Math135Lecture16StudentNotes-1

Math135Lecture16StudentNotes-1 - Math 135: Lecture 16: RSA...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Math 135: Lecture 16: RSA Public Key Systems • In a each pair of users must possess the same key. • In a keys are divided into two parts. • A public encryption key is shared in a repository. • A private decryption key is held secretly by each participant. • For user A to send a private message to user B , A would look up B ’s public key, encrypt the message and send it to B . Since B is the only person who possesses the secret key required for decryption, only B can read the message. Key Distribution • How do you manage keys among 200 embassies? • In a private key system, users must exchange • In a public key system, users must • The key distribution problem is solved. RSA • The possibility of public key cryptography was first published in 1976 in a paper by Diffie, Hellman and Merkle. • The RSA scheme, named after its discoverers Rivest, Shamir and Adleman is an example of a commercially implemented public key scheme. Messages Are Integers • In RSA, • How does one get an integer from plaintext? • One possibility: Do what we did with a Vigen`re cipher, assign a number to each letter of e the alphabet and then concatenate the digits together. Example 16.1. With A ↔ 00, B ↔ 01, . . . MATH ↔ 1 Square and Multiply Algorithm 1. To compute M e (mod n) for large e, write e in binary as e = (rt...r2r1r0)2 where each ri = 0 OR 1. t− 1 t 2. Compute M, M 2, M 4, M 8, ..., M 2 , M 2 ( mod n) by squaring the previous term in the sequence. 3. Multiply the appropriate terms together, modulo n, to obtain i M e ≡ ΠM 2 ( mod n). Eg R1 Use the square and multiply algorithm to compute 229 (mod 187). 1. 29 = 16 + 4 + 2 + 1 = (11101)2. 2. Compute 2, 22, 24, 28, 216 (mod 187). 22 ≡ ≡ 4 (mod 187) 24 ≡ (22)2 ≡ 42≡ ≡ 16 (mod 187) 28 ≡ (24)2 ≡ 162 ≡ 256 ≡ 69 (mod 187) 216 ≡ (28)2 ≡ 692 ≡ 4761 ≡ 86 (mod 187) 3. Compute 229 (mod 187). 229 ≡ 216282421 (mod ≡ 86 · 69 · 16 · 2 (mod ≡ 189888 (mod ≡ 83 (mod 187) 187) 187) 187) Thus 229 (mod 187) = 83. 1 Eg R2. Calculate R = 83149 (mod 187) using the Chinese Remainder Theorem. Note that 187 = 11 × 17 and these are both primes. We will compute the exponential modulo 11 and 17 and then combine these using the CRT. Note that 83 ≡ 6 (mod 11). Since 11 is prime, and 11 ￿ |83, Fermat’s Little Theorem implies that 8310 ≡ 1 (mod 11). We can write the exponent 149 = 10 × 14 + 9. Thus R ≡ 83149 ≡ (8310)14839 (mod 11) ≡ (1)1469 (mod 11) ≡ 10077696 (mod 11) ≡ 2 (mod 11) Similarly, note that 83 ≡ 15 ≡ −2 (mod 17). Since 17 is prime, and 17 ￿ |83, Fermat’s Little Theorem implies that 8316 ≡ 1 (mod 17). We can write the exponent 149 = 16 × 9 + 5. Thus R ≡ 83149 ≡ (8316)9835 (mod 17) ≡ (1)9(−2)5 (mod 17) ≡ −32 (mod 17) ≡ 2 (mod 17) ￿ R ≡ 2 (mod 11) Since R ≡ 2 (mod 17) and gcd(11, 17) = 1, then by the CRT we have R ≡ 2 (mod 187). Thus R = 83149 (mod 187) = 2. 2 RSA Cryptography Scheme Setup Alice creates public and private keys. General Description E.g. (artificially small numbers) Alice selects large distinct Alice selects p = 11 and q = 17, prime numbers p and q , and and forms n = 187 and φ = 160. forms n = pq and φ = (p − 1)(q − 1). Alice selects an integer e Alice selects an integer e = 29 such such that gcd(e, φ)) = 1. that gcd(29, 160) = 1. By EEA, Alice computes an Alice computes d = 149 such that integer d that solves 29 · 149 ≡ 1 (mod 160), ed ≡ 1( mod φ), with 1 < 149 < 160. with 1 < d < φ. Alice’s public encryption key Alice’s public encryption key is is (e, n). (e, n) = (29, 187). Alice’s private decryption Alice’s private decryption key is key is (d, n). (d, n) = (149, 187). 3 Encryption Bob encrypts a message for Alice. General Description Bob obtains Alice’s public key (e, n). Bob converts text into numbers and breaks into blocks of the appropriate size, an integer M such that 0 ≤ M < n. Bob computes C ≡ M e( mod n) where 0 ≤ C < n. Bob sends C to Alice. E.g. (artificially small numbers) Bob obtains Alice’s public key as (e, n) = (29, 187). Bob obtains a block with message M = 2 such that 0 ≤ 2 < 187. Bob computes C ≡ 229( mod 187) where 0 ≤ 83 < 187. (from Eg R1) Bob sends C = 83 to Alice. Decryption Alice decrypts a message received. General Description E.g. (artificially small numbers) Alice uses her private key Alice uses her private key (d, n). (d, n) = (149, 187). Alice receives the integer C , Alice receives the integer C = 83, where 0 ≤ C < n. where 0 ≤ 83 < 187. Alice computes Alice computes R ≡ C d (mod n) R ≡ 83149 (mod 187) where 0 ≤ R < n. where 0 ≤ 2 < 187 (from Eg R2) R is the original message. R = 2 is the original message. Square and Multiply Algorithm 4 Math 135: Lecture 16: RSA Example 16.5 (Setup). 1. Choose two large, distinct primes p and q and let n = pq . p = 4093, q = 8191 and n = 33525763 and (p − 1)(q − 1) = 4092 × 8190 = 33513480 2. Select an integer e so that gcd(e, (p − 1)(q − 1)) = 1 and 1 < e < (p − 1)(q − 1). e = 17. 3. Solve ed ≡ 1 (mod (p − 1)(q − 1)) for an integer d where 1 < d < (p − 1)(q − 1). The solution to 17d ≡ 1 (mod 33513480) is d = 21685193. 4. Publish the public encryption key (e, n). (17, 33525763) 5. Keep secure the private decryption key (d, n). (21685193, 33525763) Example 16.6 (Sending a Message). To send a message: 1. Look up the recipient’s public key (e, n). (17, 33525763) 2. Generate the integer message M so that 0 ≤ M < n. M = 12345 3. Compute the ciphertext C as follows: M e ≡ C (mod n) where 0 ≤ C < n M e =3592101522916075416804149916723226187790 444507512040527030181884765625 C = 30139267 4. Send C . Example 16.7 (Receiving a Message). To decrypt a message: 1. Use your private key key (d, n). (21685193, 33525763) 2. Compute the messagetext R from the ciphertext C as follows: C d ≡ R (mod n) where 0 ≤ R < n C d is too big to display. 3. R is the original message. R = 12345. Are we confident that the decoded message always matches the original message? 4 Math 135: Lecture 16: RSA Theorem 16.8 (RSA). If 1. p and q are distinct primes, 2. n = pq 3. e and d are positive integers such that ed ≡ (mod (p − 1)(q − 1)), 4. 0 ≤ M < n 5. M e ≡ C (mod n) 6. C d ≡ R (mod n) where 0 ≤ R < n then R = M . Structure Of The Proof The proof is done in four parts. 1. Write R as a function of M , specifically R ≡ M M k(p−1)(q−1) (mod n) 2. Show that R ≡ M (mod p). We will do this in two cases: (i) p ￿ M and (ii) p | M . 3. Show that R ≡ M (mod q ). 4. Use the Chinese Remainder Theorem to deduce that R = M . 1. Write R As A Function Of M First, we will show that Since there exists an integer k so that Now R ≡ Cd (mod n) ≡ (M e )d ≡ M ed (mod n) (mod n) ≡ M 1+k(p−1)(q−1) (mod n) ≡ M M k(p−1)(q−1) (mod n) 2. Show That R ≡ M (mod p). Case 1: p ￿ M . By Fermat’s Little Theorem, Hence M k(p−1)(q−1) ≡ (M p−1 )k(q−1) ≡ (1)k(q−1) ≡1 (mod p) (mod p) 5 (mod p) Math 135: Lecture 16: RSA Multiplying both sides by M gives But by the defintion of congruence. Therefore 2. Show That R ≡ M (mod p). Case 2: p | M . Now suppose that p | M . But then and so That is, But again, R ≡ M M k(p−1)(q−1) (mod n) so R ≡ M M k(p−1)(q−1) (mod p by the definition of congruence. Therefore R≡M (mod p). In Case 1 and Case 2, we have R ≡ M (mod p). 3. Show That R ≡ M (mod q ). This is similar to showing that R ≡ M (mod p). 4. Use The CRT To Deduce That R = M . So far we have generated two linear congruences that are satisfied simultaneously. R≡M (mod p) R≡M Since (mod q ) we can invoke the and con- clude that Since pq = n we have Now, R and M are both integers congruent to each other modulo n, and both lie between 0 and n − 1, so How Secure Is RSA? • The basic idea behind RSA is that • It is easy to generate n, which is part of the key. • It is difficult to factor a large n, say 200 digits, into p and q . • If n could be easily it would be easy to decrypt any message. 6 ...
View Full Document

This note was uploaded on 10/27/2011 for the course MATH 135 taught by Professor Andrewchilds during the Fall '08 term at Waterloo.

Ask a homework question - tutors are online