1 / 50

RSA Cryptography

RSA Cryptography. Taravat Moshtagh Department of Mathematics and Statistics York University January 19 th 2006. Outline. Part I Introduction to RSA cryptography Basic terminology Mathematics behind the RSA How the algorithm works How secure the algorithm is Conclusion Part II

urbain
Download Presentation

RSA Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RSA Cryptography Taravat Moshtagh Department of Mathematics and Statistics York University January 19th 2006

  2. Outline • Part I • Introduction to RSA cryptography • Basic terminology • Mathematics behind the RSA • How the algorithm works • How secure the algorithm is • Conclusion • Part II • Introduction to Maple ; Maple worksheet for RSA RSA Crptography

  3. What is meant by cryptography? • Cryptography comes from Greek word kryptós means "hidden", and gráphein means“ to write“. So cryptography is ‘secret‘ or ‘hidden‘ writing. • Cryptology is as old as writing itself, and has been used for thousands of years to safeguard military and diplomatic communications. • Cryptography is the art of keeping information secret from all but those who are authorized to see it. RSA Crptography

  4. Basic terminology • Plaintext: Data that can be read and understood without any special measures .It is also the message. • Encryption: Encoding the contents of the message in such a way that hides its contents from outsiders . • Ciphertext: The encrypted message. • Decryption: The process of retrieving the plaintext from the ciphertext. RSA Crptography

  5. Key: A key is a value that works with a cryptographic algorithm to produce a specific ciphertext. Keys are basically really, really, really big numbers. Key size is measured in bits; the number representing a 1024-bit key is darn huge. RSA Crptography

  6. Public Key: The user releases a copy of this key to the public to allow anyone to use it for encrypting messages to be sent to the user and for decrypting messages received from the user. • Private Key: The user keeps the private key secret and uses it to encrypt outgoing messages and decrypt incoming messages RSA Crptography

  7. For our scenarios we suppose that Alice and Bob are two users. Now we would like to know how Bob can send a private message to Alice in a cryptosystem. Hi Alice --------------- ------------- -------. Bob Bob Alice RSA Crptography

  8. Simple example Suppose Bob wants to encode the word “Hi Alice" usingthe "shift by 3" rule ,that is he offsets the alphabet so that the 3rd letter down (D) begins the alphabet. So starting with A B C D E F G H I J K L M N O P Q R S T U V W X Y Z and sliding everything up by 3, he gets D E F G H I J K L M N O P Q R S T U V W X Y Z A B C where D=A, E=B, F=C, and so on. Using this scheme, the plaintext, " Hi Alice" encrypts as “Kl Dolfg" . To allow Alice to read the ciphertext, Bob tells her that the key is “shift by3”. RSA Crptography

  9. Encryption and Decryption Key Encryption Decryption Alice Bob Plaintext Ciphertext Plaintext RSA Crptography

  10. Symmetric key cryptography Ciphertext Original plaintext Plaintext Bob Alice Encryption Decryption • Encryption and decryption rely on having a key (a word, number, or phrase to encrypt and decrypt) . • Encryption and decryption use the same key • Problem is difficulty of secure key distribution. RSA Crptography

  11. Question:How the key could be transferred between Bob and Alice without being intercepted ? One might argue that we could simply encrypt the key, but this would require another key that tells how to encrypt the first key…. and we would just run in circles! A public-key cryptosystem needs no private couriers; the keys can be distributed over the insecure communications channel. (Retrieved from http://theory.lcs.mit.edu/~rivest/rsapaper.pdf) RSA Crptography

  12. Public-key Cryptography The problems of key distribution are solved by public key cryptography, the concept of which was introduced by Diffie ,Hellman and Merkle in 1976. Encryption key Decryption key Plaintext Ciphertext Original plaintext Alice Bob Encryption Decryption The big idea is to use a pair of keys for encryption: a public key, which encrypts data, and a corresponding private key for decryption. This algorithm provided an implementation for secure public key distribution, but didn't implement Digital Signatures RSA Crptography

  13. RSA public key cryptography The RSA Public Key Cryptography was invented in 1978 by three researchers at MIT named Rivest, Shamir and Adelman. RSA stands for the first letter in each of its inventors' last names RSA is an elegant algorithm based on the product of two large prime numbers that exactly fit the requirement for a practical public key cryptography implementation. RSA Crptography

  14. RSA Public-key cryptography When Bob wants to send a secure message to Alice ; Bob uses Alice’s public key (for example her email address) to encrypt the message. Alice then uses her private key (for example her password) to decrypt it. Alice public key Alice private key Plaintext Ciphertext Original plaintext Alice Bob Encryption Decryption • Bob encrypts message using Alice’s public key • Alice decrypts using her private key RSA Crptography

  15. The background number theory required to understand how RSA works Basics: • A number is prime if the only numbers that exactly divide it are 1 and itself. • A pair of numbers are relatively prime if the great common divisor of them is 1. • Note: If p and q are distinct prime numbers, they are certainly relatively prime to each other. RSA Crptography

  16. Multiplicative Inverses • Theorem. A number “e” has a multiplicative inverse mod n if and only if gcd (e ,n)=1. • If “e “has a multiplicative inverse mod n it is unique. • Further, there is an efficient algorithm to test whether “e “and “n “are relatively prime, and if so, calculate the inverse of “e”. RSA Crptography

  17. Fermat’s Little Theorem If “p“ is a prime number and “a” is any integer between 1 and p-1 inclusive, then ap-1 = 1 (mod p ) RSA Crptography

  18. Euler’s theorem Any number “a” relatively prime to “n” there exists the congruence aPhi(n) = 1 (mod n) Phi(n) is the number of positive integers less than ‘n’ and relatively prime to ‘n’ RSA Crptography

  19. The Chinese Remainder Theorem Suppose “a” and “b” are relatively prime. If x = y (mod a) and x = y (mod b) then x = y (mod a × b) RSA Crptography

  20. Solving a problem Suppose I have • a prime number p; • a number M between 1 and p-1 inclusive; • another number “e “also between 1 and p-1; And I compute • C = Me (mod p) If I give you C,e and p can you find M RSA Crptography

  21. Yes you can if you take the following steps: • Find a number “d “such that e × d=1 (mod p-1) • Compute Cd mod p RSA Crptography

  22. Why does that work? • We found “d” such that e × d = 1 mod p-1 That means that e × d – 1 = k(p-1) for some integer k. or ed = k(p-1) +1 RSA Crptography

  23. 2.We computed Cd mod p ; Since C = Me (mod p) then Cd = (Me)d (mod p) = Med (mod p) = Mk(p-1) +1 (mod p) (since ed = k(p-1) +1 ) = Mk(p-1)× M (mod p) =(Mp-1)k M (mod p) = 1 × M (mod p) (by Fermat’s little theorem) = M (mod p) RSA Crptography

  24. Fact! If the modulus is not relatively a prime number then the method doesn’t work. Why doesn’t it work? • In general an-1 1 mod n if n is not prime. RSA Crptography

  25. We could make the method for finding M work if we knew the number “r” such that Mr = 1 (mod n) • If gcd (M,n )=1 then there will be such a number “r” and there is a way to find it RSA Crptography

  26. Finding r • In order to find “r” such that Mr = 1 (mod n), we have to be able to factorize “n” and find all of its prime factors. • Suppose n = p × q where p and q are primes then r =Phi(n)= (p-1) ×(q-1) RSA Crptography

  27. Important notes: • It is easy to compute the product of two large primes n = p×q. • Setting Phi(n) = (p-1) ×(q-1) we have MPhi(n) = 1 (mod n) for all M co-prime with n. • Given “e” (co-prime with phi(n)), it is easy to determine “d” such that e×d = 1 mod (p-1)(q-1) RSA Crptography

  28. It is easy to compute Me mod n • If C=Me (mod n) then M=Cd (mod n) and it is easy to compute Cd mod n if you know “d”. • You can find “d”if you can find Phi(n) and you can find Phi(n) if you can factorise “n”. • Factorizing “n” is hard. • This is the basis of the RSA public key cryptosystem. The holder of the public key knows “p” and “q” and therefore he/she can find Phi(n) and therefore “d” and can compute Cd mod n to find M. • No-one else knows “p” and “q”, so they cannot find Phi(n) or “d” and so they cannot recover M. RSA Crptography

  29. RSA – Key Generation • Alice generates two large primes p and q (each with at least 100 decimal digits). • She computes n = p×q • She computes Phi(n) = (p-1) ×(q-1) • She chooses a random number “e” in which gcd(e,Phi(n) )= 1 RSA Crptography

  30. She computes the private key “d”by solving the equation e × d =1 mod Phi(n) . • She can now carefully dispose of the values of p, q and Phi(n) . • Alice keeps “d”private but publishes the value of the pair (e,n)( this is her public key). RSA Crptography

  31. RSA - Encryption We distinguish Bob and Alice encryption and decryption procedures with subscripts: EA,DA and EB, DB Bob wishes to send Alice a message M. He takes the following steps: • He looks up Alice’s public key pair (e,n) . • He computes the ciphertext C and sends it to Alice, C= EA(M) =Me (mod n) RSA Crptography

  32. RSA - Decryption Alice receives the value C from Bob. She decrypts it since she knows the key DA . The decoding M′ is M′ =DA(EA(M)) = DA (Me )= (Me)d (mod n) We have to prove that this works! Namely that M′ will be equal to the original M. RSA Crptography

  33. Why does the RSA algorithm work? For any integer (message) M which is relatively prime to n, due to Euler and Fermat theorem: Since for some integer k , or Then From (1) we see that for all M such that p does not divide M : and since (p-1) divides RSA Crptography

  34. And then p| Med-M. Arguing similarly for q yields q| Med-M Together these last two equations imply that for all M, Since p and q are distinct primes, it follows that also their product, means p.q is a divisor of Med-M RSA Crptography

  35. RSA Crptography

  36. Is RSA secure? The security of the RSA cryptosystem depends on the difficulty of factoring n. It is currently difficult to obtain the private key d from the public key (n, e). However if one could factor n into p and q, then one could obtain the private key d. Thus the security of the RSA system is based on the assumption that factoring is difficult. The discovery of an easy method of factoring would "break" RSA . RSA Crptography

  37. Is RSA Secure? (Cont.) • How might we “break” RSA? • Factoring n • Computing Phi(n) • Compute d given e and n • Still need to know n or Phi(n) • Computing e-th roots modulo n (C= Me (mod n); then M= C1/e (mod n)) • It is computationally intractable RSA Crptography

  38. Factoring n :The fastest known factoring algorithm developed by Pollard is the General Number Field Sieve, which has running time for factoring a large number of size n, of order The method relies upon the observation that if integers x and y are such that x ≠ y (mod n) and x2 = y2 (mod n) then gcd(x − y, n) and gcd(x+y, n) are non-trivial factors of n. (Retrieved from http://mathworld.wolfram.com/NumberFieldSieve.html RSA Crptography

  39. The following table gives the number of operations needed to factor n with GNFS method, and the time required if each operation uses one microsecond, for various lengths of the number n (in decimal digits) RSA Crptography

  40. Assume that n = p × q, p < q. Since (p + q)2 -(q - p)2 = 4pq = 4n, then (p+q)2= 4n + (q - p)2 so q +p = √4n +(q - p)2 and then Phi(n) = n - (p + q) + 1 • Computing Phi(n) without Factoring n RSA Crptography

  41. Example: n = 221 ( 4n=884) So , q − p = 4 and q + p= 30, then Phi(n) =221-(30)+1=192 and p = 13, q = 17,n = 13 × 17 RSA Crptography

  42. Therefore breaking RSA system by computing Phi(n) is not easier than breaking RSA system by factoring n. (This is why n must be composite; Phi(n) is easy to compute if n is prime.) RSA Crptography

  43. Idea: if we had a fast algorithm which can factor large numbers in a reasonable amount of time, we could break RSA!!! RSA Crptography

  44. On May 9th 2005 a team at the German Federal Agency for Information Technology Security announced the factorization of the 200-digit number known as RSA-200 by General Number Field Sieve algorithm (GNFS). RSA-200 is: 27,997,833,911,221,327,870,829,467,638,722,601,621,070,446,786, 955,428,537,560,009,929,326,128,400,107,609,345,671,052,955,360, 856,061,822,351,910,951,365,788,637,105,954,482,006,576,775,098, 580,557,613,579,098,734,950,144,178,863,178,946,295,187,237,869, 221,823,983 The two 100-digits factors are: 3,532,461,934,402,770,121,272,604,978,198,464,368,671,197,400, 197,625,023,649,303,468,776,121,253,679,423,200,058,547,956,528, 088,349 and 7,925,869,954,478,333,033,347,085,841,480,059,687,737,975,857, 364,219,960,734,330,341,455,767,872,818,152,135,381,409,304,740, 185,467 The effort took approximately 80 2.2GHz Opteron CPU over 3 months of calendar time. The same team latter announced factorization of RSA-640, a smaller number containing 193 decimal digits (640 bits) on November 4th 2005. RSA Crptography

  45. RSA-2048 • Prize: $200,000 • Status: Not Factored • Decimal Digits: 617 25195908475657893494027183240048398571429282126204032027777137836043662020707595556264018525880784406918290641249515082189298559149176184502808489120072844992687392807287776735971418347270261896375014971824691165077613379859095700097330459748808428401797429100642458691817195118746121515172654632282216869987549182422433637259085141865462043576798423387184774447920739934236584823824281198163815010674810451660377306056201619676256133844143603833904414952634432190114657544454178424020924616515723350778707749817125772467962926386356373289912154831438167899885040445364023527381951378636564391212010397122822120720357 • Decimal Digit Sum: 2738 RSA Crptography

  46. Conclusion • Prime numbers play an essential role in the art of Public Key Cryptography. • Public Key Cryptosystem is secure and strong. • Factorization is a fast-moving field. If no new methods are developed, then 2048-bit RSA keys will always be safe from factorization, but one can't predict the future. RSA Crptography

  47. Enjoy 15 minutes break time!

  48. Examples Please go to the http://garsia.math.yorku.ca/~zabrocki/math5020f05/ and click on “Maple” worksheet. RSA Crptography

More Related