This preview shows pages 1–8. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: Tutorial on Public Key Cryptography – RSA c circlecopyrt Eli Biham  August 18, 2010 384 Tutorial on Public Key Cryptography – RSA (14) RSA – the Key Generation – Example 1. Randomly choose two prime numbers p and q . We choose p = 11 and q = 13. 2. Compute n = pq . We compute n = pq = 11 · 13 = 143. 3. Randomly choose an odd number e in the range 1 < e < ϕ ( n ) which is coprime to ϕ ( n ) (i.e., e ∈ Z ∗ ϕ ( n ) ). ϕ ( n ) = ϕ ( p ) · ϕ ( q ) = 10 · 12 = 120. Thus, we choose e = 7 ( e ∈ Z ∗ 120 ). 4. Compute d ≡ e − 1 (mod ϕ ( n )) by Euclid’s algorithm. Thus, de ≡ 1 (mod ϕ ( n )). We compute d ≡ e − 1 ≡ 7 − 1 ≡ 103 (mod ϕ (143) = 120). Check that 120  7 ∗ 103 − 1 = 721 − 1 = 720. c circlecopyrt Eli Biham  August 18, 2010 385 Tutorial on Public Key Cryptography – RSA (14) RSA – the Key Generation – Example (cont.) 5. Publish ( n,e ) as the public key, and keep d secret as the secret key. We publish ( n, e ) = (143 , 7) as the public key, and keeps d = 103 secret as the secret key. c circlecopyrt Eli Biham  August 18, 2010 386 Tutorial on Public Key Cryptography – RSA (14) RSA – Encryption/Decryption – Example The encryption algorithm E : Everybody can encrypt messages m (0 ≤ m < n A ) to user A by c = E A ( m ) = m e A mod n A . The ciphertext c (0 ≤ c < n A ) can be sent to A , and only A can decrypt. Encrypt m = 3: E A ( m ) ≡ m e A ≡ 3 7 ≡ 42 (mod 143) c circlecopyrt Eli Biham  August 18, 2010 387 Tutorial on Public Key Cryptography – RSA (14) RSA – Encryption/Decryption – Example (cont.) The decryption algorithm D : Only A knows his secret key d A and can decrypt: m = D A ( c ) = c d A mod n A . Decrypt c = 42: D A ( c ) ≡ c d A ≡ 42 103 ≡ 3 (mod 143) Decrypt c = 2: D A ( c ) ≡ c d A ≡ 2 103 ≡ 63 (mod 143) c circlecopyrt Eli Biham  August 18, 2010 388 Tutorial on Public Key Cryptography – RSA (14) Existential Forgery of an RSA Signature Given a public key ( n A , e A ) of user A, can another user B create a message m and a signature D A ( m ) ≡ m d A (mod n A )? User B can forge a signature in the following way: B Chooses y ∈ Z n and calculates x ≡ E A ( y ) = y e A (mod n A ). Now B can claim that y ≡ x d A (mod n A ) is A’s signature on x . c circlecopyrt Eli Biham  August 18, 2010 389 Tutorial on Public Key Cryptography – RSA (14) Multiplication Property of RSA Multiplication Property : Given a public key ( n A ,e A ) of user A, and m 1 ,m 2 ∈ Z n then E A ( m 1 · m 2 ) ≡ E A ( m 1 ) · E A ( m 2 ) (mod n ) Proof :...
View
Full
Document
This note was uploaded on 04/14/2011 for the course CS 236506 taught by Professor Yanivcarmeli during the Spring '11 term at Technion.
 Spring '11
 YanivCarmeli

Click to edit the document details