Escolar Documentos
Profissional Documentos
Cultura Documentos
RSA
1. Most popular public-key cryptosystem.
2. Invented by Rivest/Shamir/Adleman in 1977 at MIT.
3. Patented until 2000.
77
8.1 Cryptosystem
Set-up Stage
1. Choose two large primes and . p q
2. Compute = . n p q
b 1 mod ( )
a n :
x 2 Zn = f0 1
; , 1g.
;:::;n
Example:
Alice sends encrypted message ( = 4) to Bob after Bob x
78
Alice Bob
(1) choose = 3; = 11p q
(2) = = 33
n p q
(3) ( ) = (3 , 1)(11 , 1) = 2 10 = 20
n
(3 33)
x =4 kpub
, ;
(5) = ,1 = 7 mod 20
a b
=31
y = mod
x
b
n = 43 = 64 31 mod 33 ,!
y
x = = 317 4 mod 33
y
a
pr = = = mod . a ba ab
dk y x x n
a 1 mod ( ) () 1 + ( ); is an integer.
b n a b t n t
dk pr = = ( ) 1 = ( ( ) ) mod .
x
ab
x
t n
x x
n t
x n
assume = ) gcd( ) = 1 x r p x; q
( ) = 1 + ; where is an integer
x
n
c q c
( ) = + = + = + = +
x x
n
x x c q x r p c q x r c p q x r c n
( ) mod
x x
n
x n
79
x
( )n
1 mod , q.e.d.
n
In practice, the above algorithm is run 3 times (for a 1000 bit prime) and upto 12 times (for
a 150 bit prime) [AM97, Table 4.4 page 148] with dierent parameters . If the answer is r
Answer: P ( is prime ) 1( ) .
p
ln p
80
8.2.2 Choosing a and b
2. Test if gcd( ( )) = 1 b; n
3. Calculate : a
= (, )( ) + 1
t b s n
) 1 mod ( )
t b n
) = ,1 = mod ( )
t b a n
Remark:
It is not necessary to nd for the computation of . s a
8.2.3 Encryption/Decryption
decryption: dk pr ( ) =
y mod = . y
a
n x
1 2 3
if 0 ( ) then O(( )) O( ).
< b < n n n
Answer: | {z= 2}; | 2 {z= 3}; | 3 {z3 = 6}; | 6 6{z= 12}; | 12 {z= 13}.
x x x x x x x x x x x x x x x
SQ MUL SQ SQ MUL
81
Square-and-multiply algorithm
First: binary representation of the exponent ! ; 15 x
B
B
B = 3 23 + 2 22 + 1 21 + 0
b b b b
B = ( 3 2 + 2 )22 + 1 2 + 0 = (( 3 2 + 2 )2 + 1 )2 +
b b b b b b b b0
x = (( 3 2+ 2)2+ 1 )2+ 0
B
x
b b b b
Step x
B
#1 x
b3 2
#2 (x
b3 2 x 2 )b
#3 (x 3
b 2 x 2 )2
b
#4 (x 3
b 2 x 2 )2 x 1
b b
#5 (( x
b3 2 x 2 )2 x 1 )2
b b
#6 (( x
b3 2 x 2 )2 x 1 )2 x 0
b b b
Example: x
13 = x
11012 = x
(3
b ;b2 ;b1 ;b0 )2
#1 3 2 = 2
x
b
x SQ
#2 2 3 = 2 = 3
x x
b
x x x MUL
#3 ( 3 )2 = 6
x x SQ
#4 6 0 6 1 = 6
x x x x
#5 ( 6 )2 = 12
x x SQ
#6 12 0 = 12 = 13
x x
b
x x x MUL
Complexity: [log2 ] SQ + [ 12 log2 ] MUL.
n n
Comparison: = 21000B
! relatively easy.
82
Remark: Remember to apply modulo reduction after every multiplication and squaring
operation.
Algorithm [Sti95]: computes , where = P ,=01 2 B
x B
l
i
bi
i
1. =z x
(a) = z z
2 mod n
8.3 Attacks
8.3.1 Brute Force
83
8.3.4 Factorization of n
( ) = ( , 1)( , 1)
n p q
b= ,1 mod ( )
a n
x = mod y
a
n
Factoring Algorithms:
1. Quadratic Sieve (QS): speed depends on the size of ; record: in 1994 factoring of
n
2. Elliptic Curve: similar to QS; speed depends on the size of the smallest prime factor
of , i.e., on and .
n p q
3. Number Field Sieve: asymptotically better than QS; record: in 1996 factoring of
=RSA140; log10 = 140 digits; log2 = 466 bits.
n n n
Algorithm Complexity
pln( ) ln(ln( ))
Quadratic Sieve O(e (1+ (1))
p
o n
) n
84
number month MIPS-years algorithm
RSA-100 April 1991 7 quadratic sieve
RSA-110 April 1992 75 quadratic sieve
RSA-120 June 1993 830 quadratic sieve
RSA-129 April 1994 5000 quadratic sieve
RSA-130 April 1996 500 generalized number eld sieve
RSA-140 February 1999 1500 generalized number eld sieve
RSA-155 August 1999 8000 generalized number eld sieve
85
8.4 Implementation
Hardware: 1024 bit decryption in less that 5 ms.
Software: 1024 bit decryption in 43 ms; 1024 bit encryption in 0.65 ms
hybrid systems, consisting of public-key and private-key algorithms: most commonly
used in practice
1. key exchange and authentication with (slow) public-key algorithm
2. bulk data encryption with (fast) block ciphers
86