2. RSA: Rivest Shamir AdlemanRSA: Rivest Shamir Adleman
RSA is one of the first practical public-key algorithm and is
widely used for secure data transmission.
Of all the public-key algorithms proposed over the years, RSA
is by far the easiest to understand and implement.
The algorithm is named after the three inventors—Ron
Rivest, Adi Shamir, and Leonard Adleman
The RSA algorithm was publicly described in 1977 by Rivest,
Shamir, and Adleman at MIT
3. RSA: AlgorithmRSA: Algorithm
Just like the public key cryptography, in RSA the encryption key
is public and the decryption key is private, which is kept secret.
In RSA, this asymmetry is based on the practical difficulty of
factoring the product of two large prime numbers.
RSA gets its security from the difficulty of factoring large
numbers. The public and private keys are functions of a pair of
large prime numbers (100 to 200 digits or even larger).
A user of RSA creates and then publishes a public key based on
the two large prime numbers, along with an auxiliary value. The
prime numbers must be kept secret. Anyone can use the public
key to encrypt a message, but with currently published
methods. If the public key is large enough, only someone with
knowledge of the prime numbers can feasibly decode the
message.
4. RSA: AlgorithmRSA: Algorithm
The RSA algorithm can be analyzed in three phases:
1. Getting the Message Ready
2. Key generation
3. Message Encryption
4. Message Decryption
5. 5
RSA: Getting ReadyRSA: Getting Ready
In RSA we represent a message by its equivalent integer value.
1. We can represent a message as a binary bit pattern.
2. And a bit pattern can be uniquely represented by a
decimal integer number.
3. Thus we can consider that encrypting a message is
equivalent to encrypting its corresponding decimal integer
number.
4. Example: Let we want to encrypt the message “m”
5. Now we know m= 10010001 . So this message can be uniquely
represented by the decimal number 145 which is equal to
(10010001)2 .
6. To encrypt m, we encrypt the corresponding number 145,
which gives a new number (the cyphertext).
6. 6
RSA: Key GenerationRSA: Key Generation
1. Choose two large prime numbers p, q.
(e.g., 1024 bits each)
2. Compute n = pq, z = (p-1)(q-1)
3. Choose encryption key e (with e<n) that has no common
factors with z. (that is e and z are “relatively prime”).
4. Calculate decryption key d such that ed-1 is exactly
divisible by z. (in other words: ed mod z = 1 implies
d=e-1
mod z
5. Public key is (n,e). Private key is (n,d).
KB
+
KB
-
7. 7
RSA: Encryption & DecryptionRSA: Encryption & Decryption
Given public key (n,e) and private key (n,d)
1. To encrypt message m (<n), compute
c = m mod ne
2. To decrypt received bit pattern, c, compute
m = c mod nd
m = (m mod n)e mod n
dMagic
happens!
c
9. 9
Analyze: Key GenerationAnalyze: Key Generation
To generate the two keys, choose two random large prime
numbers, p and q. For maximum security, choose p and q of
equal length. Then compute the products.
Then randomly choose the encryption key, e, such that e and
z=(p - 1)(q - 1) are relatively prime.
Finally, use the extended Euclidean algorithm to compute the
decryption key, d, such that ed-1 is exactly divisible by z. That is
ed mod z = 1 or d=e-1
mod z
1. Choose two large prime numbers p, q.
(e.g., 1024 bits each)
2. Compute n = pq, z = (p-1)(q-1)
10. 10
RSA Example:RSA Example:
Now Alice chooses p=5, q=7. Then n=35, z=24.
e=5 (so e, z relatively prime).
d=29 (so ed-1 exactly divisible by z).
bit pattern m me c = m mod ne
00001100 12 24832 17
encrypt:
Encrypting 8-bit messages.
Consider that Alice wants to a message whose
equivalent binary bit pattern is 00001100 to Alice
Given 00001100=12 as plaintext, Alice send its ciphertext
17 to Bob
11. 11
RSA Example:RSA Example:
c m = c mod nd
17 481968572106750915091411825223071697 12
c
d
decrypt:
Now at the receiver end Bob receives 17 as the
ciphertext. Then Bob decrypt the ciphertext to
recover the plaintext.
Upon receiving 17 as ciphertext Bob decrypts it to
recover the plaintext 00001100=12
13. 13
Why does RSA work?Why does RSA work?
We have to show that cd
mod n = m , where c = me
mod n
Now we know that: for any x and y
xy
mod n = x(ymodz)
mod n , where n= pq and z = (p-1)(q-1)
Then cd
mod n = (me
mod n)d
mod n [ as c = me
mod n ]
= med
mod n
= m(edmodz)
mod n [For d we have ed mod z =1]
= m1
mod n
= m
14. 14
Attacks Against RSAAttacks Against RSA
There are a number of attacks against plain RSA as described
below:
When encrypting with low encryption exponents (e.g., e = 3)
and small values of the m, ciphertexts can be easily decrypted
If the same clear text message is sent to bob or more recipients
and the receivers share the same exponent e, but different p, q,
and n, then it is easy to decrypt the original clear text message
via the Chinese remainder theorem
It is vulnerable to chosen plaintext attack.