CPE5021 Advanced Network Security --- Advanced Cryptography: RSA and its implementation --- Lecture...

CPE5021CPE5021Advanced Network SecurityAdvanced Network Security

--- Advanced Cryptography: RSA and its --- Advanced Cryptography: RSA and its implementation ---implementation ---

Lecture 1.1Lecture 1.1

CPE5021 - Advanced Nework Security 2

Mathematical backgroundMathematical background

Modular operationsModular operations ““remainder”remainder”

13 mod 5 = 3,13 mod 5 = 3, 1 mod 7 = 1 1 mod 7 = 1 20 mod 5 = 0,20 mod 5 = 0, 32 mod 7 = 4 32 mod 7 = 4

modular exponentiationmodular exponentiation2222 mod 3 = 1, mod 3 = 1, 3 322 mod 3 = 0 mod 3 = 02222 mod 5 = 4, mod 5 = 4, 10 1022 mod 92 = 8 mod 92 = 84466 mod 10 = 6, mod 10 = 6, 3 31111 mod 10 = 7 mod 10 = 7



aa is relatively prime to is relatively prime to bb if the largest if the largest integer that divides both integer that divides both aa & & bb is 1 is 1E.g: E.g:

anyany m m (<>0) is relatively prime to a prime (<>0) is relatively prime to a prime numbernumber

is 9 relatively prime to 10?is 9 relatively prime to 10?



Let Let øø((nn) denote the total numbers that are ) denote the total numbers that are less thanless than nn and relatively prime to and relatively prime to nn If If nn is a prime number then is a prime number then øø((nn) = ) = nn – 1– 1 If If pp, , qq are prime numbers and are prime numbers and nn==pp**qq, then , then

ØØ((nn) = ) = ØØ((pp**qq) =) = p p**qq – ( – (pp + + qq -1) = ( -1) = (pp-1)*(-1)*(qq-1) -1)

- - pp & & qq are prime numbers => only multiples of are prime numbers => only multiples of pp and and q q are not relatively prime to p*qare not relatively prime to p*q

- That is: there are (- That is: there are (pp + + qq – 1) multiples [0 is counted – 1) multiples [0 is counted once] of once] of pp and and qq

E.g: E.g: p p = 3; = 3; qq=7; {0, 3, 7, 6, 9, 12, 14, 15, 18} are not =7; {0, 3, 7, 6, 9, 12, 14, 15, 18} are not relatively prime to relatively prime to pp**qq

ØØ((nn) = ) = øø((pp**qq) = 12 ; {1,2,4,5,8,10,11,13,16,17,19,20}) = 12 ; {1,2,4,5,8,10,11,13,16,17,19,20}



yy & & nn are integers and are integers and yy mod mod øø((nn) = 1, ) = 1,

for any for any xx < < nn, , xxyy mod mod n = x n = x (1)(1)

E.g:E.g:y=13 ; n=7; x = 4; y=13 ; n=7; x = 4; øø((nn) = 6; ) = 6; y y mod mod øø((nn) = 13 mod 6 = 1; ) = 13 mod 6 = 1; xxyy = 4 = 413;13; xxyy mod mod nn = 4 = 41313 mod 7 = 4 = mod 7 = 4 = xx mod mod nn;;



The multiplicative inverse of The multiplicative inverse of xx with modulo with modulo nn is is yy such that: (such that: (xx**yy) mod ) mod nn = 1 = 1 (2).(2).

The above multiplicative inverse can be used to The above multiplicative inverse can be used to

create a simple public key cipher: either create a simple public key cipher: either xx or or yy can can be thought of as a secret key and the other is the be thought of as a secret key and the other is the public key.public key.

E.g: E.g: xx=3; =3; nn=10; =10; yy=7; we have: (3*7) mod 10 = 1; =7; we have: (3*7) mod 10 = 1; M =5 ; M =5 ;

3*5 (mod 10) = 5 ; 5*7 (mod 10) = 5 = M (message)3*5 (mod 10) = 5 ; 5*7 (mod 10) = 5 = M (message)M =6 ; M =6 ;

3*6 (mod 10) = 8; 8*7 (mod 10) = 6 = M (message)3*6 (mod 10) = 8; 8*7 (mod 10) = 6 = M (message)


RSA (1)RSA (1)

Bob:Bob:chooses 2 large prime numbers:chooses 2 large prime numbers:p, qp, q

multiplies p and q:multiplies p and q: n = p*qn = p*qfinds out two numbers finds out two numbers ee & & dd such that such that

((e * de * d)) mod mod øø((nn) = 1 ) = 1 [ similar to[ similar to (2) (2) ]]

Or Or ((e * de * d)) mod mod [([(p-1p-1))**((q-1q-1)])] = 1 = 1

public key (published in the phone book)public key (published in the phone book)2 numbers:2 numbers: ((e, ne, n))encryption alg:encryption alg: modular exponentiationmodular exponentiation

secret key:secret key: ((d,nd,n))


RSA (2)RSA (2)

Alice has a message Alice has a message mm to be sent to to be sent to Bob:Bob:finds out Bob’s public encryption key finds out Bob’s public encryption key

((ee, , nn))calculatescalculates

mmee (mod n) -> c(mod n) -> csends the ciphertext sends the ciphertext cc to Bob to Bob


RSA (3)RSA (3)

Bob:Bob:receives the ciphertext receives the ciphertext cc from Alice from Aliceuses his matching secret decryption key uses his matching secret decryption key

dd to calculate to calculate c cdd (mod n) -> m(mod n) -> m


RSA Public Key CryptosystemRSA Public Key Cryptosystem

c=m e mod n

Network

Plain Text Cipher Text Cipher Text Plain Text

Alice

Bob

Bob: (e, n)Public Key Directory (Yellow/White Pages)

public key:

e & n

secret key: d

m=c d mod n


RSA --- 1st small example (1)RSA --- 1st small example (1)

Bob:Bob:chooses 2 primes:chooses 2 primes: p=5, q=11p=5, q=11

multiplies p and q:multiplies p and q: n = p*q = 55n = p*q = 55finds out two numbers finds out two numbers e=3e=3 & & d=27d=27 which which

satisfysatisfy((3 * 273 * 27)) mod 40 = 1 mod 40 = 1

Bob’s public key Bob’s public key 2 numbers:2 numbers: ((3, 553, 55))encryption alg:encryption alg: modular exponentiationmodular exponentiation

secret key:secret key: ((27,5527,55))



Alice has a message Alice has a message m=13m=13 to be sent to to be sent to Bob:Bob:finds out Bob’s public encryption key finds out Bob’s public encryption key

((3, 553, 55))calculates c:calculates c:

c = mc = mee (mod n)(mod n) = 13 = 1333 (mod 55)(mod 55) = 2197 = 2197 (mod 55)(mod 55) = 52 = 52

sends the ciphertext sends the ciphertext c=52c=52 to Bob to Bob



Bob:Bob:receives the ciphertext receives the ciphertext c=52c=52 from Alice from Aliceuses his matching secret decryption key uses his matching secret decryption key

2727 to calculate m: to calculate m:m = 52m = 522727 (mod 55)(mod 55) = 13 (Alice’s message) = 13 (Alice’s message)


How does RSA work?How does RSA work?

n = p*q => n = p*q => ØØ((nn) = ) = ØØ((pp**qq) =) = ((pp-1)*(-1)*(qq-1)-1) We chooseWe choose d & e d & e such thatsuch that

(e * d) mod (e * d) mod øø((nn) = ) = = 1 = 1 ; similar to; similar to (2) (2)

for any for any mm < < nn: : mmdede = = mm mod mod n ; n ; fromfrom (1) (1) an RSAan RSA encryption consists of taking m and raising it encryption consists of taking m and raising it

to to ee; and decrypting the ciphertext by raising the ; and decrypting the ciphertext by raising the result of the encrytion to result of the encrytion to dd:: We have We have ((a*ba*b)) mod nmod n = = ((((a a mod n)mod n) * * ((b b mod nmod n)))) mod nmod n

hence : (mhence : (me e mod nmod n) ) d d mod nmod n = = ((mmee))d d mod nmod n = = ((mmeded) ) mod nmod n = = mm modmod n n = m [from (1)] = m [from (1)]


RSA Signature --- an eg (1)RSA Signature --- an eg (1)

Bob:Bob:chooses 2 primes:chooses 2 primes: p=5, q=11p=5, q=11

multiplies p and q:multiplies p and q: n = p*q = 55n = p*q = 55finds out two numbers finds out two numbers e=3e=3 & & d=27d=27 which which

satisfysatisfy((3 * 273 * 27)) mod 40 = 1 mod 40 = 1

Bob’s public key Bob’s public key 2 numbers:2 numbers: ((3, 553, 55))encryption alg:encryption alg: modular exponentiationmodular exponentiation

secret key:secret key: ((27,55)27,55)


RSA Signature --- an eg (2)RSA Signature --- an eg (2)

Bob has a document Bob has a document m=19 m=19 to sign:to sign:uses his secret key uses his secret key d=27d=27 to calculate the to calculate the

digital signature of digital signature of m=19m=19::s = ms = mdd (mod n)(mod n) = 19 = 192727 (mod 55)(mod 55) = 24 = 24

appends 24 to 19. Now appends 24 to 19. Now (m, s) = (19, 24) (m, s) = (19, 24) indicates that the doc is 19, and Bob’s indicates that the doc is 19, and Bob’s signature on the doc is 24.signature on the doc is 24.


RSA Signature --- an eg. (3)RSA Signature --- an eg. (3)

Cathy, a verifier:Cathy, a verifier:receives a pair receives a pair (m,s)=(19, 24)(m,s)=(19, 24)looks up the phone book and finds out looks up the phone book and finds out

Bob’s public key Bob’s public key (e, n)=(3, 55)(e, n)=(3, 55)calculatescalculates t = st = see (mod n)(mod n)

= 24 = 2433 (mod 55) (mod 55) = 19 = 19

checks whether checks whether t=mt=mconfirms that (confirms that (19,2419,24) is a ) is a genuinely genuinely

signed document of Bob signed document of Bob if if t=mt=m..


RSA Algorithm (1)RSA Algorithm (1)

General description of RSA algorithmGeneral description of RSA algorithmChoose 2 large prime numbers:Choose 2 large prime numbers: p, qp, q; then ; then

multiplie p and q:multiplie p and q: n = p*qn = p*qFind out two numbers Find out two numbers ee & & dd such that such that

((e * de * d)) mod mod [([(p-1p-1))**((q-1q-1)])] = 1 = 1

Encrypt a message M using eEncrypt a message M using e: M: Me e (mod n) -> c (mod n) -> c Decrypt using dDecrypt using d: c: cdd (mod n) -> M(mod n) -> M


RSA Algorithm (2)RSA Algorithm (2)

1. Choose 2 large prime numbers:1. Choose 2 large prime numbers: p and qp and q; ;

2. Calculate 2. Calculate nn = p*q; = p*q; mm = (p-1)*(q-1); = (p-1)*(q-1);

3. Find 3. Find ee such that such that gcdgcd((ee,,mm) = 1;) = 1;

4. Find 4. Find dd such that : k* such that : k*mm + d* + d*ee = 1; = 1;

5. Encrypt a message M using e: 5. Encrypt a message M using e:

MMe e (mod n) -> c(mod n) -> c


RSA – How to choose p and qRSA – How to choose p and q

Finding Finding pp and and qq which are prime and large enough is important. which are prime and large enough is important. There is no guarantee that we can find p and q correctly. There is no guarantee that we can find p and q correctly. However, we can use Miller-Rabin test to test if anHowever, we can use Miller-Rabin test to test if aninteger integer n n is probably a prime number by:is probably a prime number by:

1.Select a random number 1.Select a random number bb from the set of integers [1, ( from the set of integers [1, (nn-1)] (pick -1)] (pick nn as large as you want).as large as you want).

2. Find 2. Find q q and the odd number and the odd number kk such that such that nn – 1 = 2 – 1 = 2qqkk

3. Test if either of the following condition holds: 3. Test if either of the following condition holds: (a) b(a) b

k k mod n = 1; ormod n = 1; or

(b) if there exists (b) if there exists i i in [0, (q-1)] such thatin [0, (q-1)] such that4. If neither 4. If neither (a)(a) nor nor (b)(b) is satisfied, then is satisfied, then n n is composite;is composite; ElseElse n is probably prime (Inconclusive)n is probably prime (Inconclusive)(The probability of (The probability of nn being a prime number after being a prime number after i i inconclusive tests inconclusive tests

is (1 – (1/4)is (1 – (1/4)ii))))

1mod2 nbik

* There are other ways to test if an integer is probably a prime number


Miller-Rabin testMiller-Rabin test – E.g. – E.g.

Test if n = 15 is a prime numberTest if n = 15 is a prime number1. Choose random b = 81. Choose random b = 8

2. Solve (15 -1) = 2. Solve (15 -1) = 22qqk; => q =1 ;k=7;k; => q =1 ;k=7;

3. 3. (a)(a) Is Is 8877mod 15 = 1 ? NOmod 15 = 1 ? NO

(b) Does any (b) Does any i i in [0, (q-1)] satisfy:in [0, (q-1)] satisfy:

ii = 0 = 0 satisfies ; but from (a) is false; satisfies ; but from (a) is false;

=> => n n is composite.is composite.

1mod2 nbik

115mod802*7



Test if n = 13 is a prime numberTest if n = 13 is a prime number1. Choose random b = 31. Choose random b = 3

2. Solve (13 -1) = 2. Solve (13 -1) = 22qqk; => q =2 ;k=3;k; => q =2 ;k=3;

3. 3. (a)(a) Is Is 3333mod 13 = 1 mod 13 = 1 27 mod 13 = 1? YES 27 mod 13 = 1? YES

n n is probably prime numberis probably prime number



Test if n = 13 is a prime numberTest if n = 13 is a prime number1. Choose random b = 21. Choose random b = 22. Solve (13 -1) = 2. Solve (13 -1) = 22

qqk; => q =2 ;k=3;k; => q =2 ;k=3;

3.3.(a)(a) Is Is 22

33mod 13 = 1? mod 13 = 1? 8 mod 13 = 1? NO 8 mod 13 = 1? NO

(b) Does any (b) Does any ii in [0, (q-1)] satisfy:in [0, (q-1)] satisfy: ii = 0 = 0

i = 1;i = 1;

n n is probably prime number with the probability of 75%is probably prime number with the probability of 75%

813mod813mod202*3

1mod2 nbik

113mod6413mod212*3


RSA – find e and dRSA – find e and d

Find two numbers Find two numbers ee and and dd such that ( such that (e e * * dd)) mod mod [([(pp-1-1))**((qq-1-1)])] = 1 = 1First calculate First calculate ee relatively prime to relatively prime to mm: :

gcdgcd((ee,,mm) = 1 using Euclid’s algorithm) = 1 using Euclid’s algorithmint gcd(int e, int m) {int gcd(int e, int m) {

if (m == 0) return e;if (m == 0) return e;

else return gcd(m, e%m) ; else return gcd(m, e%m) ;

}}


RSA – find e and d (con’t)RSA – find e and d (con’t)

Then find Then find d d using extended Euclid’s using extended Euclid’s algorithm (EEA).algorithm (EEA).d*e mod m = 1 d*e mod m = 1

=> => 11 = d* = d*ee + k* + k*mm; where k is an integer. ; where k is an integer.

11 = d* = d*ee + k* + k*m m a axx + b + byy = 1; = 1;

NoteNote: : We can also use a general EEA to find We can also use a general EEA to find ee and and dd at the same time at the same time..


Research for the implementation Research for the implementation of RSAof RSA

There are many free source codes There are many free source codes implementing RSA in C, C++ and Java. (you implementing RSA in C, C++ and Java. (you can study the source codes but not copy can study the source codes but not copy them).them).

Study the Euclidian algorithms and Study the Euclidian algorithms and implement them if you need to.implement them if you need to.

Implement the Miller Rabin test.Implement the Miller Rabin test. Implement the random number generator.Implement the random number generator. Find a way to convert a message into a Find a way to convert a message into a

number before you encrypt it and convert number before you encrypt it and convert the encrypted number back to the text the encrypted number back to the text format (original message).format (original message).

Date post:	22-Dec-2015
Category:	Documents
View:	235 times
Download:	0 times

CPE5021 Advanced Network Security --- Advanced Cryptography: RSA and its implementation --- Lecture...

Documents