RSA

Download Report

Transcript RSA 

The RSA Algorithm
Content
• Review of Encryption
• RSA
• An RSA example
3
Review of Encryption
RSA
• By Rivest, Shamir & Adleman of MIT in 1977
• Best known & widely used public-key scheme
• Uses large integers (eg. 1024 bits)
• Security due to cost of factoring large numbers
Features:
• It is the easiest to understand as well as the most
popular to implement
• RSA obtains its security from the difficulty of
factoring large numbers.
RSA Key Generation
M
PU. Key
PR. Key
{e,N}
{d,N}
C=Me mod N,
where 0≤M<N
Policy :
C
M=Cd mod N
M
Factoring a number is relatively hard
compared to multiplying the factors together to generate the
number
RSA Works with
• Euler’s Totient Function
• Greatest Common Divisor
• Euclid’s Algorithm
• Extended Euclid’s Algorithm
• Fermat’s Little Theorem
RSA Key Setup
• Generate a public/private key pair:
1. Generate two large distinct primes p and q
2. Compute n = pq and φ(n) = (p − 1)(q − 1)
3. Select an e(randomly),1 <e< φ, relatively prime to φ.
large
primes
φ(n)
Unique factorization
Euler’s totient function : ϕ(n) is the number of positive integers less
than n which are relatively prime to n.
• ϕ(n) is the number of a ∈ {1, 2, . . . , n − 1} with gcd(a, n) = 1.
►ϕ(1) = 1.
►If p is a prime number, then ϕ(p) = p − 1.
relatively prime to φ
► a, b ∈ N are relatively prime if gcd(a, b) = 1.
► Fermat Test
RSA Key Setup (continue)
•
An RSA example
•
An RSA example (continue)
•
RSA Use
• To encrypt a message M the sender:
▫ obtains public key of recipient PU={e,N}
▫ computes: C=Me mod N, where 0≤M<N
• To decrypt the ciphertext C the owner:
▫ uses their private key PR={d,p,q}
▫ computes: M=Cd mod N
14
How Fast is RSA?
• By comparison, DES and other block ciphers are
much faster than RSA.
• In software, DES is generally at least 100 times as
fast as RSA.
• In hardware, DES is between 1,000 and 10,000
times as fast, depending on the implementation.
Mathematical Theorems
Greatest Common Divisor
•
Euclid’s Algorithm
• Euclid’s algorithm is based on the theorem
gcd(a, b) = gcd(b, a mod b) for any nonnegative integer a and
any positive integer b.
• For example, gcd(55, 22) = gcd(22, 55 mod 22) = gcd(22, 11) = 11.
• The algorithm is
Euclid(a, b)
1 if b = 0
2 then return a
3 else return Euclid(b, a mod b)
• Euclid(30, 21) = Euclid(21, 9) = Euclid(9, 3) = Euclid(3, 0) = 3.
Extended Euclid’s Algorithm
•
Extended Euclid’s Algorithm
1= -5a+9b
9b-1=5a
(9b-1) is a multiple of (a)
d=9
RSA Security
• three approaches to attacking RSA:
▫ brute force key search (infeasible given size of
numbers)
▫ mathematical attacks (based on difficulty of
computing ø(N), by factoring modulus N)
▫ timing attacks (on running of decryption)