lecture6 rsa

Lecture 5 Overview

Does DES Work?

• Differential Cryptanalysis Idea– Use two plaintext that barely differ– Study the difference in the corresponding cipher

text– Collect the keys that could accomplish the change– Repeat

2CS 450/650 – Lecture 5: DES

Cracking DES

• Diffie and Hellman then outlined a "brute force" attack on DES– By "brute force" is meant that you try as many of

the 256 possible keys as you have to before decrypting the ciphertext into a sensible plaintext message

– They proposed a special purpose "parallel computer using one million chips to try one million keys each" per second


Cracking DES (cont.)

• In 1998, Electronic Frontier Foundation spent $220K and built a machine that could go through the entire 56-bit DES key space in an average of 4.5 days– On July 17, 1998, they announced they had

cracked a 56-bit key in 56 hours– The computer, called Deep Crack• used 27 boards each containing 64 chips• was capable of testing 90 billion keys a second


Cracking DES (cont.)

• In early 1999, Distributed. Net used the DES Cracker and a worldwide network of nearly 100K PCs to break DES in 22 hours– combined they were testing 245 billion keys per second

• This just serves to illustrate that any organization with moderate resources can break through DES with very little effort these days


Double DES

• E(k1, E(k2, M) )

– As strong as 57-bit key !

– Given message M and ciphertext c– Encrypt M with all possible keys• 256 steps

– Decrypt c with all possible keys and match Ms

• 256 steps

CS 450/650 Fundamentals of Integrated Computer Security 6

Triple DES – Two keys

• E(k1, D(k2, E(k1, M) ) )

• The first key is used to DES-encrypt the message• The second key is used to DES-decrypt the encrypted

message– Since the second key is not the right key, this decryption

just scrambles the data further

• The twice-scrambled message is then encrypted again with the first key to yield the final ciphertext

• As strong as 80-bit key !7CS 450/650 – Lecture 5: DES

Triple DES – Three keys

• E(k3, D(k2, E(k1, M) ) )

• The first key is used to DES-encrypt the message• The second key is used to DES-decrypt the encrypted

message– Since the second key is not the right key, this decryption

just scrambles the data further

• The twice-scrambled message is then encrypted with the third key to yield the final ciphertext

• As strong as 112-bit key !8CS 450/650 – Lecture 5: DES

Analysis of Algorithms

• Algorithms– Time Complexity– Space Complexity

• An algorithm whose time complexity is bounded by a polynomial is called a polynomial-time algorithm– An algorithm is considered to be efficient if it runs

in polynomial time.

CS 450/650 Lecture 5: Algorithm Background 9

Growth Rate T(n) = O(f(n)): T is bounded above by f

The growth rate of T(n) <= growth rate of f(n)

T(n) = Ω (g(n)): T is bounded below by g

The growth rate of T(n) >= growth rate of g(n)

T(n) = Θ(h(n)): T is bounded both above and below by h

The growth rate of T(n) = growth rate of h(n)

T(n) = o(p(n)): T is dominated by p

The growth rate of T(n) < growth rate of p(n)

10CS 450/650 Lecture 5: Algorithm Background

Time Complexity C O(n) O(log n) O(nlogn) O(n2) … O(nk)

O(2n) O(kn) O(nn)


Polynomial

Exponential

P, NP, NP-hard, NP-complete• A problem belongs to the class P if the problem can be

solved by a polynomial-time algorithm

• A problem belongs to the class NP if the correctness of the problem’s solution can be verified by a polynomial-time algorithm

• A problem is NP-hard if it is as hard as any problem in NP

– Existence of a polynomial-time algorithm for an NP-hard problem implies the existence of polynomial solutions for every problem in NP

• NP-complete problems are the NP-hard problems that are also in NP


Relationships between different classes

NP

P

NP-complete

NP-hard


Partitioning Problem

• Given a set of n integers, partition the integers into two subsets such that the difference between the sum of the elements in the two subsets is minimum– NP-complete

13, 37, 42, 59, 86, 100


Sum 165 17286 10042 5937 13

Bin Packing Problem

• Suppose you are given n items of sizes

s1, s2,..., sn

• All sizes satisfy 0 ≤ si ≤ 1

• The problem is to pack these items in the fewest number of bins, – given that each bin has unit capacity– NP-hard


Lecture 6

RSA

CS 450/650

Fundamentals of

Integrated Computer Security

Slides are modified from Hesham El-Rewini

RSA

• Invented by Cocks (GCHQ), independently, by Rivest, Shamir and Adleman (MIT)

• Two keys e and d used for Encryption and Decryption– The keys are interchangeable • M = D(d, E(e, M) ) = D(e, E(d, M) )

– Public key encryption

• Based on problem of factoring large numbers– Not in NP-complete– Best known algorithm is exponential

17CS 450/650 Lecture 6: RSA

RSA

• To encrypt message M compute– c = Me mod N

• To decrypt ciphertext c compute– M = cd mod N


• Let p and q be two large prime numbers• Let N = pq

• Choose e relatively prime to (p−1)(q−1)– a prime number larger than p-1 and q-1

• Find d such that ed mod (p−1)(q−1) = 1

Key Choice


RSA

• Recall that e and N are public

• If attacker can factor N, he can use e to easily find d – since ed mod (p−1)(q−1) = 1

• Factoring the modulus breaks RSA• It is not known whether factoring is the only

way to break RSA


Does RSA Really Work?

• Given c = Me mod N we must show – M = cd mod N = Med mod N

• We’ll use Euler’s Theorem– If x is relatively prime to N then xϕ(N) mod N =1• ϕ(n): number of positive integers less than n that are

relatively prime to n.• If p is prime then, ϕ(p) = p-1


Does RSA Really Work?

• Facts: – ed mod (p − 1)(q − 1) = 1– ed = k(p − 1)(q − 1) + 1 by definition of mod– ϕ(N) = (p − 1)(q − 1)– Then ed − 1 = k(p − 1)(q − 1) = kϕ(N)

• Med = M(ed-1)+1 = M⋅Med-1 = M⋅Mkϕ(N)

= M⋅(Mϕ(N)) k mod N = M⋅1 k mod N

= M mod N 22CS 450/650 Lecture 6: RSA

Example

• Select primes p=11, q=3.• N = p* q = 11*3 = 33

• Choose e = 3

• check gcd(e, p-1) = gcd(3, 10) = 1 – i.e. 3 and 10 have no common factors except 1

• check gcd(e, q-1) = gcd(3, 2) = 1• therefore gcd(e, (p-1)(q-1)) = gcd(3, 20) = 1


Example (cont.)

• p-1 * q-1 = 10 * 2 = 20 • Compute d such that

e * d mod (p-1)*(q-1) = 1

3 * d mod 20 = 1

d = 7

Public key = (N, e) = (33, 3)

Private key = (N, d) = (33, 7)


Example (cont.)

• Now say we want to encrypt message m = 7

• c = Me mod N = 73 mod 33 = 343 mod 33 = 13– Hence the ciphertext c = 13

• To check decryption, we compute

M' = cd mod N = 137 mod 33 = 7


More Efficient RSA

• Modular exponentiation example– 520 = 95367431640625 = 25 mod 35

• A better way: repeated squaring – Note that 20 = 2 ⋅ 10, 10 = 2 ⋅ 5, 5 = 2 ⋅ 2 + 1, 2 = 1⋅ 2– 51= 5 mod 35– 52= (51) 2 = 52 = 25 mod 35– 55= (52) 2 ⋅ 51 = 252 ⋅ 5 = 3125 = 10 mod 35– 510 = (55) 2 = 102 = 100 = 30 mod 35– 520 = (510) 2 = 302 = 900 = 25 mod 35

• No huge numbers and it’s efficient!

CS 450/650 Lecture 6: RSA 26

RSA key-length strength

• RSA has challenges for different key-lengths– RSA-140• Factored in 1 month using 200 machines in 1999

– RSA-155 (512-bit)• Factored in 3.7 months using 300 machines in 1999

– RSA-160• Factored in 20 days in 2003

– RSA-200• Factored in 18 month in 2005

– RSA-210, RSA-220, RSA-232, … RSA-204827CS 450/650 Lecture 6: RSA

Group Work

Find keys d and e for the RSA cryptosystem with p = 7 and q = 11

Solution– p*q = 77– (p-1) * (q-1) = 60– e = 37– d = 13– n = 13 * 37 = 481 = 1 mod 60


lecture6 rsa

Engineering