SlideShare a Scribd company logo

rsa-1

aniruddh Tyagi
aniruddh Tyagi
Technology
1 of 22
Download to read offline
RSA Algorithm Pekka Riikonen priikone@iki.fi http://iki.fi/priikone/docs/rsa.ps http://iki.fi/priikone/docs/rsa.pdf 29.9.2002
Outline What is RSA   RSA security - factorization problem   Implementation tools for RSA   RSA Algorithm   RSA key generation   RSA schemes   Recommended reading  
What is RSA Public key algorithm invented in 1977 by Ron   Rivest, Adi Shamir and Leonard Adleman (RSA) Supports Encryption and Digital Signatures   Most widely used public key algorithm   Gets its security from integer factorization   problem Relatively easy to understand and implement   Patent free (since 2000)  
RSA Usage RSA is used in security protocols such as;   IPSEC/IKE - IP data security   TLS/SSL - transport data security (web)   PGP - email security   SSH - terminal connection security   SILC - conferencing service security   Many many more...  
RSA Security RSA gets its security from factorization problem. Difficulty of   factoring large numbers is the basis of security of RSA. Over 1000 bits long numbers are used. Integer factorization problem (finding number's prime factors):   Positive integer n, find its prime factors: n = p1 p2 ... pi where   pi is positive distinct prime number Example: 257603 = 41 * 61 * 103   Factorization algorithms can be used (attempted at least) to   factor faster than brute forcing: Trial division, Pollard's rho, Pollard's p-1, Quadratic sieve, elliptic curve factorization, Random square factoring, Number field sieve, etc.
RSA Problem RSA Problem (RSAP) is also the basis of security of RSA, in   addition of factorization problem. The RSA problem assures the security of the RSA encryption and RSA digital signatures. RSAP: positive integer n, product of two distinct odd primes   p and q, a positive relatively prime integer e of ¢ ¡ where = (p - 1)(q - 1), and an integer c; find an integer m ¢ such that me c (mod n). £ The condition of RSA problem assures that there is exactly one   unique m in the field. RSA problem is believed to be computationally equivalent to   integer factorization problem.
Implementation Tools In order to implement RSA you will need:   Arbitrary precision arithmetic (multiple-   precision arithmetic) Pseudo Random Number Generator (PRNG)   Prime number generator   Difficulty of implementation greatly depends of   the target platform, application usage and how much of the tools you need to implement from scratch.
Arbitrary Precision Arithmetic Used to handle large numbers (arbitrary in length)   Provides optimized implementations of arithmetic   operations such as modular computation and exponential computation. If you need to implement these yourself the task of   implementing RSA is usually large. Several free libraries available (GMP, NSS MPI, Bignum,   etc). RSA operations will use arbitrary precision arithmetic   (encryption, digital signatures).
PRNG Security of any cryptographic algorithm in the end will depend on random   numbers. The Pseudo Random Number Generator (PRNG) takes secret input samples   (noise, seed) into the PRNG and produces random output. The noise is usually gathered from the running system since true randomness in deterministic environment is impossible (pseudo == not real). The random output of PRNG is secured with cryptographic function   (encryption using cipher or hash function). In this case the PRNG is called cryptographically strong PRNG. PRNG is used to provide random numbers for RSA key generation.   Several standards exist for PRNG's (ANSI X9.17, FIPS 186, etc.). It is also   possible to implement your own PRNG. Interesting research area, since creating secure PRNG is very difficult.  
Prime Number Generation Prime number is a positive integer and is divisible only by itself and 1.   Prime numbers are found with primality testing; an algorithm which   tests a probable prime for primality. Primality testing is one of the oldest mathematical problems. Recently (August 2002) a new determinictic polynomial time algorithm   for finding prime numbers was discovered. Older algorithms has been very slow and/or indeterministic (gives only a probability for primality). With this algorithm finding 100% prime numbers should be possible. If primality testing returns false prime numbers the cryptographic algorithm may be insecure (or will not function correctly). RSA depends on prime numbers in key generation.   Use of so called ”strong” primes; factors of the prime are also primes.  
Primality Testing A common way to test for primality:   Generate a random number, make it odd (even number cannot be   prime number). Divide the probable prime with small prime numbers (eg with first   10000 small prime numbers). If the number divides it is composite; select a new number. After passing the division test, perform Fermat's Little Theorem   on the probable prime; r = 2p-1 mod p. If r != 1 then p is composite; select a new number. Do other tests like Rabin-Miller test if you want more assurance.   Implement the new deterministic algorithm just discovered.  
RSA Algorithm RSA in a nutshell:   Key generation:   Select random prime numbers p and q, and check that p != q ¡ Compute modulus n = pq ¡ Compute phi, = (p - 1)(q - 1) ¢ ¡ Select public exponent e, 1 < e < such that gcd(e, ) = 1 ¢ ¢ ¡ Compute private exponent d = e - 1 mod ¢ ¡ Public key is {n, e}, private key is d ¡ Encryption: c = me mod n, decryption: m = cd mod n   Digital signature: s = H(m)d mod n, verification: m' = se mod n,   if m' = H(m) signature is correct. H is a publicly known hash function.
RSA Key Generation If the RSA keys does not exist, they need to be created. The key   generation process is usually relatively slow but fortunately it is performed seldom (the very first time and then only if keys need to be regenerated). The key generation starts by finding two distinct prime numbers p and q.   First PRNG is used to generate random numbers, then they are tested for primality and will be regenerated untill prime numbers are found. NOTES: The p and q must same length in bits, must not be equal,   and they should not be close to each other (that is p - q should not be small number). If primes are chosen random, and even when they are same in length, it is extremely likely these conditions are met. Compute modulus n = pq and = (p - 1)(q - 1). The n will be stored for ¢   later as it is part of the public key. To have 1024 bit public key, then p and q are about 512 bits each.
RSA Key Generation   Select public exponent e, which is used as public key with n. It is used to encrypt messages and to verify digital signatures. The e is stored for later with n. The e is usually small number but it can be 1 < e < . The e must be relatively prime to , hence gcd(e, ) = 1 (gcd =       greatest common divisor, use Euclidean algorithm). NOTES: Usually e is small to make encryption faster. However, using very small e (<16 ¡ bit number) is not recommended. A popular starting value for e is 65537. If e is not relatively prime to , then it is usually added by 2 untill it becomes relatively prime. This   makes the finding of e as fast as possible.   Compute private exponent d, which is the actual RSA private key. The d must not be disclosed at any time or the security of the RSA is compromised. The d is found by computing the multiplicative inverse d = e - 1 mod . The extended Euclidean algorithm is   commonly used to compute inverses. The d exponent is used to decrypt messages and to compute digital signatures. NOTES: Implementations try to find as small d as possible to make decryption faster. ¡ This is fine as long as it is assured that d is about the same size as n. If it is only one- quarter of size it is not considered safe to be used. It is possible to find a smaller d by using lcm(p-1,q-1) instead of (lcm = least common multiple, lcm(p-1,q-1) = / gcd(p-     1,q-1)). The PKCS#1 standard recommends this.
RSA Key Generation Things to remember in key generation:   Key generation is the most important part of RSA, it is also the hardest ¡ part of RSA to implement correctly. Prime numbers must be primes, otherwise the RSA will not work or is ¡ insecure. There exists some rare composite numbers that make the RSA work, but the end result is insecure. Find fast implementation of the extended Euclidean algorithm. ¡ Do not select too small e. Do not compute too small d. ¡ Compute at least 1024 bit public key. Smaller keys are nowadays ¡ considered insecure. If you need long time security compute 2048 bit keys or longer. Also, compute always new n for each key pair. Do not share n with any other key pair (common modulus attack). Test the keys by performing RSA encryption and decryption operations. ¡
RSA Schemes RSA Encryption/decryption scheme   Encryption is done always with public key. In order to encrypt with public key ¡ it need to be obtained. Public key must be authentic to avoid man-in-the- middle attacks in protocols. Verifying the authenticity of the public key is difficult. When using certificates a trusted third party can be used. If certificates are not in use then some other means of verifying is used (fingerprints, etc). The message to be encrypted is represented as number m, 0 < m < n - 1. If ¡ the message is longer it need to be splitted into smaller blocks. Encryption: compute c = me mod n, where the e and n are the public key, and ¡ m is the message block. The c is the encrypted message. NOTES: If message m is shorter than n - 1 it must be padded, otherwise   it may be possible to retrieve the m from c. Also if m is sent to more than one recipient each m must be made unique by adding pseudo-random bits to the m. Attacks exist against RSA if these conditions are not met.
RSA Schemes Decryption: The private key d is used to decrypt messages. Compute: ¡ m = cd mod n, where n is the modulus (from public key) and d is the private key. NOTES: Decryption is usually a lot slower than encryption since the   decryption exponent is large (same size as n usually). So called Chinese remainder theorem (CRT) can be used to speed up the decryption process. This somewhat changes the RSA key generation process since additional values need to be computed and stored with private key d. However, many implementations use CRT since it makes the decryption faster. The PKCS#1 standard defines the use of CRT with RSA. RSA encryption and decryption are not used as much as RSA digital ¡ signatures. For encryption usually symmetric algorithms are used instead since they are faster. Sometimes combination of both symmetric key encryption and public key encryption are used to make it faster (PGP).
RSA Schemes RSA digital signatures/verification scheme   Digital signatures are always computed with private key. This makes ¡ them easily verifiable publicly with the public key. The raw message m is never signed directly. Instead it is usually hashed ¡ with hash function and the message digest is signed. This condition usually also means that the message m in fact is not secret to the parties so that each party can compute the message digest separately. It is also possible to use so called redundancy function instead of hash function. This function is reverseable which makes it possible to sign secret messages since the message can be retrieved by the party verifying the signature. In practice hash function is often used. NOTES: If the m is not hashed or run through redundancy function   several attacks exist against RSA signatures which may make it possible to forge signatures. Also if the redundancy function is insecure it may be possible to forge signatures.
RSA Schemes Computing signature: first run the message through the hash function (or ¡ redundancy function): m' = H(m), then compute s = m'd mod n, where the n is the modulus (from public key) and d is the private key. The end result is s which is the signature. Same issue of authenticity of public key with public key encryption ¡ applies also to signature verification. Since the signatures are always verified with public key the public key must be obtained and verified before the signature can be reliably verified. Verifying the signature: m' = sd mod n. If hash function was used then the ¡ m is run through the hash function and the message digest is verified against m'. If the verification fails the signature is not authentic. If redundancy function was used then the redundancy function defines how the m' is verified. In this case also the m maybe retrieved from m', which is not possible when using hash functions.
RSA Schemes PKCS#1 standard defines the use of RSA algorithm. It defines   the key generation, encryption, decryption, digital signatures, verification, public key format, padding, and several other issues with RSA. It is probably the most widely used RSA standard, and most of the security protocols using RSA are also compatible with the PKCS#1 standard. ISO/EIC 9796 is another standard. It defines only the use of   digital signatures. It supports RSA but also some other public key algorithms as well.
RSA Example Example of RSA with small numbers:   p = 47, q = 71, compute n = pq = 3337 ¡ Compute phi = 46 * 70 = 3220 ¡ Let e be 79, compute d = 79-1 mod 3220 = 1019 ¡ Public key is n and e, private key d, discard p and q. ¡ Encrypt message m = 688, 68879 mod 3337 = 1570 = c. ¡ Decrypt message c = 1570, 15701019 mod 3337 = 688 = m. ¡
Recommended reading   ”Hand book of Applied Cryptography”, Menez, et. al., 1997, 2002. Freely available from http://www.cacr.math.uwaterloo.ca/hac/ ¡ Good book as introduction to cryptography. It is mathematically oriented and describes also ¡ the mathematical fundamentals used in cryptography. Good bood to read if you are going to implement some cryptographic algorithm.   ”Applied Cryptography”, Second Edition, Schneier, 1996. Good book for introduction to cryptography. Describes the problems simply. I do not ¡ recommend to use this book for implementation reference, use Hand Book of Applied Cryptography instead.   ”Primes is in P”, M. Agrawal, et. al. The paper describing the new deterministic primality testing algorithm. ¡ Available from http://www.cse.iitk.ac.in/news/primality.pdf ¡   PKCS#1 standard - http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/index.html

Recommended

rsa-1
rsa-1rsa-1
rsa-1aniruddh Tyagi
 
The rsa algorithm
The rsa algorithmThe rsa algorithm
The rsa algorithmKomal Singh
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA AlgorithmJoon Young Park
 
Security Attacks on RSA
Security Attacks on RSASecurity Attacks on RSA
Security Attacks on RSAPratik Poddar
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyMd. Shafiul Alam Sagor
 
RSA криптосистем
RSA криптосистемRSA криптосистем
RSA криптосистемsodhero
 
Twenty years of attacks on the rsa cryptosystem
Twenty years of attacks on the rsa cryptosystemTwenty years of attacks on the rsa cryptosystem
Twenty years of attacks on the rsa cryptosystemlinzi320
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSASrilal Buddika
 

Recommended

rsa-1
rsa-1rsa-1
rsa-1aniruddh Tyagi
 
The rsa algorithm
The rsa algorithmThe rsa algorithm
The rsa algorithmKomal Singh
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA AlgorithmJoon Young Park
 
Security Attacks on RSA
Security Attacks on RSASecurity Attacks on RSA
Security Attacks on RSAPratik Poddar
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyMd. Shafiul Alam Sagor
 
RSA криптосистем
RSA криптосистемRSA криптосистем
RSA криптосистемsodhero
 
Twenty years of attacks on the rsa cryptosystem
Twenty years of attacks on the rsa cryptosystemTwenty years of attacks on the rsa cryptosystem
Twenty years of attacks on the rsa cryptosystemlinzi320
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSASrilal Buddika
 
Rsa rivest shamir adleman
Rsa rivest shamir adlemanRsa rivest shamir adleman
Rsa rivest shamir adlemanHossain Md Shakhawat
 
An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)Dharmalingam Ganesan
 
Cyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor FunctionCyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor FunctionDharmalingam Ganesan
 
On deriving the private key from a public key
On deriving the private key from a public keyOn deriving the private key from a public key
On deriving the private key from a public keyDharmalingam Ganesan
 
Rsa
RsaRsa
Rsaismaelhaider
 
Solutions to online rsa factoring challenges
Solutions to online rsa factoring challengesSolutions to online rsa factoring challenges
Solutions to online rsa factoring challengesDharmalingam Ganesan
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA AlgorithmWest University of Timisoara
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA Algorithmchauhankapil
 
RSA
RSARSA
RSAbansidhar11
 
RSA cracking puzzle
RSA cracking puzzleRSA cracking puzzle
RSA cracking puzzleDharmalingam Ganesan
 
RSA without Padding
RSA without PaddingRSA without Padding
RSA without PaddingDharmalingam Ganesan
 
Analysis of Short RSA Secret Exponent d
Analysis of Short RSA Secret Exponent dAnalysis of Short RSA Secret Exponent d
Analysis of Short RSA Secret Exponent dDharmalingam Ganesan
 
Ijetcas14 336
Ijetcas14 336Ijetcas14 336
Ijetcas14 336Iasir Journals
 
RSA - ALGORITHM by Muthugomathy and Meenakshi Shetti of GIT COLLEGE
RSA - ALGORITHM by Muthugomathy and Meenakshi Shetti of GIT COLLEGE RSA - ALGORITHM by Muthugomathy and Meenakshi Shetti of GIT COLLEGE
RSA - ALGORITHM by Muthugomathy and Meenakshi Shetti of GIT COLLEGE Qualcomm
 
Digital Signature Recognition using RSA Algorithm
Digital Signature Recognition using RSA AlgorithmDigital Signature Recognition using RSA Algorithm
Digital Signature Recognition using RSA AlgorithmVinayak Raja
 
Computer Security Lecture 7: RSA
Computer Security Lecture 7: RSAComputer Security Lecture 7: RSA
Computer Security Lecture 7: RSAMohamed Loey
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsaMazin Alwaaly
 
Public key cryptography
Public key cryptography Public key cryptography
Public key cryptography rinnocente
 
Public Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmPublic Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmIndra97065
 
Cryptography
CryptographyCryptography
Cryptographysharmili priyadarsini
 
Advformat_0609
Advformat_0609Advformat_0609
Advformat_0609aniruddh Tyagi
 
Discrete cosine transform
Discrete cosine transformDiscrete cosine transform
Discrete cosine transformaniruddh Tyagi
 

More Related Content

What's hot

An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)Dharmalingam Ganesan
 
Cyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor FunctionCyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor FunctionDharmalingam Ganesan
 
On deriving the private key from a public key
On deriving the private key from a public keyOn deriving the private key from a public key
On deriving the private key from a public keyDharmalingam Ganesan
 
Solutions to online rsa factoring challenges
Solutions to online rsa factoring challengesSolutions to online rsa factoring challenges
Solutions to online rsa factoring challengesDharmalingam Ganesan
 
Analysis of Short RSA Secret Exponent d
Analysis of Short RSA Secret Exponent dAnalysis of Short RSA Secret Exponent d
Analysis of Short RSA Secret Exponent dDharmalingam Ganesan
 
RSA - ALGORITHM by Muthugomathy and Meenakshi Shetti of GIT COLLEGE
RSA - ALGORITHM by Muthugomathy and Meenakshi Shetti of GIT COLLEGE RSA - ALGORITHM by Muthugomathy and Meenakshi Shetti of GIT COLLEGE
RSA - ALGORITHM by Muthugomathy and Meenakshi Shetti of GIT COLLEGE Qualcomm
 
Digital Signature Recognition using RSA Algorithm
Digital Signature Recognition using RSA AlgorithmDigital Signature Recognition using RSA Algorithm
Digital Signature Recognition using RSA AlgorithmVinayak Raja
 
Computer Security Lecture 7: RSA
Computer Security Lecture 7: RSAComputer Security Lecture 7: RSA
Computer Security Lecture 7: RSAMohamed Loey
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsaMazin Alwaaly
 
Public key cryptography
Public key cryptography Public key cryptography
Public key cryptography rinnocente
 
Public Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmPublic Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmIndra97065
 

What's hot (20)

Rsa rivest shamir adleman
Rsa rivest shamir adlemanRsa rivest shamir adleman
Rsa rivest shamir adleman
 
An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)
 
Cyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor FunctionCyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor Function
 
On deriving the private key from a public key
On deriving the private key from a public keyOn deriving the private key from a public key
On deriving the private key from a public key
 
Rsa
RsaRsa
Rsa
 
Solutions to online rsa factoring challenges
Solutions to online rsa factoring challengesSolutions to online rsa factoring challenges
Solutions to online rsa factoring challenges
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA Algorithm
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA Algorithm
 
RSA
RSARSA
RSA
 
RSA cracking puzzle
RSA cracking puzzleRSA cracking puzzle
RSA cracking puzzle
 
RSA without Padding
RSA without PaddingRSA without Padding
RSA without Padding
 
Analysis of Short RSA Secret Exponent d
Analysis of Short RSA Secret Exponent dAnalysis of Short RSA Secret Exponent d
Analysis of Short RSA Secret Exponent d
 
Ijetcas14 336
Ijetcas14 336Ijetcas14 336
Ijetcas14 336
 
RSA - ALGORITHM by Muthugomathy and Meenakshi Shetti of GIT COLLEGE
RSA - ALGORITHM by Muthugomathy and Meenakshi Shetti of GIT COLLEGE RSA - ALGORITHM by Muthugomathy and Meenakshi Shetti of GIT COLLEGE
RSA - ALGORITHM by Muthugomathy and Meenakshi Shetti of GIT COLLEGE
 
Digital Signature Recognition using RSA Algorithm
Digital Signature Recognition using RSA AlgorithmDigital Signature Recognition using RSA Algorithm
Digital Signature Recognition using RSA Algorithm
 
Computer Security Lecture 7: RSA
Computer Security Lecture 7: RSAComputer Security Lecture 7: RSA
Computer Security Lecture 7: RSA
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsa
 
Public key cryptography
Public key cryptography Public key cryptography
Public key cryptography
 
Public Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmPublic Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithm
 
Cryptography
CryptographyCryptography
Cryptography
 

Viewers also liked

Discrete cosine transform
Discrete cosine transformDiscrete cosine transform
Discrete cosine transformaniruddh Tyagi
 
whitepaper_mpeg-if_understanding_mpeg4
whitepaper_mpeg-if_understanding_mpeg4whitepaper_mpeg-if_understanding_mpeg4
whitepaper_mpeg-if_understanding_mpeg4aniruddh Tyagi
 
DIC_video_coding_standards_07
DIC_video_coding_standards_07DIC_video_coding_standards_07
DIC_video_coding_standards_07aniruddh Tyagi
 
A project on advanced C language
A project on advanced C languageA project on advanced C language
A project on advanced C languagesvrohith 9
 
Advanced c c++
Advanced c c++Advanced c c++
Advanced c c++muilevan
 
ADVANCED DVB-C,DVB-S STB DEMOD
ADVANCED DVB-C,DVB-S STB DEMODADVANCED DVB-C,DVB-S STB DEMOD
ADVANCED DVB-C,DVB-S STB DEMODaniruddh Tyagi
 
Teknologi Pita Lebar 4G LTE
Teknologi Pita Lebar 4G LTETeknologi Pita Lebar 4G LTE
Teknologi Pita Lebar 4G LTEHazim Ahmadi
 
30 top my sql interview questions and answers
30 top my sql interview questions and answers30 top my sql interview questions and answers
30 top my sql interview questions and answersskills9tanish
 
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자Taeyeop Kim
 
Embedded SW Interview Questions
Embedded SW Interview Questions Embedded SW Interview Questions
Embedded SW Interview Questions PiTechnologies
 

Viewers also liked (20)

Advformat_0609
Advformat_0609Advformat_0609
Advformat_0609
 
Discrete cosine transform
Discrete cosine transformDiscrete cosine transform
Discrete cosine transform
 
whitepaper_mpeg-if_understanding_mpeg4
whitepaper_mpeg-if_understanding_mpeg4whitepaper_mpeg-if_understanding_mpeg4
whitepaper_mpeg-if_understanding_mpeg4
 
DIC_video_coding_standards_07
DIC_video_coding_standards_07DIC_video_coding_standards_07
DIC_video_coding_standards_07
 
A project on advanced C language
A project on advanced C languageA project on advanced C language
A project on advanced C language
 
DVB_Arch
DVB_ArchDVB_Arch
DVB_Arch
 
Advanced c c++
Advanced c c++Advanced c c++
Advanced c c++
 
ADVANCED DVB-C,DVB-S STB DEMOD
ADVANCED DVB-C,DVB-S STB DEMODADVANCED DVB-C,DVB-S STB DEMOD
ADVANCED DVB-C,DVB-S STB DEMOD
 
Teknologi Pita Lebar 4G LTE
Teknologi Pita Lebar 4G LTETeknologi Pita Lebar 4G LTE
Teknologi Pita Lebar 4G LTE
 
30 top my sql interview questions and answers
30 top my sql interview questions and answers30 top my sql interview questions and answers
30 top my sql interview questions and answers
 
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
 
C Programming - Refresher - Part IV
C Programming - Refresher - Part IVC Programming - Refresher - Part IV
C Programming - Refresher - Part IV
 
Embedded SW Interview Questions
Embedded SW Interview Questions Embedded SW Interview Questions
Embedded SW Interview Questions
 
Embedded _c_
Embedded _c_Embedded _c_
Embedded _c_
 
Linux Programming
Linux ProgrammingLinux Programming
Linux Programming
 
C Programming - Refresher - Part II
C Programming - Refresher - Part II C Programming - Refresher - Part II
C Programming - Refresher - Part II
 
Linux programming - Getting self started
Linux programming - Getting self started Linux programming - Getting self started
Linux programming - Getting self started
 
Linux Internals - Part III
Linux Internals - Part IIILinux Internals - Part III
Linux Internals - Part III
 
Linux Internals - Interview essentials 4.0
Linux Internals - Interview essentials 4.0Linux Internals - Interview essentials 4.0
Linux Internals - Interview essentials 4.0
 
Embedded C - Lecture 4
Embedded C - Lecture 4Embedded C - Lecture 4
Embedded C - Lecture 4
 

Similar to rsa-1

Information and network security 33 rsa algorithm
Information and network security 33 rsa algorithmInformation and network security 33 rsa algorithm
Information and network security 33 rsa algorithmVaibhav Khanna
 
Rivest Shamir Adleman Algorithm and its variant : DRSA.pptx
Rivest Shamir Adleman Algorithm and its variant : DRSA.pptxRivest Shamir Adleman Algorithm and its variant : DRSA.pptx
Rivest Shamir Adleman Algorithm and its variant : DRSA.pptxwerip98386
 
CRYPTOGRAPHY (2).pdf
CRYPTOGRAPHY (2).pdfCRYPTOGRAPHY (2).pdf
CRYPTOGRAPHY (2).pdfBhuvanaR13
 
RSA & MD5 algorithm
RSA & MD5 algorithmRSA & MD5 algorithm
RSA & MD5 algorithmSiva Rushi
 
An Analysis of RSA Public Exponent e
An Analysis of RSA Public Exponent eAn Analysis of RSA Public Exponent e
An Analysis of RSA Public Exponent eDharmalingam Ganesan
 
Chapter 06 rsa cryptosystem
Chapter 06 rsa cryptosystemChapter 06 rsa cryptosystem
Chapter 06 rsa cryptosystemAnkur Choudhary
 
Research on RSA
Research on RSAResearch on RSA
Research on RSAfaizmajeed
 
RSA Algm.pptx
RSA Algm.pptxRSA Algm.pptx
RSA Algm.pptxSou Jana
 
RSA Algorithm.ppt
RSA Algorithm.pptRSA Algorithm.ppt
RSA Algorithm.pptArchanaT30
 
Security_Attacks_On_RSA~ A Computational Number Theoretic Approach.pptx
Security_Attacks_On_RSA~ A Computational Number Theoretic Approach.pptxSecurity_Attacks_On_RSA~ A Computational Number Theoretic Approach.pptx
Security_Attacks_On_RSA~ A Computational Number Theoretic Approach.pptxshahiduljahid71
 
RSA Algorithem and information about rsa
RSA Algorithem and information about rsaRSA Algorithem and information about rsa
RSA Algorithem and information about rsaMohsin Ali
 
Security of RSA and Integer Factorization
Security of RSA and Integer FactorizationSecurity of RSA and Integer Factorization
Security of RSA and Integer FactorizationDharmalingam Ganesan
 
Cryptosystem An Implementation of RSA Using Verilog
Cryptosystem An Implementation of RSA Using VerilogCryptosystem An Implementation of RSA Using Verilog
Cryptosystem An Implementation of RSA Using Verilogijcncs
 

Similar to rsa-1 (20)

Information and network security 33 rsa algorithm
Information and network security 33 rsa algorithmInformation and network security 33 rsa algorithm
Information and network security 33 rsa algorithm
 
RSA Algorithm report
RSA Algorithm reportRSA Algorithm report
RSA Algorithm report
 
PKC&RSA
PKC&RSAPKC&RSA
PKC&RSA
 
Rivest Shamir Adleman Algorithm and its variant : DRSA.pptx
Rivest Shamir Adleman Algorithm and its variant : DRSA.pptxRivest Shamir Adleman Algorithm and its variant : DRSA.pptx
Rivest Shamir Adleman Algorithm and its variant : DRSA.pptx
 
CRYPTOGRAPHY (2).pdf
CRYPTOGRAPHY (2).pdfCRYPTOGRAPHY (2).pdf
CRYPTOGRAPHY (2).pdf
 
Presentation
PresentationPresentation
Presentation
 
RSA & MD5 algorithm
RSA & MD5 algorithmRSA & MD5 algorithm
RSA & MD5 algorithm
 
An Analysis of RSA Public Exponent e
An Analysis of RSA Public Exponent eAn Analysis of RSA Public Exponent e
An Analysis of RSA Public Exponent e
 
Chapter 06 rsa cryptosystem
Chapter 06 rsa cryptosystemChapter 06 rsa cryptosystem
Chapter 06 rsa cryptosystem
 
Research on RSA
Research on RSAResearch on RSA
Research on RSA
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
 
RSA Algm.pptx
RSA Algm.pptxRSA Algm.pptx
RSA Algm.pptx
 
Ch09
Ch09Ch09
Ch09
 
RSA Algorithm.ppt
RSA Algorithm.pptRSA Algorithm.ppt
RSA Algorithm.ppt
 
Security_Attacks_On_RSA~ A Computational Number Theoretic Approach.pptx
Security_Attacks_On_RSA~ A Computational Number Theoretic Approach.pptxSecurity_Attacks_On_RSA~ A Computational Number Theoretic Approach.pptx
Security_Attacks_On_RSA~ A Computational Number Theoretic Approach.pptx
 
RSA Algorithem and information about rsa
RSA Algorithem and information about rsaRSA Algorithem and information about rsa
RSA Algorithem and information about rsa
 
Security of RSA and Integer Factorization
Security of RSA and Integer FactorizationSecurity of RSA and Integer Factorization
Security of RSA and Integer Factorization
 
Ntewrok secuirty cs7
Ntewrok secuirty cs7Ntewrok secuirty cs7
Ntewrok secuirty cs7
 
Cryptosystem An Implementation of RSA Using Verilog
Cryptosystem An Implementation of RSA Using VerilogCryptosystem An Implementation of RSA Using Verilog
Cryptosystem An Implementation of RSA Using Verilog
 
Rsa
RsaRsa
Rsa
 

More from aniruddh Tyagi

BUC BLOCK UP CONVERTER
BUC BLOCK UP CONVERTERBUC BLOCK UP CONVERTER
BUC BLOCK UP CONVERTERaniruddh Tyagi
 
EBU_DVB_S2 READY TO LIFT OFF
EBU_DVB_S2 READY TO LIFT OFFEBU_DVB_S2 READY TO LIFT OFF
EBU_DVB_S2 READY TO LIFT OFFaniruddh Tyagi
 
ADVANCED DVB-C,DVB-S STB DEMOD
ADVANCED DVB-C,DVB-S STB DEMODADVANCED DVB-C,DVB-S STB DEMOD
ADVANCED DVB-C,DVB-S STB DEMODaniruddh Tyagi
 
haffman coding DCT transform
haffman coding DCT transformhaffman coding DCT transform
haffman coding DCT transformaniruddh Tyagi
 
fundamentals_satellite_communication_part_1
fundamentals_satellite_communication_part_1fundamentals_satellite_communication_part_1
fundamentals_satellite_communication_part_1aniruddh Tyagi
 
art_sklar7_reed-solomon
art_sklar7_reed-solomonart_sklar7_reed-solomon
art_sklar7_reed-solomonaniruddh Tyagi
 

More from aniruddh Tyagi (20)

BUC BLOCK UP CONVERTER
BUC BLOCK UP CONVERTERBUC BLOCK UP CONVERTER
BUC BLOCK UP CONVERTER
 
digital_set_top_box2
digital_set_top_box2digital_set_top_box2
digital_set_top_box2
 
DCT
DCTDCT
DCT
 
EBU_DVB_S2 READY TO LIFT OFF
EBU_DVB_S2 READY TO LIFT OFFEBU_DVB_S2 READY TO LIFT OFF
EBU_DVB_S2 READY TO LIFT OFF
 
ADVANCED DVB-C,DVB-S STB DEMOD
ADVANCED DVB-C,DVB-S STB DEMODADVANCED DVB-C,DVB-S STB DEMOD
ADVANCED DVB-C,DVB-S STB DEMOD
 
haffman coding DCT transform
haffman coding DCT transformhaffman coding DCT transform
haffman coding DCT transform
 
Classification
ClassificationClassification
Classification
 
tyagi 's doc
tyagi 's doctyagi 's doc
tyagi 's doc
 
quantization_PCM
quantization_PCMquantization_PCM
quantization_PCM
 
ECMG & EMMG protocol
ECMG & EMMG protocolECMG & EMMG protocol
ECMG & EMMG protocol
 
7015567A
7015567A7015567A
7015567A
 
Basic of BISS
Basic of BISSBasic of BISS
Basic of BISS
 
euler theorm
euler theormeuler theorm
euler theorm
 
fundamentals_satellite_communication_part_1
fundamentals_satellite_communication_part_1fundamentals_satellite_communication_part_1
fundamentals_satellite_communication_part_1
 
quantization
quantizationquantization
quantization
 
art_sklar7_reed-solomon
art_sklar7_reed-solomonart_sklar7_reed-solomon
art_sklar7_reed-solomon
 
DVBSimulcrypt2
DVBSimulcrypt2DVBSimulcrypt2
DVBSimulcrypt2
 
en_302769v010101v
en_302769v010101ven_302769v010101v
en_302769v010101v
 
Euler formula
Euler formulaEuler formula
Euler formula
 
RSA
RSARSA
RSA
 

Recently uploaded

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 

Recently uploaded (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 

rsa-1

  • 1. RSA Algorithm Pekka Riikonen priikone@iki.fi http://iki.fi/priikone/docs/rsa.ps http://iki.fi/priikone/docs/rsa.pdf 29.9.2002
  • 2. Outline What is RSA   RSA security - factorization problem   Implementation tools for RSA   RSA Algorithm   RSA key generation   RSA schemes   Recommended reading  
  • 3. What is RSA Public key algorithm invented in 1977 by Ron   Rivest, Adi Shamir and Leonard Adleman (RSA) Supports Encryption and Digital Signatures   Most widely used public key algorithm   Gets its security from integer factorization   problem Relatively easy to understand and implement   Patent free (since 2000)  
  • 4. RSA Usage RSA is used in security protocols such as;   IPSEC/IKE - IP data security   TLS/SSL - transport data security (web)   PGP - email security   SSH - terminal connection security   SILC - conferencing service security   Many many more...  
  • 5. RSA Security RSA gets its security from factorization problem. Difficulty of   factoring large numbers is the basis of security of RSA. Over 1000 bits long numbers are used. Integer factorization problem (finding number's prime factors):   Positive integer n, find its prime factors: n = p1 p2 ... pi where   pi is positive distinct prime number Example: 257603 = 41 * 61 * 103   Factorization algorithms can be used (attempted at least) to   factor faster than brute forcing: Trial division, Pollard's rho, Pollard's p-1, Quadratic sieve, elliptic curve factorization, Random square factoring, Number field sieve, etc.
  • 6. RSA Problem RSA Problem (RSAP) is also the basis of security of RSA, in   addition of factorization problem. The RSA problem assures the security of the RSA encryption and RSA digital signatures. RSAP: positive integer n, product of two distinct odd primes   p and q, a positive relatively prime integer e of ¢ ¡ where = (p - 1)(q - 1), and an integer c; find an integer m ¢ such that me c (mod n). £ The condition of RSA problem assures that there is exactly one   unique m in the field. RSA problem is believed to be computationally equivalent to   integer factorization problem.
  • 7. Implementation Tools In order to implement RSA you will need:   Arbitrary precision arithmetic (multiple-   precision arithmetic) Pseudo Random Number Generator (PRNG)   Prime number generator   Difficulty of implementation greatly depends of   the target platform, application usage and how much of the tools you need to implement from scratch.
  • 8. Arbitrary Precision Arithmetic Used to handle large numbers (arbitrary in length)   Provides optimized implementations of arithmetic   operations such as modular computation and exponential computation. If you need to implement these yourself the task of   implementing RSA is usually large. Several free libraries available (GMP, NSS MPI, Bignum,   etc). RSA operations will use arbitrary precision arithmetic   (encryption, digital signatures).
  • 9. PRNG Security of any cryptographic algorithm in the end will depend on random   numbers. The Pseudo Random Number Generator (PRNG) takes secret input samples   (noise, seed) into the PRNG and produces random output. The noise is usually gathered from the running system since true randomness in deterministic environment is impossible (pseudo == not real). The random output of PRNG is secured with cryptographic function   (encryption using cipher or hash function). In this case the PRNG is called cryptographically strong PRNG. PRNG is used to provide random numbers for RSA key generation.   Several standards exist for PRNG's (ANSI X9.17, FIPS 186, etc.). It is also   possible to implement your own PRNG. Interesting research area, since creating secure PRNG is very difficult.  
  • 10. Prime Number Generation Prime number is a positive integer and is divisible only by itself and 1.   Prime numbers are found with primality testing; an algorithm which   tests a probable prime for primality. Primality testing is one of the oldest mathematical problems. Recently (August 2002) a new determinictic polynomial time algorithm   for finding prime numbers was discovered. Older algorithms has been very slow and/or indeterministic (gives only a probability for primality). With this algorithm finding 100% prime numbers should be possible. If primality testing returns false prime numbers the cryptographic algorithm may be insecure (or will not function correctly). RSA depends on prime numbers in key generation.   Use of so called ”strong” primes; factors of the prime are also primes.  
  • 11. Primality Testing A common way to test for primality:   Generate a random number, make it odd (even number cannot be   prime number). Divide the probable prime with small prime numbers (eg with first   10000 small prime numbers). If the number divides it is composite; select a new number. After passing the division test, perform Fermat's Little Theorem   on the probable prime; r = 2p-1 mod p. If r != 1 then p is composite; select a new number. Do other tests like Rabin-Miller test if you want more assurance.   Implement the new deterministic algorithm just discovered.  
  • 12. RSA Algorithm RSA in a nutshell:   Key generation:   Select random prime numbers p and q, and check that p != q ¡ Compute modulus n = pq ¡ Compute phi, = (p - 1)(q - 1) ¢ ¡ Select public exponent e, 1 < e < such that gcd(e, ) = 1 ¢ ¢ ¡ Compute private exponent d = e - 1 mod ¢ ¡ Public key is {n, e}, private key is d ¡ Encryption: c = me mod n, decryption: m = cd mod n   Digital signature: s = H(m)d mod n, verification: m' = se mod n,   if m' = H(m) signature is correct. H is a publicly known hash function.
  • 13. RSA Key Generation If the RSA keys does not exist, they need to be created. The key   generation process is usually relatively slow but fortunately it is performed seldom (the very first time and then only if keys need to be regenerated). The key generation starts by finding two distinct prime numbers p and q.   First PRNG is used to generate random numbers, then they are tested for primality and will be regenerated untill prime numbers are found. NOTES: The p and q must same length in bits, must not be equal,   and they should not be close to each other (that is p - q should not be small number). If primes are chosen random, and even when they are same in length, it is extremely likely these conditions are met. Compute modulus n = pq and = (p - 1)(q - 1). The n will be stored for ¢   later as it is part of the public key. To have 1024 bit public key, then p and q are about 512 bits each.
  • 14. RSA Key Generation   Select public exponent e, which is used as public key with n. It is used to encrypt messages and to verify digital signatures. The e is stored for later with n. The e is usually small number but it can be 1 < e < . The e must be relatively prime to , hence gcd(e, ) = 1 (gcd =       greatest common divisor, use Euclidean algorithm). NOTES: Usually e is small to make encryption faster. However, using very small e (<16 ¡ bit number) is not recommended. A popular starting value for e is 65537. If e is not relatively prime to , then it is usually added by 2 untill it becomes relatively prime. This   makes the finding of e as fast as possible.   Compute private exponent d, which is the actual RSA private key. The d must not be disclosed at any time or the security of the RSA is compromised. The d is found by computing the multiplicative inverse d = e - 1 mod . The extended Euclidean algorithm is   commonly used to compute inverses. The d exponent is used to decrypt messages and to compute digital signatures. NOTES: Implementations try to find as small d as possible to make decryption faster. ¡ This is fine as long as it is assured that d is about the same size as n. If it is only one- quarter of size it is not considered safe to be used. It is possible to find a smaller d by using lcm(p-1,q-1) instead of (lcm = least common multiple, lcm(p-1,q-1) = / gcd(p-     1,q-1)). The PKCS#1 standard recommends this.
  • 15. RSA Key Generation Things to remember in key generation:   Key generation is the most important part of RSA, it is also the hardest ¡ part of RSA to implement correctly. Prime numbers must be primes, otherwise the RSA will not work or is ¡ insecure. There exists some rare composite numbers that make the RSA work, but the end result is insecure. Find fast implementation of the extended Euclidean algorithm. ¡ Do not select too small e. Do not compute too small d. ¡ Compute at least 1024 bit public key. Smaller keys are nowadays ¡ considered insecure. If you need long time security compute 2048 bit keys or longer. Also, compute always new n for each key pair. Do not share n with any other key pair (common modulus attack). Test the keys by performing RSA encryption and decryption operations. ¡
  • 16. RSA Schemes RSA Encryption/decryption scheme   Encryption is done always with public key. In order to encrypt with public key ¡ it need to be obtained. Public key must be authentic to avoid man-in-the- middle attacks in protocols. Verifying the authenticity of the public key is difficult. When using certificates a trusted third party can be used. If certificates are not in use then some other means of verifying is used (fingerprints, etc). The message to be encrypted is represented as number m, 0 < m < n - 1. If ¡ the message is longer it need to be splitted into smaller blocks. Encryption: compute c = me mod n, where the e and n are the public key, and ¡ m is the message block. The c is the encrypted message. NOTES: If message m is shorter than n - 1 it must be padded, otherwise   it may be possible to retrieve the m from c. Also if m is sent to more than one recipient each m must be made unique by adding pseudo-random bits to the m. Attacks exist against RSA if these conditions are not met.
  • 17. RSA Schemes Decryption: The private key d is used to decrypt messages. Compute: ¡ m = cd mod n, where n is the modulus (from public key) and d is the private key. NOTES: Decryption is usually a lot slower than encryption since the   decryption exponent is large (same size as n usually). So called Chinese remainder theorem (CRT) can be used to speed up the decryption process. This somewhat changes the RSA key generation process since additional values need to be computed and stored with private key d. However, many implementations use CRT since it makes the decryption faster. The PKCS#1 standard defines the use of CRT with RSA. RSA encryption and decryption are not used as much as RSA digital ¡ signatures. For encryption usually symmetric algorithms are used instead since they are faster. Sometimes combination of both symmetric key encryption and public key encryption are used to make it faster (PGP).
  • 18. RSA Schemes RSA digital signatures/verification scheme   Digital signatures are always computed with private key. This makes ¡ them easily verifiable publicly with the public key. The raw message m is never signed directly. Instead it is usually hashed ¡ with hash function and the message digest is signed. This condition usually also means that the message m in fact is not secret to the parties so that each party can compute the message digest separately. It is also possible to use so called redundancy function instead of hash function. This function is reverseable which makes it possible to sign secret messages since the message can be retrieved by the party verifying the signature. In practice hash function is often used. NOTES: If the m is not hashed or run through redundancy function   several attacks exist against RSA signatures which may make it possible to forge signatures. Also if the redundancy function is insecure it may be possible to forge signatures.
  • 19. RSA Schemes Computing signature: first run the message through the hash function (or ¡ redundancy function): m' = H(m), then compute s = m'd mod n, where the n is the modulus (from public key) and d is the private key. The end result is s which is the signature. Same issue of authenticity of public key with public key encryption ¡ applies also to signature verification. Since the signatures are always verified with public key the public key must be obtained and verified before the signature can be reliably verified. Verifying the signature: m' = sd mod n. If hash function was used then the ¡ m is run through the hash function and the message digest is verified against m'. If the verification fails the signature is not authentic. If redundancy function was used then the redundancy function defines how the m' is verified. In this case also the m maybe retrieved from m', which is not possible when using hash functions.
  • 20. RSA Schemes PKCS#1 standard defines the use of RSA algorithm. It defines   the key generation, encryption, decryption, digital signatures, verification, public key format, padding, and several other issues with RSA. It is probably the most widely used RSA standard, and most of the security protocols using RSA are also compatible with the PKCS#1 standard. ISO/EIC 9796 is another standard. It defines only the use of   digital signatures. It supports RSA but also some other public key algorithms as well.
  • 21. RSA Example Example of RSA with small numbers:   p = 47, q = 71, compute n = pq = 3337 ¡ Compute phi = 46 * 70 = 3220 ¡ Let e be 79, compute d = 79-1 mod 3220 = 1019 ¡ Public key is n and e, private key d, discard p and q. ¡ Encrypt message m = 688, 68879 mod 3337 = 1570 = c. ¡ Decrypt message c = 1570, 15701019 mod 3337 = 688 = m. ¡
  • 22. Recommended reading   ”Hand book of Applied Cryptography”, Menez, et. al., 1997, 2002. Freely available from http://www.cacr.math.uwaterloo.ca/hac/ ¡ Good book as introduction to cryptography. It is mathematically oriented and describes also ¡ the mathematical fundamentals used in cryptography. Good bood to read if you are going to implement some cryptographic algorithm.   ”Applied Cryptography”, Second Edition, Schneier, 1996. Good book for introduction to cryptography. Describes the problems simply. I do not ¡ recommend to use this book for implementation reference, use Hand Book of Applied Cryptography instead.   ”Primes is in P”, M. Agrawal, et. al. The paper describing the new deterministic primality testing algorithm. ¡ Available from http://www.cse.iitk.ac.in/news/primality.pdf ¡   PKCS#1 standard - http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/index.html