Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Lecture 26-27
06-04-2016
1 Introduction
Cryptography is an encryption that the code of outsiders of system would
not understand, but the desired receiver is able to decrypt an encrypted
message. Public key cryptography was introduced by Di_e and Hellman,
They introduced the idea which is trap-door one-way function. This oneway function is a function whose inverse is infeasible to calculate but it exist,
therefore by making the public key encryption process without compromising
the privacy. Before the introduction of public key cryptography if people
want to send message, they will have to meet _rst and agree on keys and
methods for encoding and decoding messages. IT is an in_nite loop between
encryption and key distribution that can not be solved easily. Indeed, the
Germans would have won the war if solution to key distribution exist. There
had been that they had to print their everyday connection (wiring settings)
of the Enigma and distribute them to all the Nazi leaders. One of the major
books was intercepted by the English o_cer, and this led to a crucial defeat
for the Germans who have paralyzed their submarine eet. key distribution
problem remained a problem until the 20th century to Whit_eld Di_e and
Martin Hellman had introduced PKC(Public key Cryptography). They had
discovered a encryption type which made revolution, encryption
incorporated
an asymmetric key. In an asymmetric key encryption, there are two separate
keys public keys (pk) and private key (sk). The private key (sk) is the
decryption key and the public key (pk) is the encryption key. If A wants
to send a message to B, it must encrypt a message M using B's public key
(pk). Only B can decrypt the message M because it's private decryption
key (sk), A encrypts the message using the public key (pk), but it can not
decrypt the encryption technique is a one-way function unique, which is
irreversible. Di_e and Hellman and Merkle partners could not _nd such a
cipher (a one-way function). This discovery was made by another
researchers:
1
Rivest, Shamir and Adleman. Rivest is a computer scientist with an ability
to implement new ideas in places. He also followed the latest mathematical
and scienti_c articles, so he always had these new ideas for the one-way
function. Shamir also a computer engineer. It Rivest who generated ideas
for the one-way function. Adleman is a mathematician. whose work was to
identify defects in the ideas of Rivest and Shamir, and assured that they
were
not going in wrong direction. Rivest and Shamir spent a year coming up with
ideas, and Adleman spent a year proving wrong them. In April 1977 Rivest,
Shamir and Adleman found RSA algorithm. The RSA algorithm is used
for public key encryption and digital signatures. It is the most widely used
public key encryption algorithm. It was showed that basic technique was
discovered in 1973 by Cli_ord Cocks of CESG (part of the British GCHQ)
but it was a secret until 1997. The basic security of the RSA algorithm is that
it is mathematically impossible to account su_ciently large prime integers.
The RSA algorithm is supposed to be secure if its keys have a length of at
least 1024 bits.
Figure 1: Rivest,Shamir and Adleman
2
4
Figure 4: Authentication
If X wants to send authentication and con_dential message to Y then X
encrypts message using X's private key and obtain C and after this encryption again X encrypt C with Y's public key and obtain C0 . Here, C provides
authentication and C0 provides con_dentiality. Decryption could be done
_rst by Y's private key and later with X's public key.
In given _gure 5 Party A wants to send M to Party B with provided
authenticity and con_dentiality then A will convert M into C likewise :
C = E ( PUB , E(PRA , M ) )
And B will decrypt message M likewise :
M = D ( PUA , D (PRB , C ) )
To achieve con_dentiality and authenticity both at a same time leaves
us in trouble, we have to process our message 4 times in encryption and
decryption. Message is encrypted and decrypted twice. So, time taken would
be more and computation complexity is also more.
5
Figure 5: Authentication and Con_dentiality
4 Digital Signature
It is used to verify that message came from sender or attacker. This is
achieved with the use of private key encryption at the time of decryption
receiver can verify using sender's public key that message was sent by
sender
or attacker. So, forgery of signature is impossible.
Suppose user X wanted to send a digitally signed message, M, to user Y :
_ X apply the decryption process to M and get ciphertext C.
_ X apply the encryption process of user Y to C and get result message
S.
_ Ciphertext S is sent to Y.
_ After receiving message user Y applies decryption process to S and get
ciphertext message C.
_ Y applies user X's encryption process to message C and get message
M.
Y cannot alter the message or use the signature with any other message.
To do so would require user B to know how to decrypt a message using X's
decryption process.
6
5 RSA Cryptosystem
Plaintext is encrypted in blocks, block size is dependent upon number n.
Block size <= log2n. In general block size k bits: 2k < n < 2k+1. There are
main 3 steps of RSA cryptosystem : Key Generation, Encryption Function,
Decryption Function.
which is easy.
Suppose gcd(m,n) = 1,
de = 1mod(_(n)), We can write de = 1 +k_(n) for some k,
Cd = (Me)d
= M1+k_(n)
8
= M . (M_(n))k
= M . 1k
= M (mod n)
So, one can recover the message.
6 Example
Generate two primes p and q.
p = 257 and q = 337
Now, n is product of this 2 number,
n = p _ q.
So, n = 257 _ 337, n = 86609.
_(n) will be calculated as,
_(n) = (p 1) _ (q 1) = 256 _ 337 = 86016.
Now, Choose e exponent,
e=17,
17 is relatively prime to 86016 because they share no factors. We know
this because 17 itself is a prime number, so its only factors are 1 and 17.
9113 is not divisible by 17, so the numbers are relatively prime.
Our next step is to calculate d, which is the inverse of e and modulo n,
9
de = 1mod(_(n)) ,
17_d = 1 mod 866016.
Using the Extended Euclidean Algorithm, we can calculate one possible
value for d is 65777.
We can verify by computing C_d mod_(n) which is equals 1.
C_d mod_(n) = 17 _ 65777 mod 86016 = 1118209 mod 86016 = 1.
d is private key and is used to decrypt message. Now that we have both
a public key and a private key, we can encrypt and decrypt message.
Public key = (17 , 86609)
Private key = (65777 , 86609)
7 Attacks on RSA
How secure RSA is? Is it possible to break RSA cryptosystem? Certainly
nothing can withstand with time. We cannot say any cryptosystem is perfectly secure , one can decrypt message using brute force attack in timely
manner. But, _nding a probabilistic approach is much di_cult which solve
a problem in given time. Despite years of attempts, no one has been known
to crack either algorithm. Such a resistance to attack makes RSA secure in
practice. To show RSA is secure we analyze how attacker will obtain key
from public parameters and ciphertext. The RSA algorithm has proven to
be e_ective, if it is implemented correctly.
Two approaches :
_ Suppose (n, e) is an RSA public key and n has m digits. Let d be the
decryption exponent. If we have at least the last m /4 digits of d, we
can e_ciently _nd d in time that is linear in e log e.
_ Suppose (n, e) is an RSA public key and n has m digits. Let d be the
decryption exponent. If we have at least the last m /4 digits of d, we
can e_ciently _nd d in time that is linear in e log e.
then calculation
of d is easy (i.e. in polynomial given time).
11
7.1.1 Coppersmiths Theorem
Let N be an integer and f 2 Z[x] be a monic polynomial of degree d. Set x=
4
N
1
for some 2> 0. Then, given (N, f) an attacker can e_ciently _nd all
integers jx0j < X satisfying f(x0) = 0 mod N. The running time is dominated
by the time it takes to run the LLL algorithm on a lattice of dimension O(w)
with w = min( 1
2; log2 N). The theorem provides an algorithm for e_ciently
_nding all roots of f modulo N that are less than X = N
d2
. The algorithm's
running time decreases as X gets smaller. The strength of this theorem is its
ability to _nd small roots of polynomials modulo a composite N.
7.1.2 Hastads broadcast attack
Suppose B wishes to send an encrypted message M to a number of parties
P1, P2,......Pk. Each party has its own RSA key (Ni; ei). We assume M is
less than all the Ni's.To send M, B encrypts it using each of the public keys
and sends out of the ith ciphertext to pi. An attacker Eve can eavesdrop on
the connection out of B's sight and collect the k transmitted ciphetexts. He
shows linear padding to M prior to encryption is insecure. He proved one
can easily solve system of univariate equation if provided many equation.
d
function.
Figure 6: OAEP Working
13
Figure 7: OAEP Working
In given diagram,
_ n is the number of bits in RSA mod.
_ k0 and k1 are random integers which are speci_ed.
_ m is the plaintext, an (nk0k1) is a bit string
_ G and H are some cryptographic hash functions used.
_ is an XOR operation.
8 Conclusion
RSA is strong algorithm that has withstood a partial test of time. RSA is
implementing a public key cryptosystem that allows secure communications
over channel and the digital signatures, and its security depends on the dif_culty of factoring large numbers. The authors asked anyone to try to break
their code, whether by factoring techniques or any other technique, and no
one this date seem to have succeeded. This has RSA Certi_ed e_ect and
will continue to ensure its security as long as it withstands the test of time
against such break-ins.
At the time, the RSA encryption function seemed to be the only known
candidate for the one-way permutation, but now other formula certainly exist. Size of n should increase over time as more e_cient factoring algorithms
are taken and as computers get faster. In 1978, the RSA authors suggested
long values 200 numbers for n. As 2008, the largest the number taken into
account by a general purpose factoring algorithm was [200 numbers (663 bit)]
long.Now, the RSA keys are typically between 1024 and 2048 bits, which
predicted that may be breakable in the near future. Experts don't see the
4096-bit keys to be broken soon. Nowadays, n is more than 300 bits, may
be taken into account on a PC in a few hours, so the keys are typically 4-7
16
times longer today.
RSA is much slower than some symmetric cryptosystems. RSA is in fact
often used securely transmit the keys to a less secure algorithm but it is
faster.
Several problems exist in RSA could a_ect the safety of RSA, such as timing
attacks and problems with key distribution. These issues have solutions; the
only drawback is that any device using RSA should have a lot more hardware
and software to address certain types of eavesdropping. If a solution of the
prime numbers would be found which is too easy to _nd, and RSA would
surely fall apart. No doubt much more sophisticated algorithms then RSA
will continue to be developed because of mathematicians who discover more
things in the _elds of number theory and cryptanalysis.
References
[1] W. Trappe and L. C. Washington. Introduction to Cryptography with