Public Key Cryptosystems RSA Diffie-Hellman Department of Computer Engineering Sharif University of Technology 3/8/2006
Public-Key Cryptosystems Encryption and decryption procedure A procedure consists of a general method and a key D(E(M)) = M Both E and D are easy to compute D is not easily computable from E E(D(M)) = M
Signatures The signature must be message-dependent, as well as signer-dependent Bob wants to send Alice a “signed” message Sends E A (D B (M)) Bob cannot deny having sent Alice this message Alice cannot modify M (use Bob’s sign for M’)
RSA Ron Rivest, Adi Shamir and Leonard Adleman Represent the message as integers between 0 and n-1 C M e (mod n), for a message M M D(C) C d (mod n), for a cipher text C Encryption does not increase the size of a message Encryption key is (e, n), Decryption key is (d, n)
The Keys Generate two large random primes, p and q n = pq Pick d, a large random integer, relatively prime to (p-1)(q-1) e is the “multiplicative inverse” of d mod (p-1)(q-1) e.d 1 ( mod (p-1)(q-1) ) Prove that D(E(M)) M (mod n) E(D(M)) M (mod n)
An Example p = 2, q = 11 n = 22 d should be relatively prime to (p-1)(q-1) = 10 d should be relatively prime to (p-1)(q-1) = 10 d = 7 e is the “multiplicative inverse” of d mod 10 e = 3 (e.d = 3 * 7 = 21 1 (mod 10)) The message, M = 4 The message, M = 4 C = M e mod 22 = 4 3 mod 22 = 20 M’ = C d mod 22 = 20 7 mod 22 = 4 = M M’ = C d mod 22 = 20 7 mod 22 = 4 = M
The Underlying Mathematics (n) : The Euler totient function (p) = p-1 for prime numbers (n) = (p). (q) = (p-1).(q-1) e.d 1 ( mod (p-1)(q-1) ) e.d 1 ( mod (n) ) D(E(M)) (E(M)) d (M e ) d M e.d (mod n) E(D(M)) (D(M)) e (M d ) e M e.d (mod n) Using the corollary of Euler’s theorem M e.d M k (n) + 1 (mod n)
How to find Large Prime Numbers? Generate odd 100-digit random numbers (n) by the prime numbers theorem, about ln( )/2 = 115 numbers will be tested before a prime is found Test n with WITNESS(a, n) for 100 randomly choosen values of a A negligible chance of for n to be composite also the receiver would probably detect this (decryption doesn’t work correctly)
Large Prime Numbers (cont’d) For more protection against factoring algorithms : p and q should differ in length by a few digits gcd (p - 1, q - 1) should be small both (p - 1) and (q - 1) should contain large prime factors to do so, generate a large prime u and let p be the first prime in the sequence ku + 1 for k = 2, 4, 6, …
Factoring n Factoring n break RSA No polynomial-time algorithm known for Turing machines Some quantum computer algorithm can factor in polynomial-time Currently, unable to handle more than a half- dozen bits The fastest algorithm known, by Richard Schroeppel, can factor n in ~ n steps sqrt ( ln ln(n) / ln(n) )
Factoring n (cont’d) If P = NP breaking such systems is easy An NP decision problem with complexity equivalent to that of integer factoring : L fact = { | there exist d (1 | there exist d (1 < d < a and d | b)} The complement of L fact is also in NP (use the prime factorization of b as the certificate) Factoring NP co-NP If Factoring is NP-hard then NP = co-NP
Security (Cryptanalytic Approaches) Obvious approaches for breaking this system are at least as difficult as factoring n Computing (n) without factoring n Not easier than factoring n, n can be factored using (n) (n) = (p-1).(q-1) = n - (p + q) + 1 compute (p + q) (n) = (p-1).(q-1) = n - (p + q) + 1 compute (p + q) (p - q) 2 = (p + q) 2 - 4n compute p and q Determining d without factoring n or computing (n) d (e.d - 1) is a multiple of (n) n can be factored using any multiple of (n) (Miller)
Diffie-Hellman Key Exchange q and α: public elements α < q and α a primitive root of prime number q Alice Select private X A < q Calculate public Y A = α X mod q Bob Select private X B < q Calculate public Y B = α X mod q Generation of secret key: Alice: (Y B ) X mod q = Bob: (Y A ) X mod q A B A B
References A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, R.L. Rivest, A. Shamir, and L Adleman ( The P versus NP problem, Stephen Cook ( f) f Introduction to Quantum Information Processing, Richard Cleve ( Cryptographic Algorithms ( Introducing Public Key Cryptosystems (