Presentation is loading. Please wait.

Presentation is loading. Please wait.

Attacks on Digital Signature Algorithm: RSA

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Attacks on Digital Signature Algorithm: RSA"— Presentation transcript:

1 Attacks on Digital Signature Algorithm: RSA
John Nguyen

2 RSA as a Digital Signature Algorithm
The need for digital signature: online banking, routable forms… Requirement: something uniquely identify oneself, and people can verify that unique identification. RSA is a public key cryptography which offers that need. Private key to sign the message. Public key to verify the signature.

3 RSA A public key algorithm Easy to understand and implement
Popular, used by numerous companies such as Motorola and Adobe in its Acrobat product. De facto standard in much of the world.

4 RSA Algorithm Choose 2 large prime numbers p and q
Then compute: n = pq Choose e such that e and (p-1)(q-1) are relatively prime. key d can be computed by using extended Euclidean algorithm: ed ≡ 1 mod (p-1)(q-1)

5 RSA Encrytion Public key: n and e Private key: d Encrypting:
c = me mod n Decrypting: m = cd mod n Digital signature: c = md mod n (signing) m = ce mod n (verification)

6 Proof cd = (me)d (mod n) = med = mk(p-1)(q-1) + 1 = mmk(p-1)(q-1)
mk(p-1)(q-1) = mk(n) = m* 1 (Euler’s generalization of Fermat’s little theorem)

7 Security of RSA Factoring n is the most obvious attack.
Difficult Factoring techonology: best 129-decimal-digital modulus N must be larger than that to be secure Guessing value of (p-1)(q-1), but the difficulty is the same as factoring n Common attacks against RSA’s implementation: attack against the protocol, not the basic algorithm.

8 Chosen Cipher Attack against RSA
Eve: attacker, Alice: user Eve got c encrypted by Alice’s public key. Eve wants to read plaintext m from c. Mathematically, Eve needs d: m = cd, but Eve does not know d. Eve decided to figure out m without first knowing exactly what d is.

9 Chosen Ciphertext attack…
Eve chooses a random number r (r < n), then compute: x = re mod n y = xc mod n t = r-1 mod n Eve gets Alice to sign y with her private key, therefore decrypting y. Alice sends Eve: u = yd mod n Eve computes, and get m: tu mod n = r-1yd mod n = r-1xdcd mod n = cd mod n = m

10 Prevent against this chosen ciphertext attack
Signing and encrypting (& decrypting) are 2 different things. They can be done separately. 1 set of keys for signing and verification. 1 set of keys for decrypting and encrypting. Sign on a one-way hash of message, not the message. Signing will not decrypt the message, so Eve can not figure out m

11 Attack on Encrypting and Signing with RSA
Alice sends a message m to Bob She encrypts m with Bob public key, then signs with her private key: (meB mod nB)dA mod nA Bob can claim that Alice sent him m’, not m. He can find x, such that: m’x = m mod n If he can publish xeB replace old eB

12 To prevent this attack…
Assign each user fixed keys Usually be done by third party: VeriSign… Moreover, common good practice: sign first, encrypt later.

Download ppt "Attacks on Digital Signature Algorithm: RSA"

Similar presentations

RSA.

RSA.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
RSA cryptosystem 1 q The most important public-key cryptosystem is the RSA cryptosystem on which one can also illustrate a variety of important ideas of.

RSA cryptosystem 1 q The most important public-key cryptosystem is the RSA cryptosystem on which one can also illustrate a variety of important ideas of.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
22C:19 Discrete Structures Integers and Modular Arithmetic

22C:19 Discrete Structures Integers and Modular Arithmetic
BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.

BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.
Public Key Encryption Algorithm

Public Key Encryption Algorithm
Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Overview of Cryptography Oct. 29, 2002 Su San Im CS Dept. EWU.

Overview of Cryptography Oct. 29, 2002 Su San Im CS Dept. EWU.
Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:

Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:
1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.

1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.
Public Encryption: RSA

Public Encryption: RSA
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Topic 5 Essential Public Key Crypto Methods.

The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Topic 5 Essential Public Key Crypto Methods.

Similar presentations

Ads by Google