Presentation is loading. Please wait.

Presentation is loading. Please wait.

Public Key Encryption Major topics The RSA scheme was devised in 1978

Published byJeffery Hancock Modified over 6 years ago

Similar presentations

Presentation on theme: "Public Key Encryption Major topics The RSA scheme was devised in 1978"— Presentation transcript:

1 Public Key Encryption Major topics The RSA scheme was devised in 1978
How does public key encryption work? How are modular exponential values calculated? How hard is it to find prime numbers? How hard is it to factor the product of two large primes? The RSA scheme was devised in 1978 RSA stands for Rivest, Shamir, Aldeman The public key approach does not require mutual knowledge of a secret key, thus it is appropriate for secure information transfer over the Internet However the transfer of large amounts of information is best done using a secret key; the RSA scheme can be used to share this key

2 RSA public-key encryption
Each participant has a public key and a private key Both keys specify 1-to-1 functions from a message to itself; these functions are inverses, as seen here M = SA(PA (M)) and M = PA (SA (M)) Only user A (Alice) should be able to compute SA ( ) is a reasonable length of time; everyone knows PA and can compute PA ( ) efficiently The next slides describe how this system works

3 Sending a message Any eavesdropper cannot read the message since he cannot compute SA( ) based on PA ( )

4 Sending a Digital Signature
Another interesting application is to send a digital signature; this works “in reverse” Bob needs to know that a document received via the Internet really came from Alice Alice uses her secret code to encrypt her “signature” Bob uses Alice’s public key to decrypt the signature and verify it is Alice since no one else knows Alice’s private key

5 Creating public and private keys

6 A Sample Calculation Consider the prime numbers p = 11, q = 29.
n = pq = 319 and (p-1)(q-1) = 280. Select e = 3 and calculate d as the multiplicative inverse of e mod It turns out that d = 187 because e * d ≡ 3 * 187 ≡ 1 (mod 280) Suppose we want to encrypt the message M = 100 using the public key (3, 319), we calculate 1003 (mod 319) ≡ 254 To decrypt 254 using the private key (187, 319) we calculate (mod 319) ≡ 100 A first question is how quickly can we calculate a value like (mod 319) ?

7 Modular Exponentiation
Each iteration uses one of these identities a2c mod n = (ac)2 mod n or a2c+1 mod n = a * (ac)2 mod n

8 An Example Calculation
Find ab mod n when a = 7, b = 560 ( ) and n = 561 (166)2 (mod 561) (49)2 (mod 561) (67)2 (mod 561) (157)2 (mod 561) 7(526)2 (mod 561) (298)2 (mod 561) 7(160)2 (mod 561) (241)2 (mod 561)

9 Decoding the Message = 100 Find ab (mod n) when a = 254, b = 187, and n = 319 i 8 7 6 5 4 3 2 1 bi c 11 23 46 93 187 d 254 78 100 122 67 (254)2 (mod 319) 254(23)2 (mod 319) 254(78)2 (mod 319) 254(67)2 (mod 319) 254(100)2 (mod 319) (67)2 (mod 319) 254(122)2 (mod 319)

10 How Easy is it to Find Large Primes?
The p and q in the RSA algorithm are primes We must be able to find two large prime numbers quickly We also hope it is difficult to factor the product of two large primes (a later topic) Brute force approach Generate a large odd number The fundamental theorem of arithmetic states that any number has a unique factorization into prime factors (only re-ordering is possible) So divide by all primes up to the square root of the number, if no factors are found, the number is prime Unfortunately, this is too slow for large numbers

11 The Density of Primes primes are reasonably dense, so finding a large prime should not be too time consuming the prime distribution function (n) gives the number of primes <= n For n = 109, (n) = 50,847,478 and n/ln n = 48,254,942 which is less than 6% error the probability a random integer n is prime is 1/ln n for a hundred digit number, approximately 115 odd numbers would need to be chosen to find a prime

12 Some Mathematical Foundations
If a number is a nontrivial square root of 1 (mod n), then it must be composite If a number is prime, then the result of the witness algorithm (next slide) must be 1; otherwise, according to Fermat’s theorem, the number must be composite

13 Miller-Rabin Primality Testing
Nontrivial square root of 1, so composite Must be composite due to Fermat’s theorem Very likely the number is prime, but not for sure

14 Miller-Rabin Algorithm
s is the number of witnesses to be chosen randomly If any witness is found, n must be composite For a b-bit number, Miller-Rabin requires O(s b) arithmetic operations and O(s b3) bit operations

15 Error rate for Miller-Rabin
Choice of s if s is 50, then the probability of an error is “infinitesimally small” (much less than 2-50) smaller values of s are good enough for most applications

16 How Easy is it to Factor p*q ?
The problems It is easy to find two large primes p and q, so in the public key algorithm we set n = p*q The encryption can be broken if n can be factored Some techniques for finding factors Pollard Rho and Pollard p-1 Quadratic sieve algorithm Elliptical curve algorithm We will only look at Pollard Rho First we need to lay some mathematical foundations with the Chinese Remainder Theorem

17 Chinese Remainder Theorem
Around 100 AD Sun-Tsu solved the following Find those integers that leave remainders 2,3,2 when divided by 3,5,7 respectively all solutions have the form x in general finds a correspondence between a system of equations modulo pairwise relatively prime moduli (3,5,7) and an equation modulo their product (105) Chinese remainder theorem has two uses given n = n1n2…nk then the structure of Zn is identical to Zn1 x Zn2 x … x Znk this can give efficient algorithms since Zn can be decomposed into smaller systems

18

19 An Example Problem

20 Pollard’s rho heutistic
neither the running time nor success is guaranteed any divisor it finds will be correct, but it may never report any results in practice, it is the one of the most effective means of factorization currently known it will print the factor p after approximately p iterations; thus it finds small factors quickly

21 Pollard’s rho heuristic
The while loop searches indefinitely for factors generating a new xi each time Lines 1-4 are for initialization The xi values saved in y are when i = 1,2,4,8,16, … d is the gcd of y- xi and n; if it is nontrivial then it is printed as a factor of n If n is composite, we expect to find enough divisors to factor n after approximately n1/4 updates

22 The Big Picture

23 The rho diagrams (a) is generated by the xi starting at 2 for n = 1387
The factor 19 (since 1387 = 19 * 73) is discovered when the xi is 177, this is before the value 1186 is repeated (b) show the recurrence for mod 19, every xi in part (a) is equivalent to the xi‘ mod 19 (c) shows the recurrence for mod 73, again every xi in part (a) is equivalent to the xi” mod 73 By the Chinese remainder theorem, each node in (a) corresponds to a pair of nodes in (b) and (c)

24 A Summary of Public Key Encryption
Public key encryption is based on A public key P = (e, n) is used to encrypt using P(M) = Me (mod n) = C for message M Secret key (d, n) decrypts using S(C) = Cd (mod n) = M It’s success depends on the ease of finding two large primes since n = p*q and the difficulty in factoring the product of two large primes Using probabilistic approaches like Miller-Rabin large primes can be found quickly However, even the best probabilistic approaches, such as Pollard Rho, cannot factor this product in a reasonable amount of time

Download ppt "Public Key Encryption Major topics The RSA scheme was devised in 1978"

Similar presentations

RSA.

RSA.
Section 4.1: Primes, Factorization, and the Euclidean Algorithm Practice HW (not to hand in) From Barr Text p. 160 # 6, 7, 8, 11, 12, 13.

Section 4.1: Primes, Factorization, and the Euclidean Algorithm Practice HW (not to hand in) From Barr Text p. 160 # 6, 7, 8, 11, 12, 13.
Data encryption with big prime numbers

Data encryption with big prime numbers
22C:19 Discrete Structures Integers and Modular Arithmetic

22C:19 Discrete Structures Integers and Modular Arithmetic
Number Theory Presented by Shrividya Shivkumar and George Frederick.

Number Theory Presented by Shrividya Shivkumar and George Frederick.
22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.

22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
and Factoring Integers (I)

and Factoring Integers (I)
Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.

Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.
The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.

The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.
UMass Lowell Computer Science 91.503 Analysis of Algorithms Prof. Karen Daniels Fall, 2002 Tuesday, 26 November Number-Theoretic Algorithms Chapter 31.

UMass Lowell Computer Science Analysis of Algorithms Prof. Karen Daniels Fall, 2002 Tuesday, 26 November Number-Theoretic Algorithms Chapter 31.
CS470, A.SelcukPublic Key Cryptography1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukPublic Key Cryptography1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
and Factoring Integers

and Factoring Integers
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.

CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.
Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.

Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
Lecture 6: Public Key Cryptography

Lecture 6: Public Key Cryptography

Similar presentations

Ads by Google