CRYPTOGRAPHY

Public Key
Cryptography & RSA
Public Key Cryptography

• Public Key Cryptography

• The RSA Algorithm
 Public Key Cryptography
• Asymmetric or public key encryption is a form of a cryptosystem in
which encryption and decryption are performed using the different
keys-one a public key and one a private key
– It is computationally infeasible to determine the decryption key
given only knowledge of the cryptographic algorithm and the
encryption key
• The public key is available to everyone at the sending end
• The secret key is known only to the recipient of the message
• The public and the private key are related in such a way that only the
public key can be used to encrypt (decrypt) a message and only the
corresponding private key can be used to decrypt (encrypt) the
message
• The most widely used algorithm is RSA
• Public Key cryptography offer secrecy or authentication or both.
Public Key Cryptography
 Public Key Cryptography
1. Diffie and Hellman first publicly introduced the concepts
of public-key cryptography in 1976
2. Public-key cryptography evolved from an attempt to
attack two of the most difficult problems associated with
the symmetric encryption
• Key distribution
• Digital signatures
3. Based on mathematical functions rather than on
substitution and permutation
4. Radical departure from conventional cryptography
 Public Key Cryptography

• Misconceptions concerning public-key cryptography

– Public-key cryptography is more secure than
symmetric cryptography
– Public-key cryptography is general-purpose technique
that has made symmetric cryptography obsolete
– Key distribution is trivial when using public-key
cryptography, compared with the rather cumbersome
handshaking involved with KDCs for symmetric
cryptography
 Conventional and Public-Key
Encryption
Conventional (Symmetric)
Needed to work:
• Same algorithm, Same key for
encryption and decryption
• Parties share the algorithm and the key
Needed for Security:
• Key must be kept secret
• It must be impossible at least
impractical to decipher a message if no
other information is available
• Plaintext/ciphertext pairs must
• Knowledge of the algorithm plus
samples of cipher-text must be
insufficient to determine the key
Public-Key (Asymmetric)
Needed to work:
• Same algorithm but different keys used for
encryption and decryption
• Parties share algorithm but each has one
key from a matched pair
Needed for Security:
• One key must be kept secret
• It must be impossible at least impractical
to decipher a message if no other
information is available
• Knowledge of the algorithm plus one of the
keys plus samples of cipher text must be
insufficient to determine the key
 PKC: Authentication

Y = EPRb(X)
No protection of confidentiality
X = DPUb(Y)
 PKC: Secrecy

Y = EPUb(X)
X = DPRb(Y)
PUb: B’s public key
PRb: B’s private key
PKC: Secrecy and Authentication

Z = EPUb[EPRa(X)]
X = DPUa[DPRb(Z)]
 Requirements for PKC
By Diffie and Hellman, in 1976

1. Key pair generation is computationally easy

2. Encryption is computationally easy
3. Decryption is computationally easy
4. Computationally infeasible for an adversary to
determine private key given public key
5. Computationally infeasible for an adversary to recover
plaintext given public key and ciphertext
Can be added:
6. Encryption and decryption functions can be applied in
either order
– M = DPUb[EPRb(M)] = DPRb[EPUb(M)]
 The RSA Algorithm
“It is not what it is, but what it seems to be”
W. Shakespeare
• The RSA algorithm was invented by Rivest, Shamir and
Adleman in 1977.

1. Let p and q be two distinct large random primes. The

modulus n is the product of these two primes, n=pq
Euler’s totient function of n is given by
 (n)=(p-1)(q-1)
Now, let us select a number 1<e< (n) such that
gcd(e, (n))=1
and compute d with
d=e-1(mod (n))
using the extended Euclid's algorithm. Under this scheme,
e is the public exponent and d is the private exponent.
Usually, one selects a small public exponent (e.g.,
e=216+1).
• The modulus n and the public exponent e are published.
The value of d and the prime numbers p and q are kept
secret.
RSA Algorithm
 The RSA Algorithm
• The correctness of the RSA algorithm follows from Euler's
theorem, which in turn is an extension of Fermat's little
theorem, Euler’s Theorem: Let n and a be positive, relatively prime integers.
Then
a  n   1mod n

• Proof: Since we have ed=1mod (n), we can write ed=1+K (n), for some
integer K . Hence,
d
C  M   mod n  M ed mod n  M 1 Knmod n 
e d

M  M  n   mod n   M 1mod n 
k

provided that gcd(M,n)=1.

 RSA Example
1. Select two primes, p = 17 and q = 11
2. Calculate n = pq = 17  11 = 187
3. Calculate (n) = (p-1)(q-1) = 16  10 = 160
4. Select e s.t. e is relatively prime to (n) and less than (n); in
this case, e = 7
5. Determine d s.t. de  1 mod 160 and d < 160. The correct value
is d = 23 (7  23 = 161 = 160 + 1)
6. PU = {7, 187}, PR = {23, 187}
 RSA Factoring Challenge
• Latest result is RSA 200 (663 bits)
– Reported May 2005
• Factored with Lattice Sieve
• 55 years on a single 2.2GHz Opteron CPU
– Matrix step : 3 months on a cluster of 80 2.2GHz
Opterons
– Sieving began in late 2003 and matrix step was
completed in May 2005
 RSA Algorithm

RSA Factoring Challenge

Numbers are designated “RSA-XXXX”, where XXXX is the
number’s length in bits

Challenge Number Prize ($US) Status

RSA-576 (174 Digits) $10,000 Factored (Dec 2003)
RSA-640 (193 Digits) $20,000 Factored (Nov 2005)
RSA-704 (212 Digits) $30,000 Not Factored
RSA-768 (232 Digits) $50,000 Not Factored
RSA-896 (270 Digits) $75,000 Not Factored
RSA-1024 (309 Digits) $100,000 Not Factored
RSA-1536 (463 Digits) $150,000 Not Factored
RSA-2048 (617 Digits) $200,000 Not Factored

RSA-704
Decimal Digits: 212

74 03756 34795 61712 82804 67960 97429 57314 25931 88889

23128 90849 36232 63897 27650 34028 26627 68919 96419 62511
78439 95894 33050 21275 85370 11896 80982 86733 17327 31089
30900 55250 51168 77063 29907 23963 80786 71008 60969 62537
93465 05637 96359