A Method for Obtaining Digital Signatures and Publickey Cryptosystems

1
A Method for Obtaining Digital Signatures and
Public-key Cryptosystems

• R.L Rivest, A. Shamir, L. Adleman
• Presented by Wesley Varela

2

• Ronald L. Rivest, Adi Shamir, and Leonard Adleman
  
• Inventers of RSA

3
OUTLINE

• Introduction
• The Basic Idea of RSA
• A Small Example (Simple)
• The Big Hairy Math Stuff
• A Better Example
• Known Weaknesses

4
Introduction

• The era of electronic mail 10 may soon be
  upon us

5

• Why Encryption ??
• What uses ??

6
So Bad People Dont Do Bad Things
7

• Public vs. Private Key Cryptosystems
• Private Key
• Encryption and decryption keys can be derived
  from each other
• The key must be securely delivered to the
  person(s) who need to decrypt or encrypt messages
• Person(s) receiving the key must be trustworthy
• More useable in single-user enviroments
• Public Key
• More secure and easier to use
• Encryption keys are publicly available
• Digital signatures

8
RSA The Basic Idea

• Properties of RSA
• Encrypting a plaintext message M gives the
  ciphertext. Deciphering the ciphertext returns M.
• D(E(M)) M
• The inverse is also true (digital signatures).
• E(D(M)) M
• The encryption key (E) and decryption key (D) are
  easily computed
• E is publicly available but does not compromise
  the cryptosystem.

9
Basic Definitions you cant live without

• Trap-door one-way functions easily computed in
  one direction but not the other, unless the
  decryption key is known
• Trap-door one-way permutations Every message is
  ciphertext from some message and every ciphertext
  is a permissible message.

10
A Small Example

• Assume we have two people
• Oliver
• Encryption Key Eo
• Decryption Key Do
• Katie
• Encryption Key Ek
• Decryption Key Dk

11

• Oliver sends a message to Katie
• Ek(M) ciphertext
• Sends the ciphertext to Katie
• Katie receives the message and response
• Dk(C) plaintext
• Eo(M2) ciphertext
• Sends the ciphertext to Oliver
• Oliver receives the return ciphertext
• Do(C2) plaintext

12
Signatures

• Oliver sends a message to Katie
• Do(M) Signature
• Ek(Signature) Ciphertext
• Sends the ciphertext to Katie
• Katie receives the message
• Dk(C) Signature
• Eo(Signature) plaintext
• Has the pair (Signature, Plaintext)

13
Big Hairy Math Stuff

• Eo (E(e, m) mod n ) some algorithm
• Do (D(d, m) mod n ) some algorithm
• d and e are exponents.
• m is the message
• n is the product of 2 very large primes

14
Why Use Primes for p q?

• They have no non-trivial factors
• It makes it even harder to find ?(n)
• No algorithm to easily factor large numbers
• Everything thats cool has the word prime
  attached to it.
• Prime rib
• Prime time
• Optimus Prime
• Prime Directive

15
Eulers totient function ?

• ?(n) - gives the number of positive integers less
  then n which are relatively prime to n.

16
Computing ?(n)

• ?(n) ?(pq)
• ?(p) ?(q)
• (p-1)(q-1)
• pq p q 1
• n (p q) 1

17
Selecting d

• d should be relatively prime to ?(n)
• Select d to be a prime larger than max(p,q)
• since d is relatively prime to ?(n), it has a
  multiplicative inverse e in the ring of integers
  modulo ?(n)

18
Multiplicative Inverse Example

• Two relatively prime numbers 5 and 7
• 1 5 5 5 (Mod 7)
• 2 5 10 3 (Mod 7)
• 3 5 15 1 (Mod 7)
• 4 5 20 6 (Mod 7)
• 5 5 25 4 (Mod 7)
• 6 5 30 2 (Mod 7)
• 7 5 35 0 (Mod 7)
• Z7 is a cyclic group

19
Computing e from d

• Using the Extended Euclidian Algorithm
• We find e such that ed 1 (mod?(n))

20
Theorem

• The following theorem from Euler and Fermat will
  be useful
• M?(n) 1 (mod n)

21

• since d is relatively prime to ?(n), it has a
  multiplicative inverse e in the ring of integers
  modulo ?(n)
• ed 1 (mod ?(n))
• M?(n) 1 (mod n)
• (Me)d Med Mk?(n) 1
• Mk?(n) M1
• (M?(n))k M
• 1K M
• M

22
ALL about M

• Choosing how to represent your message M is very
  important.
• One method (ASCII)
• hello world
• 1101000 1100101 1101100 1101100 1101111 0100000
  1110111 1101111 1110010 1101100 1100100
• m lt n

23
Computing Me mod n

• Represent e as a binary number
• ekek-1e1e0 5 101
• C 1
• For(ik, igt0 i--)
• C (CC) mod n
• if(ei 1)
• C (C M) mod n
• At most 2log2(e) 2log2(e)

24
Primarily Testing

• How to find a really big prime
• Randomly generate a large odd number b of the
  size you want
• Use Solovay and Strassens probabilistic
  algorithm
• Select some number a from 0, , b-1
• gcd(a,b) 1 and J(a,b) a(b-1)/2
• If false b is composite.
• If true b is prime with a probability of at least
  ½

25
Factoring

• Factoring (n)
• Computing (?(n))
• Computing d

26
Faster Computers?

• Pick a bigger prime.
• RSA Laboratories currently recommends key sizes
  of 1024 bits for corporate use and 2048 bits for
  extremely valuable keys like the root key pair
  used by a certifying authority. Several recent
  standards specify a 1024-bit minimum for
  corporate use. Less valuable information may well
  be encrypted using a 768-bit key
• 512-bit number RSA-155 was factored in seven
  months during 1999

27
Known Weaknesses

• dltN.5 Lattice Attack
• Low public exponent (Coppersmith)
• Broadcast Attack (Hastad)
• Related message Attack (Franklin-Reiter)

28
Provable

• Is RSA provably secure?

29
Physical Security

• Dont let anyone copy your key or your primes