CS/COE 1501 Recitation RSA Encryption/Decryption

CS/COE 1501 Recitation RSA Encryption/Decryption
Extended Euclidean Algorithm Digital Signatures

RSA Encryption Say Alice wants to send a message to Bob
Looks up Bob’s public key Convert the message into an integer: m Compute the ciphertext c as: c = me (mod n) Send c to Bob

RSA Decryption Bob can simply: Compute m as: m = cd (mod n)
Convert m into Alice’s message

RSA Cryptosystem What are public/private keys? How messages encrypted?
How are messages decrypted? How are keys generated? Why is it secure?

RSA Cryptosystem What are public/private keys? Public Key = (e, n)
Private Key = (d, n) How messages encrypted? c = me (mod n) How are messages decrypted? m = cd (mod n) How are keys generated?

How are keys generated? 4. Choose e such that
1. Choose two prime number p and q 2. Compute n = p * q 3. Compute φ(n) φ(n) = φ(p) * φ(q) = (p - 1) * (q - 1) 4. Choose e such that 1 < e < φ(n), GCD(e, φ(n)) = 1 i.e., e and φ(n) are co-prime 5. Determine d as d ≡ e-1 mod(φ(n))

An Example 4. Choose e such that 1. Choose two prime number p and q
p=3, q=11 2. Compute n = p * q n=3*11=33 3. Compute φ(n) φ(n) = φ(p) * φ(q) = (p - 1) * (q - 1) φ(n)=(3-1)*(11-1)=20 4. Choose e such that 1 < e < φ(n), GCD(e, φ(n)) = 1 i.e., e and φ(n) are co-prime We can choose e=3, verify that 1<3< φ(n) =20, 3 and 20 are co-prime

An Example 5. Determine d as d ≡ e-1 (mod φ(n)) e * d ≡ 1 (mod φ(n))
Intuition, search from d=0, until e * d mod 20 = 1 We have already chosen e=3, here we choose d=7 We now get our Public Key and Private Key Public Key=(e,n)=(3,33) Private Key=(d,n)=(7,33)

An Example Encryption: c = me (mod n) Decryption: m = cd (mod n)
Public Key=(e,n)=(3,33) Private Key=(d,n)=(7,33) Alice said “hello” 7, 4, 11, 11, 14 Encrypt msg: 73 mod 33, 43 mod 33, 113 mod 33, 113 mod 33, 143 mod 33 Encrypted msg: 13, 31, 11, 11, 5

An Example Encryption: c = me (mod n) Decryption: m = cd (mod n)
Public Key=(e,n)=(3,33) Private Key=(d,n)=(7,33) Bob receive 13, 31, 11, 11, 5 Decrypt msg: 137 mod 33, 317 mod 33, 117 mod 33, 117 mod 33, 57 mod 33 Decrypt msg: 7, 4, 11, 11, 14 -> ‘hello’

Challenges Compute Exponentiation efficiently
137 mod 33, 317 mod 33, 117 mod 33, 117 mod 33, 57 mod 33 Determine d as d ≡ e-1 (mod φ(n)) efficiently search from d=0, until e * d mod 20 = 1 Improve it?

Determine d d = e-1 mod(φ(n)) Means that d = 1/e mod(φ(n))
Means that e * d = 1 (mod φ(n)) Now, this can be equivalently stated as e * d = z * φ(n) + 1 For some z Can further restate this as: e * d - z * φ(n) = 1 Or similarly: 1 = φ(n) * (-z) + e * d How can we solve this? Hint: recall that we know GCD(φ(n), e) = 1

Determine d GCD(a, b) = i = as + bt Let:
a = φ(n) b = e s = -z t = d i = 1 GCD(φ(n), e) = 1 = φ(n) * (-z) + e * d We can compute d in linear time!

Extended Euclidean Algorithm
The extended Euclidean algorithm also computes the GCD of integers a and b, but also computes the Bézout numbers, s and t which satisfy the Bézout identity: gcd 𝑎,𝑏 =𝑎∗𝑠+𝑏∗𝑡 We first walk through finding the GCD of a and b, then work backworks to find the Bézout numbers, s and t , for the original s and t. We will fill out the following table, first following the pattern that the b in each step will become the a in the row below. The remainder of a/b becomes the b in the row below.

We know GCD(a,b)=GCD(b, a%b) Suppose we are computing the GCD(a,b) a*x + b*y = gcd Suppose we already know the GCD(b, a %b), and we find x1 and y1 b*x1+(a%b)*y1=gcd Associate the two formular a%b=a-(a/b)*b gcd= b*x1+(a-(a/b)*b)*y1 = b*x1+a*y1-(a/b)*b*y1 = a*y1+b*(x1-a/b*y1) x=y1 y=x1-a/b*y1

public static int[] ExtendedEuclid(int a, int b) { int[] ans = new int[3]; int q; if (b == 0) { /* If b = 0, then we're done... */ ans[0] = a; ans[1] = 1; ans[2] = 0; } else { /* Otherwise, make a recursive function call */ q = a/b; ans = ExtendedEuclid (b, a % b); int temp = ans[1] - ans[2]*q; ans[1] = ans[2]; ans[2] = temp; return ans;

Find the Bézout numbers and GCD of 99 and 78
Row a b a/b a%b d s t 1 99 78 2 3 4 5 6

Row a b a/b a%b d s t 1 99 78 21 2 3 4 5 6

Row a b a/b a%b d s t 1 99 78 21 2 3 15 4 5 6

Row a b a/b a%b d s t 1 99 78 21 2 3 15 6 4 5

Row a b a/b a%b d s t 1 99 78 21 2 3 15 6 4 5 NaN

We will now walk back up through the table, computing s and t for each step. The s in each row is set to the t from the row below. t is set according to the formula: Remember s and t are defined such that: gcd 𝑎,𝑏 =𝑎∗𝑠+𝑏∗𝑡 𝑡= 𝑠 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠 − 𝑎 𝑏 ∗ 𝑡 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠

Row a b a/b a%b d s t 1 99 78 21 2 3 15 6 4 5 NaN 𝑡= 𝑠 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠 − 𝑎 𝑏 ∗ 𝑡 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠

Row a b a/b a%b d s t 1 99 78 21 2 3 15 6 4 5 NaN Because d is the GCD of the two numbers (i.e. the last non-zero remainder) and: gcd 𝑎,𝑏 =𝑎∗𝑠+𝑏∗𝑡 We know that s and t will always be 1 and 0 in the bottom row (because a will be equal to d). 𝑡= 𝑠 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠 − 𝑎 𝑏 ∗ 𝑡 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠

Row a b a/b a%b d s t 1 99 78 21 3 2 15 6 4 5 NaN Verify: gcd 𝑎,𝑏 =𝑎∗𝑠+𝑏∗𝑡 3= 6∗0 + 3∗1 𝑡= 𝑠 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠 − 𝑎 𝑏 ∗ 𝑡 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠

Row a b a/b a%b d s t 1 99 78 21 3 2 15 6 4 -2 5 NaN 𝑡= 𝑠 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠 − 𝑎 𝑏 ∗ 𝑡 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠

Row a b a/b a%b d s t 1 99 78 21 3 2 15 6 4 -2 5 NaN Verify: gcd 𝑎,𝑏 =𝑎∗𝑠+𝑏∗𝑡 3= 15∗1 + 6∗−2 𝑡= 𝑠 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠 − 𝑎 𝑏 ∗ 𝑡 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠

Row a b a/b a%b d s t 1 99 78 21 3 2 15 6 4 -2 5 NaN 𝑡= 𝑠 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠 − 𝑎 𝑏 ∗ 𝑡 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠

Row a b a/b a%b d s t 1 99 78 21 3 2 15 6 -2 4 5 NaN 𝑡= 𝑠 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠 − 𝑎 𝑏 ∗ 𝑡 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠

Row a b a/b a%b d s t 1 99 78 21 3 2 15 6 -2 4 5 NaN Verify: gcd 𝑎,𝑏 =𝑎∗𝑠+𝑏∗𝑡 3= 21∗−2 + 15∗3 𝑡= 𝑠 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠 − 𝑎 𝑏 ∗ 𝑡 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠

Row a b a/b a%b d s t 1 99 78 21 3 2 15 6 -2 4 5 NaN 𝑡= 𝑠 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠 − 𝑎 𝑏 ∗ 𝑡 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠

Row a b a/b a%b d s t 1 99 78 21 3 2 15 -11 6 -2 4 5 NaN 𝑡= 𝑠 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠 − 𝑎 𝑏 ∗ 𝑡 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠

Row a b a/b a%b d s t 1 99 78 21 3 -11 2 15 6 -2 4 5 NaN 𝑡= 𝑠 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠 − 𝑎 𝑏 ∗ 𝑡 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠

Row a b a/b a%b d s t 1 99 78 21 3 -11 14 2 15 6 -2 4 5 NaN 𝑡= 𝑠 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠 − 𝑎 𝑏 ∗ 𝑡 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠

Row a b a/b a%b d s t 1 99 78 21 3 -11 14 2 15 6 -2 4 5 NaN To check your work, verify: 99∗ −11 +78∗14=3 𝑡= 𝑠 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠 − 𝑎 𝑏 ∗ 𝑡 𝑝𝑟𝑒𝑣𝑖𝑜𝑢𝑠

Exercise 5. Determine d as d ≡ e-1 (mod φ(n)) e * d ≡ 1 (mod φ(n))
Intuition, search from d=0, until e * d mod 20 = 1 We have already chosen e=3, here we choose d=7 Now using the Extended Euclidean Algorithm 1 = 20*s+3*t t->d

Hash Functions

For Crypto Hash Functions, Output Should Appear Random

Digital Signatures – Public Key Cryptography

Creating a Digital Signature

Digital Signatures Often Use Commutative Operations
The order of Decryption and Encryption can be changed Sending message m together with the decrypted data D(m, k^-1) Using the public key k to verify message

Plaintext sent by sender

Plaintext sent by sender Cryptotext sent by sender using sender’s private key

Plaintext sent by sender Cryptotext sent by sender using sender’s private key Sender’s public key

Plaintext sent by sender = Cryptotext sent by sender using sender’s private key Sender’s public key

Plaintext sent by sender = Plaintext recovered matches Cryptotext sent by sender using sender’s private key Sender’s public key

Digital Signatures and Hashes
Because Public-Key crypto can be computationally expensive, often the crypto operations are performed on the securely hashed version of the message rather than the original: We do not apply the algorithm on the plaintext, but on the hashed version

Because Public-Key crypto can be computationally expensive, often the crypto operations are performed on the securely hashed version of the message rather than the original: HASH ALGORITHM Received:

Because Public-Key crypto can be computationally expensive, often the crypto operations are performed on the securely hashed version of the message rather than the original: HASH ALGORITHM Compute Received:

Because Public-Key crypto can be computationally expensive, often the crypto operations are performed on the securely hashed version of the message rather than the original: HASH ALGORITHM Compute = Received:

Because Public-Key crypto can be computationally expensive, often the crypto operations are performed on the securely hashed version of the message rather than the original: Match. Signature Verified. HASH ALGORITHM Compute = Received:

Acknowledgements Adam J. Lee’s slides from CS 1653

CS/COE 1501 Recitation RSA Encryption/Decryption

Similar presentations

Presentation on theme: "CS/COE 1501 Recitation RSA Encryption/Decryption"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

CS/COE 1501 Recitation RSA Encryption/Decryption

Similar presentations

Presentation on theme: "CS/COE 1501 Recitation RSA Encryption/Decryption"— Presentation transcript:

Similar presentations

About project

Feedback