Unformatted text preview: d Leonard Adleman—it has since withstood years of extensive cryptanalysis. Although the cryptanalysis neither proved nor disproved RSA’s security, it does suggest a confidence level in the algorithm. Table 19.1 Foreign MerkleHellman Knapsack Patents Country Belgium Netherlands Great Britain Germany Sweden Number 871039 7810063 2006580 2843583 7810478 Date of Issue 5 Apr 1979 10 Apr 1979 2 May 1979 10 May 1979 14 May 1979 France Germany Germany Canada Great Britain Switzerland Italy 2405532 2843583 2857905 1128159 2006580 63416114 1099780 8 Jun 1979 3 Jun 1982 15 Jul 1982 20 Jul 1982 18 Aug 1982 14 Jan 1983 28 Sep 1985 RSA gets its security from the difficulty of factoring large numbers. The public and private keys are functions of a pair of large (100 to 200 digits or even larger) prime numbers. Recovering the plaintext from the public key and the ciphertext is conjectured to be equivalent to factoring the product of the two primes. To generate the two keys, choose two random large prime numbers, p and q. For maximum security, choose p and q of equal length. Compute the product: n = pq Then randomly choose the encryption key, e, such that e and (p  1)(q  1) are relatively prime. Finally, use the extended Euclidean algorithm to compute the decryption key, d, such that ed a 1 mod (p  1)(q  1) In other words, d = e1 mod ((p  1)(q  1)) Note that d and n are also relatively prime. The numbers e and n are the public key; the number d is the private key. The two primes, p and q, are no longer needed. They should be discarded, but never revealed. To encrypt a message m, first divide it into numerical blocks smaller than n (with binary data, choose the largest power of 2 less than n). That is, if both p and q are 100digit primes, then n will have just under 200 digits and each message block, mi , should be just under 200 digits long. (If you need to encrypt a fixed number of blocks, you can pad them with a few zeros on the left to ensure that they will always be less than n.) The encr...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details