RSA-256bit 數位電路實驗 TA: 吳柏辰. Author: Trumen

Similar documents
Mathematics of Cryptography

Encryption: The RSA Public Key Cipher

Public Key Cryptography

Carmen s Core Concepts (Math 135)

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Discrete Mathematics GCD, LCM, RSA Algorithm

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Chapter 8 Public-key Cryptography and Digital Signatures

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Mathematical Foundations of Public-Key Cryptography

Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.

CPSC 467b: Cryptography and Computer Security

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

CPSC 467: Cryptography and Computer Security

Topics in Cryptography. Lecture 5: Basic Number Theory

Introduction to Cryptography. Lecture 6

RSA. Ramki Thurimella

CPSC 467b: Cryptography and Computer Security

Lecture 1: Introduction to Public key cryptography

L7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015

CPSC 467b: Cryptography and Computer Security

Elliptic Curve Cryptography

Introduction to Modern Cryptography. Benny Chor

2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Asymmetric Encryption

Public-Key Cryptosystems CHAPTER 4

Lecture 22: RSA Encryption. RSA Encryption

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

Ma/CS 6a Class 3: The RSA Algorithm

Homework 4 for Modular Arithmetic: The RSA Cipher

Efficient Leak Resistant Modular Exponentiation in RNS

Lecture Notes, Week 6

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Introduction to Elliptic Curve Cryptography. Anupam Datta

CRYPTOGRAPHY AND NUMBER THEORY

Solution to Midterm Examination

basics of security/cryptography

Cryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups

ECE596C: Handout #11

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Lecture 3.1: Public Key Cryptography I

Candidates must show on each answer book the type of calculator used. Only calculators permitted under UEA Regulations may be used.

MATH 158 FINAL EXAM 20 DECEMBER 2016

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

10 Modular Arithmetic and Cryptography

Number Theory & Modern Cryptography

[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives

Introduction to Cryptography. Lecture 8

Introduction to Public-Key Cryptosystems:

Math 299 Supplement: Modular Arithmetic Nov 8, 2013

Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks

The security of RSA (part 1) The security of RSA (part 1)

Math Circles Cryptography

ICS141: Discrete Mathematics for Computer Science I

10 Public Key Cryptography : RSA

Number theory (Chapter 4)

Introduction. What is RSA. A Guide To RSA by Robert Yates. Topics

University of Tokyo: Advanced Algorithms Summer Lecture 6 27 May. Let s keep in mind definitions from the previous lecture:

CPSC 467b: Cryptography and Computer Security

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Cryptosystem. Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Cryptography. pieces from work by Gordon Royle

CIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

Cryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg

NET 311D INFORMATION SECURITY

Numbers. Çetin Kaya Koç Winter / 18

RSA: Genesis, Security, Implementation & Key Generation

ECE 646 Lecture 8. RSA: Genesis, Security, Implementation & Key Generation

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013

COMP4109 : Applied Cryptography

Algorithmic Number Theory and Public-key Cryptography

8 Elliptic Curve Cryptography

Public Key Encryption

Number Theory and Algebra: A Brief Introduction

RSA RSA public key cryptosystem

Univ.-Prof. Dr. rer. nat. Rudolf Mathar. Written Examination. Cryptography. Tuesday, August 29, 2017, 01:30 p.m.

THE CUBIC PUBLIC-KEY TRANSFORMATION*

Number theory. Myrto Arapinis School of Informatics University of Edinburgh. October 9, /29

Iterated Encryption and Wiener s attack on RSA

CIS 551 / TCOM 401 Computer and Network Security

Number Theory. Modular Arithmetic

Cryptography. P. Danziger. Transmit...Bob...

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

Number Theory and Group Theoryfor Public-Key Cryptography

OWO Lecture: Modular Arithmetic with Algorithmic Applications

Number Theory A focused introduction

An Introduction to Cryptography

Algorithm for RSA and Hyperelliptic Curve Cryptosystems Resistant to Simple Power Analysis

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.

The RSA public encryption scheme: How I learned to stop worrying and love buying stuff online

Solutions to the Midterm Test (March 5, 2011)

Implementation Tutorial on RSA

Transcription:

RSA-256bit 數位電路實驗 TA: 吳柏辰 Author: Trumen

Outline Introduction to Cryptography RSA Algorithm Montgomery Algorithm for RSA-256 bit 2

Introduction to Cryptography 3

Communication Is Insecure Alice Bob Paparazzi 4

Secure Approach: Cryptosystems Alice Bob Paparazzi 5

Cryptosystems Encryption Scheme Decryption Scheme Alice Encryption Key Decryption Key Bob 6

Encryption vs. Decryption Only Bob knows the decryption key. Encryption Key Only Alice and Bob know the encryption key: PRIVATE cryptosystem Everyone knows the encryption key: PUBLIC cryptosystem RSA is a public cryptosystem. 7

RSA Algorithm 8

RSA Cryptosystem If Bob wants to use RSA, he needs to select a key pair, and announce the encryption key. If Alice wants to communicate with Bob, she needs to use the encryption key announced by Bob. If Bob wants to receive messages from the others, he needs to use the decryption key he selected. 9

How to Select a key pair Key pair selection scheme: Bob (randomly) selects 2 prime numbers p and q. For security reason, p = 2p' + 1 and q = 2q' + 1, where p' and q' are also prime numbers. Bob evaluates n = pq and Ф(n) = (p 1)(q 1) Bob chooses e such that gcd(e, Ф(n)) = 1 Bob finds the integer d (0 < d < Ф(n)) such that ed kф(n) = 1 Finally, Bob announces the number pair (n, e) and keeps (d, p, q, Ф(n)) in secret. Euler's totient or phi function, Ф(n) counts the integers between 1 and n that are coprime to n. Ф(p) = p 1, Ф(q) = q 1 Ф(pq) = (p 1)(q 1) 10

How to Encrypt Encryption Scheme: Whenever Alice wants to tell Bob m which is less than n, she evaluate c = m e mod n, where n and e are the numbers Bob announced. Then Alice sends c to Bob. 11

How to Decrypt Decryption Scheme: Whenever Bob receives an encrypted message c, he evaluate m' = c d mod n Hard to calculate! Fact: m' = m Why the decryption scheme work? Euler's theorem: if gcd(a, n)=1, a Ф(n) mod n = 1 c d mod n = (m e mod n) d mod n =(m e ) d mod n = m ed mod n = m kф(n)+1 mod n =(m k ) Ф(n) m mod n = m 12

Montgomery Algorithm for RSA-256 bit 13

Inverse (1/4) For real number, x and y are the inverse of each other if xy = 1 We write y = x 1, and vice versa. When we say a divided by b, or a / b, we mean that a multiplied by b 1. In the world of modulo N, we want to define the inverse (and then the division operator / ) such that the exponential laws hold. 14

Inverse (2/4) For a positive integer x (< N), We define the inverse of in the world of modulo N is the positive integer y (< N) such that xy mod N = 1 We write y = x 1, and vice versa. We define the division in the world of modulo N as x / y mod N = xy 1 mod N 15

Inverse (3/4) Theorem: If b = an, then b / a mod N = n. Example: a = 2, N = 35, then a 1 = 18 b = 12 = 2 * 6, b / a mod N = ba 1 mod N = 12 * 18 mod 35 = 216 mod 35 = 6 16

Inverse (4/4) Another example: a = 2, N = 35, then a 1 = 18 b = 13 b / a mod N = ba 1 mod N = 13 * 18 mod 35 = 234 mod 35 = 24 or b / a mod N = (b + N) / a mod N = (13 + 35 ) / 2 mod 35 = 24 17

MSB-Based Modular Multiplication We want to evaluate V AB (mod N), where A = 2 n-1 a n-1 +2 n-2 a n-2 + +2a 1 +a 0 We can find that V {2[ (2(2a n-1 B + a n-2 B) + a n-3 B) + + a 1 B] + a 0 B} The Algorithm for MSB-Based Modular Multiplication V n 0 for i = n 1,,1,0 V i (2V i+1 + a i.b) mod N 2V i+1 + a i B < 3N 18

Square and Multiplication Algorithms for Modular Exponentiation Evaluate S = M e mod N where exponent e=(1e k-2 e 1 e 0 ) No need to be k bit MSB-ME( M e mod N) S M for i = k 2,,1,0 S (S.S) mod N if (e i = 1) S (S.M) mod N LSB-ME(M e mod N) S 1, T M for i = 0,1,, k 1 if (e i = 1) S (S.T) mod N T (T.T) mod N (A B) mod N is still hard to implement 19

Montgomery Algorithm Idea: Trying to compare V i with N costs a lot. Idea: How about LSB first to evaluate the multiplication? 20

Montgomery Algorithm: Phase 1 Evaluate V n =(A B 2 -n ) mod N A.B.2 -n = B.2 -n.(2 n-1 a n-1 +2 n-2 a n-2 + +2a 1 +a 0 ) V 0 0 for i = 0,1,, n 1 V i+1 V i+ a i B 2 = B.(2-1 a n-1 +2-2 a n-2 + +2 -(n-1) a 1 +2 -n a 0 ) = 2-1 (a n-1 B +2-1 (a n-2 B+ +2-1 (a 1 B+2-1 a 0 B) )) mod N V i + a i B 2 LSB modular reduction V i+ a i B 2 mod N = V i+ a i B+q i N 2, q i = LSB of (V i + a i B) mod N is easy! 21

Montgomery Algorithm: Phase 2 When to substitute? V 0 0 for i = 0,1,, n 1 q i (V i +a i B) mod 2 V i+1 V i+ a i B +q i N 2 if (V n N) V V n N A=(a n-1 a n-2 a 1 a 0 ) 2, A,B<N V 0 =0<2N, V i+1 V i+ a i B + N 2 < 2N, i=0,1,,n-1 22

Montgomery Algorithm: Modified Version (1/2) A.B.2 -n = B.2 -n.(2 n-1 a n-1 +2 n-2 a n-2 + +2a 1 +a 0 ) = B.(2-1 a n-1 +2-2 a n-2 + +2 -(n-1) a 1 +2 -n a 0 ) = 2-2 ((2a n-1 +a n-2 )B +2-2 ((2a n-3 +a n-4 )B+ + 2-2 ((2a 3 +a 2 )B + 2-2 (2a 1 +a 0 )B) )) V 0 0 for i = 0,2,, n 2 V i+2 V i + 2a i+1 B + a i B 4 mod N V i + 2a i+1 B + a i B mod N = V i + 2a i+1 B + a i B + q i N, 4 4 q i = (k i = 0)? 0: (4 k i ), k i = (V i + 2a i+1 B + a i B) mod 4 23

Montgomery Algorithm: Modified Version (2/2) V 0 0 for i = 0,2,, n 2 k i = (V i + 2a i+1 B + a i B) mod 4 q i = (k i = 0)? 0: (4 k i ); V i+2 V i + 2a i+1 B + a i B + q i N 4 if (V n N) V V n N A=(a n-1 a n-2 a 1 a 0 ) 2, A,B<N V 0 =0<2N, V i+2 V i+ 2a i+1 B+a i B+3N 4 < 2N, i=0,1,,n-1 24

Modular Exponentiation Using Montgomery Algorithm (1/2) Observation on V n = MA(A, B) = (A B 2 -n ) mod N Define A' = 2 n A mod N (A packed ) Fact: If V = AB mod N, then V = MA(A', B) Fact: If V = AB mod N, then V' = MA(A', B') Idea: Pack the integers we want to evaluate, and use Montgomery Algorithm instead of direct modular multiplication. 25

Modular Exponentiation Using Montgomery Algorithm (2/2) Evaluate S = M e mod N MSB-ME( M e mod N) M ' MA(C.M) (pre-processing) S M ' for i = k 2,,1,0 S MA(S.S) if (e i = 1) S MA(S.M ') S MA(S.1) (post-processing) Constant C = 2 2n mod N LSB-ME( M e mod N) T MA(C.M) (pre-processing) S 1 for i = 0,1,, k 1 if (e i = 1) S MA(S.T) T MA(T.T) MSB-ME( M e mod N) S M for i = k 2,,1,0 S (S.S) mod N if (e i = 1) S (S.M) mod N LSB-ME(M e mod N) S 1, T M for i = 0,1,, k 1 if (e i = 1) S (S.T) mod N T (T.T) mod N 26

The End. Any question?

Reference [1] P.L. Montgomery, Modular multiplication without trial division, Mathematics of Computation, vol.44, pp.519-521, April 1985. 28

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback