Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.

Public Key Encryption and the RSA Public Key Algorithm

CSCI 5857: Encoding and Encryption

Outline

• Basic concepts of public key encryption– One-way functions– Trapdoor functions

• The RSA public key algorithm– Encryption/decryption functions– Public/private key generation– Underlying mathematics

3

Public Key Encryption• Recipient (Alice) generates key pair:

– Public key kPU• Does not have to be kept secret• Distributed to all senders (such as Bob)

– Private key kPR• Kept secret by Alice

+

Key pair generator

Copy of Alice’s public key

4

Public Key Encryption• Bob uses Alice’s public key kPU to encrypt message

– C = E(kPU, P)• Alice uses her private key kPR to decrypt message

– P = D(kPR, C)

EPAlice’s kPU

DC

PAlice’s kPR

List of others’ public keys

5

Public Key Encryption• Central idea:

Adversary cannot determine private key from corresponding public key– Could theoretically find private key, but computationally

infeasible to do so– Cannot read intercepted messages encrypted with public

key

“I still can’t compute

6

Public and Symmetric KeysProblem:How to securely distribute a symmetric key KS ?

Solution:1. Use public key encryption to securely send it2. Use faster symmetric key algorithm (like AES) to securely

transmit the rest of the message

Eks DEpublic (kS, kPU)

P

ks

E DP Esymmetric (P, kS)

7

Public Key Math

• Public key algorithms are mathematical functions of integer numbers– Keys are large numbers (hundreds of digits long)– Plaintext translated to large numbers (not bits)– Encryption is a mathematical function of plaintext and key

which creates another large number as ciphertext

Alice’s KPU Alice’s KPR

8

Trapdoor One-Way FunctionsOne-way functions:

– Function: y = f (x) – Inverse function: x = f -1 (y)

• Given x, y = f (x) very easy to compute• Given y, x = f -1 (y) computationally infeasible to compute

Example: Factoring– p and q are very large prime numbers– n = p x q is easy to compute– Factoring n into p and q infeasible

• Must try almost all possible p and q

9

Trapdoor One-Way Functions

Trapdoor functions:• Given one-way function: y = f (x) • There exists some “secret trapdoor” that allows

x = f -1 (y) to be easily computed

Example (very simple):• n = p x q product of two large primes• Factoring n into p and q to find p infeasible• Finding p is easy if know q

– q is a “trapdoor” for finding p from n

10

Trapdoor One-Way Functions

Idea behind public-key encryption:

• Encryption function C = E (KPU, P) must be one way– Must not be able to compute P from C

• Must have trapdoor to allow decryption– Must be able to easily compute P from C if know trapdoor

• Trapdoor = private key

11

Trapdoor One-Way Functions• Discrete Logarithms

– RSA, Rabin, ElGamal, Diffie-Hellman– Easy to implement, well understood

• Elliptic Curve– Discrete logarithms represented as curves– Much faster than factoring/discrete logarithms

• NP-Complete problems – Example: “knapsack problem”, Merkle and Hellman (1978)– Exponential time to solve problem– Easy to confirm solution if given

12

RSA Algorithm

• First widely used public key encryption algorithm– Developed for public use in 1977 by Ron Rivest, Adi

Shamir, and Leonard Adleman at MIT – Developed secretly in 1973 by Clifford Cocks (British

mathematician working for UK intelligence)– MIT granted a patent for RSA (expired in 2000)

• Still most widely used public key algorithm– Part of most cryptosystems (SSH, PGP, etc.)

13

RSA Algorithm• Based on modular exponentiation function• Central component: large modulus n

– RSA requires at least 1024 bit values for n– Equivalent to approximately 309 digit decimal number

• Encryption:C = PE mod n easy to compute– Plaintext P and ciphertext C both large integers– Modulus n and exponent E are public key

14

RSA Algorithm

• “Modular logarithm” problem:P = E C mod n infeasible to compute

– Given ciphertext C and public key E, n for what integer P does C = PE mod n?

– Example: For what P does P 343 mod 159197 = 33677?– Would have to test all P < n to find a P such that C = PE mod n

• Trapdoor for decryption: Exists D such that P = CD mod n– n must be product of two primes p and q– D is secret private key based on E, p and q

15

RSA Algorithm

16

RSA Key Generation

• Select 2 large primes p and q– At least 512 bits (154 decimal digits)

• Compute n = p q

• Compute Φ(n) = (p -1) (q -1)– Euler totient function– Cannot compute directly from n without factoring into p

and q– Crucial that multiplication of large primes is one way!

17

RSA Key Generation

• Select some E for encryption– 1 < E < Φ(n) – E is relatively prime to Φ(n)

• Compute D as E-1 mod Φ(n) – ED mod Φ(n) = 1

• Public key: E and n• Private key: D

18

RSA Example• Public key: n = 159197 (from 397 401)

E = 343 note that these are too small in reality!Known to sender Bob

• Private key: D = 12007= 343-1 mod 158400 (that is, 396 x 400) Known only by recipient Alice

19

RSA Mathematics

Must show: P = C D mod n = (P E)D mod n = P ED mod nWhere ED mod Φ(n) = 1

Based on Euler’s theorem:• If n = p q and P < n • Then P k Φ(n) + 1 mod n = P for all integer k

20

RSA Mathematics

Proof (sort of):• (k Φ(n) + 1) mod Φ(n) = 1

Since k Φ(n) is divisible by Φ(n)

• There exists some k such that ED = k Φ(n) + 1 Since also have ED mod Φ(n) = 1

• P ED mod n = PSubstituting ED for k Φ(n) + 1 in Euler’s Theorem