140 likes | 366 Views
RSA. The algorithm was publicly described in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT Partly used for PGP (Pretty Good Privacy) to encrypt session keys. RSA – Step 1. Choose two distinct large random prime numbers p and q, e.g. p = 17 and q = 11
E N D
RSA • The algorithm was publicly described in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT • Partly used for PGP (Pretty Good Privacy) to encrypt session keys
RSA – Step 1 • Choose two distinct large random prime numbers p and q, e.g. p = 17 and q = 11 • Let n = p*q, e.g. n=17*11=187 • Choose e such that and e and are coprime • is Euler’s totient
Euler’s Totient • the totient φ(n) of a positive integer n is defined to be the number of positive integers less than or equal to n that are coprime to n. • φ(9)=6 because the six numbers 1, 2, 4, 5, 7 and 8 are coprime to 9
RSA – Step 2 • e.g. e = 7 thus 7 and (17-1)*(11-1) = 160 are coprime • e can be published as the public-key exponent • n is the modulus • This is all that is needed to encrypt
RSA - Encryption • A cyphertext C can be created from a message M using the formulaC = Me(mod n) • Example: Message M is “X” in ASCII 1011000 or 88 in decimal • C = 887(mod 187) = 11
887(mod 187) = [884(mod 187)* 882(mod 187)*881(mod 187)] 881 = 88 = 88(mod 187) 882 = 7,744 = 77(mod 187) 884 = 59,969,536 = 132(mod 187) 887 = 881 *882 *884 = 88*77*132 = 894,432 = 11(mod 187)
RSA - Decryption • Modulus operation is a one way function • Given only the public-key (7,187) the only way to decrypt is through brute-force i.e. try all possible keys • This problem is simplified because you know how the private-key is created.
RSA- Private-key • The decryption key d is created with the following formulae*d = 1(mod(p-1)*(q-1)) • e.g 7*d=1(mod(16*10))7d = 1 (mod 160)d = 23 using Euclid’s algorithm
Extended Euclid’s Algorithm • e * d (mod φ(n) ) = 1 In other words, there is another number also relatively prime to φ(n) that is its reciprocal. • ax + by = gcd(a,b)The extended Euclidean algorithm is particularly useful when a and b are coprime, since x is the modular multiplicative inverse of a modulo b
Extended Euclid’s Algorithm function extended_gcd(a, b) if a mod b = 0 return {0, 1} else {x, y} := extended_gcd(b, a mod b) return {y, x-y*(a div b)} Example: extended_gcd(160, 7 ) := (-1,1+1*22) extended_gcd(7, 160(mod 7) ) := (1,0-1*1) extended_gcd(6, 7(mod 6) ) := (0,1) X = -1 Y=23 23 is the multiplicative inverse of e
RSA - Decryption • Now we have our private-key (d,n) e.g. (23,187) • M = Cd (mod n)M = 1123 (mod 187)M = [111 (mod 187)*112 (mod 187)*114 (mod 187)*1116 (mod 187)](mod 187)M = 11*121*55*154 (mod 187)M = 88 = “X”
RSA - Cryptanalysis • The security of RSA is based on two problems: • The problem of factoring large numbers • The RSA problem
Factoring Large Numbers • RSA-200 is largest number factored so far. It has 200 decimal digits which corresponds to 663 bits • The sieving effort is estimated to have taken the equivalent of 55 years on a single 2.2 GHz Opteron CPU. • The matrix step reportedly took about 3 months on a cluster of 80 2.2 GHz Opterons. The sieving began in late 2003 and the matrix step was completed in May 2005.
RSA Problem • The RSA problem is the task of finding eth roots modulo a composite number N whose factors are not known • In other words to find integer P such that Pe ≡ C (mod N), given integers N, e and C such that N is the product of two large primes, 2 < e < N is coprime to φ(N), and 0 <= C < N. C is chosen randomly within that range • the most efficient means known to solve the RSA problem is to factor the modulus N and thus discover the private key