 = (16 mod 10) + 19 mod 10) mod 10 = (6 + 9) mod 10 = 15 mod 10 = 5 Again, The outer modulo operator must remain because the sum of the inner portions may also exceed n. 5

Modulo algebra (inverse) In standard algebra the inverse of n is 1 n. This allows that n 1 n = 1. Similarly, in modulo space n, for some value, x, the value y is the inverse of x if xy = 1 mod n. Example: Let n = 10 and x = 3. y is the inverse of x when y = 7. Because 7 3 = 21 and 21 = 1 mod 10. 6

RSA In order to encrypt and decrypt a message, RSA relies on three values: n e d The public key (used to encrypt messages) is the tuple (e, n). The private key (used to decrypt messages) is the tuple (d, n). The remaining slides present how n, e and d are computed. 7

Step 1: obtaining n 1. Pick a prime number, p. 2. Pick a different prime number, q Any prime numbers will work though in practice, to be secure, p and q should not be twin primes or small. n is simply the product of the two primes p and q. n = pq Example: p = 73, q = 61 yields n = 4453 8

Step 2: obtaining e 1. Pick any value e such that e is relatively prime to (p 1)(q 1) Note: Any prime number other p or q is automatically relatively prime. However, when p, q are very large (1024 bits) then e should also be proportionately large and it becomes computationally difficult to test whether a chosen value is prime. Choosing an even value of e is futile. p and q are prime and therefore must be odd. (p 1)(q 1) is therefore even and all even numbers share the factor 2. Thus e would not be relatively prime to (p 1)(q 1). But there is a method for quickly testing if a chosen value is relatively prime to (p 1)(q 1). 9

Euclidean Algorithm (used to sift possible values of e). 1. Choose a possible value for e. Example e = 35. 2. Test if e is relatively prime to (p 1)(q 1) using the Euclidean algorithm. Start by setting up a series of equation of the form: E i : α i β i δ i = γ i where β i = α i δ i. For each equation α i = δ i 1 and δ i = γ i 1. This is esentially subtracting the largest possible multiple of δ from α. δ and the remainder, γ, must share a common factor in order for α and δ to share a common factor. Continue the equations until γ i = 0. 10

Euclidean Algorithm example Begin with α 0 = (p 1)(q 1) and δ 0 = e. E 0 : (p 1)(q 1) α e = β (73 1)(61 1) α 35 = β 72 60 α 35 = β 4320 123 35 = 15 E 1 : 35 2 15 = 5 E 2 : 15 3 5 = 0 Since the second last result is 5 then e and (p 1)(q 1) share the factor 5. So e is not relatively prime to (p 1)(q 1). 11

Increment e by 2 and repeat test. 1. Since the first choice for e was unacceptable, increment e by 2 and test again. Repeat this procedure until e is relatively prime to (p 1)(q 1). 12

Example e = 35 + 2 = 37. 1. Test if e is proven to be relatively prime to (p 1)(q 1). E 0 : (p 1)(q 1) α e = β (73 1)(61 1) α 37 = β 72 60 α 37 = β 4320 116 37 = 28 E 1 : 37 1 28 = 9 E 2 : 28 3 9 = 1 E 3 : 9 9 1 = 0 Since the second last result is 1 then the smallest common factor of e and (p 1)(q 1) is 1 and therefore e is relatively prime to (p 1)(q 1). 13

Step 3: Calculating d d is the inverse of e mod (p 1)(q 1). basically, (d e = 1 mod n). By substituting values from the euclidean proof of e, d can be calculated: e d = 1 mod (p 1)(q 1) = 28 3 9 = 28 3 (37 1 28) = 3 37 + 4 28 = 3 37 + 4 (4320 116 37) = 4 4320 467 37 = 17280 467 37 = 0 467 37 e d = 467 e d = 467 14

Negative d? A negative value for d is slightly disappointing. The modulo (p 1)(q 1) space consists of the positive integers (0,...,(p-1)(q-1)-1) if the modulo (p 1)(q 1) space is thought of as a ring then traveling x units in the negative direction yields the same point as traveling (p 1)(q 1) x in the positive direction. if d is negative, subtract it from (p 1)(q 1) to yield an equivalent positive value. d = (p 1)(q 1) d d = 4320 467 d = 3853 (e d = 37 3853 = 142561 = 33 4320 + 1 = 1 mod 4320) 15

Final results Calculations for computing a public/private key are complete. Public key: (e, n) = (37, 4453) Private key: (d, n) = (3853, 4453) RSA is secure so long as n cannot be factored easily. The attacker knows n because it is published as part of the public key. n only has two factors, p and q. (p and q are prime.) If an attacker could recover p and q then they have obtained (p 1)(q 1). Knowing e and (p 1)(q 1) allows an attacker to easily compute d using the Euclidean algorithm since e d = 1 mod (p 1)(q 1). 16

Encryption So now we have a public key of {e, n} and a private key of {d, n} we can decrypt a message P by: C = P e mod n. Similarly an encrypted message, C, can be decrypted to yield the original message, P, by: P = C d mod n. This works because if P = C d and C = P e then P = P ed = P e d = P 1 = P. 17

ModPow But P e is going to be rediculously large. So large that modern calculators cannot carry out this computation. a A method is needed to constrain the calculation to small numbers and we will use modulo arithmetic to provide this ability. First, start with P 1 mod n. We can see from the axioms that P 2 = (P 1 mod n)(p 1 mod n) mod n. In general: P a b = (P a mod n)(p b mod n) mod n. So let s work with powers of 2 to aid the calculation of P e. a Some calculators, such as the HP, series have modulo arithmetic function that can handle this calculation. 18

Powers of 2 Let s take an example using the key computed earlier: First, notice that P = 101, e = 75, n = 391. P e = 101 75 = 101 64 101 8 101 2 101 1, Where the power (75) has been broken down into powers of 2. We could have broken it down in many ways but powers of two will decrease our work the most. So first calculate all the values of 101 raised to a power of 2. 19

Calculating exponents of powers of 2 The first power of 2 is easy: 101 1 mod n = 101. Now, for all other powers of two we can use the axiom as a trick: 101 x mod n = (101 x 2 mod n)(101 x 2 mod n) mod n. Since we are only interest in powers of 2, x 2 computed in the previous iteration. will simply be the value 20

The computation Remembering that n = 391, we have: 101 1 mod 391 = 101 101 2 mod 391 = (101)(101) mod 391 = 35 101 4 mod 391 = (35)(35) mod 391 = 52 101 8 mod 391 = (52)(52) mod 391 = 358 101 16 mod 391 = (358)(358) mod 391 = 307 101 32 mod 391 = (307)(307) mod 391 = 18 101 64 mod 391 = (18)(18) mod 391 = 324. Now, these values can be used to quickly compute 101 y where y 127. 21

The computation 101 75 = (101 64 101 8 101 2 101 1 ) mod 391 = (324 358 35 101) mod 391 So life is a bit simpler but we still have a long string of factors that could produce a number larger than our calculator/computer can deal with. To reduce the number of factors we can make use P a b = (P a mod n)(p b mod n) mod n. 22

Combining factors This will enable us to combine factors two (or more) at a time. (324 358) mod 391 = (324 mod 391 358 mod 391) mod 391 = (324 358) mod 391 = 115992 mod 391 = 256. Similarly: (35 101) mod 391 = (35 mod 391 101 mod 391) mod 391 = (35 101) mod 391 = 3535 mod 391 = 16. 23

Combining factors So 101 75 = (101 64 101 8 101 2 101 1 ) mod 391 = (324 358 35 101) mod 391 = (256 16) mod 391 = 4096 mod 391 = 186 The cipher text message, after encryption, is therefore 186. The proof that decryption yields the original message is left as an exercise for the reader. 24

Proving the correctness of RSA Lagrange s theorem states: b φ(n) = 1 mod n. Where φ(n) = the number of integers less than n that are relatively prime to n. For RSA, let n = pq. (you can guess where RSA started their thinking now.) Then, how many relatively prime integers are there in φ(pq)? 25

Combining factors Take pq, We know that p and q are prime so we can determine φ(pq) So, remove p, 2p, 3p, 4p,..., qp, this removes q items. remove q, 2q, 3q, 4q,..., pq, this removes p items. Now, you need back one of the pq that was removed twice. φ(pq) = pq p q 1 = (p 1)(q 1). Therefore, b φ(n) = b (p 1)(q 1) = 1 mod n. Keep that in mind, you ll need it in a second. 26

RSA proof e d = 1 mod (p 1)(q 1) We re working in modulo so we could have gone around the ring some arbitrary number of times. Let l be the number of wraps. Then e d = 1 + l(p 1)(q 1) P ed = P e d P e d = P 1+l(p 1)(q 1) = P 1 P l(p 1)(q 1) = P 1 (P (p 1)(q 1) ) l = P 1 (1 mod n) l [By lagrange s substitution!] = P 1 (1) l = P 1 1 = P 1 = P 27

Conclusion By using Lagrange s theorem we have proven that (P e ) d = P, and thus RSA works as advertised so long as our constraints about selecting p, q and e are met. 28

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback