James C. Bradas, Ph.D. Engineering & Analysis Operation Engineering & Analysis Operation 18 June 2009 Public Key Encryption
James C. Bradas, Ph.D. Engineering & Analysis Operation 18 June 2009 Public Key Encryption.
Jan 17, 2016
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
James C. Bradas, Ph.D.
Engineering & Analysis OperationEngineering & Analysis Operation
18 June 2009
Public Key Encryption
A Bit of History
• In mid 1970s, the primary means of encrypting data was via “single-key encryption”. This uses a single mathematical formula or key to encrypt data or messages and requires the sender and receiver to have the key. If you want to share information with multiple users, all have to have the key. The more users, the less secure the key becomes.
• Whitfield Diffie & Martin Hellman at Stanford University proposed a solution in 1976 - Asymmetric “Public Key Encryption”.
• This system was perfected by three MIT students in 1977 – Ronald Rivest, Adi Shamir & Leonard Adleman. Their system has come to be known as RSA Public-Key Cryptography and is now the standard method of data encryption used today.
• An interesting article on the history of RSA encryption is contained at the website: http://www.fundinguniverse.com/company-histories/RSA-Security- Inc-Company-History.html
• RSA Encryption makes use of the properties of Prime Numbers to develop a unique and “break-proof” key for each sender.
ALL Integers Can Be Built From Prime Numbers
.
9333
82222
77
632
55
4222
33
22
2
3
2
etc
Prime Numbers are the “Elementary Particles”
of Mathematics
What Are Prime Numbers?
Prime Numbers are numbers divisible only by themselves and 1
The Fundamental Theorem of Arithmetic
ANY integer greater than 1 can be written as a UNIQUE product of prime numbers
864
32 27
4 8 3 9
2 32 2 2 2 3 3
35 32864
Integer Factorization of 864
A semi-prime number is the product of two (not necessarily distinct)prime numbers (not raised to a power greater than 1)
As of September 2008, the largest known semi-prime is:
2609,113,43 12 (has over 25 million digits)
This number is the square of the largest prime number discovered so far
White Light
SpectrometerColors of the Spectrum
Semi-Prime NumberPrime Number 1
Prime Number 2
There is no “Integer Factorization Spectrometer”
Cryptography, and in particular, RSA Public Key Encryption, makes useof the fact that it is EXTREMELY EASY to multiply two numbers togetherand EXTREMELY DIFFICULT to factor a semi-prime number into the product of prime numbers.
Factoring Semi-Prime Numbers is particularly challenging because there areonly TWO unique factors
RSA Uses Prime Numbers
RSA Encryption Scheme
I choose 2 extremely large prime numbers, p & q*.
This number, combined with modular arithmetic and the RSA scheme, provides secure data encryption.
If I use 128-bit encryption, then I choose a prime number between 2 &
38128 103.4 ,........938,920,366,282,34012
How many prime numbers are there in that range?
qpn
Gauss’ formula for estimatingthe number of prime numbers in
2 - N integers
How Large Are These Two Prime Numbers?
)ln(N
NN p
* In reality, much goes into the selection of the prime numbers to be used. They should not be tooclose together (p-q should not be less than 2n ). If p-1 or q-1 have only small prime factors, n canbe factored quickly by Pollard’s p-1 algorithm. There is some art to this.
1/4
RSA Uses Prime Numbers
RSA Encryption Scheme
I choose 2 extremely large prime numbers, p & q.
This number, combined with modular arithmetic and the RSA scheme, provides secure data encryption.
If I use 128-bit encryption, then I choose a prime number between 1 &
38128 103.4 ,........938,920,366,282,34012
36
128
128
108.32ln
2pN
How many prime numbers are there in that range?
qpn
How Large Are These Two Prime Numbers?
36
128
128
108.32ln
2pN
In order to determine p & q, I might use trial & error. In other words, pick a prime number p & divide it into n to see if I get the other prime number q.
To get an idea of the size of the problem, suppose I use trial & error.
Divide n by each prime number between 2 and
Approximate number of prime numbers using 128 bits
12101
12128
If my computer operates at Teraflop speed, I can do divisions per second
There are primes to try. 3610
12
36
10
10 Number of primes to try
Number of tries per secondsecs 1024
=
Size of the Problem
Since the universe is only seconds old, it will take a while!1810
What About Some Sort of a Lookup Table?
With 128-bit numbers, there are ~ prime numbers. If I take 2 at atime, there are possible combinations. The number ofelementary particles in the visible universe is around . There isn’tenough memory capacity to store all of the prime numbers between 1and , much less the number of possible combinations available.
Because of the number of primes, “table lookup” cannot be done. Theencryption algorithm must generate prime numbers “on the fly”.
3610723636 101010
8410
mli
kji
ppn
ppn
1
List of semi-prime integers
X
1st Prime 2nd Prime
3610
So What About Faster Computers?
Top500 – 2x per year – the 500 fastest known computer systems
The Top Three (As of June 2009)
1
2
3
1105 TFLOPs ( 1.105 PFLOPs )
1059 TFLOPs
825 TFLOPs ( )
IBM Roadrunner System @ LANL
Cray XTS Jaguar @ DOEs ORNL
IBM BlueGene/P @ FZJ in Germany12101
Even with Zettaflop performance, time is still seconds or about1 billion years.
1510
YottaFLOPS 10
taFLOPS Zet10
ExaFLOPS 10
PetaFLOPS 10
TeraFLOPS 10
GigaFLOPS 10
24
21
18
15
12
9
Today
# Floating Point Operations Per
Second Abbreviation
2007
~2008
So What About Faster Computers?
Top500 – 2x per year – the 500 fastest known computer systems
The Top Three (As of June 2009)
1
2
3
1105 TFLOPs ( 1.105 PFLOPs )
1059 TFLOPs
825 TFLOPs ( )
IBM Roadrunner System @ LANL
Cray XTS Jaguar @ DOEs ORNL
IBM BlueGene/P @ FZJ in Germany
by 2019?
12101
Even with Zettaflop performance, time is still seconds or about1 billion years.
1510
YottaFLOPS 10
taFLOPS Zet10
ExaFLOPS 10
PetaFLOPS 10
TeraFLOPS 10
GigaFLOPS 10
24
21
18
15
12
9
(That’s a Lotta FLOPS!)
Today
# Floating Point Operations Per
Second Abbreviation
by 2030?
Of course, no one actually tries every prime number by brute force.
There are algorithms that make it possible to make a reasonable “guess”based on the value of the number to be factored. However, given thesheer number of prime numbers, the task of finding the correct two primenumbers is still quite formidable.
A number of semi-prime numbers published by RSA in 1991 (54) have beensuccessfully factored (12) by networked computers. However, it took months to factor just one semi-prime number.
There is still no computer system/algorithm that can factor semi-primenumbers quickly (days – hours – minutes) which would put RSA encryptionat risk.
So Now That We’ve Convinced Ourselves About the Viability of Prime Numbers,
Let’s Look At How RSA Works
First, we need some basic modular arithmetic
)(modnba Two numbers a & b are congruent modulo nif their difference ( a – b ) is an integer multipleof n (the integer can be positive or negative).
knba We can write this as:
7
73
21
3
425
)3(mod425
k
So, for example:
)2(mod24
)7(mod122
)4(mod133
Other Examples
1
3
8
k
k
k
“a” divided by “n” is equal to some integer x “n” + “b”. “b” is the remainder
orn
bak
Note: the sign is NOT the same thing as an “=“ sign.
In our example, replace “25” by “x”. What values of x make thestatement true?
433
4
)3(mod4
kx
kx
x
onsoand
xk
xk
xk
xk
xk
if
13 then 3
10 then 2
7 then 1
4 then 0
1 then 1
:
onsoand
)3(mod413
)3(mod410
)3(mod47
)3(mod44
)3(mod41
So, the following are all true:
For RSA Encryption, we will be performing the following calculation:
)(mod
determine ,
nyx
thatsuchxnandyGiven
I claim that and y are congruent modulo n
n
yINTnyx
For RSA Encryption, we will be performing the following calculation:
)(mod
determine ,
nyx
thatsuchxnandyGiven
I claim that and y are congruent modulo n
kn
yx
means
nyx
)(mod
:Proof
n
yINTnyx
For RSA Encryption, we will be performing the following calculation:
)(mod
determine ,
nyx
thatsuchxnandyGiven
kn
yx
means
nyx
)(mod
:Proof
I claim that and y are congruent modulo n
n
yINTnyx
For RSA Encryption, we will be performing the following calculation:
)(mod
determine ,
nyx
thatsuchxnandyGiven
kn
yx
means
nyx
)(mod
:Proof
kn
yINT
kn
yny
INTny
nyx
)(mod
I claim that and y are congruent modulo n
n
yINTnyx
For RSA Encryption, we will be performing the following calculation:
)(mod
determine ,
nyx
thatsuchxnandyGiven
kn
yx
means
nyx
)(mod
:Proof
kn
yINT
kn
yny
INTny
nyx
)(mod
I claim that and y are congruent modulo n
n
yINTnyx
insert expression for x
For RSA Encryption, we will be performing the following calculation:
)(mod
determine ,
nyx
thatsuchxnandyGiven
kn
yx
means
nyx
)(mod
:Proof
kn
yINT
kn
yny
INTny
nyn
yINTny
)(mod
I claim that and y are congruent modulo n
n
yINTnyx
For RSA Encryption, we will be performing the following calculation:
)(mod
determine ,
nyx
thatsuchxnandyGiven
kn
yx
means
nyx
)(mod
:Proof
kn
yINT
kn
yny
INTny
nyn
yINTny
)(mod
I claim that and y are congruent modulo n
n
yINTnyx
For RSA Encryption, we will be performing the following calculation:
)(mod
determine ,
nyx
thatsuchxnandyGiven
kn
yx
means
nyx
)(mod
:Proof
kn
yINT
kn
yny
INTny
nyn
yINTny
)(mod
I claim that and y are congruent modulo n
n
yINTnyx
For RSA Encryption, we will be performing the following calculation:
)(mod
determine ,
nyx
thatsuchxnandyGiven
kn
yx
means
nyx
)(mod
:Proof
kn
yINT
kn
yny
INTny
nyn
yINTny
)(mod
I claim that and y are congruent modulo n
n
yINTnyx
For RSA Encryption, we will be performing the following calculation:
)(mod
determine ,
nyx
thatsuchxnandyGiven
kn
yx
means
nyx
)(mod
:Proof
kn
yINT
kn
yny
INTny
nyn
yINTny
)(mod
I claim that and y are congruent modulo n
n
yINTnyx
k is an integer
)(modnyx
n
yINTnyx
To solve for x given the expression
This means, divide y by n and find the remainder. x is the remainder.
Example: I want to solve for x given:
Bottom Line….
. 1 ,
1 1 3 4
)3(mod4
solutionaisxSo
remainderisbydivided
x
Proposed solution:
Alice Bob
Public Key
Private Key
Meet Alice & BobAlice & Bob want to send secure
messages to one another without fearof their messages being read
by a third party
Using RSA PKE, each person creates a “Public Key” and a “Private Key”
Their Public Key is sent to any party that wishes to send them a message
Their Private Key is kept to themselves
Alice
Private Key
Public Key
RSA Public Key Encryption SchemeAlice Creates Her Public & Private Key
1. Select two large prime numbers, p & q
)1)(1( qp
2. Compute their product – the “modulus” n:
3. Compute Euler’s “totient”
4. Choose e, 1 < e < such that the greatest common divisor (gcd) ( e , = 1
e is the “public key exponent”
( Common choices are e = 3, 17 & 65537 )
5. Compute d such that )(mod1 ed
( n , e )Public Key
( n , d )Private Key
d is the “private key exponent”
Alice)1)(1( qp
)(mod1 ed
( n , e )Public Key
( n , d )Private Key
)(11 qpnqppq
So Where’s the Secret?
qpn
Because Alice doesn’t publish the values of p & q –
an eavesdropper can’t determine and thus can’t determine the correct value of d which is needed for message decryption
The public knows this
The public DOESN’T know this
Alice Bob
Bob wishes to send a message to Alice
( n , e )Public Key
( n , d )Private Key
“M”
Alice Bob
Alice sends her public key to Bob
and keeps her private key secret
Bob wishes to send a message to Alice
( n , e )Public Key
( n , d )Private Key
“M”
Alice Bob
Alice sends her public key to Bob
and keeps her private key secret
Bob wishes to send a message to Alice
( n , e )Public Key
( n , d )Private Key
( n , e )Public Key
“M”
Alice Bob
Alice sends her public key to Bob
and keeps her private key secret
Bob wishes to send a message to Alice
Bob first turns his message M into an integer m (or series of integers) where 0 < m < n by using an agreed-upon reversible protocol known as a padding scheme. He then computes the cipher text c (for each integer in his message) via the following:
)(modnmc e
( n , e )Public Key
( n , d )Private Key
( n , e )Public Key
“M”
Alice Bob
Alice sends her public key to Bob
and keeps her private key secret
Bob wishes to send a message to Alice
Bob first turns his message M into an integer m (or series of integers) where 0 < m < n by using an agreed-upon reversible protocol known as a padding scheme. He then computes the cipher text c (for each character in his message) via the following:
)(modnmc eBob sends each “c” in the now-encrypted message to Alice.
( n , e )Public Key
( n , d )Private Key
( n , e )Public Key
“M”
Alice Bob
Alice Receives Bob’s Encrypted Message
( n , e )Public Key
( n , d )Private Key
“c”?
Alice Bob
Alice uses her Private Key and reverse padding schemeto decrypt Bob’s message
Alice Receives Bob’s Encrypted Message
( n , e )Public Key
( n , d )Private Key
“c”?
Alice Bob
Alice uses her Private Key and reverse padding schemeto decrypt Bob’s message
Alice Receives Bob’s Encrypted Message
( n , e )Public Key
( n , d )Private Key
)(modncm d
“c”?
Alice Bob
Alice uses her Private Key and reverse padding schemeto decrypt Bob’s message
Alice Receives Bob’s Encrypted Message
( n , e )Public Key
( n , d )Private Key
)(modncm d
Reverse Padding SchemeReverse Padding Scheme
m
“c”?
Alice Bob
Alice uses her Private Key and reverse padding schemeto decrypt Bob’s message
Alice Receives Bob’s Encrypted Message
( n , e )Public Key
( n , d )Private Key
)(modncm d
Reverse Padding SchemeReverse Padding Scheme
m
MAlice Recovers Bob’s Original Message “M”
“M”
Reverse Padding Scheme
Alice Bob
Sending Information from “B” to “A” – “Bob” and “Alice”Via RSA Public Key Encryption
EncryptedMessage
Bob’s Message
)(modnmc e
M m
M
Alice’s Public Key
)(modncm d M M
Bob’s Message is Recovered
Private Key
Public Key
Public Key
In Summary
( n , d )Alice’s Private Key
Related Documents
