Download presentation
Presentation is loading. Please wait.
1
RSA Cryptosystem 電機四 B 游志強 2019/8/25
2
Outline Introduction(Cryptography) RSA Cryptosystem
Modular Exponentiation Algorithms Modular Multiplication Algorithms MATLAB Simulation Reference 2019/8/25
3
Cryptography Symmetric : (conventional) Public key : (e.g. RSA)
Public channel Message Message Encryption Decryption Secret channel Key generator Terminal (transmitter) Terminal (receiver) Public key : (e.g. RSA) Public channel Message Message Encryption Decryption Public channel Key generator Terminal (transmitter) Terminal (receiver) 2019/8/25
4
Comparison Symmetric: (fast) Public key: (slow)
At least 1000 times faster than public-key Public key: (slow) Computers are getting faster=> in 15 years. Bandwidth requirement are also increasing. Are used for encrypt keys, not for encrypt messages. 2019/8/25
5
Public Key Cryptosystems
Pohlig-Hellman encryption scheme Rabin’s scheme RSA Cryptosystem Named after its inventers:Rivest, Shamir and Adleman Patent:Sep. 20, 1983 to now 2019/8/25
6
RSA Cryptosystem RSA key generate:
Generate two large prime numbers: p, q Compute N =p *q, z =(p -1)*(q -1) Choose a number relatively prime to z and call it e. Find d such that e *d = 1 ( mod z ) (extended Euclidean algorithm) The keys: Public key <==> Private key Ke=(N, e) Kd=(N, d) 2019/8/25
7
En/Decryption Encryption: Decryption:
Use public key: Ke = (N, e) C = M e mod N ( M : Message/Plaintext ) Decryption: Use private key: Kd = (N, d) M = C d mod N ( C : Encrypted message/Ciphertext) C d = M e*d = M r(p-1)(q-1)+1 = M (mod N) 2019/8/25
8
RSA Operation Processing block diagram : N =p *q z =(p -1)*(q -1)
C = M e mod N M = C d mod N Public channel Message Message Encryption Decryption M C M Ke Kd Public channel Key generator Ke Kd=(N, d) Ke=(N, e) Terminal (transmitter) N =p *q z =(p -1)*(q -1) e *d = 1 (mod z ) Terminal (receiver) 2019/8/25
9
Security of RSA Cryptosystem
Security based on long wordlength The number of N, e, d in Kd, Ke >= 1024 bit Attack!!! Exhaustive search: (Impossible) Only 1 available key in elements Add more security Increase wordlength (e.g. 2048, ) 2019/8/25
10
Implementation Problem
Large exponent and modular (issue) How to compute M e mod N (1024 bit) High computational complexity How to improve speed performance 2019/8/25
11
Implementation of RSA Software Hardware Now
Very slow (low efficiency) Hardware Montgomery’s Algorithm Now A new sequential algorithm called Montgomery Product Algorithm is used to design a word-based RSA processor 2019/8/25
12
Modular Exponentiation
H Algorithm MSB first (1 bit/iteration) L Algorithm LSB first (1 bit/iteration) M-array Algorithm MSB first (m bit/iteration) 2019/8/25
13
H Algorithm R=ME (mod N) Output:Result= R[k-1] = ME(mod N) H(M,E,N)
for(i=0;i<k-1;i++) { R[i+1] = R[i] * R[i] (mod N); //Squaring if( E[k-i-2]==1) R[i+1] = R[i+1] * M (mod N); //Multiplying else R[i+1] = R[i+1];} return R[k-1];} 2019/8/25
![H Algorithm R=ME (mod N) Output:Result= R[k-1] = ME(mod N) H(M,E,N)](http://slideplayer.com./slide/17254800/100/images/13/H+Algorithm+R%3DME+%28mod+N%29+Output%3AResult%3D+R%5Bk-1%5D+%3D+ME%28mod+N%29+H%28M%2CE%2CN%29.jpg "for(i=0;i<k-1;i++) { R[i+1] = R[i] * R[i] (mod N); //Squaring. if( E[k-i-2]==1) R[i+1] = R[i+1] * M (mod N); //Multiplying. else. R[i+1] = R[i+1];} return R[k-1];} 2019/8/25.")
14
L Algorithm R=ME (mod N) Output:Result= R[k] = ME(mod N) L(M,E,N)
{ R[0]=1; M[0]=M; for(i=0;i<k;i++) { M[i+1] = M[i] * M[i] (mod N); //Squaring if( E[i]==1) R[i+1] = R[i] * M[i] (mod N); //Multiplying else R[i+1] = R[i];} return R[k];} 2019/8/25
![L Algorithm R=ME (mod N) Output:Result= R[k] = ME(mod N) L(M,E,N)](http://slideplayer.com./slide/17254800/100/images/14/L+Algorithm+R%3DME+%28mod+N%29+Output%3AResult%3D+R%5Bk%5D+%3D+ME%28mod+N%29+L%28M%2CE%2CN%29.jpg "{ R[0]=1; M[0]=M; for(i=0;i<k;i++) { M[i+1] = M[i] * M[i] (mod N); //Squaring. if( E[i]==1) R[i+1] = R[i] * M[i] (mod N); //Multiplying. else. R[i+1] = R[i];} return R[k];} 2019/8/25.")
15
Block Diagram & Flowchart
2019/8/25
16
Example for H & L Algorithm
Calculate ME mod N, if E=1310=11012 1, H Algorithm R=(((M1)2*M1)2*M0)2*M1 mod N =(((M1)2*M1)2)2*M1 mod N =M13 mod N 5 mul 2, L Algorithm R= (M)1 *(M2)0 *(M4)1* (M8)1 mod N = (M)1 *(M4)1* (M8)1 mod N =M13 mod N 3 mul & 2 mul 2019/8/25
17
M-array Algorithm Is similar to H Algorithm
But scans m-bit in exponent in a single iteration Needs another time to create the storage table 2019/8/25
18
Comparison of H, L & M-array
2019/8/25
19
Modular Multiplication
Montgomery’s Algorithm P. L. Montgomery Booth-Encoded Montgomery’s Algorithm 呂誌忠學長 Montgomery Product Algorithm C. K. Koc, RSA Libratory 2019/8/25
20
Montgomery’s Algorithm
M(A,B,N) /* P [n]=A*B*2 - n mod N */ { P[0]=0; for (i=0;i<n;i++) /* n iteration */ { qi=(P[i]+aiB) mod 2; P[i+1]=(P[i]+aiB+qiN) div 2; } return P[n]; 2019/8/25
21
Booth-Encoded Montgomery
Scan 2-bit/iteration Montgomery’s: 1-bit/iteration Booth-encoded 2019/8/25
22
Montgomery Product Algorithm
MonPro(a, b) { t = A*B; m = (t*N’) mod 2n; u = (t + m*N) div 2n; if(u >= N)then return u – N; else return u; } N’ * N = -1 (mod 2n) 2019/8/25
23
Extension of Montgomery Product Algorithm (1)
n = r * s Use a r-bit processor Slower speed Very small chip area!! 2019/8/25
24
Extension of Montgomery Product Algorithm (2)
// t = A * B for(i = 0; i < s; i = i + 1) { C = 0; for(j = 0; j < s; j = j + 1) (C, S) = t[i+j] + A[j]*B[i] + C; t[i+j] = S;} t[i+s] = C;} 2019/8/25
25
Extension of Montgomery Product Algorithm (3)
// m = (t * N’) mod 2r // t = t + m * N for(i = 0; i < s; i = i + 1) { C = 0; m = (t[ i ] * N’) mod 2r; for(j = 0; j < s; j = j + 1) { (C, S) = t[ i + j ] + m * N[ j ] + C; t[ i + j ] = S;} 2019/8/25
26
Extension of Montgomery Product Algorithm (4)
for(j = i + s; j < 2s; j = j + 1) { (C, S) = t[ j ] + C; t[ j ] = S; } t[ 2s ] = C; // u = t div 2r*s for(j = 0; j <= s; j = j + 1) { u[ j ] = t[ j + s ]; } 2019/8/25
27
Extension of Montgomery Product Algorithm (5)
B = 0; for(j = 0; j <= s; j = j + 1) { (B, D) = u[ j ] – n[ j ] – B; v[ j ] = D; } if(B = 0)then return v[ s-1 : 0 ]; else return u[ s-1 : 0 ]; 2019/8/25
28
Modular Inverse Algorithm
N’ * N = -1 (mod 2r) N’ * (2r - N) = 1 (mod 2r) N’ = ModInverse(2r - N) ModInverse(x, 2w) { y = 1; for(i = 2; i <= w; i = i + 1) { if( 2i –1 < [x * y (mod 2i)] )then y = y + 2i –1; } } return y; } 2019/8/25
29
MATLAB Simulation Extension of Montgomery Product Algorithm 2019/8/25
30
MATLAB Simulation Extension of Modular Exponentiation 2019/8/25
31
Reference [1] P. L. Montgomery, “Modular multiplication without trial division,” Math. Comput., vol. 44, pp , Apr [2] Jye-Jong Leu and A.-Y. Wu, “A Scalable Low-Complexity Bit-Serial VLSI Architecture for RSA Cryptosystem,” in IEEE Workshop on Signal Processing Systems (SiPS-99), pp , Taipei, Oct [3] Jye-Jong Leu, and An-Yeu Wu, “Design Methodology For Booth-Encoded Montgomery Module Design For RSA Cryptosystem,” To appear ISCAS 2000. [4] C. K. Koc, “RSA hardware implementation”, Technical Report 2, RSA Laboratories, RSA Data Security, Inc., Redwood City, CA, 1995. 2019/8/25
![Reference [1] P. L. Montgomery, Modular multiplication without trial division, Math. Comput., vol. 44, pp , Apr](http://slideplayer.com./slide/17254800/100/images/31/Reference+%5B1%5D+P.+L.+Montgomery%2C+Modular+multiplication+without+trial+division%2C+Math.+Comput.%2C+vol.+44%2C+pp+%2C+Apr.jpg "[2] Jye-Jong Leu and A.-Y. Wu, A Scalable Low-Complexity Bit-Serial VLSI Architecture for RSA Cryptosystem, in IEEE Workshop on Signal Processing Systems (SiPS-99), pp , Taipei, Oct [3] Jye-Jong Leu, and An-Yeu Wu, Design Methodology For Booth-Encoded Montgomery Module Design For RSA Cryptosystem, To appear ISCAS [4] C. K. Koc, RSA hardware implementation , Technical Report 2, RSA Laboratories, RSA Data Security, Inc., Redwood City, CA, /8/25.")
Similar presentations
