1 / 87

Lecture 5-6 The RSA and Rabin Algorithms

Lecture 5-6 The RSA and Rabin Algorithms.

comfort
Download Presentation

Lecture 5-6 The RSA and Rabin Algorithms

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 5-6 The RSA and Rabin Algorithms

  2. The possibility of the public key cryptosystem was first publicly suggested by Diffie and Hellman. However, they did not present a practical implementation. In next few years, several methods were proposed. The most successful, based on the idea that factorization of integers into their prime factors is hard, was proposed by Rivest, Shamir, and Adleman in 1977 and is known as the RSA algorithm.

  3. Although the cryptanalysis neither proved nor disproved RSA’s security, it does suggest a confidence level in the algorithm. Rabin developed a public-key cryptosystem based on the difficulty of computing a square root modulo a composite integer. Rabin’s work has a theoretic importance, since the security of the Rabin cryptosystem is exactly the intractability of the integer factorization problem.

  4. The primary objective of an adversary who wishes to ‘attack’ a public-key encryption scheme is to systematically recover plaintext from ciphertext intended for some other entity. If this is achieved, the encryption scheme is informally said to have been broken. A more ambitious objective is key private recovery. A considerable attack is a chosen-ciphertext attack where an adversary selects ciphertext of its choice, and then obtains by some means the corresponding plaintext. (1) The (indifferent) chosen-ciphertext attack. (2) The adaptive chosen-ciphertext attack.

  5. The public-key encryption schemes described in this lecture that there is a means for the sender of a message to obtain an authentic copy of the intended receiver’s public key. There are many techniques in practice by which authentic public keys can be distributed, including exchanging keys over a trusted channel, using a trusted public file, using an on-line trusted server, and using an off-line server and certificates.

  6. Some of the public-key encryption schemes described in this lecture assume that the message to be encrypted is, at most, some fixed size (bit-length). Plaintext messages longer than this maximum must be broken into blocks, each of the appropriate size. To provide protection against manipulation (e.g., re-ordering) of the blocks, the Cipher Block Chaining (CBC) mode may be used.

  7. Outline • RSA Encryption Algorithm • Implementation of RSA Encryption • Security of RSA Encryption • RSA Encryption in Practice • Rabin Encryption Algorithm • Implementation of Rabin Encryption • Security of Rabin Encryption • Summary of Public Key Encryption

  8. 1 RSA Encryption Algorithm 1.1 Description

  9. 1.1 Description (Continued)

  10. 1.1 Description (Continued)

  11. 1.1 Description (Continued)

  12. 1.1 Description (Continued)

  13. 1.2 Example

  14. 2 Implementation of RSA Encryption 2.1 Primality Testing It might be surprising, but factorization and primality testing are not the same. It is much easier to prove a number is composite than it is to factor it. There are many large integers that are known to be composite but that have not been factored.

  15. 2.1 Primality Testing (Continued)

  16. 2.2 Modular Exponentiation

  17. 3 Security of RSA Encryption 3.1 Security Parameters , d  p, q

  18. 3.1 Security Parameters , d p, q (Continued)

  19. 3.2 Relation to Factoring

  20. 3.2.1 Exponent Factorization Method

  21. 3.2.1 Exponent Factorization Method (Continued)

  22. 3.2.1Exponent Factorization Method (Continued)

  23. 3.2.1Exponent Factorization Method (Continued)

  24. 3.2.2 Pollard’s p-1 Algorithm

  25. 3.2.2 Pollard’s p-1 Algorithm (Continued)

  26. 3.2.2 Pollard’s p-1 Algorithm (Continued)

  27. 3.2.2 Pollard’s p-1 Algorithm (Continued)

  28. 3.2.3 Quadratic Sieve

  29. 3.2.3 Quadratic Sieve (Continued)

  30. 3.2.4 Advance in Factoring

  31. 3.3 Small Encryption Exponent e

  32. 3.3 Small Encryption Exponent e (Continued)

  33. 3.4 Small Decryption Exponent d

  34. 3.5 Multiplicative Properties

  35. 3.5 Multiplicative Properties (Continued)

  36. 3.5 Multiplicative Properties (Continued)

  37. 3.6 Common Modulus Attack

  38. 3.7 Partial Key Exposure Attacks

  39. 3.7 Partial Key Exposure Attacks (Continued)

  40. 3.8 Cycling Attacks

  41. 3.8 Cycling Attacks (Continued)

  42. 3.8 Cycling Attacks (Continued)

  43. 3.9 Message Concealing

  44. 3.9 Message Concealing (Continued)

  45. 3.10 Forward Search Attack

  46. 3.11 RSA-OAEP

  47. 3.11 RSA-OAEP (Continued)

  48. 3.11 RSA-OAEP (Continued)

  49. 3.12 Timing Attacks The implementation of a cryptographic algorithm can have weaknesses that were unanticipated by the designers of the algorithm. Adversaries can exploit these weaknesses to circumvent the security of the underlying cryptographic algorithm. Attacks on the implementations of cryptographic systems are a great concern to operators and users of secure systems.

  50. 3.12 Timing Attacks (Continued) Implementation attacks include timing attacks, power analysis attacks, fault insertion attacks, and electromagnetic emission attacks. We refer to them as side-channel attacks. The term side-channel is used to describe the leakage of unintended information from a supposedly tamper-resistant device, such as a smartcard.

More Related