Cryptography and Network Security

RSA

RSA 1 / 15
Public Key Cryptography

One of the biigest drawbacks of Symmetric key cryptography is that

communicating parties has to share the secret key securely. Public
key cryptography solve this problem.

Public Key Cryptography relies on trapdoor one way functions.

One-way: Easy to compute in the forward direction but hard to invert.

Trapdoor one-way: Easy to invert given a trapdoor.

Usually in PKC there are two keys, one is public (encryption key,
known to all) and other is private key (descryption key, known only to
the receiver).
The private key forms the trapdoor.

RSA 2 / 15
Structure of Public key Cryptosystem

RSA 3 / 15
Applications of PKC:

Secure Communication (Encryption/Decryption)

Digital Signature
Key Exchange

RSA 4 / 15
Common Cryptanalysis of PKC schemes:

As with symmetric encryption, a public-key encryption scheme is

vulnerable to a brute-force attack. The countermeasure is the same:
Use large keys. But this makes encryption and decryption impractical
(increase in time).
Thus, the key size must be large enough to make brute-force attack
impractical but small enough for practical encryption and decryption.
In general public key cryptosystem is slow in terms of computing
encryption/decryption process.
If one knows the probable message in advance, Attacker can find out
the encryption of all probable messages in advance. By matching the
ciphertext, he can get the corresponding plaintext.

RSA 5 / 15
RSA Cryptosystem Designed by Rivest, Shamir, Adleman at MIT in 1977

Suppose Alice and Bob wants to communicate securely.

Bob will generate two primes, say p and q and compute n = pq.
Bob choose e, such that gcd(e, (n)) = gcd(e, (p 1)(q 1)) = 1.
Then Bob computes d such that de 1 mod((n)) (this is possible, why?)
Bob make (e, n) public. This is his public key. His private key is (d, n)

RSA 6 / 15
RSA Cryptosystem Designed by Rivest, Shamir, Adleman at MIT in 1977

Suppose Alice and Bob wants to communicate securely.

Bob will generate two primes, say p and q and compute n = pq.
Bob choose e, such that gcd(e, (n)) = gcd(e, (p 1)(q 1)) = 1.
Then Bob computes d such that de 1 mod((n)) (this is possible, why?)
Bob make (e, n) public. This is his public key. His private key is (d, n)

Suppose Alice want to send the message m to Bob. She will compute
c = me mod(n) and send it to Bob.

On receiving c, Alice will compute c d mod(n) = m, to retrieve the message m.

RSA 6 / 15
Correctness of RSA

We have to check that c d mod(n) = m.

c d mod(n) = (me )d mod(n) = med mod(n).
But de 1 mod ((n)) = de = 1 + k(n) for some k.
this implies c d = m1+k(n) = m.mk(n) , where (n) = (p 1)(q 1)
this implies m(n) = m(p1)(q1) = (mp1 )(q1) 1 mod(p) (using
Fermats Theorem)
also m(n) = m(p1)(q1) = (mq1 )(p1) 1 mod(q).
Now using Chinese Remainder Theorem, we have m(n) 1 mod(pq)
thus c d m mod(n)

RSA 7 / 15
Example
Let Bob selects p = 17 and q = 11, then n = 17.11 = 187.
He computes (187) = (17 1)(11 1) = 160
and select e = 7 such that gcd(7, 160) = 1.
Then he computes d = 23, such that de 1 mod(160) (how you can do so?)
Then he publish (7, 187) as his public key
and kept (23, 187) as his private key.
Suppose Alice want to send her the message 88(< 187), she will compute
887 mod(187) = 11 and send it to Bob.

RSA 8 / 15
Example
Let Bob selects p = 17 and q = 11, then n = 17.11 = 187.
He computes (187) = (17 1)(11 1) = 160
and select e = 7 such that gcd(7, 160) = 1.
Then he computes d = 23, such that de 1 mod(160) (how you can do so?)
Then he publish (7, 187) as his public key
and kept (23, 187) as his private key.
Suppose Alice want to send her the message 88(< 187), she will compute
887 mod(187) = 11 and send it to Bob.

RSA 8 / 15
Bob on receiving 11, compute 1123 mod(187) = 88 to retrieve the original
message.

RSA 9 / 15
Bob on receiving 11, compute 1123 mod(187) = 88 to retrieve the original
message.

Note that we have to find numerical equivalent of our message to convert

it into ciphertext. If the message is too long, we will break it into blocks,
such that numeriacl equivalent of each block is less than n.

RSA 9 / 15
RSA 10 / 15
Breaking plaintext into blocks

RSA 11 / 15
Example

RSA 12 / 15
Security of RSA

Knowing the public key (e, n), at attacker can try the following:
1 Find descryption key d.
2 Find (n).
3 Find the prime factors p and q.
4 But this can be shown that all three approaches are equivalent, i.e.
Find d Finding (n)
Finding (n) Finding facotrs p and q.
But there is no easy way to find out prime factorization.

RSA 13 / 15
Show that E(m1 , e).E(m2 , e) = E(m1 .m2 , e)
E(m1 .m2 , e) = (m1 m2 )e mod(n) = m1 e mod(n)m2 e mod(n) =
E(m1 , e).E(m2 , e)

RSA 14 / 15
Chosen CipherText Attack on RSA

Under CCA, adversary can get the plaintext corresping to any ciphertext,
except the ciphertext, that he want to decrypt.
Suppose an Adversary is intrested in decryption the ciphertext C ,
corresponding to the message M.
So he is allowed to get plaintext of any ciphertext, except C .
He will query with the ciphertext X = C .2e = M e .2e = (M.2)e . And get
the corresponding plaintext say Y = X d mod(n).
But we already know Y = M.2, get M from Y .

RSA 15 / 15