Presentation is loading. Please wait.

Presentation is loading. Please wait.

RSA cryptosystem--preview Suppose n=p  q and  (n)=(p-1)(q-1), where p and q are big primes. Select (find) a and b, such that a  b=1 mod  (n). K=(n,p,q,a,b),

Published byEvangeline Roberts Modified over 8 years ago

Similar presentations

Presentation on theme: "RSA cryptosystem--preview Suppose n=p  q and  (n)=(p-1)(q-1), where p and q are big primes. Select (find) a and b, such that a  b=1 mod  (n). K=(n,p,q,a,b),"— Presentation transcript:

1 RSA cryptosystem--preview Suppose n=p  q and  (n)=(p-1)(q-1), where p and q are big primes. Select (find) a and b, such that a  b=1 mod  (n). K=(n,p,q,a,b), publicize n,b, but keep p,q,a secret. For any x,y  Z n, define –e K (x)= x b mod n (encryption) –d K (y)= y a mod n (decryption: (x b ) a mod n=x) Of course, from n,b, it is very difficult to get a (as well as p,q,  (n)).

2 RSA--implementation 1.Generate two large primes, p and q. 2.n  pq and  (n)  (p-1)(q-1) 3.Chose a random b (1< b <  (n)) such that gcd(b,  (n))=1 4.a  b -1 mod  (n) 5.The public key is (n,b) and the private key is (p,q,a). Could you raise any questions about RSA?

3 Questions about RSA How to generate large primes? How to compute the modular-exponentiation (encryption & decryption) efficiently? RSA attack: attempt to factor n and how? RSA uses numbers, therefore need encoding for normal text.

4 RSA—primality testing How to generate large primes? –Select a random large number –Test whether or not the number is a prime. How often a random selected number is a prime? –Let  (N) be the number of primes  N. –Prime number theory:  (N)  N/lnN –Therefore the probability of a random number being a prime is 1/lnN –Suppose n = pq is 1024 bits, so p and q are 512 bits, 1/ln2 512  1/355.

5 (yes-biased) Monte Carlo algorithm: –For yes-no decision problem –Random algorithm (randomly choose a number) –If the algorithm gives answer “yes”, it is always correct –It the answer is “no”, it may be incorrect. RSA—primality testing Therefore, may try several times such that the probability of the incorrectness for “no” is extremely small. Las Vegas algorithm: may not give answer, but any answer it gives is correct. Probabilistic algorithms: the algorithms which can be wrong in some cases (i.e., probably, or with certain probability)

6 RSA—primality testing (yes-biased) Monte Carlo algorithm: –Solovay-Strassen algorithm –Miller-Rabin algorithm A good news: confirmed primality testing algorithm –By three Indian scientists.

7 Solovay-Strassen primality test Given integer n, is n a composite? –Choose a random integer a ( 1 < a < n) –x  –If x=0 then return “yes” (n is a composite) –y  a (n-1)/2 (mod n) –If x  y (mod n) then return “no” (n is a prime) ( of course maybe incorrect ) else return “yes” (n is a composite). a n ()

8 The proof of the algorithm –If n is a prime, the  a (n-1)/2 mod n for any a –If n is a composite, then for some a,  a (n-1)/2, Call n to be an Euler pseudo-prime to base a. For example, = -1  10 45 mod 91. but others not. At most half of a  Z n *, n is a pseudo-prime to a. So error probability is at most ½. –Test k different a, (1/2) k. Solovay-Strassen primality test a n () a n () 10 91 ()

9 RSA attacks Computing  (n)– no easier than factoring n. Decryption Exponent a—no easier than factoring n So the security of RSA is based on the difficulty of factorization of large numbers. Factoring algorithms –Trial division– up to  n –Pollard p-1 algorithm

10 RSA attack—Pollard p-1 algorithm Given n, and select a random B (not too big) –a  2 –For j=2 to B a  a j mod n –d  gcd(a-1,n) –If d > 1 then return d (d is a factor of n) else return ‘failure’.

11 The correctness of p-1 algorithm 1.Suppose p is a prime factor of n, 2.Assume for all q, q≤B, q is (power of) a prime factor of p-1. 3.Then p-1| B!, suppose B! = (p-1)t. 4.The final a  2 B! mod n, since p|n, so a  2 B! mod p 5.We know, 2 p-1  1 mod p, so 6.a  2 B! mod p = 2 (p-1)t mod p  1 t mod p  1 mod p 7.So p | (a-1), thus p|gcd(a-1,n) Conclusion: if p or q of factors of n is not selected in a correct way, n will be easily factored.

12 P-1 example n=15770708441, B=180 Then a = 11620221425, and d=135979. As a result: 15770708441 =135979*115979 Here 135978 =2*3*131*173

13 RSA summary RSA principle RSA implementation –Generate large primes –Compute x c mod n – square-and-multiply RSA attacks Conclusion: p and q must be appropriately selected large primes.

Download ppt "RSA cryptosystem--preview Suppose n=p  q and  (n)=(p-1)(q-1), where p and q are big primes. Select (find) a and b, such that a  b=1 mod  (n). K=(n,p,q,a,b),"

Similar presentations

RSA.

RSA.
RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.

RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.
Cryptography and Network Security

Cryptography and Network Security
Chapter 8 – Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other.

Chapter 8 – Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other.
Announcements: 1. Congrats on reaching the halfway point once again! 2. DES graded soon 3. Short “pop” quiz on Ch 3. (Thursday at earliest) 4. Reminder:

Announcements: 1. Congrats on reaching the halfway point once again! 2. DES graded soon 3. Short “pop” quiz on Ch 3. (Thursday at earliest) 4. Reminder:
Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r 175753411947 p q p q p q p and q prime.

Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r p q p q p q p and q prime.
Data encryption with big prime numbers

Data encryption with big prime numbers
22C:19 Discrete Structures Integers and Modular Arithmetic

22C:19 Discrete Structures Integers and Modular Arithmetic
Public Key Encryption Algorithm

Public Key Encryption Algorithm
Lecture 8: Primality Testing and Factoring Piotr Faliszewski

Lecture 8: Primality Testing and Factoring Piotr Faliszewski
22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.

22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.
Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.
1 The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong.

1 The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong.
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
Foundations of Network and Computer Security J J ohn Black Lecture #10 Sep 18 th 2009 CSCI 6268/TLEN 5550, Fall 2009.

Foundations of Network and Computer Security J J ohn Black Lecture #10 Sep 18 th 2009 CSCI 6268/TLEN 5550, Fall 2009.
and Factoring Integers (I)

and Factoring Integers (I)
Announcements: 1. Pass in Homework 5 now. 2. Term project groups and topics due by Friday 1.Can use discussion forum to find teammates 3. HW6 posted, due.

Announcements: 1. Pass in Homework 5 now. 2. Term project groups and topics due by Friday 1.Can use discussion forum to find teammates 3. HW6 posted, due.
The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.

The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.
Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:

Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:

Similar presentations

Ads by Google