1 / 52

RSA and its Mathematics Behind

RSA and its Mathematics Behind. July 2011. Topics. Modular Arithmetic Greatest Common Divisor Euler’s Identity RSA algorithm Security in RSA. Modular Arithmetic . A system of arithmetic for integers, where numbers wrap around  after they reach a certain value—the modulus

burressj
Download Presentation

RSA and its Mathematics Behind

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RSA and its Mathematics Behind July 2011

  2. Topics • Modular Arithmetic • Greatest Common Divisor • Euler’s Identity • RSA algorithm • Security in RSA

  3. Modular Arithmetic • A system of arithmetic for integers, where numbers wrap around after they reach a certain value—the modulus • Modular or "clock" arithmetic is arithmetic on a circle instead of a number line • In modulo N , we use only the twelve whole numbers from 0 through N-1 The 12-hour clock : modulo 12 If the time is 9:00 now, then 4 hours later it will be 1:00 9+4 =13 13 % 12= 1

  4. Modular Clock Arithmetic • 1:00 and and 13:00 hours are the same • 1:00 and and 25:00 hours are the same • 1  13 (mod 12) a  b (mod n) n is the modulus a is congruent to b modulo n a-b is an integer multiple of (divisible by) n a % n = b % n

  5. Example • 38  14 (mod 12) • 38-14 = 24 ; multiple of 12 • 38  2 (mod 12) • 38-2 = 36 ; multiple of 12 • The same rule for negative number • -8  7 (mod 5) • 2  -3 (mod 5) • -3  -8 (mod 5)

  6. Congruence Class Example • Congruence Classes of the integers modulo 5 -- 1  6  11 (mod 5) 10 5 0 -- 14 9 4 1 6 11 -- 3 2 8 7 13 12 -- --

  7. Replace of congruence item • Let 11 +16  3 (mod 12) and 16  4 (mod 12), therefore 11 +16  11 + 4  (mod 12) • Let 9835  7 (mod 12) and 1177  1 (mod 12), therefore 9835*1177  7 * 1  7 (mod 12)

  8. Modular Arithmetic Notation

  9. Exercise (I) A: Compute • 113 mod 24: • -29 mod 7

  10. Exercise (I), cont A: Compute • 113 mod 24: • -29 mod 7

  11. Exercise (I), cont A: Compute • 113 mod 24: • -29 mod 7

  12. Exercise (I), cont A: Compute • 113 mod 24: • -29 mod 7

  13. Exercise (II) Q: Which of the following are true? • 3  3 (mod 17) • 3  -3 (mod 17) • 172  177 (mod 5) • -13  13 (mod 26)

  14. Exercise (II), cont A: • 3  3 (mod 17) • True. any number is congruent to itself • (3-3 = 0, divisible by all) • 3  -3 (mod 17) • False. (3-(-3)) = 6 isn’t divisible by 17. • 172  177 (mod 5) • True. 172-177 = -5 is a multiple of 5 • -13  13 (mod 26) • True: -13-13 = -26 divisible by 26.

  15. Topics • Modular Arithmetic • Greatest Common Divisor • Euler’s Identity • RSA algorithm • Security in RSA

  16. Greatest Common Divisor • Def:Let a,b be integers, not both zero. The greatest common divisor of a and b (or gcd(a,b) ) is the biggest number d which divides both a and b without a remainder • gcd (8,12) =4 • Find gcd (54, 24) • 54x1 = 27x2 = 18x3 = 9x6; {1, 2 ,3, 6, 9, 18, 27, 54} • 24x1 = 12x2 = 8x3 = 4x6; {1, 2 ,3, 4, 6, 8, 12, 54} • Share number : {1, 2, 3, 6} • gcd (54, 24) = 6

  17. Finding GCD • gcd(a,0) = a, and gcd(a,b) = gcd(b, a mod b) Find gcd(132, 28) : r = 132 mod 28 = 20 => gcd(28, 20) r = 28 mod 20 = 8 => gcd(20,8) r = 20 mod 8 = 4 => gcd(8,4) r = 8 mod 4 = 0 => gcd(4,0) gcd(132, 28) = 4

  18. GCD and Relatively Prime • Def: two integers a and b are said to be relatively prime (also called co-prime) if gcd(a,b) = 1 • so no prime common divisors. Find gcd(28, 15) : r = 28 mod 15 = 13 => gcd(15, 13) r = 15 mod 13 = 2 => gcd(13, 2) r = 13 mod 2 = 1 => gcd(2,1) r = 2 mod 1 = 0 => gcd(1,0) gcd(28,15) = 1 15 and 28 are relative prime Since a prime number has no factors besides itself, clearly a prime number is relatively prime to every other number (except for multiples of itself)

  19. Test Relative Prime Q: Find the following gcd’s: • gcd(77,11) • gcd(77,33) • gcd(36,24) • gcd(23,7)

  20. Test Relative Prime A: • gcd(77,11) = 11 • gcd(77,33) = 11 • gcd(36, 24) = 12 • gcd(23,7) = 1. Therefore 23 and 7 are relatively prime.

  21. Topics • Modular Arithmetic • Greatest Common Divisor • Euler’s Identity • RSA algorithm • Security in RSA

  22. Euler's Totient Function • (N) = the numbers between 1 and N - 1 which are relatively prime to N • Thus:  • (4) = 2   (1 and 3 are relatively prime to 4) • (5) = 4   (1, 2, 3, and 4 are relatively prime to 5) • (6) = 2   (1 and 5 are relatively prime to 6) • (7) = 6   (1, 2, 3, 4, 5, and 6 are relatively prime to 7) • (8) = 4   (1, 3, 5, and 7 are relatively prime to 8) • (9) = 6   (1, 2, 4, 5, 7, and 8 are relatively prime to 9) Compute (N) in C code: phi = 1; for (i = 2 ; i < N ; ++i) if (gcd(i, N) == 1) ++phi;

  23. Euler's Totient Function, cont • Note that (N) = N-1 when N is prime • Somewhat obvious fact that (N) is also easy to calculate when N has exactly two different prime factors: • (p*q) = (p-1)*(q-1) • Example: Find  (15) •  (15) =  (3*5) = (3-1) * (5-1) = 4*2 =8 • {1, 2, 4, 7, 8, 11, 13, and 14}

  24. Euler’s Totient Theorem • One of the important keys to the RSA algorithm • If gcd(m, n) = 1 and m < n, then m(n) 1 (mod n) m(n) 1 (mod n) where (n) = (p1-1)*(q-1) relatively prime m(p-1)(q-1) mod n = 1 3840 mod 55 = 1 m(p-1)(q-1) mod n = 1 • Example: replace (p-1)(q-1) with (11-1)(5-1) M=38 n=55

  25. More in Euler’s Theorem • Multiply both sides of equation by m m(p-1)(q-1) mod n = 1 m(p-1)(q-1) *m mod n = 1*m m(p-1)(q-1)+1 mod n = m m(n)+1 mod n = m

  26. The Road to crypto • If we can find two numbers, call them e and d, such that e*d = [(p-1)(q-1)]+1 n= p*q • Use e as the private key and d as the public key; Encrypts: cme (mod n) Decrypts: mcd (mod n) cd= (me (modn))d = med (modn) = m(p-1)(q-1)+1 (modn) = m(n)+1 (modn) = m Recall Euler’s theorem m(n)+1 mod n = m

  27. A trapdoor one-way function Public key c = f(m) = me mod n Message m Ciphertext c m = f-1(c) = cd mod n Private key (trapdoor information) n = p*q (p & q: primes) e*d = 1 mod (p-1)(q-1)

  28. Topics • Modular Arithmetic • Greatest Common Divisor • Euler’s Identity • RSA algorithm • Security in RSA

  29. RSA Shamir Rivest Adleman • Public key cryptosystem • Proposed in 1977 by Ron L. Rivest, Adi Shamir and Leonard Adleman at MIT • Best known & widely used public-key scheme • Based on exponentiation in a finite (Galois) field over integers modulo a prime • Main patent expired in 2000 Rivest Shamir Adleman

  30. RSA Algorithm • Uses two keys : e and d for encryption and decryption • A message m is encrypted to the cipher text by c = memod n • The ciphertext is recover by m = cdmod n • Because of symmetric in modular arithmetic m = cdmod n = (me)dmod n = (md)emod n • One can use one key to encrypt a message and another key to decrypt it

  31. RSA Key Setup • Selecting two large primes at random : p, q • Typically 512 to 2048 bits • Computing their system modulus n=p*q • note ø(n)=(p-1)(q-1) • Selecting at random the encryption key e • where 1<e<ø(n), gcd(e,ø(n))=1 • Meaning: there must be no numbers that divide neatly into e and into (p-1)(q-1), except for 1. • Solve following equation to find decryption key d • e*d=1 mod ø(n) and 0≤d≤n • In other words, d is the unique number less than nthat when multiplied by e gives you 1 modulo ø(n) • Publish public encryption key: PU={e,n} • Keep secret private decryption key: PR={d,n}

  32. Example: Key Generation Step by Step

  33. Key Generation : Find n and ø(n) 1) Generate two large prime numbers, p and q Lets have: p = 7 and q = 19 2) Find n = p*q n =7*19 = 133 3) Find ø(n) = (p-1)(q-1) ø(n) = (7-1)(19-1)= 6 * 18 = 108

  34. Key Generation : Generate Private Key 4) Choose a small number,ecoprime to 108 Using Euclid's algorithm to find gcd(e,108) e = 2 => gcd(e, 108) = 2 ✗ e = 3 => gcd(e, 108) = 3 ✗ e = 4 => gcd(e, 108) = 4 ✗e = 5 => gcd(e, 108) = 1 ✓

  35. Key Generation : Generate Public Key 5) Find d, such that e*d = 1 mod ø(n) and 0≤d≤n ; e=5; ø(n)=108 Using extended Euclid algorithm; e*d = 1 mod ø(n) => e*d = 1+k*ø(n) ; d, k are interger = (1+k*ø(n))/e d = (1+k*108)/5 Try through values of k until an integer solution for d is found: k = 0 => d = 1 / 5 = 0.2 ✗ k = 1 => d = (1+1*108)/ 5 =109/5 = 21.8 ✗ k = 2 => d = (1+2*108)/5 = 217/5 = 43.4 ✗k = 3 => d = (1+3*108)/5 = 325/5 = 65 ✓

  36. Example : Encryption • PU= {e,n} = {5,133} • Lets use the message m=16 c = memod n  = 165mod 133  = 1048576 mod 133  = 4

  37. Example: Decryption • PR={d,n}={65,133} • From the encryption c=4 m = cdmod n = 465mod 133 = 1.361129467683755x1039mod 133 = 16

  38. Encode the ASCII String Message input string Message input ASCII Message input binary Message input 16 bit binary padding Message input 16 bit decimal for “Secret!”

  39. Sample 16 bits key n = 1602475129 e = 64037 d = 1004908973 m =104 c = (10464037) mod 1602475129 = 1187226754 m = (11872267541004908973 ) mod 3910095493 = 104 Directly computation of exponential needs too much memory and very slow

  40. How to deal with 1024 bits? • n=93518075472517812751194715143409086574889727146298665297205834171602866192290591599380402185583024174931294331877382418445371201620581216480790833180280145991040770705928231264142720249609405749244943892408117844772524625134689327476917023068462758680788043986062882531909490562722483341876279065122161924203 • e=47609 • d=11964515064443823593596316031391223220980346742172807039116148962154908903300678305190741870494784604791247742558447694989408640993739843088166039297214523541519746037912861388519729724288825143561005547814973195750655549449328508806029373024427172453884284448045662068755190227462789262813325769121319683889 we could still end up with a number with so many digits (before taking the remainder on dividing by p) that we wouldn't have enough memory to store it

  41. Using Modular Exponential • Using modular reduction to enhance computation f mod i = j and f = g * hthen (( g mod i ) * (h mod i)) mod i = j

  42. Modular Exponential : 2320 mod 29 232 mod 29 = 7 234=232*232 mod 29 = 7*7 mod 29 =49 mod 29 = 20 238=234*234 mod 29 = 20*20 mod 29 =400 mod 29 =23 2316=238*238 mod 29 = 23*23 mod 29 =529 mod 29 =7 2320=2316*234 mod 29 = 7*20 mod 29 =140 mod 29 =24

  43. Modular Exponential : 23391 mod 55 23391 = 23256*23128*234*232*231 = 1*1*1*34*23 = 722 722 mod 55 = 12

  44. Modular Exponential : 31397 mod 55 31397 % 55 = (31256*31128*318*314*311 ) % 55 = (31*36*36*16*33) = ((1116 % 55)*36*16*33 ) % 55 = (16*36*16*33 ) % 55 = ((576 mod 55) *16 *33) % 55 = (26*16*33) % 55 = ((416 % 55) *33 ) % 55 = (31*3 ) % 55 = 961 % 55 = 26  31397 mod 55 = 1.1765014105569728144308343503655x1059 mod 55 = 26

  45. Modular Exponential for RSA • The running time of RSA encryption, decryption is simple

  46. Topics • Modular Arithmetic • Greatest Common Divisor • Euler’s Identity • RSA algorithm • Security in RSA

  47. Analyzing RSA • RSA depends on being able to find large primes quickly, whereas anyone given the product of two large primes “cannot” factor the number in a reasonable time. • If any one of p, q, m, d is known, then the other values can be calculated. So secrecy is important • 1024 bits is considered in risk • To protect the encryption, the minimum number of bits in n should be 2048 • RSA is slow in pratice • RSA is primary used to encrypt the session key used for secret key encryption (message integrity) or the message's hash value (digital signature)

  48. RSA-Numbers • RSA numbers are a set of large semiprimes (numbers with exactly two prime factors) that are part of the RSA Factoring Challenge • Officially ended in 2007 but people can still attempt to find the factorizations http://en.wikipedia.org/wiki/RSA_numbers#RSA-768

  49. RSA-768 • RSA-768 has 768 bits (232 decimal digits), and was factored on December 12, 2009 RSA-768 = 12301866845301177551304949583849627207728535695953347921973224521517264005           07263657518745202199786469389956474942774063845925192557326303453731548268           50791702612214291346167042921431160222124047927473779408066535141959745985           6902143413 RSA-768 = 33478071698956898786044169848212690817704794983713768568912431388982883793           878002287614711652531743087737814467999489         ×36746043666799590428244633799627952632279158164343087642676032283815739666           511279233373417143396810270092798736308917

  50. RSA-1024 and RSA-2048 • RSA-1024 has 1,024 bits (309 decimal digits), and has not been factored so far RSA-1024 =13506641086599522334960321627880596993888147560566702752448514385152651060 48595338339402871505719094417982072821644715513736804197039641917430464965           89274256239341020864383202110372958725762358509643110564073501508187510676           59462920556368552947521350085287941637732853390610975054433499981115005697           7236890927563 • RSA-2048 has 2,048 bits (617 decimal digits) • may not be factorizable for many years to come, unless considerable advances are made in integer factorization  RSA-2048 = 25195908475657893494027183240048398571429282126204032027777137836043662020        70759555626401852588078440691829064124951508218929855914917618450280848912         00728449926873928072877767359714183472702618963750149718246911650776133798         59095700097330459748808428401797429100642458691817195118746121515172654632         28221686998754918242243363725908514186546204357679842338718477444792073993         42365848238242811981638150106748104516603773060562016196762561338441436038         33904414952634432190114657544454178424020924616515723350778707749817125772         46796292638635637328991215483143816789988504044536402352738195137863656439         1212010397122822120720357

More Related