SlideShare a Scribd company logo

RSA ALGORITHM

Dr. Shashank Shetty
Dr. Shashank Shetty

The document summarizes the RSA encryption algorithm. It begins by explaining that RSA was developed in 1977 by Rivest, Shamir and Adleman. It then provides an example to demonstrate how RSA works step-by-step, generating keys, encrypting a message and decrypting the ciphertext. Finally, it discusses some challenges with breaking RSA encryption, including brute force attacks and mathematical attacks based on factoring the encryption keys, as well as timing attacks that aim to deduce keys based on variations in processing time.

Technology
1 of 28
1
2
Most read
3
Most read
4
5
Most read
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
THE RSA ALGORITHM BY, SHASHANK SHETTY ARUN DEVADIGA
INTRODUCTION  By Rivest, Shamir & Adleman of MIT in 1977.  Best known & widely used public-key scheme. uses large integers (eg. 1024 bits)  Based on exponentiation in a finite field over integers modulo a prime Plaintext is encrypted in blocks, with each block having the binary value less than some number n. Security due to cost of factoring large numbers.
RSA EXAMPLE 1
1) Generate two large prime numbers, p and q To make the example easy to follow I am going to use small numbers, but this is not secure. To find random primes, we start at a random number and go up ascending odd numbers until we find a prime. Lets have: p=7 q = 19 2) Let n = pq n = 7 * 19 = 133 3) Let m = (p - 1)(q - 1) m = (7 - 1)(19 - 1) = 6 * 18 = 108
4) Choose a small number, e coprime to m (  e coprime to m, means that the largest number that can exactly divide both e and m (their greatest common divisor, or gcd) is 1. Euclid's algorithm is used to find the GCD of two numbers. e = 2 => GCD(108,e) = 2 (no) e = 3 => GCD(108,e) = 3 (no) e = 4 => GCD(108,e) = 4 (no) e = 5 => GCD(108,e) = 1 (yes!)
5) Find d, such that {de mod ɸ(n) = 1} This is equivalent to finding d which satisfies de = 1 + km where k is any integer. We can rewrite this as d = (1 + km) / e. Now we work through values of k until an integer solution for e is found: k = 0 => d = 1 / 5 (no) k = 1 => d = 109 / 5 (no) k = 2 => d = 217 / 5 (no) k = 3 => d = 325 / 5 = 65 (yes!) To do this with big numbers, a more sophisticated algorithm called extended Euclid must be used.
Public Key Secret Key n = 133 e=5 m =108 d = 65 Communication 6) Encryption The message must be a number less than the smaller of p and q. However, at this point we don't know p or q, so in practice a lower bound on p and q must be published. This can be somewhat below their true value and so isn't a major security concern. For this example, lets use the message "6". Cipher = (message)e mod n = 65 mod 133 = 7776 mod 133 = 62
7) Decryption This works very much like encryption, but involves a larger exponentiation, which is broken down into several steps. message = (cipher)d mod n = 6265 mod 133 = 62 * 6264 mod 133 = 62 * (622)32 mod133 = 62 * 384432 mod 133 = 62 * (3844 mod133)32 mod 133 = 62 * 12032 mod 133 We now repeat the sequence of operations that reduced 6265 to 12032 to reduce the exponent down to 1. = 62 * 3616 mod 133 = 62 * 998 mod 133 = 62 * 924 mod 133 = 62 * 852 mod 133 = 62 * 43 mod 133 = 2666 mod 133 = 6
Fermat's Theorem ap-1 mod p = 1 where p is prime and gcd(a,p)=1 also known as Fermat’s Little Theorem useful in public key and primality testing
EULER’S THEOREM & TOTIENT FUNCTION Ø(n) • Euler’s totient function (ɸ(n)), defined as the number of positive integers less than n and relatively prime to n. – for p (p prime) – for p.q (p,q prime) ø(p) = p-1 ø(p.q) = (p-1)(q-1) • For Example: DETERMINE ɸ (37) and ɸ(35). • Because 37 is prime, all of the positive integers from 1 through 36 are relatively prime to 37.Thus ɸ (37)=36. • To determine ɸ(35), we list all of the positive integers less than 35 that are relatively prime to it: 1, 2, 3, 4, 6, 8, 9, 11, 12, 13, 16, 17, 18 19, 22, 23, 24, 26, 27, 29, 31, 32, 33, 34 • There are 24 numbers on the list, so ɸ(35) = 24.
EULER’S THEOREM & TOTIENT FUNCTION Ø(n) (cont…) (Generalization of Fermat’s Little Theorem) In a more general sense what is (p-1)? Ø(p). Ø(p) = Number of integers a < p such that (a, p) = 1. This is obviously (p-1) because p is prime. So we can say akø(p)+1 ≡ a (mod p) More generally, let n = p • q p prime, q prime. akø(n)+1 ≡ a (mod n) p = 3, q = 5, n = 15, Ø(n) = (3-1) • (5-1) = 8 a = 7: 78+1 = 7 (mod 15) 78k+1 = 7 (mod 15) a = 5: 58+1 = 5 (mod 15) 58k+1 = 5 (mod 15)
CARMICHAEL’S THEOREM ( A Refinement of Euler’s Theorem)  Is also called as reduced totient function. Ø(n) = (p-1) • (q-1) λ(n) = LCM{(p-1), (q-1)} akλ(n)+1 ≡ a (mod n) p = 3, q = 5, n = 15, Ø(n) = (3-1) • (5-1) = 8 λ(n) = LCM{(p-1), (q-1)} = LCM{2, 4} = 4 a = 7: 74+1 = 7 (mod 15) 74k+1 = 7 (mod 15) a = 5: 54+1 = 5 (mod 15) 54k+1 = 5 (mod 15)
RSA EXAMPLE 2 Choose p = 19, q = 37, n = 703 Ø(n) = 648, λ(n) = 36, GCD{(p-1),(q-1)} = 18 Choose e = 5 CARMICHAEL d = 29 EULER d = 389 Both d’s will work, but Carmichael gives a much simpler d; in this case security is reduced.
Factoring Problem  Mathematical approach takes 3 forms: – factor N=p.q, hence find ø(N) and then . – determine ø(N) directly and find d – find d directly
FERMAT FACTORIZATION  Fermat factorization attempts to factor a number by representing it as the difference of two squares. • Proposition: Let n be an odd integer. There is a one-to-one correspondence . • Proof: If n=ab, n is odd so a and b are odd. Then a+b and a-b are even, so (a+b)/2 and (a-b)/2 are integers. Now expresses n as a difference of two squares. Conversely, suppose n is written as as difference of squares: Then n=(s+t) (s-t) is a factorization of n.
RSA ALGORITHM
QUADRATIC SIEVE FACTORIZATION Our goal is to find a nontrivial factorization of n: • Consider the value n=1649, a composite number but not divisible by any prime up to its logarithm. and so on, with no squares in immediate sight. • Note that while neither 32 nor 200 is a square, their product is a square: 6400 = 802. Thus, since • we have that is,
QUADRATIC SIEVE FACTORIZATION (cont…) We have found a solution, So, GCD (a+b, n) and GCD (a-b, n) must find the non trivial factors of n.  Hence the, GCD( 114+80,1649) GCD (194,1649) GCD (194, 97) GCD(97,0) =97 and and and and and GCD(114-80, 1649 ) GCD(34,1649) GCD(34,17) GCD(17,0) =17  So, 17 and 97 are the non trivial factor of 1649.
RSA Challenges: • • • • • RSA - 640 November 2, 2005 RSA $200,000 Challenge RSA - DES Challenge RSA - 576 Challenge Cracking RSA Ref: On the Cost of Factoring RSA-1024 Adi Shamir and Eran Tromer
What are RSA factoring Challenges???  The RSA Factoring Challenge was a challenge put forward by RSA Laboratories on March 18, 1991.  to encourage research into computational number theory and the practical difficulty of factoring large integers and cracking RSA keys used in cryptography  They published a list of semiprimes (numbers with exactly two prime factors) known as the RSA numbers, with a cash prize for the successful factorization of some of them
RSA - 640 November 2, 2005 The factoring research team of F. Bahr, M. Boehm, J. Franke, T. Kleinjung continued its productivity with a successful factorization of the challenge number RSA-640, reported on November 2, 2005. The factors [verified by RSA Laboratories] are: 16347336458092538484431338838650908598417836700330 92312181110852389333100104508151212118167511579 And 1900871281664822113126851573935413975471896789968 515493666638539088027103802104498957191261465571 The effort took approximately 30 2.2GHz-Opteron-CPU years according to the submitters, over five months of calendar time. (This is about half the effort for RSA-200, the 663-bit number that the team factored in 2004.) Ref: RSA Laboratories - RSA-640 is factored!
RSA $200,000 Challenge  RSA Security is running a factoring challenge that offers would-be code breakers a prize of up to $200,000 for finding the two numbers of the kind used to create ultrasecure 2048-bit encryption key. RSA-2048 Status: Not Factored Decimal Digits: 617 25195908475657893494027183240048398571429282126204 03202777713783604366202070759555626401852588078440 69182906412495150821892985591491761845028084891200 72844992687392807287776735971418347270261896375014 97182469116507761337985909570009733045974880842840 17974291006424586918171951187461215151726546322822 16869987549182422433637259085141865462043576798423 38718477444792073993423658482382428119816381501067 48104516603773060562016196762561338441436038339044 14952634432190114657544454178424020924616515723350 77870774981712577246796292638635637328991215483143 81678998850404453640235273819513786365643912120103 97122822120720357 Decimal Digit Sum: 2738
RSA - DES Challenge Identifier: DES-Challenge-III Cipher: DES Start: January 18, 1999 9:00 AM PST Prize: $10,000 Plaintext: See you in Rome (second AES Conference, March 22-23, 1999) Ciphertext: bd 0d de 91 99 60 b8 8a 47 9c b1 5c 23 7b 81 18 99 05 45 bc de 82 01 ab 53 4d 6f 1c b4 30 63 3c ee cd 96 2e 07 c6 e6 95 99 9c 96 46 5a 95 70 02 02 70 98 bd 41 c2 88 a9 f0 2f 8b e5 48 20 d2 a8 a0 6b bf 93 de 89 f6 e2 52 fd 8a 25 eb d0 7d 96 83 ee a4 2d c8 8d 1b 71 REF: RSA Laboratories - DES Challenge III
RSA - 576 Challenge  On December 3, 2003, a team of researchers in Germany and several other countries reported a successful factorization of the challenge number RSA-576. According to the announcement by J. Franke:  The factors [verified by RSA Laboratories] are 3980750864240649373971255005503864911990643623425267 08406385189575946388957261768583317 and 4727721461074353025362230719730482246329146953020971 16459852171130520711256363590397527  Lattice sieving was done by J. Franke and T. Kleinjung using Hardware of the Scientific Computing Institute and the Pure Mathematics REF: RSA Laboratories - RSA-576 is factored!
RSA EXAMPLE 3 Encryption Decryption Ciphertext Plaintext 11 7 88 mod 187 = 11 11 23 Plaintext mod 187 = 88 88 88 KU = 7, 187 KR = 23, 187 Figure 1. Example of RSA Algorithm
RSA Security Three approaches to attacking RSA: brute force key search (infeasible given size of numbers) mathematical attacks (based on difficulty of computing ø(N), by factoring modulus N) timing attacks (on running of decryption)
Timing Attacks • developed in mid-1990’s • exploit timing variations in operations – eg. multiplying by small vs large number – or IF's varying which instructions executed • infer operand size based on time taken • RSA exploits time taken in exponentiation • countermeasures – use constant exponentiation time – add random delays – blind values used in calculations
References [1] William Stallings, “The cryptography and network security”. [2] RSA Laboratories, http://www.emc.com/emcplus/rsa-labs/historical/the-rsa-factoring-challengefaq.htm. [3] Dr. Herong Yang, “Cryptography Tutorials - Herong's Tutorial Example”, http://www.herongyang.com/Cryptography/.

More Related Content

What's hot (20)

PPTX
SHA- Secure hashing algorithm
Ruchi Maurya
 
PPTX
Double DES & Triple DES
Hemant Sharma
 
PDF
Elliptic curve cryptography
Cysinfo Cyber Security Community
 
PDF
symmetric key encryption algorithms
Rashmi Burugupalli
 
PPTX
Data Encryption Standard (DES)
Haris Ahmed
 
PPTX
Block cipher modes of operation
harshit chavda
 
PPTX
Cryptography and Network Security
Pa Van Tanku
 
PPTX
Symmetric and asymmetric key
Triad Square InfoSec
 
PPTX
Elgamal &amp; schnorr digital signature scheme copy
North Cap University (NCU) Formely ITM University
 
PDF
2. public key cryptography and RSA
Dr.Florence Dayana
 
PDF
Presentation about RSA
Srilal Buddika
 
PPTX
Security services and mechanisms
Rajapriya82
 
PPT
PUBLIC KEY ENCRYPTION
raf_slide
 
PPT
DES (Data Encryption Standard) pressentation
sarhadisoftengg
 
PPTX
Key management
Sujata Regoti
 
PPTX
Elliptic Curve Cryptography
JorgeVillamarin5
 
PPTX
RSA ALGORITHM
Sathish Kumar
 
PDF
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
PPTX
Feistel cipher
MDKAWSARAHMEDSAGAR
 
PPTX
Introduction to Cryptography
Md. Afif Al Mamun
 
SHA- Secure hashing algorithm
Ruchi Maurya
 
Double DES & Triple DES
Hemant Sharma
 
Elliptic curve cryptography
Cysinfo Cyber Security Community
 
symmetric key encryption algorithms
Rashmi Burugupalli
 
Data Encryption Standard (DES)
Haris Ahmed
 
Block cipher modes of operation
harshit chavda
 
Cryptography and Network Security
Pa Van Tanku
 
Symmetric and asymmetric key
Triad Square InfoSec
 
Elgamal &amp; schnorr digital signature scheme copy
North Cap University (NCU) Formely ITM University
 
2. public key cryptography and RSA
Dr.Florence Dayana
 
Presentation about RSA
Srilal Buddika
 
Security services and mechanisms
Rajapriya82
 
PUBLIC KEY ENCRYPTION
raf_slide
 
DES (Data Encryption Standard) pressentation
sarhadisoftengg
 
Key management
Sujata Regoti
 
Elliptic Curve Cryptography
JorgeVillamarin5
 
RSA ALGORITHM
Sathish Kumar
 
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Feistel cipher
MDKAWSARAHMEDSAGAR
 
Introduction to Cryptography
Md. Afif Al Mamun
 

Similar to RSA ALGORITHM (20)

PPTX
Information and network security 33 rsa algorithm
Vaibhav Khanna
 
PDF
Public-Key Cryptography.pdfWrite the result of the following operation with t...
FahmiOlayah
 
PPTX
Rsa cryptosystem
Abhishek Gautam
 
PPT
Chapter 06 rsa cryptosystem
Ankur Choudhary
 
PDF
Simple Overview Caesar and RSA Encryption_by_Tarek_Gaber
Tarek Gaber
 
PPT
RSA Algorithm.ppt
ArchanaT30
 
PPT
The rsa algorithm
Komal Singh
 
PPT
The rsa algorithm
alagumani1984
 
PPT
The rsa algorithm
Marwa Hashem elsherif
 
PPT
The Introduction to RSA Algorithm with numerical example
ramamoorthi24
 
PPT
MFCS-17.ppt
SharmaDeep4
 
PDF
Factorization Hack of RSA Secret Numbers
Universitas Pembangunan Panca Budi
 
PPT
The rsa algorithm JooSeok Song
Information Security Awareness Group
 
DOCX
HW 5-RSAascii2str.mfunction str = ascii2str(ascii) .docx
wellesleyterresa
 
PDF
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...
CSCJournals
 
PPT
Lecture6 rsa
Nghique Nguyen
 
PPT
Signyourd digital signature certificate provider
Kishankant Yadav
 
PDF
Number Theory and Its Applications in Cryptography
kapilhande1
 
PPTX
Public Key Algorithms
Bit Hacker
 
PDF
Rsa documentation
Farag Zakaria
 
Information and network security 33 rsa algorithm
Vaibhav Khanna
 
Public-Key Cryptography.pdfWrite the result of the following operation with t...
FahmiOlayah
 
Rsa cryptosystem
Abhishek Gautam
 
Chapter 06 rsa cryptosystem
Ankur Choudhary
 
Simple Overview Caesar and RSA Encryption_by_Tarek_Gaber
Tarek Gaber
 
RSA Algorithm.ppt
ArchanaT30
 
The rsa algorithm
Komal Singh
 
The rsa algorithm
alagumani1984
 
The rsa algorithm
Marwa Hashem elsherif
 
The Introduction to RSA Algorithm with numerical example
ramamoorthi24
 
MFCS-17.ppt
SharmaDeep4
 
Factorization Hack of RSA Secret Numbers
Universitas Pembangunan Panca Budi
 
The rsa algorithm JooSeok Song
Information Security Awareness Group
 
HW 5-RSAascii2str.mfunction str = ascii2str(ascii) .docx
wellesleyterresa
 
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...
CSCJournals
 
Lecture6 rsa
Nghique Nguyen
 
Signyourd digital signature certificate provider
Kishankant Yadav
 
Number Theory and Its Applications in Cryptography
kapilhande1
 
Public Key Algorithms
Bit Hacker
 
Rsa documentation
Farag Zakaria
 
Ad

Recently uploaded (20)

PDF
Presentation - Vibe Coding The Future of Tech
yanuarsinggih1
 
PDF
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
PPTX
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
PDF
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
PDF
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
PDF
Biography of Daniel Podor.pdf
Daniel Podor
 
PPTX
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
PDF
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
PDF
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 
PDF
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
PDF
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
PDF
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
PPTX
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
PDF
What Makes Contify’s News API Stand Out: Key Features at a Glance
Contify
 
PDF
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
PDF
July Patch Tuesday
Ivanti
 
PPTX
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
PDF
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
PDF
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
PPTX
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
Presentation - Vibe Coding The Future of Tech
yanuarsinggih1
 
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
Biography of Daniel Podor.pdf
Daniel Podor
 
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
What Makes Contify’s News API Stand Out: Key Features at a Glance
Contify
 
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
July Patch Tuesday
Ivanti
 
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
Ad

RSA ALGORITHM

  • 1. THE RSA ALGORITHM BY, SHASHANK SHETTY ARUN DEVADIGA
  • 2. INTRODUCTION  By Rivest, Shamir & Adleman of MIT in 1977.  Best known & widely used public-key scheme. uses large integers (eg. 1024 bits)  Based on exponentiation in a finite field over integers modulo a prime Plaintext is encrypted in blocks, with each block having the binary value less than some number n. Security due to cost of factoring large numbers.
  • 4. 1) Generate two large prime numbers, p and q To make the example easy to follow I am going to use small numbers, but this is not secure. To find random primes, we start at a random number and go up ascending odd numbers until we find a prime. Lets have: p=7 q = 19 2) Let n = pq n = 7 * 19 = 133 3) Let m = (p - 1)(q - 1) m = (7 - 1)(19 - 1) = 6 * 18 = 108
  • 5. 4) Choose a small number, e coprime to m (  e coprime to m, means that the largest number that can exactly divide both e and m (their greatest common divisor, or gcd) is 1. Euclid's algorithm is used to find the GCD of two numbers. e = 2 => GCD(108,e) = 2 (no) e = 3 => GCD(108,e) = 3 (no) e = 4 => GCD(108,e) = 4 (no) e = 5 => GCD(108,e) = 1 (yes!)
  • 6. 5) Find d, such that {de mod ɸ(n) = 1} This is equivalent to finding d which satisfies de = 1 + km where k is any integer. We can rewrite this as d = (1 + km) / e. Now we work through values of k until an integer solution for e is found: k = 0 => d = 1 / 5 (no) k = 1 => d = 109 / 5 (no) k = 2 => d = 217 / 5 (no) k = 3 => d = 325 / 5 = 65 (yes!) To do this with big numbers, a more sophisticated algorithm called extended Euclid must be used.
  • 7. Public Key Secret Key n = 133 e=5 m =108 d = 65 Communication 6) Encryption The message must be a number less than the smaller of p and q. However, at this point we don't know p or q, so in practice a lower bound on p and q must be published. This can be somewhat below their true value and so isn't a major security concern. For this example, lets use the message "6". Cipher = (message)e mod n = 65 mod 133 = 7776 mod 133 = 62
  • 8. 7) Decryption This works very much like encryption, but involves a larger exponentiation, which is broken down into several steps. message = (cipher)d mod n = 6265 mod 133 = 62 * 6264 mod 133 = 62 * (622)32 mod133 = 62 * 384432 mod 133 = 62 * (3844 mod133)32 mod 133 = 62 * 12032 mod 133 We now repeat the sequence of operations that reduced 6265 to 12032 to reduce the exponent down to 1. = 62 * 3616 mod 133 = 62 * 998 mod 133 = 62 * 924 mod 133 = 62 * 852 mod 133 = 62 * 43 mod 133 = 2666 mod 133 = 6
  • 9. Fermat's Theorem ap-1 mod p = 1 where p is prime and gcd(a,p)=1 also known as Fermat’s Little Theorem useful in public key and primality testing
  • 10. EULER’S THEOREM & TOTIENT FUNCTION Ø(n) • Euler’s totient function (ɸ(n)), defined as the number of positive integers less than n and relatively prime to n. – for p (p prime) – for p.q (p,q prime) ø(p) = p-1 ø(p.q) = (p-1)(q-1) • For Example: DETERMINE ɸ (37) and ɸ(35). • Because 37 is prime, all of the positive integers from 1 through 36 are relatively prime to 37.Thus ɸ (37)=36. • To determine ɸ(35), we list all of the positive integers less than 35 that are relatively prime to it: 1, 2, 3, 4, 6, 8, 9, 11, 12, 13, 16, 17, 18 19, 22, 23, 24, 26, 27, 29, 31, 32, 33, 34 • There are 24 numbers on the list, so ɸ(35) = 24.
  • 11. EULER’S THEOREM & TOTIENT FUNCTION Ø(n) (cont…) (Generalization of Fermat’s Little Theorem) In a more general sense what is (p-1)? Ø(p). Ø(p) = Number of integers a < p such that (a, p) = 1. This is obviously (p-1) because p is prime. So we can say akø(p)+1 ≡ a (mod p) More generally, let n = p • q p prime, q prime. akø(n)+1 ≡ a (mod n) p = 3, q = 5, n = 15, Ø(n) = (3-1) • (5-1) = 8 a = 7: 78+1 = 7 (mod 15) 78k+1 = 7 (mod 15) a = 5: 58+1 = 5 (mod 15) 58k+1 = 5 (mod 15)
  • 12. CARMICHAEL’S THEOREM ( A Refinement of Euler’s Theorem)  Is also called as reduced totient function. Ø(n) = (p-1) • (q-1) λ(n) = LCM{(p-1), (q-1)} akλ(n)+1 ≡ a (mod n) p = 3, q = 5, n = 15, Ø(n) = (3-1) • (5-1) = 8 λ(n) = LCM{(p-1), (q-1)} = LCM{2, 4} = 4 a = 7: 74+1 = 7 (mod 15) 74k+1 = 7 (mod 15) a = 5: 54+1 = 5 (mod 15) 54k+1 = 5 (mod 15)
  • 13. RSA EXAMPLE 2 Choose p = 19, q = 37, n = 703 Ø(n) = 648, λ(n) = 36, GCD{(p-1),(q-1)} = 18 Choose e = 5 CARMICHAEL d = 29 EULER d = 389 Both d’s will work, but Carmichael gives a much simpler d; in this case security is reduced.
  • 14. Factoring Problem  Mathematical approach takes 3 forms: – factor N=p.q, hence find ø(N) and then . – determine ø(N) directly and find d – find d directly
  • 15. FERMAT FACTORIZATION  Fermat factorization attempts to factor a number by representing it as the difference of two squares. • Proposition: Let n be an odd integer. There is a one-to-one correspondence . • Proof: If n=ab, n is odd so a and b are odd. Then a+b and a-b are even, so (a+b)/2 and (a-b)/2 are integers. Now expresses n as a difference of two squares. Conversely, suppose n is written as as difference of squares: Then n=(s+t) (s-t) is a factorization of n.
  • 17. QUADRATIC SIEVE FACTORIZATION Our goal is to find a nontrivial factorization of n: • Consider the value n=1649, a composite number but not divisible by any prime up to its logarithm. and so on, with no squares in immediate sight. • Note that while neither 32 nor 200 is a square, their product is a square: 6400 = 802. Thus, since • we have that is,
  • 18. QUADRATIC SIEVE FACTORIZATION (cont…) We have found a solution, So, GCD (a+b, n) and GCD (a-b, n) must find the non trivial factors of n.  Hence the, GCD( 114+80,1649) GCD (194,1649) GCD (194, 97) GCD(97,0) =97 and and and and and GCD(114-80, 1649 ) GCD(34,1649) GCD(34,17) GCD(17,0) =17  So, 17 and 97 are the non trivial factor of 1649.
  • 19. RSA Challenges: • • • • • RSA - 640 November 2, 2005 RSA $200,000 Challenge RSA - DES Challenge RSA - 576 Challenge Cracking RSA Ref: On the Cost of Factoring RSA-1024 Adi Shamir and Eran Tromer
  • 20. What are RSA factoring Challenges???  The RSA Factoring Challenge was a challenge put forward by RSA Laboratories on March 18, 1991.  to encourage research into computational number theory and the practical difficulty of factoring large integers and cracking RSA keys used in cryptography  They published a list of semiprimes (numbers with exactly two prime factors) known as the RSA numbers, with a cash prize for the successful factorization of some of them
  • 21. RSA - 640 November 2, 2005 The factoring research team of F. Bahr, M. Boehm, J. Franke, T. Kleinjung continued its productivity with a successful factorization of the challenge number RSA-640, reported on November 2, 2005. The factors [verified by RSA Laboratories] are: 16347336458092538484431338838650908598417836700330 92312181110852389333100104508151212118167511579 And 1900871281664822113126851573935413975471896789968 515493666638539088027103802104498957191261465571 The effort took approximately 30 2.2GHz-Opteron-CPU years according to the submitters, over five months of calendar time. (This is about half the effort for RSA-200, the 663-bit number that the team factored in 2004.) Ref: RSA Laboratories - RSA-640 is factored!
  • 22. RSA $200,000 Challenge  RSA Security is running a factoring challenge that offers would-be code breakers a prize of up to $200,000 for finding the two numbers of the kind used to create ultrasecure 2048-bit encryption key. RSA-2048 Status: Not Factored Decimal Digits: 617 25195908475657893494027183240048398571429282126204 03202777713783604366202070759555626401852588078440 69182906412495150821892985591491761845028084891200 72844992687392807287776735971418347270261896375014 97182469116507761337985909570009733045974880842840 17974291006424586918171951187461215151726546322822 16869987549182422433637259085141865462043576798423 38718477444792073993423658482382428119816381501067 48104516603773060562016196762561338441436038339044 14952634432190114657544454178424020924616515723350 77870774981712577246796292638635637328991215483143 81678998850404453640235273819513786365643912120103 97122822120720357 Decimal Digit Sum: 2738
  • 23. RSA - DES Challenge Identifier: DES-Challenge-III Cipher: DES Start: January 18, 1999 9:00 AM PST Prize: $10,000 Plaintext: See you in Rome (second AES Conference, March 22-23, 1999) Ciphertext: bd 0d de 91 99 60 b8 8a 47 9c b1 5c 23 7b 81 18 99 05 45 bc de 82 01 ab 53 4d 6f 1c b4 30 63 3c ee cd 96 2e 07 c6 e6 95 99 9c 96 46 5a 95 70 02 02 70 98 bd 41 c2 88 a9 f0 2f 8b e5 48 20 d2 a8 a0 6b bf 93 de 89 f6 e2 52 fd 8a 25 eb d0 7d 96 83 ee a4 2d c8 8d 1b 71 REF: RSA Laboratories - DES Challenge III
  • 24. RSA - 576 Challenge  On December 3, 2003, a team of researchers in Germany and several other countries reported a successful factorization of the challenge number RSA-576. According to the announcement by J. Franke:  The factors [verified by RSA Laboratories] are 3980750864240649373971255005503864911990643623425267 08406385189575946388957261768583317 and 4727721461074353025362230719730482246329146953020971 16459852171130520711256363590397527  Lattice sieving was done by J. Franke and T. Kleinjung using Hardware of the Scientific Computing Institute and the Pure Mathematics REF: RSA Laboratories - RSA-576 is factored!
  • 25. RSA EXAMPLE 3 Encryption Decryption Ciphertext Plaintext 11 7 88 mod 187 = 11 11 23 Plaintext mod 187 = 88 88 88 KU = 7, 187 KR = 23, 187 Figure 1. Example of RSA Algorithm
  • 26. RSA Security Three approaches to attacking RSA: brute force key search (infeasible given size of numbers) mathematical attacks (based on difficulty of computing ø(N), by factoring modulus N) timing attacks (on running of decryption)
  • 27. Timing Attacks • developed in mid-1990’s • exploit timing variations in operations – eg. multiplying by small vs large number – or IF's varying which instructions executed • infer operand size based on time taken • RSA exploits time taken in exponentiation • countermeasures – use constant exponentiation time – add random delays – blind values used in calculations
  • 28. References [1] William Stallings, “The cryptography and network security”. [2] RSA Laboratories, http://www.emc.com/emcplus/rsa-labs/historical/the-rsa-factoring-challengefaq.htm. [3] Dr. Herong Yang, “Cryptography Tutorials - Herong's Tutorial Example”, http://www.herongyang.com/Cryptography/.