Friday, June 26, 2015

Introduction to Public Key Cryptography and RSA Encryption

Cryptographically secure pseudorandom number g...
Cryptographically secure pseudorandom number generator (Photo credit: Wikipedia)
Cryptography

The art of protecting information by transforming it (encrypting it) into an unreadable format, called cipher text. Only those who possess a secret key can decipher (or decrypt) the message into plain text. Encrypted messages can sometimes be broken by cryptanalysis, also called code breaking, although modern cryptography techniques are virtually unbreakable.

Cryptography systems can be broadly classified into:-

1. Symmetric-key Cryptography(or Secret Key Cryptography):-systems that use a single key that both the sender and recipient have.

2. Public-key Cryptography:-systems that use two keys, a public key known to everyone and a private key that only the recipient of messages uses.

3. Hash Functions: Uses a mathematical transformation to irreversibly "encrypt" information

See the Picture below :-

[Image: crypto_types.gif]

Today I will discuss with you Public Key Cryptography by taking RSA Encryption as an example:-

Public-Key Cryptography(PKC)

Public-key cryptography has been said to be the most significant new development in cryptography.Modern PKC was first described publicly by Stanford University professor Martin Hellman and graduate student Whitfield Diffie in 1976. Their paper described a two-key crypto system in which two parties could engage in a secure communication over a non-secure communications channel without having to share a secret key.

PKC depends upon the existence of so-called one-way functions, or mathematical functions that are easy to compute whereas their inverse function is relatively difficult to compute. Let me give you two simple examples:

Multiplication vs. factorization: Suppose I tell you that I have two prime numbers, 3 and 7, and that I want to calculate the product; it should take almost no time to calculate that value, which is 21. Now suppose, instead, that I tell you that I have a number, 21, and I need you tell me which pair of prime numbers I multiplied together to obtain that number. You will eventually come up with the solution but whereas calculating the product took milliseconds, factoring will take longer. The problem becomes much harder if I start with primes that have 400 digits or so, because the product will have ~800 digits.

Exponentiation vs. logarithms: Suppose I tell you that I want to take the number 3 to the 6th power; again, it is relatively easy to calculate 36 = 729. But if I tell you that I have the number 729 and want you to tell me the two integers that I used, x and y so that logx 729 = y, it will take you longer to find the two values.
While the examples above are trivial, they do represent two of the functional pairs that are used with PKC; namely, the ease of multiplication and exponentiation versus the relative difficulty of factoring and calculating logarithms, respectively. The mathematical "trick" in PKC is to find a trap door in the one-way function so that the inverse calculation becomes easy given knowledge of some item of information.

Generic PKC employs two keys that are mathematically related although knowledge of one key does not allow someone to easily determine the other key. One key is used to encrypt the plaintext and the other key is used to decrypt the ciphertext. The important point here is that it does not matter which key is applied first, but that both keys are required for the process to work (Figure 1B). Because a pair of keys are required, this approach is also called asymmetric cryptography.

In PKC, one of the keys is designated the public key and may be advertised as widely as the owner wants. The other key is designated the private key and is never revealed to another party. It is straight forward to send messages under this scheme. Suppose Alice wants to send Bob a message. Alice encrypts some information using Bob's public key; Bob decrypts the ciphertext using his private key. This method could be also used to prove who sent a message; Alice, for example, could encrypt some plaintext with her private key; when Bob decrypts using Alice's public key, he knows that Alice sent the message and Alice cannot deny having sent the message.

Examples of PKC :-
  • RSA
  • Diffie-Hellman
  • Digital Signature Algorithm(DSA)
  • Elliptic Curve Cryptography (ECC)
  • ElGamal

RSA

The first, and still most common, PKC implementation, named for the three MIT mathematicians who developed it — Ronald Rivest, Adi Shamir, and Leonard Adleman. RSA today is used in hundreds of software products and can be used for key exchange, digital signatures, or encryption of small blocks of data. RSA uses a variable size encryption block and a variable size key. The key-pair is derived from a very large number, n, that is the product of two prime numbers chosen according to special rules; these primes may be 100 or more digits in length each, yielding an n with roughly twice as many digits as the prime factors. The public key information includes n and a derivative of one of the factors of n; an attacker cannot determine the prime factors of n (and, therefore, the private key) from this information alone and that is what makes the RSA algorithm so secure.

Algorithm of RSA:-

To generate the encryption and decryption keys, we can

proceed as follows.

1. Generate randomly two “large” primes 'p' and 'q'.

2. Compute 'n' = pq and 'φ' = (p − 1)*(q − 1).

3. Choose a number 'e' so that gcd(e, φ) = 1.

4. Find the multiplicative inverse of 'e' modulo 'φ', i.e., find d so that
    e*d ≡ 1 (mod φ).

This can be done efficiently using Euclid’s Ex-tended Algorithm.

The encryption public key is KE = (n, e) and the decryption private key is KD = (n, d).

The encryption function is :- E(M ) = M^e mod n.
The decryption function is :- D(M ) = M^d mod n.
These functions satisfy D(E(M )) = M and E(D(M )) = M ,for any 0 ≤ M < n.
 

Now Let's take an example which will clear the facts :-

P = 61 <- first prime number (destroy this after computing E and D)
Q = 53 <- second prime number (destroy this after computing E and D)
PQ = 3233 <- modulus (give this to others)
E = 17 <- public exponent (give this to others)
D = 2753 <- private exponent (keep this secret!)


Your public key is (E,PQ).
Your private key is D.

The encryption function is:

encrypt(T) = (T^E) mod PQ = (T^17) mod 3233

The decryption function is:

decrypt(C) = (C^D) mod PQ= (C^2753) mod 3233

To encrypt the plaintext value 123, we do this:

encrypt(123) = (123^17) mod 3233 = 337587917446653715596592958817679803 mod 3233 = 855

To decrypt the ciphertext value 855, we do this:

decrypt(855) = (855^2753) mod 3233= 123

One way to compute the value of 855^2753 mod 3233 is like this:

2753 = 101011000001 base 2,
therefore, 2753 = 1 + 2^6 + 2^7 + 2^9 + 2^11= 1 + 64 + 128 + 512 + 2048

Consider this table of powers of 855:

855^1 = 855 (mod 3233)
855^2 = 367 (mod 3233)
855^4 = 367^2 (mod 3233) = 2136 (mod 3233)
855^8 = 2136^2 (mod 3233) = 733 (mod 3233)
855^16 = 733^2 (mod 3233) = 611 (mod 3233)
855^32 = 611^2 (mod 3233) = 1526 (mod 3233)
855^64 = 1526^2 (mod 3233) = 916 (mod 3233)
855^128 = 916^2 (mod 3233) = 1709 (mod 3233)
855^256 = 1709^2 (mod 3233) = 1282 (mod 3233)
855^512 = 1282^2 (mod 3233) = 1160 (mod 3233)
855^1024 = 1160^2 (mod 3233) = 672 (mod 3233)
855^2048 = 672^2 (mod 3233) = 2197 (mod 3233)


Given the above, we can do like this:

855^2753 (mod 3233)
= 855^(1 + 64 + 128 + 512 + 2048) (mod 3233)
= 855^1 * 855^64 * 855^128 * 855^512 * 855^2048 (mod 3233)
= 855 * 916 * 1709 * 1160 * 2197 (mod 3233)
= 794 * 1709 * 1160 * 2197 (mod 3233)
= 2319 * 1160 * 2197 (mod 3233)
= 184 * 2197 (mod 3233)
= 123 (mod 3233)
= 123



References :

http://www.garykessler.net/library/crypto.html
http://plansoft.org/wp-content/uploads/knowledge/inne/RSA.pdf


Thank You. Hope you like this tutorial. Share it among your friends :)


0 comments :

Post a Comment

Follow Me!

Blog Archive

Followers

Visitor Map