Download presentation
Presentation is loading. Please wait.
1
RSA and its Mathematics Behind
July 2011
2
Topics Modular Arithmetic Greatest Common Divisor Euler’s Identity
RSA algorithm Security in RSA
3
Modular Arithmetic A system of arithmetic for integers, where numbers wrap around after they reach a certain value—the modulus Modular or "clock" arithmetic is arithmetic on a circle instead of a number line In modulo N , we use only the twelve whole numbers from 0 through N-1 The 12-hour clock : modulo 12 If the time is 9:00 now, then 4 hours later it will be 1:00 9+4 =13 13 % 12= 1
4
Modular Clock Arithmetic
1:00 and and 13:00 hours are the same 1:00 and and 25:00 hours are the same 1 13 (mod 12) a b (mod n) n is the modulus a is congruent to b modulo n a-b is an integer multiple of (divisible by) n a % n = b % n
5
Example 38 14 (mod 12) 38-14 = 24 ; multiple of 12 38 2 (mod 12) 38-2 = 36 ; multiple of 12 The same rule for negative number -8 7 (mod 5) 2 -3 (mod 5) -3 -8 (mod 5)
6
Congruence Class Example
5 10 2 7 12 3 8 13 -- 1 6 11 (mod 5) Congruence Classes of the integers modulo 5
7
Replace of congruence item
Let 3 (mod 12) and 16 4 (mod 12), therefore (mod 12) Let 7 (mod 12) and 1177 1 (mod 12), therefore 9835*1177 7 * 1 7 (mod 12)
8
Modular Arithmetic Notation
Modulus operator Congruence relation a = b mod n a b (mod n) Inputs a number a and a base b, outputs a mod b as the remiander of ab (value between 0 and b –1) Relates two numbers a, b to each other relative some base = means that integer a is the reminder of the division of integer b by integer n indicates that the integers a and b fall into the same congruence class modulo n (same remainder when diving by b) 2 = 14 mod 3 14 2 (mod 3)
9
Exercise (I) A: Compute 113 mod 24: -29 mod 7
10
Exercise (I), cont A: Compute 113 mod 24: -29 mod 7
11
Exercise (I), cont A: Compute 113 mod 24: -29 mod 7
12
Exercise (I), cont A: Compute 113 mod 24: -29 mod 7
13
Exercise (II) Q: Which of the following are true? 3 3 (mod 17)
14
Exercise (II), cont A: 3 3 (mod 17) 3 -3 (mod 17)
True. any number is congruent to itself (3-3 = 0, divisible by all) 3 -3 (mod 17) False. (3-(-3)) = 6 isn’t divisible by 17. 172 177 (mod 5) True = -5 is a multiple of 5 -13 13 (mod 26) True: = -26 divisible by 26.
15
Topics Modular Arithmetic Greatest Common Divisor Euler’s Identity
RSA algorithm Security in RSA
16
Greatest Common Divisor
Def: Let a,b be integers, not both zero. The greatest common divisor of a and b (or gcd(a,b) ) is the biggest number d which divides both a and b without a remainder gcd (8,12) =4 Find gcd (54, 24) 54x1 = 27x2 = 18x3 = 9x6; {1, 2 ,3, 6, 9, 18, 27, 54} 24x1 = 12x2 = 8x3 = 4x6; {1, 2 ,3, 4, 6, 8, 12, 54} Share number : {1, 2, 3, 6} gcd (54, 24) = 6
17
Finding GCD gcd(a,0) = a, and gcd(a,b) = gcd(b, a mod b)
Find gcd(132, 28) : r = 132 mod 28 = 20 => gcd(28, 20) r = 28 mod 20 = 8 => gcd(20,8) r = 20 mod 8 = 4 => gcd(8,4) r = 8 mod 4 = => gcd(4,0) gcd(132, 28) = 4 1 2 3 4 5 a 132 28 20 8 b
18
GCD and Relatively Prime
Def: two integers a and b are said to be relatively prime (also called co-prime) if gcd(a,b) = 1 so no prime common divisors. Find gcd(28, 15) : r = 28 mod 15 = 13 => gcd(15, 13) r = 15 mod 13 = 2 => gcd(13, 2) r = 13 mod 2 = 1 => gcd(2,1) r = 2 mod 1 = 0 => gcd(1,0) gcd(28,15) = 1 15 and 28 are relative prime Since a prime number has no factors besides itself, clearly a prime number is relatively prime to every other number (except for multiples of itself)
19
Test Relative Prime Q: Find the following gcd’s: gcd(77,11) gcd(77,33)
20
Test Relative Prime A: gcd(77,11) = 11 gcd(77,33) = 11
gcd(23,7) = 1. Therefore 23 and 7 are relatively prime.
21
Topics Modular Arithmetic Greatest Common Divisor Euler’s Identity
RSA algorithm Security in RSA
22
Euler's Totient Function
(N) = the numbers between 1 and N - 1 which are relatively prime to N Thus: (4) = 2 (1 and 3 are relatively prime to 4) (5) = 4 (1, 2, 3, and 4 are relatively prime to 5) (6) = 2 (1 and 5 are relatively prime to 6) (7) = 6 (1, 2, 3, 4, 5, and 6 are relatively prime to 7) (8) = 4 (1, 3, 5, and 7 are relatively prime to 8) (9) = 6 (1, 2, 4, 5, 7, and 8 are relatively prime to 9) Compute (N) in C code: phi = 1; for (i = 2 ; i < N ; ++i) if (gcd(i, N) == 1) ++phi;
23
Euler's Totient Function, cont
Note that (N) = N-1 when N is prime Somewhat obvious fact that (N) is also easy to calculate when N has exactly two different prime factors: (p*q) = (p-1)*(q-1) Example: Find (15) (15) = (3*5) = (3-1) * (5-1) = 4*2 =8 {1, 2, 4, 7, 8, 11, 13, and 14}
24
Euler’s Totient Theorem
One of the important keys to the RSA algorithm If gcd(m, n) = 1 and m < n, then m(n) 1 (mod n) m(n) 1 (mod n) where (n) = (p1-1)*(q-1) relatively prime m (p-1)(q-1) mod n = 1 Example: m (p-1)(q-1) mod n = 1 3840 mod 55 = 1 M=38 replace (p-1)(q-1) with (11-1)(5-1) n=55 Interpretation : If m and n are relatively prime, with m being the smaller number, then when we multiply m with itself (n) times and divide the result by n, the remainder will always be 1
25
More in Euler’s Theorem
Multiply both sides of equation by m m (p-1)(q-1) mod n = 1 m (p-1)(q-1) *m mod n = 1*m m (p-1)(q-1)+1 mod n = m m (n)+1 mod n = m
26
The Road to crypto If we can find two numbers, call them e and d, such that e*d = [(p-1)(q-1)] n = p*q Use e as the private key and d as the public key; Encrypts: c me (mod n) Decrypts: m cd (mod n) cd = (me (mod n))d = med (mod n) = m(p-1)(q-1)+1 (mod n) = m(n)+1 (mod n) = m m (n)+1 mod n = m Recall Euler’s theorem
27
A trapdoor one-way function
Public key c = f(m) = me mod n Message m Ciphertext c m = f-1(c) = cd mod n Private key (trapdoor information) n = p*q (p & q: primes) e*d = 1 mod (p-1)(q-1)
28
Topics Modular Arithmetic Greatest Common Divisor Euler’s Identity
RSA algorithm Security in RSA
29
RSA Public key cryptosystem
Shamir Rivest Adleman Public key cryptosystem Proposed in 1977 by Ron L. Rivest, Adi Shamir and Leonard Adleman at MIT Best known & widely used public- key scheme Based on exponentiation in a finite (Galois) field over integers modulo a prime Main patent expired in 2000 RSA is the best known, and by far the most widely used general public key encryption algorithm, and was first published by Rivest, Shamir & Adleman of MIT in 1978 [RIVE78]. Since that time RSA has reigned supreme as the most widely accepted and implemented general-purpose approach to public-key encryption. It is based on exponentiation in a finite (Galois) field over integers modulo a prime, using large integers (eg bits). Its security is due to the cost of factoring large numbers. Rivest Shamir Adleman
30
RSA Algorithm Uses two keys : e and d for encryption and decryption
A message m is encrypted to the cipher text by c = me mod n The ciphertext is recover by m = cd mod n Because of symmetric in modular arithmetic m = cd mod n = (me)d mod n = (md)e mod n One can use one key to encrypt a message and another key to decrypt it
31
RSA Key Setup Selecting two large primes at random : p, q
Typically 512 to 2048 bits Computing their system modulus n=p*q note ø(n)=(p-1)(q-1) Selecting at random the encryption key e where 1<e<ø(n), gcd(e,ø(n))=1 Meaning: there must be no numbers that divide neatly into e and into (p-1)(q-1), except for 1. Solve following equation to find decryption key d e*d=1 mod ø(n) and 0≤d≤n In other words, d is the unique number less than n that when multiplied by e gives you 1 modulo ø(n) Publish public encryption key: PU={e,n} Keep secret private decryption key: PR={d,n} RSA key setup is done once (rarely) when a user establishes (or replaces) their public key, using the steps as shown. The exponent e is usually fairly small, just must be relatively prime to ø(n). Need to compute its inverse mod ø(n) to find d. It is critically important that the factors p & q of the modulus n are kept secret, since if they become known, the system can be broken. Note that different users will have different moduli n.
32
Example: Key Generation Step by Step
Selecting two large primes at random : p, q (use small numbers for demonstration) p = 7; q = 19 Computing their system modulus n=p.q ø(n) = (p-1)(q-1) n = 7*19 = 133 ø(n) = (7-1)*(19-1) = 6*18 = 108 Selecting at random the encryption key e and gcd(e, 108) = 1 e = 5 find decryption key d such that e*d = 1 mod ø(n) and 0≤d≤n d*5 mod 108 = 1; d = 65 Check : 65*5 = 325; mod 108 = 1 Public encryption key: PU={e,n} PU = {5,133} Secret private decryption key: PR = {d,n} PR = {65,133} Encryption and Decryption for m = 6 c = me mod n = 65 % 133 = 62 m = cd mod n = % 133 = 6
33
Key Generation : Find n and ø(n)
1) Generate two large prime numbers, p and q Lets have: p = 7 and q = 19 2) Find n = p*q n =7*19 = 133 3) Find ø(n) = (p-1)(q-1) ø(n) = (7-1)(19-1)= 6 * 18 = 108
34
Key Generation : Generate Private Key
4) Choose a small number, e coprime to 108 Using Euclid's algorithm to find gcd(e,108) e = 2 => gcd(e, 108) = 2 ✗ e = 3 => gcd(e, 108) = 3 ✗ e = 4 => gcd(e, 108) = 4 ✗ e = 5 => gcd(e, 108) = 1 ✓
35
Key Generation : Generate Public Key
5) Find d, such that e*d = 1 mod ø(n) and 0≤d≤n ; e=5; ø(n)=108 Using extended Euclid algorithm; e*d = 1 mod ø(n) => e*d = 1+k*ø(n) ; d, k are interger = (1+k*ø(n))/e d = (1+k*108)/5 Try through values of k until an integer solution for d is found: k = 0 => d = 1 / 5 = ✗ k = 1 => d = (1+1*108)/ 5 =109/5 = 21.8 ✗ k = 2 => d = (1+2*108)/5 = 217/5 = 43.4 ✗ k = 3 => d = (1+3*108)/5 = 325/5 = 65 ✓
36
Example : Encryption PU= {e,n} = {5,133} Lets use the message m=16
c = me mod n = 165 mod 133 = mod 133 = 4
37
Example: Decryption PR={d,n}={65,133} From the encryption c=4
m = cd mod n = 465 mod = x1039 mod 133 = 16
38
Encode the ASCII String
Message input string S e c r t ! Message input ASCII 83 101 99 114 116 33 Message input binary Message input 16 bit binary padding Message input 16 bit decimal for “Secret!” 21349 25458 25972 33
39
Sample 16 bits key n = 1602475129 e = 64037 d = 1004908973 m =104
c = ( ) mod = m = ( ) mod = 104 Directly computation of exponential needs too much memory and very slow
40
How to deal with 1024 bits? n= e=47609 d= we could still end up with a number with so many digits (before taking the remainder on dividing by p) that we wouldn't have enough memory to store it
41
Using Modular Exponential
Using modular reduction to enhance computation f mod i = j and f = g * h then (( g mod i ) * (h mod i)) mod i = j
42
Modular Exponential : 2320 mod 29
(23exp-1 mod 29)*23 ((23exp-1 mod 29) *23) mod 29 2 23*23= 529 529 mod 29 =7 3 7*23=161 161 mod 29=16 4 16*23=368 368 mod 29=20 5 20*23=460 460 mod 29=25 6 25*23=575 575 mod 29=24 7 24*23=552 552 mod 29=1 8 1*23=23 23 mod 29=23 9 23*23=529 529 mod 29=7 10 : 16 19 20 232 mod 29 = 7 234=232*232 mod 29 = 7*7 mod 29 =49 mod 29 = 20 238=234*234 mod 29 = 20*20 mod 29 =400 mod 29 =23 2316=238*238 mod 29 = 23*23 mod 29 =529 mod 29 =7 2320=2316*234 mod 29 = 7*20 mod 29 =140 mod 29 =24
43
Modular Exponential : 23391 mod 55
23exp/2*23exp/2 (23exp-1) * (23exp/2) mod 55 1 [exception] 231=23 23 mod 55 = 23 2 23*23= 529 529 mod 55 = 34 4 34*34=1156 1156 mod 55 = 1 8 1*1=1 1 mod 55 = 1 16 32 64 128 256 512 23391 = 23256*23128*234*232*231 = 1*1*1*34*23 = 722 722 mod 55 = 12
44
Modular Exponential : 31397 mod 55
31exp/2*31exp/2 (31exp-1) * (31exp/2) mod 55 1 [exception] 311=31 31 mod 55 = 33 2 31*31= 961 961 mod 55 = 26 4 26*26=676 676 mod 55 = 16 8 16*16=256 256 mod 55 = 36 16 36*36=1296 1296 mod 55 = 31 32 31*31=961 64 128 256 512 31397 % 55 = (31256*31128*318*314*311 ) % 55 = (31*36*36*16*33) = ((1116 % 55)*36*16*33 ) % 55 = (16*36*16*33 ) % 55 = ((576 mod 55) *16 *33) % 55 = (26*16*33) % 55 = ((416 % 55) *33 ) % 55 = (31*3 ) % 55 = 961 % 55 = 26 31397 mod 55 = x1059 mod 55 = 26
45
Modular Exponential for RSA
The running time of RSA encryption, decryption is simple
46
Topics Modular Arithmetic Greatest Common Divisor Euler’s Identity
RSA algorithm Security in RSA
47
Analyzing RSA RSA depends on being able to find large primes quickly, whereas anyone given the product of two large primes “cannot” factor the number in a reasonable time. If any one of p, q, m, d is known, then the other values can be calculated. So secrecy is important 1024 bits is considered in risk To protect the encryption, the minimum number of bits in n should be 2048 RSA is slow in pratice RSA is primary used to encrypt the session key used for secret key encryption (message integrity) or the message's hash value (digital signature)
48
RSA-Numbers RSA numbers are a set of large semiprimes (numbers with exactly two prime factors) that are part of the RSA Factoring Challenge Officially ended in 2007 but people can still attempt to find the factorizations
49
RSA-768 RSA-768 has 768 bits (232 decimal digits), and was factored on December 12, 2009 RSA-768 = RSA-768 = ×
50
RSA-1024 and RSA-2048 RSA-1024 has 1,024 bits (309 decimal digits), and has not been factored so far RSA-1024 = RSA-2048 has 2,048 bits (617 decimal digits) may not be factorizable for many years to come, unless considerable advances are made in integer factorization RSA-2048 =
51
RSA security summary There are two one-way functions involved in the security of RSA. One-way function Description Encryption function The encryption function is a trapdoor one-way function, whose trapdoor is the private key. The difficulty of reversing this function without the trapdoor knowledge is believed (but not known) to be as difficult as factoring. Multiplication of two primes The difficulty of determining an RSA private key from an RSA public key is known to be equivalent to factoring n. An attacker thus cannot use knowledge of an RSA public key to determine an RSA private key unless they can factor n. Because multiplication of two primes is believed to be a one-way function, determining an RSA private key from an RSA public key is believed to be very difficult.
52
Q&A
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.