Scribd
Upload
8 views38 pages

Asymmetric Cryptography

This document discusses the RSA algorithm for asymmetric cryptography. It explains the prime factorization problem, RSA encryption and decryption process, and how to generate the public and private keys. It also covers some security aspects like brute force attacks, side channel attacks, and chosen ciphertext attacks.

Uploaded by

Rakib Pk
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
8 views38 pages

Asymmetric Cryptography

This document discusses the RSA algorithm for asymmetric cryptography. It explains the prime factorization problem, RSA encryption and decryption process, and how to generate the public and private keys. It also covers some security aspects like brute force attacks, side channel attacks, and chosen ciphertext attacks.

Uploaded by

Rakib Pk
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 38

Asymmetric Cryptography

and Key Management

RSA Algorithm

Sang-Yoon Chang, Ph.D.


Module: RSA Algorithm

Prime factorization problem

RSA encryption and decryption

RSA key setup

RSA security
Primer Factorization Problem

Integer factorization:
p·q ß n

p and q are prime numbers (a number


that is only divisible by one and itself)
Primer Factorization Assumption

n ß p·q is easy for large n


p·q ß n is difficult for large n
Primer Factorization Assumption

n ß p·q is easy for large n


p·q ß n is difficult for large n

In RSA, derive public key e and


private key d from p, q

Use e, d and n for encryption (m à c)


and decryption (c à m)
Primer Factorization Assumption

n ß p·q is easy for large n


p·q ß n is difficult for large n

In RSA, derive public key e and


private key d from p, q

Use e, d and n for encryption (m à c)


and decryption (c à m)
Primer Factorization Assumption

n ß p·q is easy for large n


p·q ß n is difficult for large n

(2) In RSA, derive public key e and


private key d from p, q

(1) Use e, d and n for encryption (m à c)


and decryption (c à m)
RSA Algorithm

By Rivest, Shamir, and Adleman in 1976

Keys are typically 1024-4096 bit long

Security is based on the difficulty of


finding p and q of a large n
RSA Encryption and Decryption

To encrypt a message m, the sender:


§ obtains the recipient’s public key {e,n}
§ computes c = me mod n, where 0≤m<n
RSA Encryption and Decryption

To encrypt a message m, the sender:


§ obtains the recipient’s public key {e,n}
§ computes c = me mod n, where 0≤m<n

To decrypt the c, the receiver


§ uses the recipient’s private key {d,n}
§ computes m = cd mod n
RSA Encryption and Decryption

To encrypt a message m, the sender:


§ obtains the recipient’s public key {e,n}
§ computes c = me mod n, where 0≤m<n

To decrypt the c, the receiver


§ uses the recipient’s private key {d,n}
§ computes m = cd mod n
RSA Decryption

The sender computes: c = me mod n


From c, the recipient computes:
m = cd mod n
= (me mod n)d mod n
RSA Decryption

The sender computes: c = me mod n


From c, the recipient computes:
m = cd mod n
= (me mod n)d mod n
= (me)d mod n
= med mod n
RSA Decryption

The sender computes: c = me mod n


From c, the recipient computes:
m = cd mod n
= (me mod n)d mod n
= (me)d mod n
= med mod n =m
RSA Decryption

The sender computes: c = me mod n


From c, the recipient computes:
m = cd mod n
= (me mod n)d mod n
= (me)d mod n
= med mod n =m
This holds for carefully chosen e and d!
RSA Public Key (e) and Private Key (d)

Each user selects two large primes (p, q)


Compute n = p·q è ø(n)=(p-1)(q-1)
// Euler Totient Function
RSA Public Key (e) and Private Key (d)

Each user selects two large primes (p, q)


Compute n = p·q è ø(n)=(p-1)(q-1)
// Euler Totient Function
Select random e where
1<e<ø(n), gcd(e·ø(n))=1
RSA Public Key (e) and Private Key (d)

Each user selects two large primes (p, q)


Compute n = p·q è ø(n)=(p-1)(q-1)
// Euler Totient Function
Select random e where
1<e<ø(n), gcd(e·ø(n))=1
Solve d where e·d ≡ 1 mod ø(n), 0≤d≤n
// Extended Euclidean algorithm
RSA Public Key (e) and Private Key (d)

Each user selects two large primes (p, q)


Compute n = p·q è ø(n)=(p-1)(q-1)
// Euler Totient Function
Select random e where
1<e<ø(n), gcd(e·ø(n))=1
Solve d where e·d ≡ 1 mod ø(n), 0≤d≤n
// Extended Euclidean algorithm
RSA Public Key (e) and Private Key (d)
Select p=11, q=13
Each user selects two large primes (p, q)
Compute n = p·q è ø(n)=(p-1)(q-1)
// Euler Totient Function
Select random e where
1<e<ø(n), gcd(e·ø(n))=1
Solve d where e·d ≡ 1 mod ø(n), 0≤d≤n
// Extended Euclidean algorithm
RSA Public Key (e) and Private Key (d)
Select p=11, q=13
Each user selects two large primes (p, q)
Compute n = p·q è ø(n)=(p-1)(q-1)
Compute n=143// Euler Totient Function
è ø(n)=10·12=120
Select random e where
1<e<ø(n), gcd(e·ø(n))=1
Solve d where e·d ≡ 1 mod ø(n), 0≤d≤n
// Extended Euclidean algorithm
RSA Public Key (e) and Private Key (d)
Select p=11, q=13
Each user selects two large primes (p, q)
Compute n = p·q è ø(n)=(p-1)(q-1)
Compute n=143// Euler Totient Function
è ø(n)=10·12=120
Select random e where
1<e<ø(n), gcd(e·ø(n))=1 Select e=11
Solve d where e·d ≡ 1 mod ø(n), 0≤d≤n
// Extended Euclidean algorithm
RSA Public Key (e) and Private Key (d)
Select p=11, q=13
Each user selects two large primes (p, q)
Compute n = p·q è ø(n)=(p-1)(q-1)
Compute n=143// Euler Totient Function
è ø(n)=10·12=120
Select random e where
1<e<ø(n), gcd(e·ø(n))=1 Select e=11
Solve d where e·d ≡ 1 mod ø(n), 0≤d≤n
Compute//d=11
Euclidean
è 11·11algorithm
≡ 1 mod 120
RSA Public Key (e) and Private Key (d)
Select p=11, q=13
Each user selects two large primes (p, q)
Compute n = p·q è ø(n)=(p-1)(q-1)
Compute n=143// Euler Totient Function
è ø(n)=10·12=120
Select random e where
1<e<ø(n), gcd(e·ø(n))=1 Select e=11
Solve d where e·d ≡ 1 mod ø(n), 0≤d≤n
Compute//d=11
Euclidean
è 11·11algorithm
≡ 1 mod 120
Encryption: c = me mod n
RSA Public Key (e) and Private Key (d)
Select p=11, q=13
Each user selects two large primes (p, q)
Compute n = p·q è ø(n)=(p-1)(q-1)
Compute n=143// Euler Totient Function
è ø(n)=10·12=120
Select random e where
1<e<ø(n), gcd(e·ø(n))=1 Select e=11
Solve d where e·d ≡ 1 mod ø(n), 0≤d≤n
Compute//d=11
Euclidean
è 11·11algorithm
≡ 1 mod 120
Encryption: c = 7e mod n = 106
RSA Public Key (e) and Private Key (d)
Select p=11, q=13
Each user selects two large primes (p, q)
Compute n = p·q è ø(n)=(p-1)(q-1)
Compute n=143// Euler Totient Function
è ø(n)=10·12=120
Select random e where
1<e<ø(n), gcd(e·ø(n))=1 Select e=11
Solve d where e·d ≡ 1 mod ø(n), 0≤d≤n
Compute//d=11
Euclidean
è 11·11algorithm
≡ 1 mod 120
Encryption: c = 7e mod n = 106
Decryption: m = cd mod n = 7
RSA Key Setup and Encryption

p, q are used for e, d generation


p, q must not be easily derived from n
Select either e or d and compute the
other (mod ø(n))
gcd(e, ø(n))=1 and e·d ≡ 1 mod ø(n)

The encryption/decryption computes


exponentiation over mod n
RSA Security

Brute force key search

Prime factorization assumption

Timing-based side channel attack

Chosen ciphertext attack


Prime Factorization Problem

“Factoring could turn out to be easy”


- Rivest

RSA factoring challenge, 1991-2007


Timing Side-Channel Attacks

Paul Kocher in mid 1990’s

Infer operand size based on operation


duration (higher exponent takes longer)

Countermeasures based on
obfuscating operation duration
Chosen Ciphertext Attacks

Attackers choose ciphertexts and get


the decrypted plaintext back

Vulnerability from being multiplicative:


Enc(m1)·Enc(m2) = Enc(m1·m2)

Attacker wants to know m from c


Chooses c’ = c·re (mod n) for some r
è m’ = m·r (mod n)
Chosen Ciphertext Attacks

Attackers choose ciphertexts and get


the decrypted plaintext back

Vulnerability from being multiplicative:


Enc(m1)·Enc(m2) = Enc(m1·m2)

Attacker wants to know m from c


Chooses c’ = c·re (mod n) for some r
è m’ = m·r (mod n)
Counter with random pad of plaintext, e.g., OAEP

You might also like