SlideShare ist ein Scribd-Unternehmen logo

10 RSA

Sam Bowne
Sam Bowne

For a college course in Cryptography More info: https://samsclass.info/141/141_F22.shtml

Bildung
1 von 60
Downloaden Sie, um offline zu lesen
CNIT 141 Cryptography for Computer Networks 10.RSA Updated 11-9-22
Topics • The Math Behind RSA • The RSA Trapdoor Permutation • RSA Key Generation and Security • Encrypting with RSA • Signing with RSA • RSA Implementations • How Things Can Go Wrong
The Math Behind RSA
The Group ZN* • Integers modulo N • Must contain an identity element: 1 • Each member must have an inverse • So zero is excluded • But Z4* contains {1,3} • 2 has no inverse • Because 4 is a multiple of 2
The Group ZN* • If N is prime, Zp* contains {1,2, 3, ... p-1} • So Z5* contains {1,2,3,4} • 0 is excluded because it has no inverse
The Group Z10* • Z10* contains {1, 3, 7, 9} • 0, 2, 4, 5, 6, 8 are excluded • Because they have no inverse • Because they have a common factor with 10 • They aren't co-prime with 10
Euler's Totient • How many elements are in the group Zn*? • When n is not prime, but the product of several prime numbers • n = p1 ✖︎ p2 ✖︎ ... ✖︎ pm • ϕ(n) = (p1 - 1) ✖︎ (p2 - 1) ✖︎ ... ✖︎ (pm - 1) • For Z10* • n = 10 = 2 ✖︎ 5 • ϕ(10) = 1 ✖︎ 4 : 4 elements in Z10*
The RSA Trapdoor Permutation
RSA Parameters • n is the modulus • Product of two primes p and q • e is the public exponent • In practice, usually 65537 • Public key: (n, e) • Private key: p and other values easily derived from it
Trapdoor Permutation • x is the plaintext message • y is the ciphertext Encryption: y = xe mod n Decryption: x = yd mod n • d is the decryption key • calculated from p and q
Calculating d • ed = 1 mod ϕ(n) • Decryption: x = yd mod n = (xe)d mod n = xed mod n = x mod n = x
Why mod ϕ(n) ? • Fermat's Little Theorem (aka Euler's Theorem) • Stated by Fermat in 1640 without proof • Proven by Euler in 1736
Example: n=10
Example: n = 10 • 10 = 2 * 5; p = 2, q = 5 • ϕ = (p - 1) (q - 1) = 1 * 4 = 4 elements in group • 3 is a generator of the group (see next slides)
n=10; x=3 0 5 1 4 3 2 9 6 7 8 0 5 1 4 3 2 9 6 7 8 31 = 3 32 = 9
0 5 1 4 3 2 9 6 7 8 0 5 1 4 3 2 9 6 7 8 n=10; x=3 33 = 27 mod 10 = 7 34 = 81 mod 10 = 1
• Z10* contains {1, 3, 7, 9} • 4 elements • 3 is a generator of the group • Although n is 10, the powers of 3 repeat with a cycle of 4 (ϕ(n) ) • Encrypt by raising x to power e, forming y • Decrypt by raising y to power d, returning x Powers of 3 31 mod 10 = 3 32 mod 10 = 9 33 mod 10 = 7 34 mod 10 = 1 35 mod 10 = 3
• Z10* contains {1, 3, 7, 9} • 4 elements • p = 2 and q = 5 • ϕ(n) = (p-1)(q-1) = 1x4 = 4 • ed = 1 mod ϕ(n) • For e = 3, d = 3 Finding d n=10; e=3 3x1 mod 4 = 3 3x2 mod 4 = 2 3x3 mod 4 = 1
• x is the plaintext message (3) • y is the ciphertext Encryption: y = xe mod n = 33 mod 10 = 27 mod 10 = 7 Decryption: x = yd mod n = 73 mod 10 = 343 mod 10 = 3 n=10; x=3; e=3; d=7
Example: n=14
2 n=14; x=3 0 31 = 3 1 3 4 5 6 7 13 8 12 9 11 10 2 0 32 = 9 1 3 4 5 6 7 13 8 12 9 11 10
2 n=14; x=3 0 33 = 27 mod 14 = 13 1 3 4 5 6 7 13 8 12 9 11 10 2 0 34 = 81 mod 14 = 11 1 3 4 5 6 7 13 8 12 9 11 10
2 n=14; x=3 0 35 = 243 1 3 4 5 6 7 13 8 12 9 11 10 2 0 36 = 729 1 3 4 5 6 7 13 8 12 9 11 10
• Z14* contains {1, 3, 5, 9, 11, 13} • 6 elements (ϕ(n) ) • 3 is a generator of the group Powers of 3 31 mod 14 = 3 32 mod 14 = 9 33 mod 14 = 13 34 mod 14 = 11 35 mod 14 = 5 36 mod 14 = 1
• Z14* contains {1, 3, 5, 9, 11, 13} • 6 elements • p = 2 and q = 7 • ϕ(n) = (p-1)(q-1) = 1x6 = 6 • ed = 1 mod ϕ(n) • For e = 5, d = 5 Finding d n=14; x=3; e=5 5x1 mod 6 = 5 5x2 mod 6 = 4 5x3 mod 6 = 3 5x4 mod 6 = 2 5x5 mod 6 = 1
• x is the plaintext message (3) • y is the ciphertext Encryption: y = xe mod n = 35 mod 14 = 243 mod 14 = 5 Decryption: x = yd mod n = 55 mod 14 = 3125 mod 14 = 3 n=14; x=3; e=5; d=5
RSA Key Generation and Security
Key Generation • Pick random primes p and q • Calculate ϕ(n) from p and q • Pick e • Calculate d (inverse of e)
RSA in Python 3 Commands python3 -m pip install pycryptodom e python3 from Crypto.PublicKey import RS A from Crypto.Cipher import PKCS1_OAE P key = RSA.generate(2048 ) plaintext = b"encrypt this message " cipher_rsa = PKCS1_OAEP.new(key ) ciphertext = cipher_rsa.encrypt(plaintext ) decrypted = cipher_rsa.decrypt(ciphertext ) print("Ciphertext:", ciphertext ) print("Decrypted:", decrypted)
RSA Encryption and Decryption in Python 3
Chapter 7 of Understanding Cryptography by Christof Paar and Jan Pelzl 31 Speed of Calculations • Encryption is fastest • Decryption is much slower • Key generation is slowest
RSA in Python 3 Commands from Crypto.PublicKey import RS A import tim e for i in range(5) : keylen = 2048 * (2 ** i ) t0 = time.time( ) key = RSA.generate(keylen ) t1 = time.time() - t 0 print("Key length:", keylen, "Time:", t1)
Key Generation Times
Encrypting with RSA
Used with AES • RSA typically not used to encrypt plaintext directly • RSA is used to encrypt an AES private key
Textbook RSA • Plaintext converted to ASCII bytes • Placed in x • RSA used to compute y = xe mod n
Malleability • Encrypt two plaintext messages x1 and x2 • y1 = x1e mod n • y2 = x2e mod n • Consider the plaintext (x1)(x2) • Multiplying x1 and x2 together • y = (x1e mod n)(x2e mod n) = (y1)(y2) • An attacker can create valid ciphertext without the key
Strong RSA Encryption: OAEP • Optimal Asymmetric Encryption Padding • Padded plaintext is as long as n • Includes extra data and randomness
PKCS#1 v1.5 • An old method created by RSA • Much less secure than OAEP • Used in many systems • https://cryptosense.com/blog/why- pkcs1v1-5-encryption-should-be-put-out-of- our-misery/
Signing with RSA
Digital Signatures • Sign a message x with y = xd mod n • No one can forge the signature because d is secret • Everyone can verify the signature using e • x = ye mod n • Notice that x is not secret • Signatures prevent forgeries, they don't provide confidentiality
Signing a Hash • Signing long messages is slow and uncommon • Typically the message is hashed • Then the hash is signed
Textbook RSA Signatures • Sign a message x with y = xd mod n • Attacker can forge signatures • For x =0, 1, or n - 1
Blinding Attack • You want to get the signature for message M • Which the targeted user would never willingly sign • Find a value R such that ReM mod n • Is a message the user will sign • That signature S is (ReM)d mod n • = RedMd mod n = RMd mod n • The signature we want is Md mod n = S/R
The PSS Signature Standard • Probabilistic Signature Standard • Makes signatures more secure, the way OAEP makes encryption more secure • Combines the message with random and fixed bits
Full Domain Hash Signatures (FDH) • The simplest scheme • x = Hash(message) • Signature y = xe mod n
FDH v. PSS • PSS came later • More proof of theoretical security • Because of added randomness • But in practice they are similar in security • But PSS is safer against fault attacks • Explained later
RSA Implementations
Just Use Libraries • Much easier and safer than writing your own implementation
Chapter 7 of Understanding Cryptography by Christof Paar and Jan Pelzl Square-and-Multiply • Consider RSA with a 1024-bit key • We need to calculate xe where e is 1024 bits long • x * x * x * x .... 21024 multiplications • Competely impossible -- we can't even crack a 72-bit key yet (272 calculations) 51
Chapter 7 of Understanding Cryptography by Christof Paar and Jan Pelzl Square-and-Multiply • Use memory to save time • Do these ten multiplications • x2 = x * x • x4 = x2 * x2 • x8 = x4 * x4 • x16 = x8 * x8 • ... • x1024 = x512 * x512 • ... • Combine the results to make any exponent 52
Chapter 7 of Understanding Cryptography by Christof Paar and Jan Pelzl Square-and-Multiply • With this trick, a 1024-bit exponent can be calculated with only 1536 multiplications • But each number being multiplied is 1024 bits long, so it still takes a lot of CPU 53
Side-Channel Attacks • The speedup from square-and-multiply means that exponent bits of 1 take more time than exponent bits of 0 • Measuring power consumption or timing can leak out information about the key • Few libraries are protected from such attacks
• EverCrypt -- a library immune to timing attacks • From Microsoft research • Link Ch 10b
Small e for Faster Encryption • Encryption: y = xe mod n • Decryption: x = yd mod n • Choosing small e makes encryption faster, but decryption slower
Chinese Remainder Theorem • Replaces one operation mod n • Encryption: y = xe mod n • With two operations mod p and q • Making RSA four times faster
How Things Can Go Wrong
Bellecore Attack on RSA-CRT • Fault injection causes the CPU to make errors • Alter the power supply • or hit chips with a laser pulse • Can break deterministic schemes like CRT • But not ones including randomness like PSS
10 RSA

Empfohlen

CNIT 141 10. RSA
CNIT 141 10. RSACNIT 141 10. RSA
CNIT 141 10. RSASam Bowne
 
CNIT 141 10. RSA
CNIT 141 10. RSACNIT 141 10. RSA
CNIT 141 10. RSASam Bowne
 
CNIT 141: 10. RSA
CNIT 141: 10. RSACNIT 141: 10. RSA
CNIT 141: 10. RSASam Bowne
 
CNIT 141: 10. RSA
CNIT 141: 10. RSACNIT 141: 10. RSA
CNIT 141: 10. RSASam Bowne
 
Lecture6 rsa
Lecture6 rsaLecture6 rsa
Lecture6 rsaNghique Nguyen
 
Public_Key_Cryptography in crypto analysis.ppt
Public_Key_Cryptography in crypto analysis.pptPublic_Key_Cryptography in crypto analysis.ppt
Public_Key_Cryptography in crypto analysis.pptImmanImman6
 
Rsa
RsaRsa
Rsamagentie
 
Cybersecurity cyberlab3
Cybersecurity cyberlab3Cybersecurity cyberlab3
Cybersecurity cyberlab3rayborg
 

Empfohlen

CNIT 141 10. RSA
CNIT 141 10. RSACNIT 141 10. RSA
CNIT 141 10. RSASam Bowne
 
CNIT 141 10. RSA
CNIT 141 10. RSACNIT 141 10. RSA
CNIT 141 10. RSASam Bowne
 
CNIT 141: 10. RSA
CNIT 141: 10. RSACNIT 141: 10. RSA
CNIT 141: 10. RSASam Bowne
 
CNIT 141: 10. RSA
CNIT 141: 10. RSACNIT 141: 10. RSA
CNIT 141: 10. RSASam Bowne
 
Lecture6 rsa
Lecture6 rsaLecture6 rsa
Lecture6 rsaNghique Nguyen
 
Public_Key_Cryptography in crypto analysis.ppt
Public_Key_Cryptography in crypto analysis.pptPublic_Key_Cryptography in crypto analysis.ppt
Public_Key_Cryptography in crypto analysis.pptImmanImman6
 
Rsa
RsaRsa
Rsamagentie
 
Cybersecurity cyberlab3
Cybersecurity cyberlab3Cybersecurity cyberlab3
Cybersecurity cyberlab3rayborg
 
Class3
Class3Class3
Class3ankitasinghbsc
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHMSathish Kumar
 
3 pkc+rsa
3 pkc+rsa3 pkc+rsa
3 pkc+rsaShashank Mishra
 
Simple Overview Caesar and RSA Encryption_by_Tarek_Gaber
Simple Overview Caesar and RSA Encryption_by_Tarek_GaberSimple Overview Caesar and RSA Encryption_by_Tarek_Gaber
Simple Overview Caesar and RSA Encryption_by_Tarek_GaberTarek Gaber
 
Information and network security 33 rsa algorithm
Information and network security 33 rsa algorithmInformation and network security 33 rsa algorithm
Information and network security 33 rsa algorithmVaibhav Khanna
 
Unit --3.ppt
Unit --3.pptUnit --3.ppt
Unit --3.pptDHANABALSUBRAMANIAN
 
Cryptography using rsa cryptosystem
Cryptography using rsa cryptosystemCryptography using rsa cryptosystem
Cryptography using rsa cryptosystemSamdish Arora
 
Overview on Cryptography and Network Security
Overview on Cryptography and Network SecurityOverview on Cryptography and Network Security
Overview on Cryptography and Network SecurityDr. Rupa Ch
 
PKC&RSA
PKC&RSAPKC&RSA
PKC&RSAAnver S R
 
RSA
RSARSA
RSAAbirami Thangavel
 
Ch12 Encryption
Ch12 EncryptionCh12 Encryption
Ch12 Encryptionphanleson
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionGöktuğ Serez
 
Cupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829aCupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829ajsk1950
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSASrilal Buddika
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyMd. Shafiul Alam Sagor
 
Rivest Shamir Adleman Algorithm and its variant : DRSA.pptx
Rivest Shamir Adleman Algorithm and its variant : DRSA.pptxRivest Shamir Adleman Algorithm and its variant : DRSA.pptx
Rivest Shamir Adleman Algorithm and its variant : DRSA.pptxwerip98386
 
Ch9
Ch9Ch9
Ch9Mahender Kumar
 
CNS.ppt
CNS.pptCNS.ppt
CNS.pptGopinathSamydurai
 
Public-Key Cryptography.pdfWrite the result of the following operation with t...
Public-Key Cryptography.pdfWrite the result of the following operation with t...Public-Key Cryptography.pdfWrite the result of the following operation with t...
Public-Key Cryptography.pdfWrite the result of the following operation with t...FahmiOlayah
 
Introduction to cryptography part2-final
Introduction to cryptography part2-finalIntroduction to cryptography part2-final
Introduction to cryptography part2-finalTaymoor Nazmy
 
Cyberwar
CyberwarCyberwar
CyberwarSam Bowne
 
3: DNS vulnerabilities
3: DNS vulnerabilities 3: DNS vulnerabilities
3: DNS vulnerabilities Sam Bowne
 

Weitere ähnliche Inhalte

Ähnlich wie 10 RSA

Simple Overview Caesar and RSA Encryption_by_Tarek_Gaber
Simple Overview Caesar and RSA Encryption_by_Tarek_GaberSimple Overview Caesar and RSA Encryption_by_Tarek_Gaber
Simple Overview Caesar and RSA Encryption_by_Tarek_GaberTarek Gaber
 
Information and network security 33 rsa algorithm
Information and network security 33 rsa algorithmInformation and network security 33 rsa algorithm
Information and network security 33 rsa algorithmVaibhav Khanna
 
Cryptography using rsa cryptosystem
Cryptography using rsa cryptosystemCryptography using rsa cryptosystem
Cryptography using rsa cryptosystemSamdish Arora
 
Overview on Cryptography and Network Security
Overview on Cryptography and Network SecurityOverview on Cryptography and Network Security
Overview on Cryptography and Network SecurityDr. Rupa Ch
 
Ch12 Encryption
Ch12 EncryptionCh12 Encryption
Ch12 Encryptionphanleson
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionGöktuğ Serez
 
Cupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829aCupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829ajsk1950
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSASrilal Buddika
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyMd. Shafiul Alam Sagor
 
Rivest Shamir Adleman Algorithm and its variant : DRSA.pptx
Rivest Shamir Adleman Algorithm and its variant : DRSA.pptxRivest Shamir Adleman Algorithm and its variant : DRSA.pptx
Rivest Shamir Adleman Algorithm and its variant : DRSA.pptxwerip98386
 
Public-Key Cryptography.pdfWrite the result of the following operation with t...
Public-Key Cryptography.pdfWrite the result of the following operation with t...Public-Key Cryptography.pdfWrite the result of the following operation with t...
Public-Key Cryptography.pdfWrite the result of the following operation with t...FahmiOlayah
 
Introduction to cryptography part2-final
Introduction to cryptography part2-finalIntroduction to cryptography part2-final
Introduction to cryptography part2-finalTaymoor Nazmy
 

Ähnlich wie 10 RSA (20)

Class3
Class3Class3
Class3
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
 
3 pkc+rsa
3 pkc+rsa3 pkc+rsa
3 pkc+rsa
 
Simple Overview Caesar and RSA Encryption_by_Tarek_Gaber
Simple Overview Caesar and RSA Encryption_by_Tarek_GaberSimple Overview Caesar and RSA Encryption_by_Tarek_Gaber
Simple Overview Caesar and RSA Encryption_by_Tarek_Gaber
 
Information and network security 33 rsa algorithm
Information and network security 33 rsa algorithmInformation and network security 33 rsa algorithm
Information and network security 33 rsa algorithm
 
Unit --3.ppt
Unit --3.pptUnit --3.ppt
Unit --3.ppt
 
Cryptography using rsa cryptosystem
Cryptography using rsa cryptosystemCryptography using rsa cryptosystem
Cryptography using rsa cryptosystem
 
Overview on Cryptography and Network Security
Overview on Cryptography and Network SecurityOverview on Cryptography and Network Security
Overview on Cryptography and Network Security
 
PKC&RSA
PKC&RSAPKC&RSA
PKC&RSA
 
RSA
RSARSA
RSA
 
Ch12 Encryption
Ch12 EncryptionCh12 Encryption
Ch12 Encryption
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic Encryption
 
Cupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829aCupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829a
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSA
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key Cryptography
 
Rivest Shamir Adleman Algorithm and its variant : DRSA.pptx
Rivest Shamir Adleman Algorithm and its variant : DRSA.pptxRivest Shamir Adleman Algorithm and its variant : DRSA.pptx
Rivest Shamir Adleman Algorithm and its variant : DRSA.pptx
 
Ch9
Ch9Ch9
Ch9
 
CNS.ppt
CNS.pptCNS.ppt
CNS.ppt
 
Public-Key Cryptography.pdfWrite the result of the following operation with t...
Public-Key Cryptography.pdfWrite the result of the following operation with t...Public-Key Cryptography.pdfWrite the result of the following operation with t...
Public-Key Cryptography.pdfWrite the result of the following operation with t...
 
Introduction to cryptography part2-final
Introduction to cryptography part2-finalIntroduction to cryptography part2-final
Introduction to cryptography part2-final
 

Mehr von Sam Bowne

3: DNS vulnerabilities
3: DNS vulnerabilities 3: DNS vulnerabilities
3: DNS vulnerabilities Sam Bowne
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development SecuritySam Bowne
 
4 Mapping the Application
4 Mapping the Application4 Mapping the Application
4 Mapping the ApplicationSam Bowne
 
3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)Sam Bowne
 
12 Elliptic Curves
12 Elliptic Curves12 Elliptic Curves
12 Elliptic CurvesSam Bowne
 
11. Diffie-Hellman
11. Diffie-Hellman11. Diffie-Hellman
11. Diffie-HellmanSam Bowne
 
2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 12a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1Sam Bowne
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android ApplicationsSam Bowne
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)Sam Bowne
 
12 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 312 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 3Sam Bowne
 
9. Hard Problems
9. Hard Problems9. Hard Problems
9. Hard ProblemsSam Bowne
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)Sam Bowne
 
11 Analysis Methodology
11 Analysis Methodology11 Analysis Methodology
11 Analysis MethodologySam Bowne
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated EncryptionSam Bowne
 
7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)Sam Bowne
 
7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)Sam Bowne
 
5. Stream Ciphers
5. Stream Ciphers5. Stream Ciphers
5. Stream CiphersSam Bowne
 
6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data CollectionSam Bowne
 
4. Block Ciphers
4. Block Ciphers 4. Block Ciphers
4. Block Ciphers Sam Bowne
 

Mehr von Sam Bowne (20)

Cyberwar
CyberwarCyberwar
Cyberwar
 
3: DNS vulnerabilities
3: DNS vulnerabilities 3: DNS vulnerabilities
3: DNS vulnerabilities
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development Security
 
4 Mapping the Application
4 Mapping the Application4 Mapping the Application
4 Mapping the Application
 
3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)
 
12 Elliptic Curves
12 Elliptic Curves12 Elliptic Curves
12 Elliptic Curves
 
11. Diffie-Hellman
11. Diffie-Hellman11. Diffie-Hellman
11. Diffie-Hellman
 
2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 12a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android Applications
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)
 
12 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 312 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 3
 
9. Hard Problems
9. Hard Problems9. Hard Problems
9. Hard Problems
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)
 
11 Analysis Methodology
11 Analysis Methodology11 Analysis Methodology
11 Analysis Methodology
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated Encryption
 
7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)
 
7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)
 
5. Stream Ciphers
5. Stream Ciphers5. Stream Ciphers
5. Stream Ciphers
 
6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection
 
4. Block Ciphers
4. Block Ciphers 4. Block Ciphers
4. Block Ciphers
 

Kürzlich hochgeladen

Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 

Kürzlich hochgeladen (20)

INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 

10 RSA

  • 1. CNIT 141 Cryptography for Computer Networks 10.RSA Updated 11-9-22
  • 2. Topics • The Math Behind RSA • The RSA Trapdoor Permutation • RSA Key Generation and Security • Encrypting with RSA • Signing with RSA • RSA Implementations • How Things Can Go Wrong
  • 4. The Group ZN* • Integers modulo N • Must contain an identity element: 1 • Each member must have an inverse • So zero is excluded • But Z4* contains {1,3} • 2 has no inverse • Because 4 is a multiple of 2
  • 5. The Group ZN* • If N is prime, Zp* contains {1,2, 3, ... p-1} • So Z5* contains {1,2,3,4} • 0 is excluded because it has no inverse
  • 6. The Group Z10* • Z10* contains {1, 3, 7, 9} • 0, 2, 4, 5, 6, 8 are excluded • Because they have no inverse • Because they have a common factor with 10 • They aren't co-prime with 10
  • 7. Euler's Totient • How many elements are in the group Zn*? • When n is not prime, but the product of several prime numbers • n = p1 ✖︎ p2 ✖︎ ... ✖︎ pm • ϕ(n) = (p1 - 1) ✖︎ (p2 - 1) ✖︎ ... ✖︎ (pm - 1) • For Z10* • n = 10 = 2 ✖︎ 5 • ϕ(10) = 1 ✖︎ 4 : 4 elements in Z10*
  • 9. RSA Parameters • n is the modulus • Product of two primes p and q • e is the public exponent • In practice, usually 65537 • Public key: (n, e) • Private key: p and other values easily derived from it
  • 10. Trapdoor Permutation • x is the plaintext message • y is the ciphertext Encryption: y = xe mod n Decryption: x = yd mod n • d is the decryption key • calculated from p and q
  • 11. Calculating d • ed = 1 mod ϕ(n) • Decryption: x = yd mod n = (xe)d mod n = xed mod n = x mod n = x
  • 12. Why mod ϕ(n) ? • Fermat's Little Theorem (aka Euler's Theorem) • Stated by Fermat in 1640 without proof • Proven by Euler in 1736
  • 14. Example: n = 10 • 10 = 2 * 5; p = 2, q = 5 • ϕ = (p - 1) (q - 1) = 1 * 4 = 4 elements in group • 3 is a generator of the group (see next slides)
  • 16. 0 5 1 4 3 2 9 6 7 8 0 5 1 4 3 2 9 6 7 8 n=10; x=3 33 = 27 mod 10 = 7 34 = 81 mod 10 = 1
  • 17. • Z10* contains {1, 3, 7, 9} • 4 elements • 3 is a generator of the group • Although n is 10, the powers of 3 repeat with a cycle of 4 (ϕ(n) ) • Encrypt by raising x to power e, forming y • Decrypt by raising y to power d, returning x Powers of 3 31 mod 10 = 3 32 mod 10 = 9 33 mod 10 = 7 34 mod 10 = 1 35 mod 10 = 3
  • 18. • Z10* contains {1, 3, 7, 9} • 4 elements • p = 2 and q = 5 • ϕ(n) = (p-1)(q-1) = 1x4 = 4 • ed = 1 mod ϕ(n) • For e = 3, d = 3 Finding d n=10; e=3 3x1 mod 4 = 3 3x2 mod 4 = 2 3x3 mod 4 = 1
  • 19. • x is the plaintext message (3) • y is the ciphertext Encryption: y = xe mod n = 33 mod 10 = 27 mod 10 = 7 Decryption: x = yd mod n = 73 mod 10 = 343 mod 10 = 3 n=10; x=3; e=3; d=7
  • 21. 2 n=14; x=3 0 31 = 3 1 3 4 5 6 7 13 8 12 9 11 10 2 0 32 = 9 1 3 4 5 6 7 13 8 12 9 11 10
  • 22. 2 n=14; x=3 0 33 = 27 mod 14 = 13 1 3 4 5 6 7 13 8 12 9 11 10 2 0 34 = 81 mod 14 = 11 1 3 4 5 6 7 13 8 12 9 11 10
  • 23. 2 n=14; x=3 0 35 = 243 1 3 4 5 6 7 13 8 12 9 11 10 2 0 36 = 729 1 3 4 5 6 7 13 8 12 9 11 10
  • 24. • Z14* contains {1, 3, 5, 9, 11, 13} • 6 elements (ϕ(n) ) • 3 is a generator of the group Powers of 3 31 mod 14 = 3 32 mod 14 = 9 33 mod 14 = 13 34 mod 14 = 11 35 mod 14 = 5 36 mod 14 = 1
  • 25. • Z14* contains {1, 3, 5, 9, 11, 13} • 6 elements • p = 2 and q = 7 • ϕ(n) = (p-1)(q-1) = 1x6 = 6 • ed = 1 mod ϕ(n) • For e = 5, d = 5 Finding d n=14; x=3; e=5 5x1 mod 6 = 5 5x2 mod 6 = 4 5x3 mod 6 = 3 5x4 mod 6 = 2 5x5 mod 6 = 1
  • 26. • x is the plaintext message (3) • y is the ciphertext Encryption: y = xe mod n = 35 mod 14 = 243 mod 14 = 5 Decryption: x = yd mod n = 55 mod 14 = 3125 mod 14 = 3 n=14; x=3; e=5; d=5
  • 27. RSA Key Generation and Security
  • 28. Key Generation • Pick random primes p and q • Calculate ϕ(n) from p and q • Pick e • Calculate d (inverse of e)
  • 29. RSA in Python 3 Commands python3 -m pip install pycryptodom e python3 from Crypto.PublicKey import RS A from Crypto.Cipher import PKCS1_OAE P key = RSA.generate(2048 ) plaintext = b"encrypt this message " cipher_rsa = PKCS1_OAEP.new(key ) ciphertext = cipher_rsa.encrypt(plaintext ) decrypted = cipher_rsa.decrypt(ciphertext ) print("Ciphertext:", ciphertext ) print("Decrypted:", decrypted)
  • 30. RSA Encryption and Decryption in Python 3
  • 31. Chapter 7 of Understanding Cryptography by Christof Paar and Jan Pelzl 31 Speed of Calculations • Encryption is fastest • Decryption is much slower • Key generation is slowest
  • 32. RSA in Python 3 Commands from Crypto.PublicKey import RS A import tim e for i in range(5) : keylen = 2048 * (2 ** i ) t0 = time.time( ) key = RSA.generate(keylen ) t1 = time.time() - t 0 print("Key length:", keylen, "Time:", t1)
  • 35. Used with AES • RSA typically not used to encrypt plaintext directly • RSA is used to encrypt an AES private key
  • 36. Textbook RSA • Plaintext converted to ASCII bytes • Placed in x • RSA used to compute y = xe mod n
  • 37. Malleability • Encrypt two plaintext messages x1 and x2 • y1 = x1e mod n • y2 = x2e mod n • Consider the plaintext (x1)(x2) • Multiplying x1 and x2 together • y = (x1e mod n)(x2e mod n) = (y1)(y2) • An attacker can create valid ciphertext without the key
  • 38. Strong RSA Encryption: OAEP • Optimal Asymmetric Encryption Padding • Padded plaintext is as long as n • Includes extra data and randomness
  • 39.
  • 40. PKCS#1 v1.5 • An old method created by RSA • Much less secure than OAEP • Used in many systems • https://cryptosense.com/blog/why- pkcs1v1-5-encryption-should-be-put-out-of- our-misery/
  • 42. Digital Signatures • Sign a message x with y = xd mod n • No one can forge the signature because d is secret • Everyone can verify the signature using e • x = ye mod n • Notice that x is not secret • Signatures prevent forgeries, they don't provide confidentiality
  • 43. Signing a Hash • Signing long messages is slow and uncommon • Typically the message is hashed • Then the hash is signed
  • 44. Textbook RSA Signatures • Sign a message x with y = xd mod n • Attacker can forge signatures • For x =0, 1, or n - 1
  • 45. Blinding Attack • You want to get the signature for message M • Which the targeted user would never willingly sign • Find a value R such that ReM mod n • Is a message the user will sign • That signature S is (ReM)d mod n • = RedMd mod n = RMd mod n • The signature we want is Md mod n = S/R
  • 46. The PSS Signature Standard • Probabilistic Signature Standard • Makes signatures more secure, the way OAEP makes encryption more secure • Combines the message with random and fixed bits
  • 47. Full Domain Hash Signatures (FDH) • The simplest scheme • x = Hash(message) • Signature y = xe mod n
  • 48. FDH v. PSS • PSS came later • More proof of theoretical security • Because of added randomness • But in practice they are similar in security • But PSS is safer against fault attacks • Explained later
  • 50. Just Use Libraries • Much easier and safer than writing your own implementation
  • 51. Chapter 7 of Understanding Cryptography by Christof Paar and Jan Pelzl Square-and-Multiply • Consider RSA with a 1024-bit key • We need to calculate xe where e is 1024 bits long • x * x * x * x .... 21024 multiplications • Competely impossible -- we can't even crack a 72-bit key yet (272 calculations) 51
  • 52. Chapter 7 of Understanding Cryptography by Christof Paar and Jan Pelzl Square-and-Multiply • Use memory to save time • Do these ten multiplications • x2 = x * x • x4 = x2 * x2 • x8 = x4 * x4 • x16 = x8 * x8 • ... • x1024 = x512 * x512 • ... • Combine the results to make any exponent 52
  • 53. Chapter 7 of Understanding Cryptography by Christof Paar and Jan Pelzl Square-and-Multiply • With this trick, a 1024-bit exponent can be calculated with only 1536 multiplications • But each number being multiplied is 1024 bits long, so it still takes a lot of CPU 53
  • 54. Side-Channel Attacks • The speedup from square-and-multiply means that exponent bits of 1 take more time than exponent bits of 0 • Measuring power consumption or timing can leak out information about the key • Few libraries are protected from such attacks
  • 55. • EverCrypt -- a library immune to timing attacks • From Microsoft research • Link Ch 10b
  • 56. Small e for Faster Encryption • Encryption: y = xe mod n • Decryption: x = yd mod n • Choosing small e makes encryption faster, but decryption slower
  • 57. Chinese Remainder Theorem • Replaces one operation mod n • Encryption: y = xe mod n • With two operations mod p and q • Making RSA four times faster
  • 58. How Things Can Go Wrong
  • 59. Bellecore Attack on RSA-CRT • Fault injection causes the CPU to make errors • Alter the power supply • or hit chips with a laser pulse • Can break deterministic schemes like CRT • But not ones including randomness like PSS