RSA

Public Key Cryptosystem

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 1

Introduction
• After Whitfield Diffie and Martin Hellman introduced public-key cryptography (Diffie
Hellman Algorithm) in 1976, a new branch of cryptography suddenly opened up.

• In 1977, Ronald Rivest, Adi Shamir and Leonard Adleman proposed a scheme at MIT
known as RSA.
• General Information
◦ best known & widely used asymmetric cryptographic scheme
◦ can be used to provide both secrecy & digital signatures
◦ based on exponentiation in a finite field over integers
◦ modulo a prime, using large integers (e.g.,2048 bits)

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 2

RSA Key Setup
•

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 3

RSA Key Setup
•

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 4

RSA Encryption
•

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 5

RSA Decryption
•

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 6

RSA Example - Key Setup
•

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 7

RSA Example - En/Decryption
• The sample RSA private/public operations are:
◦ Given message P = 88 (note that 88<187)

◦ Encryption is:
◦ C = 887 mod 187
= 88(3+3+1) mod 187
=(883 mod 187)(883 mod 187)(88 mod 187) mod 187
= (44 * 44 *88) mod 187
= 11

◦ Decryption is:
◦ P = 1123 mod 187 = 88

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 8

Greatest Common Divisor (GCD)
• a common problem in number theory
• GCD (a,b) of a and b is
◦ the largest number that divides evenly into both a and b
◦ e.g., GCD(60,24) = 12
• often want no common factors (except 1)
◦ e.g., GCD(8,15) = 1
• these numbers are then relatively prime
◦ hence 8 & 15 are relatively prime

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 9

Euclidean Algorithm
• an efficient way to find the GCD(a,b)
• uses theorem that:
◦ GCD(a,b) = GCD(b, a mod b)
• Euclidean Algorithm to compute GCD(a,b) is:

◦ EUCLID(a,b)
◦ 1. A = a; B = b
◦ 2. if B = 0 return else A = gcd(a, b)
◦ 3. R = A mod B
◦ 4. A = B
◦ 5. B = R
◦ 6. goto 2

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 10

Example GCD(1970,1066)
1970 = 1 x 1066 + 904 gcd(1066, 904)
1066 = 1 x 904 + 162 gcd(904, 162)
904 = 5 x 162 + 94 gcd(162, 94)
162 = 1 x 94 + 68 gcd(94, 68)
94 = 1 x 68 + 26 gcd(68, 26)
68 = 2 x 26 + 16 gcd(26, 16)
26 = 1 x 16 + 10 gcd(16, 10)
16 = 1 x 10 + 6 gcd(10, 6)
10 = 1 x 6 + 4 gcd(6, 4)
6 = 1 x 4 + 2 gcd(4, 2)
4 = 2 x 2 + 0 gcd(2, 0)
Hence, gcd(1970,1066) = 2

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 11

Finding Inverses – Extended Euclidean
algorithm
•

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 12

•

Q A1 A2 A3 B1 B2 B3
— 1 0 160 0 1 7

22 0 1 7 1 -22 6
1 1 -22 6 -1 23 1

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 13

• calling Extended_Euclid(49, 37)

Q A1 A2 A3 B1 B2 B3
— 1 0 49 0 1 37

1 0 1 37 1 -1 12
3 0 1 12 -3 4 1

• Hence 37-1 mod 49 = 4 OR 37-1 4 mod 49

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 14

Inverse of 550 in modulus 1759
•
Q A1 A2 A3 B1 B2 B3
— 1 0 1759 0 1 550

3 0 1 550 1 –3 109
5 1 –3 109 –5 16 5
21 –5 16 5 106 –339 4

1 106 –339 4 –111 355 1

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 15

Inverse of 49 in modulus 37
• calling Extended_Euclid(37, 49)
Q A1 A2 A3 B1 B2 B3
— 1 0 37 0 1 49
0 0 1 49 1 0 37
1 1 0 37 -1 1 12
3 -1 1 12 4 -3 1
• Hence 49-1 mod 37 = -3
• But, -3 (mod 37)  34 (mod 37). Hence,
• 34 = 49-1 mod 37

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 16

Text Example: RSA Key Setup
•

a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 17

Inverse of 3 in modulus 17680
•

Q A1 A2 A3 B1 B2 B3
— 1 0 17680 0 1 3
5893 0 1 3 1 -5893 1

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 18

Decryption
•

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 19

Encryption-Decryption
•

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 20

Conti…
•

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 21

Another Text Example – Block Size 3
•

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 22

Decryption
•

(4978)^2 mod 17947 = 13624 (4978)^4 mod 17947 = 5502 (4978)^8 mod 17947= 13362
(4978)^16 mod 17947 = 6288 (4978)^64 mod 17947 = 10742 (4978)^512 mod 17947 = 16375
(4978)^1024 mod 17947 = 12445 (4978)^2048 mod 17947 = 13362 (4978)^8192 mod 17947 = 1703

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 23

Recover Plaintext
• 4847%26 == 11 (L) Quotient=186
• 186%26 == 4 (E) Quotient=7
• 7%26 == 7 (H) !!!!!

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 24

RSA Key Generation
• The users of RSA must
◦ determine two primes at random - p, q
◦ select either e or d and compute the other

• primes p,q must not be easily derived from modulus n=p.q

◦ means must be sufficiently large
◦ typically guess and use probabilistic test

• exponents e, d are inverses, so use inverse algorithm to compute the other

◦ So, the basic operation involved, in either case, is
◦ modular exponentiation
◦ Use binary left-to-right or square-and-multiply method

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 25

Computational complexity: Exponentiation
• The Square and Multiply Algorithm
◦ a fast, efficient algorithm for exponentiation
◦ also known as
◦ exponentiation by squaring OR
◦ Binary exponentiation OR
• concept is based on repeatedly squaring the base
◦ and multiplying in the ones that are needed to compute the result
• can be formally defined as
◦ Power (x,n) = x if n=1
Power(x2, n/2) if n = even
x . Power(x2, (n-1)/2) if n = odd

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 26

Computational complexity: Exponentiation
• The Square and Multiply Algorithm
• Algorithm for Computing: ab mod n
• The integer b is expressed as a binary number bkbk1 ... b0
Algorithm Square_Multiply( , )
• c = 0; f = 1
• for i = k down to 0
◦ do c = 2 * c
◦ f = (f * f) mod n
◦ if bi == 1 then
◦ c=c+1
◦ f = (f x a) mod n
• return f

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 27

Result of Square and Multiply Algorithm
• where a = 7, b = 560 = 1000110000, n = 17947

• bi = 1000110000

I 9 8 7 6 5 4 3 2 1 0
bi 1 0 0 0 1 1 0 0 0 0
c 1 2 4 8 17 35 70 140 280 560
f 7 49 157 526 160 241 298 166 67 1

• Result ab mod n = 7560 mod 561 = 1 (final return value of f)

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 28

Result of Square and Multiply Algorithm
• where a = 4978, b = 11787 = 10111000001011, n = 17947
• bi= 10111000001011

I 13 12 11 10 9 8 7 6 5 4 3 2 1 0
bi 1 0 1 1 1 0 0 0 0 0 1 0 1 1
c 1 2 5 11 23 46 92 184 368 736 1473 2946 5893 1178
7
f 4978 1362 1834 2489 1310 786 7598 1205 5633 393 1558 1454 2358 4847
4 0 2 9 1

• Result ab mod n = 497811787 mod 17947 = 4847 (final return value of f)

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 29

Text Example: RSA Key Setup
• Consider the text grouping in the groups of three i.e.
◦ ATTACKXATXSEVEN = ATT ACK XAT XSE VEN

• Represent the blocks in base 26 using A=0, B=1, C=2…..

◦ ATT = 0 * 262 + 19 * 261 + 19 = 513
◦ ACK = 0 * 262 + 2 * 261 + 10 = 62
◦ XAT= 23 * 262 + 0 * 261 + 19 = 15567
◦ XSE= 23 * 262 + 18 * 261 + 4 = 16020
◦ VEN = 21 * 262 + 4 * 261 + 13 = 14313

• Next issue is designing the cryptosystem – selecting the parameters.

• What should be the value of n ?

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 30

Text Example: RSA Key Setup
• The value of n should be greater than 17575. How & why ?
◦ 0≤m<n (Here maximum value of message can ZZZ = 25 * 262 + 25 * 261 + 25 = 17575
• Let p = 137 and q = 131; so that n = pq = 17947

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 31

Text Example: RSA Key Setup
• Compute phi value
◦ ø(n)=(p–1)(q-1)=136 x 130=17680

• Select encryption parameter

◦ e: gcd(e,17680)=1; choose e=3

• Determine decryption parameter

◦ d: de=1 mod 17680 and d < 17680

• Value is d=11787 since 3-1 mod 17680 = 11787

• Publish public key PU={3,17947}
• Keep secret private key PR={11787,17947}

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 32

Text En/Decryption using RSA
• The sample RSA private/public operations are:
◦ Given message M = ATT = 513

◦ Overall the plaintext is represented as the set of integers m

◦ {513,62,15567,16020,14313}
◦ Encryption is
◦ C = 5133 mod 17947 (me mod n)
= 8363
◦ Overall the Ciphertext is represented as the set of integers m
◦ {8363,5017,11884,9546,13366}
◦ Decryption is
M = 836311787 mod 17947 (cd mod n)
=513

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 33

Complexity of operations in RSA

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 34

RSA Challenge
number digits prize factored
RSA-100 100 Apr. 1991
RSA-110 110 Apr. 1992
RSA-120 120 Jun. 1993
RSA-129 129 $100 Apr. 1994
RSA-130 130 Apr. 10, 1996
RSA-140 140 Feb. 2, 1999
RSA-150 150 Apr. 16, 2004
RSA-155 155 Aug. 22, 1999
RSA-160 160 Apr. 1, 2003
RSA-200 200 May 9, 2005
RSA-576 174 $10,000 Dec. 3, 2003
RSA-640 193 $20,000 Nov. 4, 2005
RSA-704 212 $30,000 open
RSA-768 232 $50,000 open
RSA-896 270 $75,000 open
RSA-1024 309 $100,000 open
RSA-1536 463 $150,000 open
RSA-2048 617 $200,000 open

DR. REEMA PATEL, IS-2019, B.TECH, CE/ICT, SOT, PDPU 35