The document discusses the RSA cryptosystem. It begins by explaining that RSA is an important public-key cryptosystem based on the difficulty of factoring large integers. It then provides examples of how RSA works, including choosing prime numbers p and q to generate the public and private keys, and using modular exponentiation to encrypt and decrypt messages. The document also discusses the importance of integer factorization for the security of RSA, and considerations for designing a secure RSA system, such as choosing sufficiently large prime numbers.
Apresentação sobre Criptografia baseada em reticulados (lattices), realizada no contexto da disciplina de Post-Quantum Cryptography do PPGCC da UFSC.
Versão odp: http://coenc.td.utfpr.edu.br/~giron/presentations/aula_lattice.odp
Lattice-Based Cryptography: CRYPTANALYSIS OF COMPACT-LWEPriyanka Aash
Destructive and constructive methods in lattice-based cryptography will be discussed. Topic 1: Cryptanalysis of Compact-LWE Authors: Jonathan Bootle; Mehdi Tibouchi; Keita Xagawa Topic 2: Two-message Key Exchange with Strong Security from Ideal Lattices Authors: Zheng Yang; Yu Chen; Song Luo
(Source: RSA Conference USA 2018)
This report to document the RSA code and how it works from encrypting certain message to how to decrypt it using general and private keys which will be generated in the given code.
Apresentação sobre Criptografia baseada em reticulados (lattices), realizada no contexto da disciplina de Post-Quantum Cryptography do PPGCC da UFSC.
Versão odp: http://coenc.td.utfpr.edu.br/~giron/presentations/aula_lattice.odp
Lattice-Based Cryptography: CRYPTANALYSIS OF COMPACT-LWEPriyanka Aash
Destructive and constructive methods in lattice-based cryptography will be discussed. Topic 1: Cryptanalysis of Compact-LWE Authors: Jonathan Bootle; Mehdi Tibouchi; Keita Xagawa Topic 2: Two-message Key Exchange with Strong Security from Ideal Lattices Authors: Zheng Yang; Yu Chen; Song Luo
(Source: RSA Conference USA 2018)
This report to document the RSA code and how it works from encrypting certain message to how to decrypt it using general and private keys which will be generated in the given code.
This presentation is based on the paper :
"A Method for Obtaining Digital Signatures and Public-Key Cryptosystems" by R.L. Rivest, A. Shamir, and L. Adleman
Key Topics are ....
Number Theory
Public key encryption
Modular Arithmetic
Euclid’s Algorithm
Chinese Remainder Theorem
Euler's Theorem
Fermat's Theorem
RSA Public Key Encryption
traditional private/secret/single key cryptography uses one key
Key is shared by both sender and receiver
if the key is disclosed communications are compromised
also known as symmetric, both parties are equal
hence does not protect sender from receiver forging a message & claiming is sent by sender
We will discuss the following: RSA Key generation , RSA Encryption , RSA Decryption , A Real World Example, RSA Security.
https://www.youtube.com/watch?v=x7QWJ13dgGs&list=PLKYmvyjH53q13_6aS4VwgXU0Nb_4sjwuf&index=7
Public Key Cryptography and RSA algorithmIndra97065
Public Key Cryptography and RSA algorithm.Explanation and proof of RSA algorithm in details.it also describer the mathematics behind the RSA. Few mathematics theorem are given which are use in the RSA algorithm.
Cryptography is the practice and study of techniques for conveying information security.
The goal of Cryptography is to allow the intended recipients of the message to receive the message securely.
The most famous algorithm used today is RSA algorithm
Digital Signature Recognition using RSA AlgorithmVinayak Raja
• OBJECTIVE: Basically, the idea behind digital signatures is the same as your handwritten signature. You use it to authenticate the fact that you promised something that you can't take back later. A digital signature doesn't involve signing something with a pen and paper then sending it over the Internet. But like a paper signature, it attaches the identity of the signer to a transaction.
• PROBLEM SOLVED: Signer authentication , Message authentication, Non-repudiation , Message integrity
Estate Planning involves carefully considered decisions regarding your estate and property, your future and also the future of your children. A great estate plan is your opportunity to thoughtfully leave your assets to those whom you value and feel should benefit from your years of hard work and wealth accumulation. The questions you ask yourself initially will guide your entire estate planning process. This presentation discusses what questions you need to ask yourself as you begin the estate planning process. If you have questions about your estate plan, please contact us on 1800 770 780 or ohl@owenhodge.com.au.
This presentation is based on the paper :
"A Method for Obtaining Digital Signatures and Public-Key Cryptosystems" by R.L. Rivest, A. Shamir, and L. Adleman
Key Topics are ....
Number Theory
Public key encryption
Modular Arithmetic
Euclid’s Algorithm
Chinese Remainder Theorem
Euler's Theorem
Fermat's Theorem
RSA Public Key Encryption
traditional private/secret/single key cryptography uses one key
Key is shared by both sender and receiver
if the key is disclosed communications are compromised
also known as symmetric, both parties are equal
hence does not protect sender from receiver forging a message & claiming is sent by sender
We will discuss the following: RSA Key generation , RSA Encryption , RSA Decryption , A Real World Example, RSA Security.
https://www.youtube.com/watch?v=x7QWJ13dgGs&list=PLKYmvyjH53q13_6aS4VwgXU0Nb_4sjwuf&index=7
Public Key Cryptography and RSA algorithmIndra97065
Public Key Cryptography and RSA algorithm.Explanation and proof of RSA algorithm in details.it also describer the mathematics behind the RSA. Few mathematics theorem are given which are use in the RSA algorithm.
Cryptography is the practice and study of techniques for conveying information security.
The goal of Cryptography is to allow the intended recipients of the message to receive the message securely.
The most famous algorithm used today is RSA algorithm
Digital Signature Recognition using RSA AlgorithmVinayak Raja
• OBJECTIVE: Basically, the idea behind digital signatures is the same as your handwritten signature. You use it to authenticate the fact that you promised something that you can't take back later. A digital signature doesn't involve signing something with a pen and paper then sending it over the Internet. But like a paper signature, it attaches the identity of the signer to a transaction.
• PROBLEM SOLVED: Signer authentication , Message authentication, Non-repudiation , Message integrity
Estate Planning involves carefully considered decisions regarding your estate and property, your future and also the future of your children. A great estate plan is your opportunity to thoughtfully leave your assets to those whom you value and feel should benefit from your years of hard work and wealth accumulation. The questions you ask yourself initially will guide your entire estate planning process. This presentation discusses what questions you need to ask yourself as you begin the estate planning process. If you have questions about your estate plan, please contact us on 1800 770 780 or ohl@owenhodge.com.au.
The color of the egg yolk and chicken skin is determined by the concentration and type of carotenoid present in the broiler or layer diet. This is important to keep in mind, as different colours are preferred depending on the geographical area.
Find out more about the effect of different types of carotenoids on broiler skin and egg yolk colour. In particular, look closely at effective the CAROPHYLL Red and Yellow products by DSM.
To find out more about DSM's work on poultry visit us at: http://www.dsm.com/markets/anh/en_US/species/species-poultry.html
Or why not talk to the expert on Twitter: @goldenyolk
Comunicación interna-externa plan de comunicacionJuanManuelAli
Ejemplo Práctico de un plan de comunicación. http://marketingdiaadia.blogspot.com.ar/
Realizo consultorías en Marketing Digital, si te interesa contactarte: juanmanuelali@gmail.com
Presentación de Sociedades Anónima S.A., legalmente reconocidas en el contexto de Colombia - Seminario Empresarial - Universidad de la Salle Bogotá Colombia - Obra públicada bajo una licencia de Creative Commons 2.5 Colombia.
ANÁLISIS FODA: descubre en esta presentación el material para comprender la definición, características y algunos ejemplos del análisis FODA.
El Análisis FODA puede aplicarse a diversas áreas desde el desarrollo de un proyecto de negocios hasta proyectos de vida.
telescopio.galileo.edu
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...CSCJournals
Cryptography has several important aspects in supporting the security of the data, which
guarantees confidentiality, integrity and the guarantee of validity (authenticity) data. One of the
public-key cryptography is the RSA cryptography. The greater the size of the modulus n, it will be
increasingly difficult to factor the value of n. But the flaws in the RSA algorithm is the time
required in the decryption process is very long. Theorem used in this research is the Chinese
Remainder Theorem (CRT). The goal is to find out how much time it takes RSA-CRT on the size
of modulus n 1024 bits and 4096 bits to perform encryption and decryption process and its
implementation in Java programming. This implementation is intended as a means of proof of
tests performed and generate a cryptographic system with the name "RSA and RSA-CRT Text
Security". The results of the testing algorithm is RSA-CRT 1024 bits has a speed of
approximately 3 times faster in performing the decryption. In testing the algorithm RSA-CRT 4096
bits, the conclusion that the decryption process is also effective undertaken more rapidly.
However, the flaws in the key generation process and the RSA 4096 bits RSA-CRT is that the
time needed is longer to generate the keys.
HW 5-RSA/ascii2str.m
function str = ascii2str(ascii)
% Convert to string
str = char(ascii);
HW 5-RSA/bigmod.m
function remainder = bigmod (number, power, modulo)
% modulo function for large numbers, -> number^power(mod modulo)
% by bennyboss / 2005-06-24 / Matlab 7
% I used algorithm from this webpage:
% http://www.disappearing-inc.com/ciphers/rsa.html
% binary decomposition
binary(1,1) = 1;
col = 2;
while ( binary(1, col-1) <= power-binary(1, col-1) )
binary(1, col) = 2*binary(1, col-1);
col = col + 1;
end
% flip matrix
binary = fliplr(binary);
% extract binary decomposition from number
result = power;
cols = length(binary);
extracted_binary = zeros(1, cols);
index = zeros(1, cols);
for ( col=1 : cols )
if( result-binary(1, col) > 0 )
result = result - binary(1, col);
extracted_binary(1, col) = binary(1, col);
index(1, col) = col;
elseif ( result-binary(1, col) == 0 )
extracted_binary(1, col) = binary(1, col);
index(1, col) = col;
break;
end
end
% flip matrix
binary = fliplr(binary);
% doubling the powers by squaring the numbers
cols2 = length(extracted_binary);
rem_sqr = zeros(1, cols);
rem_sqr(1, 1) = mod(number^1, modulo);
if ( cols2 > 1 )
for ( col=2 : cols)
rem_sqr(1, col) = mod(rem_sqr(1, col-1)^2, modulo);
end
end
% flip matrix
rem_sqr = fliplr(rem_sqr);
% compute reminder
index = find(index);
remainder = rem_sqr(1, index(1, 1));
cols = length(index);
for (col=2 : cols)
remainder = mod(remainder*rem_sqr(1, index(1, col)), modulo);
end
HW 5-RSA/EGCP447-Lecture No 10.pdf
RSA Encryption
RSA = Rivest, Shamir, and Adelman (MIT), 1978
Underlying hard problem
– Number theory – determining prime factors of a given
(large) number
e.g., factoring of small #: 5 -) 5, 6 -) 2 *3
– Arithmetic modulo n
How secure is RSA?
– So far remains secure (after all these years...)
– Will somebody propose a quick algorithm to factor
large numbers?
– Will quantum computing break it? -) TBD
RSA Encryption
In RSA:
– P = E (D(P)) = D(E(P)) (order of D/E does not matter)
– More precisely: P = E(kE, D(kD, P)) = D(kD, E(kE, P))
Encryption: C = Pe mod n KE = e
– n is the key length
– Note, P is turned into an integer using a padding
scheme
– Given C, it is very difficult to find P without knowing
KD
Decryption: P = Cd mod n KD = d
We will look at this algorithm in detail next time
RSA Algorithm
1. Key Generation
– A key generation algorithm
2. RSA Function Evaluation
– A function F, that takes as an input a point x and a
key k and produces either an encrypted result or
plaintext, depending on the input and the key
Key Generation
The key generation algorithm is the most
complex part of RSA
The aim of the key generation algorithm is to
generate both th ...
Information and network security 33 rsa algorithmVaibhav Khanna
RSA algorithm is asymmetric cryptography algorithm. Asymmetric actually means that it works on two different keys i.e. Public Key and Private Key. As the name describes that the Public Key is given to everyone and Private key is kept private
Everything I always wanted to know about crypto, but never thought I'd unders...Codemotion
For many years, I had entirely given up on ever understanding the anything about cryptography. However, I’ve since learned it’s not nearly as hard as I thought to understand many of the important concepts. In this talk, I’ll take you through some of the underlying principles of modern applications of cryptography. We’ll talk about our goals, the parts are involved, and how to prevent and understand common vulnerabilities. This’ll help you to make better choices when you implement crypto in your products, and will improve your understanding of how crypto is applied to things you already use.
Water scarcity is the lack of fresh water resources to meet the standard water demand. There are two type of water scarcity. One is physical. The other is economic water scarcity.
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Dr.Costas Sachpazis
Terzaghi's soil bearing capacity theory, developed by Karl Terzaghi, is a fundamental principle in geotechnical engineering used to determine the bearing capacity of shallow foundations. This theory provides a method to calculate the ultimate bearing capacity of soil, which is the maximum load per unit area that the soil can support without undergoing shear failure. The Calculation HTML Code included.
Explore the innovative world of trenchless pipe repair with our comprehensive guide, "The Benefits and Techniques of Trenchless Pipe Repair." This document delves into the modern methods of repairing underground pipes without the need for extensive excavation, highlighting the numerous advantages and the latest techniques used in the industry.
Learn about the cost savings, reduced environmental impact, and minimal disruption associated with trenchless technology. Discover detailed explanations of popular techniques such as pipe bursting, cured-in-place pipe (CIPP) lining, and directional drilling. Understand how these methods can be applied to various types of infrastructure, from residential plumbing to large-scale municipal systems.
Ideal for homeowners, contractors, engineers, and anyone interested in modern plumbing solutions, this guide provides valuable insights into why trenchless pipe repair is becoming the preferred choice for pipe rehabilitation. Stay informed about the latest advancements and best practices in the field.
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...Amil Baba Dawood bangali
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
1. RSA cryptosystem 1
qq
The most important public-key cryptosystem is the RSA cryptosystem
on which one can also illustrate a variety of important ideas of modern
public-key cryptography.
A special attention will be given to the problem of factorization of
integers that play such an important role for security of RSA.
Several factorization methods will be presented and discuss. In doing
that we will illustrate modern distributed techniques to factorize very
large integers.
IV054
For example we will discuss various possible attacks on the RSA
cryptosystem and various other problems related to security of the
RSA cryptosystems.
2. 2RSA cryptosystem
DESIGN and USE of RSA CRYPTOSYSTEMDESIGN and USE of RSA CRYPTOSYSTEM
Invented in 1978 by Rivest, Shamir, Adleman
Basic idea: prime multiplication is very easy, integer factorization seems to be
unfeasible.
IV054
( ) ( )( )11, −−== qpnpqn φ
( )( ) 1,gcd =nd φ
( )( )nde mod1
φ−
=
Design of RSA cryptosystems
1. Choose two large (512 - 1024 bits) primes p,q and denote
2. Choose a large d such that
and compute
Public key: n (modulus), e (encryption algorithm)
Trapdoor information: p, q, d (decryption algorithm)
Plaintext w
Encryption: cryptotext c = we
mod n
Decryption: plaintext w = cd
mod n
Details: A plaintext is first encoded as a word over the alphabet {0, 1,…,9}, then
divided into blocks of length i -1, where 10 i-1
< n < 10 i
. Each block is taken as an
integer and decrypted using modular exponentiation.
3. 3RSA cryptosystem
DESIGN and USE of RSA CRYPTOSYSTEMDESIGN and USE of RSA CRYPTOSYSTEM
Example of the design and of the use of RSA cryptosystems.
• By choosing p = 41,q = 61 we get n = 2501, φ(n) = 2400
• By choosing d = 2087 we get e = 23
• By choosing d = 2069 we get e=29
• By choosing other values of d we get other values of e.
Let us choose the first pair of encryption/decryption exponents ( e=23 and d=2087).
IV054
Plaintext: KARLSRUHE
Encoding: 100017111817200704
Since 103
< n < 104
, the numerical plaintext is divided into blocks of 3 digits ⇒ 6 plaintext
integers are obtained
100, 017, 111, 817, 200, 704Encryption:
10023
mod 2501, 1723
mod 2501, 11123
mod 2501
81723
mod 2501, 20023
mod 2501, 70423
mod 2501
provides cryptotexts: 2306, 1893, 621, 1380, 490, 313
Decryption:
2306 2087
mod 2501 = 100, 1893 2087
mod 2501 = 17
621 2087
mod 2501 = 111, 1380 2087
mod 2501 = 817
490 2087
mod 2501 = 200, 313 2087
mod 2501 = 704
4. 4RSA cryptosystem
Correctness of RSACorrectness of RSA
Let c = we
mod n be the cryptotext for a plaintext w, in the cryptosystem with
In such a case
and, if the decryption is unique, w = cd
mod n.
IV054
( )( ) ( )( ) 1,gcd,mod1, =≡= ndnedpqn φφ
ncw d
mod≡
( )( )ned mod1 φ≡ ( ) .1+= njed φ
( )
( )nwwwc njedd
mod1
≡== +φ
( ) ( )
( )
( )
( )
( )qww
qw
qwqw
ed
nj
nq
mod
mod1
mod1mod11
≡⇒
≡⇒
≡⇒≡⇒ −
φ
φ
( )ncww ded
mod≡≡
Proof Since , there exist a j € N such that
• Case 1. Neither p nor q divides w.
In such a case gcd(n, w) = 1 and by the Euler's Totien Theorem we get that
• Case 2. Exactly one of p,q divides w - say p.
In such a case wed
≡ w (mod p) and by Fermat's Little theorem wq-1
≡ 1 (mod q)
Therefore:
• Case 3 Both p,q divide w.
This cannot happen because, by our assumption, w < n.
5. 5RSA cryptosystem
RSA challengeRSA challenge
One of the first description of RSA was in the paper.
Martin Gardner: Mathematical games, Scientific American, 1977
and in this paper RSA inventors presented the following challenge.
Decrypt the cryptotext:
9686 9613 7546 2206 1477 1409 2225 4355 8829 0575 9991 1245 7431 9874
6951 2093 0816 2982 2514 5708 3569 3147 6622 8839 8962 8013 3919 9055
1829 9451 5781 5154
IV054
Encrypted using the RSA cryptosystem with
n: 114 381 625 757 888 867 669 235 779 976 146 612 010 218 296 721 242 362
562 561 842 935 706 935 245 733 897 830 597 123 513 958 705 058 989 075 147
599 290 026 879 543 541.
and with e = 9007
The problem was solved in 1994 by first factorizing n into one 64-bit prime and one
65-bit prime, and then computing the plaintext
THE MAGIC WORDS ARE SQUEMISH OSSIFRAGE
6. 6RSA cryptosystem
How to design a good RSA cryptosystemHow to design a good RSA cryptosystem
1. How to choose large primes p,q?
Choose randomly a large integer p, and verify, using a randomized algorithm,
whether p is prime. If not, check p + 2, p + 4,…
From the Prime Number Theorem if follows that there are approximately
d bit primes. (A probability that a 512-bit number is prime is 0.00562.)
IV054
1
1
2log
2
2log
2
−
−
− d
d
d
d
2. What kind of relations should be between p and q?
2.1 Difference |p-q| should be neither too small not too large.
2.2 gcd(p-1, q-1) should not be large.
2.3 Both p-1 and q-1 should contain large prime factors.
2.4 Quite ideal case: q, p should be safe primes - such that also (p–1)/2 and
(q-1)/2 are primes (83,107,10100
– 166517 are examples of safe primes).
3. How to choose e and d?
3.1 Neither d nor e should be small.
3.2 d should not be smaller than n1/4
. (For d < n1/4
a polynomial time algorithm is
known to determine d.
7. 7RSA cryptosystem
DESIGN OF GOOD RSA CRYPTOSYSTEMSDESIGN OF GOOD RSA CRYPTOSYSTEMS
Claim 1. Difference |p-q| should not be small.
Indeed, if |p - q| is small, and p > q, then (p + q)/2 is only slightly larger than
because
In addition is a square, say y2
.
In order to factor n it is then enough to test x > until such x is found that x2
- n is a
square, say y2
. In such a case
p + q = 2x, p – q = 2y and therefore p = x + y, q = x - y.
IV054
n
( ) ( )
44
22
qpqp
n −+
=−
( )
nqp
−+
4
2
n
( ).nφ
nwwwc ksedd
mod1''
≡≡≡ +
,mod1'
sed ≡
Claim 2. gcd(p-1, q-1) should not be large.
Indeed, in the opposite case s = lcm(p-1, q-1) is much smaller than If
then, for some integer k,
since p - 1|s, q - 1|s and therefore wk1s
≡ 1 mod p and wks+1
≡ w mod q. Hence, d'
can serve as a decryption exponent.
Moreover, in such a case s can be obtained by testing.
Question Is there enough primes (to choose again and again new ones)?
No problem, the number of primes of length 512 bit or less exceeds 10150
.
8. 8RSA cryptosystem
How important is factorizationHow important is factorization for breaking RSA?for breaking RSA?
1. If integer factorization is feasible, then RSA is breakable.
IV054
2. There is no proof that factorization is needed to break RSA.
3. If a method of breaking RSA would provide an effective way to get a trapdoor
information, then factorization could be done effectively.
Theorem Any algorithm to compute φ(n) can be used to factor integers with the
same complexity.
Theorem Any algorithm for computing d can be converted into a break randomized
algorithm for factoring integers with the same complexity.
4. There are setups in which RSA can be broken without factoring modulus n.
Example An agency chooses p, q and computes a modulus n = pq that is
publicized and common to all users U1, U2 and also encryption exponents e1, e2,…
are publicized. Each user Ui gets his decryption exponent di.
In such a setting any user is able to find in deterministic quadratic time another
user's decryption exponent.
9. 9RSA cryptosystem
We show two important properties of the functions half and parity.
1. Polynomial time computational equivalence of the functions half and parity
follows from the following identities
and the multiplicative rule ek(w1)ek(w2) = ek(w1w2).
Security of RSASecurity of RSA
None of the numerous attempts to develop attacks on RSA has turned out to be
successful.
There are various results showing that it is impossible to obtain even only partial
information about the plaintext from the cryptotext produces by the RSA
cryptosystem.
We will show that were the following two functions, computationally
polynomially equivalent, be efficiently computable, then the RSA cryptosystem
with the encryption (decryption) algorithm ek (dk) would be breakable.
parityek(c) = the least significant bit of such an w that ek(w) = c;
IV054
( ) ( ) .1
2
if1and
2
n
w0if0 −≤≤=<≤= nw
n
chalfchalfek
( ) ( )( )
( ) ( )( )nechalfcparity
necparitychalf
kekek
kekek
mod
mod2
2
1
×=
×=
2. There is an efficient algorithm to determine plaintexts w from the cryptotexts c
obtained by RSA-decryption provided efficiently computable function half can be
used as the oracle:
10. 10RSA cryptosystem
Security of RSASecurity of RSA
BREAKING RSA USING AN ORACLE
Algorithm:
for i = 0 to [lg n] do
c i ← half(c); c ← (c × ek(2)) mod n
l ← 0; u ← n
for i = 0 to [lg n] do
m ← (l + u) / 2;
if c i = 1 then l ← m else u ← m;
w ← [u]
Indeed, in the first cycle
is computed for 0 Ł i Ł lg n.
IV054
( )( )( ) ( )( ),22 wehalfechalfc i
k
i
ki =×=
( )( ) )[
( )( ) ) )[[
( )( ) ∈≡=
∪∈≡=
∈≡=
wwehalf
wwehalf
wwehalf
k
nnn
k
n
k
04
,,002
,00
4
3
24
2
In the second part of the algorithm binary search is used to determine interval in
which w lies. For example, we have that
11. 11RSA cryptosystem
Security of RSASecurity of RSA
There are many results for RSA showing that certain parts are as hard as whole.
For example any feasible algorithm to determine the last bit of the plaintext can be
converted into a feasible algorithm to determine the whole plaintext.
Example Assume that we have an algorithm H to determine whether a plaintext x
designed in RSA with public key e, n is smaller than n / 2 if the cryptotext y is given.
We construct an algorithm A to determine in which of the intervals (jn/8, (j +1)n/8),
0 Ł j Ł 7 the plaintext lies.
Basic idea H is used to decide whether the plaintexts for cryptotexts xe
mod n, 2e
xe
mod n, 4e
xe
mod n are smaller than n / 2 .
Answers
yes, yes, yes 0 < x < n/8 no, yes, yes n/2 < x < 5n/8
yes, yes, no n/8 < x < n/4 no, yes, no 5n/8 < x < 3n/4
yes, no, yes n/4 < x < 3n/8 no, no, yes 3n/4 < x < 7n/8
yes, no, no 3n/8 < x < n/2 no, no, no 7n/8 < x < n
IV054
12. 12RSA cryptosystem
RSA with a compositeRSA with a composite ““to be a prime''to be a prime''
Let us explore what happens if some integer p used, as a prime, to design a RSA
is actually not a prime.
Let n = pq where q be a prime, but p = p1p2, where p1, p2 are primes. In such a case
but assume that the RSA-designer works with
Let u = lcm(p1 - 1, p2 - 1, q -1) and let gcd(w, n) = 1. In such a case
and as a consequence
In such a case u divides and let us assume that also u divides
Then
So if ed ≡ 1 mod φ1(n), then encryption and decryption work as if p were prime.
IV054
( ) ( )( )( )111 21 −−−= qppnφ
( ) ( ) ( )111 −−= qpnφ
( ) ( ) ( )qwpwpw qpp
mod1,mod1,mod1 1
2
1
1
1 21
≡≡≡ −−−
( )nwu
mod1≡
( )nφ ( ).1 nφ
( )
( ).mod11
nww n
≡+φ
Example p = 91 = 7 ·13, q = 41, n = 3731, φ1(n) = 3600, φ(n) = 2880, lcm(6, 12, 40)
= 120, 120|φ1(n).
If gcd(d, φ1(n)) = 1, then gcd(d, φ(n)) = 1 ⇒ one can compute e using φ1(n).
However, if u does not divide φ1(n), then the cryptosystem does not work properly.
13. 13RSA cryptosystem
Two users should not use the same modulusTwo users should not use the same modulus
Otherwise, users, say A and B, would be able to decrypt messages of each other using the
following method.
Decryption: B computes
Since
it holds:
and therefore
m and eA have no common divisor and therefore there exist integers u, v such that
um + veA = 1
Since m is a multiple of φ(n) we have
and since eAdA ≡ 1 mod φ(n) we have
and therefore
is a decryption exponent of A. Indeed, for a cryptotext c:
IV054
( ) f
de
ABB
BB
medef 1
,,1gcd −
=−=
( ) kkde BB someforn1 φ=−
( )( ) ( )( ) 1,gcd1,gcd =⇒= nfneA φφ
( ).ofmultipleais nm φ
( )numveA mod11 φ≡−=
( ) ( )nedv AA mod0 φ≡−
( )ndv A modφ≡
( )
.modnwwwc ncdevev AAA
≡≡≡ + φ
14. 14RSA cryptosystem
Private-key versus public-key cryptographyPrivate-key versus public-key cryptography
• The prime advantage of public-key cryptography is increased security - the
private keys do not ever need to be transmitted or revealed to anyone.
IV054
• Public key cryptography is not meant to replace secret-key cryptography, but
rather to supplement it, to make it more secure.
• Example RSA and DES are usually combined as follows
1. The message is encrypted with a random DES key
2. DES-key is encrypted with RSA
3. DES-encrypted message and RSA-encrypted DES-key are sent.
This protocol is called RSA digital envelope.
• In software (hardware) DES is generally about 100 (1000) times faster than RSA.
If n users communicate with secrete-key cryptography, they need n (n - 1) / 2 keys.
In the case they use public key cryptography 2n keys are sufficient.
Public-key cryptography allows spontaneous communication.
15. 15RSA cryptosystem
Private-key versus public-key cryptographyPrivate-key versus public-key cryptography
• If RSA is used for digital signature then the public key is usually much smaller
than private key => verification is faster.
IV054
• An RSA signature is superior to a handwritten signature because it attests
both to the contents of the message as well as to the identity of the signer.
As long as a secure hash function is used there is no way to take someone's
signature from one document and attach it to another, or to after the signed
message in any way.
The slightest change in a signed message will cause the digital signature
verification process to fail.
• Digital signature are the exact tool necessary to convert even the most
important paper based documents to digital form and to have them only in the
digital form.