DOC PREVIEW
MASON ECE 646 - Lecture 10 RSA – Genesis, operation & security

This preview shows page 1-2-3-24-25-26 out of 26 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 26 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 26 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 26 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 26 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 26 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 26 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 26 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

1RSA – Genesis, operation & securityECE 646 - Lecture 10Public Key (Asymmetric) CryptosystemsPublic key of Bob - KBPrivate key of Bob - kBAliceBobNetworkEncryptionDecryption2Trap-door one-way functionXf(X) Yf-1(Y)Whitfield Diffie and Martin Hellman“New directions in cryptography,” 1976PUBLIC KEYPRIVATE KEYProfessional (NSA) vs. amateur (academic)approach to designing ciphers1. Know how to break Russianciphers2. Use only well-establishedproven methods3. Hire 50,000 mathematicians4. Cooperate with an industry giant5. Keep as much as possible secret1. Know nothing about cryptology2. Think of revolutionaryideas3. Go for skiing4. Publish in “Scientific American”5. Offer a $100 award for breaking the cipher34Challenge published in Scientific American9686 9613 7546 2206 1477 1409 2225 43558829 0575 9991 1245 7431 9874 6951 20930816 2982 2514 5708 3569 3147 6622 88398962 8013 3919 9055 1829 9451 5781 5145Ciphertext:Public key:N = 114381625757 888867669235779976146612010218296721242362562561842935706935245733897830597123563958705058989075147599290026879543541(129 decimal digits)e = 9007Award 100 $19775RSA as a trap-door one-way functionMC = f(M) = Memod NCM = f-1(C) = Cdmod NPUBLIC KEYPRIVATE KEYN = P ⋅ Q P, Q - large prime numberse ⋅ d ≡ 1 mod ((P-1)(Q-1))RSA keysPUBLIC KEYPRIVATE KEY{ e, N }{ d, P, Q }N = P ⋅ Qe ⋅ d ≡ 1 mod ((P-1)(Q-1))P, Q - large prime numbers6Why does RSA work? (1)M’ = Cdmod N = (Memod N)dmod N = Mdecryptedmessageoriginalmessage?e ⋅ d ≡ 1 mod ((P-1)(Q-1))e ⋅ d ≡ 1 mod ϕ(N)Euler’s totientfunctionEuler’s totient (phi) function (1)ϕϕϕϕ(N) - number of integers in the range from 1 to N-1that are relatively prime with NSpecial cases:1. P is primeRelatively prime with P: 1, 2, 3, …, P-12. N = P ⋅ Q P, Q are prime ϕ(N) = (P-1) ⋅(Q-1)Relatively prime with N: {1, 2, 3, …, P⋅Q-1} – {P, 2P, 3P, …, (Q-1)P}– {Q, 2Q, 3Q, …, (P-1)Q}ϕ(P) = P-17Euler’s totient (phi) function (2)Special cases:3. N = P2P is prime ϕ(N) = P ⋅(P-1)Relatively prime with N: {1, 2, 3, …, P2-1} – {P, 2P, 3P, …, (P-1)P}In generalIf N = P1e1⋅ P2e2 ⋅ P3e3 ⋅ … ⋅ Ptetϕ(N) = ∏ Piei-1⋅ (Pi-1)i=1tEuler’s TheoremLeonard Euler, 1707-1783∀∀∀∀a: gcd(a, N) = 1aϕϕϕϕ(N)≡≡≡≡ 1 (mod N)8Why does RSA work? (2)M’ = Cdmod N = (Memod N)dmod N = = Me ⋅dmod N = = M1+k⋅ϕ(N)mod N = M ⋅ (Mϕ(N))k mod N == M ⋅ (Mϕ(N)mod N)k mod N == M ⋅ 1kmod N = Me ⋅ d ≡ 1 mod ϕ(N)e ⋅ d = 1 + k⋅ϕ(N)=Rivest estimation - 1977The best known algorithm for factoring a 129-digit number requires:40 000 trilion years= 40 · 1015yearsassuming the use of a supercomputerbeing able to perform1 multiplication of 129 decimal digit numbers in 1 nsRivest’s assumption translates to the delay of a single logic gate ≈10 psEstimated age of the universe: 100 bln years = 1011years9Lehmer SieveComputer Museum, Mountain View, CASupercomputer CrayComputer Museum, Mountain View, CA10Early records in factoring large numbersYearsNumber ofdecimal digitsNumberof bitsRequired computationalpower (in MIPS-years)1974198419911992199345711001101201492353323653980.0010.1775830Number of bits vs. number of decimal digits10#digits = 2#bits#digits = (log102) · #bits ≈≈≈≈ 0.30 · #bits256 bits = 77 D384 bits = 116 D512 bits = 154 D768 bits = 231 D1024 bits = 308 D2048 bits = 616 D11How to factor for free?A. Lenstra & M. Manasse, 1989• Using the spare time of computers,(otherwise unused)• Program and results sent by e-mail(later using WWW)Practical implementations of attacksFactorization, RSAYearNumber of bitsof NNumber of decimal digits of N Estimated amountof computations199419961998129130140 4304334672000 MIPS-years5000 MIPS-years750 MIPS-yearsMethodQSGNFSGNFS1999 140 4678000 MIPS-yearsGNFS12Breaking RSA-129When: August 1993 - 1 April 1994, 8 monthsWho: D. Atkins, M. Graff, A. K. Lenstra, P. Leyland + 600 volunteers from the entire worldHow: 1600 computersfrom Cray C90, through 16 MHz PC,to fax machinesOnly 0.03% computational power of the InternetResults of cryptanalysis:“The magic words are squeamish ossifrage”An award of 100 $ donated to Free Software FoundationElements affecting the progressin factoring large numbers• computational power• computer networks•••• better algorithms1977-1993 increase of about 1500 timesInternet13Factoring methodsGeneral purpose Special purposeQS - Quadratic SieveNFS - Number Field SieveECM - Elliptic Curve MethodTime of factoring dependsonly on the size of NTime of factoring is muchshorter if N or factors of Nare of the special formPollard’s p-1 methodCyclotomic polynomial methodSNFS - Special Number FieldSieveContinued Fraction Method(historical)General purpose factoring methodssize of the factored number N in decimal digits (D)100D 130DQS more efficientNFS moreefficientExpected running timeQS NFSLN[1/2, 1] = exp((1 + o(1))·(ln N)1/2))·(ln ln N)1/2)LN[1/3, 1.92] = exp((1.92 + o(1))·(ln N)1/3))·(ln ln N)2/3)110D 120D14RSA ChallengeRSA-100RSA-110RSA-120RSA-130RSA-140RSA-150RSA-160RSA-170RSA-180..............RSA-450RSA-460RSA-470RSA-480RSA-490RSA-500Smallest unfactored numberRSA-150Unused awards accumulate at a rateof $1750 / quarterFactoring 512-bit number512 bits = 155 decimal digitsold standard for key sizes in RSA17 March - 22 August 1999168 workstations SGI and Sun, 175-400 MHzFirst stageSecond stageCray C916 - 10 days, 2.3 GB RAMGroup of Herman te RieleCentre for Mathematics and Computer Science (CWI), Amsterdam120 Pentium PC, 300-450 MHz, 64 MB RAM4 stations Digital/Compaq, 500 MHz2 months15Factoring RSA-576When?Who?Announced: December 3, 2003 rokuJ. Franke and T. KleinjungBonn UniversityMax Planck Institute for Mathematics in BonnExperimental Mathematics Institute in EssenP. Montgomery and H. te Riele - CWIF. Bahr, D. Leclair, Paul Leyland and R. WackerbarthGerman Federal Agency for Information Technology Security (BIS)TWINKLE “The Weizmann INstitute Key Locating Engine”Adi Shamir, Eurocrypt, May 1999CHES, August 1999Electrooptical device capable to speed-upthe first phase of factorization from 100 to 1000 times If ever built it would increase the size of the keythat can be broken from 100 to 200 bitsCost of the device (assuming that the prototype was earlier built) - $500016Recommended key sizes for RSAOld standard:New standard:Individual usersIndividual usersOrganizations (short term)Organizations (long


View Full Document

MASON ECE 646 - Lecture 10 RSA – Genesis, operation & security

Documents in this Course
Load more
Download Lecture 10 RSA – Genesis, operation & security
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lecture 10 RSA – Genesis, operation & security and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture 10 RSA – Genesis, operation & security 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?