Efficient encryption and decryption. ECE646 Lecture 10. RSA Implementation: Efficient Encryption & Decryption. Required Reading

Similar documents
RSA: Genesis, Security, Implementation & Key Generation

ECE 646 Lecture 8. RSA: Genesis, Security, Implementation & Key Generation

RSA Key Generation. Required Reading. W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality

The security of RSA (part 1) The security of RSA (part 1)

ECE646 Lecture 11 Required Reading Chapter 8.3 Testing for Primality RSA Key Generation

Algorithmic Number Theory and Public-key Cryptography

Introduction to Modern Cryptography. Benny Chor

Introduction to Public-Key Cryptosystems:

Discrete Mathematics GCD, LCM, RSA Algorithm

Cryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg

Chapter 8 Public-key Cryptography and Digital Signatures

Mathematics of Cryptography

Efficient encryption and decryption

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks

Lecture V : Public Key Cryptography

Cryptography. P. Danziger. Transmit...Bob...

Mathematical Foundations of Public-Key Cryptography

Number Theory & Modern Cryptography

Carmen s Core Concepts (Math 135)

RSA-256bit 數位電路實驗 TA: 吳柏辰. Author: Trumen

1 What are Physical Attacks. 2 Physical Attacks on RSA. Today:

Public-Key Encryption: ElGamal, RSA, Rabin

MATH3302 Cryptography Problem Set 2

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

CS March 17, 2009

8.1 Principles of Public-Key Cryptosystems

ICS141: Discrete Mathematics for Computer Science I

CPSC 467: Cryptography and Computer Security

ENEE 457: Computer Systems Security 10/3/16. Lecture 9 RSA Encryption and Diffie-Helmann Key Exchange

A new security notion for asymmetric encryption Draft #10

A new security notion for asymmetric encryption Draft #12

Cryptography. pieces from work by Gordon Royle

Introduction to Modern Cryptography. Lecture RSA Public Key CryptoSystem 2. One way Trapdoor Functions

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

Lecture Notes. Advanced Discrete Structures COT S

Mathematics of Public Key Cryptography

5199/IOC5063 Theory of Cryptology, 2014 Fall

10 Public Key Cryptography : RSA

Encryption: The RSA Public Key Cipher

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

ECE596C: Handout #11

Homomorphic Encryption. Liam Morris

CPSC 467b: Cryptography and Computer Security

Asymmetric Cryptography

Chapter 4 Asymmetric Cryptography

Lecture 1: Introduction to Public key cryptography

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

COMP4109 : Applied Cryptography

Public Key Cryptography

RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis. Daniel Genkin, Adi Shamir, Eran Tromer

MATH 158 FINAL EXAM 20 DECEMBER 2016

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

RSA. Ramki Thurimella

Public-Key Cryptosystems CHAPTER 4

Public Key Cryptography

RSA Implementation. Oregon State University

Cryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1

CSc 466/566. Computer Security. 5 : Cryptography Basics

On the Design of Rebalanced RSA-CRT

ECE 646 Lecture 5. Mathematical Background: Modular Arithmetic

Pseudo-random Number Generation. Qiuliang Tang

Applied Cryptography and Computer Security CSE 664 Spring 2018

5 Public-Key Encryption: Rabin, Blum-Goldwasser, RSA

Implementation of the RSA algorithm and its cryptanalysis. Abstract. Introduction

Arithmétique et Cryptographie Asymétrique

Security II: Cryptography exercises

basics of security/cryptography

Other Public-Key Cryptosystems

Question: Total Points: Score:

Implementation Tutorial on RSA

Introduction to Cybersecurity Cryptography (Part 5)

Foundations of Computer Science Lecture 10 Number Theory

10 Modular Arithmetic and Cryptography

Tutorial on Quantum Computing. Vwani P. Roychowdhury. Lecture 1: Introduction

Efficient RSA Cryptosystem with Key Generation using Matrix

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.

1 Number Theory Basics

has the solution where M = Since c = w 2 mod n we have c w 2 (mod p) and c w 2 (mod q);

Gurgen Khachatrian Martun Karapetyan

Chapter 11 : Private-Key Encryption

DM49-2. Obligatoriske Opgave

Numbers. Çetin Kaya Koç Winter / 18

Introduction to Modern Cryptography. Benny Chor

ECE 646 Lecture 5. Motivation: Mathematical Background: Modular Arithmetic. Public-key ciphers. RSA keys. RSA as a trap-door one-way function

RSA RSA public key cryptosystem

Modified Hill Cipher for a Large Block of Plaintext with Interlacing and Iteration

CIS 551 / TCOM 401 Computer and Network Security

Solutions to homework 2

A new security notion for asymmetric encryption Draft #8

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

CS483 Design and Analysis of Algorithms

CPSC 467: Cryptography and Computer Security

Public Key Cryptography

Breaking Plain ElGamal and Plain RSA Encryption

Public Key Encryption

Single-Database Private Information Retrieval

Transcription:

ECE646 Lecture 10 RSA Implementation: Efficient Encryption & Decryption Required Reading W. Stallings, "Cryptography and etwork-security, Chapter 9.2 The RSA Algorithm Chapter 8.4 The Chinese Remainder Theorem Efficient encryption and decryption 1

umber of bits vs. number of decimal digits 10 #digits = 2 #bits #digits = (log 10 2) #bits 0.30 #bits 256 bits = 77 D 384 bits = 116 D 512 bits = 154 D 768 bits = 231 D 1024 bits = 308 D 2048 bits = 616 D How to perform exponentiation efficiently? Y = X E mod = X X X X X X X mod E-times E may be in the range of 2 1024 10 308 Problems: Solutions: 1. huge storage necessary to store X E before reduction 2. amount of computations infeasible to perform 1. modulo reduction after each multiplication 2. clever algorithms 200 BC, India, Chandah-Sûtra Exponentiation: Y = X E mod Right-to-left binary exponentiation Left-to-right binary exponentiation E = (e L-1, e L-2,, e 1, e 0) 2 Y = 1; S = X; for i=0 to L-1 { if (e i == 1) Y = Y S mod ; S = S 2 mod ; } Y = 1; for i=l-1 downto 0 { Y = Y 2 mod ; if (e i == 1) Y = Y X mod ; } 2

Right-to-left binary exponentiation Y = X E mod E = (e L-1, e L-2,, e 1, e 0) 2 S: X X 2 mod X 4 mod X 8 mod L-1 X 2 mod E: e 0 e 1 e 2 e 3 e L-1 e 0 e Y = X (X 2 1 e mod ) (X 4 mod ) 2 e 3 (X 8 L-1 e L-1 mod ) (X 2 mod ) (X a ) b = X ab X a X b = X a+b Y = X e 0 + 2 e 1 + 4 e 2 + 8 e 3 + + 2 L-1 e L-1 mod = L-1 e i 2 i i=0 = X = X E mod Right-to-left binary exponentiation: Example E = 19 = 16 + 2 + 1 = (10011) 2 S: X X 2 mod X 4 mod X 8 mod X 16 mod E: e 0 e 1 e 2 e 3 e 4 1 1 0 0 1 Y = X X 2 mod 1 1 X 16 mod = = X 19 mod Y = 3 19 mod 11 3 3 2 mod 11 =9 9 2 mod 11 = 4 4 2 mod 11 = 5 5 2 mod 11 = 3 3 9 1 1 3 mod 11 (27 mod 11) 3 mod 11 = 5 3 mod 11 = 4 Left-to-right binary exponentiation Y = X E mod E = (e L-1, e L-2,, e 1, e 0) 2 E: e L-1 e L-2 e L-3 e 1 e 0 e Y = ((...(((1 2 L-1 e X ) 2 L-2 e X ) 2 L-3 e 1 e X ) 2. ) 2 X ) 2 0 X mod (X a ) b = X ab X a X b = X a+b Y = X (e L-1 2 + e L-2) 2 + e L-3 ) 2 +. + e 1) 2 + e 0 mod = e i 2 i = X 2L-1 e L-1+ 2 L-2 e L-2+ 2 L-3 e L-3 + +2 e 1+e 0mod i=0 = X = = X E mod L-1 3

Left-to-right binary exponentiation: Example Y = 3 19 mod 11 E = 19 = 16 + 2 + 1 = (10011) 2 E: e 4 e 3 e 2 e 1 e 0 1 0 0 1 1 Y = ((...(((1 2 X ) 2 1 ) 2 1 ) 2 X) 2 X mod = (((3 2 mod 11) ) 2 mod 11) 2 mod 11 3) 2 mod 11 3 mod 11 = (81 mod 11) 2 mod 11 3) 2 mod 11 3 mod 11 = = (5 3) 2 mod 11 3 mod 11 = = 4 2 mod 11 3 mod 11 = = 5 3 mod 11 = 4 Y = (X 8 X ) 2 X mod = X 19 mod Exponentiation Example: Y = 7 12 mod 11 Right-to-left binary exponentiation e = 12 = (1 1 0 0) 2 Left-to-right binary exponentiation Right-to-Left Binary Exponentiation in Hardware 1 X E enable Y S MUL SQR output 4

Left-to-Right Binary Exponentiation in Hardware 1 Y X Control Logic E MUL output Basic Operations of RSA Encryption L < k e public key exponent C = M mod ciphertext plaintext public key modulus k-bits k-bits k-bits Decryption M plaintext = C mod ciphertext L=k private key exponent private key modulus k-bits k-bits k-bits d Time of Exponentiation in Software t EXP(e, L, k) = #modular_multiplications(e, L) t MULMOD(k) e, L e=3 2 4 e = F 4 = 2 + 1 #modular_multiplications 2 17 3 large random L-bit e L + #ones(e) L 2 t MULMOD(k) - time of a single modular multiplication of two k-bit numbers modulo a k-bit number t MULMOD(k) = c sm k 2 5

Time of Exponentiation in Hardware t EXP(L, k) = L t MULMOD(k) t MULMOD(k) - time of a single modular multiplication of two k-bit numbers modulo a k-bit number t MULMOD(k) = c hm k Algorithms for Modular Multiplication Multiplication Paper-and-pencil θ(k 2 ) Karatsuba θ(k 3/2 ) Schönhage-Strassen (FFT) Modular Reduction θ(k ln(k)) Multiplication combined with modular reduction Montgomery algorithm θ(k 2 ) classical Barrett θ(k 2 ) the same complexity as underlying multiplication Selby-Mitchell θ(k 2 ) Paper-and-Pencil Algorithm of Multiplication 1 word = l bytes = λ bits An-1 An-2... A1 A0 A x Bn-1 Bn-2... B1 B0 B Assertion: 2 words + + lg 2 n λ D0 = A0B0 D1 = A0B1 + A1B0 D2 = A0B2 + A1B1 + A2B0 3 words + D2n-4 D2n-3 D2n-2 D2n-2 = An-1Bn-1 2 words..... + D1 + D2 3 words D2n-4 = An-3Bn-1 + An-2Bn-2 + An-1Bn-3 D2n-3 = An-2Bn-1 + An-1Bn-2 D0 C2n-1 C2n-2... Cn+1 Cn Cn-1 Cn-2... C1 C0 C 6

Classical Algorithm of Modular Reduction x m x 2n-1 x 2n-2 x 2n-3... xn-1... x 1 x 0 : m n-1 m n-2... m 0 x 2n-2 x 2n-3... x n-1... x 1 q n-1 m x 0 : q n-1 = x2n-1b+ x2n-2 mn-1 m n-1 mn-2... m0 q n-1 = qn-1 + ε ε = 0, 1, 2 x 2n-3... x n-1... x 1 x 0 q n-2 = x2n-2b+ x2n-3 mn-1 q n-2 = qn-2 + ε ε = 0, 1, 2....... x n-1... x1 x 0 Effect of the increase in the computer speed on the speed of encryption and decryption in RSA to keep the same security computer speed operand size encryption/decryption speed Decryption using Chinese Remainder Theorem M d = C mod C P = C mod P d P = d mod (P-1) C Q = C mod Q d Q = d mod (Q-1) d P d Q M P = CP mod P M Q = C Q mod Q where M = M P R Q + M Q R P mod R P = (P -1 mod Q) P = P Q-1 mod R Q = (Q -1 mod P) Q= Q P-1 mod 7

Let and Chinese Remainder Theorem = n 1 n 2 n 3... n M for any i, j gcd(n i, n j) = 1 Then, any number 0 A -1 can be represented uniquely by A (a 1 = A mod n 1, a 2 = A mod n 2,, a M = A mod n M) A can be reconstructed from (a 1, a 2,, a M) using equation A = M(a i i ( -1 i mod n i)) mod where i = = n i i=1 = n 1 n 2... n i-1 n i+1... n M Chinese Remainder Theorem for =P Q = P Q gcd(p, Q) = 1 M (M p = M mod P, M Q = M mod Q) M = M P P P -1 mod P + MQ Q Q -1 mod Q mod = M P Q ((Q -1 ) mod P) + M Q P ((P -1 ) mod Q) mod = = M P R Q + M Q R P mod Concealment of messages in the RSA cryptosystem Blakley, Borosh, 1979 There exist messages that are not changed by the RSA encryption! For example: M=1 C = 1 e mod = 1 M=0 C = 0 e mod = 0 M=-1-1 mod C = (-1) e mod = -1 Every M such that M P = M mod P {1, 0, -1} M Q = M mod Q {1, 0, -1} C P = C mod P = (M e mod ) mod P = M e mod P = M P e mod P = M P C Q = C mod Q = (M e mod ) mod Q = M e mod Q = M Qe mod Q = M Q 8

Concealment of messages in the RSA cryptosystem Blakley, Borosh, 1979 At least 9 messages not concealed by RSA! umber of messages not concealed by RSA: σ = (1 + gcd(e-1, P-1)) (1 + gcd(e-1, Q-1)) A. e=3 σ = 9 B. gcd(e-1, P-1) = 2 and gcd(e-1, Q-1) = 2 σ = 9 C. gcd(e-1, P-1) = P-1 and gcd(e-1, Q-1) = Q-1 σ = P Q= It is possible that all messages remain unconcealed by RSA! Optimal Assymetric Encryption Padding (1) Coding >168 bits 000000001 message SEED Bellare-Rogaway MASK(SEED) masked_message MASK(masked_message) masked_message masked_seed Optimal Assymetric Encryption Padding (2) Decoding Bellare-Rogaway masked_message masked_seed MASK(masked_message) SEED MASK(SEED) 000000001 message >168 bits 9

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback