DOC PREVIEW
MASON ECE 646 - Lecture 10 RSA Implementation: Efficient encryption, decryption & key generation

This preview shows page 1-2-19-20 out of 20 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 20 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 20 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 20 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 20 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 20 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

1RSAImplementation:Efficient encryption, decryption& key generationECE646 Lecture 10Efficient encryptionand decryptionNumber of bits vs. number of decimal digits10#digits= 2#bits#digits = (log102) · #bits  0.30 · #bits256 bits = 77 D384 bits = 116 D512 bits = 154 D768 bits = 231 D1024 bits = 308 D2048 bits = 616 D2How to perform exponentiation efficiently?Problems:Y = XEmod N = X  X  X  X  X …  X  X mod NE-timesE may be in the range of 21024 103081. huge storage necessary to store XEbefore reduction2. amount of computations infeasible to performSolutions:1. modulo reduction after each multiplication2. clever algorithms200 BC, India, “Chandah-Sûtra”Right-to-left binary exponentiationS: X X2mod N X4mod N X8mod N … X2mod NL-1E: e0e1e2e3… eL-1Y = X  (X2mod N)  (X4mod N)  (X8mod N)  …  (X2mod N)E = (eL-1, eL-2, …, e1, e0)2e0e1e2e3eL-1Y = Xe0+ 2e1+ 4e2+ 8e3+ … + 2L-1eL-1mod N =Xa Xb= Xa+b(Xa)b= Xab= X = XEmod Ni=0L-1ei 2iL-1Y = XEmod NRight-to-left binary exponentiation: ExampleS: X X2mod N X4mod N X8mod N X16mod NE: e0e1e2e3e41 1 0 0 1Y = X  X2mod N  1  1  X16mod N =E = 19 = 16 + 2 + 1 = (10011)2= X19mod NY = 319mod 113 32mod 11 =9 92mod 11 = 4 42mod 11 = 5 52mod 11 = 33  9  1  1  3 mod 11(27 mod 11)  3 mod 11 = 5  3 mod 11 = 43Left-to-right binary exponentiationE: eL-1eL-2eL-3… e1e0Y = ((...(((12 X )2 X )2 X )2…. )2 X )2 X mod NE = (eL-1, eL-2, …, e1, e0)2eL-1eL-2eL-3e1e0Y = X(eL-1 2 + eL-2)  2 + eL-3)  2 + …. + e1)  2 + e0mod N =Xa Xb= Xa+b(Xa)b= Xab= XEmod Ni=0L-1ei 2iY = XEmod N= X2L-1eL-1+ 2L-2eL-2+ 2L-3eL-3+…+2e1+e0mod N = X =Left-to-right binary exponentiation: ExampleE: e4e3e2e1e0Y = ((...(((12 X )2 1 )2 1 )2 X)2 X mod NY = (X8 X)2 X mod N = X19mod NE = 19 = 16 + 2 + 1 = (10011)2Y = 319mod 111 0 0 1 1= (((32mod 11) )2mod 11)2mod 11  3)2mod 11  3 mod 11= (81 mod 11)2mod 11  3)2mod 11  3 mod 11 == (5  3)2mod 11  3 mod 11 == 42mod 11  3 mod 11 == 5  3 mod 11 = 4Right-to-left binaryexponentiationLeft-to-right binaryexponentiationExponentiation: Y = XEmod NE = (eL-1, eL-2, …, e1, e0)2Y = 1;S = X;for i=0 to L-1{if (ei== 1)Y = Y  S mod N;S = S2mod N;}Y = 1;for i=L-1 downto 0{Y = Y2mod N;if (ei== 1)Y = Y  X mod N;}4Exponentiation Example: Y = 712mod 11Right-to-left binaryexponentiationLeft-to-right binaryexponentiation12 = (1 1 0 0)2i 0 1 2 3ei0 0 1 1Sbefore7 5 3 9Yafter1 1 1 3 5Safter7 5 3 9 4i 3 2 1 0ei1 1 0 0Y 1 7 2 4 5Sbefore- S before round i is computedSafter- S after round i is computedRight-to-Left Binary Exponentiation in HardwareMULSQRYSEoutputX1enableLeft-to-Right Binary Exponentiation in HardwareMULYEoutputX1ControlLogic5Basic Operations of RSAEncryptionDecryptionciphertext=modplaintextpublic key moduluspublic key exponentplaintext=modciphertextprivate key modulusprivate keyexponentk-bitsk-bitsk-bitsk-bitsk-bits k-bitsL=kL < kCMeNMCdNTime of exponentiationtEXP(e, L, k) = #modular_multiplications(e, L)  tMULMOD(k)SOFTWARE#modular_multiplicationse=324e = F4= 2 + 1217large random L-bit e L + #ones(e)   L32tMULMOD(k) - time of a single modular multiplicationof two k-bit numbers modulo a k-bit numberHARDWAREtMULMOD(k) = csm· k2tMULMOD(k) = chm· ke, LAlgorithms for Modular MultiplicationMultiplicationModular ReductionMultiplication combined withmodular reduction• Montgomery algorithm• Paper-and-pencil• Karatsuba• Schönhage-Strassen (FFT)• classical• Barrett• Selby-Mitchell(k2)(k3/2)(kln(k))(k2)(k2)complexity same as multiplication used(k2)6. . .A0A1An-1An-2. . . B0B1Bn-1Bn-2D0D1D2. . .C0C1Cn-1Cn-2. . . CnCn+1C2n-1C2n-2D2n-4D2n-3D2n-2. . . . .3 words3 wordsABC2 words2 wordsD0= A0B0D1= A0B1+ A1B0D2= A0B2+ A1B1+ A2B0D2n-4= An-3Bn-1+ An-2Bn-2+ An-1Bn-3D2n-3= An-2Bn-1+ An-1Bn-2D2n-2= An-1Bn-11 word = l bytes =  bitsPaper-and-Pencil Algorithm of MultiplicationAssertion:lg2n  x+++++Classical Algorithm of Modular Reductionx2n-1x0. . .x1x2n-2x2n-3xn-1. . .m0mn-1mn-2. . .:x0. . .x1x2n-2x2n-3xn-1. . .q’n-1mxm–q’n-1=x2n-1b+ x2n-2mn-1q’n-1= qn-1+  = 0, 1, 2m0mn-1mn-2. . .–x0. . .x1x2n-3xn-1. . .:q’n-2=x2n-2b+ x2n-3mn-1q’n-2= qn-2+  = 0, 1, 2. . . . . . .x0x1xn-1. . .ModularMultiplicationModularExponentiationSOFTWAREHARDWAREcsm· k2chm· kTime of basic operations in software and hardwarecsme· k2· Lchme· k · L7Encryption/Signature verificationwith a small exponent eDecryption /Signature generationKeyGenerationFactorization(breaking RSA)SOFTWAREHARDWAREcse· k2che· kTime of the RSA operationsas a function of the key size kcsd· k3chd· k2csk· k4/log2kchk· k3/log2kexp(csf· k1/3· (ln k)2/3)Effect of the increase in the computer speedon the speed of encryption and decryption in RSAcomputerspeedoperandsizeencryption/decryptionspeedto keep the same securityDecryption using Chinese Remainder Theorem=MPCPPdPmod=MQCQQdQmodCP= C mod PdP= d mod (P-1)CQ= C mod QdQ= d mod (Q-1)=modCMdNM = MP·RQ+ MQ·RPmod NwhereRP= (P-1mod Q) ·P = PQ-1mod NRQ= (Q-1mod P) ·Q= QP-1mod N8Time of decryptionwithout and with Chinese Remainder TheoremSOFTWAREHARDWAREWithout CRTWith CRTtDEC(k) = tEXP(random e, k, L=k) = cs k3tDEC-CRT(k)  2  tEXP(random e, k/2, L=k/2) = 2  cs ( )3= tDEC(k)14Without CRTWith CRTtDEC(k) = tEXP(random e, k, L=k) = ch k2tDEC-CRT(k)  tEXP(random e, k/2, L=k/2) = ch ( )2= tDEC(k)14k2k2Chinese Remainder TheoremLetN = n1 n2 n3. . .  nMandfor any i, j gcd(ni, nj) = 1Then, any number 0  A  N-1can be represented uniquely byA (a1=A mod n1, a2=A mod n2, …, aM=A mod nM)A can be reconstructed from (a1, a2, …, aM) using equationA=i=1M(ai Ni Ni-1mod ni) mod Nwhere Ni=Nni= n1 n2... ni-1 ni+1...  nM=Chinese Remainder Theoremfor N=P  QN = P  Qgcd(P, Q) = 1M  (Mp= M mod P, MQ= M mod Q)M = MPNPNP-1mod P+NQNQ-1mod QMQmod N= MP Q  ((Q-1) mod P) + MQ P  ((P-1) mod Q) mod N == MP RQ+ MQ RPmod N9Concealment of messages in the RSA cryptosystemBlakley, Borosh, 1979There exist messages that are not changed by the RSAencryption!For example:M=1 C = 1emod N = 1M=0 C = 0emod N = 0M=N-1-1 mod N C = (-1)emod N = -1Every M such thatMP= M mod P  {1, 0, -1}MQ= M mod Q  {1, 0, -1}CP= C mod P = (Memod N) mod P = Memod P = MPemod P = MPCQ= C mod Q = (Memod N) mod Q = Memod Q = MQemod Q =


View Full Document

MASON ECE 646 - Lecture 10 RSA Implementation: Efficient encryption, decryption & key generation

Documents in this Course
Load more
Download Lecture 10 RSA Implementation: Efficient encryption, decryption & key generation
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lecture 10 RSA Implementation: Efficient encryption, decryption & key generation and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture 10 RSA Implementation: Efficient encryption, decryption & key generation 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?