1 / 89

The RSA Algorithm and Reed-Solomon Codes

Group 5: Daryl, Etkin , Supartha , Rajendra and Aarthi. The RSA Algorithm and Reed-Solomon Codes. Introduction. Two Information Coding Schemes RSA Algorithm Privacy Authenticity Reed-Solomon Codes ( Bursty ) Noise Tolerance. Welcome to the Matrix. Privacy. Authenticity.

tiva
Download Presentation

The RSA Algorithm and Reed-Solomon Codes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Group 5: Daryl, Etkin, Supartha, Rajendra and Aarthi The RSA Algorithm and Reed-Solomon Codes

  2. Introduction • Two Information Coding Schemes • RSA Algorithm • Privacy • Authenticity • Reed-Solomon Codes • (Bursty) Noise Tolerance

  3. Welcome to the Matrix

  4. Privacy

  5. Authenticity Trinity? Yes, it’s me.

  6. Shared Key Cryptography • Encrypt messages with a symmetric-key cryptosystem (e.g. DES, AES, etc…) • Requires prior agreement on a shared key over a secure channel • What if Neo and Trinity have yetto meet?

  7. Public Key Cryptography • Mathematically-related public/private key pairs are generated • Messages encrypted with public key • Can only be decrypted with private key • Infeasible to compute private key from public key alone • No need to agree on a shared key!

  8. RSA Algorithm • Rivest, Shamir and Adleman (1977) • Based on difficulty of computing prime factors of large integers

  9. RSA Algorithm • Pick two distinct primes p and q • Compute n =pqandɸ(n)= (p – 1)(q – 1) • Pick e where 1 < e < ɸ(n) andgcd(e, ɸ(n)) = 1 • Compute d wherede≡ 1 (mod ɸ(n)) • Public key is (n, e), private key is (n, d) • Encrypt with C ≡Me (mod n) • Decrypt with M ≡Cd (mod n) Setup Usage

  10. RSA Algorithm • Pick two distinct primes p and q • Compute n =pqandɸ(n)= (p – 1)(q – 1) • Pick e where 1 < e < ɸ(n) andgcd(e, ɸ(n)) = 1 • Compute d wherede≡ 1 (mod ɸ(n)) • Public key is (n, e), private key is (n, d) • Encrypt with C ≡Me (mod n) • Decrypt with M ≡Cd (mod n)

  11. Modular Multiplicative Inverse • Let e, d, n be integers with n ≠ 0 • Fact: If gcd(e, n) = 1(i.e. e and n are coprime) then there exists d such that de≡1 (mod n) • In other words, the multiplicative inverseof e(mod n) exists when gcd(e, n) = 1

  12. RSA Algorithm • Pick two distinct primes p and q • Compute n =pqandɸ(n)= (p – 1)(q – 1) • Pick e where 1 < e < ɸ(n) andgcd(e, ɸ(n)) = 1 • Compute d wherede≡ 1 (mod ɸ(n)) • Public key is (n, e), private key is (n, d) • Encrypt with C ≡Me (mod n) • Decrypt with M ≡Cd (mod n)

  13. RSA Algorithm • Pick two distinct primes p and q • Compute n =pqandɸ(n)= (p – 1)(q – 1) • Pick e where 1 < e < ɸ(n) andgcd(e, ɸ(n)) = 1 • Compute d wherede≡ 1 (mod ɸ(n)) • Public key is (n, e), private key is (n, d) • Encrypt with C ≡Me (mod n) • Decrypt with M ≡Cd (mod n)

  14. Euler’s Totient Function ɸ(n) • Definition: no. of integers 1 ≤a ≤ n with gcd(a, n) = 1 • Formula: • For n =pqwhere p and q are primes

  15. Modular Exponentiation • Let x, y, m, n be integers with n ≥ 0 • Fact:If x ≡ y (mod ɸ(n)) , then mx≡my(mod n) • In other words, working in mod n requires that we work mod ɸ(n) in the exponent

  16. RSA Algorithm • Pick two distinct primes p and q • Compute n =pqandɸ(n)= (p – 1)(q – 1) • Pick e where 1 < e < ɸ(n) andgcd(e, ɸ(n)) = 1 • Compute d wherede≡ 1 (mod ɸ(n)) • Public key is (n, e), private key is (n, d) • Encrypt with C ≡Me (mod n) • Decrypt with M ≡Cd (mod n)

  17. RSA Algorithm • Pick two distinct primes p and q • Compute n =pqandɸ(n)= (p – 1)(q – 1) • Pick e where 1 < e < ɸ(n) andgcd(e, ɸ(n)) = 1 • Compute d wherede≡ 1 (mod ɸ(n)) • Public key is (n, e), private key is (n, d) • Encrypt with C ≡Me (mod n) • Decrypt with M ≡Cd (mod n) (Me)d≡ M (mod n) and (Md)e≡ M (mod n)

  18. Example: M = 1234 • Pick p = 37and q =43 • Compute n = 1591 andɸ(n) = 1512 • Pick e= 71gcd(e, ɸ(n)) = gcd(71, 1512) = 1 • Compute d = 575 (Extended Euclidean Algorithm)de = 40825 ≡1 (mod 1512) • Public key is (n, e), private key is (n, d) • Encrypt: C ≡ Me ≡ 123471 ≡ 908 (mod 1591) • Decrypt: M ≡ Cd ≡ 908575 ≡ 1234 (mod 1591)

  19. RSA Algorithm for Signatures • Pick two distinct primes p and q • Compute n =pqandɸ(n)= (p – 1)(q – 1) • Pick e where 1 < e < ɸ(n) andgcd(e, ɸ(n)) = 1 • Compute d wherede≡ 1 (mod ɸ(n)) • Public key is (n, e), private key is (n, d) • Sign M with S ≡ Md (mod n); Send (M, S) • Verify that M ≡ Se (mod n) Reversed! Sign with private key Verify with public key

  20. Implementing… • Modular exponentiation • Successive-Squaring • Computing d from e and ɸ(n) • Extended Euclidean Algorithm • Finding large primes

  21. Modular Exponentiation Algo. • Successive-Squaring to Compute C ≡ Me (mod n) Let e = ekek–1 … e0 (binary representation of e) C := 1 Fori := k, k – 1, …, 0 C := (C * C) mod n If ei = 1 Then C := (C * M) mod n End For • Performance: O(log e) • Memory: O(1)

  22. Computing d from e and ɸ(n) • Extended Euclidean Algorithm: • Since eandɸ(n)are coprime, solving yields d = y satisfying Find max. qi satisfying and xiand yisatisfying When rk = 0, stop and output gcd(a, b) = rk-1 andx = xk-1and y= yk-1 Similar to Euclidean Algorithm for gcd(a, b), but retain quotients qi at each step ito compute xiand yi

  23. Generating Large Primes • Generate a large random integer • Apply primal test repeatedly • Primality Tests: • Miller-Rabin • Solovay-Strassen • Fermat Primality Test • Euler Witness, Euler Liar

  24. Algorithm 1: Pick a large random integer 2: If for any small prime (Sieving) 3: go back to step 1 4: repeat times(Miller-Rabin) 5:pick random integer 6:do a primality test on (,) 7: if test fails 8: go back to step 1 9: is probably prime

  25. Sieving • Sieve of Eratosthenes 1: Pick a large random integer 2: If for any small prime 3: go back to step 1

  26. Miller-Rabin Primality Test 4: repeat times 5: pick random integer 6: do a primality test on (, ) 7: if test fails 8: go back to step 1 9: is probably prime

  27. Miller-Rabin Primality Test • divides or or • By Euclid’s Lemma

  28. Fermat’s Little Theorem • If is prime and for any integer such that doesn’t divide

  29. Miller-Rabin Primality Test • : prime candidate • : random integer • is odd

  30. Miller-Rabin Primality Test or

  31. Psuedocode

  32. Example • prime candidate • random integer

  33. Example • Either is a prime or is an Euler liar • Now, we try another a

  34. Example • prime candidate • random integer

  35. Example • is a composite • is an Euler liar • is an Euler witness

  36. Deterministic Miller-Rabin • Trying all possible witnesses below a limit • Not used in practice • if p< 341,550,071,728,321, it is enough to test a = 2, 3, 5, 7, 11, 13, and 17.

  37. Complexity and Error • Complexity of Sieve of Eratosthenes: • log(S) • Complexity of Miller-Rabin: • : number of tests • Complexity of Deterministic Miller-Rabin

  38. Reed-Solomon Codes

  39. Agent Smith is Frustrated ???

  40. Disrupts Channel

  41. Noisy Channel Noise is Natural Studied models in general • Binary Symmetric Channel • Binary Erasure Channel • Noisy Typewriter Channel • Continuous Output Channel …

  42. Error Correction (Toy Example)

  43. Error Correction • A • Code M C 00 000 01 001 10 010 11 011 100 101 110 111

  44. Code Distance (Toy Example)

  45. Hamming Distance d Distance between ∆ For example, 10100 10001∆ Code Distance

  46. Linear Codes M C 00 000 01 001 10 010 11 011 100 101 110 111 No Structure??Have to store the whole mapping in a codebook Linear Code: If is a field and , is a subspace of then is said to be a linear code

  47. Linear Codes Linear Code: If is a field and , is a subspace of then is said to be a linear code • As is a subspace, there exists a basis where is the dimension of the subspace • Any code word can be expressed as a linear combination of these basis vectors. for example, Hamming Code is Linear = G = n x k, where n =7, k=4

  48. Singleton Bound • a code over alphabet of length and min distance • How many code words possible? • Singleton Bound

  49. Reed Solomon Code • Applications: CDs, Space Communication, … • Robust against Burst errors [1960] Reed Solomon Code From left: GustaveSolomon & Irving S. Reed

  50. Reed Solomon Code (Original View) Given Create a polynomial p • p has degree at most • A non zero polynomial of degree with coefficients from field has at most roots in .

More Related