Cryptography: RSA & DES Marcia Noel Ken Roe Jaime Buccheri

RSA Background RSA was invented by three MIT researchers: Ronald Rivest, Adi Shamir, Leonard Adleman Searching for a more complete Public Key Cryptography approach than Diffie-Hellman. First published in 1977 in Scientific American. NSA asked them to stop distributing their report detailing RSA, but had no legal reason for them to stop distribution. Patented until September 2000.

RSA Overview RSA is a public key, or asymetric cryptography system. Two sets of keys, one public and one private. The public key pair is published, while the private is not. Strength of RSA comes from the difficulty of factoring large prime numbers. A message encrypted with the public key pair, can only be decrypted using the private key pair. A message encrypted using the private key pair can only be decrypted using the public key pair.

RSA Concepts We have two functions, P(M) using the public key pair (e, n) and S(M) using the private key pair (d, n).  The two functions are inverse functions. EXAMPLE – Function: X 2 Inverse Function:sqrt (X)  Either of the functions can be used to encrypt a message, but the opposite must be used to decrypt. EncryptP(M)  C Decrypt S(C)  M Encrypt S(M)  CDecrypt P(C)  M M is the message to be encrypted C is the ciphertext (encrypted message)

RSA Concepts – Key Generation Properly generating keys is essential to the strength of RSA We are trying to generate two pairs of keys, the public key pair and the private key pair. They will be denoted as follows: Public: (e, n) Private: (d, n) e is the public exponent d is the private exponent n, the modulus, is common to both pairs.

RSA Concepts – Steps to Generate RSA Keys 1.) Select two prime numbers: p, q. 2.) Find the modulus n = pq. This will be the n in our public and private key pairs. 3.) Find e, the public exponent. e must be relatively prime to (p-1)(q-1). 4.) Find d, the private exponent. d must be chosen so (ed-1)/(p-1)(q-1) is an integer. If d satisfies this equation, then d will be the multiplicative inverse of e. 5.) Discard p and q, only the public key (e, n) and private key (d, n) pairs are needed now.

RSA Concepts - Encryption If Bob wanted to send Alice a message that only Alice can read, he would do the following:  Obtain Alice’s public key pair (e, n)  Encrypt a message using Alice’s public key to create the ciphertext. Symbolic Function:P(M)  C Mathematical Function:C = M e mod n  Bob sends this ciphertext to Alice. The original message is protected during transmission.

RSA Concepts - Decryption Now that Alice has received the Ciphertext, she needs to decrypt it to get the original message back:  Use the secret key pair (d, n) known only to Alice to convert the Ciphertext back to the original message. Symbolic Function:S(C)  M Mathematical Function: M = C d mod n  Now Alice has retrieved the original message.

RSA Example – Key Generation 1.) Select two primes p, q: p = 3, q = 5 2.) Find modulus n = pq: n = 15 3.) Find e relatively prime to (p-1)(q-1): (3-1)(5-1) = 8. Factors of 8 are 8, 4, 2, 1. Let e be 3 – gcd(8, 3) = 1, so this works. 4.) Find d where the equation (ed-1)/(p-1)(q-1) is an integer: (3d-1)/8. Let d = 11 since (3*11-1)/8 = 4. 5.) Discard p, q. Our pairs are: Public: (3, 15) Private: (11, 15)

RSA Example – Encryption If Alice wants to send a message to Bob that can only be viewed by Bob, she needs to encrypt the message using Bob’s public key. This message can only be decrypted using Bob’s private key, so he will be the only one able to view it. Public: (3, 15) The message she wants to encrypt is “GO”. We take this one character at a time representing each as a number based on it’s position in the alphabet. M = 7, since the letter ‘G’ is mapped to the number 7 Using the equation C = M e mod n we create the ciphertext C. C = 7 3 mod 15 C = 13 Alice sends C to Bob without worrying about it being intercepted.

RSA Example – Decryption Bob has received this ciphertext and wishes to decrypt it. He applies the RSA function to the Ciphertext C using his private keys to get the original message back. Private: (11, 15) C = 13 M = mod 15 M = 7 = “G” In reality, we would use ASCII values to represent characters in the message, but this would require much larger primes since the largest value a message can have is the value of n, the modulus, minus 1 (in this case 14 is the max value).

RSA Concepts – Digital Signatures Alice wants to send Bob a message in a way that Bob can be certain that M came from Alice and is authentic.  Alice takes the message M, and creates a signature S by encrypting the message using her secret key pair. S(M)  S  She then sends Bob S and M (note M is not encrypted).  Bob uses Alice’s public key pair to decrypt the signature S and verifies that this matches M. P(S)  M  If the decrypted signature matches the message, it must have come from Alice and be unaltered, since only Alice could have created S using her secret key pair.

RSA - Efficiency To maximize efficiency, public exponent e chosen should be small to make computing the ciphertext easier. This makes encryption faster than decryption, and verification faster than signing in the case of digital signatures. Using typical modular exponentiation algorithms, here are the efficiencies (where k = the number of bits in the modulus n): Public Key Operations: O(k 2 ) steps Private Key Operations: O(k 3 ) steps Key generation: O(k 4 ) steps

RSA – Advantages/Disadvantages Advantages:  Increased security – Keys never need to be transferred. Transferring keys is a security risk.  Digital Signatures – RSA can be used for authentication and verification of message integrity. Disadvantages:  Speed – Most secret key (symetric) encryption methods are faster than public key cryptosystems. In software, DES is generally 100 times faster than RSA, in hardware DES is between 1,000 and 10,000 times as fast.

RSA – Breaking RSA General Methods – ways of finding the secret key d  Method 1: Factor modulus, n, into prime factors to find p, q - Integrity of RSA depends on factoring n being difficult. - Protect against by using proper key lengths. - Improvements in hardware will not make this easier if long keys are used. - It is much easier to multiply two numbers than to determine which numbers create a given product. EXAMPLE - 6 x 4 = 24 What are the two numbers multiplied together that gave you 24? 1 x 24 = 24 2 x 12 = 24 3 x 8 = 24 4 x 6 = 24

RSA – Breaking RSA General Methods – ways of finding the secret key d  Method 2: Compute the eth roots mod n. - Since C = M e mod n, the e th root of c mod n is the message. - There is no algorithm to accomplish this. Key lengths are critical to strength of RSA - In 1997 it was estimated that 512-bit RSA keys could be factored for less than $1,000,000 in cost and eight months of effort. - RSA Laboratories reccoments 1024 bit key length for corporate use, and 2048 bit key length for extremely important uses.

RSA – Breaking RSA Single Message Attacks – finds the contents of a particular message but does not expose keys.  Guessed plaintext attack -The attacker guesses the contents of the message, and encrypts it using the public key. If it matches the intercepted cyphertext, the attacker knows he is right. - Can be defended against by appending some random bits to the message.