1 / 31

RSA Cryptosystem

RSA Cryptosystem. 電機四 B88901144 游志強. Outline. Introduction(Cryptography) RSA Cryptosystem Modular Exponentiation Algorithms Modular Multiplication Algorithms MATLAB Simulation Reference. Cryptography. Symmetric : (conventional). Public channel. Message. Message. Encryption.

srodriquez
Download Presentation

RSA Cryptosystem

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RSA Cryptosystem 電機四 B88901144 游志強

  2. Outline • Introduction(Cryptography) • RSA Cryptosystem • Modular Exponentiation Algorithms • Modular Multiplication Algorithms • MATLAB Simulation • Reference

  3. Cryptography • Symmetric : (conventional) Public channel Message Message Encryption Decryption Secret channel Key generator Terminal (transmitter) Terminal (receiver) • Public key : (e.g. RSA) Public channel Message Message Encryption Decryption Public channel Key generator Terminal (transmitter) Terminal (receiver)

  4. Comparison • Symmetric: (fast) • At least 1000 times faster than public-key • Public key: (slow) • Computers are getting faster=> in 15 years. • Bandwidth requirement are also increasing. • Are used for encrypt keys, not for encrypt messages.

  5. Public Key Cryptosystems • Pohlig-Hellman encryption scheme • Rabin’s scheme • RSA Cryptosystem • Named after its inventers:Rivest, Shamir and Adleman • Patent:Sep. 20, 1983tonow

  6. RSA Cryptosystem • RSA key generate: • Generate two large prime numbers: p, q • Compute N =p *q, z =(p -1)*(q -1) • Choose a number relatively prime to z and call it e. • Find d such that e *d = 1 ( mod z ) (extended Euclidean algorithm) • The keys: Public key <==> Private key Ke=(N, e) Kd=(N, d)

  7. En/Decryption • Encryption: • Use public key: Ke = (N, e) • C = M e mod N ( M : Message/Plaintext ) • Decryption: • Use private key: Kd = (N, d) • M = C d mod N ( C : Encrypted message/Ciphertext) • C d = M e*d = M r(p-1)(q-1)+1 = M (mod N)

  8. RSA Operation • Processing block diagram : C = M e mod N M = C d mod N Public channel Message Message Encryption Decryption M C M Ke Kd Public channel Key generator Ke Kd=(N, d) Ke=(N, e) Terminal (transmitter) Terminal (receiver) N =p *q z =(p -1)*(q -1) e *d = 1 (mod z )

  9. Security of RSA Cryptosystem • Security based on long wordlength • The number of N, e, d in Kd, Ke >= 1024 bit • Attack!!! • Exhaustive search: (Impossible) • Only 1 available key in 21024 elements • Add more security • Increase wordlength (e.g. 2048, 4096..)

  10. Implementation Problem • Large exponent and modular (issue) • How to compute M e mod N (1024 bit) • High computational complexity • How to improve speed performance

  11. Implementation of RSA • Software • Very slow (low efficiency) • Hardware • Montgomery’s Algorithm • Now • A new sequential algorithm called Montgomery Product Algorithm is used to design a word-based RSA processor

  12. Modular Exponentiation • H Algorithm • MSB first (1 bit/iteration) • L Algorithm • LSB first (1 bit/iteration) • M-array Algorithm • MSB first (m bit/iteration)

  13. H Algorithm R=ME (mod N) Output:Result= R[k-1] = ME(mod N) H(M,E,N) { R[0]=M; for(i=0;i<k-1;i++) { R[i+1] = R[i] * R[i] (mod N); //Squaring if( E[k-i-2]==1) R[i+1] = R[i+1] * M (mod N); //Multiplying else R[i+1] = R[i+1];} return R[k-1];}

  14. L Algorithm R=ME (mod N) Output:Result= R[k] = ME(mod N) L(M,E,N) { R[0]=1; M[0]=M; for(i=0;i<k;i++) { M[i+1] = M[i] * M[i] (mod N); //Squaring if( E[i]==1) R[i+1] = R[i] * M[i] (mod N); //Multiplying else R[i+1] = R[i];} return R[k];}

  15. Block Diagram & Flowchart L H

  16. Example for H & L Algorithm Calculate ME mod N, if E=1310=11012 1, H Algorithm R=(((M1)2*M1)2*M0)2*M1 mod N =(((M1)2*M1)2)2*M1 mod N =M13 mod N 5 mul 2, L Algorithm R= (M)1 *(M2)0 *(M4)1* (M8)1 mod N = (M)1 *(M4)1* (M8)1 mod N =M13 mod N 3 mul & 2 mul

  17. M-array Algorithm • Is similar to H Algorithm • But scans m-bit in exponent in a single iteration • Needs another time to create the storage table

  18. Comparison of H, L & M-array

  19. Modular Multiplication • Montgomery’s Algorithm • P. L. Montgomery • Booth-Encoded Montgomery’s Algorithm • 呂誌忠學長 • Montgomery Product Algorithm • C. K. Koc, RSA Libratory

  20. Montgomery’s Algorithm M(A,B,N) /* P [n]=A*B*2 - n mod N */ { P[0]=0; for (i=0;i<n;i++) /* n iteration */ { qi=(P[i]+aiB) mod 2; P[i+1]=(P[i]+aiB+qiN) div 2; } return P[n]; }

  21. Booth-Encoded Montgomery • Scan 2-bit/iteration • Montgomery’s: 1-bit/iteration • Booth-encoded

  22. Montgomery Product Algorithm MonPro(a, b) { t = A*B; m = (t*N’) mod 2n; u = (t + m*N) div 2n; if(u >= N)then return u – N; else return u; } N’ * N = -1 (mod 2n)

  23. Extension of Montgomery Product Algorithm (1) • n = r * s • Use a r-bit processor • Slower speed • Very small chip area!!

  24. Extension of Montgomery Product Algorithm (2) //t = A * B for(i = 0; i < s; i = i + 1) { C = 0; for(j = 0; j < s; j = j + 1) { (C, S) = t[i+j] + A[j]*B[i] + C; t[i+j] = S;} t[i+s] = C;}

  25. Extension of Montgomery Product Algorithm (3) // m = (t * N’) mod 2r // t = t + m * N for(i = 0; i < s; i = i + 1) { C = 0; m = (t[ i ] * N’) mod 2r; for(j = 0; j < s; j = j + 1) { (C, S) = t[ i + j ] + m * N[ j ] + C; t[ i + j ] = S;}

  26. Extension of Montgomery Product Algorithm (4) for(j = i + s; j < 2s; j = j + 1) { (C, S) = t[ j ] + C; t[ j ] = S; } } t[ 2s ] = C; // u = t div 2r*s for(j = 0; j <= s; j = j + 1) { u[ j ] = t[ j + s ]; }

  27. Extension of Montgomery Product Algorithm (5) B = 0; for(j = 0; j <= s; j = j + 1) { (B, D) = u[ j ] – n[ j ] – B; v[ j ] = D; } if(B = 0)then return v[ s-1 : 0 ]; else return u[ s-1 : 0 ];

  28. Modular Inverse Algorithm • N’ * N = -1 (mod 2r) • N’ * (2r - N) = 1 (mod 2r) • N’ = ModInverse(2r - N) ModInverse(x, 2w) {y = 1; for(i = 2; i <= w; i = i + 1) { if( 2i –1 < [x * y (mod 2i)] )then y = y + 2i –1;} } return y;}

  29. MATLAB Simulation • Extension of Montgomery Product Algorithm

  30. MATLAB Simulation • Extension of Modular Exponentiation

  31. Reference [1] P. L. Montgomery, “Modular multiplication without trial division,”Math. Comput., vol. 44, pp.519-521, Apr. 1985. [2] Jye-Jong Leu and A.-Y. Wu, “A Scalable Low-Complexity Bit-Serial VLSI Architecture for RSA Cryptosystem,” in IEEE Workshop on Signal Processing Systems (SiPS-99), pp. 586-595, Taipei, Oct. 1999. [3] Jye-Jong Leu, and An-Yeu Wu, “Design Methodology For Booth-Encoded Montgomery Module Design For RSA Cryptosystem,” To appear ISCAS 2000. [4] C. K. Koc, “RSA hardware implementation”, Technical Report 2, RSA Laboratories, RSA Data Security, Inc., Redwood City, CA, 1995.

More Related