RSA

Февраль 11, 2021

Содержание

2. Prime Numbers An integer p is a prime number if it has no factors other than
3. Factorisation Given an integer n, there is an efficient algorithm to determine whether n is composite
4. The fastest factorisation algorithm at the moment is called the “Number Field Sieve” but even this
5. Important to Note: Determining whether a large number is prime or composite is easy; Multiplying 2
6. Fermat’s Little Theorem If p is a prime number and a is any number between 1
7. Solving a problem Suppose I have a prime number p; a number m between 1 and
8. Yes you can if you take the following steps: Find a number d such that e*d=1
9. Why does that work? We found d such that e*d = 1 mod p-1 That means
10. 2. We computed cd mod p But cd = (me)d mod p = med mod p
11. This works because of Fermat’s Little Theorem. We know that since p is a prime we
12. Why doesn’t it work? In general an-1 ≠ 1 mod n if n is not prime.
13. Finding r In order to find r such that ar = 1 mod n, you have
14. Important to note now: It is easy to determine whether a large number is prime or
15. Given e (co-prime with r), it is easy to determine d such that (e*d) =1 mod
16. This is the basis of the RSA public key cryptosystem. The holder of the public key
17. RSA – Key Generation Bob generates two large primes p and q (each with approx. 100
18. He computes the private key d by solving the equation (e*d) =1 mod r. He can
19. RSA - Encryption Alice wishes to send Bob a message m. She takes the following steps:
20. RSA - Decryption Bob receives the value c from Alice. He decrypts it using his private
22. Скачать презентацию

Слайд 2

Prime Numbers
An integer p is a prime number if it has no

factors other than 1 and itself.
An integer which is greater than 1 and not a prime number is said to be composite.
Thus given a composite number c we know that c=r*s for some non-trivial integers r and s.

Слайд 3

Factorisation
Given an integer n, there is an efficient algorithm to determine whether

n is composite or prime.
However determining the factors of a large composite number is a very hard problem.
Known as the factorisation problem – this is the basis of the RSA cryptosystem.

Слайд 4

The fastest factorisation algorithm at the moment is called the “Number Field

Sieve” but even this is not all that efficient.
To find the factors of a composite number n which is the product of 2 large primes, and has about 640 binary bits (approximately 200 decimal digits) is an impossible task even if you could use all of the computing power in the world!

Слайд 5

Important to Note:
Determining whether a large number is prime or composite is

easy;
Multiplying 2 large numbers together is easy;
Factorising a large number which is the product of 2 large primes (i.e. retrieving the original prime factors) is very difficult.

Слайд 6

Fermat’s Little Theorem
If p is a prime number and a is any

number between 1 and p-1 inclusive, then

ap-1 mod p = 1

This is not true in general, which gives us a method to decide if a given number n is prime or composite.

Слайд 7

Solving a problem
Suppose I have
a prime number p;
a number m between

1 and p-1 inclusive;
another number e also between 1 and p-1;
And I compute
c = me mod p
If I give you c,e and p can you find m?

Слайд 8

Yes you can if you take the following steps:
Find a number d

such that e*d=1 mod p-1
Compute cd mod p = m

Слайд 9

Why does that work?
We found d such that e*d = 1 mod

p-1
That means that e*d – 1 = k(p-1) for some value of k.
Or

ed = k(p-1) +1

Слайд 10

2. We computed cd mod p
But cd = (me)d mod p
=

med mod p
= mk(p-1) +1 mod p
= mk(p-1) * m mod p
= 1*m mod p
= m mod p

Слайд 11

This works because of Fermat’s Little Theorem.
We know that since p is

a prime we have
ap-1=1 mod p for all a and so
ck(p-1) = 1 mod p leaving us with the answer m in step 2.
BUT if the modulus is not a prime number then the method doesn’t work.

Слайд 12

Why doesn’t it work?
In general an-1 ≠ 1 mod n if n

is not prime.
We could make the method for finding m work if we knew the number r such that
ar = 1 mod n
If a and n are co-prime then there will be such a number r and there is a way to find it

Слайд 13

Finding r
In order to find r such that ar = 1 mod

n, you have to be able to factorise n and find all of its prime factors.
If n = p*q where p and q are primes then
r = (p-1)*(q-1)

Слайд 14

Important to note now:
It is easy to determine whether a large number

is prime or composite.
It is easy to compute the product of two large primes n = p*q.
Setting r = (p-1)*(q-1) we have
mr = 1 mod n
for all m co-prime with n.

Слайд 15

Given e (co-prime with r), it is easy to determine d such

that
(e*d) =1 mod r
It is easy to compute me mod n
If c=me mod n then m=cd mod n and it is easy to compute cd mod n if you know d.
You can only find d if you can find r and you can only find r if you can factorise n.
Factorising n is hard.

Слайд 16

This is the basis of the RSA public key cryptosystem. The holder

of the public key knows p and q and therefore he/she can find r and therefore d and can compute cd mod n to find m.
No-one else knows p and q, so they cannot find r or d and so they cannot recover m.
There is no known way to recover m which is not equivalent to factorising n.

Слайд 17

RSA – Key Generation
Bob generates two large primes p and q (each

with approx. 100 decimal digits).
He computes n = p*q
He computes r = (p-1)*(q-1)
He chooses a random number e which is between 1 and r which has no factor in common with r.

Слайд 18

He computes the private key d by solving the equation (e*d) =1

mod r.
He can now carefully dispose of the values of p, q and r.
Bob keeps d private but publishes the value of the pair (e,n). This is his public key.