Transcript
RSA Cryptosystem석사 29기 박준영
Contents• Symmetric / Asymmetric Key Algorithm
• Founders of RSA
• RSA Key Generation Algorithm
• RSA Crack Estimated Time
• Possible Attacks
• Tutorials
• Q & A
Symmetric Key Algorithm
• Same key for Encrypt & Decrypt
• Fast computing speed
• Easy(?) to Develop
• Block Cipher / Stream Cipher
–Benjamin Franklin
‘Three can keep a secret, if two of them are dead.’
Asymmetric Key Algorithm• Different key (Public Key / Private Key)
• Slow computing speed
• Hard to Develop
+ Non-repudiation
• Factorization Problem / Discrete Logarithm Problem
• RSA / ECC / ElGamal / Rabin …
The Founders
Ron RivestAdi ShamirLen Adleman
Key Generation Algorithm
1. Choose two distinct prime numbers p and q. • For security purposes, the integers p and q should be chosen at random,
and should be of similar bit-length. Prime integers can be efficiently found using a primality test.
2. Compute n = pq. • n is used as the modulus for both the public and private keys. Its length,
usually expressed in bits, is the key length.
3. Compute φ(n) = φ(p)φ(q) = (p − 1)(q − 1) = n - (p + q -1), where φ is Euler's totient function.
Key Generation Algorithm
4. Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1; i.e., e and φ(n) are coprime.• e is released as the public key exponent. • e having a short bit-length and small Hamming weight results in more efficient
encryption – most commonly 216 + 1 = 65,537. However, much smaller values of e (such as 3) have been shown to be less secure in some settings.[5]
5. Determine d as d ≡ e−1 (mod φ(n)); i.e., d is the multiplicative inverse of e (modulo φ(n)).• This is more clearly stated as: solve for d given d⋅e ≡ 1 (mod φ(n)) • This is often computed using the extended Euclidean algorithm. Using the pseudocode
in the Modular integers section, inputs a and n correspond to e and φ(n), respectively.• d is kept as the private key exponent.
Key Point
Integer Factorization ProblemNP-hard
RSA Crack Estimated Time•RSA-100
- few days / multiple-polynomial quadratic sieve algorithm
•RSA-155
- about six month / general number field sieve algorithm
•RSA-768
- 2 years / parallel computing (almost 2000 years on single-core 2.2 GHz AMD Opteron-based computer)
•RSA-240 to RSA-2048
- not yet factored
- YOU can factor & win the cash prize, US$200,000!
RSA Crack Estimated Time
‘A chain is no stronger than its weakest link’
Possible Attacks
• Guessing d
•
• Low Exponent Vuln.
Side-channel Attacks
Side-channel Attacks
• Based on Time Variance
• Kocher’s Attack
• Schindler’s Attack
• Brumley-Boneh’s Attack
• Many experiments has done.
• Montgomery Reduction
• Choice of Multiplication routine
• Blinding Defense
• Quantize Computation
Side-channel Attacks
‘Seeing is Believing’
Tutorial
RSA Simple Example
Tutorial
Login to SSH using RSA Auth.
Reference
1. 한국전자통신연구원, “암호학의 기초”, 1999
2. RIVEST, Ronald L.; SHAMIR, Adi; ADLEMAN, Len. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 1978, 21.2: 120-126.
3. BRUMLEY, David; BONEH, Dan. Remote timing attacks are practical. Computer Networks, 2005, 48.5: 701-716.
4. MAHAJAN, Sonam; SINGH, Maninder. Analysis of RSA algorithm using GPU programming. arXiv preprint arXiv:1407.1465, 2014.
5. Ronan Killeen, Possible Attacks on RSA (http://www.members.tripod.com/irish_ronan/rsa/attacks.html)
6. 홍정대; 박근수. OpenSSL 기반 RSA 서버 에 대한 Timing Attack 구현. 한국정보과학회 학술발표논문집, 2004, 31.2Ⅰ: 730-732.
Question & Answer
top related