- 1 - VHDL Implementation of RSA CHAPTER 1 INTRODUCTION Data security is an important aspect of data on computer communication and networks. Now a day, data has no boundary. Due to networking, data can move from any place to any place at any time. The data is often corrupted, modified and/or lost. Computer and Network security research and development have mainly focused on five to six general security services that encompass the various functions required of an information security facility. The following are some security services that are focused in development of security system. Confidentiality: Ensure that the information in a computer system and transmitted information are accessible only for reading by authorized parties. Authentication: Ensures that the origin of a message or electronic document is correctly ECE, S.K.T.R.M.C.E
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
- 1 - VHDL Implementation of RSA
CHAPTER 1
INTRODUCTION
Data security is an important aspect of data on computer
communication and networks. Now a day, data has no boundary. Due to
networking, data can move from any place to any place at any time. The data
is often corrupted, modified and/or lost. Computer and Network security
research and development have mainly focused on five to six general security
services that encompass the various functions required of an information
security facility.
The following are some security services that are focused in development of
security system.
Confidentiality: Ensure that the information in a computer system and
transmitted information are accessible only for reading by authorized parties.
Authentication: Ensures that the origin of a message or electronic
document is correctly identified, with an assurance that the identity is not
false.
Integrity: Ensures that only authorized parties are able to modify computer
system assets and transmitted information. Modification includes writing ,
changing status, deleting ,etc of transmitted messages.
Non-repudiation: Requires that the access to information resources may be
controlled by or for the target system.
Access control: Requires that the access to information resources may be
controlled by or for the target system.
Our objectives of data security are two folds:
ECE, S.K.T.R.M.C.E
- 2 - VHDL Implementation of RSA
To prevent eavesdropping to get access of data.
In case, data is stolen to make it difficult to understand the stolen data.
These objectives are met through different approaches of data
security.
The physical technique of data security is the oldest form of security,
and is used in telephone lines. Data shall be safe, if computing equipment and
lines are all physical protected.
In data communication among computers, however, this technique is
hardly used. Instead, logical techniques are employed. These techniques
include coding methods, spread spectrum, encryption or cryptography and
digital signature.
1.1CRYPTOGRAPHY
Cryptography, defined as "the science and study of secret writing"
concerns the ways in which communications and data can be encoded to
prevent disclosure of their contents through eavesdropping or message
interception, using codes, ciphers and other methods, so that only certain
people can see the real message. Cryptanalysis is the study of how to
compromise (defeat) cryptographic mechanisms, and cryptology is discipline
of cryptography and cryptanalysis combined. To most people, cryptography is
concerned with keeping communication private. Indeed, the protection of
sensitive communications has been the emphasis of cryptography throughout
much of its only one part of today’s cryptography.
Cryptographic systems are characterised along three independent dimensions:
ECE, S.K.T.R.M.C.E
- 3 - VHDL Implementation of RSA
1) The type of operations used for transforming plaintext to ciphertext: All
encryption algorithms are based on two general principles: substitution, in
which each element in the plaintext (bit, letter, group of bits or letters) is
mapped in to another element, and transposition, in which elements in the
plaintext are rearranged. The fundamental requirement is that no information
be lost (that is, that all operations are reversible). Most systems, referred to as
product systems, involve multiple stages of substitutions and transpositions.
2) The number of keys used: If both sender and receiver use the same key, the
system is referred to as symmetric, single-key, secret-key, or conventional
encryption. If the sender and receiver each uses a different key, the system is
referred to as asymmetric, two-key, or public-key encryption.
3) The way in which the plaintext is processed: A block cipher processes
the input one block of elements at a time, producing an output block for each
input block. A stream cipher processes the input elementscontinuously,
producing output one element at a time, as it goes along.
Encryption is the transformation of data into a form that is impossible
to read without the appropriate knowledge. Its purpose is to ensure privacy by
keeping
Information hidden from anyone for whom it is not intended, even
those who have access to the encrypted data.
ECE, S.K.T.R.M.C.E
- 4 - VHDL Implementation of RSA
Decryption is the reverse of encryption; it is the transformation of
encrypted data back into an intelligible form.
Encryption and Decryption generally requires the use of some
secret information, referred to as a key. For some encryption mechanism, the
same key is used for both encryption and decryption; for other mechanism,
the keys used for encryption and decryptions are different. Today’s
cryptography is more than encryption and decryption.
While modern cryptography is growing increasingly diverse,
cryptography is fundamentally based on problems that are difficult to solve. A
problem may be difficult because its solution requires some secret knowledge,
such as decrypting and encrypted message or signing some digital document.
1.2 IMPORTANCE OF CRYPTOGRAPHY
Cryptography allows people to carry over the confidence found in the
physical world to the electronic world, thus allowing people to do business
electronically without worries of deceit and deception. Everyday hundreds of
thousands of people interact electronically, whether it is though e-mail, e-
commerce (business conducted over the Internet), ATM machines, or cellular
phones. The perpetual increase of information transmitted electronically has
lead to an increased reliance on cryptography. As seen, cryptography is
widely used.
Not only is it used over the Internet, but also it is used in phones,
televisions, and a variety of other common household items. Without
ECE, S.K.T.R.M.C.E
- 5 - VHDL Implementation of RSA
cryptography, hackers could get into out e-mail, listen in on our phone
conversations, tap into our cable companies and acquire free cable service, or
break into our bank/brokerage accounts.
1.3 CRYPTOGRAPHY APPLICATIONS
Cryptography is extremely useful; there is a multitude of applications,
many of which are currently in use. A typical application of cryptography is a
system built out of the more simple applications are secure communication,
identification authentication, and secret sharing. More complicated
application includes systems for electronic commerce, certification, secure
electronic mail, key recovery and secure computer access.
In general, the less complex the application, the more quickly it
becomes a reality. Identification and authentication schemes exist widely,
while electronic commerce systems are just beginning to be established.
However, there are exceptions to this rule.
Namely, the adoption rate may depend on the level of demand. For
example, SSL-encapsulated HTTP gained a lot more usage much more
quickly than simpler link-layer encryption has ever achieved. The adoption
rate may depend on the level of demand.
Secure communication:
Secure communication is the most straight forward use of
cryptography. Two people may communicate securely by encrypting the
message sent between them. This can be done in such a way that a third
ECE, S.K.T.R.M.C.E
- 6 - VHDL Implementation of RSA
party eavesdropping may never be able to decipher the messages. While
secure communication has existed for centuries, the key management
problem has prevented it from becoming commonplace.
Identification and Authentication:
Identification and authentication are two widely used
applications of cryptography. Identification is the process of verifying
someone’s or something‘s identify. For example, when withdrawing
money from a bank, teller asks to see identification to verity the identity of
the owner of the account. This process can be done electronically using
cryptography.
Every automatic teller machine (ATM) card is associated with a
secret personal identification number (PIN), which binds the owner to the
card and thus to the account. When the card is inserted into the ATM, the
machine prompts the cardholder for the PIN. If the correct PIN is entered,
the machine identifies the person as the rightful owner and grants access.
Authentication is similar to identification, in that both allow an
entity access to resources such as Internet account, but authentication is
broader because it does not necessarily involve identifying a person or
entity. Authentication merely determines whether that person or entity is
authorized for whatever is in question.
Electronic commerce :
Over the past few years there has been a growing amount of business
ECE, S.K.T.R.M.C.E
- 7 - VHDL Implementation of RSA
conducted over the Internet. This form of business is called electronic
commerce or E-Commerce. E-Commerce is comprised of online
banking, online brokerage accounts, and Internet shopping, to name a
few of the many applications. One can book plane tickets, make hotel
reservations, rent a car, transfer money from one account to another,
buy cloths, books and so on all while sitting in front of a computer.
However, simply entering a credit card number on the Internet leaves
one open to fraud. One cryptographic solution to this problem is to
encrypt the credit card number or other private information when it is
entered online; another is to secure the entire session. When a computer
encrypts this information and sends it out on the Internet, it is
incomprehensible to a third party viewer. The web server or Internet
shopping center receives the encrypted information, decrypts is, and
proceeds with the sale without fear that the credit card number or other
personal information slipped into the wrong hands. As more and more
business is conducted over the Internet, the need for protection against,
fraud, theft and corruption of vital information increases.
Key Recovery:
Key recovery is a technology that allows a key to reveal under
certain circumstances without the owner of a key revealing it. This is
useful to two main reasons:
ECE, S.K.T.R.M.C.E
- 8 - VHDL Implementation of RSA
First of all, if a user loses or accidentally deletes his or her key, key
recovery could prevent a disaster.
Secondly, if a law enforcement agency wishers to eavesdrop on a
suspected criminal, without the suspect‘s knowledge, the agency must be
able to recover the key.
Key recovery techniques are in use in some instances; however the use of
key recovery as a law enforcement technique is somewhat controversial.
Other Applications:
Cryptography is not confined to the world of computers.
Cryptography is also used in cellular/mobile phones as a means of
authentication; that is , it can be used to verity that a particular phone has
the right to bill to a particular phone number. This prevents people from
sealing or cloning cellular phone numbers and access codes. Another
application is to protect phone calls from eavesdropping using voice
encryption.
1.4 KEY BASED CRYTOGRAPHY
Currently, most cryptography used in practice is key based, that is a
string of bits, that is used to encode the plain text into cipher text and back
again to plain text when required. Two types of key based cryptography exist,
based on the availability of the key publicly:
ECE, S.K.T.R.M.C.E
- 9 - VHDL Implementation of RSA
In Private key Cryptography, both the sender and the recipient share
a key that must be kept private. In order to communicate with each other, the
key must be passed between the two; this process is known as the key
distribution and is quite complicated and difficult to do properly. The most
famous example of this type of cryptography is the Data Encryption Standard
(DES), other examples include Triple DES, RC2, RC4 IDEA and Skipjack.
This is also known as symmetric cryptography.
While in Public Key Cryptography, each party has two sets of keys,
one key is published to the public, called the Public Key, while the other is
kept secret and only known by the owner, the Private Key. Anyone wishing
to communicate with a certain party securely will encrypt the communicated
data with the recipient's public key which is available and on the other side
only the party that holds the matching private key can decrypt the cipher
text. Example Public key algorithms: Diffie-Hellman, RSA and Merkle-
Hellman.
The public key system eliminates the key distribution process that
hampers all private key systems since there is no need to communicate
secret keys among communicating parties.
ECE, S.K.T.R.M.C.E
- 10 - VHDL Implementation of RSA
CHAPTER 2
ENCRYPTION AND DECRYTION SYSTEM
The most important automated tool for network and communications
security is encryption.
ECE, S.K.T.R.M.C.E
MESSAGE
T
S ME EC SU SR AE G E
S ME EC SU SR AE G E
MESSAGE
INFORMATION CHANNEL
SECRET INFORMATION
(KEY)
SECRET INFORMATION
(KEY)
SENDER RECIPIENT
-- ALGORITHMSECURITY RELATED TRANSFORMATION
Fig. 2.1: MODEL FOR NETWORK SECURITY
- 11 - VHDL Implementation of RSA
There are two forms of encryption in common use.
1) Conventional or symmetric encryption.
2) public-key or asymmetric encryption.
The detailed description of both forms of encryption is given below.
2.1 CONVENTIONAL / SYMMETRIC ENCRYTION
Symmetric encryption also referred to as conventional encryption or
single-key encryption was the only type of encryption in use prior to the
development of public-key encryption. It remains by far the most widely used
of the two types of encryption.
Symmetric cipher model
A symmetric encryption scheme has five ingredients. They are
Plain text : This is the original intelligible message or data that is fed into the
algorithm as input.
Encryption algorithm: The encryption algorithm performs various substitutions
and transformations on the plaintext.
Secret key: The secret key is also input to the encryption algorithm. The key is
a value independent of the plaintext . The algorithm will produce a different
output depending on the specific key being used at the time. The exact
substitutions and transformations performed by the algorithm depend on the
key.
ECE, S.K.T.R.M.C.E
- 12 - VHDL Implementation of RSA
The above figure enables us to take a closer look at the essential elements
of a symmetric encryption scheme.
Cipher text: This is the scrambled message produced as output. It depends on
the plaintext and the secret key. For a given message, two different keys will
ECE, S.K.T.R.M.C.E
PLAIN
TEXT
CIPHER
TEXT
CIPHER
TEXT
PLAIN
TEXT
INFORMATION CHANNEL
TRUSTED THIRD PARTY(e.g. DISTRIBUTER OF SECRET KEY)
SECRET KEY SHARED BY
SENDER AND RECIPIENT
SECRET KEY SHARED BY
SENDER AND RECPIENT
SENDER RECIPIENT
--- ENCRPYPTION/ DECRYPTION ALGORITHM( e.g. DES)
Fig. 2.2: MODEL OF SYMMETRIC ENCRYPTION SCHEME
- 13 - VHDL Implementation of RSA
produce two different cipher texts. The cipher text is an apparently random
stream of data and, as it stands, is unintelligible.
Decryption algorithm : This is essentially the encryption algorithm run in
reverse. It takes the cipher text and the secret key and produces the original
plaintext.
There are two requirements for secure use of conventional encryption:
1) We need a strong encryption algorithm. At a minimum, we would like the
algorithm to be such that an opponent who knows the algorithm and has access
to one or more cipher texts would be unable to decipher the cipher text or
figure out the key. This requirement is usually stated in a stronger form: The
opponent should be unable to decrypt cipher text or discover the key even if he
or she is in possession of a number of cipher texts together with the plain text
that produced each cipher text.
2) Sender and receiver must have obtained copies of the secret key in a secure
fashion and must keep the key secure. If someone can discover the key and
knows the algorithm, all communication using this key is readable.
ECE, S.K.T.R.M.C.E
- 14 - VHDL Implementation of RSA
2.2 CRYPTANALYSIS
There are two general approaches to attacking an encryption scheme:
Cryptanalysis: cryptanalytic attacks rely on the nature of the algorithm plus
perhaps some knowledge of the general characteristics of the plaintext or even
some sample plaintext-cipher text pairs. This type of attack exploits the
characteristics of the algorithm to attempt to deduce a specific plaintext or to
deduce the key being used. If the attack succeeds in deducing the key, the
effect is catastrophic: All future and past messages encrypted with that key are
compromised.
Brute-force attack: The attacker tries every possible key on a piece of cipher
text until an intelligible translation into plaintext is obtained. On an average,
half of all possible keys must be tried to achieve success.
We first consider cryptanalysis and then discuss brute-force attacks.
ECE, S.K.T.R.M.C.E
- 15 - VHDL Implementation of RSA
Table 2.1 Types of Attacks on Encrypted Messages
Type of attack Known to cryptanalyst
Cipher text only
Encryption algorithm
Cipher text to be decoded
Known plain text
Encryption algorithm
Cipher text to be decoded
One or more pairs of plain text cipher text
formed with the secret key
Chosen plain text
Encryption algorithm
Cipher text to be decoded
Purported cipher text chosen by cryptanalyst,
together with its corresponding decrypted
plaintext generated with the secret key.
Chosen cipher text
Encryption algorithm
Cipher text to be decoded
Plain text message chosen by the cryptanalyst
together with its corresponding cipher text
generated with the secret key.
ECE, S.K.T.R.M.C.E
- 16 - VHDL Implementation of RSA
Purported cipher text chosen by cryptanalyst,
together with its corresponding decrypted
plaintext generated with the secret key.
The above table summarizes the various types of cryptanalytic
attacks, based on the amount of information known to the cryptanalyst. The
most difficult problem is presented when all that is available is the cipher text
only. In some cases, not even the encryption algorithm is known, but in general
we can assume that the opponent does know the algorithm used for encryption.
One possible attack under these circumstances is the brute-force approach of
trying all possible keys. If the key space is very large, this becomes
impractical. Thus, the opponent must rely on an analysis of the cipher text
itself, generally applying various statistical tests to it. To use this approach, the
opponent must have some general idea of the type of plaintext that is
concealed, such as English or French text, a windows EXE file, a java source
listing, an accounting file, and so on.
The cipher text-only attack is the easiest to defend against because the
opponent has the least amount of information to work with. In many cases,
however, the analyst has more information. The analyst may be able to capture
one or more plaintext messages as well as their encryptions. Or the analyst may
know that certain plaintext patterns will appear in a message. For example, a
file that is encoded in the postscript format always begins with the same
ECE, S.K.T.R.M.C.E
- 17 - VHDL Implementation of RSA
pattern, or there may be a standardized header or banner to an electronic funds
transfer message, and so on. All these are examples of known plaintext. With
this knowledge, the analyst may be able to deduce the key on the basis of the
way in which the known plaintext is transformed.
Closely related to the known-plaintext attack is what might be referred to
as a probable-word attack. If the opponent is working with the encryption of
some general prose message, he or she may have little knowledge of what is in
the message. However if the opponent is after some very specific information,
then parts of the message may be known. For example, if an entire accounting
file is being transmitted, the opponent may know the placement of certain
keywords in the header of the file. As another example, the source code for a
program developed by corporation X might be including a copyright statement
in some standardized position.
If the analyst is able somehow to get the source system to insert in to the
system a message chosen by the analyst, then a chosen-plaintext attack is
possible. An example of this strategy is differential cryptanalysis, which is
studied later. In general, if the analyst is able to choose the messages to
encrypt, the analyst may deliberately pick patterns that can be expected to
reveal the structure of the key.
The earlier table lists two other types of attack: chosen cipher text and chosen
text. These are less commonly employed as cryptanalytic techniques but are
nevertheless possible avenues of attack.
Only relatively weak algorithms fail to withstand a cipher text-only
attack. Generally, an encryption algorithm is designed to withstand a known-
plaintext attack.
ECE, S.K.T.R.M.C.E
- 18 - VHDL Implementation of RSA
Two more definitions are worthy of note. An encryption scheme is
unconditionally secure if the cipher text generated by the scheme does not
contain enough information to determine uniquely the corresponding plaintext,
no matter how much cipher text is available. That is, no matter how much time
an opponent has, it is impossible for him or her to decrypt the cipher text,
simply because the required information is not there. With the exception of a
scheme known as the one-time pad (described later), there is no encryption
algorithm that is unconditionally secure. Therefore, all that the users of an
encryption algorithm can strive for is an algorithm that meets one or both of the
following criteria:
The cost of breaking the cipher exceeds the value of the encrypted information.
The time required to break the cipher exceeds the useful life time of the
information.
An encryption scheme is said to be computationally secure if the
foregoing two criteria are met. The rub is that it is very difficult to estimate the
amount of effort required to crypt analyze cipher text successfully.
As a first cut, we can consider the time required to use a brute-force
approach, which simply involves trying every possible key until an intelligible
translation of the cipher text into plaintext is obtained. On average half of all
possible keys must be tried to achieve success.
2.3 PUBLIC-KEY/ ASYMMETRIC ENCRYPTION
ECE, S.K.T.R.M.C.E
- 19 - VHDL Implementation of RSA
For practical reasons, it is desirable to use different encryption and
decryption keys in a crypto-system. Such asymmetric systems allow the
encryption key to be made available to anyone while preserving confidence
that only people who hold the decryption key can decipher the information.
After symmetric encryption, the other major form of encryption is
public-key encryption or asymmetric encryption, which has revolutionized
communications security. A related cryptographic area is that of cryptographic
hash functions. Hash functions are used in conjunction with asymmetric
ciphers for digital signatures. In addition, hash functions are used for message
authentication. Asymmetric ciphers are also used for key management.
The development of public-key cryptography is the greatest and perhaps
the only true revolution in the entire history of cryptography. From its earliest
beginnings to modern times, virtually all cryptographic systems have been
based on the elementary tools of substitution and permutation. After millennia
of working with algorithms that could essentially be calculated by hand, a
major advance in symmetric cryptography occurred with the development of
the rotor encryption/decryption machine. The electromechanical rotor enabled
the development of fiendishly complex cipher systems. With the availability of
computers, even more complex systems were devised, the most prominent of
which was the Lucifer effort at IBM that culminated in the Data Encryption
Standard (DES). But both rotor machines and DES, although representing
significant advances, still relied on the bread-and-butter tools of substitution
and permutation.
ECE, S.K.T.R.M.C.E
- 20 - VHDL Implementation of RSA
Public-key cryptography provides a radical departure from all that has
gone before. For one thing, public-key algorithms are based on mathematical
functions rather than on substitution and permutation. More important, public-
key cryptography is asymmetric, involving the use of two separate keys, in
contrast to symmetric encryption, which uses only one key. The use of two
keys has profound consequences in the areas of confidentiality, key distribution
and authentication.
2.3.1 PRINCIPLES OF PUBLIC-KEY CRYPTOSYSTEMS
The concept of public-key cryptography evolved from an attempt to
attack two of the most difficult problems associated with symmetric
encryption. The two problems are:
1) Problem of key distribution.
2) Problem of digital signatures.
A brief description of both the problems is given below:
Problem of key distribution: key distribution under symmetric encryption
requires either
1) that two communicants already share a key, which somehow has been
distributed to them; or
2) the use of a key distribution center. Whitfield Diffie, one of the discoverers
of public-key encryption (along with Martin Hellman, both at Stanford
University), reasoned that this second requirement negated the very essence of
cryptography: the ability to maintain total secrecy over your own
communication. As Diffie said, "what good would it do after all to develop
ECE, S.K.T.R.M.C.E
- 21 - VHDL Implementation of RSA
impenetrable cryptosystems, if their users were forced to share their keys with
a KDC that could be compromised by either burglary or subpoena?"
Problem of digital signatures: The problem that Diffie pondered, and that
was apparently unrelated to the first was that of "digital signatures." If the use
of cryptography was to become widespread, not just in military situations but
for commercial and private purposes, then electronic messages and documents
would need the equivalent of signatures used in paper documents. That is,
could a method be devised that would stipulate, to the satisfaction of all parties,
that a digital message had been sent by a particular person? This is a somewhat
broader requirement than that of authentication, and its characteristics and
ramifications are explored in the next sections.
In order to solve the key management problem, Whitfield Diffie
and Martin Hellman introduced the concept of public-key cryptography in
1976.
ECE, S.K.T.R.M.C.E
- 22 - VHDL Implementation of RSA
2.3.2 PUBLIC KEY CRYPTOSYSTEM
Public-key algorithms rely on one key for encryption and a different but
related key for decryption. These algorithms have the following important
characteristics:
(1) It is computationally infeasible to determine the decryption key given only
the knowledge of the encryption key.
(2) Either of the two related keys can be used for encryption, with the other
used for decryption.
Asymmetric cipher model
A Public-key encryption scheme has six ingredients
Plaintext: This is the readable message or data that is fed into the algorithm as
input.
Encryption algorithm: The encryption algorithm performs various
transformations on plain text.
Public and private key: This is a pair of keys that have been selected so that if
one is used for encryption, the other is used for decryption. The exact
transformations performed by the encryption algorithm depend on the public or
private key that is provided as input.
Cipher text: This is the scrambled message produced as output. It depends on
the plaintext. For a given message, two different keys will produce two
different messages.
ECE, S.K.T.R.M.C.E
- 23 - VHDL Implementation of RSA
Decryption algorithm : This algorithm accepts the cipher text and the matching
key and produces the original plaintext.
ECE, S.K.T.R.M.C.E
PLAIN
TEXT
CIPHER
TEXT
CIPHER
TEXT
PLAIN
TEXT
INFORMATION CHANNEL
PUBLIC KEY PRIVATE KEY
SENDER RECIPIENT
--- ENCRPYPTION/ DECRYPTION ALGORITHM( e.g. RSA)
Fig. 2.3: MODEL OF PUBLIC –KEY ENCRYPTION SCHEME
- 24 - VHDL Implementation of RSA
2.3.2.1 ENCRYPTION:
ESSENTIAL STEPS:
Each user generates a pair of keys to be used for the encryption and
decryption of the message
Each user places one of the two keys in a public register or other
accessible files. This is a public key. The companion key is kept private.
If a person ‘A’ wishes to send a confidential matter to the second person
‘B’ the first person will encrypt the data by the B's public key.
When ‘B’ receives the message, he decrypts it using his private key. No
other person could be able to decrypt the message until and unless the
any other person knows the B's private key.
There is some source A that produces a message in plaintext,
X=[X1, X2, X3.......XM].
The M elements of X are letters in some finite alphabet.
The message is intended for destination B.
B generates a related pair of keys; a public key, Kub and a private key,
Krb.
Only B knows Krb, whereas Kub is publicly available and therefore
accessible by A.
With the message X and the encryption key Kub as input , A forms the
cipher text
Y = E Kub(X). (ENCRYPTION)
ECE, S.K.T.R.M.C.E
- 25 - VHDL Implementation of RSA
The intended receiver ,in possession of the matching private key ,is able to
invert the transformation:
X = D Krb(Y). (DECRYPTION)
ECE, S.K.T.R.M.C.E
PLAIN
TEXT
CIPHER
TEXT
CIPHER
TEXT
PLAIN
TEXT
INFORMATION CHANNEL
Fig. 2.4: ENCRYPTION USING PUBLIC KEY CRYPTOGRAPHY
B’SPUBLIC KEY
B’SPRIVATE KEY
SENDER(A)
RECIPIENT(B)
--- ENCRPYPTION/ DECRYPTION ALGORITHM( e.g. RSA)
- 26 - VHDL Implementation of RSA
2.3.2.2. AUTHENTICATION:
ESSENTIAL STEPS:
In this case, A prepares a message to B and encrypts it using A’s private
key before transmitting it. B can decrypt the message using A’s public key.
Because the message was encrypted using A’s private key , only A could
have prepared the message. Therefore, the entire encrypted message serves
as a digital signature.
ECE, S.K.T.R.M.C.E
PLAIN
TEXT
CIPHER
TEXT
CIPHER
TEXT
PLAIN
TEXT
INFORMATION CHANNEL
Fig. 2.5 AUTHENTICATION USING PUBLIC KEY CRYPTOGRAPHY
A’SPRIVATE KEY
A’SPUBLIC KEY
SENDER(A)
RECIPIENT(B)
--- ENCRPYPTION/ DECRYPTION e.g. RSA---ENCRYPTION / DECRYPTION ALGORITHM (e.g. RSA)
- 27 - VHDL Implementation of RSA
Moreover, it is impossible to alter the message without access to A’s private
key, so the message is authenticated both in terms of source and data
integrity
2.3.5 AUTHENTICATION AND SECRECY:
In order to provide the authentication, confidentiality and signature there is an
enhanced cipher system which is shown in the following diagram
The emergence of public key systems has introduced the concept of digital
signature. A sample digital signature scenario goes as follows:
ESSTENTAL STEPS:
(A) Encrypts the data to be signed with his/her private key.
then encrypts the result from (1) with (B)'s public key and sends it
to (B).
(B) decrypts the incoming data with his/her private key and then decrypts
the result with (A)'s public key.
If the initial data is obtained then this will authenticate the data and the
sender.
ECE, S.K.T.R.M.C.E
- 28 - VHDL Implementation of RSA
Fig. 2.6 DIGITAL SIGNATURE USING PUBLIC KEY CRYPTOSYSTEM
source A Source B
ECE, S.K.T.R.M.C.E
PLAIN
TEXT
D I
GITALLY
SIGNED
DATA
CIPHER
TEXT
CIPHER
TEXT
PLAIN
TEXT
KEY PAIR SOURCE
KEY PAIR SOURCE
B’s Private Key (krb)
A’s Public Key (kua)
A’s Private Key (kra)
B’s Public Key (kub)
Encryption/Decryption Algorithm
Information Channel
D I
GITALLY
SIGNED
DATA
- 29 - VHDL Implementation of RSA
So by above three models, we can say that public-key algorithm can
overcome two problems of the data security faced by conventional systems
which are confidentiality and authentication.
2.3.6 APPLICATIONS FOR PUBLIC KEY CRYPTTOSYSTEMS
Public key systems are characterized by the use of a cryptographic
type of algorithm with two keys, one held private and one available publicly.
Depending on the application , the sender uses either the sender’s private key
or the receiver’s public key .or both . To perform some type of cryptographic
function. In broad terms, we can classify the use of public-key cryptosystems
into three categories:
ENCRYPTION / DECRYPTION : The sender encrypts a message with
the recipient’s public key.
DIGITAL SIGNATURE : The sender “signs” a message with its private
key .Signing is achieved by a cryptographic algorithm applied to to the
message or to a small block of data that is a function of the message .
Key exchange: Two sides cooperate to exchange a session key .Several
different approaches are possible ,involving the private key(s) of one or
both parties.
Some public- key algorithms are suitable for all three applications , whereas
others can be used only for one or two of these applications
ECE, S.K.T.R.M.C.E
- 30 - VHDL Implementation of RSA
Algorithm Encryption/Decryption Digital Signature Key exchange
RSA Yes Yes Yes
Elliptic
curve
Yes Yes Yes
Diffie-
Hellman
No No Yes
DSS No Yes No
Table 2.2 Applications for public-key cryptosystems
ECE, S.K.T.R.M.C.E
- 31 - VHDL Implementation of RSA
2.4 RSA ALGORITHM:
The RSA algorithm is named after Ron Rivest, Adi Shamir and Len
Adleman, who invented it in 1977. The basic technique was first discovered in
1973 by Clifford Cocks but this was a secret until 1997.
The RSA algorithm can be used for both public key encryption and
digital signatures. Its security is based on the difficulty of factoring large
integers.
The RSA Algorithm makes use of an expression with exponentials.
Plain text is encrypted in blocks with each block having a binary value less
than some numbers n. that is, the block size must be less than or equal to
, in practice, the block size is bits, where
Both sender and receiver must know the value of n. the sender knows the value
of e, and only the receiver knows the value of d.
Thus, this is a public-key encryption algorithm with a public key of
Ku = {e, n} and a private key of Kr = {d, n}. For the algorithm to be
satisfactory for public key encryption the following requirements must be met.
1. It is possible to find values of e, d, n such that =M mod n for all
M< n.
2. It is relatively easy to calculate and for all values of M<n.
3. It is infeasible to determine d given e and n.
ECE, S.K.T.R.M.C.E
- 32 - VHDL Implementation of RSA
Given two prime numbers, p and q, and two integers, n and m. such that n=p*q and 0<m<n and arbitrary integer k, the following relationship holds
Where is the Euler Totient function, which is the number of
positive integers less than n and relatively prime to n. For p, q prime
. We achieve the desired relationship if then
i.e., e and d are multiplicative inverses of .
As per the modular arithmetic this true if d (and therefore e) is relatively prime
to . Equivalently
Thus for RSA scheme
p, q two prime numbers (Private, chosen)
n=p*q (Public, calculated)
e with (Public, chosen)
(Private, calculated);
The private key consists of {d, n} and public key consists of {e, n}. Suppose
that user A has published its public key and the user B wishes to send the
message M to A., then B calculates and transmits C. On receipt of
this cipher text, user A decrypts by calculates . The algorithm for
computing , b is represented in binary.
ECE, S.K.T.R.M.C.E
- 33 - VHDL Implementation of RSA
Key Generation :
1. Generate two large random primes, p and q, of approximately equal size
such that their product n = p*q is of the required bit length, e.g. 1024
bits. [See note 1].
2. Compute n = p*q and (φ) phi = (p-1)*(q-1).
3. Choose an integer e, 1 < e < phi, such that gcd(e, phi) = 1. [See note 2].
4. Compute the secret exponent d, 1 < d < phi, such that
ed ≡ 1 (mod phi). [See note 3].
5. The public key is (n, e) and the private key is (n, d). The values of p, q,
and phi should also be kept secret.
n is known as the modulus.
e is known as the public exponent or encryption exponent.
d is known as the secret exponent or decryption exponent.
a)Encryption:
The encryption is carried out as;
Sender does the following:-
1. Obtains the recipient's public key (n, e).
2. Represents the plaintext message as a positive integer m < n.
3. Computes the cipher text c = m^e mod n.
4. Sends the cipher text c to recipient.
b)Decryption
Recipient does the following:-
ECE, S.K.T.R.M.C.E
- 34 - VHDL Implementation of RSA
1. Uses his private key (n, d) to compute m = c^d mod n.
2. Extracts the plaintext from the integer representative m.
Summary of RSA:
n = p*q where p and q are distinct primes.
phi, φ = (p-1)*(q-1)
e < n such that gcd(e, phi)=1
d = e^-1 mod phi.
c = m^e mod n.
m = c^d mod n.
2.4.1 Implementation of RSA algorithm:
This is an example that explains the RSA algorithm.
1. Select primes p=11, q=3.
2. n = p*q = 11*3 = 33
phi = (p-1)*(q-1) = 10*2 = 20
3. Choose e=3
Check gcd(e, p-1) = gcd(3, 10) = 1 (i.e. 3 and 10 have no common
4.control unit library IEEE;use IEEE.STD_LOGIC_1164.all;use ieee.std_logic_unsigned.all;
entity cu is port(
rstin : in STD_LOGIC; clk : in STD_LOGIC; done1 : in STD_LOGIC; done2 : in STD_LOGIC; enable : in STD_LOGIC; c1 : buffer STD_LOGIC; c2 : buffer STD_LOGIC; e : out STD_LOGIC; read,write:out std_logic );
end cu;
architecture cu_arch of cu is
begin
ECE, S.K.T.R.M.C.E
- 74 - VHDL Implementation of RSA
process(clk) variable s :integer range 1 to 10;begin
if rstin='1'thenread<='-';write<='-';c1<='-';c2<='-';s:=1;e<='-';
elsif (clk'event and clk='1') and enable='1' thencase s is
when 1=> read<='1';write<='-';c1<='-';c2<='-';when 2=>read<='0';write<='-';c1<='1';c2<='1'; --initialize m,ultiplier--e<='0';when 3=>read<='0';write<='-';c1<='0';c2<='0'; --initialize modulus
port( rstin : in STD_LOGIC; clk : in STD_LOGIC; done1 : in STD_LOGIC; done2 : in STD_LOGIC; enable : in STD_LOGIC; c1 : buffer STD_LOGIC; c2 : buffer STD_LOGIC; e : out STD_LOGIC; read,write:out std_logic );
end component ;component op is
port( o_mod : in STD_LOGIC_VECTOR(15 downto 0); rst : in STD_LOGIC; write : in STD_LOGIC; cipher : out STD_LOGIC_VECTOR(15 downto 0)
);end component ; signal read,c1,c2,done1,e,done2,write:std_logic;signal o,out_mod:std_logic_vector(15 downto 0);
ECE, S.K.T.R.M.C.E
- 80 - VHDL Implementation of RSA
signal out_mul:std_logic_vector(31 downto 0);
beginu1: ip port map(plain,rst,read,o);u2:multi port map(rst,c1,c2,e,clk,o,out_mod,done1,out_mul);u3:mod1 port map(out_mul,rst,c1,c2,clk,out_mod,done2); u5:op port map(out_mod,rst,write,cipher);u4:cu port map(rst,clk,done1,done2,enable,c1,c2,e,read,write);
port( rstin : in STD_LOGIC; clk : in STD_LOGIC; done1 : in STD_LOGIC; done2 : in STD_LOGIC; enable : in STD_LOGIC; c1 : buffer STD_LOGIC; c2 : buffer STD_LOGIC; d : out STD_LOGIC; read,write:out std_logic );
end component ;component op_dec is
port(
ECE, S.K.T.R.M.C.E
- 90 - VHDL Implementation of RSA
o_mod : in STD_LOGIC_VECTOR(15 downto 0); rst : in STD_LOGIC; write : in STD_LOGIC; plain : out STD_LOGIC_VECTOR(15 downto 0)
);end component ; signal read,c1,c2,done1,d,done2,write:std_logic;signal o,out_mod:std_logic_vector(15 downto 0); signal out_mul:std_logic_vector(31 downto 0);
beginu1: ip_dec port map(cipher,rst,read,o);u2:multi_dec port
map(rst,c1,c2,d,clk,o,out_mod,done1,out_mul);u3:mod_dec port map(out_mul,rst,c1,c2,clk,out_mod,done2); u5:op_dec port map(out_mod,rst,write,plain);u4:cu_dec port
Analyzing Entity <controler_en> (Architecture <controler>).Entity <controler_en> analyzed. Unit <controler_en> generated.
Analyzing Entity <opbuffer> (Architecture <opbuf>).Entity <opbuffer> analyzed. Unit <opbuffer> generated.Synthesizing Unit <opbuffer>. Related source file is C:/Xilinx/bin/abc/opbuffer.vhd. Summary:
inferred 16 Latch(s).Unit <opbuffer> synthesized.Synthesizing Unit <controler_en>. Related source file is C:/Xilinx/bin/abc/controler_en.vhd. Found 1-bit register for signal <c1>. Found 1-bit register for signal <c2>. Found 1-bit register for signal <rd>. Found 1-bit register for signal <wr>. Found 1-bit register for signal <e>. Found 4-bit up counter for signal <cn>. Summary:
Unit <controler_en> synthesized.Synthesizing Unit <mod2>. Related source file is C:/Xilinx/bin/abc/MOD2.vhd. Found 16-bit register for signal <r>. Found 1-bit register for signal <done>. Found 16-bit subtractor for signal <$n0006> created at line 31. Found 32x7-bit multiplier for signal <$n0014> created at line 29. Summary:
Synthesizing Unit <mul2>. Related source file is C:/Xilinx/bin/abc/mul2.vhd. Using one-hot encoding for signal <i>. Found 1-bit register for signal <done>.
ECE, S.K.T.R.M.C.E
- 106 - VHDL Implementation of RSA
Found 32-bit register for signal <op>. Found 16x16-bit multiplier for signal <$n0008> created at line 40. Found 16x18-bit multiplier for signal <$n0009> created at line 45. Found 32-bit register for signal <i>. Summary:
Starting low level synthesis...Optimizing unit <controler_en> ...Optimizing unit <opbuffer> ...Optimizing unit <mod2> ...Optimizing unit <mul2> ...Optimizing unit <ipbuffer> ...Optimizing unit <en_top> ...Building and optimizing final net list ...FlipFlop x3_r_0 has been replicated 1 time(s)FlipFlop x3_r_1 has been replicated 1 time(s)FlipFlop x3_r_2 has been replicated 1 time(s)FlipFlop x3_r_3 has been replicated 1 time(s)FlipFlop x3_r_4 has been replicated 1 time(s)========================================================Final ResultsTop Level Output File Name : en_topOutput Format : NGCOptimization Criterion : SpeedTarget Technology : virtexKeep Hierarchy : NoMacro Generator : macro+
Analyzing Entity <dc_top> (Architecture <decryption>).Entity <dc_top> analyzed. Unit <dc_top> generated.
Analyzing Entity <d_ipbuffer> (Architecture <ipbuf>).Entity <d_ipbuffer> analyzed. Unit <d_ipbuffer> generated.
Analyzing Entity <d_mul2> (Architecture <d_mul2>). rst.Entity <d_mul2> analyzed. Unit <d_mul2> generated.Analyzing Entity <d_mod2> (Architecture <d_mod2>).Entity <d_mod2> analyzed. Unit <d_mod2> generated.Analyzing Entity <d_controler_dc> (Architecture <controler>).Entity <d_controler_dc> analyzed. Unit <d_controler_dc> generated.Analyzing Entity <d_opbuffer> (Architecture <opbuf>).Entity <d_opbuffer> analyzed. Unit <d_opbuffer> generated.Synthesizing Unit <d_opbuffer>. Related source file is C:/Xilinx/bin/abc/d_opbuffer.vhd. Summary:
inferred 16 Latch(s).Unit <d_opbuffer> synthesized.Synthesizing Unit <d_controler_dc>. Related source file is C:/Xilinx/bin/abc/d_control_dc.vhd. Found 1-bit register for signal <c1>. Found 1-bit register for signal <c2>. Found 1-bit register for signal <rd>. Found 1-bit register for signal <wr>. Found 1-bit register for signal <d>. Found 4-bit up counter for signal <cn>. Summary:
Synthesizing Unit <d_mod2>. Related source file is C:/Xilinx/bin/abc/d_mod2.vhd. Found 16-bit register for signal <r>. Found 1-bit register for signal <done>. Found 16-bit subtractor for signal <$n0006> created at line 33. Found 32x7-bit multiplier for signal <$n0014> created at line 31. Summary:
Unit <d_mod2> synthesized.Synthesizing Unit <d_mul2>. Related source file is C:/Xilinx/bin/abc/d_mul2.vhd. Using one-hot encoding for signal <i>. Found 1-bit register for signal <done>. Found 32-bit register for signal <op>. Found 16x16-bit multiplier for signal <$n0008> created at line 40. Found 16x18-bit multiplier for signal <$n0009> created at line 45. Found 32-bit register for signal <i>. Summary: