presentation about rsa
DESCRIPTION
This presentation is based on the paper : "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems" by R.L. Rivest, A. Shamir, and L. AdlemanTRANSCRIPT
A Method for Obtaining
Digital Signatures
and Public Key CryptosystemsRivest, Shamir, Adleman
Srilal Buddika
2
Ronald L. Rivest, Adi Shamir, and Leonard Adleman
Inventers of RSA (1978)
Concept Invented By Diffie and Hellman
3
Diffie-Hellman algorithm (1976) Whitfield Diffie and Martin Hellman
Outline
Information Security
Public Key Cryptosystems
Basic Concept of RSA
Digital Signatures
Encryption Flow
RSA Algorithm
Security Analysis
Current RSA Stats
Conclusion
Q & A
4
Information SecurityWe need information to share/express our ideas
Some Information are valuable. Hence we need Protection
One of Protection method is “Data Encryption“
Encryption : Transform usable information into a form that
renders it unusable by anyone other than an authorized user
Decryption : Information that has been encrypted (rendered
unusable) can be transformed back into its original usable
form by an authorized user, who possesses the cryptographic
key
Cryptographic key : Specifies the particular transformation
of plaintext into ciphertext, or vice versa
5
Information Security Contd.
6
Encryption
Decryption
Plain Text
Cipher Text
Algorithm
Key
Public Key Cryptoystems
Encryption procedure - E
Decryption procedure - D
Message - M
Cipher text - C
Parameters of E kept public
Parameters of D kept private
Examples
7
Public Key Cryptosystems Contd.Deciphering the enciphered form of a message M yields M.
D(E(M)) = M
Both E and D are easy to compute
By publicly revealing E, the user does not reveal an easy
way to compute D (One-Way Functions)
If a message M is first deciphered and then enciphered, M is
the result
E(D(M)) = M
RSA is an algorithm for public-key cryptography
8
Basic Concepts of RSA
RSA do – Encryption/Decryption/Key Generation
Two types of Keys
Private key (to be kept confidential)
Public key (known to everyone)
Has the property of D(E(M)) = M
The Inverse is also TRUE (digital signatures)
E(D(M)) = M
9
Typical Encryption Scenario
10
Digital SignaturesProof for verifying the sender (Authentication)
Proof that message is not modified by someone
other than the sender (Integrity)
Preserve non-repudiation (Sender cannot deny
sending it)
Signature needs to be,
– Message-dependant
– Signer-dependant
11
Digital Signatures Contd.
• How to do it in RSA
– Alice sends a signed message to Bob
• Why we need to HASH the message ?
– Example :
• I have uploaded the “presentation-slides.pdf” on
Moodle
• Verify your SHA512sum Digest Code with Original
value posted at MyLinkedInProfile/Projects
12
Digital Signatures Contd.Sometimes you don't particularly mind letting the whole world read a
message (or would rather they did) yet want to provide a mechanism
to prove that you wrote the message. Signing does just this.
RSA is slow, but most encryption software using RSA actually
encrypts documents with a symmetric cipher like TDEA or AES, and
encrypts the key used (sometimes called a "session" key) with RSA,
so the slowdown from encrypting the entire document is not that
great.
If you want to hide the contents of the message, then you take the
message and the signature, zip them together and encrypt the
whole thing with the public key of the receiver before you send.
13
Encryption Flow
14
RSA Algorithm
Notations
– n is known as the modulus
– p & q two large random primes
– e is known as the public exponent or
encryption exponent
– d is known as the secret exponent or
decryption exponent
Mathematics Related to RSA – Eular’s,Fermat’s
and Chinese Remainder Theorems
15
RSA Algorithm Contd.
1. Choose two random large prime numbers, p and q
2. Compute the product n = p x q
3. Randomly choose the encryption key, e, such that e
and (p - 1)(q - 1) are relatively prime
4. Use the extended Euclidean algorithm to compute the
decryption key, d, such that
e*d ≡ 1 mod (p - 1)(q - 1)
ie
d = e-1 mod ((p - 1)(q - 1))
* d and n are also relatively prime
16
RSA Algorithm Contd.
Keys
– e and n are the public key
– d is the private key
Important :
The two primes, p and q, are no longer needed
They should be discarded, but never revealed
17
RSA Algorithm Contd.
Encryption
1. Divide message into numerical blocks smaller than
n (with binary data, choose the largest power of 2
less than n)
2. For each block
• c = me mod n
Decryption
1. For each cipher text block
m = cd mod n
18
RSA Algorithm Contd.RSA Example
1. Select primes: p=17 & q=11
2. Compute n = pq =17×11=187 ; n=187
3. Compute ø(n)=(p–1)(q-1)=16×10=160
4. Select e ; gcd(e,160)=1; choose e=7
5. Determine d: d*e=1 mod 160 and d < 160
Hence, Value is d=23 since 23×7=161= 10×160+1
6. Publish public key Kpub={7,187} (e,n)
7. Keep secret private key Kpvt={23,17,11} (p,q,d)
19
RSA Algorithm Contd.
message „M‟= 88 (88<187)
Encryption: [c = me mod n]
• C = 887 mod 187 = 11
C = 11
Decryption: [m = cd mod n]
• M = 1123 mod 187 = 88
M = 88
If message is 8888 then ?
20
Security Analysis
In addition to encrypting messages (which ensures
privacy), you can authenticate yourself to me (so I know
that it is really you who sent the message)
Complexity of Factoring large primes is the strength of
RSA algorithm
Managing Physical Security must be done
Don‟t let anyone copy your key or your primes
21
Current RSA Stats
Known Attacks
d<N5 Lattice Attack
Low public exponent (Coppersmith)
Broadcast Attack (Hastad)
Related message Attack (Franklin-Reiter)
A 768-bit key has been broken
A 2048-bit key (RSA Factorial Challenge)
Price : 200,000 USD
22
Conclusion
In this Paper,Authors have Invented a new PKCS
It‟s a New Methodology of Data Encryption
Mechanism (Still valid on IT Industry)
Have practically proven it
By applying relevant security criteria, it became the
best PKCS
Authors did not mention about RSA performances
under different data loads
One of a best research paper among few
23
Thank You !
24
Appendix - I
25
26
D-H Concept
Yellow paint is
already agreed by
Alice and Bob
Trapdoor Functions
Easy to compute in one direction
Difficult to compute in the opposite direction‟
RSA Example
Difficulty of Factoring Large Primes
27
Other Public Key Cryptosystems
28
29
Mathematics
30
Mathematics Contd.
31
Mathematics Contd.
Digital Signature on RSA
32
Hash Functions
Ex: SHA-1/2 , MD5 …
Output code called “Digest”
If message is small Padding is used
Has Avalanche Effect
33
34
Hash Functions Contd.
Avoiding Reblocking (Signed Msgs)Happens when ,
Signature “n” > Encryption “n”
Remedy-1• Maintain two public key pairs (e, n)
• Choose a threshold value h.
• For signature n < h
• For enciphering n > h
Remedy-2• Each user has a single public key pair (e, n)
• Choose a threshold value h.
• n is where h < n < 2h
• Message enciphered as a number less than h
• If ciphertext has a value greater than h, repeatedly re-encipher until
it is less than h
• Similarly method applies for deciphering.
35
Appendix - II
36
Generating Large Primes
How to find a really big prime
Randomly generate a large odd number b of
the size you want
Use Solovay and Strassen’s probabilistic
algorithm
• Select some number a from {0, …, b-1}
• gcd(a,b) = 1 and J(a,b) = a(b-1)/2
– If false b is composite.
– If true b is prime with a probability of at least ½
37
Mathematics Stuffs for RSA
Eulers totient function Ф
– Ф(n) : gives the number of positive integers
less then n which are relatively prime to n.
Computing Ф(n)
– Ф(n) = Ф(p*q)
= Ф(p)* Ф(q)
= (p-1)*(q-1)
= pq – p – q + 1
= n – (p + q) + 1
38
Mathematics Stuffs for RSA Contd.
Multiplicative Inverse Example– Two relatively prime numbers 5 and 7
1 * 5 = 5 ≡ 5 (Mod 7)
2 * 5 = 10 ≡ 3 (Mod 7)
3 * 5 = 15 ≡ 1 (Mod 7)
4 * 5 = 20 ≡ 6 (Mod 7)
5 * 5 = 25 ≡ 4 (Mod 7)
6 * 5 = 30 ≡ 2 (Mod 7)
7 * 5 = 35 ≡ 0 (Mod 7)
Z7 is a cyclic group
39
Attacks on RSA
Lattice Based Attacks on RSA
Hastad’s Attack
Franklin-Reiter Attack
Extension to Wiener’s Attack
Hastad’s Attack
Given 3 public keys (Ni,ei) with the same ei=3
If a user sent the same message to all 3 public keys
=> can recover the plaintext
40
Attacks on RSA Contd.
Hastad‟s Attack
41
User
Message: m
Receiver 1
(N1,e)
Receiver 1
(N2,e)
Receiver 1
(N3,e)
c1=me mod N1
c2=me mod N2
c3=me mod N3
Attacks on RSA Contd.
Franklin-Reiter Attack
42
Bob
Message: m1,m2
m2=f(m1) mod N
Alice
(N,e)
c1=m1e mod N
c2=m2e mod N
Attacks on RSA Contd.
This attack was originally developed by Franklin and Reiter, for the
situation when e = 3, with k = 2 messages, with a relation of degree
d =1. This result has since been generalized further, so that it
applies for any number of messages with a relation of any degree.
The value of e is limited to a length of approximately 32 bits due to
the complexity of the calculation. This ensures that the attack is
effective when e = 216 + 1, which is a popular choice.
43