Professional Documents
Culture Documents
Theory
CS 202
Epp section 10.4
Aaron Bloomfield
1
About this lecture set
• I want to introduce RSA
– The most commonly used cryptographic algorithm
today
2
Private key cryptography
• The function and/or key to encrypt/decrypt is a
secret
– (Hopefully) only known to the sender and recipient
3
Public key cryptography
• Everybody has a key that encrypts and a
separate key that decrypts
– They are not interchangable!
4
Public key cryptography goals
• Key generation should be relatively easy
5
Is that number prime?
• Use the Fermat primality test
• Given:
– n: the number to test for primality
– k: the number of times to test (the certainty)
7
Is that number prime?
• The algorithm is:
repeat k times:
pick a randomly in the range [1, n−1]
if an−1 mod n ≠ 1 then return composite
return probably prime
• Let n = 101
– Iteration 1: a = 55: 55100 mod 101 = 1
– Iteration 2: a = 60: 60100 mod 101 = 1
– Iteration 3: a = 14: 14100 mod 101 = 1
– Iteration 4: a = 73: 73100 mod 101 = 1
– At this point, 101 has a (½)4 = 1/16 chance of still
being composite 8
More on the Fermat primality test
• Each iteration halves the probability that the number is a
composite
– Probability = (½)k
– If k = 100, probability it’s a composite is (½)100 = 1 in 1.2 1030
that the number is composite
• Greater chance of having a hardware error!
– Thus, k = 100 is a good value
• Source: http://en.wikipedia.org/wiki/Fermat_primality_test
9
Google’s recruitment campaign
10
RSA
• Stands for the inventors: Ron Rivest, Adi Shamir
and Len Adleman
• Three parts:
– Key generation
– Encrypting a message
– Decrypting a message
11
Key generation steps
1. Choose two random large prime numbers p ≠ q, and
n = p*q
14
Key generation, step 1
• Java code to find a big prime number:
import java.math.*;
import java.util.*;
class BigPrime {
16
Key generation, step 1
• Practical considerations
– p and q should not be too close together
– (p-1) and (q-1) should not have small prime factors
– Use a good random number generator
18
Key generation, step 2
• Choose an integer 1 < e < n which is relatively
prime to (p-1)(q-1)
19
Key generation, step 2
• Recall that p = 107 and q = 97
– (p-1)(q-1) = 106*96 = 10176 = 26*3*53
• We choose e = 85
– 85 = 5*17
– gcd (85, 10176) = 1
– Thus, 85 and 10176 are relatively prime
20
Key generation, step 3
• Compute d such that:
d * e ≡ 1 (mod (p-1)(q-1))
– Rephrased: d*e mod (p-1)(q-1) = 1
• We choose d = 4669
– 4669*85 mod 10176 = 1
import java.math.*;
class FindD {
public static void main (String args[]) {
System.out.println (e.modInverse(pq));
}
}
• Result: 4669
22
Key generation, step 4
• Destroy all records of p and q
d * e ≡ 1 (mod (p-1)(q-1))
23
The keys
• We have n = p*q = 10379, e = 85, and d = 4669
25
Encrypting messages example
1. Encode the message into a number
– String is “Go Cavaliers!!”
– Modified ASCII codes:
• 41 81 02 37 67 88 67 78 75 71 84 85 03 03
• Encrypted message:
– 4501 2867 4894 0361 3630 4496 6720 26
Encrypting RSA messages
Formula is c = me mod n
27
Decrypting messages
1. Use the formula m = cd mod n on each number
28
Decrypting messages example
• Encrypted message:
– 4501 2867 4894 0361 3630 4496 6720
29
modPow computation
1. How to compute c = me mod n or m = cd mod n?
– Example: 45014669 mod 10379 = 4181
• Other means:
– Java: use the BigInteger.modPow() method
– Perl: use the bmodpow function in the BigInt library
– Etc…
30
Why this works
• m = cd mod n
• c = me mod n
31
Cracking a message
• In order to decrypt a message, we must compute m = cd
mod n
– n is known (part of the public key)
– c is known (the ciphertext)
– e is known (the encryption key)
• Thus, we must compute d with no other information
– Recall: choose an integer 1 < e < n which is relatively prime to
(p-1)(q-1)
– Recall: Compute d such that: d*e mod (p-1)(q-1) = 1
• Thus, we must factor the composite n into it’s component
primes
– There is no efficient way to do this!
– We can, very easily, tell that n is composite, but we can’t tell
what its factors are
• Once n is factored into p and q, we compute d as above
– Then we can decrypt c to obtain m 32
Cracking a message example
• In order to decrypt a message, we must compute m = cd
mod n
– n = 10379
– c is the ciphertext being cracked
– e = 85
• In order to determine d, we need to factor n
– d*e mod (p-1)(q-1) = 1
– We factor n into p and q: 97 and 107
– This would not have been feasible with two large prime
factors!!!
– d * 85 (mod (96)(106)) = 1
• We then compute d as above, and crack the message
33
Signing a message
• Recall that we computed:
d*e mod (p-1)(q-1) = 1
34
Signing a message
• To “sign” a message:
1. Write a message, and determine the MD5 hash
2. Encrypt the hash with your private (encryption) key
3. Anybody can verify that you created the message
because ONLY the public (encryption) key can
decrypt the hash
4. The hash is then verified against the message
35
PGP and GnuPG
• Two applications which implement the RSA
algorithm
36
The US gov’t and war munitions
37
How to “crack” PGP
• Factoring n is not feasible
• Thus, “cracking” PGP is done by other means
– Intercepting the private key
• “Hacking” into the computer, stealing the computer, etc.
– Man-in-the-middle attack (next 2 slides)
– Etc.
38
Man-in-the-middle attack:
“Normal” RSA communication
• Modular logarithms
– Developed by the US government, therefore not
widely trusted
• Elliptic curves
41
Quantum computers
• A quantum computer could (in principle) factor n in
reasonable time
– This would make RSA obsolete!
– Shown (in principle) by Peter Shor in 1993
– You would need a new (quantum) encryption algorithm to encrypt
your messages
– Link at http://en.wikipedia.org/wiki/RSA
43