Cryptography: Joining the RSA Cryptosystem Greg Plaxton Theory in - - PowerPoint PPT Presentation

cryptography joining the rsa cryptosystem
SMART_READER_LITE
LIVE PREVIEW

Cryptography: Joining the RSA Cryptosystem Greg Plaxton Theory in - - PowerPoint PPT Presentation

Nov 29, 2023 170 likes •266 views

Cryptography: Joining the RSA Cryptosystem Greg Plaxton Theory in Programming Practice, Spring 2004 Department of Computer Science University of Texas at Austin Joining the RSA Cryptosystem: Overview First, Bob randomly chooses two large

slide-1
SLIDE 1

Cryptography: Joining the RSA Cryptosystem

Greg Plaxton Theory in Programming Practice, Spring 2004 Department of Computer Science University of Texas at Austin

slide-2
SLIDE 2

Joining the RSA Cryptosystem: Overview

  • First, Bob randomly chooses two large (e.g., 512-bit) primes p and q
  • Then, Bob computes n = pq, φ(n) = (p − 1)(q − 1), and a positive

integer d < n such that d and φ(n) are relatively prime – In particular, any prime exceeding max(p, q) (and less than n) is a valid choice for d

  • Then, Bob computes e such that de is congruent to 1 modulo φ(n)
  • Bob’s public key is (e, n) and Bob’s private key is (d, n)
  • We will discuss each of these steps in greater detail in the slides that

follow

Theory in Programming Practice, Plaxton, Spring 2004

slide-3
SLIDE 3

Primality Testing

  • Surprisingly, there exist efficient (and polynomial time) algorithms for

“primality testing”, that is, for determining whether a given integer n is prime or composite

  • These algorithms do not work by factoring, since no efficient algorithms

are known for factoring

  • Miller gave the first polynomial-time primality testing algorithm in 1976

– His work yields gives an efficient randomized algorithm – In fact, it yields a deterministic algorithm suvject to the extended Riemann hypothesis

  • In a theoretical breakthrough, the first deterministic polynomial-time

algorithm for primality testing was discovered in 2002 by Agrawal, Kayal, and Saxena – Still, the primality testing algorithms used in practice are randomized, since they are faster (on average)

Theory in Programming Practice, Plaxton, Spring 2004

slide-4
SLIDE 4

Prime Number Theorem

  • Prime number theorem: As n tends to infinity, the fraction of the first

n positive integers that are prime tends to

1 ln n

  • For example, about a .002818 fraction of the numbers less than 2512

are prime, and about a .002823 fraction of the numbers less than 2511 are prime – Thus, about a .002813 fraction of 512-bit numbers (i.e., with leading 1 bit in bit position 511, indexing from 0), or about one in 355.5, is prime – So if we pick a set S of a few thousand 512-bit numbers independently and uniformly at random, we are overwhlemingly likely to pick at least one prime – We can use an efficient primality test to find a prime in S – We can make this approach more efficient by, e.g., picking only odd 512-bit numbers

Theory in Programming Practice, Plaxton, Spring 2004

slide-5
SLIDE 5

Joining the RSA Cryptosystem: Implementation

  • Given that we’ve seen how to generate random large primes, we now

know how to compute p, q, and d – Of course, p and q also give us n = pq and φ(n) = (p − 1)(q − 1)

  • All that is left is to compute e such that de is congruent to 1 modulo

φ(n) – We will compute e using the extended Euclid algorithm, as discussed

  • n the next slide

Theory in Programming Practice, Plaxton, Spring 2004

slide-6
SLIDE 6

Joining the RSA Cryptosystem: Computation of e

  • Recall that given nonnegative integers x and y (at least one of which

is nonzero), the extended Euclid algorithm calculates a and b such that ax + by = gcd(x, y)

  • Set x to d and y to φ(n)
  • Since d and φ(n) are relatively prime, gcd(d, φ(n)) = 1
  • Thus, the extended Euclid algorithm gives us a and b such that

ad + bφ(n) = 1

  • Hence ad is congruent to 1 modulo φ(n)
  • So we can just set e to the unique integer in {0, . . . , φ(n) − 1} that is

congruent to a modulo φ(n)

Theory in Programming Practice, Plaxton, Spring 2004

slide-7
SLIDE 7

Joining the RSA Cryptosystem: Example

  • Suppose we choose primes p = 47 and q = 59 (in practice, we would

much larger primes)

  • Then n = 47 · 59 = 2773 and φ(n) = 46 · 58 = 2668
  • Now suppose we choose d = 157

– Note that 157 is a prime greater than p and q and hence is relatively prime to φ(n)

  • Running the extended Euclid algorithm with x = 157 and y = 2668

yields e = 17

  • Bob’s public key is (17, 2773) and his private key is (157, 2668)

Theory in Programming Practice, Plaxton, Spring 2004

slide-8
SLIDE 8

RSA Encryption and Decryption

  • Next time we’ll see how to use Bob’s public key to encrypt messages

sent to Bob

  • We’ll also see how Bob uses his private key to decrypt these messages

Theory in Programming Practice, Plaxton, Spring 2004