1 / 19

The RSA Cryptosystem

The RSA Cryptosystem. CS5350 – Advanced Algorithms Ref: Security Engineering, R. Anderson, Wiley Coding Theory and Cryptography, D. Joyner (ed), Springer-Verlag. Introduction. Cryptography is the science and art of designing ciphers Cryptanalysis is the science of breaking them

myron
Download Presentation

The RSA Cryptosystem

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The RSA Cryptosystem CS5350 – Advanced Algorithms Ref: Security Engineering, R. Anderson, Wiley Coding Theory and Cryptography, D. Joyner (ed), Springer-Verlag

  2. Introduction • Cryptography is the science and art of designing ciphers • Cryptanalysis is the science of breaking them • A cryptosystem is a method of secret communication over public channels (key technology for protecting distributed systems)

  3. General cryptosystems • How do they work: • Bob wants to send a msg x to Alice using an encryptor E such that y=xE • Bob sends y to Alice who uses de decryptor D such that x = yD = (xE)D

  4. Properties of cryptosystems • E: Dom(E)= X Im(E) = Y • E is a bijection (one-to-one function) • D = E-1 is the inverse function of E • D: YX is also a bijection • E and D satisfy the following xE = y if and only if yD = x

  5. Caesar’s cipher and more • A is replaced with D, B with E etc… abcdefghijklmnopqrstuvwxyz defghijklmnopqrstuvwxyzabc • Monoalphabetic substitution (Arabs). Choose a key work, for example “security” abcdefghijklmnopqrstuvwxyz securityabdfghjklmnopqvwxz Problem: it is very easy to break. Statistical analysis, AI tools etc…

  6. What we need • A one-to-one function such that • Encrytping is fast • Decrypting is fast • Decrypting without the “key” is virtually impossible (or will take too long)

  7. Modular Arithmetic 1 • Let Z denote the set of positive and negative integers. • Let me be an integer greater than 1 • Definition: a and b are said congruent modulo m iff m | a-b (abmod(m) or aRmb). • This is an equivalence relation that preserves + and x

  8. Modular Arithmetic 2 • Definition: the quotient set Z/Rm = Z/mZ is the set of all equivalence classes that is Z/mZ = {[0],[1],…,[m-1]} • We will denote the quotient set by Zm • We define Z*m = {aZm | gcd(a,m) = 1} • The cardinal of this set is denoted by (m) and is called Euler function Exercise: compute (33)

  9. RSA Algorithm 1 • Rivest, Shamir, Adleman (1978) • Assumption: we have a method that converts letters (or symbols) into numbers. Ex: A=01, B=02, etc…ASCII,… • A message is a number • Because RSA algorithm is a cipher, we will talk about encipher and decipher rather than encrypt and decrypt

  10. RSA Algorithm 2 • Secretly choose two large prime numbers p and q (saw 100 digits or more) with 100<q/p<10000 so q has 2 to 4 more digits than p. • Choose m = pq • Choose e>105 such that gcd((m),e)=1 • Secretly find d such that ed1mod((m)) that is de-1mod(m) and ed = k+1 for some k

  11. Example • We choose p=3, q=11. Then m=33 • Z33 = {0,…,32} • (33)=20 (in general (m)=(p-1)(q-1)) • We choose e=7. Can we? • Find an appropriate d

  12. Publishing and secret 5. Publish the enciphering key (m,e) 6. Keep the deciphering key (m,d) secret • It is easy to find the deciphering number d when the factorization is known • It is difficult to find d from the m and e when the factorization is not known

  13. How does it work? • Anyone can use my public key to encipher a message xX=Zm • The enciphered message is y = xE = xemod(m) Example: x=17. Then y=17E = 177mod(33)=17(-16)6=17((16)2)3=17((8)(32))3=17(-8)3=17(64)(-8)=17(-2)(-8)=(-34)(-8)=(-1)(-8)=8. y=8 is the enciphered message. It can be deciphered with me secret key (33,3). Indeed: x=y3=83=8(82)=8(64)=8(-2)=-16=17 Note: all these equalities are mod(33)!

  14. Example 2 Alice and Bob have independently taken the previous steps to set their RSA cryptosystems. Alice: (mA,eA) public, (mA,dA) private Bob: (mB,eB) public and (mB,eB) private Bob uses Alice’s encipherer EA to encipher a message x and send it to Alice. Alice uses her (private) decipherer DA to decipher x

  15. RSA for signature • Assume that mA<mB, then XAXB. • Bob wants to send x to Alice. So he applies EA to get y=xeA(modm)=xEA • Since y is in XB, Bob can apply his decipherer DB to obtain z=yDB=xEADB. • Alice knowing the message comes from Bob, can apply his public encipherer EB to obtain y=xEADBEB. As y is in XA, Alice applies her decipherer to get x back. Exercise: explain how Alice can send a signed message to Bob. Hint: think of what happens if Bob decides to first apply his decipherer then Alice’s decipherer.

  16. Mod Power Algorithm • To compute xe(modm) 1. Ee, Bx, P1 2. Do until E=0 3. If E even 4. EE/2, BB.B(modm) 5. Else 6. EE-1,PP.B(modm) 7. End if 8. Return P Complexity: O((loge)(logm)2)

  17. Exercise: • Compute the following: 1. 477(mod 33) 2. 635(mod65) using the mod power algorithm described previously.

  18. Exercise • (mA,dA)=(33,3) and (mA,eA)=(33,7) • (mB,dB)=(33,3) and (mB,eB)=(65,11) • What is the enciphered message (for Alice encipherer) of the message x=18?

  19. Some theoretical issues • How to choose p and q? • If always the same, then the factorization is easy to find and it defeats the purpose • Use a random number generator, add 1 if even then test for primality?

More Related