The RSA Algorithm

Content

• Review of Encryption

• RSA

• An RSA example

Review of Encryption3

RSA

•By Rivest, Shamir & Adleman of MIT in 1977

•Best known & widely used public-key scheme

•Uses large integers (eg. 1024 bits)

•Security due to cost of factoring large numbers

Features:

•It is the easiest to understand as well as the most popular to implement

•RSA obtains its security from the difficulty of factoring large numbers.

RSA Key Generation

C=Me mod N, where 0≤M<NM C M=Cd mod N M

{e,N}

{d,N}

PU. Key PR. Key

Policy : Factoring a number is relatively hard compared to multiplying the factors together to generate the number

RSA Works with•Euler’s Totient Function

•Greatest Common Divisor

•Euclid’s Algorithm

•Extended Euclid’s Algorithm

•Fermat’s Little Theorem

RSA Key Setup

•Generate a public/private key pair:1. Generate two large distinct primes p and q2. Compute n = pq and φ(n) = (p − 1)(q − 1)3. Select an e(randomly),1 <e< φ, relatively prime to φ.

large

primes Unique factorization

φ(n) Euler’s totient function : ϕ(n) is the number of positive integers less than n which are relatively prime to n.• ϕ(n) is the number of a {∈ 1, 2, . . . , n − 1} with gcd(a, n) = 1. ►ϕ(1) = 1. ►If p is a prime number, then ϕ(p) = p − 1.

relatively prime to φ ► a, b ∈ N are relatively prime if gcd(a, b) = 1.

► Fermat Test

RSA Key Setup (continue)

• 

An RSA example

• 

An RSA example (continue)

• 

RSA Use

•To encrypt a message M the sender:▫obtains public key of recipient PU={e,N} ▫computes: C=Me mod N, where 0≤M<N

•To decrypt the ciphertext C the owner:▫ uses their private key PR={d,p,q} ▫computes: M=Cd mod N

How Fast is RSA?

•By comparison, DES and other block ciphers are much faster than RSA.

• In software, DES is generally at least 100 times as fast as RSA.

•In hardware, DES is between 1,000 and 10,000 times as fast, depending on the implementation.

14

Mathematical Theorems

Greatest Common Divisor

• 

Euclid’s Algorithm• Euclid’s algorithm is based on the theorem gcd(a, b) = gcd(b, a mod b) for any nonnegative integer

a and any positive integer b.• For example, gcd(55, 22) = gcd(22, 55 mod 22) = gcd(22,

11) = 11.• The algorithm is Euclid(a, b) 1 if b = 0 2 then return a 3 else return Euclid(b, a mod b)

• Euclid(30, 21) = Euclid(21, 9) = Euclid(9, 3) = Euclid(3, 0) = 3.

Extended Euclid’s Algorithm

• 

Extended Euclid’s Algorithm

  d=9

(9b-1) is a multiple of (a)9b-1=5a

1= -5a+9b

RSA Security

• three approaches to attacking RSA:

▫brute force key search (infeasible given size of numbers)

▫mathematical attacks (based on difficulty of computing ø(N), by factoring modulus N)

▫timing attacks (on running of decryption)