Beruflich Dokumente
Kultur Dokumente
Project Report
on
Seminar Topic
RSA Cryptography
in partial fulfillment
for the award of the Degree of
Bachelors of Technology
in Department of Computer Science
Submitted To:
Submitted By:
Mohit Khandelwal
Charchit Taneja
Project In-charge
11EIACS026
CSE Department
CSE
IET Alwar
Candidates Declaration
I hereby declare that the work, which is being presented in this report, entitled RSA
Cryptography in partial fulfillment for the award of Degree of Bachelor of Technology in
department of Computer Science, Institute of Engineering and Technology affiliated to,
Rajasthan Technical University is a record of my own investigations carried under the Guidance
of Mr. Mohit Khandelwal, Department of Computer Science Engineering, IET Alwar.
I have not submitted the matter presented in this report anywhere for the award of any other
Degree.
Charchit Taneja
11EIACS026
Computer Science
Counter Signed by:
Mohit Khandelwal
Preface
This paper introduces Cryptography Techniques. Cryptography is The science of protecting data &
Network Security keeping information private and Secure from unauthorized Users.
This paper gives the Fundamental Requirements for the Data Transmission, the security attacks like
Interruption, Interception and Modification of the data Transmission.
The Cryptographic Process explaining through a generalized function is discussed through which
encryption and decryption is done by the various algorithms like RSA algorithm, Hash Functions and many
cryptographic algorithms. The Cryptanalysis is the process of attempting to discover the plain text and/ or
the key.
Applications of Various Cryptographic Technologies. Why & How to Provide Network Security in the
Certificates issuing, The Validity & Trust for Certificate Services, Certificate Revocation in the Internet,
Intranet and other Network Communications, the Applications of Network Security to the various Data
Transfer techniques and protocols. From the dawn of civilization, to the highly networked societies that we
live in Today communication has always been an integral part of our existence.
ii
Acknowledgement
It is a matter of great pleasure and privilege for me to present this seminar report, RSA
Cryptography that I had developed for fulfillment of my Bachelor of Technology in Computer
Science and Engineering. I have received enormous help, guidance and advice from many people
and I feel that it will be not be right to mention a line about at least some of them. The author
would like to express their utmost gratitude to the Institute of Engineering and Technology,
Alwar for providing opportunity to author to pursue for the degree of Bachelor of Technology.
I am grateful to our chairman Dr. V.K. Agarwal for providing me the opportunity to study in this
institution as well as providing us with all the necessary facilities.
Our principal Dr. Anil Kumar Sharma has been source of inspiration to us in our work sincerely.
I am also thankful to Prof (Dr.) S.K.Singh (H.O.D., CSE) and Mr. Mohit Khandelwal (Project
In-charge) for their encouragement and guidance. Their words of encouragement led us to finish
our work successfully.
I am also thankful to all faculty members of Computer Science & Engineering and Information
Technology Department and all other for help given to us directly or indirectly for the success of
this seminar.
Charchit Taneja
11EIACS026
CSE
iii
Table of Contents
Candidates Declaration ............................................................................................................................... i
Preface .......................................................................................................................................................... ii
Acknowledgement ....................................................................................................................................... iii
Chapter 1....................................................................................................................................................... 1
1.1 Introduction ........................................................................................................................................ 1
1.2 HISTORY .............................................................................................................................................. 3
1.2.1 CLASSIC CRYPTOGRAPHY: ............................................................................................................ 3
1.3 THE COMPUTER ERA: .......................................................................................................................... 6
1.4 Cryptography Terminology ................................................................................................................. 8
Chapter 2..................................................................................................................................................... 10
2.1 Cryptography Services ...................................................................................................................... 10
2.2 Fundamental Requirements ............................................................................................................. 11
2.3 Attacks............................................................................................................................................... 12
2.3.1 Passive Attacks: .......................................................................................................................... 12
2.3.2 Active Attacks:............................................................................................................................ 13
2.3.3 Cipher Text Only Attack: ............................................................................................................ 13
2.3.4 Known Plaintext Attack .............................................................................................................. 14
2.3.5 Chosen Plaintext Attack: ............................................................................................................ 14
2.4 Security Attacks................................................................................................................................. 14
2.5 Common Security Threats................................................................................................................. 15
Chapter 3..................................................................................................................................................... 16
3.1 CIPHER ............................................................................................................................................... 16
3.2 CLASSICAL CIPHER ............................................................................................................................. 16
3.3 MODERN CIPHER............................................................................................................................... 18
3.3.1 INPUT BASED CIPHERS: .............................................................................................................. 18
3.3.2 KEY BASED CIPHER: .................................................................................................................... 20
3.4 HASH FUNCTIONS: ............................................................................................................................ 23
Chapter 4..................................................................................................................................................... 25
4.1 ENCRYPTION MODES ........................................................................................................................ 25
4.1.1 ELECTRONIC CODEBOOK (EBC): ................................................................................................. 25
4.1.2 CIPHER BLOCK CHAINING:.......................................................................................................... 25
4.1.3 CIPHER FEEDBACK (CFB): ........................................................................................................... 25
iv
Chapter 1
1.1 Introduction
grphin means "writing". Cryptography is the practice and study of hiding information. Modern
cryptography intersects the disciplines of mathematics, computer science, and electrical
engineering. Applications of cryptography include ATM cards, computer passwords, and
electronic commerce.
Cryptology prior to the modern age was almost synonymous with encryption, the
conversion of information from a readable state to apparent gibberish. The sender retained the
ability to decrypt the information and therefore avoid unwanted persons being able to read it. Since
First World War and the advent of the computer, the methods used to carry out cryptology have
become increasingly complex and its application more widespread.
A "cryptosystem" is the ordered list of elements of finite possible plaintexts, finite possible
cypher texts, finite possible keys, and the encryption and decryption algorithms which correspond
to each key. Keys are important, as ciphers without variable keys can be trivially broken with only
the knowledge of the cipher used and are therefore useless (or even counter-productive) for most
purposes. Historically, ciphers were often used directly for encryption or decryption without
additional procedures such as authentication or integrity checks.
In colloquial use, the term "code" is often used to mean any method of encryption or
concealment of meaning. However, in cryptography, code has a more specific meaning. It means
the replacement of a unit of plaintext (i.e., a meaningful word or phrase) with a code word (for
example, wallaby replaces attack at dawn). Codes are no longer used in serious cryptography
except incidentally for such things as unit designations (e.g., Bronco Flight or Operation
Overlord)since properly chosen ciphers are both more practical and more secure than even the
best codes and also are better adapted to computers.
Cryptanalysis is the term used for the study of methods for obtaining the meaning of
encrypted information without access to the key normally required to do so; i.e., it is the study of
how to crack encryption algorithms or their implementations.
Some use the terms cryptography and cryptology interchangeably in English, while others
(including US military practice generally) use cryptography to refer specifically to the use and
practice of cryptographic techniques and cryptology to refer to the combined study of cryptography
and cryptanalysis. English is more flexible than several other languages in which cryptology (done
by cryptologists) is always used in the second sense above.
The study of characteristics of languages which have some application in cryptography (or
cryptology), i.e. frequency data, letter combinations, universal patterns, etc., is called crypto
linguistics.
1.2 HISTORY
Before the modern era, cryptography was concerned solely with message confidentiality
(i.e., encryption)conversion of messages from a comprehensible form into an incomprehensible
one and back again at the other end, rendering it unreadable by interceptors or eavesdroppers
without secret knowledge (namely the key needed for decryption of that message). Encryption was
used to (attempt to) ensure secrecy in communications, such as those of spies, military leaders,
and diplomats. In recent decades, the field has expanded beyond confidentiality concerns to
include techniques for message integrity checking, sender/receiver identity authentication, digital
signatures, interactive proofs and secure computation, among others.
An early substitution cipher was the Caesar cipher, in which each letter in the plaintext was
replaced by a letter some fixed number of positions further down the alphabet. It was named after
3
Julius Caesar who is reported to have used it, with a shift of 3, to communicate with his generals
during his military campaigns, just like EXCESS-3 code in boolean algebra. There is record of
several early Hebrew ciphers as well. The earliest known use of cryptography is some carved
ciphertext on stone in Egypt (ca 1900 BC), but this may have been done for the amusement of
literate observers. The next oldest is bakery recipes from Mesopotamia. Cryptography is
recommended in the books as a way for lovers to communicate without inconvenient discovery.
The Greeks of Classical times are said to have known of ciphers (e.g., the scytale
transposition cipher claimed to have been used by the Spartan military). Steganography (i.e.,
hiding even the existence of a message so as to keep it confidential) was also first developed in
ancient times. An early example, from Herodotus, concealed a messagea tattoo on a slave's
shaved headunder the regrown hair. Another Greek method was developed by Polybius (now
called the "Polybius Square"). More modern examples of steganography include the use of
invisible ink, microdots, and digital watermarks to conceal information.
Cipher texts produced by a classical cipher (and some modern ciphers) always reveal
statistical information about the plaintext, which can often be used to break them. After the
discovery of frequency analysis perhaps by the Arab mathematician and polymath, Al-Kindi (also
known as Alkindus), in the 9th century, nearly all such ciphers became more or less readily
breakable by any informed attacker. Such classical ciphers still enjoy popularity today, though
mostly as puzzles (see cryptogram). Al-Kindi wrote a book on cryptography entitled Risalah fi
Istikhraj al-Mu'amma (Manuscript for the Deciphering Cryptographic Messages), in which
described the first cryptanalysis techniques.
Essentially all ciphers remained vulnerable to cryptanalysis using the frequency analysis
technique until the development of the polyalphabetic cipher, most clearly by Leon Battista Alberti
around the year 1467, though there is some indication that it was already known to Al-Kindi.
Alberti's innovation was to use different ciphers (i.e., substitution alphabets) for various parts of a
message (perhaps for each successive plaintext letter at the limit). He also invented what was
probably the first automatic cipher device, a wheel which implemented a partial realization of his
invention. In the polyalphabetic Vigenre cipher, encryption uses a key word, which controls letter
substitution depending on which letter of the key word is used. In the mid-19th century Charles
Babbage showed that polyalphabetic ciphers of this type remained partially vulnerable to extended
frequency analysis techniques.
Although frequency analysis is a powerful and general technique against many ciphers,
encryption has still been often effective in practice; many a would-be cryptanalyst was unaware of
the technique. Breaking a message without using frequency analysis essentially required
knowledge of the cipher used and perhaps of the key involved, thus making espionage, bribery,
burglary, defection, etc., more attractive approaches to the cryptanalytically uninformed. It was
finally explicitly recognized in the 19th century that secrecy of a cipher's algorithm is not a sensible
or practical safeguard of message security; in fact, it was further realized that any adequate
cryptographic scheme (including ciphers) should remain secure even if the adversary fully
understands the cipher algorithm itself. Security of the key used should alone be sufficient for a
good cipher to maintain confidentiality under an attack. This fundamental principle was first
explicitly stated in 1883 by Auguste Kerckhoffs and is generally called Kerckhoffs' principle;
alternatively and more bluntly, it was restated by Claude Shannon, the inventor of information
theory and the fundamentals of theoretical cryptography, as Shannon's Maxim'the enemy
knows the system'.
Different physical devices and aids have been used to assist with ciphers. One of the earliest
may have been the scytale of ancient Greece, a rod supposedly used by the Spartans as an aid for
a transposition cipher. In medieval times, other aids were invented such as the cipher grille, which
was also used for a kind of steganography. With the invention of polyalphabetic ciphers came
more sophisticated aids such as Alberti's own cipher disk, Johannes Trithemius' tabula recta
scheme, and Thomas Jefferson's multi-cylinder. Many mechanical encryption/decryption devices
5
were invented early in the 20th century, and several patented, among them rotor machines
famously including the Enigma machine used by the German government and military from the
late '20s and during World War II. The ciphers implemented by better quality examples of these
machine designs brought about a substantial increase cryptanalytic difficulty after WWI.
Extensive open academic research into cryptography is relatively recent; it began only in
the mid-1970s. In recent times, IBM personnel designed the algorithm that became the Federal
(i.e., US) Data Encryption Standard; Whitfield Diffie and Martin Hellman published their key
agreement algorithm known as Diffie-Hellman algorithm; and the RSA algorithm was published
in Martin Gardner's Scientific American column. Since then, cryptography has become a widely
used tool in communications, computer networks, and computer security generally. Some modern
cryptographic techniques can only keep their keys secret if certain mathematical problems are
intractable, such as the integer factorization or the discrete logarithm problems, so there are deep
connections with abstract mathematics. There are no absolute proofs that a cryptographic
technique is secure (but see one-time pad); at best, there are proofs that some techniques are secure
if some computational problem is difficult to solve, or this or that assumption about
implementation or practical use is met.
As well as being aware of cryptographic history, cryptographic algorithm and system
designers must also sensibly consider probable future developments while working on their
designs. For instance, continuous improvements in computer processing power have increased the
scope of brute-force attacks, thus when specifying key lengths, the required key lengths are
similarly advancing. The potential effects of quantum computing are already being considered by
7
i) Code: an algorithm for transforming an intelligible message into an unintelligible one using
codes.
j) Hash algorithm: Is an algorithm that converts text string into a string of fixed length.
k) Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption
l) Public Key Cryptography (PKC): Uses one key for encryption and another for decryption
m) Pretty Good Privacy (PGP): PGP is a hybrid cryptosystem.
n) Public Key Infrastructure (PKI): PKI feature is Certificate authority.
Chapter 2
2.1 Cryptography Services
Any new design of Cryptographic technique must accomplish the above requisites.
Cryptography not only protects data from theft or alteration, but can also be used for user
authentication.
Hence, the various security requirements for a Cryptographic technique including:
Authentication: The process of proving one's identity. (The primary forms of host-tohost authentication on the Internet today are name-based or address-based, both of which
are notoriously weak.)
Privacy/confidentiality: Ensuring that no one can read the message except the intended
receiver.
Integrity: Assuring the receiver that the received message has not been altered in any
way from the original.
Non-repudiation: A mechanism to prove that the sender really sent this message.
Availability: This method guarantees that the system services are always available when
needed.
Security-Audit: With the help of this mechanism a record of all the previous transactions
are kept which may provide useful information at a later stage.
10
Source
Destination
Unauthorized user
11
2.3 Attacks
According to the cryptanalyst Kent, there are many ways in which the personal information
shared between two peoples can be interrupted with. Here an intermediate person, known as an
attacker, has an access to the information being transferred called as passive attacker, and can even
change the information being exchanged with the help of some technology and is called as an
active attacker.
This kind of attacks is generally carried by a passive intruder who only has an access to the
information or message being exchanged. Considering the trivial case of Bob and Alice where Bob
wants to send a message to Alice. Here the intruder has access to the contents only i.e. he can read
the message but cannot tamper with it. So due to the inability to create any changes the intruder is
called as a passive attacker.
12
This kind of attacks is generally carried by an active intruder who not only has an access to the
information or message being exchanged but can also tamper or manipulate the message being
exchanged. So due to the ability to create any changes the intruder is called as an active attacker.
Some other types of attack can also be considered such as:
This is the situation where the attacker does not know anything about the contents of the message,
and must work from cipher text only. In practice it is quite often possible to make guesses about
the plaintext, as many types of messages have fixed format headers. Even ordinary letters and
documents begin in a very predictable way. It may also be possible to guess that some cipher text
block contains a common word.
13
The attacker is able to have any text he likes encrypted with the unknown key. The task is to
determine the key used for encryption. Some encryption methods, particularly RSA, are extremely
vulnerable to chosen-plaintext attacks. When such algorithms are used, extreme care must be taken
to design the entire system so that an attacker can never have chosen plaintext encrypted.
Interception: An unauthorized individual intercepts the message content and changes it or uses it
for malicious purposes. After this type of attack, the message does not remain confidential.
Modification: The content of the message is modified by a third party. This attack affects the
integrity of the message. So for maintaining the data secretly while communicating data between
two persons or two organizations data is to be converted to other format and the data is to be
transmitted. So now we deal with the Cryptography which is process of transmitting data securely
without any interruption. Network security is the security of data transmission in the
communication.
14
Identity interception: It means that someone might steal your identity and use it as their own.
Masquerading. If you send your username and password in clear text form, someone might be able
to grab it from the network and use it elsewhere with the intention of perpetrating fraud.
Replay attack: They might capture your request of withdrawing 1000 dollars from your Bank
account and then replay that request over the network.
Data interception and manipulation: If someone can read your credit card information while it
is on the wire, they could cause a lot of trouble for you.
Repudiation: When someone performs a transaction and then deny it later can be a big problem
in ecommerce.
For example, if you are manufacturer of something and you received a 1 million dollar purchase
request from a customer, you will want to make sure that person does not deny it after the
transaction has been completed. We all know what denial of service means.
15
Chapter 3
3.1 CIPHER
A cipher is an algorithm for performing encryption or decryption using a series of welldefined steps that can be followed as a procedure.
For a cipher to be of practical value:
1. It must be difficult to be broken by enemy cryptanalyst.
2. It must be easy to encrypt decrypt with knowledge of secret key.
Data that can be read and understood without any special measures is called plaintext or clear text.
The method of disguising plaintext in such a way as to hide its substance is called encryption.
Encrypting plaintext results in unreadable gibberish called cipher text. You use encryption to make
sure that information is hidden from anyone for whom it is not intended, even those who can see
the encrypted data. The process of reverting cipher text to its original plaintext is called decryption.
G, and X for D in the message. Transposition of the letters GOOD DOG can result in
DGOGDOO. Julius Caesar used to substitute each alphabet key characters down or up
accordingly and where the key used by him was 3.
These simple ciphers and examples are easy to crack, even without plaintext-cipher text
pairs. Simple ciphers were replaced by polyalphabetic substitution ciphers which changed the
substitution alphabet for every letter. For example GOOD DOG can be encrypted as PLSX
TWF where L, S, and W substitute for O. With even a small amount of known or
estimated plaintext, simple polyalphabetic substitution ciphers and letter transposition ciphers
designed for pen and paper encryption are easy to crack. Another advancement in the theory was
the transposition cipher where the characters retain their plaintext form but change their positions
to create the cipher text. Here the text is organized into two dimensional tables, and the rows and
columns are interchanged according to a key. Consider the plaintext attackatxdawn and the
cipher text obtained using the transposition algorithm is xtawxnattxadakc as shown in the
figure below. In the following example the rows 1-5 and columns 1-3 are permutated to give new
set of rows (3,5,1,4,2) and columns (1,3,2).
17
Permute rows
and columns
18
A message longer than the block size (128 bits in the above example) can still be encrypted with
a block cipher by breaking the message into blocks and encrypting each block individually.
However, in this method all blocks are encrypted with the same key, which degrades security
(because each repetition in the plaintext becomes a repetition in the cipher text). To overcome this
issue, modes of operation are used to make encryption probabilistic.
19
Stream ciphers represent a different approach to symmetric encryption from block ciphers.
Block ciphers operate on large blocks of digits with a fixed, unvarying transformation. This
distinction is not always clear-cut: in some modes of operation, a block cipher primitive is used in
such a way that it acts effectively as a stream cipher. Stream ciphers typically execute at a higher
speed than block ciphers and have lower hardware complexity. However, stream ciphers can be
susceptible to serious security problems if used incorrectly: see stream cipher attacks in
particular, the same starting state must never be used twice.
20
It can be seen that symmetric key cryptography requires less time to encrypt a message so its
efficiency is high but on the other hand it must also be noted that each pair of users must have a
unique key, so N users need N(N-1)/2 keys. As a result the key distribution becomes difficult.
The most commonly used algorithms in symmetric key cryptography to encrypt the message are:
DES (Data Encryption Standard) and derivatives: double DES and triple DES
Blowfish
21
The hash function ensures that, if the information is changed in any wayeven by just one
bitan entirely different output value is produced. PGP uses a cryptographically strong hash
23
function on the plaintext the user is signing. This generates a fixed-length data item known as a
message digest. Then PGP uses the digest and the private key to create the signature. PGP
transmits the signature and the plaintext together. Upon receipt of the message, the recipient uses
PGP to recompute the digest, thus verifying the signature. PGP can encrypt the plaintext or not;
signing plaintext is useful if some of the recipients are not interested in or capable of verifying the
signature. As long as a secure hash function is used, there is no way to take someones signature
from one document and attach it to another, or to alter a signed message in any way. The slightest
change to a signed document will cause the digital signature verification process to fail. Digital
signatures play a major role in authenticating and validating the keys of other PGP users.
24
Chapter 4
4.1 ENCRYPTION MODES
The ciphers in use are generally following these four encryption modes:
cipher text block by using an internal feedback mechanism that is independent of both the
plaintext and cipher text bit streams.
26
The Institute of Electrical and Electronics Engineers (IEEE) has approved XTS mode for
protection of information on block storage devices according to IEEE 1619 standard released
on 19th December, 2007. The IEEE 1619 document states the following for AES encryption
algorithm used as subroutine in XTS mode:
"XTS-AES is a tweak able block cipher that acts on data units of 128 bits or more and uses the
AES block cipher as a subroutine. The key material for XTS-AES consists of a data encryption
key (used by the AES block cipher) as well as a "tweak key" that is used to incorporate the
logical position of the data block into the encryption. XTS-AES is a concrete instantiation of
the class of tweak able block ciphers described in Rogaway article (Phillip Rogaway - author
of the mode). The XTS-AES addresses threats such as copy-and-paste attack, while allowing
parallelization and pipelining in cipher implementations."
XTS mode uses its own secret key (a "tweak key") that is completely different from Primary
Encryption Key used by certain encryption algorithm.
For example, if block size of AES encryption algorithm is 128 bits, XTS mode requires 128bit key. As a result, the effective key length for the pair XTS mode + AES becomes higher
than AES originally has. While AES key length is 256 bits, XTS+AES pair uses 256+128 =
384 bits key.
The size of XTS key is equal to block size of the certain encryption algorithm, and IEEE 1619
standard states that it must be 128 bits or more. It is the reason why Best Crypt uses XTS mode
only with encryption algorithms with block sizes not less than 128 bits.
27
Chapter 5
5.1 APPLICATIONS
Cryptography is best known as a way of keeping the contents of a message secret.
Confidentiality of network communications, for example, is of great importance for e-commerce
and other network applications. However, the applications of cryptography go far beyond simple
confidentiality. In particular, cryptography allows the network business and customer to verify the
authenticity and integrity of their transactions. If the trend to a global electronic marketplace
continues, better cryptographic techniques will have to be developed to protect business
transactions.
Sensitive information sent over an open network may be scrambled into a form that cannot be
understood by a hacker or eavesdropper. This is done using a mathematical formula, known as an
encryption algorithm, which transforms the bits of the message into an unintelligible form. The
intended recipient has a decryption algorithm for extracting the original message. There are many
examples of information on open networks, which need to be protected in this way, for instance,
bank account details, credit card transactions, or confidential health or tax records.
In order to allow different users to use the same algorithm, the algorithm is used in
conjunction with a secret key, a long sequence of binary numbers, as shown in the illustration,
which is known only by the legitimate users. Only users sharing the same key will be able to
28
decrypt each other's encrypted messages. Since the key allows access to the encrypted information,
it is of paramount importance that it is kept secret and is frequently changed.
Before two parties can send information securely, they must first exchange a secret key.
This however presents a dilemma, sometimes called the Catch 22 of Cryptography how can
the two parties exchange a key secretly before they can communicate in secret? Even if the sender
and receiver found a channel that they believed to be secure, in the past there has been no way to
test the secrecy of each key. Quantum cryptography solves this problem. It allows the sender and
receiver to test and guarantee the secrecy of each individual key. There are various types of
applications which are given below.
1. Defense Services
2. Secure Data Manipulation
3. E Commerce
4. Business Transactions
5. Internet Payment Systems
6. Pass Phrasing
7. Secure Internet Comm.
8. User Identification Systems
9. Access Control
10. Computational Security
11. Secure access to Corp Data
12. Data Security.
29
Each of these has some information on it identifying you and some authorization stating that
someone else has confirmed your identity. Some certificates, such as your passport, are important
enough confirmation of your identity that you would not want to lose them, lest someone use them
to impersonate you.
Digital certificates are used to thwart attempts to substitute one person's key for another.A digital
certificate consists of three things:
A public key.
Certificate information. ("Identity" information about the user, such as name, user ID, and
so on.)
The purpose of the digital signature on certificate is to state that the certificate information has
been attested to by some other person or entity. The digital signature does not attest to the
authenticity of the certificate as a whole; it vouches only that the signed identity information goes
along with, or is bound to, the public key. Thus, a certificate is basically a public key with one or
two forms of ID attached, plus a hearty stamp of approval from some other trusted individual.
Cryptographic process can be implemented at various layers starting from the link Layer all the
way up to the application layer. The most popular encryption scheme is SSL and it is implemented
at the transport layer. If the encryption is done at the transport layer, any application that is running
on the top of the transport layer can be protected.
31
32
33
Chapter 6
6.1 RSA (cryptosystem)
RSA is one of the first practicable public-key cryptosystems and is widely used for secure data
transmission. In such a cryptosystem, the encryption key is public and differs from the decryption
key which is kept secret. In RSA, this asymmetry is based on the practical difficulty of factoring
the product of two large prime numbers, the factoring problem. RSA stands for Ron Rivest, Adi
Shamir and Leonard Adleman, who first publicly described the algorithm in 1977. Clifford Cocks,
an English mathematician, had developed an equivalent system in 1973, but it was not declassified
until 1997.
A user of RSA creates and then publishes a public key based on the two large prime numbers,
along with an auxiliary value. The prime numbers must be kept secret. Anyone can use the public
key to encrypt a message, but with currently published methods, if the public key is large enough,
only someone with knowledge of the prime numbers can feasibly decode the message. Breaking
RSA encryption is known as the RSA problem; whether it is as hard as the factoring problem
remains an open question.
6.2 History
The RSA algorithm was publicly described in 1977 by Ron Rivest, Adi Shamir, and Leonard
Adleman at MIT; the letters RSA are the initials of their surnames, listed in the same order as on
the paper.
MIT was granted U.S. Patent 4,405,829 for a "Cryptographic communications system and method"
that used the algorithm, on September 20, 1983. Though the patent was going to expire on
September 21, 2000 (the term of patent was 17 years at the time), the algorithm was released to
the public domain by RSA Security on September 6, 2000, two weeks earlier. Since a paper
describing the algorithm had been published in August 1977, prior to the December 1977 filing
date of the patent application, regulations in much of the rest of the world precluded patents
elsewhere and only the US patent was granted. Had Cocks' work been publicly known, a patent in
the US might not have been possible, either.
From the DWPI's abstract of the patent,
34
The system includes a communications channel coupled to at least one terminal having an
encoding device and to at least one terminal having a decoding device. A message-to-betransferred is enciphered to ciphertext at the encoding terminal by encoding the message as a
number M in a predetermined set. That number is then raised to a first predetermined power
(associated with the intended receiver) and finally computed. The remainder or residue, C, is...
computed when the exponentiated number is divided by the product of two predetermined prime
numbers (associated with the intended receiver).
Clifford Cocks, an English mathematician working for the UK intelligence agency GCHQ,
described an equivalent system in an internal document in 1973, but given the relatively expensive
computers needed to implement it at the time, it was mostly considered a curiosity and, as far as
is publicly known, was never deployed. His discovery, however, was not revealed until 1998 due
to its top-secret classification, and Rivest, Shamir, and Adleman devised RSA independently of
Cocks' work.
6.3 Operation
The RSA algorithm involves three steps: key generation, encryption and decryption.
For security purposes, the integers p and q should be chosen at random, and should
be of similar bit-length. Prime integers can be efficiently found using a primality
test.
2. Compute n = pq.
o
n is used as the modulus for both the public and private keys. Its length, usually
expressed in bits, is the key length.
35
e having a short bit-length and small Hamming weight results in more efficient
encryption most commonly 216 + 1 = 65,537. However, much smaller values of e
(such as 3) have been shown to be less secure in some settings.[5]
This is more clearly stated as: solve for d given de 1 (mod (n))
This is often computed using the extended Euclidean algorithm. Using the
pseudocode in the Modular integers section, inputs a and n correspond to e and
(n), respectively.
The public key consists of the modulus n and the public (or encryption) exponent e. The private
key consists of the modulus n and the private (or decryption) exponent d, which must be kept
secret. p, q, and (n) must also be kept secret because they can be used to calculate d.
The ANSI X9.31 standard prescribes, IEEE 1363 describes, and PKCS#1 allows, that p
and q match additional requirements: being strong primes, and being different enough that
Fermat factorization fails.
6.3.2 Encryption
Alice transmits her public key (n, e) to Bob and keeps the private key d secret. Bob then wishes to
send message M to Alice.
36
He first turns M into an integer m, such that 0 m < n by using an agreed-upon reversible protocol
known as a padding scheme. He then computes the ciphertext c corresponding to
This can be done efficiently, even for 500-bit numbers, using Modular exponentiation. Bob then
transmits c to Alice.
Note that at least nine values of m will yield a ciphertext c equal to m,[note 1] but this is very unlikely
to occur in practice.
6.3.3 Decryption
Alice can recover m from c by using her private key exponent d via computing
Given m, she can recover the original message M by reversing the padding scheme.
37
Chapter 7
CONCLUSION
Cryptography is a particularly interesting field because of the amount of work that is, by necessity,
done in secret. The irony is that today, secrecy is not the key to the goodness of a cryptographic
algorithm. Regardless of the mathematical theory behind an algorithm, the best algorithms are
those that are well-known and well-documented because they are also well-tested and wellstudied! In fact, time is the only true test of good cryptography; any cryptographic scheme that
stays in use year after year is most likely a good one. The strength of cryptography lies in the
choice (and management) of the keys; longer keys will resist attack better than shorter keys.
Cryptography protects users by providing functionality for the encryption of data and
authentication of other users. This technology lets the receiver of an electronic message verify the
sender, ensures that a message can be read only by the intended person, and assures the recipient
that a message has not be altered in transit. This paper describes the cryptographic concepts of
symmetric key encryption, public-key encryption, types of encryption algorithms, hash algorithms,
digital signatures, and key exchange. The Cryptography Attacking techniques like Cryptanalysis
and Brute Force Attack. This Paper provides information of Network Security Needs and
Requirements.
Cryptography is a particularly interesting field because of the amount of work that is, by necessity,
done in secret. The irony is that today, secrecy is not the key to the goodness of a cryptographic
algorithm. Regardless of the mathematical theory behind an algorithm, the best algorithms are
those that are well known and well-documented because they are also well-tested and well-studied!
In fact, time is the only true test of good cryptography; any cryptographic scheme that stays in use
year after year is most likely a good one. The strength of cryptography lies in the choice (and
management) of the keys; longer keys will resist attack better than shorter keys.
38
Chapter 8
Reference
http://en.wikipedia.org/wiki/RSA_%28cryptosystem%29
http://www-users.cs.umn.edu/
39