1 / 35

Public Key Encryption and the RSA Public Key Algorithm

Public Key Encryption and the RSA Public Key Algorithm. CSIS 5857: Encoding and Encryption . Public Key Encryption. Recipient (Alice) generates key pair : Public key k PU Does not have to be kept secret Distributed to all senders (such as Bob) Private key k PR Kept secret by Alice. +.

stash
Download Presentation

Public Key Encryption and the RSA Public Key Algorithm

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Public Key Encryption and the RSA Public Key Algorithm CSIS 5857: Encoding and Encryption

  2. Public Key Encryption Recipient (Alice) generates key pair: Public keykPU Does not have to be kept secret Distributed to all senders (such as Bob) Private keykPR Kept secret by Alice + Key pair generator Copy of Alice’s public key 2

  3. Public Key Encryption Bob uses Alice’s public keykPUto encrypt message C= E(kPU,P) Alice uses her private keykPRto decrypt message P= D(kPR, C) C E D P P Alice’s kPU Alice’s kPR List of others’ public keys 3

  4. Public Key Encryption Central idea: Adversary cannot determine private key from corresponding public key Could theoretically find private key, but computationally infeasible to do so Cannot read intercepted messages encrypted with public key “I still can’t compute 4

  5. Public and Symmetric Keys Problem: How to securely distribute a symmetric keyKS? Solution: Use public key encryption to securely send it Use faster symmetric key algorithm (like AES) to securely transmit the rest of the message Epublic (kS, kPU) ks ks E D D E P P Esymmetric (P, kS) 5

  6. Public Key Math Public key algorithms are mathematical functions of integer numbers Keys are large numbers Plaintext translated to large numbers (not bits) Encryption is a mathematical function of plaintext and key which creates another large number as ciphertext Alice’s KPR Alice’s KPU 6

  7. Trapdoor One-Way Functions One-way functions: Function: y= f (x) Inverse function: x= f -1 (y) Given x, y= f (x) very easy to compute Given y, x= f -1 (y) computationally infeasible to compute Example: Factoring p and q are very large prime numbers n = p x q is easy to compute Factoringninto p and q infeasible Must try almost all possible p and q 7

  8. Trapdoor One-Way Functions Trapdoor functions: Given one-way function: y= f (x) There exists some “secret trapdoor” that allows x= f -1 (y) to be easily computed Example (very simple): n = p x q product of two large primes Factoring ninto p and q to find p infeasible Finding p is easy if know q q is a “trapdoor” for finding p from n 8

  9. Trapdoor One-Way Functions Idea behind public-key encryption: Encryption function C =E (KPU,P) must be one way Must not be able to compute P from C Must have trapdoor to allow decryption Must be able to easily compute P from C if know trapdoor Trapdoor = private key 9

  10. Trapdoor One-Way Functions Factoring/Discrete Logarithms RSA, Rabin, ElGamal Easy to implement, well understood Elliptic Curve Relatively new, thought to be much faster than factoring/discrete logarithms NP-Complete problems Example: “knapsack problem”, Merkle and Hellman (1978) Exponential time to solve problem Easy to confirm solution if given 10

  11. RSA Algorithm • First widely used public key encryption algorithm • Developed for public use in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT • Developed secretly in 1973 by Clifford Cocks (British mathematician working for UK intelligence) • MIT granted a patent for RSA (expired in 2000) • Still most widely used public key algorithm • Part of most cryptosystems (SSH, PGP, etc.)

  12. RSA Algorithm • Based on modular exponentiation function • Central component: large modulus n • RSA requires at least 1024 bit values for n • Equivalent to approximately 309 digit decimal number • Encryption:C = PE mod neasy to compute • Plaintext P and ciphertextC both large integers • Modulus n and exponent E are public key

  13. RSA Algorithm • One way function:P = EC mod ninfeasible to compute • “Modular logarithm” problem • Adversary cannot recover P from C • Would have to test allP < n to find a P such that C = PE • Trapdoor for decryption: Exists D such that P = CD mod n • n must be product of two primesp and q • D is secret private key based on E, p and q

  14. RSA Algorithm

  15. RSA Key Generation • Select 2 large primes p and q • At least 512 bits (154 decimal digits) • Compute n = p  q • Compute Φ(n) = (p -1)  (q -1) • Euler totient function • Cannot compute directly from n without factoring into p and q • Crucial that multiplication of large primes is one way!

  16. RSA Key Generation • Select some E for encryption • 1 < E < Φ(n) • E is relatively prime to Φ(n) • Compute Das E-1mod Φ(n) • ED mod Φ(n) = 1 • Public key:E and n • Private key:D

  17. RSA Example • Public key: n = 159197 (from 397  401)E = 343  note that these are toosmall in reality!Known to sender Bob • Private key: D = 12007= 343-1 mod 158400 (that is, 396 x 400) Known only by recipient Alice

  18. RSA Mathematics Must show: P = CD mod n = (P E)Dmod n = P ED mod n Where ED mod Φ(n)= 1 Based on Euler’s theorem: • If n = p  q and P < n • Then P k  Φ(n) + 1mod n = P for all integer k

  19. RSA Mathematics Proof (sort of): • (k Φ(n)+ 1)mod Φ(n)= 1Since k Φ(n)is divisible by Φ(n) • There exists some k such that ED = k Φ(n)+ 1Since also have ED mod Φ(n)= 1 • P ED mod n = PSubstituting ED fork Φ(n)+ 1 in Euler’s Theorem

  20. RSA Implementation Issues • Representing plaintext P as large number(s) • Finding very large prime numbersp and q • Computing C = P E mod n and P = C D mod nfor very large n, E, D, P, and C • Finding D as E -1modΦ(n)for large n and E

  21. Representing Plaintext • Constraint: P < modulus n1024 bits in RSA 128 bytes • Block cipher: • Plaintext broken into 128 byte blocks • Small blocks vulnerable to cryptanalysis • Represented as equivalent large number • Each number encrypted and transmitted in ECB mode • Could theoretically use CBC mode, but won’t really use for long messages anyway

  22. Finding Large Primes • No simple way to generate an arbitrarily large prime number • Usual method: generate and test • Generate a sufficiently large odd number • Test it for primality • Usually probabilistic: • Can’t be 100% sure generated number is prime • Can be sure with some desired probability

  23. Finding Large Primes • How many might we need to test before finding a prime? • Primes of size s are spaced about every ln(s) • ln(s) = natural logarithm = loge(s) • Example: Finding prime of size 2200 would require testing on average ln(2200)  138 numbers

  24. Miller-Rabin Test • Basic idea: many primes are of form p = 2kq + 1 for some k, q • Miller-Rabin test:If p is prime then for all a < p – 1either: • a qmod p = 1 • One of a q, a 2q, a 4q, … a 2k-1qmod p = -1

  25. Miller-Rabin Test • Even if this test passed for somea, p might still be non-prime • No way to test all possiblevalues of a • Idea: Try enough values of a to be as sure as necessary that p is prime • Odds that non-prime passes t tests: (1/4)t • 15 tests  odds are 1 in a billion

  26. Finding Large Primes Possible algorithm: • Generate sufficiently large p = 2kq + 1 for some k, q • Test for divisibility by small primes (3, 5, 7, 11, 13, 17) • Quick elimination of most failed candidates • Choose a set of test a’s for Miller-Rabin test • Enough to be as sure as necessary • Example: 15 for 99.9999999% certainty • If pass test for all a’s, p can be used as prime

  27. Fast Modular Exponentiation • Must compute C = P E mod n and P = C D mod nfor very large n, E, D, P, and C • Example: 3367712007 • Problem: P E is a really big number! • Too large for fast computation or even storage on most systems

  28. Fast Modular Exponentiation • Solution: Keep value smaller by taking mod nthroughout computation (instead of at end) • Useful property of modular arithmetic:a  b mod n = ((a mod n)  (b mod n)) mod n • Example: 2146 mod 17 = (37  58) mod 17 = (37 mod 17)(58 mod 17) mod 17 = 3  7 mod 17 = 4 • Need some way to decompose large numbers created by exponentiation

  29. Square and Multiply Method • Break exponent E into product of powers of 2 • Example: P22= P16  P4  P2 • Can be represented as “bits”: 22  10110 • Use squaring to compute powers of 2 quickly • PP2 P4 P8 P16 • Multiply by running total if corresponding bit = 1

  30. Fast Modular Exponentiation • Algorithm to compute PE mod n:result = 1for (i = 0 to number of bits in E - 1) { if (ith bit == 1) result = (result * P) mod nP = P2 mod n}

  31. Fast Modular Exponentiation Example: 1722 mod 21 0 0 17 1 (unchanged) 1 1 172 mod 21 = 16 1 * 16 mod 21 = 16 2 1 174 mod 21 = 16 * 4 mod 21 = 1 162mod 21 = 4 3 0 178 mod 21 = 1 (unchanged) 42mod 21 = 16 4 1 1716mod 21 = 1 * 4 mod 21 = 4 162mod 21 = 4

  32. Extended Euclidean Algorithm Goal: Find D = E -1mod nquickly • Extended Euclidean algorithm: • Finds sand t such that (s  n + t  E ) mod n = GCD(n, E) • Based on recursive Euclidean relationship:GCD(n, E) = GCD(E, n mod E)

  33. Extended Euclidean Algorithm What this gives us: • E and n relatively prime  GCD(E, n) = 1 • Extended Euclidean algorithm would then findsand D such that (s  n + D  E ) mod n = 1 • D = E-1mod n • Since s  n divisible by n

  34. Extended Euclidean Algorithm D = 0; s = 1; while (E > 0) { q = (int)(n/E);r = n – qE;n = E; E = r;t = D - qs;D = s; s = t;} D = E-1 mod n compute n = qE + r recursive GCD(a, b) = GCD(b, a mod b) relationship change D and s to maintain (s  n + t  E ) mod n = GCD(n, E) relationship

  35. Extended Euclidean Algorithm • Example: Inverse of 11 mod 26 • 11-1 mod 26 = -7 mod 26 = 19 26 11 26/11 = 2 26 mod 11 = 4 0 1 0 – 2*1 = -2 11 4 11/4 = 2 11 mod 4 = 3 1 -2 1 – 2*-2 = 5 4 3 4/3 = 1 4 mod 3 = 1 -2 5 -2 – 1*5 = -7 3 1 3/1 = 1 3 mod 1 = 0 5 -7 5 – 3*-7 = 26 1 0 -7 26

More Related