This preview shows page 1. Sign up to view the full content.
Unformatted text preview: Math 135: Lecture 16: RSA Public Key Systems
• In a each pair of users must possess the same key. • In a keys are divided into two parts. • A public encryption key is shared in a repository.
• A private decryption key is held secretly by each participant.
• For user A to send a private message to user B , A would look up B ’s public key, encrypt
the message and send it to B . Since B is the only person who possesses the secret key
required for decryption, only B can read the message.
Key Distribution
• How do you manage keys among 200 embassies?
• In a private key system, users must exchange
• In a public key system, users must
• The key distribution problem is solved.
RSA
• The possibility of public key cryptography was ﬁrst published in 1976 in a paper by Diﬃe,
Hellman and Merkle.
• The RSA scheme, named after its discoverers Rivest, Shamir and Adleman is an example
of a commercially implemented public key scheme.
Messages Are Integers
• In RSA,
• How does one get an integer from plaintext?
• One possibility: Do what we did with a Vigen`re cipher, assign a number to each letter of
e
the alphabet and then concatenate the digits together.
Example 16.1. With A ↔ 00, B ↔ 01, . . . MATH ↔ 1 Square and Multiply Algorithm
1. To compute M e (mod n) for large e, write e in binary as e =
(rt...r2r1r0)2 where each ri = 0 OR 1.
t− 1 t 2. Compute M, M 2, M 4, M 8, ..., M 2 , M 2 ( mod n) by squaring
the previous term in the sequence.
3. Multiply the appropriate terms together, modulo n, to obtain
i
M e ≡ ΠM 2 ( mod n).
Eg R1 Use the square and multiply algorithm to compute 229 (mod 187).
1. 29 = 16 + 4 + 2 + 1 = (11101)2.
2. Compute 2, 22, 24, 28, 216 (mod 187).
22 ≡
≡ 4 (mod 187)
24 ≡ (22)2 ≡ 42≡
≡ 16 (mod 187)
28 ≡ (24)2 ≡ 162 ≡ 256 ≡ 69 (mod 187)
216 ≡ (28)2 ≡ 692 ≡ 4761 ≡ 86 (mod 187)
3. Compute 229 (mod 187).
229 ≡
216282421 (mod
≡ 86 · 69 · 16 · 2 (mod
≡
189888 (mod
≡
83 (mod 187)
187)
187)
187) Thus 229 (mod 187) = 83. 1 Eg R2. Calculate R = 83149 (mod 187)
using the Chinese Remainder Theorem.
Note that 187 = 11 × 17 and these are both primes.
We will compute the exponential modulo 11 and 17 and then combine these using the CRT.
Note that 83 ≡ 6 (mod 11). Since 11 is prime, and 11 83,
Fermat’s Little Theorem implies that 8310 ≡ 1 (mod 11).
We can write the exponent 149 = 10 × 14 + 9. Thus
R ≡ 83149 ≡ (8310)14839 (mod 11)
≡
(1)1469 (mod 11)
≡ 10077696 (mod 11)
≡
2 (mod 11) Similarly, note that 83 ≡ 15 ≡ −2 (mod 17). Since 17 is prime, and
17 83, Fermat’s Little Theorem implies that 8316 ≡ 1 (mod 17).
We can write the exponent 149 = 16 × 9 + 5. Thus
R ≡ 83149 ≡ (8316)9835 (mod 17)
≡ (1)9(−2)5 (mod 17)
≡
−32 (mod 17)
≡
2 (mod 17)
R ≡ 2 (mod 11)
Since
R ≡ 2 (mod 17)
and gcd(11, 17) = 1, then by the CRT we have R ≡ 2 (mod 187).
Thus R = 83149 (mod 187) = 2. 2 RSA Cryptography Scheme
Setup
Alice creates public and private keys.
General Description
E.g. (artiﬁcially small numbers)
Alice selects large distinct Alice selects p = 11 and q = 17,
prime numbers p and q , and and forms n = 187 and φ = 160.
forms n = pq and
φ = (p − 1)(q − 1).
Alice selects an integer e Alice selects an integer e = 29 such
such that gcd(e, φ)) = 1.
that gcd(29, 160) = 1.
By EEA, Alice computes an Alice computes d = 149 such that
integer d that solves
29 · 149 ≡ 1 (mod 160),
ed ≡ 1( mod φ),
with 1 < 149 < 160.
with 1 < d < φ.
Alice’s public encryption key Alice’s public encryption key is
is (e, n).
(e, n) = (29, 187).
Alice’s private decryption Alice’s private decryption key is
key is (d, n).
(d, n) = (149, 187). 3 Encryption
Bob encrypts a message for Alice.
General Description
Bob obtains Alice’s public
key (e, n).
Bob converts text into numbers and breaks into blocks of
the appropriate size, an integer M such that 0 ≤ M < n.
Bob computes
C ≡ M e( mod n)
where 0 ≤ C < n.
Bob sends C to Alice. E.g. (artiﬁcially small numbers)
Bob obtains Alice’s public key as
(e, n) = (29, 187).
Bob obtains a block with message
M = 2 such that 0 ≤ 2 < 187.
Bob computes
C ≡ 229( mod 187) where
0 ≤ 83 < 187. (from Eg R1)
Bob sends C = 83 to Alice. Decryption
Alice decrypts a message received.
General Description
E.g. (artiﬁcially small numbers)
Alice uses her private key Alice uses her private key
(d, n).
(d, n) = (149, 187).
Alice receives the integer C , Alice receives the integer C = 83,
where 0 ≤ C < n.
where 0 ≤ 83 < 187.
Alice computes
Alice computes
R ≡ C d (mod n)
R ≡ 83149 (mod 187)
where 0 ≤ R < n.
where 0 ≤ 2 < 187 (from Eg R2)
R is the original message.
R = 2 is the original message.
Square and Multiply Algorithm
4 Math 135: Lecture 16: RSA Example 16.5 (Setup).
1. Choose two large, distinct primes p and q and let n = pq .
p = 4093, q = 8191 and n = 33525763 and (p − 1)(q − 1) = 4092 × 8190 = 33513480
2. Select an integer e so that gcd(e, (p − 1)(q − 1)) = 1 and 1 < e < (p − 1)(q − 1).
e = 17.
3. Solve
ed ≡ 1 (mod (p − 1)(q − 1)) for an integer d where 1 < d < (p − 1)(q − 1).
The solution to 17d ≡ 1 (mod 33513480) is d = 21685193.
4. Publish the public encryption key (e, n).
(17, 33525763)
5. Keep secure the private decryption key (d, n).
(21685193, 33525763)
Example 16.6 (Sending a Message).
To send a message:
1. Look up the recipient’s public key (e, n).
(17, 33525763)
2. Generate the integer message M so that 0 ≤ M < n.
M = 12345
3. Compute the ciphertext C as follows:
M e ≡ C (mod n) where 0 ≤ C < n
M e =3592101522916075416804149916723226187790
444507512040527030181884765625
C = 30139267
4. Send C .
Example 16.7 (Receiving a Message).
To decrypt a message:
1. Use your private key key (d, n).
(21685193, 33525763)
2. Compute the messagetext R from the ciphertext C as follows:
C d ≡ R (mod n) where 0 ≤ R < n
C d is too big to display.
3. R is the original message.
R = 12345.
Are we conﬁdent that the decoded message always matches the original message?
4 Math 135: Lecture 16: RSA Theorem 16.8 (RSA). If
1. p and q are distinct primes,
2. n = pq
3. e and d are positive integers such that
ed ≡ (mod (p − 1)(q − 1)),
4. 0 ≤ M < n
5. M e ≡ C (mod n)
6. C d ≡ R (mod n) where 0 ≤ R < n
then R = M .
Structure Of The Proof
The proof is done in four parts.
1. Write R as a function of M , speciﬁcally
R ≡ M M k(p−1)(q−1) (mod n) 2. Show that R ≡ M (mod p). We will do this in two cases:
(i) p M and (ii) p  M .
3. Show that R ≡ M (mod q ).
4. Use the Chinese Remainder Theorem to deduce that R = M .
1. Write R As A Function Of M
First, we will show that Since there exists an integer k so that Now R ≡ Cd (mod n) ≡ (M e )d
≡ M ed (mod n)
(mod n) ≡ M 1+k(p−1)(q−1) (mod n) ≡ M M k(p−1)(q−1) (mod n) 2. Show That R ≡ M (mod p). Case 1: p M .
By Fermat’s Little Theorem, Hence M k(p−1)(q−1) ≡ (M p−1 )k(q−1)
≡ (1)k(q−1)
≡1 (mod p) (mod p) 5 (mod p) Math 135: Lecture 16: RSA Multiplying both sides by M gives
But
by the deﬁntion of congruence. Therefore
2. Show That R ≡ M (mod p). Case 2: p  M .
Now suppose that p  M . But then and so That is, But again,
R ≡ M M k(p−1)(q−1) (mod n) so R ≡ M M k(p−1)(q−1) (mod p by the deﬁnition of congruence. Therefore
R≡M (mod p). In Case 1 and Case 2, we have R ≡ M (mod p).
3. Show That R ≡ M (mod q ).
This is similar to showing that R ≡ M (mod p).
4. Use The CRT To Deduce That R = M .
So far we have generated two linear congruences that are satisﬁed simultaneously.
R≡M (mod p) R≡M Since (mod q ) we can invoke the and con clude that
Since pq = n we have
Now, R
and M are both integers congruent to each other modulo n, and both lie between 0 and n − 1,
so
How Secure Is RSA?
• The basic idea behind RSA is that
• It is easy to generate n, which is part of the key.
• It is diﬃcult to factor a large n, say 200 digits, into p and q .
• If n could be easily it would be easy to decrypt any message. 6 ...
View
Full
Document
This note was uploaded on 10/27/2011 for the course MATH 135 taught by Professor Andrewchilds during the Fall '08 term at Waterloo.
 Fall '08
 ANDREWCHILDS
 Math

Click to edit the document details