SlideShare a Scribd company logo

RSA Public-Key Cryptography Explained

D
David Boyhan, JD, CIPP

An overview of PKI encryption.

Science
1 of 6
Download to read offline
An Introduction to RSA Public-Key Cryptography David Boyhan August 5, 2008 According to the U.S. Census Bureau, in the 1st quarter of 2008, approximately $33 billion worth of retail sales were conducted on the Internet.[1] In all likelihood, the vast majority of these were secured at some level by an encryption scheme known as public-key cryptography (PKC). Interestingly, relative to the Internet, PKC is quite old, 1 at the same time, relative to virtually all other types of secret writing or cryptography, PKC is extremely young. 2 It's doubtful that without PKC either electronic commerce or the world wide web would have expanded as rapidly and as they have. Before PKC For the nearly 2000 years prior to PKC, all forms of ciphers were symmetric. That is, in order to read a secret encrypted message, a condential key is needed. For example, in the case of the Caesar Shift Cipher, used by Julius Caesar, a plain-text message M is encrypted by shifting each letter in the message by three letters (e.g., all As become Ds, all Bs become Es, etc.) [2] (page 10). As a result, the plain-text message (M): DM HURTS MY BRAIN is encrypted into the cipher-text message (C): GP KXUWV OB EUDLQ In this case, the number 3 is the key to the cipher, that must both be kept condential from eavesdroppers, but must also be shared between both the sender and the recipient. A more complex cipher might have random letter substitutions, or use more than one alphabet. The German Enigma used during World War II relied on multiple mechanically rotated rotors to encrypt messages. The order and initial settings of the rotors represented the condential keys that had to be distributed securely to all users of the Enigma. Every one of these ciphers, including the Advanced Encryption Standard (AES) approved by the U.S. National Institute of Standards and Technology in 2001, is therefore considered a symmetric-key cipher, in that the key to both lock and unlock the condential message is identical and needs to protected from eavesdropping. 3 Symmetric key encryption can also be thought of in terms of two functions, one for encrypting - E, and one for decrypting - D. In both cases, a single key k is used to both encrypt plain-text message M, and to decrypt cipher-text message C. 1PKC is approximately 30 years old, while general public access to the Internet is only about 20 years old, and the World- Wide-Web is only about 15 years old. 2Most authorities date cryptography and secret writing to at least 400 B.C. [2](page 9). 3Technically, certain forms of secret writing, including invisible ink, stenography (hidden writing such as micro-dots) and one-time pads do not require keys. However, they all rely on some form of secure distribution that is vulnerable to interception. 1
Accordingly: E(M, k) → C D(C, k) → M As a result of the requirement that symmetric keys be distributed securely, by the 1960's and 1970's the process of key distribution had become a serious problem for both businesses and governments. Major resources were committed to secure key distribution, in some cases requiring daily couriers between business and government agencies.[2](pages 251, 252). Die-Hellman Invent PKC However, in 1976 two mathematicians, Whiteld Die and Martin Hellman published a paper proposing a revolutionary new cryptographic approach. In their paper[3] Die and Hellman proposed a scheme where keys could be exchanged between senders without concern over interception. There would now be two keys, a public-key e that could be published to the world, and a corresponding private-key d that would be kept condential. The public-key e would be used to encrypt message M into cipher-text C and the private-key d would be used to decrypt C back into plain-text M. Even though the actual encryption algorithms could be published and available to eavesdroppers, it would be computationally infeasible to derive d from e. In simple terms, the public key e locks and the private key d unlocks. The public key is published to the world and anyone who wishes to communicate securely with the key-owner uses the public key. Accordingly: E(M, e) → C D(C, d) → M D(C, e) → M This concept would be the core of public-key cryptography and would eliminate any need for key distribu- tion. Keys would now be asymmetric rather than symmetric. This also permitted the creation of digital signatures [3] because the In order to implement PKC, Die and Hellman proposed using one-way or trapdoor functions. These functions are so called this because while they can be performed quite easily in one direction, it is signi- cantly more complex and time-consuming to reverse the function. A simple example would be multiplication versus factoring. While it's a simple matter to multiply 13, 719 by 23, 547 to get the result 323, 041, 293, it's signicantly more complex to factor 323, 041, 293 into it's prime factors of 32 ∗ 17 ∗ 47 ∗ 167 ∗ 269. The group of one-way functions that Hellman, and another research, Ralph Merkle, proposed were based on knapsack problems. In simplest terms, knapsack functions require packing a knapsack with objects of various weights in order to perfectly t within the connes of the knapsack. In cryptography, the problem could involve determining a subset (x1, x2, x3) from a larger set of integers (x1, x2, x3, x4, x5, x6) such that the subset adds up exactly to a certain agreed upon value. In this case, the public-key would be the ordered set of weights and the encrypted message would be the product of the message text and the public key. The private key would be the subset of the weights. Although calculating the sum is a very simple matter (one- way), as would be decrypting the message using the proper subset, determining what the private subset values are for a suciently large set of numbers xn is computationally quite complex and is considered NP Complete. However, it was subsequently determined that although knapsack problems are NP Complete, there are special cases of the problems that are relatively easy to solve, rendering that particular trap-door cryptographically awed.[5] RSA In 1978, Ronald Rivest, Adi Shamir and Leonard Adelman published a paper proposing an alternative PKC algorithm based upon prime number factorization and multiplicative inverse modular math.[4]Their 2
approach survived signicant cryptographic analysis and quickly became the de facto standard for PKC and has remained as such for the last 30 years. In order to use RSA (named for the initial of the authors), a ctional protagonist, Alice, rst needs to create her public and private keys. In RSA, a public key actually consists of two numbers, n and e and the private key similarly consists of two numbers, n again and d. The value n is generated by multiplying two very large prime numbers together. These two large prime numbers, p and q are kept secret. 4 Alice must then pick a large, random integer d that is relatively prime to ((p − 1) · (q − 1)). In other words, the greatest common divisor of d and ((p − 1) · (q − 1)) must be 1. Thus: gcd(d, (p − 1) · (q − 1)) = 1 Finally, Alice (or the software) must generate the public-key e from d, p and q. This step is the real heart of the RSA algorithm because the approach taken makes it computationally infeasible to determine d without p and q even though both n and e are published to the world. The integer e as the public-key encryption component is calculated as the multiplicative inverse of: d mod ((p − 1) · (q − 1) This is probably the most complex part of RSA. Traditionally, the multiplicative inverse of d would be d−1 such that d · d−1 = 1. However, in this case, we are seeking the modular multiplicative inverse. 5 A multiplicative inverse of d mod ((p − 1) · (q − 1)), is an integer e such that: d · e = 1 mod ((p − 1) · (q − 1)) In order for their to be a solution for e, d and ((p − 1) · (q − 1)) must be relatively prime. To solve e, we can use Euler's Totient and Euler's Generalization of Fermat's Little Theorem. [4][6] Euler's Totient of n, signied as φ(n), is dened as the number of positive integers less than n that are relatively prime to n. If n is prime then φ(n) is simply (n − 1). If both p and q and prime, then it's easy to see that φ(p · q) will be ((p − 1) · (q − 1)). However, if n is not prime, such as, for example, 12, then the numbers that are less than n that are relatively prime to n would be 1, 5, 7, 11. Therefore φ(12) is 4. Calculating Euler's Totient can be accomplished in a number of ways, but the simplest method uses the unique prime factorization theorem in a manner similar to calculation of gcd. If, in calculating φ(n) we determine the prime factorization of nsuch that n = pk1 1 · · · pkr r then, isolate the distinct primes and then compute φ(n) using the following formula: n p|n 1 − 1 p In this formula, the range of p is only those primes identied as distinct in the prime factorization of n. Therefore, for example, 12 = 22 31 so the Totient would be 12 · (1 − 1 2 ) · (1 − 1 3 ) = 12 ∗ 1 2 ∗ 2 3 = 4. Similarly, because the prime factorization of 54 = 21 33 then φ(54) would also be 54 ∗ 1 2 ∗ 2 3 = 18. Euler's generalization of Fermat's Little Theorem states that: if gcd(d, z) = 1 then dφ(z) mod z = 1. This is a condition we have already satised with dand ((p − 1) · (q − 1). Substituting ((p − 1) · (q − 1))for z we can see, using Fermat's Little Theorem that: 1 = dφ((p−1)·(q−1)) mod ((q − 1) · (p − 1)) 4When we discuss large prime numbers, we are talking about prime numbers with hundreds, thousands or millions of digits. 5It may clarify things somewhat to use Schneier's [6]examples of modular multiplicative inverse that 4 ∗ x (mod 7) . . . is equivalent to nding an x and k such that 4x = 7k + 1 where both x and k are integers. The general problem is nding an x such that 1 = (a ∗ x) mod n. This is also written as a−1 ≡ x (mod n) 3
We also know that based on the denition of multiplicative modular inverse that: e · d = 1(mod(p − 1) · (q − 1)) e · d · d−1 = d−1 · 1(mod(p − 1) · (q − 1)) Substituting in dφ((p−1)·(q−1)) mod ((q − 1) · (p − 1))for 1(mod(p − 1) · (q − 1)), we get: e · 1 = dφ((p−1)·(q−1))−1 mod (p − 1) · (q − 1) The process to both encrypt and decrypt is now remarkably simple. To quote directly from the original RSA paper: . . ., the result (the ciphertext C) is the remainder when Me is divided by n. To decrypt the ciphertext, raise it to another power d again modulo n . As a result, the formulas for encrypting plain-text message M is E(M) and decrypting cipher-text message C is D(C) as follows: E(M) = Me (mod n) = C D(C) = Cd (mod n) = M We'll now go through a simple example. We'll start by creating Alice's public key. To create n we'll use very small prime numbers: p = 5, q = 11. Therefore, the rst part of the public encryption key n = p · q = 5 · 11 = 55. We must now pick random number that is relatively prime to ((p − 1) · (q − 1)). We can easily see that 7 is relatively prime to 55, so we'll use d = 7. Again, we would typically use much larger numbers. We will also calculate e using d and Euler's Generalization of Fermat's Little Theorem. Accordingly: 6 e = dφ((p−1)·(q−1))−1 mod ((p − 1) · (q − 1)) = 7φ(4∗10)−1 mod 4 ∗ 10 It's easy to see that 40 = 23 ∗ 51 Therefore, φ(40) = 40 ∗ (1 − 1 2 ) ∗ (1 − 1 5 ) = 40 ∗ 1 2 ∗ 4 5 = 16 Therefore, e = 715 mod 40 e = 23 Finally we'll start with plain-text message M: DM HURTS MY BRAIN For the purposes of this example, we'll use the integers 1-26 to represent the alphabet and remove all spaces. However, under normal circumstances, ASCII would be used instead. Therefore, M becomes: D M H U R T S M Y B R A I N 04 13 08 21 18 20 19 13 25 02 18 01 09 14 6This was calculated using the OSS software Euler's Math Toolbox available at: mathsrv.ku-eichstaett.de/MGF/homes/grothmann/euler/index.html 4
Now, encryption is simply of matter of iteratively encrypting each block. We can therefore see that the rst encrypted block C1 = 0423 (mod 5)5 = 097 The entire message is encrypted as: 09 52 17 21 02 25 39 52 05 08 02 01 14 49 And this would be decrypted using D(C) = Cd (mod n) = M. So, M1 = 097 (mod 5)5 = 04, M2 = 527 (mod 5)5 = 13. . .M14 = 497 (mod 5)5 = 14 As a result of RSA, both encryption and decryption is accomplished quite rapidly. However, it's relatively easy to see that in order to derive the secret key d from the public key d and n an attacker would need to factor ninto p and q order to determine φ((p − 1) · (q − 1)) and thereby d. Since we have chosen p and q as very large prime numbers, the amount of time necessary to factor n becomes prohibitive and is currently believed to be NP Hard. It was estimated in the RSA paper that using the fastest known prime-factoring methods, if each step only required 1 microsecond, it take an estimated 4.2 ∗ 1025 years for a number n of 500 digits to be factored. [4](page 12). Digital Signatures Certicates In addition to its simplicity, the PKC scheme oers certain features that simplify electronic communications and electronic commerce. The two best examples of these are digital signatures and digital certicates. RSA has the ability to create unique digital signatures that are generated by a using a private key d but can be validated by using the public key e. As a result if Alice and Bob wish to execute a document without meeting in person, Bob can encrypt the document using Alice's public key ea. When Alice receives the document, she decrypts it and signs it using her digital signature generated from her private key da. She then re-encrypts it using Bob's public key eband sends it to Bob. Bob decrypts the message using his private key db and views Alice's digital signature. He can verify her digital signature using her public key ea verifying that it could only be signed by Alice. Similarly, digital certicates which are required for virtually all forms of electronic commerce are simply an enhanced form of the public-key e. That is, the more advanced implementations of PKC allow users to generate certicates that contain not just their public key, but unique information such as personal details and expiration dates. These can then be posted with, or generated by, so-called trusted certicate authorities such as Verisign. However, the underlying content is still essentially an RSA based public key. PGP and a Cryptographic Crisis Finally, it should be noted that although RSA public-key cryptography has been enormously successful and important to the growth of the Internet and e-commerce, there have been signicant issues surrounding it. The most famous concerns the development of a software package called PGP (for Pretty Good Privacy).[2](pages 298-301) Although the RSA scheme had been published in 1977 in a widely available journal, the algorithm itself was patented by Rivest, Shamir and Adelman and a company was established to license the algorithm. This licensing was almost exclusively made to very large businesses and to the government. However, by the late 1980's electronic communications tools were increasingly available to private individuals and privacy issues were stating to come to the forefront. In part to try to give private citizens access to improved privacy, an individual named Philip Zimmermann began developing a PC software package based on the RSA algorithms. His original intent was to obtain a license from RSA. However, he experienced diculty in obtaining a license and 1991 he delivered a working copy of PGP, together with source-code to a friend to be placed on the Internet. As a result, individuals as far away as China and Russia suddenly had access to extremely strong cryptographic technology. Two things immediately happened after the release of PGP. First, Mr. Zimmermann was sued by RSA for patent violation. Secondly and perhaps more interestingly, the US Federal government began inquiries into 7This was also calculated using the software Euler's Math Toolbox. 5
Mr. Zimmerman's actions, which included allegations that he had exported munitions outside of the United States without a license. At at the time, the US Government categorized strong encryption technology as a munition comparable to a rearm or an explosive, requiring formal export approval. By placing PGP on the Internet, the government argued that Mr. Zimmermann had exported a munition. Ultimately, Mr. Zimmermann became the subject of an FBI grand jury investigation. The US Government in fact became so concerned about the availability of strong encryption tools that they proposed an alternative encryption scheme, known as Clipper and Capstone which would be mandated on all electronic equipment (e.g., cell phones, modems, etc.). However, both Clipper and Capstone would escrow copies of all cryptographic keys with the US Government, the argument being that without manda- tory key-escrow, the government would be unable to implement wire-taps and the like for legitimate law enforcement purposes. Not surprisingly, both privacy advocates and businesses reacted extremely negatively to the proposal. The privacy concerns are clear. However, businesses objected to the proposal because they recognized that no buyer outside of the United States would be interested in technology with a built-in back-door for the U.S. government. By the end of the 1990's, the had FBI dropped their grand jury investigation and Mr. Zimmermann obtained a license from RSA. More importantly, the government had also dropped their Clipper/Capstone proposal. Although this may have been a decision based upon public outcry, in all likelihood it is because the government recognized that it was not possible to control encryption technology. By the end of the 1990's, PGP translations were available on the Internet in virtually every part of the world. It's important to note that although the US has largely lifted any restrictions on strong encryption technology, there are many countries which have not. The current host of the 2008 Summer Olympics requires that all hotels install electronic communications interception technology for the government and outsiders may not enter that country with strongly-encrypted data without either a governmental license or provide an escrow copy of the keys to government. References [1] U.S. Census Bureau, Quarterly Retail E-Commerce Sales, (www.census.gov/mrts/www/ecomm.html) [2] S. Singh, The Code Book, (1999), Anchor Books [3] W. Die, M. Hellman, New Directions in Cryptography, IEEE Transactions of Information Theory, IT -22 (November 1976) pages 644-654 [4] R. Rivest, A. Shamir, L. Adelman, A Method for Obtaining Digital Signatures and Public Key Cryptosystems, Communications of the ACM 21:2 (1978) pages 120-126 [5] I. Peterson, The Unpacking of a Knapsack, Science News, Vol. No. 126, Nov. (1984), pages 330-331 [6] B. Schneier, Applied Cryptography, Second Edition: Protocols, Algorithms, and Source Code in C, (1996) Wiley Computer Publishing 6

Recommended

Senior Research Final Draft3
Senior Research Final Draft3Senior Research Final Draft3
Senior Research Final Draft3Coleman Gorham
 
Public Key Algorithms
Public Key AlgorithmsPublic Key Algorithms
Public Key AlgorithmsBit Hacker
 
Broadcasting and low exponent rsa attack
Broadcasting and low exponent rsa attackBroadcasting and low exponent rsa attack
Broadcasting and low exponent rsa attackAnkita Kapratwar
 
Presentation on Cryptography_Based on IEEE_Paper
Presentation on Cryptography_Based on IEEE_PaperPresentation on Cryptography_Based on IEEE_Paper
Presentation on Cryptography_Based on IEEE_PaperNithin Cv
 
The rsa algorithm
The rsa algorithmThe rsa algorithm
The rsa algorithmKomal Singh
 
A survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic EncryptionA survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic Encryptioniosrjce
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSASrilal Buddika
 
Chapter 06 rsa cryptosystem
Chapter 06 rsa cryptosystemChapter 06 rsa cryptosystem
Chapter 06 rsa cryptosystemAnkur Choudhary
 

Recommended

Senior Research Final Draft3
Senior Research Final Draft3Senior Research Final Draft3
Senior Research Final Draft3Coleman Gorham
 
Public Key Algorithms
Public Key AlgorithmsPublic Key Algorithms
Public Key AlgorithmsBit Hacker
 
Broadcasting and low exponent rsa attack
Broadcasting and low exponent rsa attackBroadcasting and low exponent rsa attack
Broadcasting and low exponent rsa attackAnkita Kapratwar
 
Presentation on Cryptography_Based on IEEE_Paper
Presentation on Cryptography_Based on IEEE_PaperPresentation on Cryptography_Based on IEEE_Paper
Presentation on Cryptography_Based on IEEE_PaperNithin Cv
 
The rsa algorithm
The rsa algorithmThe rsa algorithm
The rsa algorithmKomal Singh
 
A survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic EncryptionA survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic Encryptioniosrjce
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSASrilal Buddika
 
Chapter 06 rsa cryptosystem
Chapter 06 rsa cryptosystemChapter 06 rsa cryptosystem
Chapter 06 rsa cryptosystemAnkur Choudhary
 
EFFICIENT CONDITIONAL PROXY REENCRYPTION WITH CHOSEN CIPHER TEXT SECURITY
EFFICIENT CONDITIONAL PROXY REENCRYPTION WITH CHOSEN CIPHER TEXT SECURITYEFFICIENT CONDITIONAL PROXY REENCRYPTION WITH CHOSEN CIPHER TEXT SECURITY
EFFICIENT CONDITIONAL PROXY REENCRYPTION WITH CHOSEN CIPHER TEXT SECURITYIJNSA Journal
 
3 des
3 des3 des
3 des3afrite
 
Cryptography
CryptographyCryptography
Cryptographysharmili priyadarsini
 
Computer Security Lecture 7: RSA
Computer Security Lecture 7: RSAComputer Security Lecture 7: RSA
Computer Security Lecture 7: RSAMohamed Loey
 
Security Attacks on RSA
Security Attacks on RSASecurity Attacks on RSA
Security Attacks on RSAPratik Poddar
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key CryptographyAbhijit Mondal
 
Rsa diffi-network security-itt
Rsa diffi-network security-ittRsa diffi-network security-itt
Rsa diffi-network security-ittrameshvvv
 
RSA
RSARSA
RSAbansidhar11
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA AlgorithmJoon Young Park
 
Rsa rivest shamir adleman
Rsa rivest shamir adlemanRsa rivest shamir adleman
Rsa rivest shamir adlemanHossain Md Shakhawat
 
Introduction - Lattice-based Cryptography
Introduction - Lattice-based CryptographyIntroduction - Lattice-based Cryptography
Introduction - Lattice-based CryptographyAlexandre Augusto Giron
 
Al-Gamal-W6(al gamal)-d1-d2
Al-Gamal-W6(al gamal)-d1-d2Al-Gamal-W6(al gamal)-d1-d2
Al-Gamal-W6(al gamal)-d1-d2Fahad Layth
 
Detailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocolsDetailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocolsChristian Spolaore
 
Lattice Based Cryptography - GGH Cryptosystem
Lattice Based Cryptography - GGH CryptosystemLattice Based Cryptography - GGH Cryptosystem
Lattice Based Cryptography - GGH CryptosystemVarun Janga
 
C0211822
C0211822C0211822
C0211822inventionjournals
 
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...IJNSA Journal
 
F010243136
F010243136F010243136
F010243136IOSR Journals
 
LITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEM
LITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEMLITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEM
LITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEMIJNSA Journal
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyMd. Shafiul Alam Sagor
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsaMazin Alwaaly
 
Rsa
RsaRsa
RsaWaseem Wasi
 
RSA final notation change2
RSA final notation change2RSA final notation change2
RSA final notation change2Coleman Gorham
 

More Related Content

What's hot

EFFICIENT CONDITIONAL PROXY REENCRYPTION WITH CHOSEN CIPHER TEXT SECURITY
EFFICIENT CONDITIONAL PROXY REENCRYPTION WITH CHOSEN CIPHER TEXT SECURITYEFFICIENT CONDITIONAL PROXY REENCRYPTION WITH CHOSEN CIPHER TEXT SECURITY
EFFICIENT CONDITIONAL PROXY REENCRYPTION WITH CHOSEN CIPHER TEXT SECURITYIJNSA Journal
 
Computer Security Lecture 7: RSA
Computer Security Lecture 7: RSAComputer Security Lecture 7: RSA
Computer Security Lecture 7: RSAMohamed Loey
 
Security Attacks on RSA
Security Attacks on RSASecurity Attacks on RSA
Security Attacks on RSAPratik Poddar
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key CryptographyAbhijit Mondal
 
Rsa diffi-network security-itt
Rsa diffi-network security-ittRsa diffi-network security-itt
Rsa diffi-network security-ittrameshvvv
 
Introduction - Lattice-based Cryptography
Introduction - Lattice-based CryptographyIntroduction - Lattice-based Cryptography
Introduction - Lattice-based CryptographyAlexandre Augusto Giron
 
Al-Gamal-W6(al gamal)-d1-d2
Al-Gamal-W6(al gamal)-d1-d2Al-Gamal-W6(al gamal)-d1-d2
Al-Gamal-W6(al gamal)-d1-d2Fahad Layth
 
Detailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocolsDetailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocolsChristian Spolaore
 
Lattice Based Cryptography - GGH Cryptosystem
Lattice Based Cryptography - GGH CryptosystemLattice Based Cryptography - GGH Cryptosystem
Lattice Based Cryptography - GGH CryptosystemVarun Janga
 
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...IJNSA Journal
 
LITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEM
LITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEMLITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEM
LITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEMIJNSA Journal
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyMd. Shafiul Alam Sagor
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsaMazin Alwaaly
 

What's hot (20)

EFFICIENT CONDITIONAL PROXY REENCRYPTION WITH CHOSEN CIPHER TEXT SECURITY
EFFICIENT CONDITIONAL PROXY REENCRYPTION WITH CHOSEN CIPHER TEXT SECURITYEFFICIENT CONDITIONAL PROXY REENCRYPTION WITH CHOSEN CIPHER TEXT SECURITY
EFFICIENT CONDITIONAL PROXY REENCRYPTION WITH CHOSEN CIPHER TEXT SECURITY
 
3 des
3 des3 des
3 des
 
Cryptography
CryptographyCryptography
Cryptography
 
Computer Security Lecture 7: RSA
Computer Security Lecture 7: RSAComputer Security Lecture 7: RSA
Computer Security Lecture 7: RSA
 
Security Attacks on RSA
Security Attacks on RSASecurity Attacks on RSA
Security Attacks on RSA
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
 
Rsa diffi-network security-itt
Rsa diffi-network security-ittRsa diffi-network security-itt
Rsa diffi-network security-itt
 
RSA
RSARSA
RSA
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA Algorithm
 
Rsa rivest shamir adleman
Rsa rivest shamir adlemanRsa rivest shamir adleman
Rsa rivest shamir adleman
 
Introduction - Lattice-based Cryptography
Introduction - Lattice-based CryptographyIntroduction - Lattice-based Cryptography
Introduction - Lattice-based Cryptography
 
Al-Gamal-W6(al gamal)-d1-d2
Al-Gamal-W6(al gamal)-d1-d2Al-Gamal-W6(al gamal)-d1-d2
Al-Gamal-W6(al gamal)-d1-d2
 
Detailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocolsDetailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocols
 
Lattice Based Cryptography - GGH Cryptosystem
Lattice Based Cryptography - GGH CryptosystemLattice Based Cryptography - GGH Cryptosystem
Lattice Based Cryptography - GGH Cryptosystem
 
C0211822
C0211822C0211822
C0211822
 
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...
SCHEME OF ENCRYPTION FOR BLOCK CIPHERS AND MULTI CODE GENERATION BASED ON SEC...
 
F010243136
F010243136F010243136
F010243136
 
LITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEM
LITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEMLITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEM
LITTLE DRAGON TWO: AN EFFICIENT MULTIVARIATE PUBLIC KEY CRYPTOSYSTEM
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key Cryptography
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsa
 

Similar to RSA Public-Key Cryptography Explained

RSA final notation change2
RSA final notation change2RSA final notation change2
RSA final notation change2Coleman Gorham
 
Cryptography
CryptographyCryptography
Cryptographygadgetic
 
A comparative analysis of the possible attacks on rsa cryptosystem
A comparative analysis of the possible attacks on rsa cryptosystemA comparative analysis of the possible attacks on rsa cryptosystem
A comparative analysis of the possible attacks on rsa cryptosystemIAEME Publication
 
A NEW ATTACK ON RSA WITH A COMPOSED DECRYPTION EXPONENT
A NEW ATTACK ON RSA WITH A COMPOSED DECRYPTION EXPONENTA NEW ATTACK ON RSA WITH A COMPOSED DECRYPTION EXPONENT
A NEW ATTACK ON RSA WITH A COMPOSED DECRYPTION EXPONENTijcisjournal
 
1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...
1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...
1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...decentralizeeverything
 
Cryptanalysis Project Report
Cryptanalysis Project ReportCryptanalysis Project Report
Cryptanalysis Project Reportshahparin
 
Encryptolog y-1216310707267721-9
Encryptolog y-1216310707267721-9Encryptolog y-1216310707267721-9
Encryptolog y-1216310707267721-9Shan Raja
 
How to invent a new cryptosystem.pdf
How to invent a new cryptosystem.pdfHow to invent a new cryptosystem.pdf
How to invent a new cryptosystem.pdfMihailIulianPlea1
 
ch09_rsa_nemo.ppt
ch09_rsa_nemo.pptch09_rsa_nemo.ppt
ch09_rsa_nemo.pptChandraB15
 
Cupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829aCupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829ajsk1950
 
Deep dive into rsa
Deep dive into rsaDeep dive into rsa
Deep dive into rsaBill GU
 

Similar to RSA Public-Key Cryptography Explained (20)

Rsa
RsaRsa
Rsa
 
RSA final notation change2
RSA final notation change2RSA final notation change2
RSA final notation change2
 
Cryptography
CryptographyCryptography
Cryptography
 
Rsa cryptosystem
Rsa cryptosystemRsa cryptosystem
Rsa cryptosystem
 
A comparative analysis of the possible attacks on rsa cryptosystem
A comparative analysis of the possible attacks on rsa cryptosystemA comparative analysis of the possible attacks on rsa cryptosystem
A comparative analysis of the possible attacks on rsa cryptosystem
 
A NEW ATTACK ON RSA WITH A COMPOSED DECRYPTION EXPONENT
A NEW ATTACK ON RSA WITH A COMPOSED DECRYPTION EXPONENTA NEW ATTACK ON RSA WITH A COMPOSED DECRYPTION EXPONENT
A NEW ATTACK ON RSA WITH A COMPOSED DECRYPTION EXPONENT
 
Rsa
RsaRsa
Rsa
 
Rsa
RsaRsa
Rsa
 
1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...
1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...
1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...
 
Cryptanalysis Project Report
Cryptanalysis Project ReportCryptanalysis Project Report
Cryptanalysis Project Report
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Encryptolog y-1216310707267721-9
Encryptolog y-1216310707267721-9Encryptolog y-1216310707267721-9
Encryptolog y-1216310707267721-9
 
Ch09
Ch09Ch09
Ch09
 
How to invent a new cryptosystem.pdf
How to invent a new cryptosystem.pdfHow to invent a new cryptosystem.pdf
How to invent a new cryptosystem.pdf
 
How to share a secret
How to share a secretHow to share a secret
How to share a secret
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
 
ch09_rsa_nemo.ppt
ch09_rsa_nemo.pptch09_rsa_nemo.ppt
ch09_rsa_nemo.ppt
 
Cupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829aCupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829a
 
Deep dive into rsa
Deep dive into rsaDeep dive into rsa
Deep dive into rsa
 

Recently uploaded

TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...ssifa0344
 
Natural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsNatural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsAArockiyaNisha
 
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡anilsa9823
 
Zoology 4th semester series (krishna).pdf
Zoology 4th semester series (krishna).pdfZoology 4th semester series (krishna).pdf
Zoology 4th semester series (krishna).pdfSumit Kumar yadav
 
Biological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdfBiological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdfmuntazimhurra
 
Botany 4th semester file By Sumit Kumar yadav.pdf
Botany 4th semester file By Sumit Kumar yadav.pdfBotany 4th semester file By Sumit Kumar yadav.pdf
Botany 4th semester file By Sumit Kumar yadav.pdfSumit Kumar yadav
 
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...Sérgio Sacani
 
Botany krishna series 2nd semester Only Mcq type questions
Botany krishna series 2nd semester Only Mcq type questionsBotany krishna series 2nd semester Only Mcq type questions
Botany krishna series 2nd semester Only Mcq type questionsSumit Kumar yadav
 
Chromatin Structure | EUCHROMATIN | HETEROCHROMATIN
Chromatin Structure | EUCHROMATIN | HETEROCHROMATINChromatin Structure | EUCHROMATIN | HETEROCHROMATIN
Chromatin Structure | EUCHROMATIN | HETEROCHROMATINsankalpkumarsahoo174
 
Nanoparticles synthesis and characterization​ ​
Nanoparticles synthesis and characterization​ ​Nanoparticles synthesis and characterization​ ​
Nanoparticles synthesis and characterization​ ​kaibalyasahoo82800
 
Pests of mustard_Identification_Management_Dr.UPR.pdf
Pests of mustard_Identification_Management_Dr.UPR.pdfPests of mustard_Identification_Management_Dr.UPR.pdf
Pests of mustard_Identification_Management_Dr.UPR.pdfPirithiRaju
 
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdfPests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdfPirithiRaju
 
GBSN - Biochemistry (Unit 1)
GBSN - Biochemistry (Unit 1)GBSN - Biochemistry (Unit 1)
GBSN - Biochemistry (Unit 1)Areesha Ahmad
 
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.Nitya salvi
 
GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)Areesha Ahmad
 
Disentangling the origin of chemical differences using GHOST
Disentangling the origin of chemical differences using GHOSTDisentangling the origin of chemical differences using GHOST
Disentangling the origin of chemical differences using GHOSTSérgio Sacani
 
Forensic Biology & Its biological significance.pdf
Forensic Biology & Its biological significance.pdfForensic Biology & Its biological significance.pdf
Forensic Biology & Its biological significance.pdfrohankumarsinghrore1
 
VIRUSES structure and classification ppt by Dr.Prince C P
VIRUSES structure and classification ppt by Dr.Prince C PVIRUSES structure and classification ppt by Dr.Prince C P
VIRUSES structure and classification ppt by Dr.Prince C PPRINCE C P
 
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSpermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSarthak Sekhar Mondal
 
Chemistry 4th semester series (krishna).pdf
Chemistry 4th semester series (krishna).pdfChemistry 4th semester series (krishna).pdf
Chemistry 4th semester series (krishna).pdfSumit Kumar yadav
 

Recently uploaded (20)

TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
 
Natural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsNatural Polymer Based Nanomaterials
Natural Polymer Based Nanomaterials
 
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
 
Zoology 4th semester series (krishna).pdf
Zoology 4th semester series (krishna).pdfZoology 4th semester series (krishna).pdf
Zoology 4th semester series (krishna).pdf
 
Biological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdfBiological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdf
 
Botany 4th semester file By Sumit Kumar yadav.pdf
Botany 4th semester file By Sumit Kumar yadav.pdfBotany 4th semester file By Sumit Kumar yadav.pdf
Botany 4th semester file By Sumit Kumar yadav.pdf
 
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...
 
Botany krishna series 2nd semester Only Mcq type questions
Botany krishna series 2nd semester Only Mcq type questionsBotany krishna series 2nd semester Only Mcq type questions
Botany krishna series 2nd semester Only Mcq type questions
 
Chromatin Structure | EUCHROMATIN | HETEROCHROMATIN
Chromatin Structure | EUCHROMATIN | HETEROCHROMATINChromatin Structure | EUCHROMATIN | HETEROCHROMATIN
Chromatin Structure | EUCHROMATIN | HETEROCHROMATIN
 
Nanoparticles synthesis and characterization​ ​
Nanoparticles synthesis and characterization​ ​Nanoparticles synthesis and characterization​ ​
Nanoparticles synthesis and characterization​ ​
 
Pests of mustard_Identification_Management_Dr.UPR.pdf
Pests of mustard_Identification_Management_Dr.UPR.pdfPests of mustard_Identification_Management_Dr.UPR.pdf
Pests of mustard_Identification_Management_Dr.UPR.pdf
 
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdfPests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
 
GBSN - Biochemistry (Unit 1)
GBSN - Biochemistry (Unit 1)GBSN - Biochemistry (Unit 1)
GBSN - Biochemistry (Unit 1)
 
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
 
GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)
 
Disentangling the origin of chemical differences using GHOST
Disentangling the origin of chemical differences using GHOSTDisentangling the origin of chemical differences using GHOST
Disentangling the origin of chemical differences using GHOST
 
Forensic Biology & Its biological significance.pdf
Forensic Biology & Its biological significance.pdfForensic Biology & Its biological significance.pdf
Forensic Biology & Its biological significance.pdf
 
VIRUSES structure and classification ppt by Dr.Prince C P
VIRUSES structure and classification ppt by Dr.Prince C PVIRUSES structure and classification ppt by Dr.Prince C P
VIRUSES structure and classification ppt by Dr.Prince C P
 
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSpermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
 
Chemistry 4th semester series (krishna).pdf
Chemistry 4th semester series (krishna).pdfChemistry 4th semester series (krishna).pdf
Chemistry 4th semester series (krishna).pdf
 

RSA Public-Key Cryptography Explained

  • 1. An Introduction to RSA Public-Key Cryptography David Boyhan August 5, 2008 According to the U.S. Census Bureau, in the 1st quarter of 2008, approximately $33 billion worth of retail sales were conducted on the Internet.[1] In all likelihood, the vast majority of these were secured at some level by an encryption scheme known as public-key cryptography (PKC). Interestingly, relative to the Internet, PKC is quite old, 1 at the same time, relative to virtually all other types of secret writing or cryptography, PKC is extremely young. 2 It's doubtful that without PKC either electronic commerce or the world wide web would have expanded as rapidly and as they have. Before PKC For the nearly 2000 years prior to PKC, all forms of ciphers were symmetric. That is, in order to read a secret encrypted message, a condential key is needed. For example, in the case of the Caesar Shift Cipher, used by Julius Caesar, a plain-text message M is encrypted by shifting each letter in the message by three letters (e.g., all As become Ds, all Bs become Es, etc.) [2] (page 10). As a result, the plain-text message (M): DM HURTS MY BRAIN is encrypted into the cipher-text message (C): GP KXUWV OB EUDLQ In this case, the number 3 is the key to the cipher, that must both be kept condential from eavesdroppers, but must also be shared between both the sender and the recipient. A more complex cipher might have random letter substitutions, or use more than one alphabet. The German Enigma used during World War II relied on multiple mechanically rotated rotors to encrypt messages. The order and initial settings of the rotors represented the condential keys that had to be distributed securely to all users of the Enigma. Every one of these ciphers, including the Advanced Encryption Standard (AES) approved by the U.S. National Institute of Standards and Technology in 2001, is therefore considered a symmetric-key cipher, in that the key to both lock and unlock the condential message is identical and needs to protected from eavesdropping. 3 Symmetric key encryption can also be thought of in terms of two functions, one for encrypting - E, and one for decrypting - D. In both cases, a single key k is used to both encrypt plain-text message M, and to decrypt cipher-text message C. 1PKC is approximately 30 years old, while general public access to the Internet is only about 20 years old, and the World- Wide-Web is only about 15 years old. 2Most authorities date cryptography and secret writing to at least 400 B.C. [2](page 9). 3Technically, certain forms of secret writing, including invisible ink, stenography (hidden writing such as micro-dots) and one-time pads do not require keys. However, they all rely on some form of secure distribution that is vulnerable to interception. 1
  • 2. Accordingly: E(M, k) → C D(C, k) → M As a result of the requirement that symmetric keys be distributed securely, by the 1960's and 1970's the process of key distribution had become a serious problem for both businesses and governments. Major resources were committed to secure key distribution, in some cases requiring daily couriers between business and government agencies.[2](pages 251, 252). Die-Hellman Invent PKC However, in 1976 two mathematicians, Whiteld Die and Martin Hellman published a paper proposing a revolutionary new cryptographic approach. In their paper[3] Die and Hellman proposed a scheme where keys could be exchanged between senders without concern over interception. There would now be two keys, a public-key e that could be published to the world, and a corresponding private-key d that would be kept condential. The public-key e would be used to encrypt message M into cipher-text C and the private-key d would be used to decrypt C back into plain-text M. Even though the actual encryption algorithms could be published and available to eavesdroppers, it would be computationally infeasible to derive d from e. In simple terms, the public key e locks and the private key d unlocks. The public key is published to the world and anyone who wishes to communicate securely with the key-owner uses the public key. Accordingly: E(M, e) → C D(C, d) → M D(C, e) → M This concept would be the core of public-key cryptography and would eliminate any need for key distribu- tion. Keys would now be asymmetric rather than symmetric. This also permitted the creation of digital signatures [3] because the In order to implement PKC, Die and Hellman proposed using one-way or trapdoor functions. These functions are so called this because while they can be performed quite easily in one direction, it is signi- cantly more complex and time-consuming to reverse the function. A simple example would be multiplication versus factoring. While it's a simple matter to multiply 13, 719 by 23, 547 to get the result 323, 041, 293, it's signicantly more complex to factor 323, 041, 293 into it's prime factors of 32 ∗ 17 ∗ 47 ∗ 167 ∗ 269. The group of one-way functions that Hellman, and another research, Ralph Merkle, proposed were based on knapsack problems. In simplest terms, knapsack functions require packing a knapsack with objects of various weights in order to perfectly t within the connes of the knapsack. In cryptography, the problem could involve determining a subset (x1, x2, x3) from a larger set of integers (x1, x2, x3, x4, x5, x6) such that the subset adds up exactly to a certain agreed upon value. In this case, the public-key would be the ordered set of weights and the encrypted message would be the product of the message text and the public key. The private key would be the subset of the weights. Although calculating the sum is a very simple matter (one- way), as would be decrypting the message using the proper subset, determining what the private subset values are for a suciently large set of numbers xn is computationally quite complex and is considered NP Complete. However, it was subsequently determined that although knapsack problems are NP Complete, there are special cases of the problems that are relatively easy to solve, rendering that particular trap-door cryptographically awed.[5] RSA In 1978, Ronald Rivest, Adi Shamir and Leonard Adelman published a paper proposing an alternative PKC algorithm based upon prime number factorization and multiplicative inverse modular math.[4]Their 2
  • 3. approach survived signicant cryptographic analysis and quickly became the de facto standard for PKC and has remained as such for the last 30 years. In order to use RSA (named for the initial of the authors), a ctional protagonist, Alice, rst needs to create her public and private keys. In RSA, a public key actually consists of two numbers, n and e and the private key similarly consists of two numbers, n again and d. The value n is generated by multiplying two very large prime numbers together. These two large prime numbers, p and q are kept secret. 4 Alice must then pick a large, random integer d that is relatively prime to ((p − 1) · (q − 1)). In other words, the greatest common divisor of d and ((p − 1) · (q − 1)) must be 1. Thus: gcd(d, (p − 1) · (q − 1)) = 1 Finally, Alice (or the software) must generate the public-key e from d, p and q. This step is the real heart of the RSA algorithm because the approach taken makes it computationally infeasible to determine d without p and q even though both n and e are published to the world. The integer e as the public-key encryption component is calculated as the multiplicative inverse of: d mod ((p − 1) · (q − 1) This is probably the most complex part of RSA. Traditionally, the multiplicative inverse of d would be d−1 such that d · d−1 = 1. However, in this case, we are seeking the modular multiplicative inverse. 5 A multiplicative inverse of d mod ((p − 1) · (q − 1)), is an integer e such that: d · e = 1 mod ((p − 1) · (q − 1)) In order for their to be a solution for e, d and ((p − 1) · (q − 1)) must be relatively prime. To solve e, we can use Euler's Totient and Euler's Generalization of Fermat's Little Theorem. [4][6] Euler's Totient of n, signied as φ(n), is dened as the number of positive integers less than n that are relatively prime to n. If n is prime then φ(n) is simply (n − 1). If both p and q and prime, then it's easy to see that φ(p · q) will be ((p − 1) · (q − 1)). However, if n is not prime, such as, for example, 12, then the numbers that are less than n that are relatively prime to n would be 1, 5, 7, 11. Therefore φ(12) is 4. Calculating Euler's Totient can be accomplished in a number of ways, but the simplest method uses the unique prime factorization theorem in a manner similar to calculation of gcd. If, in calculating φ(n) we determine the prime factorization of nsuch that n = pk1 1 · · · pkr r then, isolate the distinct primes and then compute φ(n) using the following formula: n p|n 1 − 1 p In this formula, the range of p is only those primes identied as distinct in the prime factorization of n. Therefore, for example, 12 = 22 31 so the Totient would be 12 · (1 − 1 2 ) · (1 − 1 3 ) = 12 ∗ 1 2 ∗ 2 3 = 4. Similarly, because the prime factorization of 54 = 21 33 then φ(54) would also be 54 ∗ 1 2 ∗ 2 3 = 18. Euler's generalization of Fermat's Little Theorem states that: if gcd(d, z) = 1 then dφ(z) mod z = 1. This is a condition we have already satised with dand ((p − 1) · (q − 1). Substituting ((p − 1) · (q − 1))for z we can see, using Fermat's Little Theorem that: 1 = dφ((p−1)·(q−1)) mod ((q − 1) · (p − 1)) 4When we discuss large prime numbers, we are talking about prime numbers with hundreds, thousands or millions of digits. 5It may clarify things somewhat to use Schneier's [6]examples of modular multiplicative inverse that 4 ∗ x (mod 7) . . . is equivalent to nding an x and k such that 4x = 7k + 1 where both x and k are integers. The general problem is nding an x such that 1 = (a ∗ x) mod n. This is also written as a−1 ≡ x (mod n) 3
  • 4. We also know that based on the denition of multiplicative modular inverse that: e · d = 1(mod(p − 1) · (q − 1)) e · d · d−1 = d−1 · 1(mod(p − 1) · (q − 1)) Substituting in dφ((p−1)·(q−1)) mod ((q − 1) · (p − 1))for 1(mod(p − 1) · (q − 1)), we get: e · 1 = dφ((p−1)·(q−1))−1 mod (p − 1) · (q − 1) The process to both encrypt and decrypt is now remarkably simple. To quote directly from the original RSA paper: . . ., the result (the ciphertext C) is the remainder when Me is divided by n. To decrypt the ciphertext, raise it to another power d again modulo n . As a result, the formulas for encrypting plain-text message M is E(M) and decrypting cipher-text message C is D(C) as follows: E(M) = Me (mod n) = C D(C) = Cd (mod n) = M We'll now go through a simple example. We'll start by creating Alice's public key. To create n we'll use very small prime numbers: p = 5, q = 11. Therefore, the rst part of the public encryption key n = p · q = 5 · 11 = 55. We must now pick random number that is relatively prime to ((p − 1) · (q − 1)). We can easily see that 7 is relatively prime to 55, so we'll use d = 7. Again, we would typically use much larger numbers. We will also calculate e using d and Euler's Generalization of Fermat's Little Theorem. Accordingly: 6 e = dφ((p−1)·(q−1))−1 mod ((p − 1) · (q − 1)) = 7φ(4∗10)−1 mod 4 ∗ 10 It's easy to see that 40 = 23 ∗ 51 Therefore, φ(40) = 40 ∗ (1 − 1 2 ) ∗ (1 − 1 5 ) = 40 ∗ 1 2 ∗ 4 5 = 16 Therefore, e = 715 mod 40 e = 23 Finally we'll start with plain-text message M: DM HURTS MY BRAIN For the purposes of this example, we'll use the integers 1-26 to represent the alphabet and remove all spaces. However, under normal circumstances, ASCII would be used instead. Therefore, M becomes: D M H U R T S M Y B R A I N 04 13 08 21 18 20 19 13 25 02 18 01 09 14 6This was calculated using the OSS software Euler's Math Toolbox available at: mathsrv.ku-eichstaett.de/MGF/homes/grothmann/euler/index.html 4
  • 5. Now, encryption is simply of matter of iteratively encrypting each block. We can therefore see that the rst encrypted block C1 = 0423 (mod 5)5 = 097 The entire message is encrypted as: 09 52 17 21 02 25 39 52 05 08 02 01 14 49 And this would be decrypted using D(C) = Cd (mod n) = M. So, M1 = 097 (mod 5)5 = 04, M2 = 527 (mod 5)5 = 13. . .M14 = 497 (mod 5)5 = 14 As a result of RSA, both encryption and decryption is accomplished quite rapidly. However, it's relatively easy to see that in order to derive the secret key d from the public key d and n an attacker would need to factor ninto p and q order to determine φ((p − 1) · (q − 1)) and thereby d. Since we have chosen p and q as very large prime numbers, the amount of time necessary to factor n becomes prohibitive and is currently believed to be NP Hard. It was estimated in the RSA paper that using the fastest known prime-factoring methods, if each step only required 1 microsecond, it take an estimated 4.2 ∗ 1025 years for a number n of 500 digits to be factored. [4](page 12). Digital Signatures Certicates In addition to its simplicity, the PKC scheme oers certain features that simplify electronic communications and electronic commerce. The two best examples of these are digital signatures and digital certicates. RSA has the ability to create unique digital signatures that are generated by a using a private key d but can be validated by using the public key e. As a result if Alice and Bob wish to execute a document without meeting in person, Bob can encrypt the document using Alice's public key ea. When Alice receives the document, she decrypts it and signs it using her digital signature generated from her private key da. She then re-encrypts it using Bob's public key eband sends it to Bob. Bob decrypts the message using his private key db and views Alice's digital signature. He can verify her digital signature using her public key ea verifying that it could only be signed by Alice. Similarly, digital certicates which are required for virtually all forms of electronic commerce are simply an enhanced form of the public-key e. That is, the more advanced implementations of PKC allow users to generate certicates that contain not just their public key, but unique information such as personal details and expiration dates. These can then be posted with, or generated by, so-called trusted certicate authorities such as Verisign. However, the underlying content is still essentially an RSA based public key. PGP and a Cryptographic Crisis Finally, it should be noted that although RSA public-key cryptography has been enormously successful and important to the growth of the Internet and e-commerce, there have been signicant issues surrounding it. The most famous concerns the development of a software package called PGP (for Pretty Good Privacy).[2](pages 298-301) Although the RSA scheme had been published in 1977 in a widely available journal, the algorithm itself was patented by Rivest, Shamir and Adelman and a company was established to license the algorithm. This licensing was almost exclusively made to very large businesses and to the government. However, by the late 1980's electronic communications tools were increasingly available to private individuals and privacy issues were stating to come to the forefront. In part to try to give private citizens access to improved privacy, an individual named Philip Zimmermann began developing a PC software package based on the RSA algorithms. His original intent was to obtain a license from RSA. However, he experienced diculty in obtaining a license and 1991 he delivered a working copy of PGP, together with source-code to a friend to be placed on the Internet. As a result, individuals as far away as China and Russia suddenly had access to extremely strong cryptographic technology. Two things immediately happened after the release of PGP. First, Mr. Zimmermann was sued by RSA for patent violation. Secondly and perhaps more interestingly, the US Federal government began inquiries into 7This was also calculated using the software Euler's Math Toolbox. 5
  • 6. Mr. Zimmerman's actions, which included allegations that he had exported munitions outside of the United States without a license. At at the time, the US Government categorized strong encryption technology as a munition comparable to a rearm or an explosive, requiring formal export approval. By placing PGP on the Internet, the government argued that Mr. Zimmermann had exported a munition. Ultimately, Mr. Zimmermann became the subject of an FBI grand jury investigation. The US Government in fact became so concerned about the availability of strong encryption tools that they proposed an alternative encryption scheme, known as Clipper and Capstone which would be mandated on all electronic equipment (e.g., cell phones, modems, etc.). However, both Clipper and Capstone would escrow copies of all cryptographic keys with the US Government, the argument being that without manda- tory key-escrow, the government would be unable to implement wire-taps and the like for legitimate law enforcement purposes. Not surprisingly, both privacy advocates and businesses reacted extremely negatively to the proposal. The privacy concerns are clear. However, businesses objected to the proposal because they recognized that no buyer outside of the United States would be interested in technology with a built-in back-door for the U.S. government. By the end of the 1990's, the had FBI dropped their grand jury investigation and Mr. Zimmermann obtained a license from RSA. More importantly, the government had also dropped their Clipper/Capstone proposal. Although this may have been a decision based upon public outcry, in all likelihood it is because the government recognized that it was not possible to control encryption technology. By the end of the 1990's, PGP translations were available on the Internet in virtually every part of the world. It's important to note that although the US has largely lifted any restrictions on strong encryption technology, there are many countries which have not. The current host of the 2008 Summer Olympics requires that all hotels install electronic communications interception technology for the government and outsiders may not enter that country with strongly-encrypted data without either a governmental license or provide an escrow copy of the keys to government. References [1] U.S. Census Bureau, Quarterly Retail E-Commerce Sales, (www.census.gov/mrts/www/ecomm.html) [2] S. Singh, The Code Book, (1999), Anchor Books [3] W. Die, M. Hellman, New Directions in Cryptography, IEEE Transactions of Information Theory, IT -22 (November 1976) pages 644-654 [4] R. Rivest, A. Shamir, L. Adelman, A Method for Obtaining Digital Signatures and Public Key Cryptosystems, Communications of the ACM 21:2 (1978) pages 120-126 [5] I. Peterson, The Unpacking of a Knapsack, Science News, Vol. No. 126, Nov. (1984), pages 330-331 [6] B. Schneier, Applied Cryptography, Second Edition: Protocols, Algorithms, and Source Code in C, (1996) Wiley Computer Publishing 6