RSA Pubic Key Encryption CSCI 5857: Encoding and Encryption

Outline Modular Logarithms as one way trapdoor functions RSA Encryption/decryption functions RSA Public/private key generation RSA as a block cipher Underlying mathematics

RSA History First widely used public key encryption algorithm – Developed for public use in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT – Developed secretly in 1973 by Clifford Cocks (British mathematician working for UK intelligence) – MIT granted a patent for RSA (expired in 2000) Still extensively used – Part of most cryptosystems (SSH, PGP, etc.)

Modular Exponentiation Encryption done with modular exponentiation C = P E mod n – Plaintext P and ciphertext C both large integers – Modulus n and exponent E are public key (also large integers) Modular exponentiation one way C = P E mod n easy to compute

Modular Logarithms “Modular logarithm” problem: P = E C mod n infeasible to compute – Given ciphertext C and public key E, n for what integer P does C = P E mod n? – Example: For what P does P 343 mod = 33677? – Would have to test all P < n to find a P such that C = P E mod n Trapdoor for decryption: Exists D such that P = C D mod n – n must be product of two primes p and q – D is secret private key based on E, p and q

RSA Illustration

RSA Key Generation (1) Select 2 large primes p and q – At least 2048 bits (616 decimal digits) Compute n = p  q Compute Φ(n) = (p -1)  (q -1) – Euler totient function – Cannot compute directly from n without factoring into p and q – Crucial that multiplication of large primes is one way!

RSA Key Generation (2) Select some E for encryption – 1 < E < Φ(n) – E is relatively prime to Φ(n) Compute D as E -1 mod Φ(n) – E  D mod Φ(n) = 1 Public key: E and n Private key: D

RSA Example Public key: n = (from 397  401) E = 343  note that these are too small in reality! Known to sender Bob Private key: D = 12007= mod (that is, 396 x 400) Known only by recipient Alice

Security of RSA Cryptographic attacks based on finding fast ways to solve underlying mathematics – Factorization – Discrete Logarithms Unsolved at this point Recommendations: – Large p and q (giving n of at least 4096 bits) – Don’t reuse same n too many times – Large E (at least )

11 Representing Plaintext Constraint: P < modulus n  4096 bits in RSA  512 bytes Block cipher: – Plaintext broken into 512 byte blocks – Represented as equivalent large number – Each number encrypted and transmitted in ECB mode Could theoretically use CBC mode, but won’t really use for long messages anyway

RSA Mathematics (1) Must show: P = C D mod n = (P E ) D mod n = P E  D mod n Where E  D mod Φ(n) = 1 Based on Euler’s theorem: If n = p  q and P < n Then P k  Φ(n) + 1 mod n = P for all integer k

RSA Mathematics (2) Proof (sort of): (k  Φ(n) + 1) mod Φ(n) = 1 Since k  Φ(n) is divisible by Φ(n) There exists some k such that E  D = k  Φ(n) + 1 Since also have E  D mod Φ(n) = 1 P E  D mod n = P Substituting E  D for k  Φ(n) + 1 in Euler’s Theorem

What’s Next Let me know if you have any questions Continue on to the next lecture on Implementing RSA