The document presents an in-depth analysis of RSA, a public-key cryptography method invented by Rivest, Shamir, and Adleman. It outlines the RSA algorithm, including the processes for key generation, encryption, and decryption, as well as the significance of digital signatures for authentication and integrity. The paper also examines security implications, potential attacks on RSA, and provides examples of its application in information security.

1. A Method for Obtaining
Digital Signatures
and Public Key Cryptosystems
Rivest, Shamir, Adleman
Srilal Buddika

2. Ronald L. Rivest, Adi Shamir, and Leonard Adleman
Inventers of RSA (1978)
2

3. Concept Invented By Diffie and Hellman
Diffie-Hellman algorithm (1976)
 Whitfield Diffie and Martin Hellman
3

4. Outline
Information Security
Public Key Cryptosystems
Basic Concept of RSA
Digital Signatures
Encryption Flow
RSA Algorithm
Security Analysis
Current RSA Stats
Conclusion
Q&A
4

5. Information Security
We need information to share/express our ideas
Some Information are valuable. Hence we need Protection
One of Protection method is “Data Encryption“
Encryption : Transform usable information into a form that
renders it unusable by anyone other than an authorized user
Decryption : Information that has been encrypted (rendered
unusable) can be transformed back into its original usable
form by an authorized user, who possesses the cryptographic
key
Cryptographic key : Specifies the particular transformation
of plaintext into ciphertext, or vice versa
5

6. Information Security Contd.
Encryption
Key
Algorithm
Decryption
Cipher Text
Plain Text
6

7. Public Key Cryptoystems
Encryption procedure - E
Decryption procedure - D
Message - M
Cipher text - C
Parameters of E kept public
Parameters of D kept private
Examples
7

8. Public Key Cryptosystems Contd.
Deciphering the enciphered form of a message M yields M.
D(E(M)) = M
Both E and D are easy to compute
By publicly revealing E, the user does not reveal an easy
way to compute D (One-Way Functions)
If a message M is first deciphered and then enciphered, M is
the result
E(D(M)) = M
RSA is an algorithm for public-key cryptography
8

9. Basic Concepts of RSA
RSA do – Encryption/Decryption/Key Generation
Two types of Keys
Private key (to be kept confidential)
Public key (known to everyone)
Has the property of D(E(M)) = M
The Inverse is also TRUE (digital signatures)
E(D(M)) = M
9

10. Typical Encryption Scenario
10

11. Digital Signatures
Proof for verifying the sender (Authentication)
Proof that message is not modified by someone
other than the sender (Integrity)
Preserve non-repudiation (Sender cannot deny
sending it)
Signature needs to be,
– Message-dependant
– Signer-dependant
11

12. Digital Signatures Contd.
• How to do it in RSA
– Alice sends a signed message to Bob
• Why we need to HASH the message ?
– Example :
• I have uploaded the “presentation-slides.pdf” on
Moodle
• Verify your SHA512sum Digest Code with Original
value posted at MyLinkedInProfile/Projects
12

13. Digital Signatures Contd.
Sometimes you don't particularly mind letting the whole world read a
message (or would rather they did) yet want to provide a mechanism
to prove that you wrote the message. Signing does just this.
RSA is slow, but most encryption software using RSA actually
encrypts documents with a symmetric cipher like TDEA or AES, and
encrypts the key used (sometimes called a "session" key) with RSA,
so the slowdown from encrypting the entire document is not that
great.
If you want to hide the contents of the message, then you take the
message and the signature, zip them together and encrypt the
whole thing with the public key of the receiver before you send.
13

14. Encryption Flow
14

15. RSA Algorithm
Notations
– n is known as the modulus
– p & q two large random primes
– e is known as the public exponent or
encryption exponent
– d is known as the secret exponent or
decryption exponent
Mathematics Related to RSA – Eular’s,Fermat’s
and Chinese Remainder Theorems
15

16. RSA Algorithm Contd.
1. Choose two random large prime numbers, p and q
2. Compute the product n = p x q
3. Randomly choose the encryption key, e, such that e
and (p - 1)(q - 1) are relatively prime
4. Use the extended Euclidean algorithm to compute the
decryption key, d, such that
e*d ≡ 1 mod (p - 1)(q - 1)
ie
d = e-1 mod ((p - 1)(q - 1))
* d and n are also relatively prime
16

17. RSA Algorithm Contd.
Keys
– e and n are the public key
– d is the private key
Important :
The two primes, p and q, are no longer needed
They should be discarded, but never revealed
17

18. RSA Algorithm Contd.
Encryption
1. Divide message into numerical blocks smaller than
n (with binary data, choose the largest power of 2
less than n)
2. For each block
• c = me mod n
Decryption
1. For each cipher text block
 m = cd mod n
18

19. RSA Algorithm Contd.
RSA Example
1.
2.
3.
4.
5.
Select primes: p=17 & q=11
Compute n = pq =17×11=187 ; n=187
Compute ø(n)=(p–1)(q-1)=16×10=160
Select e ; gcd(e,160)=1; choose e=7
Determine d: d*e=1 mod 160 and d < 160
Hence, Value is d=23 since 23×7=161= 10×160+1
6. Publish public key Kpub={7,187} (e,n)
7. Keep secret private key Kpvt={23,17,11} (p,q,d)
19

20. RSA Algorithm Contd.
message „M‟= 88 (88<187)
Encryption: [c = me mod n]
• C = 887 mod 187 = 11
C = 11
Decryption: [m = cd mod n]
• M = 1123 mod 187 = 88
M = 88
If message is 8888 then ?
20

21. Security Analysis
In addition to encrypting messages (which ensures
privacy), you can authenticate yourself to me (so I know
that it is really you who sent the message)
Complexity of Factoring large primes is the strength of
RSA algorithm
Managing Physical Security must be done
Don‟t let anyone copy your key or your primes
21

22. Current RSA Stats
Known Attacks
d<N5 Lattice Attack
Low public exponent (Coppersmith)
Broadcast Attack (Hastad)
Related message Attack (Franklin-Reiter)
A 768-bit key has been broken
A 2048-bit key (RSA Factorial Challenge)
Price : 200,000 USD
22

23. Conclusion
In this Paper,
Authors have Invented a new PKCS
It‟s a New Methodology of Data Encryption
Mechanism (Still valid on IT Industry)
Have practically proven it
By applying relevant security criteria, it became the
best PKCS
Authors did not mention about RSA performances
under different data loads
One of a best research paper among few
23

24. Thank You !
24

25. Appendix - I
25

26. D-H Concept
Yellow paint is
already agreed by
Alice and Bob
26

27. Trapdoor Functions
Easy to compute in one direction
Difficult to compute in the opposite direction‟
RSA Example
Difficulty of Factoring Large Primes
27

28. Other Public Key Cryptosystems
28

29. Mathematics
29

30. Mathematics Contd.
30

31. Mathematics Contd.
31

32. Digital Signature on RSA
32

33. Hash Functions
Ex: SHA-1/2 , MD5 …
Output code called “Digest”
If message is small Padding is used
Has Avalanche Effect
33

34. Hash Functions Contd.
34

35. Avoiding Reblocking (Signed Msgs)
Happens when ,
Signature “n” > Encryption “n”
Remedy-1
•
•
•
•
Maintain two public key pairs (e, n)
Choose a threshold value h.
For signature n < h
For enciphering n > h
Remedy-2
•
•
•
•
•
Each user has a single public key pair (e, n)
Choose a threshold value h.
n is where h < n < 2h
Message enciphered as a number less than h
If ciphertext has a value greater than h, repeatedly re-encipher until
it is less than h
• Similarly method applies for deciphering.
35

36. Appendix - II
36

37. Generating Large Primes
How to find a really big prime
Randomly generate a large odd number b of
the size you want
Use Solovay and Strassen’s probabilistic
algorithm
• Select some number a from {0, …, b-1}
• gcd(a,b) = 1 and J(a,b) = a(b-1)/2
– If false b is composite.
– If true b is prime with a probability of at least ½
37

38. Mathematics Stuffs for RSA
Eulers totient function Ф
– Ф(n) : gives the number of positive integers
less then n which are relatively prime to n.
Computing Ф(n)
– Ф(n) = Ф(p*q)
= Ф(p)* Ф(q)
= (p-1)*(q-1)
= pq – p – q + 1
= n – (p + q) + 1
38

39. Mathematics Stuffs for RSA Contd.
Multiplicative Inverse Example
– Two relatively prime numbers 5 and 7
1
2
3
4
5
6
7
* 5 = 5 ≡ 5 (Mod 7)
* 5 = 10 ≡ 3 (Mod 7)
* 5 = 15 ≡ 1 (Mod 7)
* 5 = 20 ≡ 6 (Mod 7)
* 5 = 25 ≡ 4 (Mod 7)
* 5 = 30 ≡ 2 (Mod 7)
* 5 = 35 ≡ 0 (Mod 7)
Z7 is a cyclic group
39

40. Attacks on RSA
Lattice Based Attacks on RSA
Hastad’s Attack
Franklin-Reiter Attack
Extension to Wiener’s Attack
Hastad’s Attack
Given 3 public keys (Ni,ei) with the same ei=3
If a user sent the same message to all 3 public keys
=> can recover the plaintext
40

41. Attacks on RSA Contd.
Hastad‟s Attack
Receiver 1
c1=me mod N1
User
c2=me mod N2
Message: m
(N1,e)
Receiver 1
(N2,e)
c3=me mod N3
Receiver 1
(N3,e)
41

42. Attacks on RSA Contd.
Franklin-Reiter Attack
c1=m1e mod N
Bob
Message: m1,m2
Alice
m2=f(m1) mod N
(N,e)
c2=m2e mod N
42

43. Attacks on RSA Contd.
This attack was originally developed by Franklin and Reiter, for the
situation when e = 3, with k = 2 messages, with a relation of degree
d =1. This result has since been generalized further, so that it
applies for any number of messages with a relation of any degree.
The value of e is limited to a length of approximately 32 bits due to
the complexity of the calculation. This ensures that the attack is
effective when e = 216 + 1, which is a popular choice.
43