Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Number Theory and Advanced Cryptography 5. Cryptanalysis of RSA Chih-Hung Wang Sept. 2012 Part I: Introduction to Number Theory Part II: Advanced Cryptography.

Published byHector Kennedy Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Number Theory and Advanced Cryptography 5. Cryptanalysis of RSA Chih-Hung Wang Sept. 2012 Part I: Introduction to Number Theory Part II: Advanced Cryptography."— Presentation transcript:

1 1 Number Theory and Advanced Cryptography 5. Cryptanalysis of RSA Chih-Hung Wang Sept. 2012 Part I: Introduction to Number Theory Part II: Advanced Cryptography

2 2 RSA Cryptosystem (1)  Page 258

3 3 RSA Cryptosystem (2)

4 4 RSA Cryptosystem  1977 by Ron Rivest, Adi Shamir, and Len Adleman (MIT)  The first “ secure ” & “ practical ” public key cryptosystem  A block cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n

5 5 The RSA Algorithm (1/2)

6 6 The RSA Algorithm (2/2)

7 7 RSA Example

8 8 N=119 = p*q =7*17 e=5; e*d =1 mod 6*16 d=77

9 9 Active attacks on cryptosystems (1)  Chosen-plaintext attack (CPA)  Chosen-ciphertext attack (CCA)

10 10 Active attacks on cryptosystems (2)  Adaptive chosen-ciphertext attack (CCA2)

11 11 Attack Scenarios

12 12 The RSA Problem and Assumption

13 13 Insecurity of the Textbook RSA Encryption  Theorem 8.1 The RSA cryptosystem is “ all-or-nothing ” secure against CPA if and only if the RSA assumption holds.

14 14 Meet-in-the-middle attack (1)  The multiplicative property of the RSA function  Space cost: 2 length/2 logN bits  Time cost: O B (2 length/2 +1 (length/2+log 3 N))

15 15 Meet-in-the-middle attack (2)

16 16 Inadequacy of the CPA security of the RSA (1) Blind attack

17 17 Inadequacy of the CPA security of the RSA (2)

18 18 Common modulus protocol failure (1) outsider attack  Description

19 19 Common modulus protocol failure (2) outsider attack

20 20 Common modulus protocol failure (3) insider attack  A square root of 1 mod M

21 21 Common modulus protocol failure (4) insider attack  Finding a nontrivial square root of 1 mod M

22 22 Common modulus protocol failure (5) insider attack  Given a public key e 1, the holder of of an encryption/decryption pair e 2, d 2 can generate the private key of another user.

23 23 The low exponent protocol failure (1)  Use a small exponent for RSA public key in order to make the calculations for encryption fast and inexpensive to perform.  Problem description

24 24 The low exponent protocol failure (2) salvaging  Never send exactly the same message

25 25 Other attacks (1)  GCD attack Franklin and Reiter Coopersmith, Franklin and Patarin (Eurocrypt ’ 96)

26 26 Other attacks (2)  The Wiener ’ s attack Wiener pointed out that if the secret key d was chosen too small, then it might be recovered

27 27 Constraints of RSA  Key Requirement Key size in the range of 1024 to 2018 bits p and q should differ in length by only a few digits. Thus, both p and q should be on the order of 10 75 to 10 100. Both (p-1) and (q-1) should contain a large prime factor gcd(p-1,q-1) should be small

28 28 Factorization Techniques  Fermat Factorization  Monte Carlo Factorization  The Pollard p-1 method of Factorization [239]

29 29 Fermat Factorization (1)

30 30 Fermat Factorization (2)

31 31 Fermat Factorization (3) Example

32 32 Monte Carlo Factorization (1)

33 33 Monte Carlo Factorization (2)

34 34 Monte Carlo Factorization (3) Example [1]

35 35 Monte Carlo Factorization (4) Example [2]

36 36 The Pollard p-1 method of Factorization (1)

37 37 The Pollard p-1 method of Factorization (2) Example

38 38 Optimal Asymmetric Encryption Padding (OAEP)  Page 508 RSA-OAEP & Rabin-OAEP The plaintext message encrypted inside the RSA- OAEP scheme can have a length up to 84% of the length of the modulus. PKCS#1, IEEE P1363 & SET

39 39 Optimal Asymmetric Encryption Padding (OAEP)  RSA-OAEP (page 503)

40 40 OAEP — Mixing of different algebraic structures

41 41 RSA-OAEP Algorithm (1) Page 324

42 42 RSA-OAEP Algorithm (2)

43 43 RSA-OAEP Algorithm (3)

44 44 OAEP Property  Plaintext Randomization A padding scheme like OAEP has a random input value which adds the randomness to the distribution of the padding result.  Data Integrity Protection Provides the decryption end with a mechanism to check data integrity.

Download ppt "1 Number Theory and Advanced Cryptography 5. Cryptanalysis of RSA Chih-Hung Wang Sept. 2012 Part I: Introduction to Number Theory Part II: Advanced Cryptography."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.

CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.
Cryptography and Network Security

Cryptography and Network Security
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
CSE331: Introduction to Networks and Security Lecture 19 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 19 Fall 2002.
Public Key Encryption Algorithm

Public Key Encryption Algorithm
Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.
7. Asymmetric encryption-

7. Asymmetric encryption-
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.

Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:

Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:
1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.

1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.
Public Encryption: RSA

Public Encryption: RSA
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Cryptography and Network Security Chapter 9. Chapter 9 – Public Key Cryptography and RSA Every Egyptian received two names, which were known respectively.

Cryptography and Network Security Chapter 9. Chapter 9 – Public Key Cryptography and RSA Every Egyptian received two names, which were known respectively.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.

Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.

Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
Cryptography and Network Security Chapter 9 5th Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 9 5th Edition by William Stallings Lecture slides by Lawrie Brown.

Similar presentations

Ads by Google