Introduction to Cryptography --- Foundations of computer security ---
Related Chapters Cryptography CHAPTER 2, A Cryptography Primer CHAPTER 37, Data Encryption CHAPTER 39, Public Key Infrastructure CHAPTER 70, Advanced Data Encryption 2
Outline basic terms in cryptology classic secret key ciphers modern secret key ciphers DES (Data Encryption Standard) and AES (Advanced Encryption Standard) how do they work how to use DES and AES in practice 4 modes of operations 3
Basic Terms cryptology (to be very precise) cryptography --- designing cryptanalysis --- code breaking cryptologist cryptographer cryptanalyst encryption/encipherment scrambling data into unintelligible to unauthorised parties 4
Basic Terms (2) decryption/decipherment un-scrambling cipher/cryptosystem 5
A Short History dividing line is 1976/77 classic ~1976/77 1976: Diffie & Hellman discovered public key cryptography 1977: National Bureau of Standards published DES (Data Encryption Standard) modern 1976/77 ~ today 6
History (2) the word of cipher --- from Greek (secret writing) ancient Egypt, Julius Caesar,... WWII Enigma cipher machine broken by British team including Alan Turing Purple cipher broken by US, led to the death of Yamamoto Mainly for war, diplomacy & politics 7
Good Book on History of Crypto David Kahn, The Codebreakers, Macmillan, New York, 1972. PS: a revised edition was published in 1996 Not quite complete 8
Cryptography Goals Authentication: Alice sends a message to Bob. How can Bob verify that the message originated from Alice and not from Eve pretending to be Alice? Confidentiality: Alice sends a message to Bob. How can Bob be sure that the message was not read by Eve? For example, personal communications need to be maintained as confidential. 9
Cryptography Goals (2) Integrity: Alice sends a message to Bob. How does Bob verify that Eve did not intercept the message and change its contents? Nonrepudiation: Alice could send a message to Bob and later deny that she ever sent a message to Bob. In such a case, how could Bob ever determine who actually sent him the message? 10
Types of Ciphers private key cryptosystems/ciphers Also known as Secret key ciphers Single key ciphers Symmetric ciphers public key cryptosystems/ciphers Also known as asymmetric ciphers 11
Representation of Data By characters each character is represented by a 8-bit byte according to the ASCII table By binary bits (0 s and 1 s) eg. fax messages images digitalised voice data 12
Private Key Cipher Plain Text Cipher Text Cipher Text Original Plain Text E Network or Storage D Shared Secret Key Alice Shared Secret Key Bob 13
Concepts A private key cipher is composed of two algorithms encryption algorithm E decryption algorithm D The same key K is used for encryption & decryption K has to be distributed beforehand 14
Notations Encrypt a plaintext P using a key K & an encryption algorithm E C = E(K,P) Decrypt a ciphertext C using the same key K and the matching decryption algorithm D P = D(K,C) Note: P = D(K,C) = D(K, E(K,P)) 15
Classic Ciphers Substitution ciphers (also called shift/additive ciphers) Monoalphabetic ciphers Polyalphabetic ciphers Transposition (permutation) ciphers Product ciphers using both substitution, and transposition 16
The Caesar Cipher The Caesar cipher a substitution cipher, named after Julius Caesar. Operation principle: each letter is translated into the letter a fixed number of positions after it in the alphabet table. the fixed number of positions is a key both for encryption and decryption. 17
The Caesar Cipher (cnt d) Outer: plaintext Inner: ciphertext 18
The Caesar Cipher (cnt d) K=3 19
An Example for a key K=3, plaintext letter: ABCDEF...UVWXYZ ciphertext letter: DEF...UVWXYZABC Hence TREATY IMPOSSIBLE is translated into WUHDWB LPSRVVLEOH 20
An Exercise Using the Caesar cipher to encode the following message under a key K=3 WAR STARTS TOMORROW 21
Another substitution cipher example 22
Transposition Cipher It works by changing the location of characters (characters permutation). A cyclic group defines the permutation with a single key to encrypt, and the same key is used to decrypt the ciphered message. 23
Polyalphabetic Cipher Instead of one-to-one mapping (Cesar cipher), one-tomany mapping is used. A single letter can have multiple substitutes. A tableau is developed (see next slide). This tableau is a series of shift ciphers. The key is repeated over the plaintext. Then, using the tableau, the corresponding letter is used. The top row is used to look up the plaintext, and the leftmost column is used to reference the keyword. 24
25
Polyalphabetic Cipher Example Plaintext: Ask not what your country can do for you, key: rockerrooks. Plaintext A S K N O T W H A T Y O U R Key R O C K E R R O O K S R O C Ciphertext R G M X S K N V O D Q F I T Notice that A is encrypted to different letters. 26
Attacks Against Cryptography Ciphertext only attack: The cryptanalyst has an access to the ciphertext only. Frequency analysis is used to infer the key. Known plaintext attack: The cryptanalyst has an an access to both plaintext and the corresponding cipher text trying to find the key. Chosen plaintext attack: The cryptanalyst can encrypt plaintext of his choice and analyze the resulting cipher text. Chosen Ciphertext attack: The cryptanalyst can decrypt ciphertext of his choice to recover the key. 27
Breaking the Caesar Cipher by trial-and error by using statistics on letters frequency distributions of letters letter percent A 7.49% B 1.29% C 3.54% D 3.62% E 14.00%... with the help of fast computers, 99.99% ciphers used before 1976 are breakable by using one of the 4 types of attacks. The first computer designed by Alan Turing was used to break the Enigma cipher in WWII. 28
MODERN BLOCK CIPHERS 29
Block Ciphers Block ciphers provide the backbone algorithmic technology behind most modern-era ciphers It is a series of serial operations (rounds). In each round, a chunk of the input data is encrypted and fed to the next round. (chaining) Each output block is the same size as the input block. Each block uses a subkey permuted (derived) from the original key. 30
Modern Private Key Ciphers DES (US, 1977) key -- 56 bits, plaint/ciphertext -- 64 bits IDEA (Lai & Massey, Swiss, 1991) key -- 128 bits, plaint/ciphertext -- 64 bits LOKI (ADFA, Australia, 1989) key, plaint/ciphertext -- 64 bits FEAL (NTT, Japan, 1990) key -- 128 bits, plaint/ciphertext -- 64 bits AES (successor to DES, 2001) 31
Encryption using DES a 56-bit key K is expanded into 16 subkeys, each 48 bits (K1, K2,..., K16) Encryption consists of 16 rounds, each using a different 48-bit subkey Both a plaintext & a ciphertext are 64 bits long 64-bit plaintext Similar to encryption, except that the order in which the subkeys are used is reversed, namely, (K16, K15,..., K2, K1) 64-bit ciphertext 56-bit key DES (Encryption) 56-bit key DES (Decryption) 64-bit ciphertext 64-bit plaintext 32
AES Family AES-128,AES-192, AES-256 128-bit plaintext 128-bit plaintext 128-bit plaintext 128-bit key AES- 128 192-bit key AES- 192 256-bit key AES- 256 128-bit ciphertext 128-bit ciphertext 128-bit ciphertext 33
Examples AES128 PLAINTEXT: 00112233445566778899aabbccddeeff KEY: 000102030405060708090a0b0c0d0e0f CIPHERTEXT: 69c4e0d86a7b0430d8cdb78070b4c55a AES256 PLAINTEXT: 00112233445566778899aabbccddeeff KEY: 000102030405060708090a0b0c0d0e0f 101112131415161718191a1b1c1d1e1f CIPHERTEXT: 8ea2b7ca516745bfeafc49904b496089 34
Use of A Private Key Cipher in Practice
4 Modes of Operation Electronic Code Book (ECB) Cipher Block Chaining (CBC) Cipher Feedback Mode (CFB) Output Feedback Mode (OFB) (Use AES-128 as an example) 36
Electronic Code Book (ECB) Encryption mi, ci: 128 bits for AES K: 128 bits (or 192, 256 bits) plaintext (message) m1 m2 m3 m4 m5 m6 m7 m8 m9 m10 E E E E E E E E E E K c1 c2 c3 c4 c5 c6 c7 c8 c9 c10 ciphertext (scrambled message) 37
Electronic Code Book (ECB) Decryption ciphertext (message) c1 c2 c3 c4 c5 c6 c7 c8 c9 c10 D D D D D D D D D D K m1 m2 m3 m4 m5 m6 m7 m8 m9 m10 plaintext (original message) 38
Electronic Code Book (ECB) Encryption plaintext (message) m1 m2 m3 m4 m5 m6 m7 m8 m9 m10 K E E E E E E E E E E c1 c2 c3 c4 c5 c6 c7 c8 c9 c10 ciphertext (scrambled message) ciphertext (message) Decryption c1 c2 c3 c4 c5 c6 c7 c8 c9 c10 D D D D D D D D D D K m1 m2 m3 m4 m5 m6 m7 m8 m9 m10 plaintext (original message) 39
Padding If the length of a plaintext is not a multiple of 128bits, extra bits (0 s or 1 s) are padded to the end of the original message, so that the last block is 128 bits. Padded bits are discarded after decryption. 40
Examples of ECB Mode AES128, Encryption, 16 bytes KEY = 10a58869d74be5a374cf867cfb473859 PLAINTEXT = 00000000000000000000000000000000 CIPHERTEXT = 6d251e6944b051e04eaa6fb4dbf78465 AES256, Decryption, 16 bytes KEY = 07eb03a08d291d1b07408bf3512ab40 c91097ac77461aad4bb859647f74f00ee CIPHERTEXT = 47cb030da2ab051dfc6c4bf6910d12bb PLAINTEXT = 00000000000000000000000000000000 Source: NIST AES Test Data 41
ECB, AES128 Plaintext, 128 X 4 bits 6bc1bee22e409f96e93d7e117393172a ae2d8a571e03ac9c9eb76fac45af8e51 30c81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710 Key, 128 bits 2b7e151628aed2a6abf7158809cf4f3c Ciphertext 3ad77bb40d7a3660a89ecaf32466ef97 f5d3d58503b9699de785895a96fdbaaf 43b1cd7f598ece23881b00e3ed030688 7b0c785e27e8ad3f8223207104725dd4 42
Bit-Wise Exclusive OR (XOR) XOR Table 0 0 = 0 1 1 = 0 0 1 = 1 1 0 = 1 P 1 0 0 1 0 0 1 0 K 0 1 0 1 1 1 1 1 C 1 1 0 0 1 1 0 1 Useful properties: P K C C K P In Java, C & C++: C = P ^ K; P = C ^ K; 43
Cipher Block Chaining (CBC) Encryption m1 m2 m3 m4 IV E E E E K c1 c2 c3 c4 44
Cipher Block Chaining (CBC) Decryption m1 m2 m3 m4 IV D D D D K c1 c2 c3 c4 45
Cipher Block Chaining (CBC) --- Another way to look at decryption Decryption c1 c2 c3 c4 D D D D IV K m1 m2 m3 m4 46
Cipher Block Chaining (CBC) Encryption m1 m2 m3 m4 IV E E E E K c1 c2 c3 c4 c1 c2 c3 c4 Decryption IV D D D D K m1 m2 m3 m4 47
CBC, AES256 Plaintext, 128 X 4 bits 6bc1bee22e409f96e93d7e117393172a ae2d8a571e03ac9c9eb76fac45af8e51 30c81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710 Key, 256 bits 603deb1015ca71be2b73aef0857d7781 1f352c073b6108d72d9810a30914dff4 IV, 128 bits 000102030405060708090a0b0c0d0e0f Ciphertext f58c4c04d6e5f1ba779eabfb5f7bfbd6 9cfc4e967edb808d679f777bc6702c7d 39f23369a9d9bacfa530e26304231461 b2eb05e2c39be9fcda6c19078c6a9d1b 48
Cipher Block Chaining (CBC) with Interleave Factor = 2 Encryption Agreed values m1 m2 m3 m4 IV E E E E K c0 c1 c2 c3 c4 49
Cipher Block Chaining (CBC) with Interleave Factor = 2 Decryption Agreed values m1 m2 m3 m4 IV D D D D K c0 c1 c2 c3 c4 50
Cipher Block Chaining (CBC) with Interleave Factor = 2 Encryption m1 m2 m3 m4 IV E E E E K c0 c1 c2 c3 c4 c0 c1 c2 c3 c4 Decryption IV D D D D K m1 m2 m3 m4 51
Higher Order Bits & Lower Order Bits The left The right b 127 128-bit register/storage b 0 Higher order bits Lower order bits (Note: in line with Java, C, and C++) 52
Cipher Feedback Mode (CFB) Encryption 128-bit register 128-bit shift register (to the left by t bits) K ki: t higher order bits mi t bits (3) (1) E (2) t bits (4) Copy & Feedback t bits ci 53
Blocks, Key & Initial Vector for CFB Long data is divided into blocks, each having t bits. Typically, t=8. Key & initial vector Sender & receiver need to agree on 2 pieces of information beforehand: key K (has to be kept secret) an initial vector for the shift register it does NOT have to be kept secret! a 128-bit all-0 vector may be chosen 54
Cipher Feedback Mode (CFB) Decryption 128-bit shift register (to the left by t bits) (3)... K (1) E (4) Copy & Feedback t bits ki: t higher order bits ci mi t bits (2) t bits 55
Cipher Feedback Mode (CFB) Encryption Decryption 128-bit shift register (to the left by t bits) (3) (1) K E (4) 128-bit register K 128-bit shift register (to the left by t bits) (3)... (4) (1) E ki: t higher order bits mi (2) ci ci ki: t higher order bits mi t bits t bits t bits (2) t bits 56
4 Sub-steps in CFB Decryption encrypt (with, say, AES) XOR Shift (to the left/higher order bit positions) Feedback (to the lower order bit positions) 57
CFB with t=1, AES128 Plaintext, 16 bits 6bc1 (=0110 1011 1100 0001 2 ) Key, 128 bits 2b7e151628aed2a6abf7158809cf4f3c IV, 128 bits 000102030405060708090a0b0c0d0e0f Ciphertext, 16 bits 68b3 (=0110 1000 1011 0011 2 ) 58
CFB with t=8, AES256 Plaintext, 18 bytes (=144 bits) 6bc1bee22e409f96e93d7e117393172aae2d Key, 256 bits 603deb1015ca71be2b73aef0857d7781 1f352c073b6108d72d9810a30914dff4 IV, 128 bits 000102030405060708090a0b0c0d0e0f Ciphertext, 18 bytes dc1f1a8520a64d655fcc8ac554844e889700 59
Output Feedback Mode (OFB) Encryption 128-bit shift register (initially IV) K (1) E (3) Feedback all 128 bits ki: t higher order bits Note : mi ci m i k i c i t bits (2) t bits 60
Output Feedback Mode (OFB) Decryption 128-bit shift register (initially IV) K (1) E (3) Feedback all 128 bits ki: t higher order bits Note c i m i k : i ( m ( k i i k k i ) i ) k i ci t bits (2) mi t bits m i 0 0 m i 61
Output Feedback Mode (OFB) Encryption 128-bit shift register (initially IV) Decryption 128-bit shift register (initially IV) K (1) E (3) Feedback all 128 bits K (1) E (3) Feedback all 128 bits ki: t higher order bits ki: t higher order bits mi ci ci mi t bits (2) t bits t bits (2) t bits 62
OFB, AES128 Plaintext, 128 x 4 bits 6bc1bee22e409f96e93d7e117393172a ae2d8a571e03ac9c9eb76fac45af8e51 30c81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710 Key, 128 bits 2b7e151628aed2a6abf7158809cf4f3c IV, 128 bits 000102030405060708090a0b0c0d0e0f Ciphertext, 128 x 4 bits 3b3fd92eb72dad20333449f8e83cfb4a 7789508d16918f03f53c52dac54ed825 9740051e9c5fecf64344f7a82260edcc 304c6528f659c77866a510d9c1d6ae5e 63
OFB, AES192 Plaintext, 128 x 4 bits 6bc1bee22e409f96e93d7e117393172a ae2d8a571e03ac9c9eb76fac45af8e51 30c81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710 Key, 192 bits 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b IV, 128 bits 000102030405060708090a0b0c0d0e0f Ciphertext, 128 x 4 bits cdc80d6fddf18cab34c25909c99a4174 fcc28b8d4c63837c09e81700c1100401 8d9a9aeac0f6596f559c6d4daf59a5f2 6d9f200857ca6c3e9cac524bd9acc92a 64
Which Mode to Use? electronic code book (ECB) suffers various potential attacks, including block-replacing attack, it should NOT be used! Use one of the other 3 modes cipher block chaining (CBC) cipher feedback mode (CFB) output feedback mode (OFB) 65
Other modes Counter mode (CTR) Combined modes CTR + CFB CTR + OFB 66
Counter Mode (CTR) Encryption 128-bit counter (initialized to 0) K (1) Counter E (3) Increase counter by 1 ki: t higher order bits Note : mi ci m i k i c i t bits (2) t bits 67
Counter Mode (CTR) Decryption 128-bit counter (initialized to 0) K (1) Counter E (3) Increase counter by 1 ki: t higher order bits Note : ci mi c i k i m i t bits (2) t bits 68
How Long a Key should Be to Be Secure 56 bits (DES) -- too short 64 bits -- OK for a few months 80 bits -- OK for non-critical applications 128 bits -- OK for all applications 256 bits OK for applications requiring the highest level of security 69
How to Get Long Keys use ciphers that support long keys: IDEA (128 bits) AES (128, 192, 256 bits) use triple DES results in a key of 112 bits encrypt using K1 decrypt using K2 encrypt again using K1 70
Triple DES (~2030) --- Option 1 Encrypt m K1 E D E c K2 K3 c D E D m Decrypt K1 K2 K3 Source: NIST SP800-67 rev1, 1/2012 71
Triple DES (~2030) Option 2 Encrypt m E D E c K1 K2 c D E D m Decrypt K1 K2 72
ONE-WAY HASH 73
One-Way Hash Algorithm A document (of any length) A condensed, short, fixed length output (say of 160 bits) 74
One-Way Hash Algorithm a one-way hash algorithm hashes an input document into a condensed short output (say of 160 bits) One-wayness Given an output, it is infeasible for any one to find an input document which is hashed to that specific output! Collision resistance it is infeasible for any one to find two or more input documents which are hashed to the same condensed output! 75
Criteria of Hash Functions Preimage resistance: Given a message m and the hash function hash, if the hash value h = hash(m) is given, it should be hard to find any m such that h = hash(m). Second preimage resistance (weak collision resistance): Given input m 1, it should be hard to find another message m 2 such that hash(m 1 ) = hash(m 2 ) and that m 1 m 2 Strong collision resistance: It ought to be hard to find two messages m 1 m 2 such that hash(m 1 ) = hash(m 2 ). 76
Finding collision is infeasible I, Bob, will pay $1,000 to Alice. I, Bob, will pay $10,000 to Alice. (same condensed output) 77
Confetti Shredder as 1-Way Hash Shredding a newspaper into very fine pieces Pick & keep only 20 random pieces out of all those fine pieces & burn off the rest It s 1-way Infeasible for one to recover the original newspaper from the 20 fine pieces It s collision-resistant Infeasible for one to find 2 different newspapers that are shredded to the same set of 20 pieces 78
Examples of 1-Way Hashing SHA Family SHA-1 (output: 160 bits) SHA-224 (output: 224 bits) SHA-256 (output: 256 bits) SHA-324 (output: 324 bits) SHA-512 (output: 512 bits) MD5 (broken, should no longer be used) 79
SECURE TWO-WAY COMMUNICATION 80
Secure 1-Directional Communication Plain Text Cipher Text Cipher Text Original Plain Text E Network or Storage D Shared Secret Key Alice Shared Secret Key Bob 81
Secure Bi-Directional Communication Plain Text Cipher Text Cipher Text Plain Text E Open Network D Pair of Shared Secret Keys: K A B & K B A Alice Pair of Shared Secret Keys: K A B & K B A Bob 82
PUBLIC KEY CRYPTOGRAPHY (ASYMMETRIC CRYPTOGRAPHY) 83
Public Key Cryptosystem Bob s Public Key (for encryption) Public Key Directory Plain Text Cipher Text Cipher Text Plain Text E Open Network D Alice Bob Secret Key (for decryption) 84
Public Key Encryption/Decryption Process 85
Main Differences with AES The public encryption key is different from the secret decryption key. Infeasible for an attacker to find out the secret decryption key from the public encryption key. No need for Alice & Bob to distribute a shared secret key beforehand! Only one pair of public and secret keys is required for each user! 86
Digital Signature Public Key Directory Bob s Public Verification Key Bob Cathy Message signature generation algorithm H 256 bits 1-way hash S Signature Secret Signing Key Open Network Signature Message + signature verification H 256 bits V Accept if satisfied Public Key 87
Digital Signature Operations 88
Applications of Digital Signature Authentication Non-repudiation Digital certification E-Commerce Digital certificates for servers, clients & users Secure communication Digital credentials Certified software applications (apps, drivers, APIs etc) Digital money 89
Digital Signature in epassport epassport an embedded RFID chip that contains information about the owner Digitally signed --- good! Data may be encrypted with a key derived from user info --- not secure at all! Ref: ICAO Doc 9303, Machine Readable Travel Documents RFID chip and antenna is embedded in the cover e-passport symbol 90
Symmetric Key Encryption (summary) One Key. Pre-distribution of the key is needed. Fast. Not scalable (you need a key for each sender/receiver). Not suitable for broadcasting messages. 91
Asymmetric Key Encryption (summary) Two Keys (public and private). Pre-distribution of the key is NOT needed. Slow. Private key can not be derived from public key. Scalable (you need one pair of keys for each user). Suitable for broadcasting messages. 92
Using Both Symmetric and Asymmetric Crypto Symmetric keys are used to encrypt sessions between users (fast). Asymmetric keys are used to distribute the symmetric keys (more secure). 93
Notable Public Key Encryption and Digital Signature Public Key Encryption Based on Integer Factorization RSA Based on Discrete Logarithm ElGamal Diffie-Hellman Based on Elliptic Curves Elliptic curve Diffie-Hellman Based on Lattices NTRU Digital Signature Based on Integer Factorization RSA signature Based on Discrete Logarithm Schnorr DSS Based on Elliptic Curves EC-DSS Based on Lattices NTRU signature 94
Signcryption (signature+encryption) Simultaneously provides the functions of digital signature unforgeability & non-repudiation public key encryption confidentiality with a significantly smaller computational & communication overhead Cost (signcryption) Ref: << Cost (signature) + Cost (encryption) ISO/IEC 29150:2011, Information technology -- Security techniques Signcryption, International Organization for Standardization, 12/2011. www.signcryption.org 95
RSA Algorithm
Public key Cryptography Developed to address two issues: key distribution how to have secure communications in general without having to trust a KDC with your own key. digital signatures to verify a message coming intact from the intended sender. Uses two keys, private and public key. 97
RSA Invented by Rivest, Shamir and Adleman in 1977 It is based on exponentiation over integers modulo a prime It uses large integers (to make it hard to break) Its security due to cost of factoring large numbers 98
Prime Numbers Prime numbers have only two divisors, 1 and it self. It can t be written as multiplication of other numbers. Eg. 2,3,5,7 are prime numbers; 4,6,8,9,10 are not. List of prime numbers less than 100 is: 2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 99
Prime Factorization Given a number n, factoring n is to write it as multiple of other numbers; n = x * y * z. Prime factorization is to write a number n as a product of prime numbers. Eg. 91 = 7 * 13 100
Fermat s Little Theorem a p-1 mod p = 1, where p is prime and gcd(a,p)=1 In other words, if p is a prime number, and a is any integer, then a p -a is an integer multiple of p Eg. a=2, p=7, 2 7 =128, 128-2=126, 126=7*18, 126 is multiple of 7. 101
Relatively Prime Numbers (Coprimes) Two numbers (a and b) are relatively prime if they have no common divisors other than 1 eg. 8 & 9 are relatively prime since factors of 8 are 1,2,4,8 and factors of 9 are 1,3,9 and 1 is the only common factor In other words, relatively prime numbers have a greatest common divisor (GCD) of 1. 102
Euler Totient Function ø(n) Is an arithmetic function that calculates the number of relatively prime numbers (<= n) to a given number n. Examples: ø(1) = 0. ø(10) = 4 // {1,3,7,9} ø(p) = p-1, if p is prime. ø(p e ) = p e - p e-1, if p is prime. ø(m*n) = ø(m) * ø(n), if m and n are coprimes 103
RSA Key Generation 1. choose two distinct prime numbers, p and q 2. compute n = p*q. 3. find ø(n) = ø(p) * ø(q) = (p-1)*(q-1). 4. Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1 e is the public key 5. calculate d as d*e 1 (mod φ(n)) d is the private key 104
RSA Example 1. Select primes: p=17 & q=11 2. Compute n = pq =17 11=187 3. Compute ø(n)=(p 1)(q-1)=16 10=160 4. Select e : gcd(e,160)=1; choose e=7 5. Determine d: d*e=1 mod 160 and d < 160 Value is d=23 since 23 7=161= 10 160+1 6. Publish public key{7,187} 7. Keep secret private key{23,17,11} 105
RSA Example cont sample RSA encryption/decryption is: given message M = 88 encryption: C = 88 7 mod 187 = 11 decryption: M = 11 23 mod 187 = 88 106