COMP424
Computer Security
Prof. Wiegley
jeffw@csun.edu
Rivest, Shamir & Adelman (RSA)
Implementation
1
“Relatively prime”_______________________________________
2
“Modulo”_______________________________________________
Notation is slightly different:
3
“Modulo algebra (multiplication)”_______________________
The value of ab mod n can be calculated by first calculating a mod n and then b mod n, multiplying the results and taking the modulo of the result.
4
“Modulo algebra (addition)”_____________________________
5
“Modulo algebra (inverse)”______________________________
6
“RSA”__________________________________________________
In order to encrypt and decrypt a message, RSA relies on three values:
The remaining slides present how n,e and d are computed.
7
Step 1: obtaining n______________________________________
Any prime numbers will work though in practice, to be secure, p and q should not be twin primes or small.
n is simply the product of the two primes p and q.
8
Step 2: obtaining e______________________________________
But there is a method for quickly testing if a chosen value is relatively prime to (p - 1)(q - 1).
9
Euclidean Algorithm (used to sift possible values of e).___
Start by setting up a series of equation of the form:
where βi = ⌊⌋. For each equation αi = δi-1 and δi = γi-1.
This is esentially subtracting the largest possible multiple of δ from α. δ and the remainder, γ, must share a common factor in order for α and δ to share a common factor. Continue the equations until γi = 0.
10
Euclidean Algorithm example____________________________
Begin with α0 = (p - 1)(q - 1) and δ0 = e.
Since the second last result is 5 then e and (p- 1)(q - 1) share the factor 5. So e is not relatively prime to (p - 1)(q - 1).
11
Increment e by 2 and repeat test.________________________
12
Since the second last result is 1 then the smallest common factor of e and (p - 1)(q - 1) is 1 and therefore e is relatively prime to (p - 1)(q - 1).
13
Step 3: Calculating d____________________________________
14
Negative d?_____________________________________________
15
Final results_____________________________________________
16
Encryption______________________________________________
So now we have a public key of {e,n} and a private key of {d,n} we can decrypt a message P by:
Similarly an encrypted message, C, can be decrypted to yield the original message, P, by:
This works because if P = Cd and C = Pe then
17
ModPow________________________________________________
But Pe is going to be rediculously large. So large that modern calculators cannot carry out this computation.1
A method is needed to constrain the calculation to small numbers and we will use modulo arithmetic to provide this ability.
First, start with P1 mod n. We can see from the axioms that
In general:
So let’s work with powers of 2 to aid the calculation of Pe.
18
Powers of 2______________________________________________
Let’s take an example using the key computed earlier:
First, notice that
We could have broken it down in many ways but powers of two will decrease our work the most.
So first calculate all the values of 101 raised to a power of 2.
19
Calculating exponents of powers of 2_____________________
The first power of 2 is easy:
20
The computation________________________________________
Remembering that n = 391, we have:
Now, these values can be used to quickly compute 101y where y ≤ 127.
21
The computation________________________________________
So life is a bit simpler but we still have a long string of factors that could produce a number larger than our calculator/computer can deal with.
To reduce the number of factors we can make use
22
Combining factors_______________________________________
This will enable us to combine factors two (or more) at a time.
23
Combining factors_______________________________________
So
The cipher text message, after encryption, is therefore 186.
The proof that decryption yields the original message is left as an exercise for the reader.
24
Proving the correctness of RSA__________________________
Lagrange’s theorem states:
Where φ(n) = the number of integers less than n that are relatively prime to n.
For RSA, let n = pq. (you can guess where RSA started their thinking now.)
Then, how many relatively prime integers are there in φ(pq)?
25
Combining factors_______________________________________
Take pq, We know that p and q are prime so we can determine φ(pq)
So,
Therefore,
26
RSA proof______________________________________________
27
Conclusion______________________________________________
By using Lagrange’s theorem we have proven that
28