Attacks on Digital Signature Algorithm: RSA

Slides:



Advertisements
Similar presentations
RSA.
Advertisements

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
RSA cryptosystem 1 q The most important public-key cryptosystem is the RSA cryptosystem on which one can also illustrate a variety of important ideas of.
Digital Signatures and Hash Functions. Digital Signatures.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
22C:19 Discrete Structures Integers and Modular Arithmetic
BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.
Public Key Encryption Algorithm
Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Overview of Cryptography Oct. 29, 2002 Su San Im CS Dept. EWU.
Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:
1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.
Public Encryption: RSA
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Topic 5 Essential Public Key Crypto Methods.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.
Codes, Ciphers, and Cryptography-RSA Encryption
Lecture 6: Public Key Cryptography
Introduction to Public Key Cryptography
Asymmetric encryption. Asymmetric encryption, often called "public key" encryption, allows Alice to send Bob an encrypted message without a shared secret.
 Introduction  Requirements for RSA  Ingredients for RSA  RSA Algorithm  RSA Example  Problems on RSA.
1 CIS 5371 Cryptography 8. Asymmetric encryption-.
8. Data Integrity Techniques
Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
Rachana Y. Patil 1 1.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
The RSA Algorithm Rocky K. C. Chang, March
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Lecture 3.2: Public Key Cryptography II CS 436/636/736 Spring 2014 Nitesh Saxena.
RSA Implementation. What is Encryption ? Encryption is the transformation of data into a form that is as close to impossible as possible to read without.
RSA Ramki Thurimella.
Cryptography: RSA & DES Marcia Noel Ken Roe Jaime Buccheri.
10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.
Cryptography Dec 29. This Lecture In this last lecture for number theory, we will see probably the most important application of number theory in computer.
Symmetric versus Asymmetric Cryptography. Why is it worth presenting cryptography? Top concern in security Fundamental knowledge in computer security.
1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS CIS 5357 Network Security.
Public-Key Cryptography CS110 Fall Conventional Encryption.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Midterm Review Cryptography & Network Security
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 9 - Public-Key Cryptography
RSA Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013.
Algebra of RSA codes Yinduo Ma Tong Li. Ron Rivest, Adi Shamir and Leonard Adleman.
The RSA Algorithm. Content Review of Encryption RSA An RSA example.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Digital Signatures, Message Digest and Authentication Week-9.
15-499Page :Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.
A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 F F
Public Key Cryptosystem Introduced in 1976 by Diffie and Hellman [2] In PKC different keys are used for encryption and decryption 1978: First Two Implementations.
Introduction to Cryptography Lecture 9. Public – Key Cryptosystems Each participant has a public key and a private key. It should be infeasible to determine.
RSA Cryptosystem Great Theoretical Ideas In Computer Science S. Rudich V. Adamchik CS Spring 2006 Lecture 8Feb. 09, 2006Carnegie Mellon University.
Lecture 6. RSA Use in Encryption to encrypt a message M the sender: – obtains public key of recipient PU={e,n} – computes: C = M e mod n, where 0≤M
1 The RSA Algorithm Rocky K. C. Chang February 23, 2007.
Intro to Cryptography ICS 6D Sandy Irani. Cryptography Intro Alice wants to send a message to Bob so that even if Eve can see the transmitted information,
Cryptography and Network Security Chapter 13
Revision. Cryptography depends on some properties of prime numbers. One of these is that it is rather easy to generate large prime numbers, but much harder.
CS480 Cryptography and Information Security
RSA Slides by Kent Seamons and Tim van der Horst
Public-key Cryptography
How to Use Charm Crypto Lib
Presentation transcript:

Attacks on Digital Signature Algorithm: RSA John Nguyen

RSA as a Digital Signature Algorithm The need for digital signature: online banking, routable forms… Requirement: something uniquely identify oneself, and people can verify that unique identification. RSA is a public key cryptography which offers that need. Private key to sign the message. Public key to verify the signature.

RSA A public key algorithm Easy to understand and implement Popular, used by numerous companies such as Motorola and Adobe in its Acrobat product. De facto standard in much of the world.

RSA Algorithm Choose 2 large prime numbers p and q Then compute: n = pq Choose e such that e and (p-1)(q-1) are relatively prime. key d can be computed by using extended Euclidean algorithm: ed ≡ 1 mod (p-1)(q-1)

RSA Encrytion Public key: n and e Private key: d Encrypting: c = me mod n Decrypting: m = cd mod n Digital signature: c = md mod n (signing) m = ce mod n (verification)

Proof cd = (me)d (mod n) = med = mk(p-1)(q-1) + 1 = mmk(p-1)(q-1) mk(p-1)(q-1) = mk(n) = m* 1 (Euler’s generalization of Fermat’s little theorem)

Security of RSA Factoring n is the most obvious attack. Difficult Factoring techonology: best 129-decimal-digital modulus N must be larger than that to be secure Guessing value of (p-1)(q-1), but the difficulty is the same as factoring n Common attacks against RSA’s implementation: attack against the protocol, not the basic algorithm.

Chosen Cipher Attack against RSA Eve: attacker, Alice: user Eve got c encrypted by Alice’s public key. Eve wants to read plaintext m from c. Mathematically, Eve needs d: m = cd, but Eve does not know d. Eve decided to figure out m without first knowing exactly what d is.

Chosen Ciphertext attack… Eve chooses a random number r (r < n), then compute: x = re mod n y = xc mod n t = r-1 mod n Eve gets Alice to sign y with her private key, therefore decrypting y. Alice sends Eve: u = yd mod n Eve computes, and get m: tu mod n = r-1yd mod n = r-1xdcd mod n = cd mod n = m

Prevent against this chosen ciphertext attack Signing and encrypting (& decrypting) are 2 different things. They can be done separately. 1 set of keys for signing and verification. 1 set of keys for decrypting and encrypting. Sign on a one-way hash of message, not the message. Signing will not decrypt the message, so Eve can not figure out m

Attack on Encrypting and Signing with RSA Alice sends a message m to Bob She encrypts m with Bob public key, then signs with her private key: (meB mod nB)dA mod nA Bob can claim that Alice sent him m’, not m. He can find x, such that: m’x = m mod n If he can publish xeB replace old eB

To prevent this attack… Assign each user fixed keys Usually be done by third party: VeriSign… Moreover, common good practice: sign first, encrypt later.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.