Presentation is loading. Please wait.

Presentation is loading. Please wait.

RSA and El Gamal Cryptosystems

Published byGriselda Washington Modified over 6 years ago

Similar presentations

Presentation on theme: "RSA and El Gamal Cryptosystems"— Presentation transcript:

1 RSA and El Gamal Cryptosystems
RSA Cryptosystem 7/29/2018 8:31 AM RSA and El Gamal Cryptosystems Bits PCs Memory 430 1 128MB 760 215,000 4GB 1,020 342106 170GB 1,620 1.61015 120TB RSA Cryptosystem

2 Outline Euler’s theorem (§10.1.3) RSA cryptosystem (§10.2.3)
Definition Example Security Correctness Algorithms for RSA Modular power (§10.1.4) Modular inverse (§10.1.5) Randomized primality testing (§10.1.6) RSA Cryptosystem

3 Euler’s Theorem The multiplicative group for Zn, denoted with Z*n, is the subset of elements of Zn relatively prime with n The totient function of n, denoted with f(n), is the size of Z*n Example Z*10 = { 1, 3, 7, 9 } f(10) = 4 If p is prime, we have Z*p = {1, 2, …, (p - 1)} f(p) = p - 1 Euler’s Theorem For each element x of Z*n, we have xf(n) mod n = 1 Example (n = 10) 3f(10) mod 10 = 34 mod 10 = 81 mod 10 = 1 7f(10) mod 10 = 74 mod 10 = 2401 mod 10 = 1 9f(10) mod 10 = 94 mod 10 = 6561 mod 10 = 1 RSA Cryptosystem

4 The RSA Cryptosystem (1)
Theorem Let p and q be two odd primes, and n = pq. Let e be relatively prime with f(n) and let d be the multiplicative inverse of e modulo f(n). For each integer x such that 0 < x < n, xed ≡ x mod n RSA Cryptosystem

5 The RSA Cryptosystem (2)
Setup: n = pq, with p and q primes e relatively prime to f(n) = (p - 1) (q - 1) d inverse of e in Zf(n) Keys: Public key: KE = (n, e) Private key: KD = d Encryption: Plaintext M in Zn C = Me mod n Decryption: M = Cd mod n Example Setup: p = 7, q = 17 n = 717 = 119 f(n) = 616 = 96 e = 5 d = 77 Keys: public key: (119, 5) private key: 77 Encryption: M = 19 C = 195 mod 119 = 66 Decryption: C = 6677 mod 119 = 19 RSA Cryptosystem

6 Complete RSA Example Setup: Encryption Decryption p = 5, q = 11
f(n) = 410 = 40 e = 3 d = 27 (327 = 81 = 240 + 1) Encryption C = M3 mod 55 Decryption M = C27 mod 55 RSA Cryptosystem

7 Security of RSA Algorithm (1)
The security of the RSA cryptosystem is based on the widely believed difficulty of factoring large numbers The best known factoring algorithm (general number field sieve) takes time exponential in the number of bits of the number to be factored The RSA challenge, sponsored by RSA Security, offers cash prizes for the factorization of given large numbers In April 2002, prizes ranged from $10,000 (576 bits) to $200,000 (2048 bits) RSA Cryptosystem

8 Security of RSA Algorithm (2)
In 1999, a 512-bit number was factored in 4 months using the following computers: MHz SGI and Sun 8 250 MHz SGI Origin MHz Pentium II 4 500 MHz Digital/Compaq Estimated resources needed to factor a number within one year Bits PCs Memory 430 1 128MB 760 215,000 4GB 1,020 342106 170GB 1,620 1.61015 120TB RSA Cryptosystem

9 Correctness of RSA Algorithm (1)
We show the correctness of the RSA cryptosystem for the case when the plaintext M does not divide n Namely, we show that (Me)d mod n = M Since ed mod f(n) = 1, there is an integer k such that ed = kf(n) + 1 Since M does not divide n, by Euler’s theorem we have Mf(n) mod n = 1 RSA Cryptosystem

10 Correctness of RSA Algorithm (2)
Thus, we obtain (Me)d mod n = Med mod n = Mkf(n) + 1 mod n = MMkf(n) mod n = M (Mf(n))k mod n = M (Mf(n) mod n)k mod n = M (1)k mod n = M mod n = M See the book for the proof of correctness in the case when the plaintext M divides n RSA Cryptosystem

11 Algorithmic Issues The implementation of the RSA cryptosystem requires various algorithms Overall Representation of integers of arbitrarily large size and arithmetic operations on them Encryption Modular power Decryption Setup Generation of random numbers with a given number of bits (to generate candidates p and q) Primality testing (to check that candidates p and q are prime) Computation of the GCD (to verify that e and f(n) are relatively prime) Computation of the multiplicative inverse (to compute d from e) RSA Cryptosystem

12 Using RSA for Digital Signatures
Digital signature S for message M is obtained by applying the decryption function (with private key) to M: S← Md mod n (RSA signature) The verification of the digital signature S is performed with the encryption function (with public key) by checking that M ≡ Se (mod n) (RSA verification) RSA Cryptosystem

13 Analysis for RSA Encryption
Theorem Let n be the modulus used in the RSA cryptosystem. RSA encryption, decryption, signature, and verification each take O(log n) arithmetic operations. RSA Cryptosystem

14 The El Gamal Cryptosystem (1)
The ElGamal algorithm is an asymmetric key encryption algorithm for public key cryptography which is based on Diffie-Hellman key agreement. It was described by Taher Elgamal in 1984. The ElGamal algorithm is used in the free GNU Privacy Guard software, recent versions of PGP, and other cryptosystems. RSA Cryptosystem

15 The El Gamal Cryptosystem (2)
The Digital Signature Algorithm is a variant of the ElGamal signature scheme, which should not be confused with the ElGamal algorithm. ElGamal can be defined over any cyclic group G. Its security depends upon the difficulty of a certain problem in G related to computing discrete logarithms. RSA Cryptosystem

16 The El Gamal Cryptosystem (3)
Definition Given integers b and n, with b<n, the discrete logarithm of an integer y to the base b is an integer x, such that bx ≡ y mod n. The discrete logarithm is also called index, and we write x = indb,ny. RSA Cryptosystem

17 The El Gamal Cryptosystem (4)
Let p be a prime, and g be a generator of Zp. The private key x is an integer between 1 and p–2. Let y = gx mod p. The public key is a triplet (p, g, y). To encrypt a plaintext M, a random integer k relatively prime to p – 1 is selected, and the following computation performed: a ← gk mod p b ← M yk mod p The ciphertext C consists of the pair (a, b). RSA Cryptosystem

18 The El Gamal Cryptosystem (5)
Decryption of the ciphertext C = (a, b) is performed by calculation: M ← b/ax mod p The security of El Gamal’s algorithm relies on difficulty of computation of the discrete logarithm. Theorem Let n be the modulus used in the El Gamal cryptosystem. El Gamal encryption, decryption, signature, and verification each take O(log n) arithmetic operations. RSA Cryptosystem

19 Security of El Gamal Cryptosystem (1)
ElGamal is a simple example of a semantically secure asymmetric key encryption algorithm (under reasonable assumptions). It is probabilistic, meaning that a single plaintext can be encrypted to many possible ciphertexts, with the consequence that a general ElGamal encryption produces a 2:1 expansion in size from plaintext to ciphertext. RSA Cryptosystem

20 Security of El Gamal Cryptosystem (2)
ElGamal's security rests, in part, on the difficulty of solving the discrete logarithm problem in G. Specifically, if the discrete logarithm problem could be solved efficiently, then ElGamal would be broken. However, the security of ElGamal actually relies on the so-called Decisional Diffie-Hellman (DDH) assumption. This assumption is often stronger than the discrete log assumption, but is still believed to be true for many classes of groups. RSA Cryptosystem

21 Security of El Gamal Cryptosystem (3)
As described above, ElGamal can be defined over any cyclic group G, and is secure if a certain computational assumption (the "DDH Assumption") about that group is true. Unfortunately, the straightforward use of G = Zp for a prime p is insecure, because the DDH Assumption is false in this group. RSA Cryptosystem

22 Security of El Gamal Cryptosystem (4)
In contrast, computing discrete logs is believed to be hard in Zp, but this is not enough for the security of El Gamal. The two most popular types of groups used in El Gamal are subgroups of Zp and groups defined over certain elliptic curves. RSA Cryptosystem

23 Efficiency of El Gamal Encryption under El Gamal requires two exponentiations; however, these exponentiations are independent of the message and can be computed ahead of time if need be. Decryption only requires one exponentiation (plus one division, which is typically much faster). Unlike in the RSA cryptosystem, El Gamal decryption cannot be sped up via the Chinese remainder theorem. RSA Cryptosystem

24 Diffie-Hellman Secret Key Exchange
1. Parties A and B publicly agree on a large prime n and a generator g in Zn. 2. A chooses a random number x and sends B number X = gx mod n. 3. B chooses a random number y and sends A number Y = gy mod n. 4. A computes K = Yx mod n. 5. B computes K’ = Xy mod n. 6. K = K’ and A and B can use K to communicate securely using a symmetric cryptosystem. RSA Cryptosystem

Download ppt "RSA and El Gamal Cryptosystems"

Similar presentations

Data Security 1 El_Gamal Cryptography. Data Security2 Introduction El_Gamal is a public-key cryptosystem technique El_Gamal is a public-key cryptosystem.

Data Security 1 El_Gamal Cryptography. Data Security2 Introduction El_Gamal is a public-key cryptosystem technique El_Gamal is a public-key cryptosystem.
7. Asymmetric encryption-

7. Asymmetric encryption-
The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.

The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Introduction to Modern Cryptography Lecture 7 1.RSA Public Key CryptoSystem 2.One way Trapdoor Functions.

Introduction to Modern Cryptography Lecture 7 1.RSA Public Key CryptoSystem 2.One way Trapdoor Functions.
Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.

Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.

Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
ASYMMETRIC CIPHERS.

ASYMMETRIC CIPHERS.
Public Key Model 8. Cryptography part 2.

Public Key Model 8. Cryptography part 2.
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.

Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
1 CIS 5371 Cryptography 8. Asymmetric encryption-.

1 CIS 5371 Cryptography 8. Asymmetric encryption-.
1 Network Security Lecture 6 Public Key Algorithms Waleed Ejaz

1 Network Security Lecture 6 Public Key Algorithms Waleed Ejaz
Prelude to Public-Key Cryptography Rocky K. C. Chang, February 2014 1.

Prelude to Public-Key Cryptography Rocky K. C. Chang, February
1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS 4362 - CIS 5357 Network Security.

1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS CIS 5357 Network Security.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.

Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
1 Public-Key Cryptography and Message Authentication.

1 Public-Key Cryptography and Message Authentication.
CS461/ECE422 Spring 2012 Nikita Borisov — UIUC1.  Text Chapters 2 and 21  Handbook of Applied Cryptography, Chapter 8 

CS461/ECE422 Spring 2012 Nikita Borisov — UIUC1.  Text Chapters 2 and 21  Handbook of Applied Cryptography, Chapter 8 
Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.

Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.
Scott CH Huang COM 5336 Cryptography Lecture 6 Public Key Cryptography & RSA Scott CH Huang COM 5336 Cryptography Lecture 6.

Scott CH Huang COM 5336 Cryptography Lecture 6 Public Key Cryptography & RSA Scott CH Huang COM 5336 Cryptography Lecture 6.

Similar presentations

Ads by Google