Simple Survey for RSA Algorithm. Information Security / Algorithm / Cryptography / Crypto / RSA

1. RSA Cryptosystem
석사 29기 박준영

2. Contents
• Symmetric / Asymmetric Key Algorithm
• Founders of RSA
• RSA Key Generation Algorithm
• RSA Crack Estimated Time
• Possible Attacks
• Tutorials
• Q & A

3. Symmetric Key Algorithm
• Same key for Encrypt & Decrypt
• Fast computing speed
• Easy(?) to Develop
• Block Cipher / Stream Cipher

4. –Benjamin Franklin
‘Three can keep a secret,
if two of them are dead.’

5. Asymmetric Key Algorithm
• Different key (Public Key / Private Key)
• Slow computing speed
• Hard to Develop
+ Non-repudiation
• Factorization Problem / Discrete Logarithm Problem
• RSA / ECC / ElGamal / Rabin …

6. The Founders
Ron RivestAdi Shamir
Len Adleman

7. Key Generation Algorithm
1. Choose two distinct prime numbers p and q.
• For security purposes, the integers p and q should be chosen at random,
and should be of similar bit-length. Prime integers can be efficiently found
using a primality test.
2. Compute n = pq.
• n is used as the modulus for both the public and private keys. Its length,
usually expressed in bits, is the key length.
3. Compute φ(n) = φ(p)φ(q) = (p − 1)(q − 1) = n - (p + q
-1), where φ is Euler's totient function.

8. Key Generation Algorithm
4. Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1;
i.e., e and φ(n) are coprime.
• e is released as the public key exponent.
• e having a short bit-length and small Hamming weight results in more efficient
encryption – most commonly 216 + 1 = 65,537. However, much smaller values of e
(such as 3) have been shown to be less secure in some settings.[5]
5. Determine d as d ≡ e−1 (mod φ(n)); i.e., d is the multiplicative
inverse of e (modulo φ(n)).
• This is more clearly stated as: solve for d given d⋅e ≡ 1 (mod φ(n))
• This is often computed using the extended Euclidean algorithm. Using the pseudocode
in the Modular integers section, inputs a and n correspond to e and φ(n), respectively.
• d is kept as the private key exponent.

9. Key Point
Integer Factorization Problem
NP-hard

10. RSA Crack Estimated Time
• RSA-100
- few days / multiple-polynomial quadratic sieve algorithm
•RSA-155
- about six month / general number field sieve algorithm
•RSA-768
- 2 years / parallel computing (almost 2000 years on single-core
2.2 GHz AMD Opteron-based computer)

11. • RSA-240 to RSA-2048
- not yet factored
- YOU can factor & win the cash prize, US$200,000!
RSA Crack Estimated Time

12. ‘A chain is no stronger
than its weakest link’

13. Possible Attacks
• Guessing d
•
• Low Exponent Vuln.
Side-channel Attacks

14. Side-channel Attacks
• Based on Time Variance
• Kocher’s Attack
• Schindler’s Attack
• Brumley-Boneh’s Attack

15. • Many experiments has
done.
• Montgomery Reduction
• Choice of Multiplication
routine
• Blinding Defense
• Quantize Computation
Side-channel Attacks

16. ‘Seeing is Believing’

17. Tutorial
RSA Simple Example

18. Tutorial
Login to SSH using RSA Auth.

19. Reference
1. 한국전자통신연구원, “암호학의 기초”, 1999
2. RIVEST, Ronald L.; SHAMIR, Adi; ADLEMAN, Len. A method for obtaining digital
signatures and public-key cryptosystems. Communications of the ACM, 1978, 21.2:
120-126.
3. BRUMLEY, David; BONEH, Dan. Remote timing attacks are practical. Computer
Networks, 2005, 48.5: 701-716.
4. MAHAJAN, Sonam; SINGH, Maninder. Analysis of RSA algorithm using GPU
programming. arXiv preprint arXiv:1407.1465, 2014.
5. Ronan Killeen, Possible Attacks on RSA (http://www.members.tripod.com/
irish_ronan/rsa/attacks.html)
6. 홍정대; 박근수. OpenSSL 기반 RSA 서버 에 대한 Timing Attack 구현. 한국정보과학회 학
술발표논문집, 2004, 31.2Ⅰ: 730-732.

20. Question & Answer