0
A Method for Obtaining
Digital Signatures
and Public Key Cryptosystems
Rivest, Shamir, Adleman

Srilal Buddika
Ronald L. Rivest, Adi Shamir, and Leonard Adleman

Inventers of RSA (1978)
2
Concept Invented By Diffie and Hellman

Diffie-Hellman algorithm (1976)

 Whitfield Diffie and Martin Hellman
3
Outline
Information Security
Public Key Cryptosystems
Basic Concept of RSA
Digital Signatures
Encryption Flow
RSA Algorith...
Information Security
We need information to share/express our ideas
Some Information are valuable. Hence we need Protectio...
Information Security Contd.
Encryption
Key

Algorithm

Decryption
Cipher Text
Plain Text

6
Public Key Cryptoystems
Encryption procedure - E
Decryption procedure - D
Message - M
Cipher text - C
Parameters of E kept...
Public Key Cryptosystems Contd.
Deciphering the enciphered form of a message M yields M.
D(E(M)) = M
Both E and D are easy...
Basic Concepts of RSA
RSA do – Encryption/Decryption/Key Generation
Two types of Keys
Private key (to be kept confidential...
Typical Encryption Scenario

10
Digital Signatures
Proof for verifying the sender (Authentication)
Proof that message is not modified by someone
other tha...
Digital Signatures Contd.
• How to do it in RSA
– Alice sends a signed message to Bob

• Why we need to HASH the message ?...
Digital Signatures Contd.
Sometimes you don't particularly mind letting the whole world read a
message (or would rather th...
Encryption Flow

14
RSA Algorithm
Notations
– n is known as the modulus
– p & q two large random primes
– e is known as the public exponent or...
RSA Algorithm Contd.
1. Choose two random large prime numbers, p and q
2. Compute the product n = p x q
3. Randomly choose...
RSA Algorithm Contd.
Keys
– e and n are the public key

– d is the private key
Important :
The two primes, p and q, are no...
RSA Algorithm Contd.
Encryption
1. Divide message into numerical blocks smaller than
n (with binary data, choose the large...
RSA Algorithm Contd.
RSA Example
1.
2.
3.
4.
5.

Select primes: p=17 & q=11
Compute n = pq =17×11=187 ; n=187
Compute ø(n)...
RSA Algorithm Contd.
message „M‟= 88 (88<187)
Encryption: [c = me mod n]
• C = 887 mod 187 = 11
C = 11
Decryption: [m = cd...
Security Analysis
In addition to encrypting messages (which ensures
privacy), you can authenticate yourself to me (so I kn...
Current RSA Stats
Known Attacks
d<N5 Lattice Attack
Low public exponent (Coppersmith)
Broadcast Attack (Hastad)
Related me...
Conclusion
In this Paper,
Authors have Invented a new PKCS
It‟s a New Methodology of Data Encryption
Mechanism (Still vali...
Thank You !

24
Appendix - I

25
D-H Concept
Yellow paint is
already agreed by
Alice and Bob

26
Trapdoor Functions
Easy to compute in one direction
Difficult to compute in the opposite direction‟
RSA Example
Difficulty...
Other Public Key Cryptosystems

28
Mathematics

29
Mathematics Contd.

30
Mathematics Contd.

31
Digital Signature on RSA

32
Hash Functions
Ex: SHA-1/2 , MD5 …
Output code called “Digest”
If message is small Padding is used
Has Avalanche Effect

3...
Hash Functions Contd.

34
Avoiding Reblocking (Signed Msgs)
Happens when ,
Signature “n” > Encryption “n”
Remedy-1
•
•
•
•

Maintain two public key ...
Appendix - II

36
Generating Large Primes
How to find a really big prime
Randomly generate a large odd number b of
the size you want
Use Sol...
Mathematics Stuffs for RSA
Eulers totient function Ф
– Ф(n) : gives the number of positive integers
less then n which are ...
Mathematics Stuffs for RSA Contd.
Multiplicative Inverse Example
– Two relatively prime numbers 5 and 7

1
2
3
4
5
6
7

* ...
Attacks on RSA
Lattice Based Attacks on RSA
Hastad’s Attack
Franklin-Reiter Attack
Extension to Wiener’s Attack
Hastad’s A...
Attacks on RSA Contd.
Hastad‟s Attack
Receiver 1
c1=me mod N1

User

c2=me mod N2

Message: m

(N1,e)

Receiver 1
(N2,e)

...
Attacks on RSA Contd.
Franklin-Reiter Attack
c1=m1e mod N

Bob
Message: m1,m2

Alice

m2=f(m1) mod N

(N,e)

c2=m2e mod N
...
Attacks on RSA Contd.
This attack was originally developed by Franklin and Reiter, for the

situation when e = 3, with k =...
Upcoming SlideShare
Loading in...5
×

Presentation about RSA

580

Published on

This presentation is based on the paper :

"A Method for Obtaining Digital Signatures and Public-Key Cryptosystems" by R.L. Rivest, A. Shamir, and L. Adleman

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
580
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
56
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Presentation about RSA"

  1. 1. A Method for Obtaining Digital Signatures and Public Key Cryptosystems Rivest, Shamir, Adleman Srilal Buddika
  2. 2. Ronald L. Rivest, Adi Shamir, and Leonard Adleman Inventers of RSA (1978) 2
  3. 3. Concept Invented By Diffie and Hellman Diffie-Hellman algorithm (1976)  Whitfield Diffie and Martin Hellman 3
  4. 4. Outline Information Security Public Key Cryptosystems Basic Concept of RSA Digital Signatures Encryption Flow RSA Algorithm Security Analysis Current RSA Stats Conclusion Q&A 4
  5. 5. Information Security We need information to share/express our ideas Some Information are valuable. Hence we need Protection One of Protection method is “Data Encryption“ Encryption : Transform usable information into a form that renders it unusable by anyone other than an authorized user Decryption : Information that has been encrypted (rendered unusable) can be transformed back into its original usable form by an authorized user, who possesses the cryptographic key Cryptographic key : Specifies the particular transformation of plaintext into ciphertext, or vice versa 5
  6. 6. Information Security Contd. Encryption Key Algorithm Decryption Cipher Text Plain Text 6
  7. 7. Public Key Cryptoystems Encryption procedure - E Decryption procedure - D Message - M Cipher text - C Parameters of E kept public Parameters of D kept private Examples 7
  8. 8. Public Key Cryptosystems Contd. Deciphering the enciphered form of a message M yields M. D(E(M)) = M Both E and D are easy to compute By publicly revealing E, the user does not reveal an easy way to compute D (One-Way Functions) If a message M is first deciphered and then enciphered, M is the result E(D(M)) = M RSA is an algorithm for public-key cryptography 8
  9. 9. Basic Concepts of RSA RSA do – Encryption/Decryption/Key Generation Two types of Keys Private key (to be kept confidential) Public key (known to everyone) Has the property of D(E(M)) = M The Inverse is also TRUE (digital signatures) E(D(M)) = M 9
  10. 10. Typical Encryption Scenario 10
  11. 11. Digital Signatures Proof for verifying the sender (Authentication) Proof that message is not modified by someone other than the sender (Integrity) Preserve non-repudiation (Sender cannot deny sending it) Signature needs to be, – Message-dependant – Signer-dependant 11
  12. 12. Digital Signatures Contd. • How to do it in RSA – Alice sends a signed message to Bob • Why we need to HASH the message ? – Example : • I have uploaded the “presentation-slides.pdf” on Moodle • Verify your SHA512sum Digest Code with Original value posted at MyLinkedInProfile/Projects 12
  13. 13. Digital Signatures Contd. Sometimes you don't particularly mind letting the whole world read a message (or would rather they did) yet want to provide a mechanism to prove that you wrote the message. Signing does just this. RSA is slow, but most encryption software using RSA actually encrypts documents with a symmetric cipher like TDEA or AES, and encrypts the key used (sometimes called a "session" key) with RSA, so the slowdown from encrypting the entire document is not that great. If you want to hide the contents of the message, then you take the message and the signature, zip them together and encrypt the whole thing with the public key of the receiver before you send. 13
  14. 14. Encryption Flow 14
  15. 15. RSA Algorithm Notations – n is known as the modulus – p & q two large random primes – e is known as the public exponent or encryption exponent – d is known as the secret exponent or decryption exponent Mathematics Related to RSA – Eular’s,Fermat’s and Chinese Remainder Theorems 15
  16. 16. RSA Algorithm Contd. 1. Choose two random large prime numbers, p and q 2. Compute the product n = p x q 3. Randomly choose the encryption key, e, such that e and (p - 1)(q - 1) are relatively prime 4. Use the extended Euclidean algorithm to compute the decryption key, d, such that e*d ≡ 1 mod (p - 1)(q - 1) ie d = e-1 mod ((p - 1)(q - 1)) * d and n are also relatively prime 16
  17. 17. RSA Algorithm Contd. Keys – e and n are the public key – d is the private key Important : The two primes, p and q, are no longer needed They should be discarded, but never revealed 17
  18. 18. RSA Algorithm Contd. Encryption 1. Divide message into numerical blocks smaller than n (with binary data, choose the largest power of 2 less than n) 2. For each block • c = me mod n Decryption 1. For each cipher text block  m = cd mod n 18
  19. 19. RSA Algorithm Contd. RSA Example 1. 2. 3. 4. 5. Select primes: p=17 & q=11 Compute n = pq =17×11=187 ; n=187 Compute ø(n)=(p–1)(q-1)=16×10=160 Select e ; gcd(e,160)=1; choose e=7 Determine d: d*e=1 mod 160 and d < 160 Hence, Value is d=23 since 23×7=161= 10×160+1 6. Publish public key Kpub={7,187} (e,n) 7. Keep secret private key Kpvt={23,17,11} (p,q,d) 19
  20. 20. RSA Algorithm Contd. message „M‟= 88 (88<187) Encryption: [c = me mod n] • C = 887 mod 187 = 11 C = 11 Decryption: [m = cd mod n] • M = 1123 mod 187 = 88 M = 88 If message is 8888 then ? 20
  21. 21. Security Analysis In addition to encrypting messages (which ensures privacy), you can authenticate yourself to me (so I know that it is really you who sent the message) Complexity of Factoring large primes is the strength of RSA algorithm Managing Physical Security must be done Don‟t let anyone copy your key or your primes 21
  22. 22. Current RSA Stats Known Attacks d<N5 Lattice Attack Low public exponent (Coppersmith) Broadcast Attack (Hastad) Related message Attack (Franklin-Reiter) A 768-bit key has been broken A 2048-bit key (RSA Factorial Challenge) Price : 200,000 USD 22
  23. 23. Conclusion In this Paper, Authors have Invented a new PKCS It‟s a New Methodology of Data Encryption Mechanism (Still valid on IT Industry) Have practically proven it By applying relevant security criteria, it became the best PKCS Authors did not mention about RSA performances under different data loads One of a best research paper among few 23
  24. 24. Thank You ! 24
  25. 25. Appendix - I 25
  26. 26. D-H Concept Yellow paint is already agreed by Alice and Bob 26
  27. 27. Trapdoor Functions Easy to compute in one direction Difficult to compute in the opposite direction‟ RSA Example Difficulty of Factoring Large Primes 27
  28. 28. Other Public Key Cryptosystems 28
  29. 29. Mathematics 29
  30. 30. Mathematics Contd. 30
  31. 31. Mathematics Contd. 31
  32. 32. Digital Signature on RSA 32
  33. 33. Hash Functions Ex: SHA-1/2 , MD5 … Output code called “Digest” If message is small Padding is used Has Avalanche Effect 33
  34. 34. Hash Functions Contd. 34
  35. 35. Avoiding Reblocking (Signed Msgs) Happens when , Signature “n” > Encryption “n” Remedy-1 • • • • Maintain two public key pairs (e, n) Choose a threshold value h. For signature n < h For enciphering n > h Remedy-2 • • • • • Each user has a single public key pair (e, n) Choose a threshold value h. n is where h < n < 2h Message enciphered as a number less than h If ciphertext has a value greater than h, repeatedly re-encipher until it is less than h • Similarly method applies for deciphering. 35
  36. 36. Appendix - II 36
  37. 37. Generating Large Primes How to find a really big prime Randomly generate a large odd number b of the size you want Use Solovay and Strassen’s probabilistic algorithm • Select some number a from {0, …, b-1} • gcd(a,b) = 1 and J(a,b) = a(b-1)/2 – If false b is composite. – If true b is prime with a probability of at least ½ 37
  38. 38. Mathematics Stuffs for RSA Eulers totient function Ф – Ф(n) : gives the number of positive integers less then n which are relatively prime to n. Computing Ф(n) – Ф(n) = Ф(p*q) = Ф(p)* Ф(q) = (p-1)*(q-1) = pq – p – q + 1 = n – (p + q) + 1 38
  39. 39. Mathematics Stuffs for RSA Contd. Multiplicative Inverse Example – Two relatively prime numbers 5 and 7 1 2 3 4 5 6 7 * 5 = 5 ≡ 5 (Mod 7) * 5 = 10 ≡ 3 (Mod 7) * 5 = 15 ≡ 1 (Mod 7) * 5 = 20 ≡ 6 (Mod 7) * 5 = 25 ≡ 4 (Mod 7) * 5 = 30 ≡ 2 (Mod 7) * 5 = 35 ≡ 0 (Mod 7) Z7 is a cyclic group 39
  40. 40. Attacks on RSA Lattice Based Attacks on RSA Hastad’s Attack Franklin-Reiter Attack Extension to Wiener’s Attack Hastad’s Attack Given 3 public keys (Ni,ei) with the same ei=3 If a user sent the same message to all 3 public keys => can recover the plaintext 40
  41. 41. Attacks on RSA Contd. Hastad‟s Attack Receiver 1 c1=me mod N1 User c2=me mod N2 Message: m (N1,e) Receiver 1 (N2,e) c3=me mod N3 Receiver 1 (N3,e) 41
  42. 42. Attacks on RSA Contd. Franklin-Reiter Attack c1=m1e mod N Bob Message: m1,m2 Alice m2=f(m1) mod N (N,e) c2=m2e mod N 42
  43. 43. Attacks on RSA Contd. This attack was originally developed by Franklin and Reiter, for the situation when e = 3, with k = 2 messages, with a relation of degree d =1. This result has since been generalized further, so that it applies for any number of messages with a relation of any degree. The value of e is limited to a length of approximately 32 bits due to the complexity of the calculation. This ensures that the attack is effective when e = 216 + 1, which is a popular choice. 43
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×