What is Coordinate Measuring Machine? CMM Types, Features, Functions
2.10 Security of RSA.pptx
1. SRI KRISHNA COLLEGE OF ENGINEERING AND TECHNOLOGY
Kuniamuthur, Coimbatore, Tamilnadu, India
An Autonomous Institution, Affiliated to Anna University,
Accredited by NAAC with “A” Grade & Accredited by NBA (CSE, ECE, IT, MECH ,EEE, CIVIL& MCT)
COURSE MATERIALMATERIAL
Course : 20EC603 – Fundamentals of Network Security
Module - 2: Public Key Cryptography and authentication
requirements
Topics : Security of RSA
www.skcet.ac.in
2. RSASecurity
Four possible approaches to attacking the RSA algorithm are
• Brute force: This involves trying all possible private keys.
• Mathematical attacks: There are several approaches, all
equivalent in effort to factoring the product of two primes.
• Timing attacks: These depend on the running time of the
decryption algorithm.
• Chosen ciphertext attacks: This type of attack exploits
properties of the RSA algorithm.
3. • The defense against the brute-force approach is the same for
RSA as for other cryptosystems, namely, to use a large key
space. Thus, the larger the number of bits in d, the better.
However, because the calculations involved, both in key
generation and in encryption/decryption, are complex, the larger
the size of the key, the slower the system will run.
4. Mathematical and Timing Attacks
THE FACTORING PROBLEM
• Three approaches to attacking RSA mathematically.
1. Factor n into its two prime factors. This enables calculation of f(n) = (p -
1) × (q - 1), which in turn enables determination of d K e-1 (mod f(n)).
2. Determine f(n) directly, without first determining p and q. Again, this
enables determination of d K e-1 (mod f(n)).
3. Determine d directly, without first determining f(n).
5. • Most discussions of the cryptanalysis of RSA have
focused on the task of factoring n into its two prime
factors. Determining f(n) given n is equivalent to
factoring N With presently known algorithms,
determining d given e and n appears to be at least as
time-consuming as the factoring problem
6. Factoring Problem
• mathematical approach takes 3 forms:
– factor N=p.q, hence find ø(N) and then d
– determine ø(N) directly and find d
– find d directly
• currently believe all equivalent to factoring
– have seen slow improvements over the years
• as ofAug-99 best is 130 decimal digits (512) bit with GNFS
– biggest improvement comes from improved algorithm
• cf “Quadratic Sieve” to “Generalized Number Field Sieve”
– barring dramatic breakthrough 1024+ bit RSA secure
• ensure p, q of similar size and matching other constraints
7. TimingAttacks
• developed in mid-1990’s
• exploit timing variations in operations
– infer bits of d based on time taken
• countermeasures
– use constant exponentiation time
– add random delays
– blind values used in calculations
• C’ = (Mr)e, M’ = (C’)d, M=M’r-1
8. Chosen Ciphertext Attacks
• RSA is vulnerable to a Chosen Ciphertext Attack (CCA)
• attackers chooses ciphertexts & gets decrypted plaintext
back
• choose ciphertext to exploit properties of RSA to provide
info to help cryptanalysis
• can counter with random pad of plaintext
• or use Optimal Asymmetric Encryption Padding (OASP)