Transcript a,b

RSA
Preliminaries
Division Algorithm
Given integers a and b≠0, there exist unique
Integers q and r such that
a = bq +r where 0 ≤ r < |b|
a is the dividend, b is the divisor, and r is
the remainder.
b divides a or b is a factor of a if r=0.
Greatest Common Divisor
The greatest common divisor of two nonzero
integers a and b is defined to be the
largest positive integer that divides (i.e., is
a factor of) both a and b.
The greatest common divisor of a and b is
denoted by gcd(a,b).
We say that a and b are relatively prime if
gcd(a,b)=1.
The Euclidean Algorithm
EUCLID(a,b)
if b=0
then return a
else return EUCLID(b, a mod b)
A useful relation
Fact: If d = gcd(a,b), then there exist unique
integers x and y such that
d = ax + by
x and y can be found using the “extended
Euclidean algorithm”
Euler’s phi function
• For any positive integer n, φ(n) (Euler’s
phi function) is defined to be the number
of positive integers less than n that are
relatively prime to n.
• φ(n) = nπp|n(1-1/p), (where p runs through
all prime factors of n)
• Note that if p is prime, then φ(p) = p-1.
The Theorems of Euler and Fermat
• Euler’s Theorem
aφ(n) = 1 mod n for all a in Zn* , where Zn*
is the set of all a in Zn such that gcd(a,n)=1
• Fermat’s Theorem
If p is prime, then
ap = a mod p for all a in Zp and if gcd(a,p)=1,
ap-1 = 1 mod p for all a in Zp*
The Chinese Remainder Theorem
• Suppose n1, n2, …, nk are positive integers
which are pairwise relatively prime. Then,
for any given integers a1,a2, …, ak, there
exists an integer x solving the system of
simultaneous congruences
x = a1 mod n1
x = a2 mod n2
All solutions are
…
congruent modulo
x = ak mod nk
N=n1n2 … nk
Public-key Cryptosystems
• Each participant has a public key and a
secret key.
• Every public and secret key is a one-toone function from the set D to D, where D
is the set of permissible messages.
• Alice: PA, SA
Bob: PB,SB
Sending a Message
Bob uses Alice’s public key to send an
encrypted message M to Alice.
C = PA(M)
M -> PA
----------------------------->
SA -> M
communication channel
Alice uses her secret key to decrypt M
Public and Secret keys are
Matched Pairs
E.g.,
M=SA(PA(M)) = PA(SA(M))
Digital Signatures
Suppose Alice wished to send Bob a digitally
signed response M’
1. Alice computes her digital signature for
the message M’: σ = SA(M’)
2. Alice sends the pair (M’, σ) to Bob.
3. When Bob receives (M’, σ) , he can verify
that it originated from Alice by verifying
that M’ =PA (σ )
The RSA Cryptosystem
A participant creates his public and secret keys as follows:
1.
Select an random two large primes, p and q
2.
Compute n = pq.
3.
Compute e that is relatively prime to φ(n)=(p-1)(q-1)
4.
Compute the modulo φ(n) inverse d of e.
5.
Publish the pair P=(e,n) as RSA public key.
6.
Keep secret the pair S=(d,n) as RSA secret key.
The domain D of messages is Zn
The transformation of a message M associated with a public key P=(e,n) is
P(M)=Me and the transformation of a “ciphertext” C associated with a
secret key S=(d,n) is S(C)=Cd
The Correctness of RSA
• SA(PA(M)) = Med=Mde=PA(SA(M))
• We have ed = 1 mod (p-1)(q-1). This means that
when ed is divided by
(p-1)(q-1), the remainder is 1 and so by the
division algorithm, ed = k(p-1)(q-1)+1 for some
k.
• Thus, Med = M1+k(p-1)(q-1)=M M(p-1)k(q-1)
=M(1)k(q-1) mod p (by Fermat’s theorem)
=M mod p if gcd(M,p)=1.
The Correctness of RSA 2
• Also,
Med = M1+k(p-1)(q-1)=M M(q-1)k(p-1)
=M(1)k(p-1) mod q (by Fermat’s theorem)
=M mod q if gcd(M,q)=1
Thus,
Med =M mod p
Med =M mod q
These two congruences hold even when
either p or q is not relatively prime to M and so
Med =M mod n (by the Chinese Remainder
Theorem)
Example (for an extremely simple,
breakable code)
• Suppose that Alice chooses p=7, q=11
and e=13. Then PA = (13,77) and d=37
since 13*37=1 mod 60 and so her secret
key is SA = (37,n).
Suppose that Bob wants to send 52 to
Alice. What is the encrypted message?
Encrypted message
• Bob uses Alice’s public key to encrypt his
message:
• 5213 = 17 mod 77
Decrypted message
• Alice receives the encrypted message 17.
• Alice uses her secret key (37,77) to
decrypt Bob’s message
1737 = 52 mod 77
Verification
• Suppose that Alice wants to verify to Bob
that she received his message.
• She sends encodes the message she
received with her secret key and sends it
to Bob:
5237 = 24 mod 77
Bob uses Alices’s public key to obtain
2413 = 52 mod 77
Breaking the code
• Messages encrypted with RSA can be
decrypted by determining primes p and q
such that n=pq since in that case a d can
be determined such that de = 1 mod φ(n)
Asignment
• Write an openMP program such that given
an integer n, the program determines two
primes p and q such that n = pq, if such
primes exist.