Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r 175753411947 p q p q p q p and q prime

Public Key Cryptosystems - RSA

Receiver Sender

Eavesdropper

1757

53

41 19

47

p

q

p

q

p

q

p and q prime


Receiver Sender

Eavesdropper

1757

53

41 19

47

p

q

p

q

p

q

p and q prime

Compute numbers n = p*q

2337 323

2491


Receiver Sender

Eavesdropper

1757

53

41 19

47

p

q

p

q

p

q

p and q prime

Choose e prime relative to (p-1)(q-1)

2337 323

2491

43 23

41


Receiver Sender

Eavesdropper

1757

53

41 19

47

p

q

p

q

p

q

p and q prime

Publish <n,e> pair as the public key

2337 323

2491

43 23

41


Receiver Sender

Eavesdropper

1757

53

41 19

47

p

q

p

q

p

q

p and q prime

Find d such that (e*d -1) is divisible by (p-1)(q-1)

263 323

2491

43 23

41

1667 2337

2217


Receiver Sender

Eavesdropper

1757

53

41 19

47

p

q

p

q

p

q

p and q prime

Keep <d,n> as the private key

263 323

2491

43 23

41

1667 2337

2217


Receiver Sender

Eavesdropper

Toss p and q

263 323

2491

43 23

41

1667 2337

2217


Receiver Sender

Eavesdropper

263 323

2491

43 23

41

1667 2337

2217

m mod 233743


Receiver Sender

Eavesdropper

263 323

2491

43 23

41

1667 2337

2217

m mod 233743( )

1667mod 2337

Public Key Cryptosystems - RSA, signing

Receiver Sender

Eavesdropper

263 323

2491

43 23

41

1667 2337

2217

m mod 2337263

Public Key Cryptosystems - RSA, signing

Receiver Sender

Eavesdropper

263 323

2491

43 23

41

1667 2337

2217

m mod 2337263( )

23mod 2337

Public Key Cryptosystems - RSA, exponentiating

2566355637

mod 78837


2566355637

mod 78837 Yikes!


2566355637

mod 78837

25663

2

2mod 78837

...

That is, do the modular reduction after each multiplication.

Public Key Cryptosystems - RSA, find primes

2

Probability that a random number n is prime: 1/ln(n)

For 100 digit number this is 1/230.


2



But how to test for being prime?


2




If p is prime and 0 < a < p, then ap-1 = 1 mod p Ex: 3(5-1) = 81 = 1 mod 5 36(29-1) = 37711171281396032013366321198900157303750656 = 1 mod 29


2




If p is prime and 0 < a < p, then ap-1 = 1 mod p Ex: 3(5-1) = 81 = 1 mod 5 36(29-1) = 37711171281396032013366321198900157303750656 = 1 mod 29

Pr(p isn't prime but ap-1 = 1 mod p) = 1/1000000000000000


Can always express a number n-1 as 2bc for some odd number c. ex: 48 = 243Then can compute an-1 mod n by computing ac mod nand squaring the result b times. If the result is not 1 then nis not prime.


Choose a random odd integer p to test. Calculate b = # times 2 divides p-1.

Calculate m such that p = 1 + 2 m.

Choose a random integer a such that 0 < a < p.

If a ≡ 1 mod p || a ≡ -1 mod p, for some 0 ≤ j≤b-1,then p passes the test. A prime will pass the test for all a.

b

m 2 mj


Choose a random odd integer p to test. Calculate b = # times 2 divides p-1.

Calculate m such that p = 1 + 2 m.

Choose a random integer a such that 0 < a < p.

If a ≡ 1 mod p || a ≡ -1 mod p, for some 0 ≤ j≤b-1,then p passes the test. A prime will pass the test for all a.

A non prime number passes the test for at most 1/4 of all possible a.So, repeat N times and probability of error is (1/4) .

b

m 2 mj

N

Public Key Cryptosystems - RSA, picking d and e

Choose e first, then find p and q so (p-1) and (q-1) are relatively prime to e

RSA is no less secure if e is always the same and small

Popular values for e are 3 and 65537

For e = 3, though, must pad message or else ciphertext = plaintext

Choose p ≡ 2 mod 3 so p-1 = 1 mod 3

So, choose random odd number, multiply by 3 and add 2, then test for primality

Or, start with any random number, multiply by 6 and add 5

Documents

Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r 175753411947 p q p q p q p and q prime