1 / 21

RSA

RSA. Preliminaries. Division Algorithm. Given integers a and b ≠0 , there exist unique Integers q and r such that a = bq +r where 0 ≤ r < |b| a is the dividend , b is the divisor , and r is the remainder . b divides a or b is a factor of a if r=0.

calais
Download Presentation

RSA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RSA Preliminaries

  2. Division Algorithm Given integers a and b≠0, there exist unique Integers q and r such that a = bq +r where 0 ≤ r < |b| a is thedividend, b is thedivisor, and r is theremainder. b divides a or b is afactor of a if r=0.

  3. Greatest Common Divisor The greatest common divisor of two nonzero integers a and b is defined to be the largest positive integer that divides (i.e., is a factor of) both a and b. The greatest common divisor of a and b is denoted by gcd(a,b). We say that a and b arerelatively primeif gcd(a,b)=1.

  4. The Euclidean Algorithm EUCLID(a,b) ifb=0 then returna else return EUCLID(b, a mod b)

  5. A useful relation Fact: If d = gcd(a,b), then there exist unique integers x and y such that d = ax + by x and y can be found using the “extended Euclidean algorithm”

  6. Euler’s phi function • For any positive integer n, φ(n) (Euler’s phifunction) is defined to be the number of positive integers less than n that are relatively prime to n. • φ(n) = nπp|n(1-1/p), (where p runs throughall prime factors of n) • Note that if p is prime, thenφ(p) = p-1.

  7. The Theorems of Euler and Fermat • Euler’s Theorem aφ(n) = 1 mod n for all a in Zn* , where Zn* is the set of all a in Zn such that gcd(a,n)=1 • Fermat’s Theorem If p is prime, then ap = a mod p for all a in Zp and if gcd(a,p)=1, ap-1 = 1 mod p for all a in Zp*

  8. The Chinese Remainder Theorem • Suppose n1, n2, …, nkare positive integers which are pairwise relatively prime. Then, for any given integers a1,a2, …, ak, there exists an integer x solving the system of simultaneous congruences x = a1 mod n1 x = a2 mod n2All solutions are … congruent modulo x = ak mod nk N=n1n2 … nk

  9. Public-key Cryptosystems • Each participant has a public key and a secret key. • Every public and secret key is a one-to-one function from the set D to D, where D is the set of permissible messages. • Alice: PA, SA Bob: PB,SB

  10. Sending a Message Bob uses Alice’s public key to send an encrypted message M to Alice. C = PA(M) M -> PA -----------------------------> SA -> M communication channel Alice uses her secret key to decrypt M

  11. Public and Secret keys are Matched Pairs E.g., M=SA(PA(M)) = PA(SA(M))

  12. Digital Signatures Suppose Alice wished to send Bob a digitally signed response M’ 1. Alice computes her digital signature for the message M’: σ = SA(M’) 2. Alice sends the pair (M’, σ) to Bob. 3. When Bob receives (M’, σ) , he can verify that it originated from Alice by verifying that M’ =PA (σ)

  13. The RSA Cryptosystem A participant creates his public and secret keys as follows: • Select an random two large primes, p and q • Compute n = pq. • Compute e that is relatively prime to φ(n)=(p-1)(q-1) • Compute the modulo φ(n) inverse d of e. • Publish the pair P=(e,n) as RSA public key. • Keep secret the pair S=(d,n) as RSA secret key. The domainD of messages isZn The transformation of a messageMassociated with a public keyP=(e,n)is P(M)=Meand the transformation of a “ciphertext” C associated with a secret keyS=(d,n)is S(C)=Cd

  14. The Correctness of RSA • SA(PA(M)) = Med=Mde=PA(SA(M)) • We have ed = 1 mod (p-1)(q-1). This means that when ed is divided by (p-1)(q-1), the remainder is 1 and so by thedivision algorithm, ed = k(p-1)(q-1)+1 for some k. • Thus, Med = M1+k(p-1)(q-1)=M M(p-1)k(q-1) =M(1)k(q-1) mod p (by Fermat’s theorem) =M mod p if gcd(M,p)=1.

  15. The Correctness of RSA 2 • Also, Med = M1+k(p-1)(q-1)=M M(q-1)k(p-1) =M(1)k(p-1) mod q (by Fermat’s theorem) =M mod q if gcd(M,q)=1 Thus, Med =M mod p Med =M mod q These two congruences hold even when either p or q is not relatively prime to M and so Med =M mod n (by the Chinese Remainder Theorem)

  16. Example (for an extremely simple, breakable code) • Suppose that Alice chooses p=7, q=11 and e=13. Then PA = (13,77) and d=37 since 13*37=1 mod 60 and so her secretkey is SA = (37,n). Suppose that Bob wants to send 52 to Alice. What is the encrypted message?

  17. Encrypted message • Bob uses Alice’s public key to encrypt his message: • 5213 = 17 mod 77

  18. Decrypted message • Alice receives the encrypted message 17. • Alice uses her secret key (37,77) to decrypt Bob’s message 1737 = 52 mod 77

  19. Verification • Suppose that Alice wants to verify to Bob that she received his message. • She sends encodes the message she received with her secret key and sends it to Bob: 5237 = 24 mod 77 Bob uses Alices’s public key to obtain 2413 = 52 mod 77

  20. Breaking the code • Messages encrypted with RSA can be decrypted by determining primes p and q such that n=pq since in that case a d can be determined such that de = 1 mod φ(n)

  21. Asignment • Write an openMP program such that givenan integer n, the program determines twoprimes p and q such that n = pq, if such primes exist.

More Related