Lecture 3 (Chapter 9) Public-Key Cryptography and RSA Prepared by Dr. Lamiaa M. Elshenawy 1

 Principles of Public-Key Cryptosystems  Public-Key Cryptosystems  Applications for Public-Key Cryptosystems  Requirements for Public-Key Cryptography  Public-Key Cryptanalysis  RSA Algorithm  Description of the Algorithm  Computational Aspects  Security of RSA

 Asymmetric Encryption (Diffie and Hellman, 1976) Public Key (PUK) Private Key (PRK) Plaintext Encryption Algorithm Decryption Algorithm PUK / PRK Plaintext

 Asymmetric Encryption  RSA most widely public-key cryptosystem Confidentiality Authentication

 Plaintext: readable message or data that is fed into the algorithm as input  Encryption algorithm: performs various transformations on plaintext  Public and private keys: pair of keys selected, if one used for encryption, other used for decryption  Ciphertext: scrambled message. It depends on plaintext and the keys. Two different keys produce two different ciphertexts  Decryption algorithm: accepts ciphertext and key to produce the original plaintext

 Encryption /decryption  Digital signature  Key exchange

 Easy computation (B) (PUK,PRK)  Easy computation (A) (PUK, M)  Easy computation (B) (PRK, C) generate know generate decrypt

 Infeasible computationally (adversary (PUK) (PRK)  Infeasible computationally (adversary) (PUK,C) (M) know determine recover know

 One-way function Trap-door one- way function

 Use large keys tradeoff (brute- force attack, encryption/decryption)  PUK PRK (not proven mathematically) recover

 Ron Rivest, Adi Shamir, and Len Adleman (Rivest-Shamir-Adleman) (RSA, 1977)  Plaintext is encrypted in blocks  Block (has binary value) < n  Block size <= Log 2 (n) + 1  Sender and Receiver n  Sender e  Receiver d

Euler's totient function (or Euler's phi function), denoted as φ(n) or ϕ (n), is an arithmetic function that counts the positive integers less than or equal to n are relatively prime to n Leonhard Euler (15 April 1707 – 18 September 1783) was a Swiss mathematician, physicist, astronomer, logician and engineer

mod 187 = [(88 4 mod 187) × (88 2 mod 187)× (88 1 mod 187)] mod mod 187 = mod 187 = 7744 mod 187 = mod 187 = 59,969,536 mod 187 = mod 187 = (88 × 77 × 132) mod 187 = 894,432 mod 187 = 11

mod 187 = [(11 1 mod 187 ) × (11 2 mod 187 )× (11 4 mod 187 )] × (11 8 mod 187) × (11 8 mod 187)] mod mod 187 = mod 187 = mod 187 = 14,641 mod 187 = mod 187 = 214,358,881 mod 187 = mod 187 = (11 × 121 × 55 × 33 × 33) mod 187 = 79,720,245 mod 187 = 88

3. Timing attacks depend on running time of decryption algorithm  Constant exponentiation time: ensure that all exponentiations take the same amount of time  Random delay: add random delay to exponentiation algorithm  Blinding: multiply ciphertext by a random number

4. Chosen ciphertext attacks: Exploits properties of RSA algorithm Optimal Asymmetric Encryption Padding (OAEP)

Let M=7 1.Select primes p=11, q=3 2.Calculate n = pq = 11 x 3 = 33 Ø = (p-1)(q-1) = 10 x 2 = 20 3.Choose e=3, Check gcd(e, Ø) =1 4.Compute d, ed ≡ 1 (mod Ø) or Ø divides (ed-1) or ed+Øk=1 Simple testing (d = 1, 2,...) Check: ed-1 = 3X7 - 1 = 20, which is divisible by Ø 5. Public key: PU = {n, e} = {33, 3} Private key: PR= {n, d} = {33, 7} 6. C = M e mod n = 7 3 mod 33 = 343 mod 33 = M= C d mod n =13 7 mod (4+2+1) = (13 4 x13 2 x13 1 ) mod 33 = (16 x 4 x 13 ) mod 33 = 832 mod 33= 7

Thank you for your attention