1

RSA: Rivest Shamir Adleman

RSA: Rivest Shamir AdlemanRSA: Rivest Shamir Adleman RSA is one of the first practical public-key algorithm and is

widely used for secure data transmission. Of all the public-key algorithms proposed over the years, RSA

is by far the easiest to understand and implement. The algorithm is named after the three inventors—Ron

Rivest, Adi Shamir, and Leonard Adleman The RSA algorithm was publicly described in 1977 by Rivest,

Shamir, and Adleman at MIT

RSA: AlgorithmRSA: Algorithm Just like the public key cryptography, in RSA the encryption key

is public and the decryption key is private, which is kept secret. In RSA, this asymmetry is based on the practical difficulty of factoring the product of two large prime numbers.

RSA gets its security from the difficulty of factoring large numbers. The public and private keys are functions of a pair of large prime numbers (100 to 200 digits or even larger).

A user of RSA creates and then publishes a public key based on the two large prime numbers, along with an auxiliary value. The prime numbers must be kept secret. Anyone can use the public key to encrypt a message, but with currently published methods. If the public key is large enough, only someone with knowledge of the prime numbers can feasibly decode the message.

RSA: AlgorithmRSA: Algorithm The RSA algorithm can be analyzed in three phases:

1. Getting the Message Ready2. Key generation3. Message Encryption 4. Message Decryption

5

RSA: Getting ReadyRSA: Getting Ready In RSA we represent a message by its equivalent integer value.

1. We can represent a message as a binary bit pattern.2. And a bit pattern can be uniquely represented by a

decimal integer number. 3. Thus we can consider that encrypting a message is

equivalent to encrypting its corresponding decimal integer number.

4. Example: Let we want to encrypt the message “m”5. Now we know m= 10010001 . So this message can be uniquely

represented by the decimal number 145 which is equal to (10010001)2 .

6. To encrypt m, we encrypt the corresponding number 145, which gives a new number (the cyphertext).

6

RSA: Key GenerationRSA: Key Generation1. Choose two large prime numbers p, q. (e.g., 1024 bits each)

2. Compute n = pq, z = (p-1)(q-1)

3. Choose encryption key e (with e<n) that has no common factors with z. (that is e and z are “relatively prime”).4. Calculate decryption key d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 implies d=e-1 mod z

5. Public key is (n,e). Private key is (n,d).

K B+ K B

-

7

RSA: Encryption & DecryptionRSA: Encryption & Decryption Given public key (n,e) and private key (n,d)

1. To encrypt message m (<n), compute

c = m mod n

e

2. To decrypt received bit pattern, c, compute

m = c mod n

d

m = (m mod n)

e mod n

dMagichappens!

c

How RSA Works?How RSA Works?

9

Analyze: Key GenerationAnalyze: Key Generation To generate the two keys, choose two random large prime

numbers, p and q. For maximum security, choose p and q of equal length. Then compute the products.

Then randomly choose the encryption key, e, such that e and z=(p - 1)(q - 1) are relatively prime.

Finally, use the extended Euclidean algorithm to compute the decryption key, d, such that ed-1 is exactly divisible by z. That is ed mod z = 1 or d=e-1 mod z

1. Choose two large prime numbers p, q. (e.g., 1024 bits each)

2. Compute n = pq, z = (p-1)(q-1)

10

RSA Example:RSA Example:

Now Alice chooses p=5, q=7. Then n=35, z=24.e=5 (so e, z relatively prime).d=29 (so ed-1 exactly divisible by z).

bit pattern m me c = m mod ne

00001100 12 24832 17encrypt:

Encrypting 8-bit messages.

Consider that Alice wants to a message whose equivalent binary bit pattern is 00001100 to Alice

Given 00001100=12 as plaintext, Alice send its ciphertext 17 to Bob

11

RSA Example:RSA Example:

c m = c mod nd

17 481968572106750915091411825223071697 12

cddecrypt:

Now at the receiver end Bob receives 17 as the ciphertext. Then Bob decrypt the ciphertext to recover the plaintext.

Upon receiving 17 as ciphertext Bob decrypts it to recover the plaintext 00001100=12

RSA ExampleRSA Example

13

Why does RSA work?Why does RSA work? We have to show that cd mod n = m , where c = me mod n Now we know that: for any x and y

xy mod n = x(y mod z) mod n , where n= pq and z = (p-1)(q-1)

Then cd mod n = (me mod n)d mod n [ as c = me mod n ]

= med mod n = m(ed mod z) mod n [For d we have ed mod z =1]

= m1 mod n

= m

14

Attacks Against RSAAttacks Against RSA There are a number of attacks against plain RSA as described

below: When encrypting with low encryption exponents (e.g., e = 3)

and small values of the m, ciphertexts can be easily decrypted If the same clear text message is sent to bob or more recipients

and the receivers share the same exponent e, but different p, q, and n, then it is easy to decrypt the original clear text message via the Chinese remainder theorem

It is vulnerable to chosen plaintext attack.

ReferencesReferences http://en.wikipedia.org/wiki/ Applied Cryptography by Bruce Schneier; 10th Anniversary

edition

16

Md. Shakhawat HossainStudent of Department of Computer Science & EngineeringUniversity of RajshahiE-mail: mshimul86@gmail.com